Enable selection of expiration criteria

t-muehlberger · Aug 2, 2022 · 7ea9c84 · 7ea9c84
1 parent c16266a
commit 7ea9c84
Show file tree

Hide file tree

Showing 11 changed files with 2,508 additions and 172 deletions.
diff --git a/Readme.md b/Readme.md
@@ -49,7 +49,7 @@ Enter Secret | Show Secret
 
 **SSL Dev Cert:**
 
-- Set up [mkcert](https://github.com/FiloSottile/mkcert)
+Set up [mkcert](https://github.com/FiloSottile/mkcert) 
 
     cd web-ui
     mkcert localhost
diff --git a/docker-compose.yml b/docker-compose.yml
@@ -1,7 +1,7 @@
 version: "3.7"
 services:
   sharepass:
-    image: tmuehlberger/sharepass:alpha
+    image: tmuehlberger/sharepass:latest
     build: .
     ports:
       - "5000:5000"

diff --git a/k8s/deployment.yml b/k8s/deployment.yml
@@ -16,14 +16,14 @@ spec:
         app: sharepass
     spec:
       containers:
-        - image: sharepass:local
+        - image: tmuehlberger/sharepass:latest
           name: sharepass
           ports:
             - containerPort: 5000
               name: sharepass
           env:
             - name: PG_HOST
-              value: postgres
+              value: postgres:5432
           imagePullPolicy: Always
 ---
 apiVersion: v1
@@ -46,8 +46,8 @@ kind: Ingress
 metadata:
   name: sharepass
   annotations:
-    cert-manager.io/issuer: letsencrypt-prod
-    cert-manager.io/issuer-kind: ClusterIssuer
+    cert-manager.io/cluster-issuer: letsencrypt
+    kubernetes.io/ingress.class: nginx
 spec:
   rules:
   - host: sharepass.muehlberger.dev
@@ -60,21 +60,10 @@ spec:
               number: 80
         path: /
         pathType: Prefix
-  - host: sharepass-local.muehlberger.dev
-    http:
-      paths:
-      - backend:
-          service:
-            name: sharepass
-            port:
-              number: 80
-        path: /
-        pathType: Prefix
   tls:
   - hosts:
     - sharepass.muehlberger.dev
-    - sharepass-local.muehlberger.dev
-    secretName: sharepass-tls
+    secretName: tls-sharepass
 ---
 apiVersion: apps/v1
 kind: Deployment

diff --git a/pkg/api/handler.go b/pkg/api/handler.go
@@ -56,10 +56,22 @@ func (h *Handler) GetSecretMetadata(ctx echo.Context, id string) error {
 }
 
 func toSecretMetadata(s secrets.Secret) SecretMetadata {
+	maxRetrievalCount := &s.MaxRetrievalCount
+	retrievalCount := &s.RetrievalCount
+	if s.AllowUnlimitedRetrieval {
+		maxRetrievalCount = nil
+		retrievalCount = nil
+	}
+
+	expiryTime := &s.ExpiryTime
+	if s.DisableExpiryTime {
+		expiryTime = nil
+	}
+
 	return SecretMetadata{
 		Id:                &s.Id,
-		ExpiryTime:        &s.ExpiryTime,
-		MaxRetrievalCount: &s.MaxRetrievalCount,
-		RetrievalCount:    &s.RetrievalCount,
+		ExpiryTime:        expiryTime,
+		MaxRetrievalCount: maxRetrievalCount,
+		RetrievalCount:    retrievalCount,
 	}
 }
diff --git a/pkg/secrets/secret.go b/pkg/secrets/secret.go
@@ -3,10 +3,13 @@ package secrets
 import "time"
 
 type Secret struct {
-	Id                   string
-	ExpiryTime           time.Time
-	MaxRetrievalCount    int
-	RetrievalCount       int
-	EncryptedSecret      string
-	InitializationVector string
+	Id                      string
+	DisableExpiryTime       bool
+	ExpiryTime              time.Time
+	AllowUnlimitedRetrieval bool
+	MaxRetrievalCount       int
+	RetrievalCount          int
+	EncryptedSecret         string
+	InitializationVector    string
+	CreatedAt               time.Time
 }
diff --git a/pkg/secrets/service.go b/pkg/secrets/service.go
@@ -12,21 +12,27 @@ type Service struct {
 }
 
 func (s *Service) CreateSecret(encryptedSecret string, initializationVector string, timeToLive int, maxRetrievalCount int) (Secret, error) {
-	if timeToLive <= 0 {
-		return Secret{}, fmt.Errorf("argument error, timeToLive cannot be less than zero")
+	ttl := time.Duration(timeToLive) * time.Second
+	expiryTime := time.Now().Add(ttl)
+
+	if timeToLive < -1 {
+		return Secret{}, fmt.Errorf("argument error, timeToLive is invalid")
 	}
-	if maxRetrievalCount < 0 {
-		return Secret{}, fmt.Errorf("argument error, maxRetrievalCount cannot be less than zero")
+
+	if maxRetrievalCount < -1 {
+		return Secret{}, fmt.Errorf("argument error, maxRetrievalCount is invalid")
 	}
 
-	ttl := time.Duration(timeToLive) * time.Second
 	sec := Secret{
-		Id:                   uuid.NewString(),
-		ExpiryTime:           time.Now().Add(ttl),
-		RetrievalCount:       0,
-		MaxRetrievalCount:    maxRetrievalCount,
-		EncryptedSecret:      encryptedSecret,
-		InitializationVector: initializationVector,
+		Id:                      uuid.NewString(),
+		DisableExpiryTime:       timeToLive == -1,
+		ExpiryTime:              expiryTime,
+		AllowUnlimitedRetrieval: maxRetrievalCount == -1,
+		RetrievalCount:          0,
+		MaxRetrievalCount:       maxRetrievalCount,
+		EncryptedSecret:         encryptedSecret,
+		InitializationVector:    initializationVector,
+		CreatedAt:               time.Now(),
 	}
 
 	err := s.Store.Put(sec)
@@ -76,7 +82,7 @@ func (s *Service) RevealSecret(id string) (Secret, error) {
 }
 
 func isExpired(s Secret) bool {
-	timeout := !s.ExpiryTime.After(time.Now())
-	retievalCount := s.RetrievalCount >= s.MaxRetrievalCount
+	timeout := !s.ExpiryTime.After(time.Now()) && !s.DisableExpiryTime
+	retievalCount := s.RetrievalCount >= s.MaxRetrievalCount && !s.AllowUnlimitedRetrieval
 	return timeout || retievalCount
 }