mirror of
https://github.com/taigrr/wtf
synced 2025-01-18 04:03:14 -08:00
3c405da087
Store service credentials securely in the stores supported by docker: - https://github.com/docker/docker-credential-helpers#available-programs Introduces a top-level config property, "secretStore" and additional command line arguments to manage the stored secrets. The value of secretStore is used to find a helper command, `docker-credential-<secretStore>`. The docker project currently provides 4 store helpers: - "osxkeychain" (OS X only) - "secretservice" (Linux only) - "wincred" (Windows only) - "pass" (any OS supporting pass, which uses gpg2) Docker-for-desktop installs the credential helpers above, as well as "desktop" (docker-credential-desktop). Generic installation instructions for the helpers: - https://github.com/docker/docker-credential-helpers#installation Users could provide additional helpers, the only requirement is that the helper implements the credential store protocol: - https://github.com/docker/docker-credential-helpers#development The credential protocol is open, and new credential stores can be implemented by any CLI satisfying the protocol: - https://github.com/docker/docker-credential-helpers#development The modifications to existing modules is not tested due to lack of API keys, but demonstrates the unobtrusive changes required to use the secret store.
76 lines
2.3 KiB
Go
76 lines
2.3 KiB
Go
package hibp
|
||
|
||
import (
|
||
"os"
|
||
"time"
|
||
|
||
"github.com/olebedev/config"
|
||
"github.com/wtfutil/wtf/cfg"
|
||
"github.com/wtfutil/wtf/utils"
|
||
)
|
||
|
||
const (
|
||
defaultFocusable = false
|
||
defaultTitle = "HIBP"
|
||
minRefreshInterval = 21600 // Six hours
|
||
)
|
||
|
||
type colors struct {
|
||
ok string
|
||
pwned string
|
||
}
|
||
|
||
// Settings defines the configuration properties for this module
|
||
type Settings struct {
|
||
colors
|
||
common *cfg.Common
|
||
|
||
accounts []string `help:"A list of the accounts to check the HIBP database for."`
|
||
apiKey string `help:"Your HIBP API v3 API key"`
|
||
since string `help:"Only check for breaches after this date. Set this if you’ve been breached in the past, have taken steps to mitigate that (changing passwords, cancelling accounts, etc.) and now only want to know about future breaches." values:"A date string in the format 'yyyy-mm-dd', ie. '2019-06-22'" optional:"true"`
|
||
}
|
||
|
||
// NewSettingsFromYAML creates a new settings instance from a YAML config block
|
||
func NewSettingsFromYAML(name string, ymlConfig *config.Config, globalConfig *config.Config) *Settings {
|
||
settings := &Settings{
|
||
common: cfg.NewCommonSettingsFromModule(name, defaultTitle, defaultFocusable, ymlConfig, globalConfig),
|
||
|
||
apiKey: ymlConfig.UString("apiKey", ymlConfig.UString("apikey", os.Getenv("WTF_HIBP_TOKEN"))),
|
||
accounts: utils.ToStrs(ymlConfig.UList("accounts")),
|
||
since: ymlConfig.UString("since", ""),
|
||
}
|
||
|
||
cfg.ModuleSecret(name, globalConfig, &settings.apiKey).Load()
|
||
|
||
settings.colors.ok = ymlConfig.UString("colors.ok", "white")
|
||
settings.colors.pwned = ymlConfig.UString("colors.pwned", "red")
|
||
|
||
// HIBP data doesn't need to be reloaded very often so to be gentle on this API we
|
||
// enforce a minimum refresh interval
|
||
if settings.common.RefreshInterval < minRefreshInterval {
|
||
settings.common.RefreshInterval = minRefreshInterval
|
||
}
|
||
|
||
return settings
|
||
}
|
||
|
||
// HasSince returns TRUE if there's a valid "since" value setting, FALSE if there is not
|
||
func (sett *Settings) HasSince() bool {
|
||
if sett.since == "" {
|
||
return false
|
||
}
|
||
|
||
_, err := sett.SinceDate()
|
||
return err == nil
|
||
}
|
||
|
||
// SinceDate returns the "since" settings as a proper Time instance
|
||
func (sett *Settings) SinceDate() (time.Time, error) {
|
||
dt, err := time.Parse("2006-01-02", sett.since)
|
||
if err != nil {
|
||
return time.Now(), err
|
||
}
|
||
|
||
return dt, nil
|
||
}
|