hishtory/shared/data.go

package shared

import (
	"fmt"
	"io"
	"os"
	"strings"
	"time"

	"crypto/aes"
	"crypto/cipher"
	"crypto/hmac"
	"crypto/rand"
	"crypto/sha256"
	"encoding/base64"
	"encoding/json"
	"github.com/google/uuid"
	"gorm.io/gorm"
)

type HistoryEntry struct {
	LocalUsername           string    `json:"local_username" gorm:"uniqueIndex:compositeindex"`
	Hostname                string    `json:"hostname" gorm:"uniqueIndex:compositeindex"`
	Command                 string    `json:"command" gorm:"uniqueIndex:compositeindex"`
	CurrentWorkingDirectory string    `json:"current_working_directory" gorm:"uniqueIndex:compositeindex"`
	ExitCode                int       `json:"exit_code" gorm:"uniqueIndex:compositeindex"`
	StartTime               time.Time `json:"start_time" gorm:"uniqueIndex:compositeindex"`
	EndTime                 time.Time `json:"end_time" gorm:"uniqueIndex:compositeindex"`
}

type EncHistoryEntry struct {
	EncryptedData []byte    `json:"enc_data"`
	Nonce         []byte    `json:"nonce"`
	DeviceId      string    `json:"device_id"`
	UserId        string    `json:"user_id"`
	Date          time.Time `json:"time"`
	EncryptedId   string    `json:"id"`
	ReadCount     int       `json:"read_count"`
}

type Device struct {
	UserId   string `json:"user_id"`
	DeviceId string `json:"device_id"`
}

// const (
// 	MESSAGE_TYPE_REQUEST_DUMP = iota
// )

// type AsyncMessage struct {
// 	MessageType int `json:"message_type"`
// }

const (
	CONFIG_PATH        = ".hishtory.config"
	HISHTORY_PATH      = ".hishtory"
	DB_PATH            = ".hishtory.db"
	KDF_USER_ID        = "user_id"
	KDF_DEVICE_ID      = "device_id"
	KDF_ENCRYPTION_KEY = "encryption_key"
)

func Hmac(key, additionalData string) string {
	h := hmac.New(sha256.New, []byte(key))
	h.Write([]byte(additionalData))
	return base64.URLEncoding.EncodeToString(h.Sum(nil))
}

func UserId(key string) string {
	return Hmac(key, KDF_USER_ID)
}

func EncryptionKey(userSecret string) ([]byte, error) {
	encryptionKey, err := base64.URLEncoding.DecodeString(Hmac(userSecret, KDF_ENCRYPTION_KEY))
	if err != nil {
		return []byte{}, fmt.Errorf("Impossible state, decode(encode(hmac)) failed: %v", err)
	}
	return encryptionKey, nil
}

func makeAead(userSecret string) (cipher.AEAD, error) {
	key, err := EncryptionKey(userSecret)
	if err != nil {
		return nil, err
	}
	block, err := aes.NewCipher(key)
	if err != nil {
		return nil, err
	}
	aead, err := cipher.NewGCM(block)
	if err != nil {
		return nil, err
	}
	return aead, nil
}

func Encrypt(userSecret string, data, additionalData []byte) ([]byte, []byte, error) {
	aead, err := makeAead(userSecret)
	if err != nil {
		return []byte{}, []byte{}, fmt.Errorf("Failed to make AEAD: %v", err)
	}
	nonce := make([]byte, 12)
	if _, err := io.ReadFull(rand.Reader, nonce); err != nil {
		return []byte{}, []byte{}, fmt.Errorf("Failed to read a nonce: %v", err)
	}
	ciphertext := aead.Seal(nil, nonce, data, additionalData)
	_, err = aead.Open(nil, nonce, ciphertext, additionalData)
	if err != nil {
		panic(err)
	}
	return ciphertext, nonce, nil
}

func Decrypt(userSecret string, data, additionalData, nonce []byte) ([]byte, error) {
	aead, err := makeAead(userSecret)
	if err != nil {
		return []byte{}, fmt.Errorf("Failed to make AEAD: %v", err)
	}
	plaintext, err := aead.Open(nil, nonce, data, additionalData)
	if err != nil {
		return []byte{}, fmt.Errorf("Failed to decrypt: %v", err)
	}
	return plaintext, nil
}

func EncryptHistoryEntry(userSecret string, entry HistoryEntry) (EncHistoryEntry, error) {
	data, err := json.Marshal(entry)
	if err != nil {
		return EncHistoryEntry{}, err
	}
	ciphertext, nonce, err := Encrypt(userSecret, data, []byte(UserId(userSecret)))
	if err != nil {
		return EncHistoryEntry{}, err
	}
	return EncHistoryEntry{
		EncryptedData: ciphertext,
		Nonce:         nonce,
		UserId:        UserId(userSecret),
		Date:          time.Now(),
		EncryptedId:   uuid.Must(uuid.NewRandom()).String(),
		ReadCount:     0,
	}, nil
}

func DecryptHistoryEntry(userSecret string, entry EncHistoryEntry) (HistoryEntry, error) {
	if entry.UserId != UserId(userSecret) {
		return HistoryEntry{}, fmt.Errorf("Refusing to decrypt history entry with mismatching UserId")
	}
	plaintext, err := Decrypt(userSecret, entry.EncryptedData, []byte(UserId(userSecret)), entry.Nonce)
	if err != nil {
		return HistoryEntry{}, nil
	}
	var decryptedEntry HistoryEntry
	err = json.Unmarshal(plaintext, &decryptedEntry)
	if err != nil {
		return HistoryEntry{}, nil
	}
	return decryptedEntry, nil
}

func IsTestEnvironment() bool {
	return os.Getenv("HISHTORY_TEST") != ""
}

func Search(db *gorm.DB, query string, limit int) ([]*HistoryEntry, error) {
	tokens, err := tokenize(query)
	if err != nil {
		return nil, fmt.Errorf("failed to tokenize query: %v", err)
	}
	tx := db.Where("true")
	for _, token := range tokens {
		if strings.Contains(token, ":") {
			splitToken := strings.SplitN(token, ":", 2)
			field := splitToken[0]
			val := splitToken[1]
			// tx = tx.Where()
			panic("TODO(ddworken): Use " + field + val)
		} else if strings.HasPrefix(token, "-") {
			panic("TODO(ddworken): Implement -foo as filtering out foo")
		} else {
			wildcardedToken := "%" + token + "%"
			tx = tx.Where("(command LIKE ? OR hostname LIKE ? OR current_working_directory LIKE ?)", wildcardedToken, wildcardedToken, wildcardedToken)
		}
	}
	tx = tx.Order("end_time DESC")
	if limit > 0 {
		tx = tx.Limit(limit)
	}
	var historyEntries []*HistoryEntry
	result := tx.Find(&historyEntries)
	if result.Error != nil {
		return nil, fmt.Errorf("DB query error: %v", result.Error)
	}
	return historyEntries, nil
}

func tokenize(query string) ([]string, error) {
	if query == "" {
		return []string{}, nil
	}
	return strings.Split(query, " "), nil
}
init versions pre-split 2022-01-09 05:27:18 +01:00			`package shared`

split into local client and remote client, and add tests 2022-01-09 06:59:28 +01:00			`import (`
			`"fmt"`
still horribly broken, just a commit before refactoring to move http handlers onto a struct 2022-04-03 07:27:20 +02:00			`"io"`
			`"os"`
in progress integration tests 2022-01-09 20:00:53 +01:00			`"strings"`
split into local client and remote client, and add tests 2022-01-09 06:59:28 +01:00			`"time"`

still horribly broken, just a commit before refactoring to move http handlers onto a struct 2022-04-03 07:27:20 +02:00			`"crypto/aes"`
			`"crypto/cipher"`
			`"crypto/hmac"`
			`"crypto/rand"`
			`"crypto/sha256"`
			`"encoding/base64"`
			`"encoding/json"`
			`"github.com/google/uuid"`
			`"gorm.io/gorm"`
split into local client and remote client, and add tests 2022-01-09 06:59:28 +01:00			`)`
init versions pre-split 2022-01-09 05:27:18 +01:00
			`type HistoryEntry struct {`
tests are passing and getting close now. Need to test the live update flow along with more thorough testing for everything 2022-04-06 08:31:24 +02:00			LocalUsername string `json:"local_username" gorm:"uniqueIndex:compositeindex"`
			Hostname string `json:"hostname" gorm:"uniqueIndex:compositeindex"`
			Command string `json:"command" gorm:"uniqueIndex:compositeindex"`
			CurrentWorkingDirectory string `json:"current_working_directory" gorm:"uniqueIndex:compositeindex"`
			ExitCode int `json:"exit_code" gorm:"uniqueIndex:compositeindex"`
			StartTime time.Time `json:"start_time" gorm:"uniqueIndex:compositeindex"`
			EndTime time.Time `json:"end_time" gorm:"uniqueIndex:compositeindex"`
init versions pre-split 2022-01-09 05:27:18 +01:00			`}`
split into local client and remote client, and add tests 2022-01-09 06:59:28 +01:00
still horribly broken, just a commit before refactoring to move http handlers onto a struct 2022-04-03 07:27:20 +02:00			`type EncHistoryEntry struct {`
			EncryptedData []byte `json:"enc_data"`
			Nonce []byte `json:"nonce"`
			DeviceId string `json:"device_id"`
			UserId string `json:"user_id"`
			Date time.Time `json:"time"`
building, before doing the refactor to make device ID just another random ID 2022-04-04 05:55:37 +02:00			EncryptedId string `json:"id"`
			ReadCount int `json:"read_count"`
still horribly broken, just a commit before refactoring to move http handlers onto a struct 2022-04-03 07:27:20 +02:00			`}`

			`type Device struct {`
building, before doing the refactor to make device ID just another random ID 2022-04-04 05:55:37 +02:00			UserId string `json:"user_id"`
still horribly broken, just a commit before refactoring to move http handlers onto a struct 2022-04-03 07:27:20 +02:00			DeviceId string `json:"device_id"`
			`}`

adapted to have it duplicate entries into per-device entries server-side 2022-04-03 19:08:18 +02:00			`// const (`
			`// MESSAGE_TYPE_REQUEST_DUMP = iota`
			`// )`
split into local client and remote client, and add tests 2022-01-09 06:59:28 +01:00
adapted to have it duplicate entries into per-device entries server-side 2022-04-03 19:08:18 +02:00			`// type AsyncMessage struct {`
			// MessageType int `json:"message_type"`
			`// }`
still horribly broken, just a commit before refactoring to move http handlers onto a struct 2022-04-03 07:27:20 +02:00
			`const (`
working update 2022-04-07 03:18:46 +02:00			`CONFIG_PATH = ".hishtory.config"`
building, before doing the refactor to make device ID just another random ID 2022-04-04 05:55:37 +02:00			`HISHTORY_PATH = ".hishtory"`
still horribly broken, just a commit before refactoring to move http handlers onto a struct 2022-04-03 07:27:20 +02:00			`DB_PATH = ".hishtory.db"`
			`KDF_USER_ID = "user_id"`
			`KDF_DEVICE_ID = "device_id"`
			`KDF_ENCRYPTION_KEY = "encryption_key"`
			`)`

			`func Hmac(key, additionalData string) string {`
			`h := hmac.New(sha256.New, []byte(key))`
			`h.Write([]byte(additionalData))`
			`return base64.URLEncoding.EncodeToString(h.Sum(nil))`
			`}`

			`func UserId(key string) string {`
			`return Hmac(key, KDF_USER_ID)`
			`}`

			`func EncryptionKey(userSecret string) ([]byte, error) {`
			`encryptionKey, err := base64.URLEncoding.DecodeString(Hmac(userSecret, KDF_ENCRYPTION_KEY))`
			`if err != nil {`
			`return []byte{}, fmt.Errorf("Impossible state, decode(encode(hmac)) failed: %v", err)`
			`}`
			`return encryptionKey, nil`
			`}`

			`func makeAead(userSecret string) (cipher.AEAD, error) {`
			`key, err := EncryptionKey(userSecret)`
			`if err != nil {`
			`return nil, err`
			`}`
			`block, err := aes.NewCipher(key)`
			`if err != nil {`
			`return nil, err`
			`}`
			`aead, err := cipher.NewGCM(block)`
			`if err != nil {`
			`return nil, err`
			`}`
			`return aead, nil`
			`}`

			`func Encrypt(userSecret string, data, additionalData []byte) ([]byte, []byte, error) {`
			`aead, err := makeAead(userSecret)`
			`if err != nil {`
			`return []byte{}, []byte{}, fmt.Errorf("Failed to make AEAD: %v", err)`
			`}`
			`nonce := make([]byte, 12)`
			`if _, err := io.ReadFull(rand.Reader, nonce); err != nil {`
			`return []byte{}, []byte{}, fmt.Errorf("Failed to read a nonce: %v", err)`
			`}`
			`ciphertext := aead.Seal(nil, nonce, data, additionalData)`
			`_, err = aead.Open(nil, nonce, ciphertext, additionalData)`
			`if err != nil {`
			`panic(err)`
			`}`
			`return ciphertext, nonce, nil`
			`}`

			`func Decrypt(userSecret string, data, additionalData, nonce []byte) ([]byte, error) {`
			`aead, err := makeAead(userSecret)`
			`if err != nil {`
			`return []byte{}, fmt.Errorf("Failed to make AEAD: %v", err)`
			`}`
			`plaintext, err := aead.Open(nil, nonce, data, additionalData)`
			`if err != nil {`
			`return []byte{}, fmt.Errorf("Failed to decrypt: %v", err)`
			`}`
			`return plaintext, nil`
			`}`

			`func EncryptHistoryEntry(userSecret string, entry HistoryEntry) (EncHistoryEntry, error) {`
			`data, err := json.Marshal(entry)`
			`if err != nil {`
			`return EncHistoryEntry{}, err`
			`}`
			`ciphertext, nonce, err := Encrypt(userSecret, data, []byte(UserId(userSecret)))`
			`if err != nil {`
			`return EncHistoryEntry{}, err`
			`}`
			`return EncHistoryEntry{`
			`EncryptedData: ciphertext,`
			`Nonce: nonce,`
			`UserId: UserId(userSecret),`
			`Date: time.Now(),`
building, before doing the refactor to make device ID just another random ID 2022-04-04 05:55:37 +02:00			`EncryptedId: uuid.Must(uuid.NewRandom()).String(),`
			`ReadCount: 0,`
still horribly broken, just a commit before refactoring to move http handlers onto a struct 2022-04-03 07:27:20 +02:00			`}, nil`
			`}`

device ID is now a random uuid generated by the client 2022-04-04 06:00:46 +02:00			`func DecryptHistoryEntry(userSecret string, entry EncHistoryEntry) (HistoryEntry, error) {`
still horribly broken, just a commit before refactoring to move http handlers onto a struct 2022-04-03 07:27:20 +02:00			`if entry.UserId != UserId(userSecret) {`
			`return HistoryEntry{}, fmt.Errorf("Refusing to decrypt history entry with mismatching UserId")`
			`}`
			`plaintext, err := Decrypt(userSecret, entry.EncryptedData, []byte(UserId(userSecret)), entry.Nonce)`
			`if err != nil {`
			`return HistoryEntry{}, nil`
			`}`
			`var decryptedEntry HistoryEntry`
			`err = json.Unmarshal(plaintext, &decryptedEntry)`
			`if err != nil {`
			`return HistoryEntry{}, nil`
			`}`
			`return decryptedEntry, nil`
			`}`

Website landing page, install instructions, update command, status command, set up postgres, and fixing broken tests 2022-03-30 06:56:28 +02:00			`func IsTestEnvironment() bool {`
			`return os.Getenv("HISHTORY_TEST") != ""`
split into local client and remote client, and add tests 2022-01-09 06:59:28 +01:00			`}`

well, it builds :D but still failing all the tests 2022-04-05 07:07:01 +02:00			`func Search(db gorm.DB, query string, limit int) ([]HistoryEntry, error) {`
in progress integration tests 2022-01-09 20:00:53 +01:00			`tokens, err := tokenize(query)`
			`if err != nil {`
			`return nil, fmt.Errorf("failed to tokenize query: %v", err)`
			`}`
well, it builds :D but still failing all the tests 2022-04-05 07:07:01 +02:00			`tx := db.Where("true")`
in progress integration tests 2022-01-09 20:00:53 +01:00			`for _, token := range tokens {`
			`if strings.Contains(token, ":") {`
			`splitToken := strings.SplitN(token, ":", 2)`
			`field := splitToken[0]`
			`val := splitToken[1]`
			`// tx = tx.Where()`
			`panic("TODO(ddworken): Use " + field + val)`
working tracking for start time 2022-01-10 01:39:13 +01:00			`} else if strings.HasPrefix(token, "-") {`
			`panic("TODO(ddworken): Implement -foo as filtering out foo")`
in progress integration tests 2022-01-09 20:00:53 +01:00			`} else {`
			`wildcardedToken := "%" + token + "%"`
			`tx = tx.Where("(command LIKE ? OR hostname LIKE ? OR current_working_directory LIKE ?)", wildcardedToken, wildcardedToken, wildcardedToken)`
			`}`
			`}`
			`tx = tx.Order("end_time DESC")`
			`if limit > 0 {`
			`tx = tx.Limit(limit)`
			`}`
			`var historyEntries []*HistoryEntry`
			`result := tx.Find(&historyEntries)`
			`if result.Error != nil {`
			`return nil, fmt.Errorf("DB query error: %v", result.Error)`
			`}`
			`return historyEntries, nil`
			`}`

			`func tokenize(query string) ([]string, error) {`
			`if query == "" {`
			`return []string{}, nil`
			`}`
			`return strings.Split(query, " "), nil`
			`}`