2022-04-08 05:59:40 +02:00
|
|
|
package data
|
|
|
|
|
|
|
|
import (
|
2022-09-18 18:42:24 +02:00
|
|
|
"bufio"
|
2022-04-08 05:59:40 +02:00
|
|
|
"crypto/aes"
|
|
|
|
"crypto/cipher"
|
|
|
|
"crypto/hmac"
|
|
|
|
"crypto/rand"
|
|
|
|
"crypto/sha256"
|
|
|
|
"encoding/base64"
|
|
|
|
"encoding/json"
|
2022-04-08 06:40:22 +02:00
|
|
|
"fmt"
|
|
|
|
"io"
|
2022-09-18 18:42:24 +02:00
|
|
|
"os"
|
2022-04-08 06:40:22 +02:00
|
|
|
"strings"
|
|
|
|
"time"
|
2022-04-08 05:59:40 +02:00
|
|
|
|
2022-04-12 08:22:49 +02:00
|
|
|
"github.com/araddon/dateparse"
|
2022-04-08 05:59:40 +02:00
|
|
|
"github.com/ddworken/hishtory/shared"
|
|
|
|
"github.com/google/uuid"
|
|
|
|
"gorm.io/gorm"
|
|
|
|
)
|
|
|
|
|
|
|
|
const (
|
2022-04-08 06:40:22 +02:00
|
|
|
KdfUserID = "user_id"
|
|
|
|
KdfDeviceID = "device_id"
|
|
|
|
KdfEncryptionKey = "encryption_key"
|
2022-04-08 05:59:40 +02:00
|
|
|
)
|
|
|
|
|
|
|
|
type HistoryEntry struct {
|
2022-06-13 05:28:40 +02:00
|
|
|
LocalUsername string `json:"local_username" gorm:"uniqueIndex:compositeindex"`
|
|
|
|
Hostname string `json:"hostname" gorm:"uniqueIndex:compositeindex"`
|
|
|
|
Command string `json:"command" gorm:"uniqueIndex:compositeindex"`
|
|
|
|
CurrentWorkingDirectory string `json:"current_working_directory" gorm:"uniqueIndex:compositeindex"`
|
2022-09-08 08:20:31 +02:00
|
|
|
HomeDirectory string `json:"home_directory" gorm:"uniqueIndex:compositeindex"`
|
2022-06-13 05:28:40 +02:00
|
|
|
ExitCode int `json:"exit_code" gorm:"uniqueIndex:compositeindex"`
|
|
|
|
StartTime time.Time `json:"start_time" gorm:"uniqueIndex:compositeindex"`
|
|
|
|
EndTime time.Time `json:"end_time" gorm:"uniqueIndex:compositeindex"`
|
|
|
|
DeviceId string `json:"device_id" gorm:"uniqueIndex:compositeindex"`
|
2022-04-08 05:59:40 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
func sha256hmac(key, additionalData string) []byte {
|
|
|
|
h := hmac.New(sha256.New, []byte(key))
|
|
|
|
h.Write([]byte(additionalData))
|
|
|
|
return h.Sum(nil)
|
|
|
|
}
|
|
|
|
|
|
|
|
func UserId(key string) string {
|
2022-04-08 06:40:22 +02:00
|
|
|
return base64.URLEncoding.EncodeToString(sha256hmac(key, KdfUserID))
|
2022-04-08 05:59:40 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
func EncryptionKey(userSecret string) []byte {
|
2022-04-08 06:40:22 +02:00
|
|
|
return sha256hmac(userSecret, KdfEncryptionKey)
|
2022-04-08 05:59:40 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
func makeAead(userSecret string) (cipher.AEAD, error) {
|
|
|
|
key := EncryptionKey(userSecret)
|
|
|
|
block, err := aes.NewCipher(key)
|
|
|
|
if err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
aead, err := cipher.NewGCM(block)
|
|
|
|
if err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
return aead, nil
|
|
|
|
}
|
|
|
|
|
|
|
|
func Encrypt(userSecret string, data, additionalData []byte) ([]byte, []byte, error) {
|
|
|
|
aead, err := makeAead(userSecret)
|
|
|
|
if err != nil {
|
2022-04-08 06:40:22 +02:00
|
|
|
return []byte{}, []byte{}, fmt.Errorf("failed to make AEAD: %v", err)
|
2022-04-08 05:59:40 +02:00
|
|
|
}
|
|
|
|
nonce := make([]byte, 12)
|
|
|
|
if _, err := io.ReadFull(rand.Reader, nonce); err != nil {
|
2022-04-08 06:40:22 +02:00
|
|
|
return []byte{}, []byte{}, fmt.Errorf("failed to read a nonce: %v", err)
|
2022-04-08 05:59:40 +02:00
|
|
|
}
|
|
|
|
ciphertext := aead.Seal(nil, nonce, data, additionalData)
|
|
|
|
_, err = aead.Open(nil, nonce, ciphertext, additionalData)
|
|
|
|
if err != nil {
|
2022-04-12 07:56:23 +02:00
|
|
|
return []byte{}, []byte{}, fmt.Errorf("failed to open AEAD: %v", err)
|
2022-04-08 05:59:40 +02:00
|
|
|
}
|
|
|
|
return ciphertext, nonce, nil
|
|
|
|
}
|
|
|
|
|
|
|
|
func Decrypt(userSecret string, data, additionalData, nonce []byte) ([]byte, error) {
|
|
|
|
aead, err := makeAead(userSecret)
|
|
|
|
if err != nil {
|
2022-04-08 06:40:22 +02:00
|
|
|
return []byte{}, fmt.Errorf("failed to make AEAD: %v", err)
|
2022-04-08 05:59:40 +02:00
|
|
|
}
|
|
|
|
plaintext, err := aead.Open(nil, nonce, data, additionalData)
|
|
|
|
if err != nil {
|
2022-04-08 06:40:22 +02:00
|
|
|
return []byte{}, fmt.Errorf("failed to decrypt: %v", err)
|
2022-04-08 05:59:40 +02:00
|
|
|
}
|
|
|
|
return plaintext, nil
|
|
|
|
}
|
|
|
|
|
|
|
|
func EncryptHistoryEntry(userSecret string, entry HistoryEntry) (shared.EncHistoryEntry, error) {
|
|
|
|
data, err := json.Marshal(entry)
|
|
|
|
if err != nil {
|
|
|
|
return shared.EncHistoryEntry{}, err
|
|
|
|
}
|
|
|
|
ciphertext, nonce, err := Encrypt(userSecret, data, []byte(UserId(userSecret)))
|
|
|
|
if err != nil {
|
|
|
|
return shared.EncHistoryEntry{}, err
|
|
|
|
}
|
|
|
|
return shared.EncHistoryEntry{
|
|
|
|
EncryptedData: ciphertext,
|
|
|
|
Nonce: nonce,
|
|
|
|
UserId: UserId(userSecret),
|
|
|
|
Date: time.Now(),
|
|
|
|
EncryptedId: uuid.Must(uuid.NewRandom()).String(),
|
|
|
|
ReadCount: 0,
|
|
|
|
}, nil
|
|
|
|
}
|
|
|
|
|
|
|
|
func DecryptHistoryEntry(userSecret string, entry shared.EncHistoryEntry) (HistoryEntry, error) {
|
|
|
|
if entry.UserId != UserId(userSecret) {
|
2022-04-08 06:40:22 +02:00
|
|
|
return HistoryEntry{}, fmt.Errorf("refusing to decrypt history entry with mismatching UserId")
|
2022-04-08 05:59:40 +02:00
|
|
|
}
|
|
|
|
plaintext, err := Decrypt(userSecret, entry.EncryptedData, []byte(UserId(userSecret)), entry.Nonce)
|
|
|
|
if err != nil {
|
|
|
|
return HistoryEntry{}, nil
|
|
|
|
}
|
|
|
|
var decryptedEntry HistoryEntry
|
|
|
|
err = json.Unmarshal(plaintext, &decryptedEntry)
|
|
|
|
if err != nil {
|
|
|
|
return HistoryEntry{}, nil
|
|
|
|
}
|
|
|
|
return decryptedEntry, nil
|
|
|
|
}
|
|
|
|
|
2022-04-09 03:23:17 +02:00
|
|
|
func parseTimeGenerously(input string) (time.Time, error) {
|
2022-09-08 07:53:48 +02:00
|
|
|
input = strings.ReplaceAll(input, "_", " ")
|
2022-04-12 08:22:49 +02:00
|
|
|
return dateparse.ParseLocal(input)
|
2022-04-09 03:23:17 +02:00
|
|
|
}
|
|
|
|
|
2022-09-18 18:42:24 +02:00
|
|
|
func makeWhereQueryFromSearch(db *gorm.DB, query string) (*gorm.DB, error) {
|
2022-04-08 05:59:40 +02:00
|
|
|
tokens, err := tokenize(query)
|
|
|
|
if err != nil {
|
|
|
|
return nil, fmt.Errorf("failed to tokenize query: %v", err)
|
|
|
|
}
|
2022-09-18 18:42:24 +02:00
|
|
|
tx := db.Model(&HistoryEntry{}).Where("true")
|
2022-04-08 05:59:40 +02:00
|
|
|
for _, token := range tokens {
|
2022-04-12 07:36:52 +02:00
|
|
|
if strings.HasPrefix(token, "-") {
|
|
|
|
if strings.Contains(token, ":") {
|
2022-09-08 08:20:31 +02:00
|
|
|
query, v1, v2, err := parseAtomizedToken(token[1:])
|
2022-04-09 03:23:17 +02:00
|
|
|
if err != nil {
|
2022-04-12 07:36:52 +02:00
|
|
|
return nil, err
|
2022-04-09 03:23:17 +02:00
|
|
|
}
|
2022-09-08 08:20:31 +02:00
|
|
|
tx = tx.Where("NOT "+query, v1, v2)
|
2022-04-12 07:36:52 +02:00
|
|
|
} else {
|
|
|
|
query, v1, v2, v3, err := parseNonAtomizedToken(token[1:])
|
2022-04-09 03:23:17 +02:00
|
|
|
if err != nil {
|
2022-04-12 07:36:52 +02:00
|
|
|
return nil, err
|
2022-04-09 03:23:17 +02:00
|
|
|
}
|
2022-04-12 07:36:52 +02:00
|
|
|
tx = tx.Where("NOT "+query, v1, v2, v3)
|
2022-04-08 07:53:39 +02:00
|
|
|
}
|
2022-04-12 07:36:52 +02:00
|
|
|
} else if strings.Contains(token, ":") {
|
2022-09-08 08:20:31 +02:00
|
|
|
query, v1, v2, err := parseAtomizedToken(token)
|
2022-04-12 07:36:52 +02:00
|
|
|
if err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
2022-09-08 08:20:31 +02:00
|
|
|
tx = tx.Where(query, v1, v2)
|
2022-04-08 05:59:40 +02:00
|
|
|
} else {
|
2022-04-12 07:36:52 +02:00
|
|
|
query, v1, v2, v3, err := parseNonAtomizedToken(token)
|
|
|
|
if err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
tx = tx.Where(query, v1, v2, v3)
|
2022-04-08 05:59:40 +02:00
|
|
|
}
|
|
|
|
}
|
2022-09-18 18:42:24 +02:00
|
|
|
return tx, nil
|
|
|
|
}
|
|
|
|
|
|
|
|
func Redact(db *gorm.DB, query string) error {
|
|
|
|
tx, err := makeWhereQueryFromSearch(db, query)
|
|
|
|
if err != nil {
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
var count int64
|
|
|
|
res := tx.Count(&count)
|
|
|
|
if res.Error != nil {
|
|
|
|
return res.Error
|
|
|
|
}
|
|
|
|
fmt.Printf("This will permanently delete %d entries, are you sure? [y/N]", count)
|
|
|
|
reader := bufio.NewReader(os.Stdin)
|
|
|
|
resp, err := reader.ReadString('\n')
|
|
|
|
if err != nil {
|
|
|
|
return fmt.Errorf("failed to read response: %v", err)
|
|
|
|
}
|
|
|
|
if strings.TrimSpace(resp) != "y" {
|
|
|
|
fmt.Printf("Aborting delete per user response of %#v\n", strings.TrimSpace(resp))
|
|
|
|
return nil
|
|
|
|
}
|
|
|
|
tx, err = makeWhereQueryFromSearch(db, query)
|
|
|
|
if err != nil {
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
res = tx.Delete(&HistoryEntry{})
|
|
|
|
if res.Error != nil {
|
|
|
|
return res.Error
|
|
|
|
}
|
|
|
|
return nil
|
|
|
|
}
|
|
|
|
|
|
|
|
func Search(db *gorm.DB, query string, limit int) ([]*HistoryEntry, error) {
|
|
|
|
tx, err := makeWhereQueryFromSearch(db, query)
|
|
|
|
if err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
2022-04-08 05:59:40 +02:00
|
|
|
tx = tx.Order("end_time DESC")
|
|
|
|
if limit > 0 {
|
|
|
|
tx = tx.Limit(limit)
|
|
|
|
}
|
|
|
|
var historyEntries []*HistoryEntry
|
|
|
|
result := tx.Find(&historyEntries)
|
|
|
|
if result.Error != nil {
|
|
|
|
return nil, fmt.Errorf("DB query error: %v", result.Error)
|
|
|
|
}
|
|
|
|
return historyEntries, nil
|
|
|
|
}
|
|
|
|
|
2022-04-12 07:36:52 +02:00
|
|
|
func parseNonAtomizedToken(token string) (string, interface{}, interface{}, interface{}, error) {
|
|
|
|
wildcardedToken := "%" + token + "%"
|
2022-06-13 05:28:40 +02:00
|
|
|
return "(command LIKE ? OR hostname LIKE ? OR current_working_directory LIKE ?)", wildcardedToken, wildcardedToken, wildcardedToken, nil
|
2022-04-12 07:36:52 +02:00
|
|
|
}
|
|
|
|
|
2022-09-08 08:20:31 +02:00
|
|
|
func parseAtomizedToken(token string) (string, interface{}, interface{}, error) {
|
2022-04-12 07:36:52 +02:00
|
|
|
splitToken := strings.SplitN(token, ":", 2)
|
|
|
|
field := splitToken[0]
|
|
|
|
val := splitToken[1]
|
|
|
|
switch field {
|
|
|
|
case "user":
|
2022-09-08 08:20:31 +02:00
|
|
|
return "(local_username = ?)", val, nil, nil
|
2022-04-22 06:10:25 +02:00
|
|
|
case "host":
|
|
|
|
fallthrough
|
2022-04-12 07:36:52 +02:00
|
|
|
case "hostname":
|
2022-09-08 08:20:31 +02:00
|
|
|
return "(instr(hostname, ?) > 0)", val, nil, nil
|
2022-04-12 07:36:52 +02:00
|
|
|
case "cwd":
|
2022-09-08 08:20:31 +02:00
|
|
|
return "(instr(current_working_directory, ?) > 0 OR instr(REPLACE(current_working_directory, '~/', home_directory), ?) > 0)", strings.TrimSuffix(val, "/"), strings.TrimSuffix(val, "/"), nil
|
2022-04-12 07:36:52 +02:00
|
|
|
case "exit_code":
|
2022-09-08 08:20:31 +02:00
|
|
|
return "(exit_code = ?)", val, nil, nil
|
2022-04-12 07:36:52 +02:00
|
|
|
case "before":
|
|
|
|
t, err := parseTimeGenerously(val)
|
|
|
|
if err != nil {
|
2022-09-08 08:20:31 +02:00
|
|
|
return "", nil, nil, fmt.Errorf("failed to parse before:%s as a timestamp: %v", val, err)
|
2022-04-12 07:36:52 +02:00
|
|
|
}
|
2022-09-08 08:20:31 +02:00
|
|
|
return "(CAST(strftime(\"%s\",start_time) AS INTEGER) < ?)", t.Unix(), nil, nil
|
2022-04-12 07:36:52 +02:00
|
|
|
case "after":
|
|
|
|
t, err := parseTimeGenerously(val)
|
|
|
|
if err != nil {
|
2022-09-08 08:20:31 +02:00
|
|
|
return "", nil, nil, fmt.Errorf("failed to parse after:%s as a timestamp: %v", val, err)
|
2022-04-12 07:36:52 +02:00
|
|
|
}
|
2022-09-08 08:20:31 +02:00
|
|
|
return "(CAST(strftime(\"%s\",start_time) AS INTEGER) > ?)", t.Unix(), nil, nil
|
2022-04-12 07:36:52 +02:00
|
|
|
default:
|
2022-09-08 08:20:31 +02:00
|
|
|
return "", nil, nil, fmt.Errorf("search query contains unknown search atom %s", field)
|
2022-04-12 07:36:52 +02:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2022-04-08 05:59:40 +02:00
|
|
|
func tokenize(query string) ([]string, error) {
|
|
|
|
if query == "" {
|
|
|
|
return []string{}, nil
|
|
|
|
}
|
|
|
|
return strings.Split(query, " "), nil
|
|
|
|
}
|
|
|
|
|
|
|
|
func EntryEquals(entry1, entry2 HistoryEntry) bool {
|
|
|
|
return entry1.LocalUsername == entry2.LocalUsername &&
|
|
|
|
entry1.Hostname == entry2.Hostname &&
|
|
|
|
entry1.Command == entry2.Command &&
|
|
|
|
entry1.CurrentWorkingDirectory == entry2.CurrentWorkingDirectory &&
|
2022-09-08 08:20:31 +02:00
|
|
|
entry1.HomeDirectory == entry2.HomeDirectory &&
|
2022-04-08 05:59:40 +02:00
|
|
|
entry1.ExitCode == entry2.ExitCode &&
|
|
|
|
entry1.StartTime.Format(time.RFC3339) == entry2.StartTime.Format(time.RFC3339) &&
|
|
|
|
entry1.EndTime.Format(time.RFC3339) == entry2.EndTime.Format(time.RFC3339)
|
|
|
|
}
|
|
|
|
|
|
|
|
func MakeFakeHistoryEntry(command string) HistoryEntry {
|
|
|
|
return HistoryEntry{
|
2022-06-13 05:28:40 +02:00
|
|
|
LocalUsername: "david",
|
|
|
|
Hostname: "localhost",
|
|
|
|
Command: command,
|
|
|
|
CurrentWorkingDirectory: "/tmp/",
|
2022-09-08 08:20:31 +02:00
|
|
|
HomeDirectory: "/home/david/",
|
2022-06-13 05:28:40 +02:00
|
|
|
ExitCode: 2,
|
|
|
|
StartTime: time.Now(),
|
|
|
|
EndTime: time.Now(),
|
2022-04-08 05:59:40 +02:00
|
|
|
}
|
|
|
|
}
|