julien.rbrt.fr / tangled-core
forked from tangled.org/core
Monorepo for Tangled — https://tangled.org
fork atom
tangled-core / spindle / secrets / manager.go
at push-vynsusnqpmus 1.3 kB view raw
1package secrets 2 3import ( 4 "errors" 5 "regexp" 6 "time" 7 8 "github.com/bluesky-social/indigo/atproto/syntax" 9) 10 11type DidSlashRepo string 12 13type Secret[T any] struct { 14 Key string 15 Value T 16 Repo DidSlashRepo 17 CreatedAt time.Time 18 CreatedBy syntax.DID 19} 20 21// the secret is not present 22type LockedSecret = Secret[struct{}] 23 24// the secret is present in plaintext, never expose this publicly, 25// only use in the workflow engine 26type UnlockedSecret = Secret[string] 27 28type Manager interface { 29 AddSecret(secret UnlockedSecret) error 30 RemoveSecret(secret Secret[any]) error 31 GetSecretsLocked(repo DidSlashRepo) ([]LockedSecret, error) 32 GetSecretsUnlocked(repo DidSlashRepo) ([]UnlockedSecret, error) 33} 34 35var ErrKeyAlreadyPresent = errors.New("key already present") 36var ErrInvalidKeyIdent = errors.New("key is not a valid identifier") 37var ErrKeyNotFound = errors.New("key not found") 38 39// ensure that we are satisfying the interface 40var ( 41 _ = []Manager{ 42 &SqliteManager{}, 43 } 44) 45 46var ( 47 // bash identifier syntax 48 keyIdent = regexp.MustCompile(`^[a-zA-Z_][a-zA-Z0-9_]*$`) 49) 50 51func isValidKey(key string) bool { 52 if key == "" { 53 return false 54 } 55 return keyIdent.MatchString(key) 56} 57 58func ValidateKey(key string) error { 59 if !isValidKey(key) { 60 return ErrInvalidKeyIdent 61 } 62 return nil 63}