Secrets are now stored as AES encrypted -> Base64 encoded strings, retrieval is still plaintext and will need to be updated to reflect the required unencoding and decryption process
This commit is contained in:
parent
bbe315c450
commit
478384aae9
21
Purr.cabal
21
Purr.cabal
@ -48,8 +48,11 @@ library
|
|||||||
ScopedTypeVariables
|
ScopedTypeVariables
|
||||||
build-depends:
|
build-depends:
|
||||||
base >=4.7
|
base >=4.7
|
||||||
|
, base64-bytestring >=1.2.0.0
|
||||||
, blaze-html >=0.9.1.0
|
, blaze-html >=0.9.1.0
|
||||||
, containers
|
, bytestring >=0.10.12.1
|
||||||
|
, containers >=0.6.4.1
|
||||||
|
, crypto-simple >=0.1.0.0
|
||||||
, dhall >=1.40 && <1.41.2
|
, dhall >=1.40 && <1.41.2
|
||||||
, http-types >=0.12.3
|
, http-types >=0.12.3
|
||||||
, iso8601-time >=0.1.5
|
, iso8601-time >=0.1.5
|
||||||
@ -58,7 +61,7 @@ library
|
|||||||
, scotty ==0.12
|
, scotty ==0.12
|
||||||
, shakespeare >=2.0.20
|
, shakespeare >=2.0.20
|
||||||
, sqlite-simple >=0.4.18.0
|
, sqlite-simple >=0.4.18.0
|
||||||
, text >=1.2
|
, text >=1.2.5.0
|
||||||
, time >=1.9
|
, time >=1.9
|
||||||
, wai-extra >=3.1.12.1
|
, wai-extra >=3.1.12.1
|
||||||
, wai-middleware-static >=0.5
|
, wai-middleware-static >=0.5
|
||||||
@ -82,8 +85,11 @@ executable Purr-exe
|
|||||||
build-depends:
|
build-depends:
|
||||||
Purr
|
Purr
|
||||||
, base >=4.7
|
, base >=4.7
|
||||||
|
, base64-bytestring >=1.2.0.0
|
||||||
, blaze-html >=0.9.1.0
|
, blaze-html >=0.9.1.0
|
||||||
, containers
|
, bytestring >=0.10.12.1
|
||||||
|
, containers >=0.6.4.1
|
||||||
|
, crypto-simple >=0.1.0.0
|
||||||
, dhall >=1.40 && <1.41.2
|
, dhall >=1.40 && <1.41.2
|
||||||
, http-types >=0.12.3
|
, http-types >=0.12.3
|
||||||
, iso8601-time >=0.1.5
|
, iso8601-time >=0.1.5
|
||||||
@ -92,7 +98,7 @@ executable Purr-exe
|
|||||||
, scotty ==0.12
|
, scotty ==0.12
|
||||||
, shakespeare >=2.0.20
|
, shakespeare >=2.0.20
|
||||||
, sqlite-simple >=0.4.18.0
|
, sqlite-simple >=0.4.18.0
|
||||||
, text >=1.2
|
, text >=1.2.5.0
|
||||||
, time >=1.9
|
, time >=1.9
|
||||||
, wai-extra >=3.1.12.1
|
, wai-extra >=3.1.12.1
|
||||||
, wai-middleware-static >=0.5
|
, wai-middleware-static >=0.5
|
||||||
@ -117,8 +123,11 @@ test-suite Purr-test
|
|||||||
build-depends:
|
build-depends:
|
||||||
Purr
|
Purr
|
||||||
, base >=4.7
|
, base >=4.7
|
||||||
|
, base64-bytestring >=1.2.0.0
|
||||||
, blaze-html >=0.9.1.0
|
, blaze-html >=0.9.1.0
|
||||||
, containers
|
, bytestring >=0.10.12.1
|
||||||
|
, containers >=0.6.4.1
|
||||||
|
, crypto-simple >=0.1.0.0
|
||||||
, dhall >=1.40 && <1.41.2
|
, dhall >=1.40 && <1.41.2
|
||||||
, http-types >=0.12.3
|
, http-types >=0.12.3
|
||||||
, iso8601-time >=0.1.5
|
, iso8601-time >=0.1.5
|
||||||
@ -127,7 +136,7 @@ test-suite Purr-test
|
|||||||
, scotty ==0.12
|
, scotty ==0.12
|
||||||
, shakespeare >=2.0.20
|
, shakespeare >=2.0.20
|
||||||
, sqlite-simple >=0.4.18.0
|
, sqlite-simple >=0.4.18.0
|
||||||
, text >=1.2
|
, text >=1.2.5.0
|
||||||
, time >=1.9
|
, time >=1.9
|
||||||
, wai-extra >=3.1.12.1
|
, wai-extra >=3.1.12.1
|
||||||
, wai-middleware-static >=0.5
|
, wai-middleware-static >=0.5
|
||||||
|
@ -10,6 +10,6 @@
|
|||||||
, applicationHost = "REPLACEME"
|
, applicationHost = "REPLACEME"
|
||||||
, applicationPort = +3000
|
, applicationPort = +3000
|
||||||
, dbFile = "data/Purr.sqlite"
|
, dbFile = "data/Purr.sqlite"
|
||||||
, dbSalt = "REPLACEME!!!!!"
|
, dbKey = "REPLACEME!!!!!"
|
||||||
, linkLength = +24
|
, linkLength = +24
|
||||||
}
|
}
|
||||||
|
@ -29,8 +29,11 @@ description: https://git.eversole.co/James/Purr
|
|||||||
|
|
||||||
dependencies:
|
dependencies:
|
||||||
- base >= 4.7
|
- base >= 4.7
|
||||||
|
- base64-bytestring >= 1.2.0.0
|
||||||
- blaze-html >= 0.9.1.0
|
- blaze-html >= 0.9.1.0
|
||||||
- containers
|
- bytestring >= 0.10.12.1
|
||||||
|
- containers >= 0.6.4.1
|
||||||
|
- crypto-simple >= 0.1.0.0
|
||||||
- dhall >= 1.40 && < 1.41.2
|
- dhall >= 1.40 && < 1.41.2
|
||||||
- http-types >= 0.12.3
|
- http-types >= 0.12.3
|
||||||
- iso8601-time >= 0.1.5
|
- iso8601-time >= 0.1.5
|
||||||
@ -40,7 +43,7 @@ dependencies:
|
|||||||
- shakespeare >= 2.0.20
|
- shakespeare >= 2.0.20
|
||||||
- sqlite-simple >= 0.4.18.0
|
- sqlite-simple >= 0.4.18.0
|
||||||
- time >= 1.9
|
- time >= 1.9
|
||||||
- text >= 1.2
|
- text >= 1.2.5.0
|
||||||
- wai-extra >= 3.1.12.1
|
- wai-extra >= 3.1.12.1
|
||||||
- wai-middleware-static >= 0.5
|
- wai-middleware-static >= 0.5
|
||||||
|
|
||||||
|
@ -22,3 +22,8 @@ dbPath :: PurrAction String
|
|||||||
dbPath = do
|
dbPath = do
|
||||||
conf <- lift ask
|
conf <- lift ask
|
||||||
return $ dbFile conf
|
return $ dbFile conf
|
||||||
|
|
||||||
|
encKey :: PurrAction String
|
||||||
|
encKey = do
|
||||||
|
conf <- lift ask
|
||||||
|
return $ dbKey conf
|
||||||
|
@ -20,6 +20,6 @@ data DhallConfig = DhallConfig
|
|||||||
, applicationHost :: String
|
, applicationHost :: String
|
||||||
, applicationPort :: Int
|
, applicationPort :: Int
|
||||||
, dbFile :: String
|
, dbFile :: String
|
||||||
, dbSalt :: String
|
, dbKey :: String
|
||||||
, linkLength :: Int
|
, linkLength :: Int
|
||||||
} deriving (Generic, Show)
|
} deriving (Generic, Show)
|
||||||
|
@ -5,12 +5,16 @@ import Core.SQLite
|
|||||||
import Feature.Sharing.Types
|
import Feature.Sharing.Types
|
||||||
|
|
||||||
import Control.Monad.Reader (ask, lift, liftIO)
|
import Control.Monad.Reader (ask, lift, liftIO)
|
||||||
|
import Crypto.Simple.CBC (encrypt, decrypt)
|
||||||
import Data.Maybe (listToMaybe)
|
import Data.Maybe (listToMaybe)
|
||||||
import Data.Time.Clock.POSIX (getPOSIXTime)
|
import Data.Time.Clock.POSIX (getPOSIXTime)
|
||||||
import Database.SQLite.Simple
|
import Database.SQLite.Simple
|
||||||
import Database.SQLite.Simple.FromRow
|
import Database.SQLite.Simple.FromRow
|
||||||
|
|
||||||
|
import qualified Data.ByteString.Base64 as B64
|
||||||
|
import qualified Data.ByteString.Char8 as B
|
||||||
import qualified Data.Text as T
|
import qualified Data.Text as T
|
||||||
|
import qualified Data.Text.Encoding as ET
|
||||||
import qualified Data.Text.Lazy as LT
|
import qualified Data.Text.Lazy as LT
|
||||||
|
|
||||||
findByLink :: String -> PurrAction (Maybe SecretEntry)
|
findByLink :: String -> PurrAction (Maybe SecretEntry)
|
||||||
@ -24,12 +28,17 @@ findByLink link = do
|
|||||||
insertNewSecret :: T.Text -> T.Text -> PurrAction ()
|
insertNewSecret :: T.Text -> T.Text -> PurrAction ()
|
||||||
insertNewSecret sec link = do
|
insertNewSecret sec link = do
|
||||||
db <- dbPath
|
db <- dbPath
|
||||||
|
key <- encKey
|
||||||
|
encSec <- liftIO $ encrypt (B.pack key) (ET.encodeUtf8 sec)
|
||||||
conn <- liftIO $ open db
|
conn <- liftIO $ open db
|
||||||
time <- liftIO $ epochTime
|
time <- liftIO $ epochTime
|
||||||
liftIO $ execute conn
|
liftIO $ execute conn
|
||||||
"INSERT INTO pws (link, secret, date) VALUES (?, ?, ?)"
|
"INSERT INTO pws (link, secret, date) VALUES (?, ?, ?)"
|
||||||
(SecretEntry link sec time)
|
(SecretEntry link (encodeSecret encSec) time)
|
||||||
liftIO $ close conn
|
liftIO $ close conn
|
||||||
|
|
||||||
epochTime :: IO Integer
|
epochTime :: IO Integer
|
||||||
epochTime = fmap round getPOSIXTime
|
epochTime = fmap round getPOSIXTime
|
||||||
|
|
||||||
|
encodeSecret :: B.ByteString -> T.Text
|
||||||
|
encodeSecret b = ET.decodeUtf8 $ B64.encode b
|
||||||
|
@ -36,8 +36,7 @@ packages:
|
|||||||
# forks / in-progress versions pinned to a git hash. For example:
|
# forks / in-progress versions pinned to a git hash. For example:
|
||||||
#
|
#
|
||||||
extra-deps:
|
extra-deps:
|
||||||
- AesonBson-0.4.1@sha256:30a4ecb39e8da94dc1e1e8945eb0d4e33a833ae4342841b3c87c56b5918a90a1,1398
|
- crypto-simple-0.1.0.0@sha256:5c0e1e04a814d903743d7543245951a91a46817230fdf478fadca57116805fc1,1502
|
||||||
- bson-generic-0.0.9@sha256:ea6685daa618b2bbe6e189c33e195e812501baf42f53183eedc16f011690895a,817
|
|
||||||
|
|
||||||
ghc-options:
|
ghc-options:
|
||||||
'$everything': -haddock
|
'$everything': -haddock
|
||||||
|
@ -5,19 +5,12 @@
|
|||||||
|
|
||||||
packages:
|
packages:
|
||||||
- completed:
|
- completed:
|
||||||
hackage: AesonBson-0.4.1@sha256:30a4ecb39e8da94dc1e1e8945eb0d4e33a833ae4342841b3c87c56b5918a90a1,1398
|
hackage: crypto-simple-0.1.0.0@sha256:5c0e1e04a814d903743d7543245951a91a46817230fdf478fadca57116805fc1,1502
|
||||||
pantry-tree:
|
pantry-tree:
|
||||||
size: 378
|
size: 472
|
||||||
sha256: 10c7444de357f7fc1473542d8b3307811420889be32d5a2033d0dbc2d32a375d
|
sha256: 66c4ac2c2ddb74d31370026799a44fa78dc3b64d82cec0a1bc87b30e816195a4
|
||||||
original:
|
original:
|
||||||
hackage: AesonBson-0.4.1@sha256:30a4ecb39e8da94dc1e1e8945eb0d4e33a833ae4342841b3c87c56b5918a90a1,1398
|
hackage: crypto-simple-0.1.0.0@sha256:5c0e1e04a814d903743d7543245951a91a46817230fdf478fadca57116805fc1,1502
|
||||||
- completed:
|
|
||||||
hackage: bson-generic-0.0.9@sha256:ea6685daa618b2bbe6e189c33e195e812501baf42f53183eedc16f011690895a,817
|
|
||||||
pantry-tree:
|
|
||||||
size: 220
|
|
||||||
sha256: 46d452c35c2c762af25bf4d85b5248a94cbbe5b282bc4b1217d0ab3451011ae9
|
|
||||||
original:
|
|
||||||
hackage: bson-generic-0.0.9@sha256:ea6685daa618b2bbe6e189c33e195e812501baf42f53183eedc16f011690895a,817
|
|
||||||
snapshots:
|
snapshots:
|
||||||
- completed:
|
- completed:
|
||||||
size: 618740
|
size: 618740
|
||||||
|
Loading…
x
Reference in New Issue
Block a user