Include the key-rotater project in the monorepo

2025-03-18 13:45:11 -04:00 · 2025-03-18 13:45:11 -04:00 · 42d2705a84
commit 42d2705a84
parent 878ff48d95
4 changed files with 100 additions and 0 deletions
--- a/key-rotater/.gitignore
+++ b/key-rotater/.gitignore
@ -0,0 +1 @@
 /target
--- a/key-rotater/Cargo.toml
+++ b/key-rotater/Cargo.toml
@ -0,0 +1,10 @@
 [package]
 name = "debt-pirate-key-rotater"
 version = "0.1.0"
 edition = "2021"
 [dependencies]
 base64 = "0.22.1"
 clap = { version = "4.5", features = ["derive"] }
 humantime = "2.1"
 pasetors = "0.7"
--- a/key-rotater/README.md
+++ b/key-rotater/README.md
@ -0,0 +1,9 @@
 # Debt Pirate Key Rotater
 Creates new PASETO keys for use in the API
 ## Example
 ```
 $ dd if=/dev/urandom bs=32 count=1 2>/dev/null | base64 | xargs cargo run --
 ```
--- a/key-rotater/src/main.rs
+++ b/key-rotater/src/main.rs
@ -0,0 +1,80 @@
 use std::{
    env,
    io::{self, BufRead, Write},
    process,
    time::{Duration, SystemTime},
 };
 use base64::prelude::*;
 use humantime::format_rfc3339_seconds;
 use pasetors::{
    keys::SymmetricKey,
    paserk::{FormatAsPaserk, Id},
    version4::V4,
 };
 fn main() {
    let encoded_secret = read_secret();
    let secret = if let Ok(secret) = decode_secret(encoded_secret) {
        secret
    } else {
        eprintln!("Not a valid 32-byte, base64 encoded string.");
        process::exit(1);
    };
    let (id, key) = generate_local_key(secret.as_slice());
    let mut id_string = String::new();
    id.fmt(&mut id_string).unwrap();
    let one_year: Duration = Duration::from_secs_f64(60_f64 * 60_f64 * 24_f64 * 365.25_f64);
    let expiration = format_rfc3339_seconds(SystemTime::now() + one_year);
    println!("ID: {id_string}\nKey: {key}\nExpiration: {expiration}");
 }
 fn read_secret() -> String {
    let secret_arg = env::args().skip(1).last();
    let secret = if let Some(secret) = secret_arg {
        secret
    } else {
        print!("Enter a 32-byte, base64 encoded string: ");
        let _ = io::stdout().flush();
        let mut buffer = String::with_capacity(32);
        let stdin = io::stdin();
        stdin.lock().read_line(&mut buffer).unwrap();
        buffer
            .strip_suffix("\r\n")
            .or(buffer.strip_suffix("\n"))
            .map(|buffer| buffer.to_owned())
            .unwrap_or(buffer)
    };
    secret
 }
 fn decode_secret(secret: String) -> Result<Vec<u8>, ()> {
    BASE64_STANDARD
        .decode(secret)
        .map_err(|_| ())
        .and_then(|secret| {
            if secret.len() != 32 {
                Err(())
            } else {
                Ok(secret)
            }
        })
 }
 fn generate_local_key(secret: &[u8]) -> (Id, String) {
    let key = SymmetricKey::<V4>::from(secret).unwrap();
    let mut serialized_key = String::with_capacity(54);
    let _ = key.fmt(&mut serialized_key);
    let id = Id::from(&key);
    (id, serialized_key)
 }