-
Notifications
You must be signed in to change notification settings - Fork 2
/
Copy pathconfig.go
113 lines (94 loc) · 2.95 KB
/
config.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
package cryptfs
import (
"fmt"
"os"
)
type Config struct {
Compression CompressionConfig `json:"compression" yaml:"compression"`
Encryption EncryptionConfig `json:"encryption" yaml:"encryption"`
Encoding EncodingConfig `json:"encoding" yaml:"encoding"`
HMACKey string `json:"hmacKey" yaml:"hmacKey"`
}
type CompressionConfig struct {
Gzip *GzipConfig `json:"gzip" yaml:"gzip"`
}
type GzipConfig struct {
Level int `json:"level" yaml:"level"`
Required bool `json:"required" yaml:"required"`
}
type EncryptionConfig struct {
AES *AESConfig `json:"aes" yaml:"aes"`
GPG *GPGConfig `json:"gpg" yaml:"gpg"`
Vault *VaultConfig `json:"vault" yaml:"vault"`
}
type AESConfig struct {
Key string `json:"key" yaml:"key"`
KeyPath string `json:"keyPath" yaml:"keyPath"`
}
type GPGConfig struct {
PublicPath string `json:"publicPath" yaml:"publicPath"`
PrivatePath string `json:"privatePath" yaml:"privatePath"`
PrivatePassword string `json:"privatePassword" yaml:"privatePassword"`
}
type EncodingConfig struct {
Base64 bool `json:"base64" yaml:"base64"`
}
// FromConfig will create a *FS from the given Config
func FromConfig(conf Config) (*FS, error) {
var err error
// Encryption
cryptor := NoEncryption()
switch {
case conf.Encryption.AES != nil:
var key []byte
if len(conf.Encryption.AES.Key) > 0 {
key = []byte(conf.Encryption.AES.Key)
} else {
key, err = os.ReadFile(conf.Encryption.AES.KeyPath)
if err != nil {
return nil, fmt.Errorf("reading AES key from %s: %w", conf.Encryption.AES.KeyPath, err)
}
}
cryptor, err = NewAESCryptor(key)
case conf.Encryption.GPG != nil:
if conf.Encryption.GPG.PublicPath != "" && conf.Encryption.GPG.PrivatePath == "" {
cryptor, err = NewGPGEncryptorFile(conf.Encryption.GPG.PublicPath)
}
password := []byte(conf.Encryption.GPG.PrivatePassword)
if conf.Encryption.GPG.PublicPath == "" && conf.Encryption.GPG.PrivatePath != "" {
cryptor, err = NewGPGDecryptorFile(conf.Encryption.GPG.PrivatePath, password)
}
if conf.Encryption.GPG.PublicPath != "" && conf.Encryption.GPG.PrivatePath != "" {
cryptor, err = NewGPGCryptorFile(conf.Encryption.GPG.PublicPath, conf.Encryption.GPG.PrivatePath, password)
}
case conf.Encryption.Vault != nil:
cryptor, err = NewVaultCryptor(*conf.Encryption.Vault)
}
if err != nil {
return nil, fmt.Errorf("cryptor from config: %w", err)
}
// Setup the FS
fsys, err := New(cryptor)
if err != nil {
return nil, fmt.Errorf("cryptfs from config: %w", err)
}
// Compression
if conf.Compression.Gzip != nil {
compressor := Gzip()
if conf.Compression.Gzip.Level > 0 {
compressor = GzipLevel(conf.Compression.Gzip.Level)
}
if conf.Compression.Gzip.Required {
compressor = GzipRequired(conf.Compression.Gzip.Level)
}
fsys.SetCompression(compressor)
}
// Encoding
if conf.Encoding.Base64 {
fsys.SetCoder(Base64())
}
if len(conf.HMACKey) > 0 {
fsys.SetHMACKey([]byte(conf.HMACKey))
}
return fsys, nil
}