feat(cli): save secrets in single file

swordev · Nov 21, 2023 · cf18e38 · cf18e38
1 parent d764d46
commit cf18e38
Show file tree

Hide file tree

Showing 9 changed files with 41 additions and 14 deletions.
diff --git a/.changeset/curly-socks-brush.md b/.changeset/curly-socks-brush.md
@@ -0,0 +1,5 @@
+---
+"@rtpl/cli": minor
+---
+
+Save secrets in single file
diff --git a/packages/cli/src/actions/diff.ts b/packages/cli/src/actions/diff.ts
@@ -11,7 +11,7 @@ export type DiffOptions = GlobalOptions & {
 };
 export default async function diff(options: DiffOptions) {
   const tpl = await readTplFile(options.templatePath);
-  const resources = await resolveTpl(tpl, {
+  const { resources } = await resolveTpl(tpl, {
     filter: options.filter,
     lockPath: options.lockPath,
     outPath: options.outPath,

diff --git a/packages/cli/src/actions/install.ts b/packages/cli/src/actions/install.ts
@@ -12,7 +12,7 @@ import { readTplFile, resolveTpl } from "../utils/self/resolve.js";
 import backup from "./backup.js";
 import diff from "./diff.js";
 import chalk from "chalk";
-import { rmdir } from "fs/promises";
+import { rmdir, writeFile } from "fs/promises";
 import { dirname, join } from "path";
 
 export type InstallActionOptions = GlobalOptions & {
@@ -49,12 +49,16 @@ export default async function install(options: InstallActionOptions) {
   }
 
   const tpl = await readTplFile(options.templatePath);
-  const resources = await resolveTpl(tpl, {
+  const { resources, secrets } = await resolveTpl(tpl, {
     filter: options.filter,
     lockPath: options.lockPath,
     outPath: options.outPath,
   });
 
+  const secretsPath = join(dirname(options.lockPath), "rtpl.secrets.json");
+
+  await writeFile(secretsPath, JSON.stringify(secrets, null, 2));
+
   //await tpl.onBeforeInstall?.(options);
 
   const lockData = lock.parseFile(options.lockPath, true) ?? {

diff --git a/packages/cli/src/actions/render.ts b/packages/cli/src/actions/render.ts
@@ -3,7 +3,7 @@ import { readTplFile, resolveTpl } from "../utils/self/resolve.js";
 
 export default async function render(options: GlobalOptions) {
   const tpl = await readTplFile(options.templatePath);
-  const resources = await resolveTpl(tpl, {
+  const { resources } = await resolveTpl(tpl, {
     filter: options.filter,
     lockPath: options.lockPath,
     outPath: options.outPath,

diff --git a/packages/cli/src/index.ts b/packages/cli/src/index.ts
@@ -4,10 +4,11 @@ export { MinimalTpl, MinimalTplConfig } from "./utils/self/tpl.js";
 export {
   AbstractRes,
   type ResOptions,
+  type MinimalRes,
   ResType,
 } from "./resources/AbstractRes.js";
 export { CronRes, CronData } from "./resources/CronRes.js";
-export { DirRes, DirData } from "./resources/DirRes.js";
+export { DirRes, DirData, type MinimalDirRes } from "./resources/DirRes.js";
 export { EnvRes, EnvData } from "./resources/EnvRes.js";
 export { IniRes, IniData } from "./resources/IniRes.js";
 export { JsonRes } from "./resources/JsonRes.js";

diff --git a/packages/cli/src/resources/AbstractRes.ts b/packages/cli/src/resources/AbstractRes.ts
@@ -1,3 +1,4 @@
+import { Secrets } from "../utils/self/secrets.js";
 import { Call, getLastStacks } from "../utils/stack.js";
 import { DelayedValue, setDelayedValue } from "./DelayedValue.js";
 import { posix } from "path";
@@ -88,7 +89,7 @@ export abstract class AbstractRes<
     );
   }
 
-  async onReady(path: string) {
+  async onReady(path: string, secrets: Secrets) {
     setDelayedValue(this.path, path);
     setDelayedValue(this.dirname, path);
   }

diff --git a/packages/cli/src/resources/SecretRes.ts b/packages/cli/src/resources/SecretRes.ts
@@ -6,7 +6,7 @@ import {
   randomString,
   upperAlphaCharset,
 } from "../utils/crypto.js";
-import { readIfExists } from "../utils/fs.js";
+import { Secrets } from "../utils/self/secrets.js";
 import { AbstractRes, ResOptions, ResType } from "./AbstractRes.js";
 import { DelayedValue, setDelayedValue } from "./DelayedValue.js";
 
@@ -46,7 +46,7 @@ export class SecretRes extends AbstractRes<
   protected override readonly type = ResType.Secret;
   private value: DelayedValue<string>;
   readonly hasNewValue: DelayedValue<boolean>;
-  constructor(readonly options: ResOptions<SecretData>) {
+  constructor(readonly options: ResOptions<SecretData | undefined>) {
     super(options);
     this.value = new DelayedValue(undefined, this.lastStacks);
     this.hasNewValue = new DelayedValue(undefined, this.lastStacks);
@@ -60,9 +60,9 @@ export class SecretRes extends AbstractRes<
   override toString() {
     return this.value.toString();
   }
-  override async onReady(path: string) {
-    await super.onReady(path);
-    const value = (await readIfExists(path))?.toString();
+  override async onReady(path: string, secrets: Secrets) {
+    await super.onReady(path, secrets);
+    const value = secrets[path];
     const hasNewValue = value ? false : true;
     const generate = this.data?.generate ?? true;
     let endValue = value;
@@ -83,7 +83,7 @@ export class SecretRes extends AbstractRes<
       if (charset.length <= 10) {
         throw new Error(`Charset length is too small`);
       }
-      endValue = randomString(length, charset);
+      endValue = secrets[path] = randomString(length, charset);
     }
     const auxValue = await this.data?.onReady?.({
       path,

diff --git a/packages/cli/src/utils/self/resolve.ts b/packages/cli/src/utils/self/resolve.ts
@@ -5,6 +5,7 @@ import { isPlainObject } from "../object.js";
 import { isDir, isPath, stripRootBackPaths } from "../path.js";
 import { makeFilter } from "../string.js";
 import { createResourceSystem } from "./rs.js";
+import { getSecretsPath, parseSecretsFile } from "./secrets.js";
 import { MinimalTpl, ResourcesResultItem } from "./tpl.js";
 import mm from "micromatch";
 import { basename, dirname, join, relative } from "path";
@@ -194,11 +195,13 @@ export async function resolveTpl(
     await item.tpl.config.onResolve?.bind(rs)(item.resources, tplOptions);
   }
 
+  const secretsPath = getSecretsPath(lockDir);
+  const secrets = await parseSecretsFile(secretsPath);
   const resources = await resolveResources({
     ...resolveOptions,
     resources: inResources,
     onValue: async (path, res, actions) => {
-      await res.onReady(posix.join(outFolder, path));
+      await res.onReady(posix.join(outFolder, path), secrets);
       if (MinimalDirRes.isInstance(res)) {
         actions.add = false;
         actions.process = !res.resolved;
@@ -218,5 +221,5 @@ export async function resolveTpl(
     delete resources[path];
   }
 
-  return resources;
+  return { resources, secrets };
 }
diff --git a/packages/cli/src/utils/self/secrets.ts b/packages/cli/src/utils/self/secrets.ts
@@ -0,0 +1,13 @@
+import { readIfExists } from "../fs.js";
+import { join } from "path";
+
+export type Secrets = Record<string /* path */, string>;
+
+export function getSecretsPath(dir: string) {
+  return join(dir, "rtpl.secrets.json");
+}
+
+export async function parseSecretsFile(path: string): Promise<Secrets> {
+  const buffer = await readIfExists(path);
+  return buffer ? JSON.parse(buffer.toString()) : {};
+}