Encrypt the OBS password on first run

This makes sure it is at least not stored in plaintext somewhere.
2022-01-29 09:52:08 +01:00 · 2022-01-29 09:52:08 +01:00 · 2c5fbcc2fd
commit 2c5fbcc2fd
parent 4c8d4dc8b3
1 changed files with 40 additions and 21 deletions
--- a/oscbot/init.py
+++ b/oscbot/init.py
@ -1,10 +1,11 @@
 # SPDX-FileCopyrightText: 2022 Luca Beltrame <lbeltrame@kde.org>
 # SPDX-License-Identifier: AGPL-3.0-or-later

-from dataclasses import dataclass
+from dataclasses import dataclass, field
 from typing import Optional, List, Type, Tuple

 import aiohttp
+import cryptocode
 from lxml import objectify
 from jinja2 import BaseLoader, Environment

@ -46,7 +47,7 @@ class BuildResult:
 class BuildRepository:
    name: str
    arch: str
-    packages: List[BuildResult]
+    packages: List[BuildResult] = field(default_factory=list)


 class Config(BaseProxyConfig):
@ -56,8 +57,17 @@ class Config(BaseProxyConfig):
        helper.copy("instance_url")
        helper.copy("rebuild_token")
        helper.copy("trigger_token")
+        helper.copy("secret")
+
+        password = self["password"]
+        if len(password) < 91 and not password.endswith("=="):
+            encrypted_password = cryptocode.encrypt(password, self["secret"])
+            helper.base["password"] = encrypted_password
+        else:
+            helper.copy("password")
+
        helper.copy("username")
-        helper.copy("password")
+        helper.copy("repo_aliases")


 class OSCBot(Plugin):
@ -76,6 +86,19 @@ class OSCBot(Plugin):
    def get_config_class(cls) -> Type[BaseProxyConfig]:
        return Config

+    def get_alias(self, project_alias: str) -> Tuple[str, str, str, str, str]:
+        data = self.config["repo_aliases"][project_alias]
+        # There is no concept of non-positional arguments in maubot
+        # So we just use "all" in case we want to skip something
+        package = data["package"] if data["package"] != "all" else None
+        repository = (data["repository"] if data["repository"] != "all"
+                      else None)
+        arch = data["arch"] if data["arch"] != "all" else None
+        project = data["project"]
+        state = data["state"] if data["state"] != "all" else None
+
+        return (project, package, repository, state, arch)
+
    async def parse_rebuilpac(
            self,
            project: str,
@ -112,7 +135,8 @@ class OSCBot(Plugin):
            arch: Optional[str] = None) -> List[BuildRepository]:

        username = self.config["username"]
-        password = self.config["password"]
+        password = cryptocode.decrypt(self.config["password"],
+                                      self.config["secret"])

        api_url = self.config["api_url"]
        api_call = f"{api_url}/build/{project}/_result"
@ -179,7 +203,7 @@ class OSCBot(Plugin):
    @osc.subcommand(
        "rebuildpac", aliases=("rb",),
        help="Rebuild a package or all packages in the repositories")
-    @command.argument("project", "project name")
+    @command.argument("project", "project name/alias")
    @command.argument("package", "package name (or \"all\" for all packages)")
    @command.argument("repository", "repository (optional)", required=False)
    @command.argument("arch", "architecture (optional)", required=False)
@ -189,12 +213,9 @@ class OSCBot(Plugin):
                         repository: Optional[str] = None,
                         arch: Optional[str] = None) -> None:

-        if package == "all":
-            package = None
-        if repository == "all":
-            repository = None
-        if arch == "all":
-            arch = None
+        package = None if package == "all" else package
+        repository = None if repository == "all" else repository
+        arch = None if arch == "all" else arch

        result, status = await self.parse_rebuilpac(project, package,
                                                    repository,
@ -244,16 +265,14 @@ class OSCBot(Plugin):
                     repository: Optional[str] = None,
                     arch: Optional[str] = None) -> None:

-        # There is no concept of non-positional arguments in maubot
-        # So we just use "all" in case we want to skip something
-        if state == "all":
-            state = None
-        if package == "all":
-            package = None
-        if repository == "all":
-            repository = None
-        if arch == "all":
-            arch = None
+        if project in self.config["repo_aliases"]:
+            project, package, repository, state, arch = self.get_alias(project)
+        else:
+            # There is no concept of non-positional arguments in maubot
+            # So we just use "all" in case we want to skip something
+            package = None if package == "all" else package
+            repository = None if repository == "all" else repository
+            arch = None if arch == "all" else arch

        response = await self.parse_status(project, package, state=state,
                                           repo=repository, arch=arch)