onetime-up 0.6.2 → 0.8.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 829b100c0882cdb8e5f797d27d0f9e52e576cd20f20235f7836532f3872b74ea
-  data.tar.gz: 9df7bd8e315d3fe6339619016b1b03c0450bbfb9c6a83644f1ce9bcf77e77fd6
+  metadata.gz: 4c1dc14a9677195dcc44ddb5f2f0ab15a310c2289a143d97aa2097d62e4f056f
+  data.tar.gz: ebb13a2e7050fffc000a18befa1d7ef456151a23f30d9dcc0d75b5ce084e20b6
 SHA512:
-  metadata.gz: 905c34dd750efb26e2d3af6314d22b30d8a101885a9eef965d730a2c71849b80b54e6ddf6bad8f952c1de8a4a822b1df0f26667dc7b4cc883fec0efe25221d6d
-  data.tar.gz: 53e8f305c78a4a79a539adb359508078835ae83f96156f8c9abd503ff7adce81d758411d86efffb30833eae46588ff5e8d6937dd316892020bc5291712d60f44
+  metadata.gz: 021a70dcfccc65e85f3510c02e620b351302275db33989571edb809af2956e359cbdfdf0254dd2128631c7c2751c2243b9663a97f1ee9443903cc6307ce252df
+  data.tar.gz: 44786b8cd1a188dd8fefa88766083da6fbb000de5d44465e66ed00832dc1334b3dab2e831b7bc065395a2a1fc138745fdeef0277d9f75353b78a7ca269b6cb16

data/README.md

@@ -1,6 +1,13 @@
 # Onetime-up
 
-Fork of the Ruby program [`One-Time Secret`](https://github.com/onetimesecret/onetime-ruby), using the API v2.
+Fork of the Ruby program [`One-Time Secret`](https://github.com/onetimesecret/onetime-ruby), using the API v2, with the following improvements:
+
+- CLI built on Ruby stdlib — no third-party CLI dependency (the upstream `drydock` requirement has been removed)
+- Uses the API v2 (response shapes updated accordingly)
+- `share` accepts a positional file path (e.g. `onetime share /path/to/file`) in addition to stdin redirection
+- `generate` rejects misuse (extra positional args, piped stdin) with a clear hint pointing at `onetime share`
+- Default API host is `https://eu.onetimesecret.com/api`
+- The `metadata` command is renamed `receipt` for consistency with the API
 
 ## Basic usage
 
@@ -8,12 +15,10 @@ Share a secret:
 
 ```sh
 echo "secret text" | onetime share
-```
-
-Share a secret protected by a passphrase:
-
-```sh
+# Share a secret protected by a passphrase:
 echo "secret text" | onetime share -p "shared-passphrase"
+# Share the contents of a local file:
+onetime share /path/to/file
 ```
 
 Retrieve a secret:
@@ -42,3 +47,5 @@ The command `metadata` has been renamed `receipt` for consistency with the API.
 The default API host is now `https://eu.onetimesecret.com/api`.
 
 The library now uses API v2 response shapes. Programmatic callers should read receipt data from `record.receipt` and secret data from `record.secret` or reveal responses from `record.secret_value`.
+
+The `generate` command now rejects extra positional arguments and piped stdin (previously both were silently ignored). Use `onetime share` to share file contents or piped data.

data/bin/onetime

@@ -3,219 +3,6 @@
 base_path = File.expand_path File.join(File.dirname(__FILE__), '..')
 $:.unshift File.join(base_path, 'lib')
 
-require 'uri'
-require 'onetime/api'
-require 'drydock'
+require 'onetime/cli'
 
-class Onetime::CLI
-  class Definition
-    extend Drydock
-
-    default :share
-
-    global :H, String, "Base URI (e.g. https://onetimesecret.com/api)"
-    global :c, :custid, String, "Customer ID (e.g. you@yourcompany.com)"
-    global :k, :apikey, String, "API key (e.g. 4eb33c6340006d6607c813fc7e707a32f8bf5342)"
-
-    global :r, :recipient, Array, "Email address to deliver the secret link"
-
-    global :f, :format, String, "Output format (json or yaml)"
-    global :j, :json, "Shorthand for -f json"
-    global :y, :yaml, "Shorthand for -f yaml"
-    global :s, :string, "Shorthand for -f string (default)"
-
-    global :D, :debug do
-      OT::API.debug_output STDERR
-    end
-
-    global :V, :version do
-      puts OT::VERSION
-      exit 0
-    end
-
-    before do |obj|
-      OT::API.base_uri obj.global.H if obj.global.H
-      @api = OT::API.new obj.global.custid, obj.global.apikey
-      obj.global.format = 'yaml' if obj.global.yaml
-      obj.global.format = 'json' if obj.global.json
-      obj.global.format = 'string' if obj.global.string
-      obj.global.format = nil if obj.global.format == 'string'
-      if obj.global.format && !['json', 'yaml', 'csv'].member?(obj.global.format)
-        raise RuntimeError, "Unsupported format: #{obj.global.format}"
-      end
-    end
-
-    usage "onetime status"
-    command :status do |obj|
-      @res = @api.get '/status'
-      if @res.nil?
-        raise RuntimeError, 'Could not complete request'
-      elsif @api.response.code != 200
-        raise RuntimeError, OT::API.response_error_message(@res)
-      end
-      case obj.global.format
-      when 'json'
-        puts @res.to_json
-      when 'yaml'
-        puts @res.to_yaml
-      else
-        msg = @api.anonymous ? 'Anonymous' : @api.custid
-        STDERR.puts '# Host: %s' % OT::API.base_uri
-        STDERR.puts '# Account: %s' % msg
-        puts 'Service Status: %s' % @res[:status]
-      end
-    end
-
-    argv :key
-    usage "onetime receipt <KEY>"
-    command :receipt do |obj|
-      raise RuntimeError, "csv not supported" if obj.global.format == 'csv'
-      raise RuntimeError, "Usage: #{$0} receipt <KEY>" unless obj.argv.key
-
-      # Handle case where argv.key might be an array due to drydock parsing
-      receipt_key = Array(obj.argv.key).first.to_s
-
-      @res = @api.get '/receipt/%s' % receipt_key
-      if @res.nil?
-        raise RuntimeError, 'Could not complete request'
-      elsif @api.response.code != 200
-        raise RuntimeError, OT::API.response_error_message(@res)
-      end
-      case obj.global.format
-      when 'json'
-        puts @res.to_json
-      when 'yaml'
-        puts @res.to_yaml
-      else
-        puts @res.to_yaml
-      end
-    end
-
-    option :p, :passphrase, String, "Passphrase to decrypt the secret (only required if one was provided to you)"
-    argv :key
-    usage "onetime secret <KEY>"
-    usage "onetime secret [-p PASSPHRASE] <KEY>"
-    command :secret do |obj|
-      raise RuntimeError, "csv not supported" if obj.global.format == 'csv'
-      raise RuntimeError, "Usage: #{$0} secret <KEY>" unless obj.argv.key
-
-      # Handle case where argv.key might be an array due to drydock parsing
-      secret_key = Array(obj.argv.key).first.to_s
-
-      opts = { continue: true }
-      opts[:passphrase] = obj.option.passphrase if obj.option.passphrase
-      secret_key = OT::API.extract_secret_key(secret_key)
-      @res = @api.post '/secret/%s/reveal' % [secret_key], opts
-      if @res.nil?
-        raise RuntimeError, 'Could not complete request'
-      elsif @api.response.code != 200
-        raise RuntimeError, OT::API.response_error_message(@res)
-      end
-      case obj.global.format
-      when 'json'
-        puts @res.to_json
-      when 'yaml'
-        puts @res.to_yaml
-      else
-        value = @res.dig('record', 'secret_value')
-        puts value if value
-      end
-    end
-    command_alias :secret, :get
-
-    usage "onetime share"
-    usage "onetime share [-t 3600] [-p PASSPHRASE]"
-    usage "echo 'your secret' | onetime share"
-    usage "<path/2/file onetime share"
-    option :t, :ttl, Integer, "Time-to-live in seconds"
-    option :p, :passphrase, String, "Passphrase to encrypt the secret (something only you and recipient know)"
-    option :r, :recipient, Array, "Email address to deliver the secret link"
-    command :share do |obj|
-      recipients = [obj.option.recipient, obj.global.recipient].flatten.compact.uniq
-      begin
-        if Kernel.select [$stdin], nil, nil, 0
-          secret_value = STDIN.read
-        else
-          STDERR.puts "Paste message here (hit control-D to continue):"
-          secret_value = ARGF.read
-          STDERR.puts # new line to let the person know we got it.
-        end
-      rescue Interrupt => ex
-        puts "Exiting..."
-        exit 0
-      end
-      raise RuntimeError, "No secret provided" if secret_value.chomp.empty?
-      opts = { :secret => secret_value, :ttl => obj.option.ttl, :recipient => recipients }
-      opts[:passphrase] = obj.option.passphrase if obj.option.passphrase
-      @res = @api.post '/secret/conceal', opts
-      if @res.nil?
-        raise RuntimeError, 'Could not complete request'
-      elsif @api.response.code != 200
-        raise RuntimeError, OT::API.response_error_message(@res)
-      end
-      secret_key = OT::API.secret_key_from_response(@res)
-      raise RuntimeError, 'Unexpected response: missing record.secret.key' unless secret_key
-      uri = OT::API.web_uri('secret', secret_key)
-      case obj.global.format
-      when 'json'
-        puts @res.to_json
-      when 'yaml'
-        puts @res.to_yaml
-      else
-        recipients = OT::API.recipients_from_response(@res)
-        if !recipients.empty?
-          STDERR.puts '# Secret link sent to: %s' % recipients.join(',')
-        else
-          puts uri
-        end
-      end
-    end
-
-    usage "onetime generate"
-    usage "onetime generate [-t 3600] [-p PASSPHRASE]"
-    option :t, :ttl, Integer, "Time-to-live in seconds"
-    option :p, :passphrase, String, "Passphrase to encrypt the secret (something only you and recipient know)"
-    option :r, :recipient, Array, "Email address to deliver the secret link"
-    command :generate do |obj|
-      recipients = [obj.option.recipient, obj.global.recipient].flatten.compact.uniq
-      opts = { :ttl => obj.option.ttl, :recipient => recipients }
-      opts[:passphrase] = obj.option.passphrase if obj.option.passphrase
-      @res = @api.post '/secret/generate', opts
-      if @res.nil?
-        raise RuntimeError, 'Could not complete request'
-      elsif @api.response.code != 200
-        raise RuntimeError, OT::API.response_error_message(@res)
-      end
-      secret_key = OT::API.secret_key_from_response(@res)
-      raise RuntimeError, 'Unexpected response: missing record.secret.key' unless secret_key
-      uri = OT::API.web_uri('secret', secret_key)
-      case obj.global.format
-      when 'json'
-        puts @res.to_json
-      when 'yaml'
-        puts @res.to_yaml
-      when 'csv'
-        puts uri
-      else
-        recipients = OT::API.recipients_from_response(@res)
-        if !recipients.empty?
-          STDERR.puts '# Secret link sent to: %s' % recipients.join(',')
-        else
-          puts uri
-        end
-      end
-    end
-
-  end
-end
-
-begin
-  Drydock.run! ARGV, STDIN
-rescue RuntimeError => ex
-  STDERR.puts ex.message
-  exit 1
-rescue => ex
-  puts ex.message
-  puts ex.backtrace
-  exit 1
-end
+exit Onetime::CLI.run(ARGV)

data/lib/onetime/cli/parser.rb

@@ -0,0 +1,134 @@
+require 'optparse'
+
+require_relative '../version'
+
+module Onetime
+  module CLI
+    class Parser
+      class Error < StandardError; end
+
+      DEFAULT_COMMAND = 'share'.freeze
+      KNOWN_COMMANDS = %w[status receipt secret share generate].freeze
+      COMMAND_ALIASES = { 'get' => 'secret' }.freeze
+      VALID_FORMATS = %w[json yaml csv].freeze
+
+      COMMAND_OPTIONS = {
+        'share'    => %i[ttl passphrase recipient].freeze,
+        'generate' => %i[ttl passphrase recipient].freeze,
+        'secret'   => %i[passphrase].freeze,
+        'receipt'  => [].freeze,
+        'status'   => [].freeze,
+      }.freeze
+
+      Result = Struct.new(
+        :command, :argv,
+        :base_uri, :custid, :apikey, :recipients,
+        :format, :debug, :show_version,
+        :ttl, :passphrase,
+        keyword_init: true,
+      )
+
+      def self.parse(argv)
+        new(argv).parse
+      end
+
+      def initialize(argv)
+        @argv = argv.dup
+        @base_uri = nil
+        @custid = nil
+        @apikey = nil
+        @global_recipients = []
+        @command_recipients = []
+        @format = nil
+        @debug = false
+        @show_version = false
+        @ttl = nil
+        @passphrase = nil
+        @yaml_flag = false
+        @json_flag = false
+        @string_flag = false
+      end
+
+      def parse
+        global_option_parser.order!(@argv)
+        command, rest = extract_command
+        if command
+          command_option_parser(command).order!(rest)
+        end
+        apply_format_precedence!
+        normalize_format!
+        Result.new(
+          command: command,
+          argv: rest,
+          base_uri: @base_uri,
+          custid: @custid,
+          apikey: @apikey,
+          recipients: (@command_recipients + @global_recipients).uniq,
+          format: @format,
+          debug: @debug,
+          show_version: @show_version,
+          ttl: @ttl,
+          passphrase: @passphrase,
+        )
+      rescue OptionParser::ParseError => e
+        raise Error, e.message
+      end
+
+      private
+
+      def global_option_parser
+        OptionParser.new do |opts|
+          opts.on('-H BASE_URI', String) { |v| @base_uri = v }
+          opts.on('-c CUSTID', '--custid CUSTID', String) { |v| @custid = v }
+          opts.on('-k APIKEY', '--apikey APIKEY', String) { |v| @apikey = v }
+          opts.on('-r RECIPIENT', '--recipient RECIPIENT', Array) { |v| @global_recipients.concat(Array(v)) }
+          opts.on('-f FORMAT', '--format FORMAT', String) { |v| @format = v }
+          opts.on('-j', '--json') { @json_flag = true }
+          opts.on('-y', '--yaml') { @yaml_flag = true }
+          opts.on('-s', '--string') { @string_flag = true }
+          opts.on('-D', '--debug') { @debug = true }
+          opts.on('-V', '--version') { @show_version = true }
+        end
+      end
+
+      def command_option_parser(command)
+        allowed = COMMAND_OPTIONS.fetch(command, [])
+        OptionParser.new do |opts|
+          if allowed.include?(:ttl)
+            opts.on('-t TTL', '--ttl TTL', Integer) { |v| @ttl = v }
+          end
+          if allowed.include?(:passphrase)
+            opts.on('-p PASSPHRASE', '--passphrase PASSPHRASE', String) { |v| @passphrase = v }
+          end
+          if allowed.include?(:recipient)
+            opts.on('-r RECIPIENT', '--recipient RECIPIENT', Array) { |v| @command_recipients.concat(Array(v)) }
+          end
+        end
+      end
+
+      def apply_format_precedence!
+        @format = 'yaml' if @yaml_flag
+        @format = 'json' if @json_flag
+        @format = 'string' if @string_flag
+      end
+
+      def normalize_format!
+        @format = nil if @format == 'string'
+        return if @format.nil?
+        return if VALID_FORMATS.include?(@format)
+        raise Error, "Unsupported format: #{@format}"
+      end
+
+      def extract_command
+        return [nil, []] if @show_version
+
+        raw = @argv.shift || DEFAULT_COMMAND
+        canonical = COMMAND_ALIASES.fetch(raw, raw)
+        unless KNOWN_COMMANDS.include?(canonical)
+          raise Error, "unknown command: #{raw}"
+        end
+        [canonical, @argv]
+      end
+    end
+  end
+end

data/lib/onetime/cli/runner.rb

@@ -0,0 +1,210 @@
+require 'json'
+require 'yaml'
+
+require_relative '../api'
+require_relative '../version'
+
+module Onetime
+  module CLI
+    class Runner
+      class Error < StandardError; end
+
+      PROGRAM_NAME = 'onetime'.freeze
+
+      def initialize(parsed, stdin: $stdin, stdout: $stdout, stderr: $stderr)
+        @parsed = parsed
+        @stdin = stdin
+        @stdout = stdout
+        @stderr = stderr
+      end
+
+      def run
+        return print_version if @parsed.show_version
+
+        configure_api!
+        case @parsed.command
+        when 'status'   then run_status
+        when 'receipt'  then run_receipt
+        when 'secret'   then run_secret
+        when 'share'    then run_share
+        when 'generate' then run_generate
+        else
+          raise Error, "unhandled command: #{@parsed.command.inspect}"
+        end
+      end
+
+      private
+
+      def print_version
+        @stdout.puts Onetime::VERSION
+        0
+      end
+
+      def configure_api!
+        OT::API.base_uri @parsed.base_uri if @parsed.base_uri
+        OT::API.debug_output @stderr if @parsed.debug
+        @api = OT::API.new(@parsed.custid, @parsed.apikey)
+      end
+
+      def run_status
+        res = api_get('/status')
+        case @parsed.format
+        when 'json'
+          @stdout.puts res.to_json
+        when 'yaml'
+          @stdout.puts res.to_yaml
+        else
+          account = @api.anonymous ? 'Anonymous' : @api.custid
+          @stderr.puts '# Host: %s' % OT::API.base_uri
+          @stderr.puts '# Account: %s' % account
+          @stdout.puts 'Service Status: %s' % res[:status]
+        end
+        0
+      end
+
+      def run_receipt
+        raise Error, 'csv not supported' if @parsed.format == 'csv'
+        raise Error, "Usage: #{PROGRAM_NAME} receipt <KEY>" if @parsed.argv.empty?
+
+        key = @parsed.argv.first.to_s
+        res = api_get('/receipt/%s' % key)
+        case @parsed.format
+        when 'json'
+          @stdout.puts res.to_json
+        else
+          @stdout.puts res.to_yaml
+        end
+        0
+      end
+
+      def run_secret
+        raise Error, 'csv not supported' if @parsed.format == 'csv'
+        raise Error, "Usage: #{PROGRAM_NAME} secret <KEY>" if @parsed.argv.empty?
+
+        raw_key = @parsed.argv.first.to_s
+        key = OT::API.extract_secret_key(raw_key)
+        opts = { continue: true }
+        opts[:passphrase] = @parsed.passphrase if @parsed.passphrase
+        res = api_post('/secret/%s/reveal' % key, opts)
+        case @parsed.format
+        when 'json'
+          @stdout.puts res.to_json
+        when 'yaml'
+          @stdout.puts res.to_yaml
+        else
+          value = res.dig('record', 'secret_value')
+          @stdout.puts value if value
+        end
+        0
+      end
+
+      def run_share
+        begin
+          secret_value = read_share_input
+        rescue Interrupt
+          @stdout.puts 'Exiting...'
+          return 0
+        end
+        raise Error, 'No secret provided' if secret_value.chomp.empty?
+
+        opts = { secret: secret_value, ttl: @parsed.ttl, recipient: @parsed.recipients }
+        opts[:passphrase] = @parsed.passphrase if @parsed.passphrase
+        res = api_post('/secret/conceal', opts)
+        emit_share_result(res)
+        0
+      end
+
+      def run_generate
+        unless @parsed.argv.empty?
+          extras = @parsed.argv
+          raise Error, "generate takes no arguments (got: %s). Did you mean: onetime share < %s" % [extras.join(' '), extras.first]
+        end
+        if !@stdin.tty? && !@stdin.eof?
+          raise Error, 'generate does not read stdin. Did you mean: onetime share'
+        end
+        opts = { ttl: @parsed.ttl, recipient: @parsed.recipients }
+        opts[:passphrase] = @parsed.passphrase if @parsed.passphrase
+        res = api_post('/secret/generate', opts)
+        emit_generate_result(res)
+        0
+      end
+
+      def read_share_input
+        if !@parsed.argv.empty?
+          read_argv_inputs(@parsed.argv)
+        elsif !@stdin.tty?
+          @stdin.read
+        else
+          @stderr.puts 'Paste message here (hit control-D to continue):'
+          content = @stdin.read
+          @stderr.puts
+          content
+        end
+      end
+
+      def read_argv_inputs(paths)
+        paths.map { |path| path == '-' ? @stdin.read : File.read(path) }.join
+      end
+
+      def emit_share_result(res)
+        secret_key = OT::API.secret_key_from_response(res)
+        raise Error, 'Unexpected response: missing record.secret.key' unless secret_key
+
+        uri = OT::API.web_uri('secret', secret_key)
+        case @parsed.format
+        when 'json'
+          @stdout.puts res.to_json
+        when 'yaml'
+          @stdout.puts res.to_yaml
+        else
+          recipients = OT::API.recipients_from_response(res)
+          if !recipients.empty?
+            @stderr.puts '# Secret link sent to: %s' % recipients.join(',')
+          else
+            @stdout.puts uri
+          end
+        end
+      end
+
+      def emit_generate_result(res)
+        secret_key = OT::API.secret_key_from_response(res)
+        raise Error, 'Unexpected response: missing record.secret.key' unless secret_key
+
+        uri = OT::API.web_uri('secret', secret_key)
+        case @parsed.format
+        when 'json'
+          @stdout.puts res.to_json
+        when 'yaml'
+          @stdout.puts res.to_yaml
+        when 'csv'
+          @stdout.puts uri
+        else
+          recipients = OT::API.recipients_from_response(res)
+          if !recipients.empty?
+            @stderr.puts '# Secret link sent to: %s' % recipients.join(',')
+          else
+            @stdout.puts uri
+          end
+        end
+      end
+
+      def api_get(path)
+        res = @api.get(path)
+        check_response!(res)
+        res
+      end
+
+      def api_post(path, params)
+        res = @api.post(path, params)
+        check_response!(res)
+        res
+      end
+
+      def check_response!(res)
+        raise Error, 'Could not complete request' if res.nil?
+        return if @api.response.code == 200
+        raise Error, OT::API.response_error_message(res)
+      end
+    end
+  end
+end

data/lib/onetime/cli.rb

@@ -0,0 +1,20 @@
+require_relative 'api'
+require_relative 'version'
+require_relative 'cli/parser'
+require_relative 'cli/runner'
+
+module Onetime
+  module CLI
+    def self.run(argv, stdin: $stdin, stdout: $stdout, stderr: $stderr)
+      parsed = Parser.parse(argv)
+      Runner.new(parsed, stdin: stdin, stdout: stdout, stderr: stderr).run
+    rescue Parser::Error, Runner::Error, RuntimeError => e
+      stderr.puts e.message
+      1
+    rescue StandardError => e
+      stdout.puts e.message
+      stdout.puts e.backtrace
+      1
+    end
+  end
+end

data/lib/onetime/version.rb

@@ -1,3 +1,3 @@
 module Onetime
-  VERSION = "0.6.2"
+  VERSION = "0.8.0"
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: onetime-up
 version: !ruby/object:Gem::Version
-  version: 0.6.2
+  version: 0.8.0
 platform: ruby
 authors:
 - Delano Mandelbaum
@@ -10,20 +10,6 @@ bindir: bin
 cert_chain: []
 date: 2026-05-13 00:00:00.000000000 Z
 dependencies:
-- !ruby/object:Gem::Dependency
-  name: drydock
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: 1.0.0
-  type: :runtime
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: 1.0.0
 - !ruby/object:Gem::Dependency
   name: httparty
   requirement: !ruby/object:Gem::Requirement
@@ -82,6 +68,9 @@ files:
 - README.md
 - bin/onetime
 - lib/onetime/api.rb
+- lib/onetime/cli.rb
+- lib/onetime/cli/parser.rb
+- lib/onetime/cli/runner.rb
 - lib/onetime/version.rb
 homepage: https://github.com/onetimesecret/onetime-ruby-up
 licenses:
@@ -102,7 +91,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: 2.0.0
 requirements: []
-rubygems_version: 4.0.7
+rubygems_version: 4.0.9
 specification_version: 4
 summary: Command-line tool and library for onetimesecret.com API (API v2)
 test_files: []