cdx-manager 0.3.3 → 0.4.0

package/src/backup_bundle.py

@@ -0,0 +1,134 @@
+import base64
+import hashlib
+import hmac
+import json
+import os
+from datetime import datetime, timezone
+
+from .errors import CdxError
+
+
+BUNDLE_SCHEMA_VERSION = 1
+_SALT_BYTES = 16
+_NONCE_BYTES = 16
+_SCRYPT_N = 2 ** 14
+_SCRYPT_R = 8
+_SCRYPT_P = 1
+_PBKDF2_ITERATIONS = 200000
+
+
+def _now_iso():
+    return datetime.now(timezone.utc).astimezone().isoformat()
+
+
+def _b64_encode(data):
+    return base64.b64encode(data).decode("ascii")
+
+
+def _b64_decode(data):
+    try:
+        return base64.b64decode(data.encode("ascii"))
+    except (AttributeError, ValueError, UnicodeEncodeError) as error:
+        raise CdxError("Bundle contains invalid base64 data.") from error
+
+
+def read_bundle_meta(data):
+    try:
+        wrapper = json.loads(data.decode("utf-8"))
+    except (UnicodeDecodeError, json.JSONDecodeError) as error:
+        raise CdxError("Invalid bundle format.") from error
+
+    if wrapper.get("schema_version") != BUNDLE_SCHEMA_VERSION:
+        raise CdxError("Unsupported bundle schema version.")
+    return wrapper
+
+
+def _derive_keys(passphrase, salt):
+    if not passphrase:
+        raise CdxError("A non-empty passphrase is required for bundles that include auth data.")
+    if isinstance(passphrase, str):
+        passphrase = passphrase.encode("utf-8")
+    if hasattr(hashlib, "scrypt"):
+        key_material = hashlib.scrypt(
+            passphrase,
+            salt=salt,
+            n=_SCRYPT_N,
+            r=_SCRYPT_R,
+            p=_SCRYPT_P,
+            dklen=64,
+        )
+    else:
+        key_material = hashlib.pbkdf2_hmac(
+            "sha256",
+            passphrase,
+            salt,
+            _PBKDF2_ITERATIONS,
+            dklen=64,
+        )
+    return key_material[:32], key_material[32:]
+
+
+def _xor_keystream(data, key, nonce):
+    output = bytearray()
+    counter = 0
+    while len(output) < len(data):
+        block = hashlib.sha256(key + nonce + counter.to_bytes(8, "big")).digest()
+        output.extend(block)
+        counter += 1
+    return bytes(a ^ b for a, b in zip(data, output[:len(data)]))
+
+
+def encode_bundle(payload, include_auth=False, passphrase=None):
+    payload_bytes = json.dumps(payload, indent=2, sort_keys=True).encode("utf-8")
+    wrapper = {
+        "schema_version": BUNDLE_SCHEMA_VERSION,
+        "bundle_version": 1,
+        "created_at": _now_iso(),
+        "include_auth": bool(include_auth),
+        "encrypted": bool(include_auth),
+        "session_names": [item["name"] for item in payload.get("sessions", [])],
+    }
+    if include_auth:
+        salt = os.urandom(_SALT_BYTES)
+        nonce = os.urandom(_NONCE_BYTES)
+        enc_key, mac_key = _derive_keys(passphrase, salt)
+        ciphertext = _xor_keystream(payload_bytes, enc_key, nonce)
+        mac = hmac.new(mac_key, nonce + ciphertext, hashlib.sha256).digest()
+        wrapper.update({
+            "salt": _b64_encode(salt),
+            "nonce": _b64_encode(nonce),
+            "hmac_sha256": _b64_encode(mac),
+            "payload": _b64_encode(ciphertext),
+        })
+    else:
+        wrapper["payload"] = _b64_encode(payload_bytes)
+    return json.dumps(wrapper, indent=2).encode("utf-8")
+
+
+def decode_bundle(data, passphrase=None):
+    wrapper = read_bundle_meta(data)
+
+    encrypted = bool(wrapper.get("encrypted"))
+    payload_b64 = wrapper.get("payload")
+    if not isinstance(payload_b64, str):
+        raise CdxError("Bundle payload is missing.")
+
+    if encrypted:
+        salt = _b64_decode(wrapper.get("salt", ""))
+        nonce = _b64_decode(wrapper.get("nonce", ""))
+        expected_mac = _b64_decode(wrapper.get("hmac_sha256", ""))
+        ciphertext = _b64_decode(payload_b64)
+        enc_key, mac_key = _derive_keys(passphrase, salt)
+        actual_mac = hmac.new(mac_key, nonce + ciphertext, hashlib.sha256).digest()
+        if not hmac.compare_digest(actual_mac, expected_mac):
+            raise CdxError("Invalid bundle passphrase or corrupted bundle.")
+        payload_bytes = _xor_keystream(ciphertext, enc_key, nonce)
+    else:
+        payload_bytes = _b64_decode(payload_b64)
+
+    try:
+        payload = json.loads(payload_bytes.decode("utf-8"))
+    except (UnicodeDecodeError, json.JSONDecodeError) as error:
+        raise CdxError("Bundle payload is corrupt.") from error
+
+    return {"meta": wrapper, "payload": payload}

package/src/cli.py

@@ -1,14 +1,18 @@
 #!/usr/bin/env python3
 
+import json
 import os
 import sys
 
 from .cli_commands import (
+    API_SCHEMA_VERSION,
     STATUS_USAGE,
     handle_add,
     handle_clean,
     handle_copy,
     handle_doctor,
+    handle_export,
+    handle_import,
     handle_launch,
     handle_login,
     handle_logout,
@@ -38,8 +42,9 @@ from .status_view import (
     _format_status_detail,
     _format_status_rows,
 )
+from .update_check import check_for_update
 
-VERSION = "0.3.3"
+VERSION = "0.4.0"
 
 
 # ---------------------------------------------------------------------------
@@ -52,21 +57,24 @@ def _print_help(use_color=False):
         "",
         _style("Usage:", "1", use_color),
         f"  {_style('cdx', '36', use_color)}",
+        f"  {_style('cdx --json', '36', use_color)}",
         f"  {_style('cdx status [--json] [--refresh]', '36', use_color)}",
         f"  {_style('cdx status --small|-s [--refresh]', '36', use_color)}",
         f"  {_style('cdx status <name> [--json] [--refresh]', '36', use_color)}",
-        f"  {_style('cdx add [provider] <name>', '36', use_color)}",
-        f"  {_style('cdx cp <source> <dest>', '36', use_color)}",
-        f"  {_style('cdx ren <source> <dest>', '36', use_color)}",
-        f"  {_style('cdx login <name>', '36', use_color)}",
-        f"  {_style('cdx logout <name>', '36', use_color)}",
-        f"  {_style('cdx rmv <name> [--force]', '36', use_color)}",
-        f"  {_style('cdx clean [name]', '36', use_color)}",
+        f"  {_style('cdx add [provider] <name> [--json]', '36', use_color)}",
+        f"  {_style('cdx cp <source> <dest> [--json]', '36', use_color)}",
+        f"  {_style('cdx ren <source> <dest> [--json]', '36', use_color)}",
+        f"  {_style('cdx login <name> [--json]', '36', use_color)}",
+        f"  {_style('cdx logout <name> [--json]', '36', use_color)}",
+        f"  {_style('cdx rmv <name> [--force] [--json]', '36', use_color)}",
+        f"  {_style('cdx clean [name] [--json]', '36', use_color)}",
+        f"  {_style('cdx export <file> [--include-auth] [--sessions a,b] [--passphrase-env VAR] [--force] [--json]', '36', use_color)}",
+        f"  {_style('cdx import <file> [--sessions a,b] [--passphrase-env VAR] [--force] [--json]', '36', use_color)}",
         f"  {_style('cdx doctor [--json]', '36', use_color)}",
         f"  {_style('cdx repair [--dry-run] [--force] [--json]', '36', use_color)}",
-        f"  {_style('cdx notify <name> --at-reset', '36', use_color)}",
-        f"  {_style('cdx notify --next-ready', '36', use_color)}",
-        f"  {_style('cdx <name>', '36', use_color)}",
+        f"  {_style('cdx notify <name> --at-reset [--json]', '36', use_color)}",
+        f"  {_style('cdx notify --next-ready [--json]', '36', use_color)}",
+        f"  {_style('cdx <name> [--json]', '36', use_color)}",
         f"  {_style('cdx --help', '36', use_color)}",
         f"  {_style('cdx --version', '36', use_color)}",
     ])
@@ -76,6 +84,63 @@ def _print_version():
     return VERSION
 
 
+def wants_json(argv):
+    return "--json" in argv
+
+
+def format_json_error(error):
+    message = str(error)
+    code = "cdx_error"
+    if message.startswith("Usage:"):
+        code = "invalid_usage"
+    elif message.startswith("Unknown session:"):
+        code = "unknown_session"
+    elif message.startswith("Unknown command:"):
+        code = "unknown_command"
+    elif message.startswith("Session already exists:"):
+        code = "session_exists"
+    elif "requires an interactive terminal" in message or "requires confirmation" in message:
+        code = "interactive_terminal_required"
+    return json.dumps({
+        "schema_version": API_SCHEMA_VERSION,
+        "ok": False,
+        "error": {
+            "code": code,
+            "message": message,
+            "exit_code": error.exit_code,
+        },
+    }, indent=2)
+
+
+def _get_update_notice(service, env, options):
+    checker = options.get("checkForUpdate") or check_for_update
+    return checker(
+        service["base_dir"],
+        VERSION,
+        env=env,
+        now_fn=options.get("now"),
+    )
+
+
+def _update_warning_payload(notice):
+    if not notice:
+        return []
+    message = f"Update available: cdx-manager {notice['latest_version']} (current {VERSION})"
+    return [{
+        "code": "update_available",
+        "message": message,
+        "latest_version": notice["latest_version"],
+        "url": notice.get("url"),
+    }]
+
+
+def _update_warning_text(notice):
+    if not notice:
+        return None
+    suffix = f" {notice['url']}" if notice.get("url") else ""
+    return f"Update available: cdx-manager {notice['latest_version']} (current {VERSION}).{suffix}"
+
+
 # ---------------------------------------------------------------------------
 # main()
 # ---------------------------------------------------------------------------
@@ -114,14 +179,24 @@ def main(argv, options=None):
         out(f"{_print_version()}\n")
         return 0
 
+    if argv == ["--json"]:
+        rows = service["format_list_rows"]()
+        notice = _get_update_notice(service, env, options)
+        out(f"{json.dumps(_list_json_payload(rows, notice=notice), indent=2)}\n")
+        return 0
+
     if not argv:
+        notice = _get_update_notice(service, env, options)
         out(f"{_format_sessions(service, use_color=use_color)}\n")
+        if notice:
+            out(f"{_style(_update_warning_text(notice), '33', use_color)}\n")
         return 0
 
     command, *rest = argv
     ctx = {
         "env": env,
         "options": options,
+        "raw_args": argv,
         "err": err,
         "out": out,
         "refresh_fn": refresh_fn,
@@ -130,6 +205,9 @@ def main(argv, options=None):
         "spawn": spawn,
         "spawn_sync": spawn_sync,
         "stdin_is_tty": stdin_is_tty,
+        "update_notice": _get_update_notice(service, env, options) if command not in (
+            "add", "cp", "ren", "rename", "mv", "rmv", "clean", "doctor", "repair", "notify", "status", "login", "logout", "export", "import", "help", "version"
+        ) else None,
         "use_color": use_color,
     }
 
@@ -148,6 +226,12 @@ def main(argv, options=None):
     if command == "clean":
         return handle_clean(rest, ctx)
 
+    if command == "export":
+        return handle_export(rest, ctx)
+
+    if command == "import":
+        return handle_import(rest, ctx)
+
     if command == "doctor":
         return handle_doctor(rest, ctx)
 
@@ -174,12 +258,23 @@ def main(argv, options=None):
         out(f"{_print_version()}\n")
         return 0
 
-    if not rest:
+    if not rest or rest == ["--json"]:
         return handle_launch(command, ctx)
 
     raise CdxError(f"Unknown command: {command}. Use cdx --help.")
 
 
+def _list_json_payload(rows, notice=None):
+    return {
+        "schema_version": API_SCHEMA_VERSION,
+        "ok": True,
+        "action": "list",
+        "message": "Listed known sessions",
+        "warnings": _update_warning_payload(notice),
+        "sessions": rows,
+    }
+
+
 def _enable_windows_ansi():
     if sys.platform != "win32":
         return
@@ -212,7 +307,10 @@ def cli_entry():
     try:
         raise SystemExit(main(sys.argv[1:]))
     except CdxError as error:
-        sys.stderr.write(f"{format_error(error)}\n")
+        if wants_json(sys.argv[1:]):
+            sys.stderr.write(f"{format_json_error(error)}\n")
+        else:
+            sys.stderr.write(f"{format_error(error)}\n")
         raise SystemExit(error.exit_code)