PyPI - secshare-cli - Versions diffs - 0.1.0__py3-none-any.whl - Mend

secshare-cli 0.1.0__py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (9) hide show

secshare_cli/__init__.py +0 -0
secshare_cli/api.py +60 -0
secshare_cli/cli.py +176 -0
secshare_cli/config.py +29 -0
secshare_cli/crypto.py +28 -0
secshare_cli-0.1.0.dist-info/METADATA +15 -0
secshare_cli-0.1.0.dist-info/RECORD +9 -0
secshare_cli-0.1.0.dist-info/WHEEL +4 -0
secshare_cli-0.1.0.dist-info/entry_points.txt +2 -0

secshare_cli/__init__.py ADDED Viewed

File without changes

secshare_cli/api.py ADDED Viewed

@@ -0,0 +1,60 @@
+import httpx
+from .config import get_token, get_api_base
+TIMEOUT = 15
+def _headers(auth: bool = False) -> dict:
+    h = {"Content-Type": "application/json"}
+    if auth:
+        token = get_token()
+        if token:
+            h["Authorization"] = f"Bearer {token}"
+    return h
+def login(email: str, password: str) -> dict:
+    r = httpx.post(
+        f"{get_api_base()}/auth/login",
+        json={"email": email, "password": password, "turnstile_token": ""},
+        timeout=TIMEOUT,
+    )
+    r.raise_for_status()
+    return r.json()
+def whoami() -> dict:
+    r = httpx.get(f"{get_api_base()}/auth/me", headers=_headers(auth=True), timeout=TIMEOUT)
+    r.raise_for_status()
+    return r.json()
+def create_secret(encrypted_content: str, iv: str, max_views: int, expires_in_hours: int) -> dict:
+    r = httpx.post(
+        f"{get_api_base()}/secrets",
+        json={
+            "encrypted_content": encrypted_content,
+            "iv": iv,
+            "max_views": max_views,
+            "expires_in_hours": expires_in_hours,
+        },
+        headers=_headers(auth=True),
+        timeout=TIMEOUT,
+    )
+    if r.status_code == 401:
+        raise RuntimeError("Session expired — run: secshare login")
+    if r.status_code == 403:
+        detail = r.json().get("detail", "Forbidden")
+        raise RuntimeError(detail)
+    r.raise_for_status()
+    return r.json()
+def fetch_secret(secret_id: str) -> dict:
+    r = httpx.get(f"{get_api_base()}/secrets/{secret_id}", timeout=TIMEOUT)
+    if r.status_code == 404:
+        raise RuntimeError("Secret not found.")
+    if r.status_code == 410:
+        raise RuntimeError("Secret has expired or already been viewed.")
+    r.raise_for_status()
+    return r.json()

secshare_cli/cli.py ADDED Viewed

@@ -0,0 +1,176 @@
+import json
+import sys
+from urllib.parse import urlparse
+import click
+from .api import create_secret, fetch_secret
+from .api import login as api_login
+from .api import whoami as api_whoami
+from .config import get_token, get_api_base, load as load_config, save as save_config
+from .crypto import decrypt, encrypt
+def _parse_link(link: str) -> tuple[str, str]:
+    """Return (secret_id, key_fragment) from a SecShare URL."""
+    if "#" not in link:
+        raise click.ClickException("Invalid link — missing key fragment after #.")
+    url_part, hash_part = link.split("#", 1)
+    key_fragment = hash_part[4:] if hash_part.startswith("key=") else hash_part
+    if not key_fragment:
+        raise click.ClickException("Invalid link — key fragment is empty.")
+    path = urlparse(url_part).path.strip("/").split("/")
+    try:
+        idx = path.index("s")
+        secret_id = path[idx + 1]
+    except (ValueError, IndexError):
+        raise click.ClickException("Invalid link — could not extract secret ID.")
+    return secret_id, key_fragment
+def _parse_expiry(expiry: str) -> int:
+    """Parse '24h', '7d', '1w' → hours."""
+    s = expiry.lower().strip()
+    try:
+        if s.endswith("w"):
+            return int(s[:-1]) * 24 * 7
+        if s.endswith("d"):
+            return int(s[:-1]) * 24
+        if s.endswith("h"):
+            return int(s[:-1])
+    except ValueError:
+        pass
+    raise click.ClickException(f"Invalid expiry '{expiry}'. Use e.g. 1h, 24h, 7d, 2w.")
+@click.group()
+@click.version_option(package_name="secshare-cli")
+def cli():
+    """SecShare — zero-knowledge secret sharing from your terminal.
+    \b
+    Quick start:
+      secshare login
+      secshare create .env --expires 24h
+      secshare get https://secshare.link/s/abc123#KEY
+    \b
+    Inject .env secrets directly into your shell:
+      eval "$(secshare get <link>)"
+    """
+@cli.command()
+def login():
+    """Authenticate with SecShare."""
+    email = click.prompt("Email")
+    password = click.prompt("Password", hide_input=True)
+    try:
+        data = api_login(email, password)
+    except Exception as e:
+        raise click.ClickException(f"Login failed: {e}")
+    cfg = load_config()
+    cfg["token"] = data["access_token"]
+    cfg["email"] = email
+    save_config(cfg)
+    click.echo(f"Logged in as {email}")
+@cli.command()
+def logout():
+    """Clear stored credentials."""
+    cfg = load_config()
+    cfg.pop("token", None)
+    cfg.pop("email", None)
+    save_config(cfg)
+    click.echo("Logged out.")
+@cli.command()
+def whoami():
+    """Show the currently authenticated user."""
+    if not get_token():
+        raise click.ClickException("Not logged in. Run: secshare login")
+    try:
+        data = api_whoami()
+        click.echo(f"{data['email']}  ({data.get('plan', 'FREE')})")
+    except Exception as e:
+        raise click.ClickException(str(e))
+@cli.command()
+@click.argument("link")
+def get(link):
+    """Fetch and decrypt a secret.
+    \b
+    Examples:
+      secshare get https://secshare.link/s/abc123#KEY
+      eval "$(secshare get https://secshare.link/s/abc123#KEY)"
+    """
+    try:
+        secret_id, key_fragment = _parse_link(link)
+        data = fetch_secret(secret_id)
+        plaintext = decrypt(data["encrypted_content"], data["iv"], key_fragment)
+    except click.ClickException:
+        raise
+    except Exception as e:
+        raise click.ClickException(str(e))
+    # .env payload — output KEY=VALUE lines
+    try:
+        parsed = json.loads(plaintext)
+        if isinstance(parsed, dict) and parsed.get("__secshare_type") == "env":
+            click.echo(parsed["content"], nl=False)
+            return
+    except (json.JSONDecodeError, AttributeError):
+        pass
+    click.echo(plaintext, nl=False)
+@cli.command()
+@click.argument("file", required=False, type=click.Path(exists=True, readable=True))
+@click.option("--secret", is_flag=True, help="Enter a plaintext secret interactively.")
+@click.option("--views", default=1, show_default=True, metavar="N", help="Max views before self-destruct.")
+@click.option("--expires", default="24h", show_default=True, metavar="DURATION", help="Expiry: 1h, 24h, 7d, 2w.")
+def create(file, secret, views, expires):
+    """Encrypt and upload a secret or .env file.
+    \b
+    Examples:
+      secshare create .env
+      secshare create .env --views 3 --expires 7d
+      secshare create --secret
+      secshare create --secret --expires 1h
+    """
+    if not get_token():
+        raise click.ClickException("Not logged in. Run: secshare login")
+    if secret and file:
+        raise click.ClickException("Use either FILE or --secret, not both.")
+    if not secret and not file:
+        raise click.ClickException("Provide a FILE or use --secret for interactive input.")
+    expires_hours = _parse_expiry(expires)
+    if secret:
+        plaintext = click.prompt("Secret", hide_input=True, prompt_suffix="\n> ")
+        payload = plaintext
+    else:
+        content = open(file).read()
+        payload = json.dumps({"__secshare_type": "env", "content": content})
+    try:
+        enc_content, iv, key_fragment = encrypt(payload)
+        data = create_secret(enc_content, iv, max_views=views, expires_in_hours=expires_hours)
+    except Exception as e:
+        raise click.ClickException(str(e))
+    api_host = get_api_base().replace("/api/v1", "").replace("api.", "")
+    url = f"{api_host}/s/{data['id']}#{key_fragment}"
+    click.echo(url)
+def main():
+    cli()

secshare_cli/config.py ADDED Viewed

@@ -0,0 +1,29 @@
+import json
+from pathlib import Path
+CONFIG_DIR = Path.home() / ".secshare"
+CONFIG_FILE = CONFIG_DIR / "config"
+DEFAULT_API = "https://api.secshare.link/api/v1"
+def load() -> dict:
+    if CONFIG_FILE.exists():
+        try:
+            return json.loads(CONFIG_FILE.read_text())
+        except Exception:
+            return {}
+    return {}
+def save(data: dict) -> None:
+    CONFIG_DIR.mkdir(exist_ok=True)
+    CONFIG_FILE.write_text(json.dumps(data, indent=2))
+    CONFIG_FILE.chmod(0o600)
+def get_token() -> str | None:
+    return load().get("token")
+def get_api_base() -> str:
+    return load().get("api_base", DEFAULT_API)

secshare_cli/crypto.py ADDED Viewed

@@ -0,0 +1,28 @@
+import os
+import base64
+from cryptography.hazmat.primitives.ciphers.aead import AESGCM
+def encrypt(plaintext: str) -> tuple[str, str, str]:
+    """AES-256-GCM encrypt — matches browser encryptSecret()."""
+    key_bytes = os.urandom(32)
+    iv_bytes = os.urandom(12)
+    ciphertext = AESGCM(key_bytes).encrypt(iv_bytes, plaintext.encode("utf-8"), None)
+    return (
+        base64.b64encode(ciphertext).decode(),
+        base64.b64encode(iv_bytes).decode(),
+        base64.urlsafe_b64encode(key_bytes).decode().rstrip("="),
+    )
+def decrypt(encrypted_content: str, iv: str, key_fragment: str) -> str:
+    """AES-256-GCM decrypt — matches browser decryptSecret()."""
+    pad = len(key_fragment) % 4
+    if pad:
+        key_fragment += "=" * (4 - pad)
+    key_bytes = base64.urlsafe_b64decode(key_fragment)
+    return AESGCM(key_bytes).decrypt(
+        base64.b64decode(iv),
+        base64.b64decode(encrypted_content),
+        None,
+    ).decode("utf-8")

secshare_cli-0.1.0.dist-info/METADATA ADDED Viewed

@@ -0,0 +1,15 @@
+Metadata-Version: 2.4
+Name: secshare-cli
+Version: 0.1.0
+Summary: CLI for SecShare — zero-knowledge secret sharing
+Project-URL: Homepage, https://secshare.link
+Project-URL: Source, https://github.com/rdney/secshare
+License: MIT
+Keywords: cli,encryption,secrets,security
+Classifier: License :: OSI Approved :: MIT License
+Classifier: Programming Language :: Python :: 3
+Classifier: Topic :: Security :: Cryptography
+Requires-Python: >=3.11
+Requires-Dist: click>=8.1
+Requires-Dist: cryptography>=44.0
+Requires-Dist: httpx>=0.27

secshare_cli-0.1.0.dist-info/RECORD ADDED Viewed

@@ -0,0 +1,9 @@
+secshare_cli/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
+secshare_cli/api.py,sha256=XyenBDexujmGttSToIGMLJUs9PuN7v6duaX-b7SQ0hs,1722
+secshare_cli/cli.py,sha256=MqlZbzpp-ncuv_XX-xc9MNJtyvnGFVShYHAxQnaLVGk,5465
+secshare_cli/config.py,sha256=M7WidT7GDvIXQJ1jVDxqy2P_vOo0TNwiqV9u0VT8Ul0,635
+secshare_cli/crypto.py,sha256=MWi5S0w5rbDr_u1qSeUuS51MCvcw8t_DzkLEsR8HtTU,962
+secshare_cli-0.1.0.dist-info/METADATA,sha256=4Dm6mWM5Jkxwas43DdXNhQcnLKfKkyALete1G-nF7OA,527
+secshare_cli-0.1.0.dist-info/WHEEL,sha256=mffPy8wBnZQn2VnJUU5jE99KsxaSfiyMHV9Yt0aLVxs,87
+secshare_cli-0.1.0.dist-info/entry_points.txt,sha256=f8lNSexn8tt_Byvt2uhQqrSbBvIVVx-SPvb1jsTpgNM,51
+secshare_cli-0.1.0.dist-info/RECORD,,

secshare_cli-0.1.0.dist-info/WHEEL ADDED Viewed

@@ -0,0 +1,4 @@
+Wheel-Version: 1.0
+Generator: hatchling 1.30.1
+Root-Is-Purelib: true
+Tag: py3-none-any

secshare_cli-0.1.0.dist-info/entry_points.txt ADDED Viewed

	@@ -0,0 +1,2 @@
1	+ [console_scripts]
2	+ secshare = secshare_cli.cli:main