Wrap up sender UI:

* Add Alpine.JS * Add better encryption standards (not storing keys) * Add routes, pages and controllers
thebugcatcher · Oct 28, 2023 · e57d2c4 · e57d2c4
1 parent 46c2251
commit e57d2c4
Show file tree

Hide file tree

Showing 37 changed files with 574 additions and 375 deletions.
diff --git a/.formatter.exs b/.formatter.exs
@@ -2,5 +2,10 @@
   import_deps: [:ecto, :ecto_sql, :phoenix],
   subdirectories: ["priv/*/migrations"],
   plugins: [Phoenix.LiveView.HTMLFormatter],
-  inputs: ["*.{heex,ex,exs}", "{config,lib,test}/**/*.{heex,ex,exs}", "priv/*/seeds.exs"]
+  inputs: [
+    "*.{heex,ex,exs}",
+    "{config,lib,test}/**/*.{heex,ex,exs}",
+    "priv/*/seeds.exs"
+  ],
+  line_length: 80
 ]
diff --git a/assets/js/app.js b/assets/js/app.js
@@ -1,41 +1,22 @@
-// If you want to use Phoenix channels, run `mix help phx.gen.channel`
-// to get started and then uncomment the line below.
-// import "./user_socket.js"
+import Alpine from "alpinejs";
 
-// You can include dependencies in two ways.
-//
-// The simplest option is to put them in assets/vendor and
-// import them using relative paths:
-//
-//     import "../vendor/some-package.js"
-//
-// Alternatively, you can `npm install some-package --prefix assets` and import
-// them using a path starting with the package name:
-//
-//     import "some-package"
-//
-
-// Include phoenix_html to handle method=PUT/DELETE in forms and buttons.
 import "phoenix_html"
-// Establish Phoenix Socket and LiveView configuration.
 import {Socket} from "phoenix"
 import {LiveSocket} from "phoenix_live_view"
 import topbar from "../vendor/topbar"
 
 let csrfToken = document.querySelector("meta[name='csrf-token']").getAttribute("content")
 let liveSocket = new LiveSocket("/live", Socket, {params: {_csrf_token: csrfToken}})
 
-// Show progress bar on live navigation and form submits
 topbar.config({barColors: {0: "#29d"}, shadowColor: "rgba(0, 0, 0, .3)"})
 window.addEventListener("phx:page-loading-start", _info => topbar.show(300))
 window.addEventListener("phx:page-loading-stop", _info => topbar.hide())
 
-// connect if there are any LiveViews on the page
 liveSocket.connect()
 
-// expose liveSocket on window for web console debug logs and latency simulation:
-// >> liveSocket.enableDebug()
-// >> liveSocket.enableLatencySim(1000)  // enabled for duration of browser session
-// >> liveSocket.disableLatencySim()
 window.liveSocket = liveSocket
 
+// Initializing Alpine JS
+window.Alpine = Alpine;
+Alpine.start();
+
diff --git a/assets/package-lock.json b/assets/package-lock.json
diff --git a/assets/package.json b/assets/package.json
@@ -0,0 +1,19 @@
+{
+  "name": "heimdall",
+  "version": "0.0.1",
+  "description": "",
+  "main": "index.js",
+  "scripts": {
+    "format": "prettier -w . ../priv/**/*.html",
+    "check_formatted": "prettier -c . ../priv/**/*.html"
+  },
+  "keywords": [],
+  "author": "",
+  "license": "ISC",
+  "dependencies": {
+    "alpinejs": "^3.11.1"
+  },
+  "devDependencies": {
+    "prettier": "2.8.4"
+  }
+}
diff --git a/config/dev.exs b/config/dev.exs
@@ -14,9 +14,11 @@ config :heimdall, HeimdallWeb.Endpoint,
   check_origin: false,
   code_reloader: true,
   debug_errors: true,
-  secret_key_base: "sZkCBKihsT/PA+xSnFgEDtXe4bFkQgoSGMa02eCszB0MXfYyfvOwHYG82EpG2CFS",
+  secret_key_base:
+    "sZkCBKihsT/PA+xSnFgEDtXe4bFkQgoSGMa02eCszB0MXfYyfvOwHYG82EpG2CFS",
   watchers: [
-    esbuild: {Esbuild, :install_and_run, [:default, ~w(--sourcemap=inline --watch)]},
+    esbuild:
+      {Esbuild, :install_and_run, [:default, ~w(--sourcemap=inline --watch)]},
     tailwind: {Tailwind, :install_and_run, [:default, ~w(--watch)]}
   ]
 

diff --git a/config/prod.exs b/config/prod.exs
@@ -1,5 +1,6 @@
 import Config
 
-config :heimdall, HeimdallWeb.Endpoint, cache_static_manifest: "priv/static/cache_manifest.json"
+config :heimdall, HeimdallWeb.Endpoint,
+  cache_static_manifest: "priv/static/cache_manifest.json"
 
 config :logger, level: :info
diff --git a/config/runtime.exs b/config/runtime.exs
@@ -12,7 +12,8 @@ if config_env() == :prod do
       For example: ecto://USER:PASS@HOST/DATABASE
       """
 
-  maybe_ipv6 = if System.get_env("ECTO_IPV6") in ~w(true 1), do: [:inet6], else: []
+  maybe_ipv6 =
+    if System.get_env("ECTO_IPV6") in ~w(true 1), do: [:inet6], else: []
 
   config :heimdall, Heimdall.Repo,
     # ssl: true,

diff --git a/config/test.exs b/config/test.exs
@@ -10,7 +10,8 @@ config :heimdall, Heimdall.Repo,
 
 config :heimdall, HeimdallWeb.Endpoint,
   http: [ip: {127, 0, 0, 1}, port: 4002],
-  secret_key_base: "arZhjZ3azvw2rTVcrj3+KdsR0XH0SC5nTA5bye0tZwXG/C1EVwjPfmyCHTEHLoEV",
+  secret_key_base:
+    "arZhjZ3azvw2rTVcrj3+KdsR0XH0SC5nTA5bye0tZwXG/C1EVwjPfmyCHTEHLoEV",
   server: false
 
 # Disable swoosh api client as it is only required for production adapters.
@@ -21,3 +22,5 @@ config :logger, level: :warning
 
 # Initialize plugs at runtime for faster test compilation
 config :phoenix, :plug_init_mode, :runtime
+
+config :heimdall, dev_routes: true
diff --git a/lib/heimdall/data/secret.ex b/lib/heimdall/data/secret.ex
@@ -9,7 +9,7 @@ defmodule Heimdall.Data.Secret do
   @primary_key {:id, :binary_id, autogenerate: true}
   @timestamps_opts [type: :utc_datetime]
 
-  @valid_encryption_algo ~w[
+  @encryption_algos ~w[
     aes_gcm
     plaintext
     rsa
@@ -21,8 +21,11 @@ defmodule Heimdall.Data.Secret do
   schema "secrets" do
     field(:title, :string)
     field(:encrypted_text, :string)
-    field(:encryption_algo, Ecto.Enum, values: @valid_encryption_algo)
-    field(:encryption_key, :string)
+    field(:encryption_algo, Ecto.Enum, values: @encryption_algos)
+
+    # Only for encrypting; we don't save it in the DB
+    field(:encryption_key, :string, virtual: true)
+
     field(:expires_at, :utc_datetime)
     field(:max_reads, :integer)
     field(:max_decryption_attempts, :integer)
@@ -56,4 +59,7 @@ defmodule Heimdall.Data.Secret do
       expires_at
     ]a)
   end
+
+  @spec encryption_algos :: [algo()]
+  def encryption_algos, do: @encryption_algos
 end
diff --git a/lib/heimdall/encryption_algo/aes_gcm.ex b/lib/heimdall/encryption_algo/aes_gcm.ex
@@ -35,8 +35,8 @@ defmodule Heimdall.EncryptionAlgo.AesGcm do
   def decrypt(encrypted, key) do
     secret_key = prepare_key(key)
 
-    <<initialization_vector::binary-16, ciphertag::binary-16, ciphertext::binary>> =
-      :base64.decode(encrypted)
+    <<initialization_vector::binary-16, ciphertag::binary-16,
+      ciphertext::binary>> = :base64.decode(encrypted)
 
     :crypto.crypto_one_time_aead(
       :aes_gcm,

diff --git a/lib/heimdall/secrets.ex b/lib/heimdall/secrets.ex
@@ -10,6 +10,19 @@ defmodule Heimdall.Secrets do
   alias Heimdall.EncryptionAlgo.RSA
   alias Heimdall.Repo
 
+  @doc """
+  Returns a new changeset (with no errors) that can be used in frontend forms
+  """
+  @spec new :: Changeset.t()
+  def new do
+    %{}
+    |> Secret.changeset()
+    |> Map.put(:errors, [])
+  end
+
+  @doc """
+  Encrypts and inserts secret in the store
+  """
   @spec encrypt_and_create(map()) :: {:ok, Secret.t()} | {:error, term()}
   def encrypt_and_create(params) do
     params
@@ -18,6 +31,11 @@ defmodule Heimdall.Secrets do
     |> Repo.insert()
   end
 
+  @spec get(Ecto.UUID.t()) :: Secret.t() | nil
+  def get(secret_id) do
+    Repo.get(Secret, secret_id)
+  end
+
   defp maybe_encrypt_text(%Changeset{valid?: false} = changeset), do: changeset
 
   defp maybe_encrypt_text(changeset) do