feat: self-hosting (#29)

* feat: self-hosting

* chore: update readme

* chore: update readme

* chore: clean deps

* chore: update readme

Co-authored-by: Slavo Vojacek <[email protected]>

Author: slavovojacek

.github/workflows/ci.yml

@@ -22,7 +22,7 @@ jobs:
         name: Set up Go
         uses: actions/setup-go@v2
         with:
-          go-version: 1.16
+          go-version: 1.17
       -
         name: Download dependencies
         run: go mod download

.github/workflows/release.yml

@@ -18,7 +18,7 @@ jobs:
         name: Set up Go
         uses: actions/setup-go@v2
         with:
-          go-version: 1.16
+          go-version: 1.17
       -
         name: Run GoReleaser
         uses: goreleaser/goreleaser-action@v2

README.md

@@ -1,5 +1,5 @@
 <p align="center">
-  Please upgrade the CLI to <a href="https://github.com/sniptt-official/ots/releases/tag/v0.1.0">version 0.1.0</a>
+  <b>Looking to self-host? Use <a href="https://github.com/sniptt-official/ots-aws">the official CDK construct</a></b>
 </p>
 
 <p align="center">
@@ -34,51 +34,75 @@
 
 The recommended way to install `ots` on macOS is via Homebrew.
 
-```sh
+```
 brew install ots
 ```
 
 ### Go
 
-```sh
+```
 go get -u github.com/sniptt-official/ots
 ```
 
-### Manual
-
-Please refer to the [manual install](./docs/manual-install.md) doc.
-
 ## Usage
 
 ![render1628628123170](https://user-images.githubusercontent.com/778109/128932301-190388b3-171c-4e41-be5c-88ecf315beda.gif)
 
 ### Prompt
 
-```sh
-$ ots new -x 2h
+```
+> ots new -x 2h
 Enter your secret: 
 ```
 
 ### Pipeline
 
 You can also use pipes, for example
 
-```sh
-$ pbpaste | ots new
+```
+pbpaste | ots new
 ```
 
 or
 
-```sh
-$ cat .env | ots new
+```
+cat .env | ots new
 ```
 
 ### Data residency
 
 Use `--region` to choose where the secrets reside.
 
-```sh
-$ ots new -x 24h --region eu-central-1
+```
+ots new -x 24h --region eu-central-1
+```
+
+### Self-hosting
+
+Please refer to [the official CDK construct](https://github.com/sniptt-official/ots-aws) for detailed instructions.
+
+Grab your API Gateway URL, API key and configure `~/.ots.yaml` (or whatever you provide to `--config`):
+
+```yaml
+apiUrl: https://YOUR_API_ID.execute-api.YOUR_REGION.amazonaws.com/prod/secrets
+apiKey: YOUR_API_KEY
+```
+
+Use `ots` as before:
+
+```
+> ots new -x 2h
+Using config file: /Users/xxx/.ots.yaml
+Enter your secret: ***
+Your secret is now available on the below URL.
+
+https://my-ots-web-view.com/burn-secret?id=xxx&ref=ots-cli&region=us-east-1&v=debug#xxx
+
+You should only share this URL with the intended recipient.
+
+Please note that once retrieved, the secret will no longer
+be available for viewing. If not viewed, the secret will
+automatically expire at approximately xx xxx xxxx xx:xx:xx.
 ```
 
 ## FAQs

api/client/client.go

@@ -42,23 +42,26 @@ type CreateOtsRes struct {
 }
 
 func CreateOts(encryptedBytes []byte, expiresIn time.Duration, region string) (*CreateOtsRes, error) {
-	baseUrl := viper.GetString("base_url")
+	defaultApiUrl := fmt.Sprintf("https://ots.%s.api.sniptt.com/secrets", region)
 
-	reqUrl := url.URL{
-		Scheme: "https",
-		Host:   fmt.Sprintf("ots.%s.%s", region, baseUrl),
-		Path:   "secrets",
+	// Fetch user configuration (for self-hosted)
+	viper.SetDefault("apiUrl", defaultApiUrl)
+	apiUrl := viper.GetString("apiUrl")
+	apiKey := viper.GetString("apiKey")
+
+	// Build the request
+	reqUrl, err := url.Parse(apiUrl)
+	if err != nil {
+		return nil, err
 	}
 
 	reqBody := &CreateOtsReq{
 		EncryptedBytes: base64.StdEncoding.EncodeToString(encryptedBytes),
 		ExpiresIn:      uint32(expiresIn.Seconds()),
 	}
 
-	resBody := &CreateOtsRes{}
-
 	payloadBuf := new(bytes.Buffer)
-	err := json.NewEncoder(payloadBuf).Encode(reqBody)
+	err = json.NewEncoder(payloadBuf).Encode(reqBody)
 	if err != nil {
 		return nil, err
 	}
@@ -74,12 +77,21 @@ func CreateOts(encryptedBytes []byte, expiresIn time.Duration, region string) (*
 	req.Header.Add("X-Client-Name", "ots-cli")
 	req.Header.Add("X-Client-Version", build.Version)
 
+	// Add optional authentication (for self-hosted)
+	if apiKey != "" {
+		req.Header.Add("X-Api-Key", apiKey)
+	}
+
 	res, err := client.Do(req)
 	if err != nil {
 		return nil, err
 	}
+
 	defer res.Body.Close()
 
+	// Build the response
+	resBody := &CreateOtsRes{}
+
 	err = decodeJSON(res, resBody)
 	if err != nil {
 		return nil, err

build/build.go

@@ -17,4 +17,3 @@ package build
 
 // Will be changed at build time via -ldflags
 var Version = "debug"
-var BaseUrl = "api.sniptt.com"

cmd/root.go

@@ -61,7 +61,6 @@ func initConfig() {
 		viper.AddConfigPath(home)
 		viper.SetConfigType("yaml")
 		viper.SetConfigName(".ots")
-		viper.SetDefault("base_url", build.BaseUrl)
 	}
 
 	// Read in environment variables that match.

go.mod

@@ -1,9 +1,27 @@
 module github.com/sniptt-official/ots
 
-go 1.16
+go 1.17
 
 require (
-	github.com/spf13/cobra v1.2.1
-	github.com/spf13/viper v1.8.1
-	golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1
+	github.com/spf13/cobra v1.4.0
+	github.com/spf13/viper v1.10.1
+	golang.org/x/term v0.0.0-20210927222741-03fcf44c2211
+)
+
+require (
+	github.com/fsnotify/fsnotify v1.5.1 // indirect
+	github.com/hashicorp/hcl v1.0.0 // indirect
+	github.com/inconshreveable/mousetrap v1.0.0 // indirect
+	github.com/magiconair/properties v1.8.6 // indirect
+	github.com/mitchellh/mapstructure v1.4.3 // indirect
+	github.com/pelletier/go-toml v1.9.4 // indirect
+	github.com/spf13/afero v1.8.2 // indirect
+	github.com/spf13/cast v1.4.1 // indirect
+	github.com/spf13/jwalterweatherman v1.1.0 // indirect
+	github.com/spf13/pflag v1.0.5 // indirect
+	github.com/subosito/gotenv v1.2.0 // indirect
+	golang.org/x/sys v0.0.0-20220310020820-b874c991c1a5 // indirect
+	golang.org/x/text v0.3.7 // indirect
+	gopkg.in/ini.v1 v1.66.4 // indirect
+	gopkg.in/yaml.v2 v2.4.0 // indirect
 )