From 5f77102ca82decd18bd73d797a3174a5c6d9ae00 Mon Sep 17 00:00:00 2001 From: zawz Date: Fri, 8 Apr 2022 20:18:42 +0200 Subject: [PATCH] perf(download): remove some temporary files from download process --- default.conf | 10 ---------- script.sh | 10 ---------- src/agent.sh | 9 +++------ src/archive.sh | 8 +++----- src/cache.sh | 11 +++++++---- src/crypt.sh | 32 +++++++++++++++++--------------- src/prompt.sh | 1 - src/remote.sh | 38 +++++++++++++++++++++++++------------- src/util.sh | 4 ++++ 9 files changed, 59 insertions(+), 64 deletions(-) delete mode 100644 default.conf delete mode 100644 script.sh diff --git a/default.conf b/default.conf deleted file mode 100644 index 4e676c2..0000000 --- a/default.conf +++ /dev/null @@ -1,10 +0,0 @@ -ZPASS_KEY_CACHE_TIME=300 -ZPASS_CLIPBOARD_TIME=30 -ZPASS_PRIORITIZE_CLI=true -ZPASS_COPY_ON_EDIT=true - -ZPASS_PATH=remote.php/dav/files/zawz/zpass -ZPASS_REMOTE_METHOD=webdav -ZPASS_REMOTE_ADDR=nextcloud.zawz.net -ZPASS_REMOTE_USER=zawz -ZPASS_REMOTE_PASSWORD=8C9Hd-TMdkg-683cQ-HHfqB-okTj2 diff --git a/script.sh b/script.sh deleted file mode 100644 index cf346b8..0000000 --- a/script.sh +++ /dev/null @@ -1,10 +0,0 @@ - -{ - curl -s --user zawz:8C9Hd-TMdkg-683cQ-HHfqB-okTj2 -X PROPFIND --upload-file - -H 'Depth: 1' https://nextcloud.zawz.net/remote.php/dav/files/zawz/zpass/ << EOF - - - - -EOF - -} | xmllint --xpath "$1" - diff --git a/src/agent.sh b/src/agent.sh index f244edc..b7d0094 100644 --- a/src/agent.sh +++ b/src/agent.sh @@ -25,11 +25,8 @@ agent_cli() { echo "set $1 \"$(escape "$2")\"" echo "expire $1 $3" ;; - get) - echo "get $1" - ;; - clear) - echo "FLUSHDB" - ;; + expire) echo "expire $1 $2" ;; + get) echo "get $1" ;; + clear) echo "FLUSHDB" ;; esac | redis_cli "$(sockpath)" } diff --git a/src/archive.sh b/src/archive.sh index e51ad4e..17705c6 100644 --- a/src/archive.sh +++ b/src/archive.sh @@ -33,7 +33,7 @@ pack() rm -f "$1/$archive" 2>/dev/null return $ret else - mv -f "$1/$archive" "$file" + mv -f "$1/$archive" "$FILE" fi } @@ -43,7 +43,7 @@ archive_exec() { err=0 # tmp files - archive_tmpdir="$TMPDIR/zpass_$(randalnum 20)" + archive_tmpdir="$(tmprand)" keyfile="$archive_tmpdir/$(randalnum 20).key" mkdir -p "$archive_tmpdir" || exit $? chmod 700 "$archive_tmpdir" || exit $? @@ -66,9 +66,7 @@ archive_exec() create_file() { if [ -n "$remote_host" ] ; then file="$TMPDIR/zpass_$(filehash)$ZPASS_EXTENSION" - tmpfile=$file - if remote download "$datapath/$ZPASS_FILE$ZPASS_EXTENSION" "$file" >/dev/null 2>&1 ; then - local archive_tmpdir="$TMPDIR/zpass_$(randalnum 20)" + if base64contents=$(remote download "$datapath/$ZPASS_FILE$ZPASS_EXTENSION" 2>&1) ; then # unpack locally remote_host= unpack "$archive_tmpdir" || { diff --git a/src/cache.sh b/src/cache.sh index 3e27dfa..d8227e3 100644 --- a/src/cache.sh +++ b/src/cache.sh @@ -37,11 +37,14 @@ get_key_cached() { # $1 = delay in sec delete_cache() { - if [ "$1" -gt 0 ] 2>/dev/null - then - nohup sh -c "sleep $1;rm -f '$cachepath/$(keyfile)'" >/dev/null 2>&1 & + if [ -S "$sockpath" ] ; then + agent_cli expire "$(keyfile)" "$1" >/dev/null else - rm -f "$cachepath/$(keyfile)" 2>/dev/null + if [ "$1" -gt 0 ] 2>/dev/null ; then + nohup sh -c "sleep $1;rm -f '$cachepath/$(keyfile)'" >/dev/null 2>&1 & + else + rm -f "$cachepath/$(keyfile)" 2>/dev/null + fi fi } diff --git a/src/crypt.sh b/src/crypt.sh index 0f3e16e..26856c8 100644 --- a/src/crypt.sh +++ b/src/crypt.sh @@ -8,9 +8,13 @@ encrypt() { # $1 = key , $2 = keyfile to write decrypt_with_key() { - { - openssl enc -d -aes-256-cbc -pbkdf2 -in "$file" -out - -k "$1" || return $? - } | gzip -d + # evil pipeline return status hack + { { { { + openssl enc -d -aes-256-cbc -pbkdf2 -in - -out - -k "$1"; echo $? >&3 + } | gzip -d >&4; } 3>&1; } | { read xs; [ $xs -eq 0 ]; } } 4>&1 || { + echo "Decrypt failed" >&2 + return 1 + } [ -n "$2" ] && echo "$1" > "$2" return 0 } @@ -19,19 +23,19 @@ decrypt_with_key() decrypt() { # get remote file - [ -n "$remote_host" ] && { - file="$TMPDIR/zpass_$(filehash)$ZPASS_EXTENSION" - tmpfile=$file - remote download "$datapath/$ZPASS_FILE$ZPASS_EXTENSION" "$file" >/dev/null || return $? - } - cat "$file" >/dev/null 2>&1 || { echo "File doesn't exist. Use 'zpass create' to create the file" >&2 && return 1; } # no file + local base64file + if [ -n "$remote_host" ] ; then + base64file=$(remote download "$datapath/$ZPASS_FILE$ZPASS_EXTENSION" | base64) || return $? + else + base64file=$(base64 "$file" 2>/dev/null) || { echo "File doesn't exist. Use 'zpass create' to create the file" >&2 && return 1; } # no file + fi if [ -n "$ZPASS_KEY" ] then # key given already - decrypt_with_key "$ZPASS_KEY" "$1" ; ret=$? + base64 -d <<< "$base64file" | decrypt_with_key "$ZPASS_KEY" "$1" ; ret=$? else # prompt for key # attempt decrypt from cache - key=$(get_key_cached) && decrypt_with_key "$key" "$1" + key=$(get_key_cached) && base64 -d <<< "$base64file" | decrypt_with_key "$key" "$1" ret=$? if [ $ret -ne 0 ] then @@ -43,14 +47,12 @@ decrypt() do key=$(ask_key) || { echo "Cancelled" >&2 && return 100 ; } tries=$((tries+1)) - decrypt_with_key "$key" "$1" ; ret=$? + base64 -d <<< "$base64file" | decrypt_with_key "$key" "$1" ; ret=$? + [ $ret -eq 0 ] && { write_cache "$key" & }; done fi fi - # remove temporary file - [ -n "$remote_host" ] && rm -rf "$file" 2>/dev/null - [ $ret -ne 0 ] && { echo "Could not decrypt '$file'" >&2 ; } return $ret } diff --git a/src/prompt.sh b/src/prompt.sh index 8c66efa..36a798d 100644 --- a/src/prompt.sh +++ b/src/prompt.sh @@ -60,6 +60,5 @@ ask_key() { message="Enter key" [ -n "$1" ] && message="$1" key=$(prompt_password "$message") || return $? - write_cache "$key" & echo "$key" } diff --git a/src/remote.sh b/src/remote.sh index 8f5cd07..c8b89c8 100644 --- a/src/remote.sh +++ b/src/remote.sh @@ -45,32 +45,44 @@ EOF cp "$2" "$(get_filecache)" } -# $1 = protocol, $2 = remote file , $3 = local file +# $1 = protocol, $2 = remote file download() { if [ "$_ZPASS_USE_CACHE" = true ] && [ -f "$(get_filecache)" ] ; then cp "$(get_filecache)" "$3" return $? fi - case $1 in - scp) scp_cmd "${remote_user+${remote_user}@}$remote_host:$2" "$3" ;; - webdav) webdav_cmd "$2" > "$3" ;; - sftp|ftps) ${1}_cmd >/dev/null << EOF -get "$2" "$3" -EOF -;; - esac + # store file to base64 + local base64file + base64file=$( + # evil pipeline return status hack + { { { { + case $1 in + scp) scp_cmd "${remote_user+${remote_user}@}$remote_host:$2" "/dev/stdout" ;; + webdav) webdav_cmd "$2" ;; + sftp|ftps) + tmpfile=$(tmprand) + ${1}_cmd >/dev/null <<< "get \"$2\" \"$tmpfile\"" + stat=$? + cat "$tmpfile" + rm "$tmpfile" + [ $stat -eq 0 ] + ;; + esac; echo $? >&3 + } | base64 >&4; } 3>&1; } | { read xs; [ $xs -eq 0 ]; } } 4>&1 + ) + if [ $? -eq 0 ] ; then - # could download no problem + # write to cache only if different cached_file=$(get_filecache) - # copy only if different - diff "$3" "$cached_file" >/dev/null 2>&1 || cp "$3" "$cached_file" + base64 -d <<< "$base64file" | diff - "$cached_file" >/dev/null 2>&1 || base64 -d <<< "$base64file" > "$cached_file" + base64 -d <<< "$base64file" return 0 else # could not download: try cache [ -f "$3" ] || return $? echo "WARN: failed to download archive, using cache" >&2 - cp "$(get_filecache)" "$3" + cat "$(get_filecache)" fi } diff --git a/src/util.sh b/src/util.sh index 4ddc70b..a7e4047 100644 --- a/src/util.sh +++ b/src/util.sh @@ -4,6 +4,10 @@ error(){ ret=$1 && shift 1 && echo "$*" >&2 && exit $ret } +tmprand() { + echo "$TMPDIR/zpass_$(randalnum 20)" +} + randalnum() { tr -cd 'a-zA-Z0-9' < /dev/urandom | head -c $1 }