Skip to content

Commit

Permalink
feat: first version
Browse files Browse the repository at this point in the history
  • Loading branch information
allisson committed Nov 22, 2023
1 parent f0d6923 commit 6b6686a
Show file tree
Hide file tree
Showing 23 changed files with 1,691 additions and 1 deletion.
4 changes: 4 additions & 0 deletions .dockerignore
Original file line number Diff line number Diff line change
@@ -0,0 +1,4 @@
.git/
.github/
.pytest_cache/
.coverage
46 changes: 46 additions & 0 deletions .github/workflows/build.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,46 @@
name: build

on:
push:
tags:
- "v*"
pull_request:
branches:
- "main"

jobs:
docker:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Docker meta
id: meta
uses: docker/metadata-action@v5
with:
images: allisson/secure-qrcode
- name: Set up QEMU
uses: docker/setup-qemu-action@v3
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Login to Docker Hub
if: github.event_name != 'pull_request'
uses: docker/login-action@v3
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
- name: Build and push
uses: docker/build-push-action@v5
with:
context: .
push: ${{ github.event_name != 'pull_request' }}
platforms: linux/amd64,linux/arm64
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
- name: Update repo description
if: github.event_name != 'pull_request'
uses: peter-evans/dockerhub-description@v3
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
repository: allisson/secure-qrcode
34 changes: 34 additions & 0 deletions .github/workflows/lint-and-tests.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,34 @@
name: Execute lint and tests

on:
workflow_call:
push:
branches:
- "**"
- "!main"

jobs:
build:
runs-on: ubuntu-latest
steps:
- name: Install system dependencies
run: sudo apt update && sudo apt install --no-install-recommends -y make git
- uses: actions/checkout@v4
- uses: actions/cache@v3
with:
path: ~/.cache
key: self-runner-${{ runner.os }}-python-3.12-poetry-${{ hashFiles('poetry.lock') }}-precommit-${{ hashFiles('.pre-commit-config.yaml') }}
- name: Set up Python 3.12
uses: actions/setup-python@v4
with:
python-version: "3.12"
- name: Install dependencies
run: |
python -m pip install --upgrade pip
pip install poetry
poetry config virtualenvs.create false
poetry install
- name: pre-commit lint
run: make lint
- name: pytest
run: make test
19 changes: 19 additions & 0 deletions .github/workflows/release.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,19 @@
name: Execute lint/tests/release

on:
push:
branches:
- main

jobs:
build:
uses: ./.github/workflows/lint-and-tests.yml
release-please:
needs: build
runs-on: ubuntu-latest
steps:
- uses: GoogleCloudPlatform/release-please-action@v3
with:
token: ${{ secrets.GITHUB_TOKEN }}
release-type: simple
package-name: secure-qrcode
36 changes: 36 additions & 0 deletions .pre-commit-config.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,36 @@
repos:
- repo: https://github.com/pre-commit/pre-commit-hooks
rev: v4.5.0
hooks:
- id: check-ast
- id: fix-byte-order-marker
- id: check-docstring-first
- id: check-json
- id: check-merge-conflict
- id: check-symlinks
- id: check-toml
- id: check-vcs-permalinks
- id: check-xml
- id: check-yaml
- id: debug-statements
- id: destroyed-symlinks
- id: end-of-file-fixer
- id: trailing-whitespace

- repo: https://github.com/pycqa/isort
rev: 5.12.0
hooks:
- id: isort
args: ["--overwrite-in-place"]

- repo: https://github.com/psf/black
rev: 23.11.0
hooks:
- id: black
args: ["--line-length=110"]

- repo: https://github.com/pycqa/flake8
rev: 6.1.0
hooks:
- id: flake8
args: ["--max-line-length=110", "--ignore=E203,E501,W503"]
Empty file added CHANGELOG.md
Empty file.
55 changes: 55 additions & 0 deletions Dockerfile
Original file line number Diff line number Diff line change
@@ -0,0 +1,55 @@
##### Builder Stage #####
FROM python:3.12-slim-bookworm as builder

# Set default path
ENV PATH="/app/.venv/bin:${PATH}"

# Set default workdir
WORKDIR /app

# Create virtualenv and install Python packages
RUN pip install --no-cache-dir pip -U && \
pip install --no-cache-dir poetry && \
poetry config virtualenvs.in-project true
COPY ./poetry.lock poetry.lock
COPY ./pyproject.toml pyproject.toml
RUN poetry install --only main

# Copy app files to workdir
COPY secure_qrcode ./secure_qrcode

##### Final Stage #####
FROM python:3.12-slim-bookworm

# Disable Prompt During Packages Installation
ARG DEBIAN_FRONTEND=noninteractive

# Set default path
ENV PATH="/app/.venv/bin:${PATH}"
ENV PYTHONPATH /app

# Copy content from builder stage
COPY --from=builder /app /app

# Install packages
RUN apt-get update && \
apt-get upgrade -y && \
apt-get install --no-install-recommends -y tini && \
apt-get clean && \
rm -rf /var/lib/apt/lists/*

# Add qrcode user and create directories
RUN useradd -m qrcode && mkdir -p /app

# Set permissions
RUN chown -R qrcode:qrcode /app

# Set workdir and user
WORKDIR /app
USER qrcode

# Expose port
EXPOSE 8000

# Set entrypoint and cmd
ENTRYPOINT ["/usr/bin/tini", "--", "uvicorn", "--host", "0.0.0.0", "--port", "8000", "secure_qrcode.api:app"]
19 changes: 19 additions & 0 deletions Makefile
Original file line number Diff line number Diff line change
@@ -0,0 +1,19 @@
.PHONY: test
test:
poetry run pytest -v

.PHONY: lint
lint:
poetry run pre-commit run --all-files

.PHONY: run-api
run-api:
poetry run uvicorn secure_qrcode.api:app --reload

.PHONY: docker-build
docker-build:
docker build --rm -t allisson/secure-qrcode .

.PHONY: docker-run
docker-run:
docker run --rm -p 8000:8000 allisson/secure-qrcode
68 changes: 67 additions & 1 deletion README.md
Original file line number Diff line number Diff line change
@@ -1,2 +1,68 @@
# secure-qrcode
Encrypt your data using the modern ChaCha20-Poly1305 cipher and generate a secure QR code
Encrypt your data using the modern ChaCha20-Poly1305 cipher and export it into a secure QR code.

## run the api

The server can be started using a docker image.

```bash
docker run --rm -p 8000:8000 allisson/secure-qrcode
```

Now the API server will be running on port 8000.

## api documentation.

You can access the API documentation using these two endpoints:
- http://localhost:8000/docs
- http://localhost:8000/redoc

## generate a secure QR code

Call the API passing at least the plaintext and key fields.

```bash
curl --location 'http://localhost:8000/v1/encode' \
--header 'Content-Type: application/json' \
--data '{
"plaintext": "my super secret text",
"key": "my super secret key"
}' | jq -r '.content' | base64 --decode > qrcode.png
```

Now you can open the qrcode.png file and do whatever you want.

## decrypt the QR code

Use any program that read a QR code, the content will be something like this:

```json
{
"nonce": "PAhk6TKJAT7taGOH",
"header": "/wxYPzrrSRLUTQ3WjpmpMA==",
"ciphertext": "QygEEzUS2wFUmTJtupBtLHrf92Y=",
"tag": "wNIaFK4YdTRa4p3PbvJboA=="
}
```

Now call the API passing the encrypted_data and the key.

```bash
curl --location 'http://localhost:8000/v1/decode' \
--header 'Content-Type: application/json' \
--data '{
"encrypted_data": {
"nonce": "PAhk6TKJAT7taGOH",
"header": "/wxYPzrrSRLUTQ3WjpmpMA==",
"ciphertext": "QygEEzUS2wFUmTJtupBtLHrf92Y=",
"tag": "wNIaFK4YdTRa4p3PbvJboA=="
},
"key": "my super secret key"
}' | jq
```

```json
{
"decrypted_data": "my super secret text"
}
```
Loading

0 comments on commit 6b6686a

Please sign in to comment.