-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
23 changed files
with
1,691 additions
and
1 deletion.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,4 @@ | ||
.git/ | ||
.github/ | ||
.pytest_cache/ | ||
.coverage |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,46 @@ | ||
name: build | ||
|
||
on: | ||
push: | ||
tags: | ||
- "v*" | ||
pull_request: | ||
branches: | ||
- "main" | ||
|
||
jobs: | ||
docker: | ||
runs-on: ubuntu-latest | ||
steps: | ||
- name: Checkout | ||
uses: actions/checkout@v4 | ||
- name: Docker meta | ||
id: meta | ||
uses: docker/metadata-action@v5 | ||
with: | ||
images: allisson/secure-qrcode | ||
- name: Set up QEMU | ||
uses: docker/setup-qemu-action@v3 | ||
- name: Set up Docker Buildx | ||
uses: docker/setup-buildx-action@v3 | ||
- name: Login to Docker Hub | ||
if: github.event_name != 'pull_request' | ||
uses: docker/login-action@v3 | ||
with: | ||
username: ${{ secrets.DOCKERHUB_USERNAME }} | ||
password: ${{ secrets.DOCKERHUB_TOKEN }} | ||
- name: Build and push | ||
uses: docker/build-push-action@v5 | ||
with: | ||
context: . | ||
push: ${{ github.event_name != 'pull_request' }} | ||
platforms: linux/amd64,linux/arm64 | ||
tags: ${{ steps.meta.outputs.tags }} | ||
labels: ${{ steps.meta.outputs.labels }} | ||
- name: Update repo description | ||
if: github.event_name != 'pull_request' | ||
uses: peter-evans/dockerhub-description@v3 | ||
with: | ||
username: ${{ secrets.DOCKERHUB_USERNAME }} | ||
password: ${{ secrets.DOCKERHUB_TOKEN }} | ||
repository: allisson/secure-qrcode |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,34 @@ | ||
name: Execute lint and tests | ||
|
||
on: | ||
workflow_call: | ||
push: | ||
branches: | ||
- "**" | ||
- "!main" | ||
|
||
jobs: | ||
build: | ||
runs-on: ubuntu-latest | ||
steps: | ||
- name: Install system dependencies | ||
run: sudo apt update && sudo apt install --no-install-recommends -y make git | ||
- uses: actions/checkout@v4 | ||
- uses: actions/cache@v3 | ||
with: | ||
path: ~/.cache | ||
key: self-runner-${{ runner.os }}-python-3.12-poetry-${{ hashFiles('poetry.lock') }}-precommit-${{ hashFiles('.pre-commit-config.yaml') }} | ||
- name: Set up Python 3.12 | ||
uses: actions/setup-python@v4 | ||
with: | ||
python-version: "3.12" | ||
- name: Install dependencies | ||
run: | | ||
python -m pip install --upgrade pip | ||
pip install poetry | ||
poetry config virtualenvs.create false | ||
poetry install | ||
- name: pre-commit lint | ||
run: make lint | ||
- name: pytest | ||
run: make test |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,19 @@ | ||
name: Execute lint/tests/release | ||
|
||
on: | ||
push: | ||
branches: | ||
- main | ||
|
||
jobs: | ||
build: | ||
uses: ./.github/workflows/lint-and-tests.yml | ||
release-please: | ||
needs: build | ||
runs-on: ubuntu-latest | ||
steps: | ||
- uses: GoogleCloudPlatform/release-please-action@v3 | ||
with: | ||
token: ${{ secrets.GITHUB_TOKEN }} | ||
release-type: simple | ||
package-name: secure-qrcode |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,36 @@ | ||
repos: | ||
- repo: https://github.com/pre-commit/pre-commit-hooks | ||
rev: v4.5.0 | ||
hooks: | ||
- id: check-ast | ||
- id: fix-byte-order-marker | ||
- id: check-docstring-first | ||
- id: check-json | ||
- id: check-merge-conflict | ||
- id: check-symlinks | ||
- id: check-toml | ||
- id: check-vcs-permalinks | ||
- id: check-xml | ||
- id: check-yaml | ||
- id: debug-statements | ||
- id: destroyed-symlinks | ||
- id: end-of-file-fixer | ||
- id: trailing-whitespace | ||
|
||
- repo: https://github.com/pycqa/isort | ||
rev: 5.12.0 | ||
hooks: | ||
- id: isort | ||
args: ["--overwrite-in-place"] | ||
|
||
- repo: https://github.com/psf/black | ||
rev: 23.11.0 | ||
hooks: | ||
- id: black | ||
args: ["--line-length=110"] | ||
|
||
- repo: https://github.com/pycqa/flake8 | ||
rev: 6.1.0 | ||
hooks: | ||
- id: flake8 | ||
args: ["--max-line-length=110", "--ignore=E203,E501,W503"] |
Empty file.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,55 @@ | ||
##### Builder Stage ##### | ||
FROM python:3.12-slim-bookworm as builder | ||
|
||
# Set default path | ||
ENV PATH="/app/.venv/bin:${PATH}" | ||
|
||
# Set default workdir | ||
WORKDIR /app | ||
|
||
# Create virtualenv and install Python packages | ||
RUN pip install --no-cache-dir pip -U && \ | ||
pip install --no-cache-dir poetry && \ | ||
poetry config virtualenvs.in-project true | ||
COPY ./poetry.lock poetry.lock | ||
COPY ./pyproject.toml pyproject.toml | ||
RUN poetry install --only main | ||
|
||
# Copy app files to workdir | ||
COPY secure_qrcode ./secure_qrcode | ||
|
||
##### Final Stage ##### | ||
FROM python:3.12-slim-bookworm | ||
|
||
# Disable Prompt During Packages Installation | ||
ARG DEBIAN_FRONTEND=noninteractive | ||
|
||
# Set default path | ||
ENV PATH="/app/.venv/bin:${PATH}" | ||
ENV PYTHONPATH /app | ||
|
||
# Copy content from builder stage | ||
COPY --from=builder /app /app | ||
|
||
# Install packages | ||
RUN apt-get update && \ | ||
apt-get upgrade -y && \ | ||
apt-get install --no-install-recommends -y tini && \ | ||
apt-get clean && \ | ||
rm -rf /var/lib/apt/lists/* | ||
|
||
# Add qrcode user and create directories | ||
RUN useradd -m qrcode && mkdir -p /app | ||
|
||
# Set permissions | ||
RUN chown -R qrcode:qrcode /app | ||
|
||
# Set workdir and user | ||
WORKDIR /app | ||
USER qrcode | ||
|
||
# Expose port | ||
EXPOSE 8000 | ||
|
||
# Set entrypoint and cmd | ||
ENTRYPOINT ["/usr/bin/tini", "--", "uvicorn", "--host", "0.0.0.0", "--port", "8000", "secure_qrcode.api:app"] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,19 @@ | ||
.PHONY: test | ||
test: | ||
poetry run pytest -v | ||
|
||
.PHONY: lint | ||
lint: | ||
poetry run pre-commit run --all-files | ||
|
||
.PHONY: run-api | ||
run-api: | ||
poetry run uvicorn secure_qrcode.api:app --reload | ||
|
||
.PHONY: docker-build | ||
docker-build: | ||
docker build --rm -t allisson/secure-qrcode . | ||
|
||
.PHONY: docker-run | ||
docker-run: | ||
docker run --rm -p 8000:8000 allisson/secure-qrcode |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,2 +1,68 @@ | ||
# secure-qrcode | ||
Encrypt your data using the modern ChaCha20-Poly1305 cipher and generate a secure QR code | ||
Encrypt your data using the modern ChaCha20-Poly1305 cipher and export it into a secure QR code. | ||
|
||
## run the api | ||
|
||
The server can be started using a docker image. | ||
|
||
```bash | ||
docker run --rm -p 8000:8000 allisson/secure-qrcode | ||
``` | ||
|
||
Now the API server will be running on port 8000. | ||
|
||
## api documentation. | ||
|
||
You can access the API documentation using these two endpoints: | ||
- http://localhost:8000/docs | ||
- http://localhost:8000/redoc | ||
|
||
## generate a secure QR code | ||
|
||
Call the API passing at least the plaintext and key fields. | ||
|
||
```bash | ||
curl --location 'http://localhost:8000/v1/encode' \ | ||
--header 'Content-Type: application/json' \ | ||
--data '{ | ||
"plaintext": "my super secret text", | ||
"key": "my super secret key" | ||
}' | jq -r '.content' | base64 --decode > qrcode.png | ||
``` | ||
|
||
Now you can open the qrcode.png file and do whatever you want. | ||
|
||
## decrypt the QR code | ||
|
||
Use any program that read a QR code, the content will be something like this: | ||
|
||
```json | ||
{ | ||
"nonce": "PAhk6TKJAT7taGOH", | ||
"header": "/wxYPzrrSRLUTQ3WjpmpMA==", | ||
"ciphertext": "QygEEzUS2wFUmTJtupBtLHrf92Y=", | ||
"tag": "wNIaFK4YdTRa4p3PbvJboA==" | ||
} | ||
``` | ||
|
||
Now call the API passing the encrypted_data and the key. | ||
|
||
```bash | ||
curl --location 'http://localhost:8000/v1/decode' \ | ||
--header 'Content-Type: application/json' \ | ||
--data '{ | ||
"encrypted_data": { | ||
"nonce": "PAhk6TKJAT7taGOH", | ||
"header": "/wxYPzrrSRLUTQ3WjpmpMA==", | ||
"ciphertext": "QygEEzUS2wFUmTJtupBtLHrf92Y=", | ||
"tag": "wNIaFK4YdTRa4p3PbvJboA==" | ||
}, | ||
"key": "my super secret key" | ||
}' | jq | ||
``` | ||
|
||
```json | ||
{ | ||
"decrypted_data": "my super secret text" | ||
} | ||
``` |
Oops, something went wrong.