Refactor secrets, info, and logs commands for consistency and robustness

bdsoha · bdsoha · commit 46b92d2bada9 · 2026-01-11T19:51:17.000+02:00
diff --git a/cmd/info/info.go b/cmd/info/info.go
@@ -5,52 +5,56 @@ import (
 	"fmt"
 	"io"
 	"os"
-	"strings"
 
 	"github.com/kloudkit/ws-cli/internals/config"
+	internalIO "github.com/kloudkit/ws-cli/internals/io"
 	"github.com/kloudkit/ws-cli/internals/styles"
 	"github.com/spf13/cobra"
 )
 
-func readJsonFile() map[string]any {
-	var content map[string]any
-
-	data, _ := os.ReadFile(config.DefaultManifestPath)
-
-	_ = json.Unmarshal(data, &content)
-
-	return content
+type Manifest struct {
+	Version string `json:"version"`
+	VSCode  struct {
+		Version string `json:"version"`
+	} `json:"vscode"`
 }
 
-func readJson(content map[string]any, key string) string {
-	keys := strings.Split(key, ".")
-	var value any = content
-
-	for _, k := range keys {
-		m, ok := value.(map[string]any)
-		if !ok {
-			return ""
-		}
+func readManifest() (*Manifest, error) {
+	if !internalIO.FileExists(config.DefaultManifestPath) {
+		return nil, fmt.Errorf("manifest not found at %s", config.DefaultManifestPath)
+	}
 
-		value = m[k]
+	data, err := os.ReadFile(config.DefaultManifestPath)
+	if err != nil {
+		return nil, fmt.Errorf("failed to read manifest: %w", err)
 	}
 
-	if str, ok := value.(string); ok {
-		return str
+	var m Manifest
+	if err := json.Unmarshal(data, &m); err != nil {
+		return nil, fmt.Errorf("failed to parse manifest: %w", err)
 	}
 
-	return fmt.Sprintf("%v", value)
+	return &m, nil
 }
 
 func showVersion(writer io.Writer) {
-	content := readJsonFile()
+	manifest, err := readManifest()
+	if err != nil {
+		styles.PrintWarning(writer, fmt.Sprintf("Could not read workspace version: %v", err))
+		fmt.Fprintf(writer, "%s\n", styles.Title().Render("Versions"))
+		t := styles.Table().Rows(
+			[]string{"ws-cli", Version},
+		)
+		fmt.Fprintln(writer, t.Render())
+		return
+	}
 
 	fmt.Fprintf(writer, "%s\n", styles.Title().Render("Versions"))
 
 	t := styles.Table().Rows(
-		[]string{"workspace", readJson(content, "version")},
+		[]string{"workspace", manifest.Version},
 		[]string{"ws-cli", Version},
-		[]string{"VSCode", readJson(content, "vscode.version")},
+		[]string{"VSCode", manifest.VSCode.Version},
 	)
 
 	fmt.Fprintln(writer, t.Render())
diff --git a/cmd/logs/logs.go b/cmd/logs/logs.go
@@ -2,7 +2,6 @@ package logs
 
 import (
 	"fmt"
-	"os"
 
 	"github.com/kloudkit/ws-cli/internals/logger"
 	"github.com/kloudkit/ws-cli/internals/styles"
@@ -28,13 +27,13 @@ func execute(cmd *cobra.Command, args []string) error {
 			{"warn", "Warning messages"},
 			{"error", "Error messages only"},
 		})
-		os.Exit(1)
+		return fmt.Errorf("invalid log level")
 	}
 
 	reader, err := logger.NewReader(tail, level)
 	if err != nil {
 		styles.PrintError(cmd.ErrOrStderr(), fmt.Sprintf("Failed to initialize log reader: %s", err))
-		os.Exit(1)
+		return err
 	}
 
 	if follow {
@@ -45,7 +44,7 @@ func execute(cmd *cobra.Command, args []string) error {
 
 	if err != nil {
 		styles.PrintError(cmd.ErrOrStderr(), fmt.Sprintf("Error reading logs: %s", err))
-		os.Exit(1)
+		return err
 	}
 
 	return nil
diff --git a/cmd/secrets/encrypt.go b/cmd/secrets/encrypt.go
@@ -37,4 +37,3 @@ var encryptCmd = &cobra.Command{
 		return handleOutput(cmd, cfg, encrypted, "Encrypted Value", "Secret encrypted successfully", true)
 	},
 }
-
diff --git a/cmd/secrets/generate.go b/cmd/secrets/generate.go
@@ -1,12 +1,12 @@
-package generate
+package secrets
 
 import "github.com/spf13/cobra"
 
-var GenerateCmd = &cobra.Command{
+var generateCmd = &cobra.Command{
 	Use:   "generate",
 	Short: "Generate master keys or login password hashes",
 }
 
 func init() {
-	GenerateCmd.AddCommand(masterCmd, loginCmd)
+	generateCmd.AddCommand(masterCmd, loginCmd)
 }
diff --git a/cmd/secrets/generate/helpers.go b/cmd/secrets/generate/helpers.go
diff --git a/cmd/secrets/generate/login.go b/cmd/secrets/generate/login.go
diff --git a/cmd/secrets/generate/master.go b/cmd/secrets/generate/master.go
diff --git a/cmd/secrets/login.go b/cmd/secrets/login.go
@@ -0,0 +1,39 @@
+package secrets
+
+import (
+	"fmt"
+	"io"
+
+	internalIO "github.com/kloudkit/ws-cli/internals/io"
+	internalSecrets "github.com/kloudkit/ws-cli/internals/secrets"
+	"github.com/kloudkit/ws-cli/internals/styles"
+	"github.com/spf13/cobra"
+)
+
+var loginCmd = &cobra.Command{
+	Use:   "login",
+	Short: "Generate a workspace password hash for authentication",
+	Args:  cobra.NoArgs,
+	RunE: func(cmd *cobra.Command, args []string) error {
+		cfg := getOutputConfig(cmd)
+		return generateLoginHash(cmd, cfg)
+	},
+}
+
+func generateLoginHash(cmd *cobra.Command, cfg outputConfig) error {
+	password, err := internalIO.ReadPasswordFromReader(cmd.InOrStdin())
+	if err != nil {
+		return err
+	}
+
+	hash, err := internalSecrets.HashPasswordForWorkspace(password)
+	if err != nil {
+		return err
+	}
+
+	return handleCustomOutput(cmd, cfg, hash, "✓ Password hash written to "+cfg.file, func(out io.Writer) {
+		fmt.Fprintf(out, "%s\n", styles.Header().Render("Workspace Password Hash"))
+		fmt.Fprintf(out, "  %s\n", styles.Code().Render(hash))
+		fmt.Fprintf(out, "%s\n", styles.Muted().Render("💡 Use this hash for WS_AUTH_PASSWORD_HASHED"))
+	})
+}
diff --git a/cmd/secrets/master.go b/cmd/secrets/master.go
@@ -0,0 +1,46 @@
+package secrets
+
+import (
+	"crypto/rand"
+	"encoding/base64"
+	"errors"
+	"fmt"
+	"io"
+
+	"github.com/kloudkit/ws-cli/internals/styles"
+	"github.com/spf13/cobra"
+)
+
+var masterCmd = &cobra.Command{
+	Use:   "master",
+	Short: "Generate a cryptographically secure master key",
+	Args:  cobra.NoArgs,
+	RunE: func(cmd *cobra.Command, args []string) error {
+		cfg := getOutputConfig(cmd)
+		keyLength, _ := cmd.Flags().GetInt("length")
+		return generateMasterKey(cmd, cfg, keyLength)
+	},
+}
+
+func init() {
+	masterCmd.Flags().Int("length", 32, "Key length in bytes")
+}
+
+func generateMasterKey(cmd *cobra.Command, cfg outputConfig, keyLength int) error {
+	if keyLength <= 0 {
+		return errors.New("invalid key length")
+	}
+
+	key := make([]byte, keyLength)
+	if _, err := rand.Read(key); err != nil {
+		return fmt.Errorf("failed to generate key: %w", err)
+	}
+
+	encodedKey := base64.StdEncoding.EncodeToString(key)
+
+	return handleCustomOutput(cmd, cfg, encodedKey, "✓ Master key written to "+cfg.file, func(out io.Writer) {
+		fmt.Fprintf(out, "%s\n", styles.Header().Render("Master Key"))
+		fmt.Fprintf(out, "  %s\n", styles.Code().Render(encodedKey))
+		fmt.Fprintf(out, "%s\n", styles.Muted().Render("💡 Store this key securely - you'll need it to encrypt/decrypt secrets"))
+	})
+}
diff --git a/cmd/secrets/secrets.go b/cmd/secrets/secrets.go
@@ -1,7 +1,6 @@
 package secrets
 
 import (
-	"github.com/kloudkit/ws-cli/cmd/secrets/generate"
 	"github.com/spf13/cobra"
 )
 
@@ -17,5 +16,5 @@ func init() {
 	SecretsCmd.PersistentFlags().Bool("force", false, "Overwrite existing files")
 	SecretsCmd.PersistentFlags().Bool("raw", false, "Output without styling")
 
-	SecretsCmd.AddCommand(encryptCmd, decryptCmd, generate.GenerateCmd, vaultCmd)
+	SecretsCmd.AddCommand(encryptCmd, decryptCmd, generateCmd, vaultCmd)
 }
diff --git a/internals/secrets/crypto_test.go b/internals/secrets/crypto_test.go
@@ -65,7 +65,7 @@ func TestDecryptUnsupportedVersion(t *testing.T) {
 func TestHashPasswordForWorkspace(t *testing.T) {
 	hash, err := HashPasswordForWorkspace("testpassword123")
 	assert.NilError(t, err)
-	assert.Assert(t, strings.HasPrefix(hash, "$argon2id$v=19$m=4096,t=3,p=1$"))
+	assert.Assert(t, strings.HasPrefix(hash, "$argon2id$v=19$m=65536,t=3,p=4$"))
 
 	hash2, _ := HashPasswordForWorkspace("testpassword123")
 	assert.Assert(t, hash != hash2)

Original file line number	Diff line number	Diff line change
`@@ -37,4 +37,3 @@ var encryptCmd = &cobra.Command{`
`37`	`37`	`return handleOutput(cmd, cfg, encrypted, "Encrypted Value", "Secret encrypted successfully", true)`
`38`	`38`	`},`
`39`	`39`	`}`
`40`		`-`
Original file line number	Diff line number	Diff line change
`@@ -1,12 +1,12 @@`
`1`		`-package generate`
	`1`	`+package secrets`
`2`	`2`
`3`	`3`	`import "github.com/spf13/cobra"`
`4`	`4`
`5`		`-var GenerateCmd = &cobra.Command{`
	`5`	`+var generateCmd = &cobra.Command{`
`6`	`6`	`Use: "generate",`
`7`	`7`	`Short: "Generate master keys or login password hashes",`
`8`	`8`	`}`
`9`	`9`
`10`	`10`	`func init() {`
`11`		`- GenerateCmd.AddCommand(masterCmd, loginCmd)`
	`11`	`+ generateCmd.AddCommand(masterCmd, loginCmd)`
`12`	`12`	`}`
Original file line number	Diff line number	Diff line change
`@@ -1,7 +1,6 @@`
`1`	`1`	`package secrets`
`2`	`2`
`3`	`3`	`import (`
`4`		`- "github.com/kloudkit/ws-cli/cmd/secrets/generate"`
`5`	`4`	`"github.com/spf13/cobra"`
`6`	`5`	`)`
`7`	`6`
`@@ -17,5 +16,5 @@ func init() {`
`17`	`16`	`SecretsCmd.PersistentFlags().Bool("force", false, "Overwrite existing files")`
`18`	`17`	`SecretsCmd.PersistentFlags().Bool("raw", false, "Output without styling")`
`19`	`18`
`20`		`- SecretsCmd.AddCommand(encryptCmd, decryptCmd, generate.GenerateCmd, vaultCmd)`
	`19`	`+ SecretsCmd.AddCommand(encryptCmd, decryptCmd, generateCmd, vaultCmd)`
`21`	`20`	`}`