initial working version

2026-02-26 11:05:16 +01:00 · 2026-02-26 11:05:16 +01:00 · d986a0b31a
commit d986a0b31a
parent db6b90134d
19 changed files with 1430 additions and 0 deletions
--- a/internal/netrc/netrc.go
+++ b/internal/netrc/netrc.go
@ -0,0 +1,136 @@
+package netrc
+
+import (
+	"bufio"
+	"fmt"
+	"os"
+	"path/filepath"
+	"strings"
+)
+
+// Upsert updates or inserts a machine entry in the netrc file.
+// Only the password field is written (Nix uses password from netrc as auth).
+func Upsert(path, machine, password string) error {
+	entries, err := parse(path)
+	if err != nil && !os.IsNotExist(err) {
+		return err
+	}
+
+	found := false
+	for i, e := range entries {
+		if e.machine == machine {
+			entries[i].password = password
+			found = true
+			break
+		}
+	}
+	if !found {
+		entries = append(entries, entry{machine: machine, password: password})
+	}
+
+	return write(path, entries)
+}
+
+// Remove removes the entry for the given machine from the netrc file.
+func Remove(path, machine string) error {
+	entries, err := parse(path)
+	if err != nil {
+		if os.IsNotExist(err) {
+			return nil
+		}
+		return err
+	}
+
+	var filtered []entry
+	for _, e := range entries {
+		if e.machine != machine {
+			filtered = append(filtered, e)
+		}
+	}
+
+	return write(path, filtered)
+}
+
+// GetPassword returns the password for the given machine, or empty string if not found.
+func GetPassword(path, machine string) (string, error) {
+	entries, err := parse(path)
+	if err != nil {
+		if os.IsNotExist(err) {
+			return "", nil
+		}
+		return "", err
+	}
+
+	for _, e := range entries {
+		if e.machine == machine {
+			return e.password, nil
+		}
+	}
+	return "", nil
+}
+
+type entry struct {
+	machine  string
+	password string
+}
+
+func parse(path string) ([]entry, error) {
+	f, err := os.Open(path)
+	if err != nil {
+		return nil, err
+	}
+	defer f.Close()
+
+	var entries []entry
+	var current *entry
+
+	scanner := bufio.NewScanner(f)
+	for scanner.Scan() {
+		line := strings.TrimSpace(scanner.Text())
+		if line == "" || strings.HasPrefix(line, "#") {
+			continue
+		}
+
+		fields := strings.Fields(line)
+		if len(fields) < 2 {
+			continue
+		}
+
+		switch fields[0] {
+		case "machine":
+			if current != nil {
+				entries = append(entries, *current)
+			}
+			current = &entry{machine: fields[1]}
+		case "password":
+			if current != nil {
+				current.password = fields[1]
+			}
+		}
+	}
+	if current != nil {
+		entries = append(entries, *current)
+	}
+
+	if err := scanner.Err(); err != nil {
+		return nil, err
+	}
+
+	return entries, nil
+}
+
+func write(path string, entries []entry) error {
+	if err := os.MkdirAll(filepath.Dir(path), 0700); err != nil {
+		return fmt.Errorf("creating directory for %s: %w", path, err)
+	}
+
+	var b strings.Builder
+	for i, e := range entries {
+		if i > 0 {
+			b.WriteString("\n")
+		}
+		fmt.Fprintf(&b, "machine %s\npassword %s\n", e.machine, e.password)
+	}
+
+	return os.WriteFile(path, []byte(b.String()), 0600)
+}
--- a/internal/netrc/netrc_test.go
+++ b/internal/netrc/netrc_test.go
@ -0,0 +1,175 @@
+package netrc
+
+import (
+	"os"
+	"path/filepath"
+	"testing"
+)
+
+func TestUpsertEmptyFile(t *testing.T) {
+	dir := t.TempDir()
+	path := filepath.Join(dir, "netrc")
+
+	if err := Upsert(path, "cache.example.com", "token123"); err != nil {
+		t.Fatalf("unexpected error: %v", err)
+	}
+
+	pw, err := GetPassword(path, "cache.example.com")
+	if err != nil {
+		t.Fatalf("unexpected error: %v", err)
+	}
+	if pw != "token123" {
+		t.Errorf("password = %q, want %q", pw, "token123")
+	}
+}
+
+func TestUpsertUpdateExisting(t *testing.T) {
+	dir := t.TempDir()
+	path := filepath.Join(dir, "netrc")
+
+	initial := "machine other.host\npassword otherpass\n\nmachine cache.example.com\npassword oldtoken\n"
+	if err := os.WriteFile(path, []byte(initial), 0600); err != nil {
+		t.Fatal(err)
+	}
+
+	if err := Upsert(path, "cache.example.com", "newtoken"); err != nil {
+		t.Fatalf("unexpected error: %v", err)
+	}
+
+	// Check updated entry
+	pw, err := GetPassword(path, "cache.example.com")
+	if err != nil {
+		t.Fatalf("unexpected error: %v", err)
+	}
+	if pw != "newtoken" {
+		t.Errorf("password = %q, want %q", pw, "newtoken")
+	}
+
+	// Check other entry preserved
+	pw, err = GetPassword(path, "other.host")
+	if err != nil {
+		t.Fatalf("unexpected error: %v", err)
+	}
+	if pw != "otherpass" {
+		t.Errorf("other password = %q, want %q", pw, "otherpass")
+	}
+}
+
+func TestUpsertAppend(t *testing.T) {
+	dir := t.TempDir()
+	path := filepath.Join(dir, "netrc")
+
+	initial := "machine existing.host\npassword existingpass\n"
+	if err := os.WriteFile(path, []byte(initial), 0600); err != nil {
+		t.Fatal(err)
+	}
+
+	if err := Upsert(path, "cache.example.com", "newtoken"); err != nil {
+		t.Fatalf("unexpected error: %v", err)
+	}
+
+	pw, err := GetPassword(path, "cache.example.com")
+	if err != nil {
+		t.Fatalf("unexpected error: %v", err)
+	}
+	if pw != "newtoken" {
+		t.Errorf("password = %q, want %q", pw, "newtoken")
+	}
+
+	pw, err = GetPassword(path, "existing.host")
+	if err != nil {
+		t.Fatalf("unexpected error: %v", err)
+	}
+	if pw != "existingpass" {
+		t.Errorf("existing password = %q, want %q", pw, "existingpass")
+	}
+}
+
+func TestRemove(t *testing.T) {
+	dir := t.TempDir()
+	path := filepath.Join(dir, "netrc")
+
+	initial := "machine keep.host\npassword keeppass\n\nmachine remove.host\npassword removepass\n"
+	if err := os.WriteFile(path, []byte(initial), 0600); err != nil {
+		t.Fatal(err)
+	}
+
+	if err := Remove(path, "remove.host"); err != nil {
+		t.Fatalf("unexpected error: %v", err)
+	}
+
+	pw, err := GetPassword(path, "remove.host")
+	if err != nil {
+		t.Fatalf("unexpected error: %v", err)
+	}
+	if pw != "" {
+		t.Errorf("removed entry still has password = %q", pw)
+	}
+
+	pw, err = GetPassword(path, "keep.host")
+	if err != nil {
+		t.Fatalf("unexpected error: %v", err)
+	}
+	if pw != "keeppass" {
+		t.Errorf("kept password = %q, want %q", pw, "keeppass")
+	}
+}
+
+func TestRemoveNonexistentFile(t *testing.T) {
+	dir := t.TempDir()
+	path := filepath.Join(dir, "nonexistent")
+
+	if err := Remove(path, "anything"); err != nil {
+		t.Fatalf("unexpected error: %v", err)
+	}
+}
+
+func TestGetPasswordNoFile(t *testing.T) {
+	dir := t.TempDir()
+	path := filepath.Join(dir, "nonexistent")
+
+	pw, err := GetPassword(path, "anything")
+	if err != nil {
+		t.Fatalf("unexpected error: %v", err)
+	}
+	if pw != "" {
+		t.Errorf("password = %q, want empty", pw)
+	}
+}
+
+func TestGetPasswordNotFound(t *testing.T) {
+	dir := t.TempDir()
+	path := filepath.Join(dir, "netrc")
+
+	content := "machine other.host\npassword otherpass\n"
+	if err := os.WriteFile(path, []byte(content), 0600); err != nil {
+		t.Fatal(err)
+	}
+
+	pw, err := GetPassword(path, "missing.host")
+	if err != nil {
+		t.Fatalf("unexpected error: %v", err)
+	}
+	if pw != "" {
+		t.Errorf("password = %q, want empty", pw)
+	}
+}
+
+func TestFilePermissions(t *testing.T) {
+	dir := t.TempDir()
+	path := filepath.Join(dir, "netrc")
+
+	if err := Upsert(path, "cache.example.com", "token"); err != nil {
+		t.Fatalf("unexpected error: %v", err)
+	}
+
+	info, err := os.Stat(path)
+	if err != nil {
+		t.Fatalf("stat error: %v", err)
+	}
+
+	perm := info.Mode().Perm()
+	if perm != 0600 {
+		t.Errorf("file permissions = %o, want 0600", perm)
+	}
+}