Merge pull request #10 from dotenv-org/add-tests

DotenvVault loads .env.vault files
dotenv-org · Nov 4, 2023 · 7bf3f59 · 7bf3f59
2 parents dff3ebf + 87d2365
commit 7bf3f59
Show file tree

Hide file tree

Showing 13 changed files with 478 additions and 107 deletions.
diff --git a/ci.yml → .github/workflows/ci.yml b/ci.yml → .github/workflows/ci.yml
diff --git a/.gitignore b/.gitignore
@@ -1,9 +1,7 @@
-
-# Environments
-.env
+.env*
 .venv
-.env.vault
-.env.me
+!.env.vault
+!tests/**/.env*
 
 .phpunit.result.cache
 composer.lock

diff --git a/DEVELOPMENT.md b/DEVELOPMENT.md
@@ -5,7 +5,7 @@
 Tests use PHPUnit.
 
 ```
-./vendor/bin/phpunit
+./vendor/bin/phpunit --testdox --display-deprecations
 ```
 
 ## Publishing

diff --git a/README.md b/README.md
@@ -37,7 +37,7 @@ As early as possible in your application bootstrap process, load .env:
 require 'vendor/autoload.php';
 
 $dotenv = DotenvVault\DotenvVault::createImmutable(__DIR__);
-$dotenv->load();
+$dotenv->safeLoad();
 ```
 
 When your application loads, these variables will be available in `$_ENV` or `$_SERVER`:

diff --git a/composer.json b/composer.json
@@ -32,6 +32,6 @@
     "vlucas/phpdotenv": "^5.5"
   },
   "require-dev": {
-    "phpunit/phpunit": "^10.4"
+    "phpunit/phpunit": "^9.0|^8.0|^7.0|6.0"
   }
 }
diff --git a/phpunit.xml.dist b/phpunit.xml.dist
@@ -1,14 +1,13 @@
 <?xml version="1.0" encoding="UTF-8"?>
-<phpunit xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" backupGlobals="false" beStrictAboutTestsThatDoNotTestAnything="true" beStrictAboutOutputDuringTests="true" bootstrap="vendor/autoload.php" colors="true" failOnRisky="true" failOnWarning="false" processIsolation="false" stopOnError="false" stopOnFailure="false" xsi:noNamespaceSchemaLocation="https://schema.phpunit.de/10.4/phpunit.xsd" cacheDirectory=".phpunit.cache" backupStaticProperties="false">
-  <coverage/>
+<phpunit xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" backupGlobals="false" backupStaticAttributes="false" beStrictAboutTestsThatDoNotTestAnything="true" beStrictAboutOutputDuringTests="true" bootstrap="vendor/autoload.php" colors="true" convertDeprecationsToExceptions="true" convertErrorsToExceptions="true" convertNoticesToExceptions="true" convertWarningsToExceptions="true" failOnRisky="true" failOnWarning="false" processIsolation="false" stopOnError="false" stopOnFailure="false" verbose="true" xsi:noNamespaceSchemaLocation="https://schema.phpunit.de/9.3/phpunit.xsd">
+  <coverage processUncoveredFiles="true">
+    <include>
+      <directory suffix=".php">./src</directory>
+    </include>
+  </coverage>
   <testsuites>
     <testsuite name="PHP DotenvVault Test Suite">
       <directory suffix="Test.php">./tests</directory>
     </testsuite>
   </testsuites>
-  <source>
-    <include>
-      <directory suffix=".php">./src</directory>
-    </include>
-  </source>
 </phpunit>
diff --git a/src/Decrypter/Decrypter.php b/src/Decrypter/Decrypter.php
@@ -0,0 +1,62 @@
+<?php
+
+declare(strict_types=1);
+
+namespace DotenvVault\Decrypter;
+
+use Exception;
+
+final class Decrypter implements DecrypterInterface
+{
+    /**
+     * Decrypt encrypted content into a string
+     *
+     * @param string $content
+     * @param string $keyStr
+     *
+     * @throws \Exception
+     *
+     * @return string
+     */
+    public function decrypt(string $encrypted, string $keyStr)
+    {
+        if ($encrypted === null || !is_string($encrypted) || strlen($encrypted) < 1) {
+          $msg = 'MISSING_CIPHERTEXT: It must be a non-empty string';
+          throw new Exception($msg);
+        }
+
+        // grab last 64 to permit keys like vlt_64 or custom_64
+        $last64 = substr($keyStr, -64);
+
+        // must be 64 characters long
+        if (strlen($last64) !== 64) {
+          $msg = 'INVALID_DOTENV_KEY: It must be 64 characters long (or more)';
+          throw new Exception($msg);
+        }
+
+        // check key length is good INVALID_DOTENV_KEY: It must be 64 characters long (or more)
+        $key = hex2bin($last64);
+
+        // base64 decode
+        $decoded = base64_decode($encrypted, true);
+
+        // determine cipher and pull out nonce and tag
+        $ciphertext = substr($decoded, 12, -16);
+        $nonce = substr($decoded, 0, 12);
+        $tag = substr($decoded, -16);
+
+        try {
+          $plaintext = openssl_decrypt($ciphertext, 'aes-256-gcm', $key, OPENSSL_RAW_DATA, $nonce, $tag);
+
+          if ($plaintext === false) {
+            $msg = 'DECRYPTION_FAILED: Please check your DOTENV_KEY';
+            throw new Exception($msg);
+          } else {
+            return $plaintext;
+          }
+        } catch (ExceptionType $e) {
+          $msg = 'DECRYPTION_FAILED: Please check your DOTENV_KEY';
+          throw new Exception($msg);
+        }
+    }
+}
diff --git a/src/Decrypter/DecrypterInterface.php b/src/Decrypter/DecrypterInterface.php
@@ -0,0 +1,21 @@
+<?php
+
+declare(strict_types=1);
+
+namespace DotenvVault\Decrypter;
+
+interface DecrypterInterface
+{
+    /**
+     * Decrypt encrypted content into a string
+     *
+     * @param string $content
+     * @param string $keyStr
+     *
+     * @throws \Exception
+     *
+     *
+     * @return string
+     */
+    public function decrypt(string $encrypted, string $keyStr);
+}