Merge branch 'master' into call-dotenv-construct

dotenv-org · Nov 4, 2023 · e6145d1 · e6145d1
2 parents 5a8c2c3 + 471fe74
commit e6145d1
Show file tree

Hide file tree

Showing 14 changed files with 641 additions and 100 deletions.
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -0,0 +1,33 @@
+name: CI
+
+on:
+  push:
+    branches: [ master ]
+  pull_request:
+    branches: [ master ]
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+
+    strategy:
+      matrix:
+        php: [7.x, 8.x]
+
+    steps:
+      - uses: actions/checkout@v3
+      - name: Use PHP ${{ matrix.php }}
+        uses: shivammathur/setup-php@v2
+        with:
+          php-version: ${{ matrix.php }}
+          tools: composer:v2
+          coverage: none
+      - name: Setup problem matchers
+        run: echo "::add-matcher::${{ runner.tool_cache }}/phpunit.json"
+      - name: Install latest dependencies
+        uses: nick-invision/retry@v2
+        with:
+          timeout_minutes: 5
+          max_attempts: 5
+          command: composer update --no-interaction --no-progress
+      - run: vendor/bin/phpunit
diff --git a/.gitignore b/.gitignore
@@ -1,9 +1,7 @@
-
-# Environments
-.env
+.env*
 .venv
-.env.vault
-.env.me
+!.env.vault
+!tests/**/.env*
 
 .phpunit.result.cache
 composer.lock
@@ -12,4 +10,7 @@ phpstan.tests.neon
 phpunit.xml
 vendor
 
-.vscode
+.vscode
+
+.phpunit.cache
+
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -2,7 +2,30 @@
 
 All notable changes to this project will be documented in this file. See [standard-version](https://github.com/conventional-changelog/standard-version) for commit guidelines.
 
-## [Unreleased](https://github.com/dotenv-org/phpdotenv-vault/compare/v0.1.2...master)
+## [Unreleased](https://github.com/dotenv-org/phpdotenv-vault/compare/v0.2.0...master)
+
+## 0.2.1
+
+### Changed
+
+- Added support for passing string to paths argument.
+
+## 0.2.0
+
+### Added
+
+- Moved decryption to its own class for better testing and ease of usage
+
+### Fixed
+
+- DOTENV_KEY was not respected if set in the infrastructure. Fixed.
+- Decryptiong could fail related to some misconfigured logic. Fixed.
+
+## 0.1.3
+
+### Removed
+
+- Remove `var_dump` when falling back to `.env` file
 
 ## 0.1.2
 

diff --git a/DEVELOPMENT.md b/DEVELOPMENT.md
@@ -1,5 +1,13 @@
 # DEVELOPMENT
 
+## Running tests
+
+Tests use PHPUnit.
+
+```
+./vendor/bin/phpunit --testdox --display-deprecations
+```
+
 ## Publishing
 
 Published at [packagist](https://packagist.org/packages/dotenv-org/phpdotenv-vault)

diff --git a/README.md b/README.md
@@ -34,11 +34,10 @@ SECRET_KEY="souper_seekret_key"
 As early as possible in your application bootstrap process, load .env:
 
 ```php
-use DotenvVault\DotenvVault;
 require 'vendor/autoload.php';
 
-$dotenv = DotenvVault::createImmutable(__DIR__, '.env.vault');
-$dotenv->load(); # take environment variables from .env.vault
+$dotenv = DotenvVault\DotenvVault::createImmutable([__DIR__]);
+$dotenv->safeLoad();
 ```
 
 When your application loads, these variables will be available in `$_ENV` or `$_SERVER`:

diff --git a/composer.json b/composer.json
@@ -15,6 +15,11 @@
       "DotenvVault\\": "src/"
     }
   },
+  "autoload-dev": {
+    "psr-4": {
+      "DotenvVault\\Tests\\": "tests/"
+    }
+  },
   "authors": [
     {
       "name": "dotenv",
@@ -27,6 +32,6 @@
     "vlucas/phpdotenv": "^5.5"
   },
   "require-dev": {
-    "orchestra/testbench": "^3.8"
+    "phpunit/phpunit": "^9.0|^8.0|^7.0|6.0"
   }
 }
diff --git a/phpunit.xml.dist b/phpunit.xml.dist
@@ -0,0 +1,13 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<phpunit xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" backupGlobals="false" backupStaticAttributes="false" beStrictAboutTestsThatDoNotTestAnything="true" beStrictAboutOutputDuringTests="true" bootstrap="vendor/autoload.php" colors="true" convertDeprecationsToExceptions="true" convertErrorsToExceptions="true" convertNoticesToExceptions="true" convertWarningsToExceptions="true" failOnRisky="true" failOnWarning="false" processIsolation="false" stopOnError="false" stopOnFailure="false" verbose="true" xsi:noNamespaceSchemaLocation="https://schema.phpunit.de/9.3/phpunit.xsd">
+  <coverage processUncoveredFiles="true">
+    <include>
+      <directory suffix=".php">./src</directory>
+    </include>
+  </coverage>
+  <testsuites>
+    <testsuite name="PHP DotenvVault Test Suite">
+      <directory suffix="Test.php">./tests</directory>
+    </testsuite>
+  </testsuites>
+</phpunit>
diff --git a/src/Decrypter/Decrypter.php b/src/Decrypter/Decrypter.php
@@ -0,0 +1,62 @@
+<?php
+
+declare(strict_types=1);
+
+namespace DotenvVault\Decrypter;
+
+use Exception;
+
+final class Decrypter implements DecrypterInterface
+{
+    /**
+     * Decrypt encrypted content into a string
+     *
+     * @param string $content
+     * @param string $keyStr
+     *
+     * @throws \Exception
+     *
+     * @return string
+     */
+    public function decrypt(string $encrypted, string $keyStr)
+    {
+        if ($encrypted === null || !is_string($encrypted) || strlen($encrypted) < 1) {
+          $msg = 'MISSING_CIPHERTEXT: It must be a non-empty string';
+          throw new Exception($msg);
+        }
+
+        // grab last 64 to permit keys like vlt_64 or custom_64
+        $last64 = substr($keyStr, -64);
+
+        // must be 64 characters long
+        if (strlen($last64) !== 64) {
+          $msg = 'INVALID_DOTENV_KEY: It must be 64 characters long (or more)';
+          throw new Exception($msg);
+        }
+
+        // check key length is good INVALID_DOTENV_KEY: It must be 64 characters long (or more)
+        $key = hex2bin($last64);
+
+        // base64 decode
+        $decoded = base64_decode($encrypted, true);
+
+        // determine cipher and pull out nonce and tag
+        $ciphertext = substr($decoded, 12, -16);
+        $nonce = substr($decoded, 0, 12);
+        $tag = substr($decoded, -16);
+
+        try {
+          $plaintext = openssl_decrypt($ciphertext, 'aes-256-gcm', $key, OPENSSL_RAW_DATA, $nonce, $tag);
+
+          if ($plaintext === false) {
+            $msg = 'DECRYPTION_FAILED: Please check your DOTENV_KEY';
+            throw new Exception($msg);
+          } else {
+            return $plaintext;
+          }
+        } catch (ExceptionType $e) {
+          $msg = 'DECRYPTION_FAILED: Please check your DOTENV_KEY';
+          throw new Exception($msg);
+        }
+    }
+}
diff --git a/src/Decrypter/DecrypterInterface.php b/src/Decrypter/DecrypterInterface.php
@@ -0,0 +1,21 @@
+<?php
+
+declare(strict_types=1);
+
+namespace DotenvVault\Decrypter;
+
+interface DecrypterInterface
+{
+    /**
+     * Decrypt encrypted content into a string
+     *
+     * @param string $content
+     * @param string $keyStr
+     *
+     * @throws \Exception
+     *
+     *
+     * @return string
+     */
+    public function decrypt(string $encrypted, string $keyStr);
+}