From ee8f6d8e65021e191d4a489ece7180a3d27e98c2 Mon Sep 17 00:00:00 2001
From: sam <samuql@pm.me>
Date: Sun, 2 Jun 2024 14:20:00 -0700
Subject: [PATCH] + cargo fmt + zeroize secret

---
 Cargo.toml                     |  2 +-
 src/engines/kv.rs              | 15 +++++++++------
 src/engines/kv/db_structs.rs   | 13 +++++--------
 src/engines/kv/http_structs.rs | 16 ++++++++++++++++
 4 files changed, 31 insertions(+), 15 deletions(-)

diff --git a/Cargo.toml b/Cargo.toml
index 363bac9..bc8446d 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -6,7 +6,7 @@ edition = "2021"
 [dependencies]
 log = "0.4.21"
 env_logger = "0.11.3"
-zeroize = { version = "1.7.0", features = ["zeroize_derive"] }
+zeroize = { version = "1.7.0", features = ["derive"]}
 chrono = { version = "0.4.38", features = ["serde"] }
 tokio = { version = "1.37.0", features = ["full"] }
 tower = { version = "0.4.13", features = [] }
diff --git a/src/engines/kv.rs b/src/engines/kv.rs
index f367279..2e5d003 100644
--- a/src/engines/kv.rs
+++ b/src/engines/kv.rs
@@ -105,7 +105,7 @@ async fn post_data(
     extract::Json(payload): extract::Json<KvSecretReq>,
 ) -> Result<impl IntoResponse, Infallible> {
     // Insert Metadata first -> Else: Error because of foreign key constraint
-    // In a later implementation, a Metadata with default values from the config will be created 
+    // In a later implementation, a Metadata with default values from the config will be created
 
     log::debug!(
         "Secret: {}, Content: {:?}, Version: {:?}, path: {}",
@@ -116,9 +116,12 @@ async fn post_data(
     );
 
     let mut highest_num = 0;
-    match sqlx::query("SELECT version_number FROM secret_versions WHERE secret_path = $1").bind (&path).fetch_all(&pool).await{
-        Ok(v)=> {
-            
+    match sqlx::query("SELECT version_number FROM secret_versions WHERE secret_path = $1")
+        .bind(&path)
+        .fetch_all(&pool)
+        .await
+    {
+        Ok(v) => {
             for curr_ver in v {
                 let curr_num = curr_ver.get("version_number");
                 if highest_num < curr_num {
@@ -127,11 +130,11 @@ async fn post_data(
                 }
             }
         }
-        Err(e)=> {
+        Err(e) => {
             log::error!("Error: {}", e)
         }
     }
-    
+
     let version = highest_num + 1;
     log::debug!("{:?}", version);
     let data = serde_json::to_string(&payload.data).unwrap();
diff --git a/src/engines/kv/db_structs.rs b/src/engines/kv/db_structs.rs
index 3d20895..66a3103 100644
--- a/src/engines/kv/db_structs.rs
+++ b/src/engines/kv/db_structs.rs
@@ -2,36 +2,33 @@ use chrono::{DateTime, Utc};
 use serde::Serialize;
 use sqlx::FromRow;
 
-#[derive(FromRow)]
-#[derive(Debug)]
+#[derive(FromRow, Debug)]
 pub struct DbSecretMeta {
     pub secret_path: String,
     pub cas_required: bool,
     pub created_time: DateTime<Utc>,
     // Consider implementation of duration type for further development:
     // https://developer.hashicorp.com/vault/docs/concepts/duration-format
-
     /// In Hashicorp:
     /// If not set, the backend's configured delete_version_after is used.
     /// Cannot be greater than the backend's delete_version_after
     pub delete_version_after: Option<String>,
-    
+
     ///In Hashicorp:
     /// The number of versions to keep per key.
     /// If not set, the backend’s configured max version is used.
-    /// Once a key has more than the configured allowed versions, 
+    /// Once a key has more than the configured allowed versions,
     /// the oldest version will be permanently deleted.
     pub max_versions: i64,
     pub updated_time: DateTime<Utc>,
     /// User-provided key-value pairs that are used to describe arbitrary and version-agnostic information about a secret.
-    
     pub custom_data: Option<String>,
 }
 
-#[derive(Serialize,Debug, FromRow)]
+#[derive(Serialize, Debug, FromRow)]
 /// Metadata concerning a specific secret version
 /// contained by [KvMetaRes]
-pub struct DbSecretVersionMeta {    
+pub struct DbSecretVersionMeta {
     pub version_number: i64,
     pub created_time: DateTime<Utc>,
     pub deletion_time: DateTime<Utc>,
diff --git a/src/engines/kv/http_structs.rs b/src/engines/kv/http_structs.rs
index 3721029..bac9901 100644
--- a/src/engines/kv/http_structs.rs
+++ b/src/engines/kv/http_structs.rs
@@ -6,12 +6,14 @@ use axum::{
 use chrono::{DateTime, Utc};
 use serde::{Deserialize, Serialize};
 use std::collections::HashMap;
+use zeroize::Zeroize;
 
 pub type KvSecretData = HashMap<String, String>;
 
 // This file contains structures for serializing HTTP Responses (Res) and deserializing Requests (Req) for the KV engine
 
 #[derive(Deserialize, Debug)]
+// #[zeroize(drop)]
 /// HTTP Request to create or update a secret
 pub struct KvSecretReq {
     /// Map (required)
@@ -23,6 +25,20 @@ pub struct KvSecretReq {
     // pub version: Option<i64>,
 }
 
+impl Zeroize for KvSecretReq {
+    fn zeroize(&mut self) {
+        // Zero out each field individually
+        self.data = HashMap::new();
+        self.options = None;
+    }
+}
+
+impl Drop for KvSecretReq {
+    fn drop(&mut self) {
+        self.zeroize();
+    }
+}
+
 #[derive(Serialize, Debug)]
 /// HTTP Response to creating or updating a secret
 /// Contained by [`KvSecretRes`]