stash

sta.sh (6550B)

---

 #!/bin/sh
 
 # Sta.sh --- Simple account management
 # Copyright © 2025 Luke Willis <lukejw@loquat.dev>
 #
 # This file is part of Sta.sh.
 #
 # Sta.sh is free software: you can redistribute it and/or modify it under the 
 # terms of the GNU General Public License as published by the Free Software 
 # Foundation, either version 3 of the License, or (at your option) any later 
 # version.
 #
 # Sta.sh is distributed in the hope that it will be useful, but WITHOUT ANY 
 # WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR 
 # A PARTICULAR PURPOSE. See the GNU General Public License for more details.
 # 
 # You should have received a copy of the GNU General Public License along with 
 # Sta.sh. If not, see <https://www.gnu.org/licenses/>.
 
 DATADIR="$HOME/.stash"
 CONFIGDIR="$XDG_CONFIG_HOME/stash"
 
 TOFICONFIG="$CONFIGDIR/tofi/config"
 
 RAWKEY="$DATADIR/key"
 PUBKEY="$DATADIR/key.pub"
 AGEKEY="$DATADIR/key.age"
 
 # This could allow package maintainers (read: me) to set custom paths for each
 # program used by Sta.sh. For now, I'm just assuming inputs are propogated.
 : "${TOFI:=tofi}"
 : "${AGE:=age}"
 : "${AGEKEYGEN:=age-keygen}"
 : "${OATHTOOL:=$OATHTOOL}"
 
 # Accept a password from the user and output it
 # No arguments
 take_password() {
     echo | $TOFI -c "$TOFICONFIG" \
     --prompt-text="Master password:" \
     --hide-input=true \
     --hidden-character="*" \
     --require-match=false
 }
 
 # Accept text from the user and output it
 # $1 is prompt text
 take_text() {
     echo | $TOFI -c "$TOFICONFIG" \
     --require-match=false \
     --prompt-text="$1"
 }
 
 # Shortcut function to handle taking and encrypting a field
 # $1 is login name
 # $2 is field name
 encrypt() {
     # Create login if it doesn't exist
     #
     # You would think that this should be done in the create_login function but this
     # actually prevents an empty login folder from being created
     DIR="$DATADIR/logins/$1"
     mkdir -p "$DIR"
     OUT="$DIR/$2"
 
     # Take input
     INPUT=$(take_text "Enter $2: ")
 
     # Ignore if blank
     if [ -z "$INPUT" ]; then
         echo "Blank field, ignoring..."
         return 0
     fi
 
     # Encrypt it with the public key and store it in the login folder
     # TODO: Require master password to override existing value
     echo "$INPUT" | $AGE -e -R "$PUBKEY" -o "$OUT"
 }
 
 # Decrypt a field according to its special method. Trusts that the field exists
 # $1 is key
 # $2 is directory
 # $3 is field
 decrypt() {
     # Decrypt field
     VALUE=$(echo "$KEY" | $AGE -d -i - "$2/$3")
 
     # Process value
     case $3 in
         "otp")
             echo "$VALUE" | $OATHTOOL -b --totp -
             ;;
         # No special case, return raw value
         *)
             echo "$VALUE"
             ;;
     esac
 }
 
 # Copy a information from a specific login in the specified manner
 # $1 is login name
 # $2 is copy style (blank for default)
 copy() {
     DIR="$DATADIR/logins/$1"
     
     # Decrypt master key
     while true; do
         PASS=$(take_password)
     
         if [ -z "$PASS" ]; then
             echo "Key decryption cancelled"
             return 0
         fi
 
         # Attempt decryption
         KEY=$(echo "$PASS" | $AGE -d "$AGEKEY")
         status=$?
         if [ "$status" -eq 0 ]; then
             echo "Key decryption successful"
             break
         fi
         
         # Incorrect password, loop again
         echo "Key decryption failed"
     done
 
     # Handle copy style
     case "$2" in
         "")
             # Default. Select one field to decrypt and copy.
             FIELD=$(ls -1 $DIR | $TOFI -c "$TOFICONFIG" --prompt-text "Copy" --placeholder-text="field")
 
             if [ -z "$FIELD" ]; then
                 echo "None selected, returning"
                 return 0
             fi
 
             # Decrypt and copy field
             decrypt "$KEY" "$DIR" "$FIELD" | wl-copy -n
             echo "Copied $FIELD"
             ;;
         "quick")
             # Copy username, password and otp in that order (if they exist).
             for FIELD in username password otp; do
                 if [ -e "$DIR/$FIELD" ]; then
                     # Decrypt and copy field, hanging until pasted or overwritten.
                     decrypt "$KEY" "$DIR" "$FIELD" | wl-copy -nof
                     echo "Pasted $FIELD"
                 fi
             done
             ;;
         *)
             echo "Unknown login style $2?"
             ;;
     esac
 }
 
 # Listing available logins, take a login name and modify its values.
 # This will create a login and/or values if they do not already exist.
 modify_logins() {
     NAME=$(ls -1 "$DATADIR/logins" | $TOFI -c "$TOFICONFIG" --require-match=false --prompt-text="Modify" --placeholder-text="login")
 
     # Ignore if no name is provided
     if [ -z "$NAME" ]; then
         echo "No login selected"
         return 0
     fi
 
     while true; do
         CHOICE=$(printf "username\npassword\notp" | $TOFI -c "$TOFICONFIG" --require-match=false --prompt-text="Set" --placeholder-text="field")
         case "$CHOICE" in
             "")
                 break
                 ;;
             *)
                 encrypt "$NAME" "$CHOICE"
                 ;;
         esac
     done
 
     echo 'Done!!!'
 }
 
 # Select from the available logins and perform the requested action
 # $1 is passed to `copy` as $2
 fetch_login() {
     echo "Fetching login"
 
     CHOICE=$(ls -1 "$DATADIR/logins" | $TOFI -c "$TOFICONFIG" --prompt-text "Select" --placeholder-text "login")
 
     case $CHOICE in
         "") echo "No login selected" ;;
         *)
             echo "$CHOICE selected"
             copy $CHOICE $1
             ;;
     esac
 }
 
 # Initialize stash if data directory does not exist
 if [ ! -d "$DATADIR" ]; then
     # Don't attempt to initialize outside of a terminal
     # TODO: Add ability to initialize through tofi
     if [ ! -t 1 ]; then
         echo | $TOFI -c "$TOFICONFIG" \
         --prompt-text "Please run \"sta.sh\" in the terminal to initialize it!" \
         --hide-input=true \
         --require-match=false
         return 0
     fi
     
     echo "Initializing stash..."
 
     mkdir "$DATADIR"
     mkdir "$DATADIR/logins"
 
     # Generate private and public keys
     $AGEKEYGEN -o "$RAWKEY"
     $AGEKEYGEN -y "$RAWKEY" > "$PUBKEY"
 
     # Encrypt the private key with a master password chosen by the user
     $AGE -e -p -o "$AGEKEY" "$RAWKEY"
     rm "$RAWKEY"
 
     echo "Initialized"
 fi
 
 # Parse argument and run respective function
 case "$1" in
     ""|fetch) fetch_login ;;
     quick) fetch_login quick ;;
     modify) modify_logins ;;
     *) echo "Unknown command" ;;
 esac