feat: first version

.dockerignore

@@ -0,0 +1,4 @@
+.git/
+.github/
+.pytest_cache/
+.coverage

.github/workflows/build.yml

@@ -0,0 +1,46 @@
+name: build
+
+on:
+  push:
+    tags:
+      - "v*"
+  pull_request:
+    branches:
+      - "main"
+
+jobs:
+  docker:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+      - name: Docker meta
+        id: meta
+        uses: docker/metadata-action@v5
+        with:
+          images: allisson/secure-qrcode
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v3
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+      - name: Login to Docker Hub
+        if: github.event_name != 'pull_request'
+        uses: docker/login-action@v3
+        with:
+          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_TOKEN }}
+      - name: Build and push
+        uses: docker/build-push-action@v5
+        with:
+          context: .
+          push: ${{ github.event_name != 'pull_request' }}
+          platforms: linux/amd64,linux/arm64
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}
+      - name: Update repo description
+        if: github.event_name != 'pull_request'
+        uses: peter-evans/dockerhub-description@v3
+        with:
+          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_TOKEN }}
+          repository: allisson/secure-qrcode

.github/workflows/lint-and-tests.yml

@@ -0,0 +1,34 @@
+name: Execute lint and tests
+
+on:
+  workflow_call:
+  push:
+    branches:
+      - "**"
+      - "!main"
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Install system dependencies
+        run: sudo apt update && sudo apt install --no-install-recommends -y make git
+      - uses: actions/checkout@v4
+      - uses: actions/cache@v3
+        with:
+          path: ~/.cache
+          key: self-runner-${{ runner.os }}-python-3.12-poetry-${{ hashFiles('poetry.lock') }}-precommit-${{ hashFiles('.pre-commit-config.yaml') }}
+      - name: Set up Python 3.12
+        uses: actions/setup-python@v4
+        with:
+          python-version: "3.12"
+      - name: Install dependencies
+        run: |
+          python -m pip install --upgrade pip
+          pip install poetry
+          poetry config virtualenvs.create false
+          poetry install
+      - name: pre-commit lint
+        run: make lint
+      - name: pytest
+        run: make test

.github/workflows/release.yml

@@ -0,0 +1,19 @@
+name: Execute lint/tests/release
+
+on:
+  push:
+    branches:
+      - main
+
+jobs:
+  build:
+    uses: ./.github/workflows/lint-and-tests.yml
+  release-please:
+    needs: build
+    runs-on: ubuntu-latest
+    steps:
+      - uses: GoogleCloudPlatform/release-please-action@v3
+        with:
+          token: ${{ secrets.GITHUB_TOKEN }}
+          release-type: simple
+          package-name: secure-qrcode

.pre-commit-config.yaml

@@ -0,0 +1,36 @@
+repos:
+  - repo: https://github.com/pre-commit/pre-commit-hooks
+    rev: v4.5.0
+    hooks:
+      - id: check-ast
+      - id: fix-byte-order-marker
+      - id: check-docstring-first
+      - id: check-json
+      - id: check-merge-conflict
+      - id: check-symlinks
+      - id: check-toml
+      - id: check-vcs-permalinks
+      - id: check-xml
+      - id: check-yaml
+      - id: debug-statements
+      - id: destroyed-symlinks
+      - id: end-of-file-fixer
+      - id: trailing-whitespace
+
+  - repo: https://github.com/pycqa/isort
+    rev: 5.12.0
+    hooks:
+      - id: isort
+        args: ["--overwrite-in-place"]
+
+  - repo: https://github.com/psf/black
+    rev: 23.11.0
+    hooks:
+      - id: black
+        args: ["--line-length=110"]
+
+  - repo: https://github.com/pycqa/flake8
+    rev: 6.1.0
+    hooks:
+      - id: flake8
+        args: ["--max-line-length=110", "--ignore=E203,E501,W503"]

Dockerfile

@@ -0,0 +1,55 @@
+##### Builder Stage #####
+FROM python:3.12-slim-bookworm as builder
+
+# Set default path
+ENV PATH="/app/.venv/bin:${PATH}"
+
+# Set default workdir
+WORKDIR /app
+
+# Create virtualenv and install Python packages
+RUN pip install --no-cache-dir pip -U && \
+    pip install --no-cache-dir poetry && \
+    poetry config virtualenvs.in-project true
+COPY ./poetry.lock poetry.lock
+COPY ./pyproject.toml pyproject.toml
+RUN poetry install --only main
+
+# Copy app files to workdir
+COPY secure_qrcode ./secure_qrcode
+
+##### Final Stage #####
+FROM python:3.12-slim-bookworm
+
+# Disable Prompt During Packages Installation
+ARG DEBIAN_FRONTEND=noninteractive
+
+# Set default path
+ENV PATH="/app/.venv/bin:${PATH}"
+ENV PYTHONPATH /app
+
+# Copy content from builder stage
+COPY --from=builder /app /app
+
+# Install packages
+RUN apt-get update && \
+    apt-get upgrade -y && \
+    apt-get install --no-install-recommends -y tini && \
+    apt-get clean && \
+    rm -rf /var/lib/apt/lists/*
+
+# Add qrcode user and create directories
+RUN useradd -m qrcode && mkdir -p /app
+
+# Set permissions
+RUN chown -R qrcode:qrcode /app
+
+# Set workdir and user
+WORKDIR /app
+USER qrcode
+
+# Expose port
+EXPOSE 8000
+
+# Set entrypoint and cmd
+ENTRYPOINT ["/usr/bin/tini", "--", "uvicorn", "--host", "0.0.0.0", "--port", "8000", "secure_qrcode.api:app"]

Makefile

@@ -0,0 +1,19 @@
+.PHONY: test
+test:
+	poetry run pytest -v
+
+.PHONY: lint
+lint:
+	poetry run pre-commit run --all-files
+
+.PHONY: run-api
+run-api:
+	poetry run uvicorn secure_qrcode.api:app --reload
+
+.PHONY: docker-build
+docker-build:
+	docker build --rm -t allisson/secure-qrcode .
+
+.PHONY: docker-run
+docker-run:
+	docker run --rm -p 8000:8000 allisson/secure-qrcode

README.md

@@ -1,2 +1,68 @@
 # secure-qrcode
-Encrypt your data using the modern ChaCha20-Poly1305 cipher and generate a secure QR code
+Encrypt your data using the modern ChaCha20-Poly1305 cipher and export it into a secure QR code.
+
+## run the api
+
+The server can be started using a docker image.
+
+```bash
+docker run --rm -p 8000:8000 allisson/secure-qrcode
+```
+
+Now the API server will be running on port 8000.
+
+## api documentation.
+
+You can access the API documentation using these two endpoints:
+- http://localhost:8000/docs
+- http://localhost:8000/redoc
+
+## generate a secure QR code
+
+Call the API passing at least the plaintext and key fields.
+
+```bash
+curl --location 'http://localhost:8000/v1/encode' \
+--header 'Content-Type: application/json' \
+--data '{
+    "plaintext": "my super secret text",
+    "key": "my super secret key"
+}' | jq -r '.content' | base64 --decode > qrcode.png
+```
+
+Now you can open the qrcode.png file and do whatever you want.
+
+## decrypt the QR code
+
+Use any program that read a QR code, the content will be something like this:
+
+```json
+{
+    "nonce": "PAhk6TKJAT7taGOH",
+    "header": "/wxYPzrrSRLUTQ3WjpmpMA==",
+    "ciphertext": "QygEEzUS2wFUmTJtupBtLHrf92Y=",
+    "tag": "wNIaFK4YdTRa4p3PbvJboA=="
+}
+```
+
+Now call the API passing the encrypted_data and the key.
+
+```bash
+curl --location 'http://localhost:8000/v1/decode' \
+--header 'Content-Type: application/json' \
+--data '{
+    "encrypted_data": {
+        "nonce": "PAhk6TKJAT7taGOH",
+        "header": "/wxYPzrrSRLUTQ3WjpmpMA==",
+        "ciphertext": "QygEEzUS2wFUmTJtupBtLHrf92Y=",
+        "tag": "wNIaFK4YdTRa4p3PbvJboA=="
+    },
+    "key": "my super secret key"
+}' | jq
+```
+
+```json
+{
+  "decrypted_data": "my super secret text"
+}
+```