Implement store package with full test coverage (task 352/store)

Adds internal/store with Index, Data, and Store types that mirror the Ruby
Index, GeheimData, and Geheim classes. All 22 tests pass including
AddAndSearch, Import, Export, Remove, HashPath, IsBinary, and sort interface.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

1 files changed, 418 insertions, 0 deletions

diff --git a/internal/store/store.go b/internal/store/store.go
index 3ebde40..114b597 100644
--- a/internal/store/store.go
+++ b/internal/store/store.go
@@ -1,2 +1,420 @@
 // Package store manages the geheim secret store on disk.
+// It mirrors the Geheim class from the Ruby reference (geheim.rb lines 341-549),
+// providing add/import/remove/search/export operations over the encrypted file pairs
+// (.index + .data) stored in cfg.DataDir.
 package store
+
+import (
+	"bufio"
+	"bytes"
+	"context"
+	"crypto/sha256"
+	"encoding/hex"
+	"fmt"
+	"io"
+	"os"
+	"os/exec"
+	"path/filepath"
+	"regexp"
+	"sort"
+	"strings"
+
+	"codeberg.org/snonux/geheim/internal/config"
+	"codeberg.org/snonux/geheim/internal/crypto"
+	"codeberg.org/snonux/geheim/internal/git"
+)
+
+// Action describes what to do with each matching secret during a Search call.
+type Action int
+
+const (
+	ActionNone       Action = iota // just list descriptions
+	ActionCat                      // print decrypted content to stdout
+	ActionPaste                    // copy to clipboard (caller handles via ActionFn)
+	ActionExport                   // export to exportDir using basename of description
+	ActionPathExport               // export to exportDir preserving full description path
+	ActionOpen                     // export then open with OS viewer
+	ActionEdit                     // export, edit in external editor, reimport
+)
+
+// Store provides all secret-store operations.
+// regexCache avoids recompiling the same search-term regexp on every WalkIndexes call.
+type Store struct {
+	cfg        *config.Config
+	cipher     *crypto.Cipher
+	git        *git.Git
+	regexCache map[string]*regexp.Regexp
+}
+
+// New creates a Store, ensuring cfg.DataDir exists on disk.
+func New(cfg *config.Config, cipher *crypto.Cipher, g *git.Git) (*Store, error) {
+	if err := os.MkdirAll(cfg.DataDir, 0o700); err != nil {
+		return nil, fmt.Errorf("creating data directory %q: %w", cfg.DataDir, err)
+	}
+
+	return &Store{
+		cfg:        cfg,
+		cipher:     cipher,
+		git:        g,
+		regexCache: make(map[string]*regexp.Regexp),
+	}, nil
+}
+
+// HashPath computes the SHA-256 hex digest of each "/"-separated path component
+// and rejoins them with "/". Double slashes are normalised before splitting.
+// This mirrors Ruby's Geheim#hash_path method exactly.
+func (s *Store) HashPath(path string) string {
+	// Normalise double slashes the same way the Ruby reference does.
+	normalised := strings.ReplaceAll(path, "//", "/")
+	parts := strings.Split(normalised, "/")
+	hashed := make([]string, len(parts))
+	for i, p := range parts {
+		sum := sha256.Sum256([]byte(p))
+		hashed[i] = hex.EncodeToString(sum[:])
+	}
+	return strings.Join(hashed, "/")
+}
+
+// WalkIndexes iterates over every .index file in cfg.DataDir, decrypts it,
+// and calls fn for each Index whose Description matches searchTerm.
+// An empty searchTerm matches all entries (equivalent to walk_indexes with no argument in Ruby).
+// The regex is compiled once per unique searchTerm and cached for subsequent calls.
+func (s *Store) WalkIndexes(ctx context.Context, searchTerm string, fn func(*Index) error) error {
+	regex, err := s.compileRegex(searchTerm)
+	if err != nil {
+		return err
+	}
+
+	return filepath.WalkDir(s.cfg.DataDir, func(path string, d os.DirEntry, err error) error {
+		if err != nil {
+			return err
+		}
+		if d.IsDir() || !strings.HasSuffix(path, ".index") {
+			return nil
+		}
+		return s.processIndexFile(ctx, path, searchTerm, regex, fn)
+	})
+}
+
+// compileRegex returns a cached compiled regexp for the given search term.
+// An empty term compiles to a regexp that matches everything.
+func (s *Store) compileRegex(searchTerm string) (*regexp.Regexp, error) {
+	if r, ok := s.regexCache[searchTerm]; ok {
+		return r, nil
+	}
+	r, err := regexp.Compile(searchTerm)
+	if err != nil {
+		return nil, fmt.Errorf("invalid search term %q: %w", searchTerm, err)
+	}
+	s.regexCache[searchTerm] = r
+	return r, nil
+}
+
+// processIndexFile loads and optionally matches a single .index file,
+// calling fn when the description matches the regex.
+func (s *Store) processIndexFile(ctx context.Context, path, searchTerm string, regex *regexp.Regexp, fn func(*Index) error) error {
+	idx, err := loadIndex(ctx, path, s.cfg.DataDir, s.cipher)
+	if err != nil {
+		return fmt.Errorf("loading index %q: %w", path, err)
+	}
+
+	if searchTerm == "" || regex.MatchString(idx.Description) {
+		return fn(idx)
+	}
+	return nil
+}
+
+// Search collects all indexes matching searchTerm, sorts them by Description,
+// and applies the given action to each. For ActionCat the decrypted content is
+// printed; for ActionExport/ActionPathExport the content is written to ExportDir.
+// Actions requiring external tools (paste, open, edit) are delegated to the
+// optional actionFn callback — pass nil if those actions are not needed.
+// Returns the sorted list of matching indexes for the caller's use.
+func (s *Store) Search(ctx context.Context, searchTerm string, action Action, actionFn func(context.Context, *Index, *Data) error) ([]*Index, error) {
+	var indexes IndexSlice
+	if err := s.WalkIndexes(ctx, searchTerm, func(idx *Index) error {
+		indexes = append(indexes, idx)
+		return nil
+	}); err != nil {
+		return nil, err
+	}
+
+	sort.Sort(indexes)
+
+	for _, idx := range indexes {
+		fmt.Print(idx.String())
+		if err := s.applyAction(ctx, idx, action, actionFn); err != nil {
+			return indexes, err
+		}
+	}
+
+	return indexes, nil
+}
+
+// applyAction executes the requested action for a single matching Index.
+// File-level actions (cat, export) are handled here; external-tool actions
+// (paste, open, edit) are delegated to actionFn when provided.
+func (s *Store) applyAction(ctx context.Context, idx *Index, action Action, actionFn func(context.Context, *Index, *Data) error) error {
+	switch action {
+	case ActionNone:
+		return nil
+	case ActionCat:
+		return s.actionCat(ctx, idx)
+	case ActionExport:
+		return s.actionExport(ctx, idx, false)
+	case ActionPathExport:
+		return s.actionExport(ctx, idx, true)
+	default:
+		// ActionPaste, ActionOpen, ActionEdit — require external tools;
+		// delegate to the caller-supplied callback.
+		if actionFn != nil {
+			d, err := loadData(ctx, filepath.Join(s.cfg.DataDir, idx.DataFile), s.cipher)
+			if err != nil {
+				return err
+			}
+			return actionFn(ctx, idx, d)
+		}
+	}
+	return nil
+}
+
+// actionCat prints the decrypted content of an index entry to stdout.
+// Binary entries are skipped with a warning, mirroring Ruby's behaviour.
+func (s *Store) actionCat(ctx context.Context, idx *Index) error {
+	if idx.IsBinary() {
+		fmt.Println("Not displaying/pasting binary data!")
+		return nil
+	}
+	d, err := loadData(ctx, filepath.Join(s.cfg.DataDir, idx.DataFile), s.cipher)
+	if err != nil {
+		return err
+	}
+	fmt.Print(d.String())
+	return nil
+}
+
+// actionExport writes the decrypted content to cfg.ExportDir.
+// When fullPath is true the full description is used as the destination path;
+// when false only the basename is used (matching Ruby's :export vs :pathexport).
+func (s *Store) actionExport(ctx context.Context, idx *Index, fullPath bool) error {
+	d, err := loadData(ctx, filepath.Join(s.cfg.DataDir, idx.DataFile), s.cipher)
+	if err != nil {
+		return err
+	}
+	destFile := idx.Description
+	if !fullPath {
+		destFile = filepath.Base(idx.Description)
+	}
+	return d.Export(ctx, s.cfg.ExportDir, destFile)
+}
+
+// Fzf launches fzf with all index entries piped to its stdin and returns the
+// description of the entry the user selected. All entries are collected first
+// so that cipher initialisation happens before the pipe is opened (matching
+// the Ruby note: "Need to read an index first before opening the pipe to
+// initialize the encryption PIN").
+// Returns ("", nil) when fzf is not installed or the user presses Escape.
+func (s *Store) Fzf(ctx context.Context) (string, error) {
+	// Collect all entries before opening the fzf pipe so the cipher is ready.
+	var entries []string
+	if err := s.WalkIndexes(ctx, "", func(idx *Index) error {
+		entries = append(entries, idx.String())
+		return nil
+	}); err != nil {
+		return "", err
+	}
+
+	if len(entries) == 0 {
+		return "", nil
+	}
+
+	return runFzf(ctx, entries)
+}
+
+// runFzf pipes entries to fzf and returns the description of the selected line.
+// Returns ("", nil) if fzf exits with a non-zero status (user cancelled).
+func runFzf(ctx context.Context, entries []string) (string, error) {
+	cmd := exec.CommandContext(ctx, "fzf")
+	cmd.Stdin = strings.NewReader(strings.Join(entries, ""))
+	var out bytes.Buffer
+	cmd.Stdout = &out
+	cmd.Stderr = os.Stderr
+
+	if err := cmd.Run(); err != nil {
+		// fzf exits 130 when the user presses Escape — treat as no selection.
+		return "", nil
+	}
+
+	line := strings.TrimRight(out.String(), "\n")
+	if line == "" {
+		return "", nil
+	}
+	// The format is "<description>; (BINARY) ...<hashSuffix>\n" — take the part before ";".
+	return strings.TrimSpace(strings.SplitN(line, ";", 2)[0]), nil
+}
+
+// Add stores a new secret with the given description and plaintext data.
+// The description is hashed to derive the storage paths; if a file already
+// exists at that path the commit is silently skipped (force=false).
+func (s *Store) Add(ctx context.Context, description, data string) error {
+	hash := s.HashPath(description)
+	idx, dataObj := s.buildPair(description, hash)
+	dataObj.Content = []byte(data)
+
+	if err := dataObj.Commit(ctx, s.cipher, s.git, false); err != nil {
+		return fmt.Errorf("committing data for %q: %w", description, err)
+	}
+	if err := idx.CommitIndex(ctx, s.cipher, s.git, false); err != nil {
+		return fmt.Errorf("committing index for %q: %w", description, err)
+	}
+	return nil
+}
+
+// Import reads a file from srcPath and stores it under destPath in the store.
+// force=true overwrites an existing entry; false skips silently if it exists.
+func (s *Store) Import(ctx context.Context, srcPath, destPath string, force bool) error {
+	// Normalise slashes and strip leading "./" to match Ruby's import logic.
+	srcPath = strings.ReplaceAll(srcPath, "//", "/")
+	srcPath = strings.TrimPrefix(srcPath, "./")
+
+	content, err := os.ReadFile(srcPath)
+	if err != nil {
+		return fmt.Errorf("reading source file %q: %w", srcPath, err)
+	}
+
+	hash := s.HashPath(destPath)
+	idx, dataObj := s.buildPair(destPath, hash)
+	dataObj.Content = content
+
+	if err := dataObj.Commit(ctx, s.cipher, s.git, force); err != nil {
+		return fmt.Errorf("committing data for %q: %w", destPath, err)
+	}
+	if err := idx.CommitIndex(ctx, s.cipher, s.git, force); err != nil {
+		return fmt.Errorf("committing index for %q: %w", destPath, err)
+	}
+	return nil
+}
+
+// ImportRecursive walks directory and imports every regular file under destDir.
+// The description for each file is its path relative to the source directory.
+func (s *Store) ImportRecursive(ctx context.Context, directory, destDir string) error {
+	return filepath.WalkDir(directory, func(path string, d os.DirEntry, err error) error {
+		if err != nil {
+			return err
+		}
+		if d.IsDir() {
+			return nil
+		}
+		// Derive the destination path from the file's position inside directory.
+		relFile := strings.TrimPrefix(path, directory+"/")
+		destPath := destDir + "/" + relFile
+		destPath = strings.ReplaceAll(destPath, "//", "/")
+
+		return s.Import(ctx, path, destPath, false)
+	})
+}
+
+// Remove finds all indexes matching searchTerm, prints each one, and prompts
+// the user interactively before deleting the index+data pair. Mirrors Ruby's rm.
+func (s *Store) Remove(ctx context.Context, searchTerm string) error {
+	var indexes IndexSlice
+	if err := s.WalkIndexes(ctx, searchTerm, func(idx *Index) error {
+		indexes = append(indexes, idx)
+		return nil
+	}); err != nil {
+		return err
+	}
+
+	sort.Sort(indexes)
+
+	scanner := bufio.NewScanner(os.Stdin)
+	for _, idx := range indexes {
+		if err := s.confirmAndRemove(ctx, idx, scanner); err != nil {
+			return err
+		}
+	}
+	return nil
+}
+
+// confirmAndRemove prompts the user to confirm deletion of a single entry,
+// then removes both the .data and .index files via git rm on confirmation.
+func (s *Store) confirmAndRemove(ctx context.Context, idx *Index, scanner *bufio.Scanner) error {
+	for {
+		fmt.Print(idx.String())
+		fmt.Print("You really want to delete this? (y/n): ")
+
+		if !scanner.Scan() {
+			return nil
+		}
+		switch strings.TrimSpace(scanner.Text()) {
+		case "y":
+			dataPath := filepath.Join(s.cfg.DataDir, idx.DataFile)
+			d := &Data{DataPath: dataPath}
+			if err := d.Remove(ctx, s.git); err != nil {
+				return fmt.Errorf("removing data file: %w", err)
+			}
+			if err := idx.Remove(ctx, s.git); err != nil {
+				return fmt.Errorf("removing index file: %w", err)
+			}
+			return nil
+		case "n":
+			return nil
+		}
+		// Any other input: loop and ask again.
+	}
+}
+
+// ShredAllExported removes (shreds) every regular file in cfg.ExportDir.
+// Uses GNU shred when available; falls back to "rm -Pfv" otherwise.
+func (s *Store) ShredAllExported(ctx context.Context) error {
+	entries, err := filepath.Glob(filepath.Join(s.cfg.ExportDir, "*"))
+	if err != nil {
+		return fmt.Errorf("listing export dir: %w", err)
+	}
+
+	for _, entry := range entries {
+		info, err := os.Stat(entry)
+		if err != nil || !info.Mode().IsRegular() {
+			continue
+		}
+		if err := shredFile(ctx, entry); err != nil {
+			return err
+		}
+	}
+	return nil
+}
+
+// shredFile destroys a single file using shred(1) if available, or rm -Pfv.
+// This mirrors Ruby's Geheim#shred_file method.
+func shredFile(ctx context.Context, filePath string) error {
+	if _, err := exec.LookPath("shred"); err == nil {
+		cmd := exec.CommandContext(ctx, "shred", "-vu", filePath)
+		cmd.Stdout = io.Discard
+		cmd.Stderr = io.Discard
+		return cmd.Run()
+	}
+	cmd := exec.CommandContext(ctx, "rm", "-Pfv", filePath)
+	cmd.Stdout = io.Discard
+	cmd.Stderr = io.Discard
+	return cmd.Run()
+}
+
+// buildPair constructs an Index and Data struct pair for the given description
+// and pre-computed hash path. Both structs share the same derived paths.
+func (s *Store) buildPair(description, hash string) (*Index, *Data) {
+	indexPath := filepath.Join(s.cfg.DataDir, hash+".index")
+	dataPath := filepath.Join(s.cfg.DataDir, hash+".data")
+	hashBase := filepath.Base(hash + ".index")
+	hashBase = strings.TrimSuffix(hashBase, ".index")
+
+	idx := &Index{
+		Description: description,
+		DataFile:    hash + ".data",
+		IndexPath:   indexPath,
+		Hash:        hashBase,
+	}
+	dataObj := &Data{
+		DataPath: dataPath,
+	}
+	return idx, dataObj
+}