package cmd import ( "crypto/ecdsa" "crypto/tls" "errors" "fmt" "os" "path/filepath" "strings" "github.com/mitchellh/go-homedir" "github.com/nspcc-dev/neo-go/cli/flags" "github.com/nspcc-dev/neo-go/cli/input" "github.com/nspcc-dev/neo-go/pkg/crypto/keys" "github.com/nspcc-dev/neo-go/pkg/wallet" "github.com/nspcc-dev/neofs-api-go/pkg" "github.com/nspcc-dev/neofs-api-go/pkg/client" "github.com/nspcc-dev/neofs-api-go/pkg/owner" "github.com/nspcc-dev/neofs-node/misc" "github.com/nspcc-dev/neofs-node/pkg/network" "github.com/spf13/cobra" "github.com/spf13/viper" ) const ( envPrefix = "NEOFS_CLI" ttlDefaultValue = 2 ) const xHeadersFlag = "xhdr" var xHeaders []string // Global scope flags. var ( cfgFile string verbose bool ) // rootCmd represents the base command when called without any subcommands var rootCmd = &cobra.Command{ Use: "neofs-cli", Short: "Command Line Tool to work with NeoFS", Long: `NeoFS CLI provides all basic interactions with NeoFS and it's services. It contains commands for interaction with NeoFS nodes using different versions of neofs-api and some useful utilities for compiling ACL rules from JSON notation, managing container access through protocol gates, querying network map and much more!`, Run: entryPoint, } var ( errInvalidKey = errors.New("provided key is incorrect") errInvalidEndpoint = errors.New("provided RPC endpoint is incorrect") errCantGenerateKey = errors.New("can't generate new private key") errInvalidAddress = errors.New("--address option must be specified and valid") errInvalidPassword = errors.New("invalid password for the encrypted key") ) // Execute adds all child commands to the root command and sets flags appropriately. // This is called by main.main(). It only needs to happen once to the rootCmd. func Execute() { if err := rootCmd.Execute(); err != nil { os.Exit(1) } } func init() { cobra.OnInitialize(initConfig) // Here you will define your flags and configuration settings. // Cobra supports persistent flags, which, if defined here, // will be global for your application. // use stdout as default output for cmd.Print() rootCmd.SetOut(os.Stdout) rootCmd.PersistentFlags().StringVarP(&cfgFile, "config", "c", "", "config file (default is $HOME/.config/neofs-cli/config.yaml)") // Key options. rootCmd.PersistentFlags().BoolP("generate-key", "", false, "generate new private key") _ = viper.BindPFlag("generate-key", rootCmd.PersistentFlags().Lookup("generate-key")) rootCmd.PersistentFlags().StringP("binary-key", "", "", "path to the raw private key file") _ = viper.BindPFlag("binary-key", rootCmd.PersistentFlags().Lookup("binary-key")) rootCmd.PersistentFlags().StringP("wif", "", "", "WIF or NEP-2") _ = viper.BindPFlag("wif", rootCmd.PersistentFlags().Lookup("wif")) rootCmd.PersistentFlags().StringP("wallet", "w", "", "path to the wallet") _ = viper.BindPFlag("wallet", rootCmd.PersistentFlags().Lookup("wallet")) rootCmd.PersistentFlags().StringP("address", "", "", "address of wallet account") _ = viper.BindPFlag("address", rootCmd.PersistentFlags().Lookup("address")) rootCmd.PersistentFlags().StringP("rpc-endpoint", "r", "", "remote node address (as 'multiaddr' or ':')") _ = viper.BindPFlag("rpc", rootCmd.PersistentFlags().Lookup("rpc-endpoint")) rootCmd.PersistentFlags().Uint32("ttl", ttlDefaultValue, "TTL value in request meta header") _ = viper.BindPFlag("ttl", rootCmd.PersistentFlags().Lookup("ttl")) rootCmd.PersistentFlags().BoolVarP(&verbose, "verbose", "v", false, "verbose output") rootCmd.PersistentFlags().StringSliceVarP(&xHeaders, xHeadersFlag, "x", nil, "Request X-Headers in form of Key=Value") _ = viper.BindPFlag(xHeadersFlag, rootCmd.PersistentFlags().Lookup(xHeadersFlag)) // Cobra also supports local flags, which will only run // when this action is called directly. rootCmd.Flags().Bool("version", false, "Application version and NeoFS API compatibility") } func entryPoint(cmd *cobra.Command, _ []string) { printVersion, _ := cmd.Flags().GetBool("version") if printVersion { cmd.Printf( "Version: %s \nBuild: %s \nDebug: %s\n", misc.Version, misc.Build, misc.Debug, ) return } _ = cmd.Usage() } // initConfig reads in config file and ENV variables if set. func initConfig() { if cfgFile != "" { // Use config file from the flag. viper.SetConfigFile(cfgFile) } else { // Find home directory. home, err := homedir.Dir() if err != nil { fmt.Println(err) os.Exit(1) } // Search config in `$HOME/.config/neofs-cli/` with name "config.yaml" viper.AddConfigPath(filepath.Join(home, ".config", "neofs-cli")) viper.SetConfigName("config") viper.SetConfigType("yaml") } viper.SetEnvPrefix(envPrefix) viper.AutomaticEnv() // read in environment variables that match // If a config file is found, read it in. if err := viper.ReadInConfig(); err == nil { printVerbose("Using config file: %s", viper.ConfigFileUsed()) } } const nep2Base58Length = 58 // getKey returns private key that was provided in global arguments. func getKey() (*ecdsa.PrivateKey, error) { if viper.GetBool("generate-key") { priv, err := keys.NewPrivateKey() if err != nil { return nil, errCantGenerateKey } return &priv.PrivateKey, nil } if keyPath := viper.GetString("binary-key"); keyPath != "" { return getKeyFromFile(keyPath) } if walletPath := viper.GetString("wallet"); walletPath != "" { w, err := wallet.NewWalletFromFile(walletPath) if err != nil { return nil, fmt.Errorf("%w: %v", errInvalidKey, err) } return getKeyFromWallet(w, viper.GetString("address")) } wif := viper.GetString("wif") if len(wif) == nep2Base58Length { return getKeyFromNEP2(wif) } priv, err := keys.NewPrivateKeyFromWIF(wif) if err != nil { return nil, fmt.Errorf("%w: %v", errInvalidKey, err) } return &priv.PrivateKey, nil } func getKeyFromFile(keyPath string) (*ecdsa.PrivateKey, error) { data, err := os.ReadFile(keyPath) if err != nil { return nil, fmt.Errorf("%w: %v", errInvalidKey, err) } priv, err := keys.NewPrivateKeyFromBytes(data) if err != nil { return nil, fmt.Errorf("%w: %v", errInvalidKey, err) } return &priv.PrivateKey, nil } func getKeyFromNEP2(encryptedWif string) (*ecdsa.PrivateKey, error) { pass, err := input.ReadPassword("Enter password > ") if err != nil { printVerbose("Can't read password: %v", err) return nil, errInvalidPassword } k, err := keys.NEP2Decrypt(encryptedWif, pass, keys.NEP2ScryptParams()) if err != nil { printVerbose("Invalid key or password: %v", err) return nil, errInvalidPassword } return &k.PrivateKey, nil } func getKeyFromWallet(w *wallet.Wallet, addrStr string) (*ecdsa.PrivateKey, error) { if addrStr == "" { printVerbose("Address is empty") return nil, errInvalidAddress } addr, err := flags.ParseAddress(addrStr) if err != nil { printVerbose("Can't parse address: %s", addrStr) return nil, errInvalidAddress } acc := w.GetAccount(addr) if acc == nil { printVerbose("Can't find wallet account for %s", addrStr) return nil, errInvalidAddress } pass, err := input.ReadPassword("Enter password > ") if err != nil { printVerbose("Can't read password: %v", err) return nil, errInvalidPassword } if err := acc.Decrypt(pass, keys.NEP2ScryptParams()); err != nil { printVerbose("Can't decrypt account: %v", err) return nil, errInvalidPassword } return &acc.PrivateKey().PrivateKey, nil } // getEndpointAddress returns network address structure that stores multiaddr // inside, parsed from global arguments. func getEndpointAddress() (addr network.Address, err error) { endpoint := viper.GetString("rpc") err = addr.FromString(endpoint) if err != nil { err = errInvalidEndpoint } return } // getSDKClient returns default neofs-api-go sdk client. Consider using // opts... to provide TTL or other global configuration flags. func getSDKClient(key *ecdsa.PrivateKey) (client.Client, error) { netAddr, err := getEndpointAddress() if err != nil { return nil, err } options := []client.Option{ client.WithAddress(netAddr.HostAddr()), client.WithDefaultPrivateKey(key), } if netAddr.TLSEnabled() { options = append(options, client.WithTLSConfig(&tls.Config{})) } c, err := client.New(options...) return c, err } func getTTL() uint32 { ttl := viper.GetUint32("ttl") printVerbose("TTL: %d", ttl) return ttl } // ownerFromString converts string with NEO3 wallet address to neofs owner ID. func ownerFromString(s string) (*owner.ID, error) { result := owner.NewID() err := result.Parse(s) if err != nil { return nil, errors.New("can't decode owner ID wallet address") } return result, nil } func printVerbose(format string, a ...interface{}) { if verbose { fmt.Printf(format+"\n", a...) } } func parseXHeaders() []*pkg.XHeader { xs := make([]*pkg.XHeader, 0, len(xHeaders)) for i := range xHeaders { kv := strings.SplitN(xHeaders[i], "=", 2) if len(kv) != 2 { panic(fmt.Errorf("invalid X-Header format: %s", xHeaders[i])) } x := pkg.NewXHeader() x.SetKey(kv[0]) x.SetValue(kv[1]) xs = append(xs, x) } return xs } func globalCallOptions() []client.CallOption { xHdrs := parseXHeaders() opts := make([]client.CallOption, 0, len(xHdrs)+1) // + TTL opts = append(opts, client.WithTTL(getTTL())) for i := range xHdrs { opts = append(opts, client.WithXHeader(xHdrs[i])) } return opts }