Added a go routine that checks if a secret has expired and then deletes it.

Author: Gaardsholt

README.md

@@ -6,7 +6,6 @@
 ## TODO:
 * Add some server config
 * Security review?
-* Add a go routine that checks if a secret has expire and then deletes it.
 
 ## Create a new secret
 

main.go

@@ -42,8 +42,30 @@ func init() {
 	pr.MustRegister(metrics.SecretsDeleted)
 }
 
+func secretCleaner() {
+	for {
+		for k, v := range secretStore {
+			s, err := Decrypt(v, k)
+			if err != nil {
+				continue
+			}
+
+			isNotExpired := s.Expires.UTC().After(time.Now().UTC())
+			if !isNotExpired {
+				log.Debug().Msg("Found expired secret, deleting...")
+				secretStore.Delete(k)
+			}
+
+		}
+		time.Sleep(5 * time.Second)
+	}
+}
+
 func main() {
 
+	// Start loop that checks for expired secrets and deletes them
+	go secretCleaner()
+
 	r := mux.NewRouter()
 	// Start of static stuff
 	fs := http.FileServer(http.Dir("./static"))

types/secrets.go

@@ -72,7 +72,7 @@ func (s Secret) encrypt(encryptionKey string) ([]byte, error) {
 
 	return encryptedSecret, nil
 }
-func decrypt(ciphertext []byte, encryptionKey string) (*Secret, error) {
+func Decrypt(ciphertext []byte, encryptionKey string) (*Secret, error) {
 	key := deriveKey(encryptionKey)
 
 	c, err := aes.NewCipher(key)
@@ -131,7 +131,7 @@ func (ss SecretStore) Add(entry Entry) (id string, err error) {
 func (ss SecretStore) Get(id string) (content string, gotData bool) {
 	value, gotData := ss[id]
 	if gotData {
-		s, err := decrypt(value, id)
+		s, err := Decrypt(value, id)
 		if err != nil {
 			log.Fatal(err)
 		}