diff --git a/go.mod b/go.mod index 5dc9581..1d53d7e 100644 --- a/go.mod +++ b/go.mod @@ -59,6 +59,7 @@ require ( github.com/magefile/mage v1.14.0 // indirect github.com/mattn/go-colorable v0.1.13 // indirect github.com/mattn/go-isatty v0.0.20 // indirect + github.com/mattn/go-tty v0.0.7 // indirect github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect github.com/modern-go/reflect2 v1.0.2 // indirect github.com/pkg/errors v0.9.1 // indirect diff --git a/go.sum b/go.sum index a33ff50..4206862 100644 --- a/go.sum +++ b/go.sum @@ -171,6 +171,8 @@ github.com/mattn/go-colorable v0.1.13/go.mod h1:7S9/ev0klgBDR4GtXTXX8a3vIGJpMovk github.com/mattn/go-isatty v0.0.16/go.mod h1:kYGgaQfpe5nmfYZH+SKPsOc2e4SrIfOl2e/yFXSvRLM= github.com/mattn/go-isatty v0.0.20 h1:xfD0iDuEKnDkl03q4limB+vH+GxLEtL/jb4xVJSWWEY= github.com/mattn/go-isatty v0.0.20/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y= +github.com/mattn/go-tty v0.0.7 h1:KJ486B6qI8+wBO7kQxYgmmEFDaFEE96JMBQ7h400N8Q= +github.com/mattn/go-tty v0.0.7/go.mod h1:f2i5ZOvXBU/tCABmLmOfzLz9azMo5wdAaElRNnJKr+k= github.com/moby/sys/mountinfo v0.6.2 h1:BzJjoreD5BMFNmD9Rus6gdd1pLuecOFPt8wC+Vygl78= github.com/moby/sys/mountinfo v0.6.2/go.mod h1:IJb6JQeOklcdMU9F5xQ8ZALD+CUr5VlGpwtX+VE0rpI= github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q= diff --git a/helpers_key.go b/helpers_key.go index 386b8d3..ccccc8b 100644 --- a/helpers_key.go +++ b/helpers_key.go @@ -14,6 +14,7 @@ import ( "fiatjaf.com/nostr/nip49" "github.com/chzyer/readline" "github.com/fatih/color" + "github.com/mattn/go-tty" "github.com/urfave/cli/v3" ) @@ -90,9 +91,6 @@ func gatherSecretKeyOrBunkerFromArguments(ctx context.Context, c *cli.Command) ( } if c.Bool("prompt-sec") { - if isPiped() { - return nostr.SecretKey{}, nil, fmt.Errorf("can't prompt for a secret key when processing data from a pipe, try again without --prompt-sec") - } var err error sec, err = askPassword("type your secret key as ncryptsec, nsec or hex: ", nil) if err != nil { @@ -141,29 +139,58 @@ func promptDecrypt(ncryptsec string) (nostr.SecretKey, error) { } func askPassword(msg string, shouldAskAgain func(answer string) bool) (string, error) { - config := &readline.Config{ - Stdout: color.Error, - Prompt: color.YellowString(msg), - InterruptPrompt: "^C", - DisableAutoSaveHistory: true, - EnableMask: true, - MaskRune: '*', - } + if isPiped() { + // use TTY method when stdin is piped + tty, err := tty.Open() + if err != nil { + return "", fmt.Errorf("can't prompt for a secret key when processing data from a pipe on this system (failed to open /dev/tty: %w), try again without --prompt-sec or provide the key via --sec or NOSTR_SECRET_KEY environment variable", err) + } + defer tty.Close() + for { + // print the prompt to stderr so it's visible to the user + fmt.Fprintf(os.Stderr, color.YellowString(msg)) - rl, err := readline.NewEx(config) - if err != nil { - return "", err - } + // read password from TTY with masking + password, err := tty.ReadPassword() + if err != nil { + return "", err + } - for { - answer, err := rl.Readline() + // print newline after password input + fmt.Fprintln(os.Stderr) + + answer := strings.TrimSpace(string(password)) + if shouldAskAgain != nil && shouldAskAgain(answer) { + continue + } + return answer, nil + } + } else { + // use normal readline method when stdin is not piped + config := &readline.Config{ + Stdout: os.Stderr, + Prompt: color.YellowString(msg), + InterruptPrompt: "^C", + DisableAutoSaveHistory: true, + EnableMask: true, + MaskRune: '*', + } + + rl, err := readline.NewEx(config) if err != nil { return "", err } - answer = strings.TrimSpace(answer) - if shouldAskAgain != nil && shouldAskAgain(answer) { - continue + + for { + answer, err := rl.Readline() + if err != nil { + return "", err + } + answer = strings.TrimSpace(answer) + if shouldAskAgain != nil && shouldAskAgain(answer) { + continue + } + return answer, err } - return answer, err } }