From 0830d8342ecdd5c8abd35726aa9e20dd81ed691c Mon Sep 17 00:00:00 2001
From: seydx <dev@seydx.com>
Date: Tue, 20 May 2025 12:07:46 +0200
Subject: [PATCH] add secret management functions

---
 internal/app/app.go    |  9 ++++++++
 internal/app/config.go | 47 ++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 56 insertions(+)

diff --git a/internal/app/app.go b/internal/app/app.go
index eb803584..02b8d68c 100644
--- a/internal/app/app.go
+++ b/internal/app/app.go
@@ -13,6 +13,7 @@ var (
 	Version    string
 	UserAgent  string
 	ConfigPath string
+	SecretPath string
 	Info       = make(map[string]any)
 )
 
@@ -25,11 +26,14 @@ const usage = `Usage of go2rtc:
 
 func Init() {
 	var config flagConfig
+	var secret string
 	var daemon bool
 	var version bool
 
 	flag.Var(&config, "config", "")
 	flag.Var(&config, "c", "")
+	flag.StringVar(&secret, "secret", "go2rtc.secret", "")
+	flag.StringVar(&secret, "s", "go2rtc.secret", "")
 	flag.BoolVar(&daemon, "daemon", false, "")
 	flag.BoolVar(&daemon, "d", false, "")
 	flag.BoolVar(&version, "version", false, "")
@@ -67,6 +71,7 @@ func Init() {
 	Info["revision"] = revision
 
 	initConfig(config)
+	initSecret(secret)
 	initLogger()
 
 	platform := fmt.Sprintf("%s/%s", runtime.GOOS, runtime.GOARCH)
@@ -76,6 +81,10 @@ func Init() {
 	if ConfigPath != "" {
 		Logger.Info().Str("path", ConfigPath).Msg("config")
 	}
+
+	if SecretPath != "" {
+		Logger.Info().Str("path", SecretPath).Msg("secrets")
+	}
 }
 
 func readRevisionTime() (revision, vcsTime string) {
diff --git a/internal/app/config.go b/internal/app/config.go
index 9d4480b7..16cf53b5 100644
--- a/internal/app/config.go
+++ b/internal/app/config.go
@@ -18,6 +18,14 @@ func LoadConfig(v any) {
 	}
 }
 
+func LoadSecret(v any) {
+    for _, data := range secrets {
+        if err := yaml.Unmarshal(data, v); err != nil {
+            Logger.Warn().Err(err).Send()
+        }
+    }
+}
+
 func PatchConfig(path []string, value any) error {
 	if ConfigPath == "" {
 		return errors.New("config file disabled")
@@ -34,6 +42,27 @@ func PatchConfig(path []string, value any) error {
 	return os.WriteFile(ConfigPath, b, 0644)
 }
 
+func PatchSecret(path []string, value any) error {
+	if SecretPath == "" {
+		return errors.New("secret file disabled")
+	}
+
+	// empty config is OK
+	b, _ := os.ReadFile(SecretPath)
+
+	b, err := yaml.Patch(b, path, value)
+	if err != nil {
+		return err
+	}
+
+	if err := os.WriteFile(SecretPath, b, 0644); err == nil {
+		secrets = [][]byte{b}
+	}
+
+	return err
+}
+
+
 type flagConfig []string
 
 func (c *flagConfig) String() string {
@@ -46,6 +75,7 @@ func (c *flagConfig) Set(value string) error {
 }
 
 var configs [][]byte
+var secrets [][]byte
 
 func initConfig(confs flagConfig) {
 	if confs == nil {
@@ -86,6 +116,23 @@ func initConfig(confs flagConfig) {
 	}
 }
 
+func initSecret(secret string) {
+	if secret == "" {
+		secret = "go2rtc.secrets"
+	}
+
+	SecretPath = secret
+
+	if SecretPath != "" {
+		if !filepath.IsAbs(SecretPath) {
+			if cwd, err := os.Getwd(); err == nil {
+				SecretPath = filepath.Join(cwd, SecretPath)
+			}
+		}
+		Info["secret_path"] = SecretPath
+	}
+}
+
 func parseConfString(s string) []byte {
 	i := strings.IndexByte(s, '=')
 	if i < 0 {