From 670370056cfd986ea1632af05e9b6c1d1252f08d Mon Sep 17 00:00:00 2001
From: seydx <dev@seydx.com>
Date: Tue, 30 Sep 2025 15:35:32 +0200
Subject: [PATCH] Refactor secrets management

---
 internal/app/secrets.go | 46 ++++++++++++++++++-----------------------
 pkg/secrets/secrets.go  | 44 +++++++++++++++++++++++++++++++++++++++
 2 files changed, 64 insertions(+), 26 deletions(-)
 create mode 100644 pkg/secrets/secrets.go

diff --git a/internal/app/secrets.go b/internal/app/secrets.go
index 4735c27c..e1ce7509 100644
--- a/internal/app/secrets.go
+++ b/internal/app/secrets.go
@@ -3,34 +3,23 @@ package app
 import (
 	"sync"
 
+	"github.com/AlexxIT/go2rtc/pkg/secrets"
 	"github.com/AlexxIT/go2rtc/pkg/yaml"
 )
 
 var (
-	secrets   = make(map[string]*Secret)
-	secretsMu sync.Mutex
+	secretsMap = make(map[string]*Secret)
+	secretsMu  sync.Mutex
 )
 
-type Secrets interface {
-	Get(key string) any
-	Set(key string, value any)
-	Marshal(v any) ([]byte, error)
-	Unmarshal(v any) error
-	Save() error
-}
+// SecretsManager implements secrets.SecretsManager interface
+type SecretsManager struct{}
 
-type Secret struct {
-	Secrets
-
-	Name   string
-	Values map[string]string
-}
-
-func NewSecret(name string, values interface{}) (*Secret, error) {
+func (m *SecretsManager) NewSecret(name string, values interface{}) (secrets.Secret, error) {
 	secretsMu.Lock()
 	defer secretsMu.Unlock()
 
-	if s, exists := secrets[name]; exists {
+	if s, exists := secretsMap[name]; exists {
 		return s, nil
 	}
 
@@ -45,15 +34,21 @@ func NewSecret(name string, values interface{}) (*Secret, error) {
 		return nil, err
 	}
 
-	secrets[name] = s
+	secretsMap[name] = s
 
 	return s, nil
 }
 
-func GetSecret(name string) *Secret {
+func (m *SecretsManager) GetSecret(name string) secrets.Secret {
 	secretsMu.Lock()
 	defer secretsMu.Unlock()
-	return secrets[name]
+	return secretsMap[name]
+}
+
+// Secret implements secrets.Secret interface
+type Secret struct {
+	Name   string
+	Values map[string]string
 }
 
 func (s *Secret) Get(key string) any {
@@ -112,7 +107,7 @@ func (s *Secret) Unmarshal(value any) error {
 func (s *Secret) Save() error {
 	secretsMu.Lock()
 	defer secretsMu.Unlock()
-	return saveSecret(s.Name, s.Values)
+	return PatchConfig([]string{"secrets", s.Name}, s.Values)
 }
 
 func initSecrets() {
@@ -130,13 +125,12 @@ func initSecrets() {
 	defer secretsMu.Unlock()
 
 	for name, values := range cfg.Secrets {
-		secrets[name] = &Secret{
+		secretsMap[name] = &Secret{
 			Name:   name,
 			Values: values,
 		}
 	}
-}
 
-func saveSecret(name string, secretValues map[string]string) error {
-	return PatchConfig([]string{"secrets", name}, secretValues)
+	// Register
+	secrets.SetManager(&SecretsManager{})
 }
diff --git a/pkg/secrets/secrets.go b/pkg/secrets/secrets.go
new file mode 100644
index 00000000..071d9526
--- /dev/null
+++ b/pkg/secrets/secrets.go
@@ -0,0 +1,44 @@
+package secrets
+
+import (
+	"errors"
+	"sync"
+)
+
+type SecretsManager interface {
+	NewSecret(name string, defaultValues interface{}) (Secret, error)
+	GetSecret(name string) Secret
+}
+
+type Secret interface {
+	Get(key string) any
+	Set(key string, value string)
+	Marshal() (interface{}, error)
+	Unmarshal(value any) error
+	Save() error
+}
+
+var manager SecretsManager
+var once sync.Once
+
+func SetManager(m SecretsManager) {
+	once.Do(func() {
+		manager = m
+	})
+}
+
+// NewSecret creates or retrieves a secret
+func NewSecret(name string, defaultValues interface{}) (Secret, error) {
+	if manager == nil {
+		return nil, errors.New("secrets manager not initialized")
+	}
+	return manager.NewSecret(name, defaultValues)
+}
+
+// GetSecret retrieves an existing secret
+func GetSecret(name string) Secret {
+	if manager == nil {
+		return nil
+	}
+	return manager.GetSecret(name)
+}