From 97307fc6f33f0eb9e2c886a02b124ccc1dd6ff01 Mon Sep 17 00:00:00 2001
From: Franziska Kunsmann <hi@kunsmann.eu>
Date: Thu, 13 Jul 2023 20:28:09 +0200
Subject: [PATCH] nodes.py: demagify toml nodes

---
 libs/demagify.py | 21 +++++++++++++++++++++
 nodes.py         | 10 +++++++---
 2 files changed, 28 insertions(+), 3 deletions(-)
 create mode 100644 libs/demagify.py

diff --git a/libs/demagify.py b/libs/demagify.py
new file mode 100644
index 0000000..5fe492c
--- /dev/null
+++ b/libs/demagify.py
@@ -0,0 +1,21 @@
+import bwpass
+
+def demagify(something, vault):
+    if isinstance(something, str):
+        if something.startswith('!bwpass:'):
+            return bwpass.password(something[8:])
+        elif something.startswith('!bwpass_attr:'):
+            identifier, attribute = something[13:].split(':', 1)
+            return bwpass.attr(identifier, attribute)
+        elif something.startswith('!decrypt:'):
+            return vault.decrypt(something[9:])
+        return something
+    elif isinstance(something, dict):
+        return {k:demagify(v, vault) for k,v in something.items()}
+    elif isinstance(something, list):
+        return [demagify(i, vault) for i in something]
+    elif isinstance(something, set):
+        return {demagify(i, vault) for i in something}
+    elif isinstance(something, tuple):
+        return tuple([demagify(i, vault) for i in something])
+    return something
diff --git a/nodes.py b/nodes.py
index 9be84b4..f47f004 100644
--- a/nodes.py
+++ b/nodes.py
@@ -7,6 +7,13 @@ import bwpass
 from bundlewrap.metadata import atomic
 from bundlewrap.utils import error_context
 
+for name, data in nodes.items():
+    data.setdefault('metadata', {})
+
+    if 'password' in data:
+        data['password'] = vault.decrypt(data['password'])
+    data['metadata'].update(libs.demagify.demagify(data['metadata'], vault))
+
 for node in Path(join(repo_path, "nodes")).rglob("*.py"):
     with error_context(filename=str(node)):
         with open(node, 'r') as f:
@@ -15,6 +22,3 @@ for node in Path(join(repo_path, "nodes")).rglob("*.py"):
 for name, data in nodes.items():
     data.setdefault('hostname', '.'.join(reversed(name.split('.'))) + '.kunbox.net')
     data.setdefault('metadata', {}).setdefault('hostname', '.'.join(reversed(name.split('.'))) + '.kunbox.net')
-
-    if 'password' in data:
-        data['password'] = vault.decrypt(data['password'])