Update

Author: Boran

README.md

@@ -15,12 +15,21 @@
 
 ## How to Install?
 + You can download it from the Releases section
-+ After downloading, make sure to set the location of the exe file and add the path of that configured location to your PATH file. The database will be automatically created in the documents or users file.
++ After downloading, make sure to set the location of the exe file and add the path of that configured location to your PATH file. The database will be automatically created in `C:\Users\<username>\gosecDB` PATH.
 + Note: Please be cautious while manipulating the PATH environment variable, as it directly affects how your operating system finds and executes files.
 + When downloading an executable (exe) file, you might receive a virus warning, but this can be misleading. If you'd like, you can examine the code from the source to verify.
 + If the virus threat warning doesn't go away, you can download the source code and create the exe file by writing the code below.
 + `go build main.go` After writing this, the exe file will be created inside the current folder.
 
+## First Open
++ When you open it for the first time, gosec will ask you for a master key.
++ This is an extra security. It is useful not to forget this master key.
++ Even if you forget, you can check it in settings.json.
++  You might ask, "Why expose the master key openly in the source code?"
++ Well, imagine someone developing a program based on this source code. Let's say they are building an API and they want to decrypt their own passwords, hosting a site locally for easy access. To achieve this, they would need access to the master key. However, if the master key is embedded within the binary, it could create complications.
++ Therefore, I have incorporated this approach to address such a scenario.
+
+
 ## Modes
 + The application comprises five primary modes: Register, Config, Key, DeleteUser and Password.
 + All modes feature a single global option, namely -P. This argument will prompt for the password you entered during registration. It will be requested in both the password and config modes, including their sub-modes. This mechanism can be likened to an authentication check, helping us discern which user is performing the operation.

database/database.go

@@ -9,11 +9,8 @@ var GosecDb gojson.Database
 
 func DatabaseInit() {
 
-	// Otomatik db pathi ayarlıyor hiç biri işe yaramaz ise ./ a otomatik db oluşturuyor.
-	//targetDir := GetPath()
-
 	// Init DB
-	GosecDb = gojson.CreateDatabase("gosecDB", "./")
+	GosecDb = gojson.CreateDatabase("gosecDB", SetPath())
 
 	// Users Table
 	UsersT := gojson.CreateTable("users")
@@ -36,82 +33,21 @@ func DatabaseInit() {
 	PasswordsT.AddProperty("url", "string", "")
 	PasswordsT.AddProperty("password", "string", "")
 
+	// Settings Table
+	SettingsT := gojson.CreateTable("settings")
+	SettingsT.AddProperty("masterkey", "string", "")
+
 	// Adds table to the Database
 	GosecDb.AddTable(&UsersT)
 	GosecDb.AddTable(&ConfigT)
 	GosecDb.AddTable(&PasswordsT)
+	GosecDb.AddTable(&SettingsT)
 
 	// Creates Database Files.
 	GosecDb.CreateFiles()
 
-	// UsersT.Save(gojson.DataInit([]string{"username", "password"}, []interface{}{"BORANBORAN", "1"}, &UsersT))
-
-}
-
-/* Bu kodu virüs olarak algılıyor microsoft. içerideki verilere eriştiği için o yüzden sildim.
-func GetPath() string {
-	// Gets the file path.
-	baseDir, err := os.UserHomeDir()
-	if err != nil {
-		fmt.Println("Hata:", err)
-		return "./"
-	}
+	SetSettings(&SettingsT)
 
-	var targetDir string
-
-	check := true
-	switch runtime.GOOS {
-	case "windows":
-		fnames := []string{"Documents", "Belgeler"}
-
-		// Bütün olasılıkları deniyorum documents, belgeler gibi
-		for _, v := range fnames {
-			targetDir = filepath.Join(baseDir, v)
-
-			_, err = os.Stat(targetDir)
-			if err != nil {
-				// Böyle klasör yok
-				check = false
-				continue
-			} else {
-				check = true
-				targetDir += "\\"
-				break
-			}
-		}
-		// Eğer hiçbir olasılık çalışmadıysa users'ın altına veritabanını yerleştiriyorum
-		if !check {
-			targetDir = "./"
-		}
-		break
-	case "linux", "darwin":
-		fnames := []string{"Documents", "Belgeler"}
-
-		// Bütün olasılıkları deniyorum documents, belgeler gibi
-		for _, v := range fnames {
-			targetDir = filepath.Join(baseDir, v)
-
-			_, err = os.Stat(targetDir)
-			if err != nil {
-				// Böyle klasör yok
-				check = false
-				continue
-			} else {
-				check = true
-				targetDir += "/"
-				break
-			}
-		}
-		// Eğer hiçbir olasılık çalışmadıysa users'ın altına veritabanını yerleştiriyorum
-		if !check {
-			targetDir = "./"
-		}
-		break
-	default:
-		targetDir = "./"
-		break
-	}
+	// UsersT.Save(gojson.DataInit([]string{"username", "password"}, []interface{}{"BORANBORAN", "1"}, &UsersT))
 
-	return targetDir
 }
-*/

database/settings.go

@@ -0,0 +1,44 @@
+package database
+
+import (
+	"fmt"
+	"os"
+	"runtime"
+
+	"github.com/cetinboran/gojson/gojson"
+)
+
+func SetSettings(SettingsT *gojson.Table) {
+	if len(SettingsT.Get()) == 0 {
+		for {
+			var masterKey string
+			fmt.Println("please enter the master secret key. This secret key encrypts your secret keys")
+			fmt.Print(">: ")
+			fmt.Scanln(&masterKey)
+
+			if len(masterKey) != 16 && len(masterKey) != 24 && len(masterKey) != 32 {
+				fmt.Println("The Master key length must be 16, 24 or 32")
+			} else {
+				SettingsT.Save(gojson.DataInit([]string{"masterkey"}, []interface{}{masterKey}, SettingsT))
+				break
+			}
+		}
+	}
+}
+
+func SetPath() string {
+	baseDir, err := os.UserHomeDir()
+	if err != nil {
+		fmt.Println("Hata:", err)
+	}
+
+	switch runtime.GOOS {
+	case "windows":
+		baseDir += "\\"
+	case "linux", "darwin":
+		baseDir += "/"
+		break
+	}
+
+	return baseDir
+}

settings/settings.go

@@ -1,5 +1,10 @@
 package settings
 
+import "github.com/cetinboran/gosec/database"
+
 func GetSecretForSecrets() []byte {
-	return []byte("^FAIXvY7QdV4TK6cJLneqHWZ")
+	SettingsT := database.GosecDb.Tables["settings"]
+	masterKey := SettingsT.Get()[0]["masterkey"].(string)
+
+	return []byte(masterKey)
 }