func Open()

in commands/helpers/internal/store/store.go [29:78]

• 42 lines of code
• 10 McCabe index (conditional complexity)

func Open(dir string) (*Store, error) {
	pathname := filepath.Join(dir, "masking.db")
	sum := sha256.Sum256([]byte(pathname))
	keyPath := filepath.Join(os.TempDir(), "runner"+hex.EncodeToString(sum[:]))

	_ = os.MkdirAll(filepath.Dir(pathname), 0o750)
	_, err := os.Stat(pathname)
	if err != nil {
		// store file doesn't exist, so re-generate key
		if err := os.WriteFile(keyPath, generateKey(), 0o600); err != nil {
			return nil, fmt.Errorf("writing key: %w", err)
		}
	}

	f, err := os.OpenFile(pathname, os.O_APPEND|os.O_RDWR|os.O_CREATE, 0640)
	if err != nil {
		return nil, fmt.Errorf("opening store file: %w", err)
	}

	info, err := f.Stat()
	if err != nil {
		return nil, fmt.Errorf("stat store file: %w", err)
	}

	if info.Size() == 0 {
		if _, err := f.Write(generateKey()); err != nil {
			return nil, fmt.Errorf("writing store key: %w", err)
		}
		_, _ = f.Seek(0, io.SeekStart)
		if err := f.Sync(); err != nil {
			return nil, err
		}
	}

	key, err := deriveEncryptionKey(f, keyPath)
	if err != nil {
		return nil, fmt.Errorf("deriving key: %w", err)
	}

	c, err := chacha20poly1305.NewX(key)
	if err != nil {
		return nil, err
	}

	return &Store{
		pathname: pathname,
		f:        f,
		c:        c,
	}, nil
}