arcanus 0.1.0

data/lib/arcanus/command/help.rb

@@ -0,0 +1,37 @@
+module Arcanus::Command
+  class Help < Base
+    description 'Displays help documentation'
+
+    def execute
+      ui.print 'Arcanus is a tool for managing encrypted secrets in a repository.'
+      ui.newline
+
+      ui.print 'Usage: ', newline: false
+      ui.info 'arcanus [command]'
+      ui.newline
+
+      command_classes.each do |command_class|
+        ui.info command_class.short_name.ljust(12, ' '), newline: false
+        ui.print command_class.description
+      end
+
+      ui.newline
+      ui.print "See #{Arcanus::REPO_URL}#usage for full documentation"
+    end
+
+    private
+
+    def command_classes
+      command_files =
+        Dir[File.join(File.dirname(__FILE__), '*.rb')]
+          .select { |path| File.basename(path, '.rb') != 'base' }
+
+      command_files.map do |file|
+        require file
+
+        basename = File.basename(file, '.rb')
+        Arcanus::Command.const_get(Arcanus::Utils.camel_case(basename))
+      end
+    end
+  end
+end

data/lib/arcanus/command/setup.rb

@@ -0,0 +1,97 @@
+module Arcanus::Command
+  class Setup < Base
+    description 'Create a chest to store encrypted secrets in the current repository'
+
+    def execute
+      return if already_has_key?
+
+      ui.info 'This repository does not have an Arcanus key.'
+      ui.info "Let's generate one for you."
+      ui.newline
+
+      create_key
+      create_chest
+      update_gitignore
+
+      ui.newline
+      ui.success 'You can safely commit the following files:'
+      ui.info Arcanus::CHEST_FILE_NAME
+      ui.info Arcanus::LOCKED_KEY_NAME
+      ui.success 'You must never commit the unlocked key file:'
+      ui.info Arcanus::UNLOCKED_KEY_NAME
+    end
+
+    private
+
+    def already_has_key?
+      return false unless repo.has_locked_key?
+
+      ui.warning 'Arcanus already initialized in this repository.'
+
+      unless repo.has_unlocked_key?
+        ui.newline
+        ui.warning 'However, your key is still protected by a password.'
+
+        if ui.ask('Do you want to unlock your key? (y/n)')
+             .argument(:required)
+             .default('y')
+             .modify(:downcase)
+             .read_string == 'y'
+          ui.newline
+          execute_command(%w[unlock])
+        end
+      end
+
+      true
+    end
+
+    def create_key
+      password = ask_password
+
+      start_time = Time.now
+      ui.spinner('Generating key...') do
+        key = Arcanus::Key.generate
+        key.save(key_file_path: repo.locked_key_path, password: password)
+        key.save(key_file_path: repo.unlocked_key_path)
+      end
+      end_time = Time.now
+
+      ui.success "Key generated in #{end_time - start_time} seconds"
+    end
+
+    def ask_password
+      password = nil
+      confirmed_password = false
+
+      ui.print 'Enter a password to lock the key with.'
+      ui.print 'Any new developer will need to be given this password to work with this repo.'
+      ui.print 'You should store the password in a secure place.'
+
+      loop do
+        ui.info 'Password: ', newline: false
+        password = ui.secret_user_input
+        ui.newline
+        ui.info 'Confirm Password: ', newline: false
+        confirmed_password = ui.secret_user_input
+        ui.newline
+
+        if password == confirmed_password
+          break
+        else
+          ui.error 'Passwords do not match. Try again.'
+          ui.newline
+        end
+      end
+
+      password
+    end
+
+    def create_chest
+      File.open(repo.chest_file_path, 'w') { |f| f.write({}.to_yaml) }
+    end
+
+    def update_gitignore
+      File.open(repo.gitignore_file_path, 'a') { |f| f.write(Arcanus::UNLOCKED_KEY_NAME) }
+    end
+  end
+end

data/lib/arcanus/command/shared/ensure_key.rb

@@ -0,0 +1,14 @@
+module Arcanus::Command::Shared
+  module EnsureKey
+    # Ensures the key is unlocked
+    def ensure_key_unlocked
+      if !repo.has_locked_key?
+        execute_command(%w[setup])
+        ui.newline
+      elsif !repo.has_unlocked_key?
+        execute_command(%w[unlock])
+        ui.newline
+      end
+    end
+  end
+end

data/lib/arcanus/command/show.rb

@@ -0,0 +1,34 @@
+require_relative 'shared/ensure_key'
+
+module Arcanus::Command
+  class Show < Base
+    include Shared::EnsureKey
+
+    description 'Shows the decrypted contents of the chest'
+
+    def execute
+      ensure_key_unlocked
+
+      chest = Arcanus::Chest.new(key_file_path: repo.unlocked_key_path,
+                                 chest_file_path: repo.chest_file_path)
+
+      output_colored_hash(chest.contents)
+    end
+
+    private
+
+    def output_colored_hash(hash, indent = 0)
+      indentation = ' ' * indent
+      hash.each do |key, value|
+        ui.info "#{indentation}#{key}:", newline: false
+
+        if value.is_a?(Hash)
+          ui.newline
+          output_colored_hash(value, indent + 2)
+        else
+          ui.print " #{value}"
+        end
+      end
+    end
+  end
+end

data/lib/arcanus/command/unlock.rb

@@ -0,0 +1,48 @@
+module Arcanus::Command
+  class Unlock < Base
+    description 'Unlocks key so secrets can be encrypted/decrypted'
+
+    def execute
+      return if already_unlocked?
+
+      ui.print "This repository's Arcanus key is locked by a password."
+      ui.print "Until you unlock it, you won't be able to view/edit secrets."
+
+      unlock_key
+
+      ui.success "Key unlocked and saved in #{repo.unlocked_key_path}"
+      ui.newline
+      ui.print 'You can now view secrets with:'
+      ui.info '  arcanus show'
+      ui.print '...or edit secrets with:'
+      ui.info '  arcanus edit'
+    end
+
+    private
+
+    def already_unlocked?
+      return unless repo.has_unlocked_key?
+
+      ui.warning "This repository's key is already unlocked."
+      ui.print 'You can view secrets by running:'
+      ui.info 'arcanus show'
+
+      true
+    end
+
+    def unlock_key
+      loop do
+        ui.print 'Enter password:', newline: false
+        password = ui.secret_user_input
+
+        begin
+          key = Key.from_protected_file(repo.locked_key_path, password)
+          key.save(key_file_path: repo.unlocked_key_path)
+          break # Key unlocked successfully
+        rescue Arcanus::Errors::DecryptionError => ex
+          ui.error ex.message
+        end
+      end
+    end
+  end
+end

data/lib/arcanus/command/version.rb

@@ -0,0 +1,9 @@
+module Arcanus::Command
+  class Version < Base
+    description 'Displays version information'
+
+    def execute
+      ui.info Arcanus::VERSION
+    end
+  end
+end

data/lib/arcanus/configuration.rb

@@ -0,0 +1,92 @@
+require 'pathname'
+require 'yaml'
+
+module Arcanus
+  # Stores runtime configuration for the application.
+  #
+  # This is intended to define helper methods for accessing configuration so
+  # this logic can be shared amongst the various components of the system.
+  class Configuration
+    # Name of the configuration file.
+    FILE_NAME = '.arcanus.yaml'
+
+    class << self
+      # Loads appropriate configuration file given the current working
+      # directory.
+      #
+      # @return [Arcanus::Configuration]
+      def load_applicable
+        current_directory = File.expand_path(Dir.pwd)
+        config_file = applicable_config_file(current_directory)
+
+        if config_file
+          from_file(config_file)
+        else
+          # No configuration file, so assume defaults
+          new({})
+        end
+      end
+
+      # Loads a configuration from a file.
+      #
+      # @return [Arcanus::Configuration]
+      def from_file(config_file)
+        options =
+          if yaml = YAML.load_file(config_file)
+            yaml.to_hash
+          else
+            {}
+          end
+
+        new(options)
+      end
+
+      private
+
+      # Returns the first valid configuration file found, starting from the
+      # current working directory and ascending to ancestor directories.
+      #
+      # @param directory [String]
+      # @return [String, nil]
+      def applicable_config_file(directory)
+        Pathname.new(directory)
+                .enum_for(:ascend)
+                .map { |dir| dir + FILE_NAME }
+                .find do |config_file|
+          config_file if config_file.exist?
+        end
+      end
+    end
+
+    # Creates a configuration from the given options hash.
+    #
+    # @param options [Hash]
+    def initialize(options)
+      @options = options
+    end
+
+    # Access the configuration as if it were a hash.
+    #
+    # @param key [String, Symbol]
+    # @return [Array, Hash, Number, String]
+    def [](key)
+      @options[key.to_s]
+    end
+
+    # Access the configuration as if it were a hash.
+    #
+    # @param key [String, Symbol]
+    # @return [Array, Hash, Number, String]
+    def fetch(key, *args)
+      @options.fetch(key.to_s, *args)
+    end
+
+    # Compares this configuration with another.
+    #
+    # @param other [HamlLint::Configuration]
+    # @return [true,false] whether the given configuration is equivalent
+    def ==(other)
+      super || @options == other.instance_variable_get('@options')
+    end
+  end
+end

data/lib/arcanus/constants.rb

@@ -0,0 +1,11 @@
+# Global application constants.
+module Arcanus
+  EXECUTABLE_NAME = 'arcanus'
+
+  CHEST_FILE_NAME = '.arcanus.chest'
+  LOCKED_KEY_NAME = '.arcanus.pem'
+  UNLOCKED_KEY_NAME = '.arcanus.key'
+
+  REPO_URL = 'https://github.com/sds/arcanus'
+  BUG_REPORT_URL = "#{REPO_URL}/issues"
+end

data/lib/arcanus/error_handler.rb

@@ -0,0 +1,50 @@
+module Arcanus
+  # Central location of all logic for how exceptions are presented to the user.
+  class ErrorHandler
+    # Creates exception handler that can display output to user via the given
+    # user interface.
+    #
+    # @param [Arcanus::UI] user interface to print output to
+    def initialize(ui)
+      @ui = ui
+    end
+
+    # Display appropriate output to the user for the given exception, returning
+    # a semantic exit status code.
+    #
+    # @return [Integer] exit status code
+    def handle(ex)
+      case ex
+      when Errors::CommandFailedError,
+           Errors::DecryptionError
+        ui.error ex.message
+        CLI::ExitCodes::ERROR
+      when Errors::UsageError
+        ui.error ex.message
+        CLI::ExitCodes::USAGE
+      when Errors::ConfigurationError
+        ui.error ex.message
+        CLI::ExitCodes::CONFIG
+      else
+        print_unexpected_exception(ex)
+        CLI::ExitCodes::SOFTWARE
+      end
+    end
+
+    private
+
+    attr_reader :ui
+
+    def print_unexpected_exception(ex)
+      ui.bold_error ex.message
+      ui.error ex.backtrace.join("\n")
+      ui.warning 'Report this bug at ', newline: false
+      ui.info BUG_REPORT_URL
+      ui.newline
+      ui.info 'To help fix this issue, please include:'
+      ui.print '- The above stack trace'
+      ui.print '- Ruby version: ', newline: false
+      ui.info RUBY_VERSION
+    end
+  end
+end

data/lib/arcanus/errors.rb

@@ -0,0 +1,32 @@
+# Collection of errors that can be thrown by the application.
+#
+# This implements an exception hierarchy which exceptions to be grouped by type
+# so the {ExceptionHandler} can display them appropriately.
+module Arcanus::Errors
+  # Base class for all errors reported by this tool.
+  class ArcanusError < StandardError; end
+
+  # Base class for all errors that are a result of incorrect user usage.
+  class UsageError < ArcanusError; end
+
+  # Base class for all configuration-related errors.
+  class ConfigurationError < ArcanusError; end
+
+  # Raised when something is incorrect with the configuration.
+  class ConfigurationInvalidError < ConfigurationError; end
+
+  # Raised when a configuration file is not present.
+  class ConfigurationMissingError < ConfigurationError; end
+
+  # Raised when there was a problem decrypting a value.
+  class DecryptionError < StandardError; end
+
+  # Raised when a command has failed due to user error.
+  class CommandFailedError < UsageError; end
+
+  # Raised when invalid/non-existent command was used.
+  class CommandInvalidError < UsageError; end
+
+  # Raised when run in a directory not part of a valid git repository.
+  class InvalidGitRepoError < UsageError; end
+end

data/lib/arcanus/input.rb

@@ -0,0 +1,24 @@
+require 'io/console'
+
+module Arcanus
+  # Provides interface for collecting input from the user.
+  class Input
+    # Creates an {Arcanus::Input} wrapping the given IO stream.
+    #
+    # @param [IO] input the input stream
+    def initialize(input)
+      @input = input
+    end
+
+    # Blocks until a line of input is returned from the input source.
+    #
+    # @return [String, nil]
+    def get(noecho: false)
+      if noecho
+        @input.noecho(&:gets)
+      else
+        @input.gets
+      end
+    end
+  end
+end