ava 0.1.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +7 -0
- data/.gitignore +10 -0
- data/.rspec +2 -0
- data/.travis.yml +4 -0
- data/CODE_OF_CONDUCT.md +49 -0
- data/Gemfile +4 -0
- data/LICENSE.txt +21 -0
- data/README.md +209 -0
- data/Rakefile +6 -0
- data/ava.gemspec +35 -0
- data/bin/console +14 -0
- data/bin/setup +8 -0
- data/lib/ava.rb +15 -0
- data/lib/ava/version.rb +3 -0
- data/lib/client/client.rb +107 -0
- data/lib/client/replicant.rb +21 -0
- data/lib/controller/controller.rb +249 -0
- metadata +117 -0
checksums.yaml
ADDED
@@ -0,0 +1,7 @@
|
|
1
|
+
---
|
2
|
+
SHA1:
|
3
|
+
metadata.gz: 26caff3f5177418fa60e596d8d579f3253f50833
|
4
|
+
data.tar.gz: aa1fb1423b4c703d933b12e822c6496b444f712d
|
5
|
+
SHA512:
|
6
|
+
metadata.gz: ff5ec728964e1f5ebddf8bc002474323a50efa2ca07a34b8e473f3af3c3e271b376a8da97c4943d22b631c629cd9d43a03286ea2b76a0c1e5147dc76c579ba12
|
7
|
+
data.tar.gz: b9a5d57116f34a00b3faf5b543adeeaa8b93b7967d94941f5184fc861ed2903800632f8ada32caa85554aab1345eb40a50bd3e1c7a43dbf8dc3384814baa13e1
|
data/.gitignore
ADDED
data/.rspec
ADDED
data/.travis.yml
ADDED
data/CODE_OF_CONDUCT.md
ADDED
@@ -0,0 +1,49 @@
|
|
1
|
+
# Contributor Code of Conduct
|
2
|
+
|
3
|
+
As contributors and maintainers of this project, and in the interest of
|
4
|
+
fostering an open and welcoming community, we pledge to respect all people who
|
5
|
+
contribute through reporting issues, posting feature requests, updating
|
6
|
+
documentation, submitting pull requests or patches, and other activities.
|
7
|
+
|
8
|
+
We are committed to making participation in this project a harassment-free
|
9
|
+
experience for everyone, regardless of level of experience, gender, gender
|
10
|
+
identity and expression, sexual orientation, disability, personal appearance,
|
11
|
+
body size, race, ethnicity, age, religion, or nationality.
|
12
|
+
|
13
|
+
Examples of unacceptable behavior by participants include:
|
14
|
+
|
15
|
+
* The use of sexualized language or imagery
|
16
|
+
* Personal attacks
|
17
|
+
* Trolling or insulting/derogatory comments
|
18
|
+
* Public or private harassment
|
19
|
+
* Publishing other's private information, such as physical or electronic
|
20
|
+
addresses, without explicit permission
|
21
|
+
* Other unethical or unprofessional conduct
|
22
|
+
|
23
|
+
Project maintainers have the right and responsibility to remove, edit, or
|
24
|
+
reject comments, commits, code, wiki edits, issues, and other contributions
|
25
|
+
that are not aligned to this Code of Conduct, or to ban temporarily or
|
26
|
+
permanently any contributor for other behaviors that they deem inappropriate,
|
27
|
+
threatening, offensive, or harmful.
|
28
|
+
|
29
|
+
By adopting this Code of Conduct, project maintainers commit themselves to
|
30
|
+
fairly and consistently applying these principles to every aspect of managing
|
31
|
+
this project. Project maintainers who do not follow or enforce the Code of
|
32
|
+
Conduct may be permanently removed from the project team.
|
33
|
+
|
34
|
+
This code of conduct applies both within project spaces and in public spaces
|
35
|
+
when an individual is representing the project or its community.
|
36
|
+
|
37
|
+
Instances of abusive, harassing, or otherwise unacceptable behavior may be
|
38
|
+
reported by contacting a project maintainer at d2sm10@hotmail.com. All
|
39
|
+
complaints will be reviewed and investigated and will result in a response that
|
40
|
+
is deemed necessary and appropriate to the circumstances. Maintainers are
|
41
|
+
obligated to maintain confidentiality with regard to the reporter of an
|
42
|
+
incident.
|
43
|
+
|
44
|
+
This Code of Conduct is adapted from the [Contributor Covenant][homepage],
|
45
|
+
version 1.3.0, available at
|
46
|
+
[http://contributor-covenant.org/version/1/3/0/][version]
|
47
|
+
|
48
|
+
[homepage]: http://contributor-covenant.org
|
49
|
+
[version]: http://contributor-covenant.org/version/1/3/0/
|
data/Gemfile
ADDED
data/LICENSE.txt
ADDED
@@ -0,0 +1,21 @@
|
|
1
|
+
The MIT License (MIT)
|
2
|
+
|
3
|
+
Copyright (c) 2016 Brandon
|
4
|
+
|
5
|
+
Permission is hereby granted, free of charge, to any person obtaining a copy
|
6
|
+
of this software and associated documentation files (the "Software"), to deal
|
7
|
+
in the Software without restriction, including without limitation the rights
|
8
|
+
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
|
9
|
+
copies of the Software, and to permit persons to whom the Software is
|
10
|
+
furnished to do so, subject to the following conditions:
|
11
|
+
|
12
|
+
The above copyright notice and this permission notice shall be included in
|
13
|
+
all copies or substantial portions of the Software.
|
14
|
+
|
15
|
+
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
16
|
+
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
17
|
+
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
|
18
|
+
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
19
|
+
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
|
20
|
+
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
|
21
|
+
THE SOFTWARE.
|
data/README.md
ADDED
@@ -0,0 +1,209 @@
|
|
1
|
+
# Meet Ava
|
2
|
+
|
3
|
+
Ava allows you to remotely execute code from another Ruby process or another system, similar to DRb (but different). With Ava, you register individual objects and then white or black list methods to then be called remotely via Ava's client class. Ava is both simple, lightweight and powerful.
|
4
|
+
|
5
|
+
See how it all works below! It's easy and (mostly) secure!
|
6
|
+
|
7
|
+
## Installation
|
8
|
+
|
9
|
+
Add this line to your application's Gemfile:
|
10
|
+
|
11
|
+
```ruby
|
12
|
+
gem 'ava'
|
13
|
+
```
|
14
|
+
|
15
|
+
And then execute:
|
16
|
+
|
17
|
+
$ bundle
|
18
|
+
|
19
|
+
Or install it yourself as:
|
20
|
+
|
21
|
+
$ gem install ava
|
22
|
+
|
23
|
+
## Usage
|
24
|
+
|
25
|
+
Ava is comprised of three classes. The two most important are the Controller (the server) and the Client (the, well, client...). The third is called Replicant and is discussed in further detail below.
|
26
|
+
|
27
|
+
### Starting a Server
|
28
|
+
|
29
|
+
Starting an Ava Controller is simple:
|
30
|
+
|
31
|
+
```ruby
|
32
|
+
controller = Ava::Controller.new start: true, key: 'test', port: 2016
|
33
|
+
```
|
34
|
+
#### Available Params for Initialization
|
35
|
+
* __start__: When the named argument start is set to true the server is automatically started during initialization. If this is not passed in, _start_ must be called later to initiate the server.
|
36
|
+
* __key__: The secret key is the password that each client must have in order to authenticate. This is irrelevant if _encrypt_ is set to false as the key will not be needed.
|
37
|
+
* __encrypt__: Settings this to true will ensure all content sent to clients is encrypted and require the key to authenticate.
|
38
|
+
* __port__: Sets the TCP port for the server to run on. The default is 2016. The port needs to be open for remote connections to work.
|
39
|
+
|
40
|
+
Once the server is up and running it needs to have objects registered to it that it will allow remote control over. Any Ruby object can be added and will be referenced by the name provided during registration. Names must be unique.
|
41
|
+
|
42
|
+
```ruby
|
43
|
+
# Create a couple objects to control
|
44
|
+
timer = BBLib::TaskTimer.new
|
45
|
+
cron_parser = BBLib::Cron.new '* * * * * *'
|
46
|
+
|
47
|
+
controller.register timer: timer, cron: cron_parser
|
48
|
+
```
|
49
|
+
|
50
|
+
### Setting up a Client
|
51
|
+
|
52
|
+
As soon as the items have been registered they can be controlled using a client. The following code illustrates how to create a client to connect to the server shown above.
|
53
|
+
|
54
|
+
```ruby
|
55
|
+
client = Ava::Client.new host: 'localhost', port: 2016, key: 'test'
|
56
|
+
|
57
|
+
# Get the list of registered objects from the server
|
58
|
+
client.registered_objects
|
59
|
+
#=> [:controller, :timer, :cron]
|
60
|
+
```
|
61
|
+
|
62
|
+
If the client_id is out of sync or you need to reconnect the client you can call the *get_id* method and pass in the server key. This will ask the server for a new client ID and encryption key. This will have to occur if the server is fully restarted as it will purge its known connections and keys. The call will return true if the server accepts the key.
|
63
|
+
|
64
|
+
```ruby
|
65
|
+
client.get_id 'test'
|
66
|
+
#=> true
|
67
|
+
```
|
68
|
+
|
69
|
+
__NOTE:__The key is never stored in the client, so it must be passed back in with each call to get_id if a new client_id is needed.
|
70
|
+
|
71
|
+
### Using the Client
|
72
|
+
|
73
|
+
Once a server is running and a client has been connected you may begin making calls the registered objects on the server (or to the server itself). There are a couple of ways to interact. The first is using requests.
|
74
|
+
|
75
|
+
#### Requests
|
76
|
+
|
77
|
+
Requests can be sent to the server and passed on to its objects in one of two ways. The request method allows an object name, method name and arguments to be sent to the server. The object name must match a registered object to return a result. For example:
|
78
|
+
|
79
|
+
```ruby
|
80
|
+
# Below the first argument is the object name, followed by the method to call on that object.
|
81
|
+
# Arguments can also be forwarded following the method argument.
|
82
|
+
client.request :timer, :start
|
83
|
+
#=> 0
|
84
|
+
|
85
|
+
sleep(5)
|
86
|
+
|
87
|
+
client.request :timer, :stop
|
88
|
+
#=> 5
|
89
|
+
```
|
90
|
+
|
91
|
+
Similarly, you can call a method directly on the client that matches the name of the registered object. For example:
|
92
|
+
|
93
|
+
```ruby
|
94
|
+
# Call the :next method on the cron object
|
95
|
+
client.cron :next
|
96
|
+
#=> '2016-04-10 03:14:00.000'
|
97
|
+
|
98
|
+
# You can also add additional arguments
|
99
|
+
client.cron :next, count: 2
|
100
|
+
#=> ['2016-04-10 03:14:00.000', '2016-04-10 03:15:00.000']
|
101
|
+
```
|
102
|
+
|
103
|
+
As shown above, any number of arguments may be called, whether they are ordered and explicit or named parameters. The order passed in is enforced when they are sent to the server.
|
104
|
+
|
105
|
+
#### Replicants
|
106
|
+
|
107
|
+
Replicants provide an even more convenient means to interact with remote objects hosted by Ava. Replicants are pseudo versions of the objects on the server that can be interacted with as though they existed in the local scope.
|
108
|
+
|
109
|
+
To create a Replicant all you need to do is make a call to the client using the object name as the method. See the example below.
|
110
|
+
|
111
|
+
```ruby
|
112
|
+
timer = client.timer
|
113
|
+
#=> "#<Ava::Replicant>"
|
114
|
+
|
115
|
+
# Now, we can interact with the variable timer as though it was created within the client's local scope.
|
116
|
+
timer.start :my_task
|
117
|
+
#=> 0
|
118
|
+
timer.stop :my_task
|
119
|
+
#=> 0.001213
|
120
|
+
|
121
|
+
# This makes passing arguments more natural
|
122
|
+
c = client.cron
|
123
|
+
|
124
|
+
c.next '* * * * * *', count:1, time: Time.now
|
125
|
+
#=> '2016-04-10 03:22:00.000'
|
126
|
+
```
|
127
|
+
|
128
|
+
_NOTE_: Nearly all methods in a Replicant return the result of the object from the server, so calling _class_ on a Replicant actually returns the class of the object on the server side. Some comparison operations may fail in Ava's current state such as the === operator.
|
129
|
+
|
130
|
+
### Environment
|
131
|
+
|
132
|
+
Because Ava passes deserialized objects and can reconstitute them on the client side it may be important for the client to have the same classes available as the server. There are a few methods included to help automate this where possible. These features are experimental.
|
133
|
+
|
134
|
+
```ruby
|
135
|
+
# Determine what gems were required on the server
|
136
|
+
client.required_gems
|
137
|
+
#=> ["bblib", "json", "psych", "mini_portile2", "nokogiri"]
|
138
|
+
|
139
|
+
# List the gems required on the server that are not currently required on the client
|
140
|
+
client.missings_gems
|
141
|
+
#=> ["mini_portile2", "nokogiri"]
|
142
|
+
|
143
|
+
# Attempt to import missing gems.
|
144
|
+
client.require_missing_gems
|
145
|
+
#=> {"mini_portile2" => true, "nokogiri" => true}
|
146
|
+
|
147
|
+
# Check for anything missing following the bulk include
|
148
|
+
client.missing_gems
|
149
|
+
#=> []
|
150
|
+
```
|
151
|
+
|
152
|
+
The gems must be installed on the client side in order for them to actually be imported manually, so this will not cover all cases. Also, if you prefer not to blindly import everything you can use the missing_gems method to determine what the difference in environments is and manually import only the gems you need.
|
153
|
+
|
154
|
+
### Security
|
155
|
+
|
156
|
+
Various security functions are available in Ava currently to prevent unwanted access.
|
157
|
+
|
158
|
+
#### Methods
|
159
|
+
|
160
|
+
Methods can either be blacklisted or whitelisted to allow or disallow access to them via Ava. The whitelist takes precedence over the blacklist, so a whitelisted method will still be available even if it is listed in the blacklist. By default, all methods other than :eval are accessible on objects until explicitly stated in the white or black lists.
|
161
|
+
|
162
|
+
Methods may be listed per object or across all objects.
|
163
|
+
|
164
|
+
```ruby
|
165
|
+
# Prevent access to timer's start and stop methods
|
166
|
+
controller.blacklist :timer, :start, :stop
|
167
|
+
|
168
|
+
# Allow access to timer's :tasks method
|
169
|
+
controller.whitelist :timer, :tasks
|
170
|
+
|
171
|
+
# Block access to the method :eval on all objects
|
172
|
+
controller.blacklist_global :eval
|
173
|
+
|
174
|
+
# Block all methods on the cron object
|
175
|
+
controller.blacklist_all :cron
|
176
|
+
```
|
177
|
+
|
178
|
+
Clients attempting to call blacklisted methods will raise an unauthorized error.
|
179
|
+
|
180
|
+
#### IP Filtering
|
181
|
+
|
182
|
+
IPs can be allowed via the allow_connections method. IPs can be added as explicit strings or as regular expressions to match by subnets or other. By default all IPs are allowed to connect. If allowed_connections includes any IPs or patterns all other IPs not matching its contents will be blocked.
|
183
|
+
|
184
|
+
```ruby
|
185
|
+
# Allow access to a specific IP or from any IP starting with 10.30
|
186
|
+
controller.allow_connections '10.10.156.1', /10\.30\.*/
|
187
|
+
|
188
|
+
# Passing nil will allow all connections. This is the default behavior.
|
189
|
+
controller.allow_connections nil
|
190
|
+
```
|
191
|
+
|
192
|
+
#### Encryption
|
193
|
+
|
194
|
+
Encryption is enabled by default on the controller. When asking for a client ID a matching encryption key will be sent to the client so that it can decrypt messages from the controller. Each key is specific to the IP of the Client. It is recommended that encryption remain enabled. It can be toggled via the _encrypt_ method on the Controller.
|
195
|
+
|
196
|
+
## Development
|
197
|
+
|
198
|
+
After checking out the repo, run `bin/setup` to install dependencies. Then, run `rake spec` to run the tests. You can also run `bin/console` for an interactive prompt that will allow you to experiment.
|
199
|
+
|
200
|
+
To install this gem onto your local machine, run `bundle exec rake install`. To release a new version, update the version number in `version.rb`, and then run `bundle exec rake release`, which will create a git tag for the version, push git commits and tags, and push the `.gem` file to [rubygems.org](https://rubygems.org).
|
201
|
+
|
202
|
+
## Contributing
|
203
|
+
|
204
|
+
Bug reports and pull requests are welcome on GitHub at https://github.com/[USERNAME]/ava. This project is intended to be a safe, welcoming space for collaboration, and contributors are expected to adhere to the [Contributor Covenant](http://contributor-covenant.org) code of conduct.
|
205
|
+
|
206
|
+
|
207
|
+
## License
|
208
|
+
|
209
|
+
The gem is available as open source under the terms of the [MIT License](http://opensource.org/licenses/MIT).
|
data/Rakefile
ADDED
data/ava.gemspec
ADDED
@@ -0,0 +1,35 @@
|
|
1
|
+
# coding: utf-8
|
2
|
+
lib = File.expand_path('../lib', __FILE__)
|
3
|
+
$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
|
4
|
+
require 'ava/version'
|
5
|
+
|
6
|
+
Gem::Specification.new do |spec|
|
7
|
+
spec.name = "ava"
|
8
|
+
spec.version = Ava::VERSION
|
9
|
+
spec.authors = ["Brandon"]
|
10
|
+
spec.email = ["d2sm10@hotmail.com"]
|
11
|
+
|
12
|
+
spec.summary = %q{Ava is a remote control class for Ruby using TCP sockets.}
|
13
|
+
spec.description = %q{Ava allows you to remotely control code in another process or on another system using TCP sockets.}
|
14
|
+
spec.homepage = "http://github.com/bblack16/ava-ruby"
|
15
|
+
spec.license = "MIT"
|
16
|
+
|
17
|
+
# Prevent pushing this gem to RubyGems.org by setting 'allowed_push_host', or
|
18
|
+
# delete this section to allow pushing this gem to any host.
|
19
|
+
# if spec.respond_to?(:metadata)
|
20
|
+
# spec.metadata['allowed_push_host'] = "TODO: Set to 'http://mygemserver.com'"
|
21
|
+
# else
|
22
|
+
# raise "RubyGems 2.0 or newer is required to protect against public gem pushes."
|
23
|
+
# end
|
24
|
+
|
25
|
+
spec.files = `git ls-files -z`.split("\x0").reject { |f| f.match(%r{^(test|spec|features)/}) }
|
26
|
+
spec.bindir = "exe"
|
27
|
+
spec.executables = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
|
28
|
+
spec.require_paths = ["lib"]
|
29
|
+
|
30
|
+
spec.add_development_dependency "bundler", "~> 1.11"
|
31
|
+
spec.add_development_dependency "rake", "~> 10.0"
|
32
|
+
spec.add_development_dependency "rspec", "~> 3.0"
|
33
|
+
|
34
|
+
spec.add_runtime_dependency "bblib"
|
35
|
+
end
|
data/bin/console
ADDED
@@ -0,0 +1,14 @@
|
|
1
|
+
#!/usr/bin/env ruby
|
2
|
+
|
3
|
+
require "bundler/setup"
|
4
|
+
require "ava"
|
5
|
+
|
6
|
+
# You can add fixtures and/or initialization code here to make experimenting
|
7
|
+
# with your gem easier. You can also use a different console, if you like.
|
8
|
+
|
9
|
+
# (If you use this, don't forget to add pry to your Gemfile!)
|
10
|
+
# require "pry"
|
11
|
+
# Pry.start
|
12
|
+
|
13
|
+
require "irb"
|
14
|
+
IRB.start
|
data/bin/setup
ADDED
data/lib/ava.rb
ADDED
@@ -0,0 +1,15 @@
|
|
1
|
+
require_relative "ava/version"
|
2
|
+
require_relative 'client/client'
|
3
|
+
require_relative 'controller/controller'
|
4
|
+
|
5
|
+
require 'bblib'
|
6
|
+
require 'socket'
|
7
|
+
require 'json'
|
8
|
+
require 'yaml'
|
9
|
+
require 'securerandom'
|
10
|
+
require 'openssl'
|
11
|
+
require 'digest/sha1'
|
12
|
+
|
13
|
+
module Ava
|
14
|
+
|
15
|
+
end
|
data/lib/ava/version.rb
ADDED
@@ -0,0 +1,107 @@
|
|
1
|
+
require_relative 'replicant'
|
2
|
+
|
3
|
+
module Ava
|
4
|
+
|
5
|
+
class Client
|
6
|
+
attr_accessor :host, :port, :socket, :response
|
7
|
+
|
8
|
+
def initialize host: 'localhost', port: 2016, key: nil
|
9
|
+
self.host = host
|
10
|
+
self.port = port
|
11
|
+
@client_id = {key: nil, iv: nil, encrypt: false}
|
12
|
+
get_id(key) if key
|
13
|
+
end
|
14
|
+
|
15
|
+
def inspect
|
16
|
+
"#<#{self.class}:#{self.object_id}>"
|
17
|
+
end
|
18
|
+
|
19
|
+
def connect
|
20
|
+
@socket = TCPSocket.open(@host, @port)
|
21
|
+
end
|
22
|
+
|
23
|
+
def close
|
24
|
+
@socket.close if defined?(@socket)
|
25
|
+
end
|
26
|
+
|
27
|
+
def get_id key
|
28
|
+
@client_id[:encrypt] = false
|
29
|
+
response = request :controller, :secret_key, key
|
30
|
+
if response
|
31
|
+
@client_id = response
|
32
|
+
true
|
33
|
+
else
|
34
|
+
false
|
35
|
+
end
|
36
|
+
end
|
37
|
+
|
38
|
+
def registered_objects
|
39
|
+
request(:controller, :registered_objects)
|
40
|
+
end
|
41
|
+
|
42
|
+
def required_gems
|
43
|
+
request(:controller, :required_gems)
|
44
|
+
end
|
45
|
+
|
46
|
+
def missing_gems
|
47
|
+
required_gems - Gem.loaded_specs.keys
|
48
|
+
end
|
49
|
+
|
50
|
+
def require_missing_gems
|
51
|
+
missing_gems.map do |gem|
|
52
|
+
begin
|
53
|
+
require gem
|
54
|
+
[gem, true]
|
55
|
+
rescue
|
56
|
+
[gem, false]
|
57
|
+
end
|
58
|
+
end.to_h
|
59
|
+
end
|
60
|
+
|
61
|
+
def method_missing *args, **named
|
62
|
+
if args.size == 1 && (named == {} || named.nil?) && registered_objects.any?{ |o| o.to_sym == args.first}
|
63
|
+
Replicant.new args.first, self
|
64
|
+
else
|
65
|
+
request args.first, args[1], *args[2..-1], **named
|
66
|
+
end
|
67
|
+
end
|
68
|
+
|
69
|
+
def request object, method, *args, **named
|
70
|
+
connect
|
71
|
+
argument = (named.nil? ? {} : named).merge({args:args})
|
72
|
+
request = {object => { method => argument }, client_id: @client_id[:key] }
|
73
|
+
@socket.puts encrypt_msg(request.to_yaml)
|
74
|
+
lines = Array.new
|
75
|
+
while line = @socket.gets
|
76
|
+
lines << line
|
77
|
+
end
|
78
|
+
@response = decrypt_msg(YAML.load(lines.join)).map{ |k,v| [k.to_sym, v]}.to_h
|
79
|
+
close
|
80
|
+
@response[:response] ? @response[:response] : (raise @response[:error])
|
81
|
+
end
|
82
|
+
|
83
|
+
def encrypt_msg msg
|
84
|
+
return msg if !@client_id[:encrypt]
|
85
|
+
cipher = OpenSSL::Cipher::Cipher.new("aes-256-cbc")
|
86
|
+
cipher.encrypt
|
87
|
+
cipher.key = @client_id[:key]
|
88
|
+
cipher.iv = @client_id[:iv]
|
89
|
+
enc = cipher.update msg.to_yaml
|
90
|
+
enc << cipher.final
|
91
|
+
{encrypted: enc, client_id: @client_id[:key]}.to_yaml
|
92
|
+
end
|
93
|
+
|
94
|
+
def decrypt_msg msg
|
95
|
+
return msg if !@client_id[:encrypt] || !msg.include?(:encrypted)
|
96
|
+
cipher = OpenSSL::Cipher::Cipher.new("aes-256-cbc")
|
97
|
+
cipher.decrypt
|
98
|
+
cipher.key = @client_id[:key]
|
99
|
+
cipher.iv = @client_id[:iv]
|
100
|
+
dec = cipher.update msg[:encrypted]
|
101
|
+
dec << cipher.final
|
102
|
+
YAML.load(YAML.load(dec))
|
103
|
+
end
|
104
|
+
|
105
|
+
end
|
106
|
+
|
107
|
+
end
|
@@ -0,0 +1,21 @@
|
|
1
|
+
module Ava
|
2
|
+
|
3
|
+
class Replicant < BasicObject
|
4
|
+
attr_accessor :object, :client
|
5
|
+
|
6
|
+
def initialize object, client
|
7
|
+
self.object = object
|
8
|
+
self.client = client
|
9
|
+
end
|
10
|
+
|
11
|
+
def is_replicant?
|
12
|
+
true
|
13
|
+
end
|
14
|
+
|
15
|
+
def method_missing *args, **named
|
16
|
+
@client.send @object, args.first, *args[1..-1], **named
|
17
|
+
end
|
18
|
+
|
19
|
+
end
|
20
|
+
|
21
|
+
end
|
@@ -0,0 +1,249 @@
|
|
1
|
+
module Ava
|
2
|
+
|
3
|
+
class Controller
|
4
|
+
attr_reader :objects, :blacklist, :whitelist, :key, :port, :thread, :connections,
|
5
|
+
:allowed_connections, :encrypt
|
6
|
+
|
7
|
+
def initialize *args, **named
|
8
|
+
@objects, @connections = {}, {}
|
9
|
+
@whitelist, @blacklist = {methods:[]}, {methods:[:eval]}
|
10
|
+
@allowed_connections = nil
|
11
|
+
setup_defaults
|
12
|
+
self.key = named.include?(:key) ? named[:key] : SecureRandom.hex(20)
|
13
|
+
self.port = named.include?(:port) ? named[:port] : 2016
|
14
|
+
self.encrypt = named.include?(:encrypt) ? named[:encrypt] : true
|
15
|
+
listen if named.include?(:start) && named[:start]
|
16
|
+
end
|
17
|
+
|
18
|
+
def encrypt= e
|
19
|
+
@encrypt = e == true
|
20
|
+
end
|
21
|
+
|
22
|
+
def key= key
|
23
|
+
@key = key.to_s
|
24
|
+
end
|
25
|
+
|
26
|
+
def port= port
|
27
|
+
@port = BBLib::keep_between(port, 1, nil)
|
28
|
+
end
|
29
|
+
|
30
|
+
def start
|
31
|
+
listen unless defined?(@thread) && @thread.alive?
|
32
|
+
running?
|
33
|
+
end
|
34
|
+
|
35
|
+
def stop
|
36
|
+
@thread.kill if defined?(@thread) && @thread.alive?
|
37
|
+
!running?
|
38
|
+
end
|
39
|
+
|
40
|
+
def restart
|
41
|
+
stop && start
|
42
|
+
end
|
43
|
+
|
44
|
+
def running?
|
45
|
+
defined?(@thread) && @thread.alive?
|
46
|
+
end
|
47
|
+
|
48
|
+
def register **objects
|
49
|
+
objects.each do |name, object|
|
50
|
+
name = name.to_sym
|
51
|
+
raise "Cannot name an object :controller, it is reserved." if name == :controller
|
52
|
+
@objects[name] = object
|
53
|
+
end
|
54
|
+
end
|
55
|
+
|
56
|
+
def allow_connections *connections
|
57
|
+
@allowed_connections = connections.first.nil? ? nil : connections
|
58
|
+
end
|
59
|
+
|
60
|
+
def remove name
|
61
|
+
@objects.delete name unless name == :controller
|
62
|
+
end
|
63
|
+
|
64
|
+
def whitelist name, *methods
|
65
|
+
name = name.to_sym
|
66
|
+
raise ArgumentError, "You cannot whitelist methods for :controller." if name == :controller
|
67
|
+
if @whitelist.include?(name)
|
68
|
+
(@whitelist[name]+=methods).uniq!
|
69
|
+
else
|
70
|
+
@whitelist[name] = methods
|
71
|
+
end
|
72
|
+
end
|
73
|
+
|
74
|
+
def whitelist_method *methods
|
75
|
+
@whitelist[:methods]+=methods
|
76
|
+
end
|
77
|
+
|
78
|
+
def blacklist name, *methods
|
79
|
+
if @blacklist.include?(name)
|
80
|
+
(@blacklist[name]+=methods).uniq!
|
81
|
+
else
|
82
|
+
@blacklist[name] = methods
|
83
|
+
end
|
84
|
+
end
|
85
|
+
|
86
|
+
def blacklist_all object
|
87
|
+
blacklist object, :_all
|
88
|
+
end
|
89
|
+
|
90
|
+
def blacklist_global *methods
|
91
|
+
@blacklist[:methods]+=methods
|
92
|
+
end
|
93
|
+
|
94
|
+
def registered_objects
|
95
|
+
@objects.keys
|
96
|
+
end
|
97
|
+
|
98
|
+
def required_gems
|
99
|
+
Gem.loaded_specs.keys
|
100
|
+
end
|
101
|
+
|
102
|
+
def parse_command cmd
|
103
|
+
begin
|
104
|
+
object = cmd.keys.first
|
105
|
+
method = cmd[object].keys.first
|
106
|
+
args = cmd[object][method].delete :args
|
107
|
+
named = cmd[object][method]
|
108
|
+
run_method(object, method, *args, **named)
|
109
|
+
rescue StandardError, Exception => e
|
110
|
+
{status: 500, error: "#{e}\n#{e.backtrace.join("\n")}"}
|
111
|
+
end
|
112
|
+
end
|
113
|
+
|
114
|
+
def run_method object, method, *args, **named
|
115
|
+
if @objects.include?(object)
|
116
|
+
return {status: 401, error: "You are not authorized to run '#{method}' on '#{object}'."} unless validate_method(object, method)
|
117
|
+
obj = @objects[object]
|
118
|
+
|
119
|
+
a = !args.nil? && (!args.is_a?(Array) || !args.empty?)
|
120
|
+
n = !named.nil? && !named.empty?
|
121
|
+
begin
|
122
|
+
if a && n
|
123
|
+
res = obj.send(method, *args, **named)
|
124
|
+
elsif !a && n
|
125
|
+
res = obj.send(method, **named)
|
126
|
+
elsif a && !n
|
127
|
+
res = obj.send(method, *args)
|
128
|
+
else
|
129
|
+
res = obj.send(method)
|
130
|
+
end
|
131
|
+
{status: 200, response: res}
|
132
|
+
rescue StandardError, Exception => e
|
133
|
+
{status: 501, error: "#{e}\n#{e.backtrace.join("\n")}"}
|
134
|
+
end
|
135
|
+
else
|
136
|
+
{status: 404, error: "Object '#{object}' does not exist."}
|
137
|
+
end
|
138
|
+
end
|
139
|
+
|
140
|
+
protected
|
141
|
+
|
142
|
+
def validate_method object, method
|
143
|
+
return true if @whitelist[:methods].include?(method) || @whitelist.include?(object) && @whitelist[object].include?(method)
|
144
|
+
return false if @blacklist[:methods].include?(method) || @blacklist.include?(object) && (@blacklist[object].include?(method) || @blacklist[object].include?(:_all))
|
145
|
+
return true
|
146
|
+
end
|
147
|
+
|
148
|
+
def listen
|
149
|
+
@thread = Thread.new {
|
150
|
+
begin
|
151
|
+
server = TCPServer.new(@port)
|
152
|
+
loop do
|
153
|
+
Thread.start(server.accept) do |client|
|
154
|
+
sock_domain, remote_port, remote_hostname, remote_ip = client.peeraddr
|
155
|
+
begin
|
156
|
+
encrypt = true
|
157
|
+
msg = decrypt_msg(remote_ip, YAML.load(client.recv(100000)))
|
158
|
+
if msg[:controller] && msg[:controller][:secret_key]
|
159
|
+
if msg[:controller][:secret_key][:args].first == @key
|
160
|
+
response = {status:200, response: register_client(remote_ip)}
|
161
|
+
encrypt = false
|
162
|
+
else
|
163
|
+
response = {status:401, error: ArgumentError.new('Invalid secret key.')}
|
164
|
+
encrypt = false
|
165
|
+
end
|
166
|
+
elsif verify_connection(remote_ip, msg)
|
167
|
+
response = parse_command(msg)
|
168
|
+
else
|
169
|
+
response = {status: 401, error: ArgumentError.new("Invalid or missing client ID.")}
|
170
|
+
encrypt = false
|
171
|
+
end
|
172
|
+
rescue StandardError, Exception => e
|
173
|
+
response = {status: 501, error: "#{e}\n#{e.backtrace.join}"}
|
174
|
+
encrypt = false
|
175
|
+
end
|
176
|
+
response.hash_path_set 'time' => Time.now
|
177
|
+
client.puts(encrypt ? encrypt_msg(remote_ip, response.to_yaml) : response.to_yaml)
|
178
|
+
client.close
|
179
|
+
end
|
180
|
+
end
|
181
|
+
rescue StandardError, Exception => e
|
182
|
+
e
|
183
|
+
end
|
184
|
+
}
|
185
|
+
end
|
186
|
+
|
187
|
+
def register_client addr
|
188
|
+
return "Your IP is not allowed: #{addr}" unless validate_ip(addr)
|
189
|
+
client_id = Digest::SHA1.hexdigest("#{addr}|#{@key}")
|
190
|
+
iv = @cipher.random_iv
|
191
|
+
@connections[addr] = {key: client_id, iv: iv, encrypt: @encrypt}
|
192
|
+
end
|
193
|
+
|
194
|
+
def validate_ip addr
|
195
|
+
return true if @allowed_connections.nil?
|
196
|
+
match = false
|
197
|
+
[@allowed_connections].flatten.each do |format|
|
198
|
+
if String === format
|
199
|
+
match = true if addr == format
|
200
|
+
elsif Regexp === format
|
201
|
+
match = true if addr =~ format
|
202
|
+
end
|
203
|
+
end
|
204
|
+
match
|
205
|
+
end
|
206
|
+
|
207
|
+
def verify_connection ip, msg
|
208
|
+
return false unless msg.include?(:client_id)
|
209
|
+
@connections.include?(ip) && @connections[ip][:key] == msg.delete(:client_id)
|
210
|
+
end
|
211
|
+
|
212
|
+
def setup_defaults
|
213
|
+
@objects[:controller] = self
|
214
|
+
blacklist_all :controller
|
215
|
+
@whitelist[:controller] = [
|
216
|
+
:port,
|
217
|
+
:restart,
|
218
|
+
:running?,
|
219
|
+
:registered_objects,
|
220
|
+
:required_gems
|
221
|
+
]
|
222
|
+
@cipher = OpenSSL::Cipher::Cipher.new('aes-256-cbc')
|
223
|
+
end
|
224
|
+
|
225
|
+
def encrypt_msg addr, msg
|
226
|
+
return msg if !@encrypt
|
227
|
+
cipher = OpenSSL::Cipher::Cipher.new("aes-256-cbc")
|
228
|
+
cipher.encrypt
|
229
|
+
cipher.key = @connections[addr][:key]
|
230
|
+
cipher.iv = @connections[addr][:iv]
|
231
|
+
enc = cipher.update msg.to_yaml
|
232
|
+
enc << cipher.final
|
233
|
+
{encrypted: enc}.to_yaml
|
234
|
+
end
|
235
|
+
|
236
|
+
def decrypt_msg addr, msg
|
237
|
+
return msg if !@encrypt || !msg.include?(:encrypted)
|
238
|
+
raise ArgumentError, "Unregistered client. You must get a client_id first for #{addr}" unless @connections.include?(addr)
|
239
|
+
cipher = OpenSSL::Cipher::Cipher.new("aes-256-cbc")
|
240
|
+
cipher.decrypt
|
241
|
+
cipher.key = @connections[addr][:key]
|
242
|
+
cipher.iv = @connections[addr][:iv]
|
243
|
+
dec = cipher.update msg[:encrypted]
|
244
|
+
dec << cipher.final
|
245
|
+
YAML.load(YAML.load(dec))
|
246
|
+
end
|
247
|
+
end
|
248
|
+
|
249
|
+
end
|
metadata
ADDED
@@ -0,0 +1,117 @@
|
|
1
|
+
--- !ruby/object:Gem::Specification
|
2
|
+
name: ava
|
3
|
+
version: !ruby/object:Gem::Version
|
4
|
+
version: 0.1.0
|
5
|
+
platform: ruby
|
6
|
+
authors:
|
7
|
+
- Brandon
|
8
|
+
autorequire:
|
9
|
+
bindir: exe
|
10
|
+
cert_chain: []
|
11
|
+
date: 2016-04-10 00:00:00.000000000 Z
|
12
|
+
dependencies:
|
13
|
+
- !ruby/object:Gem::Dependency
|
14
|
+
name: bundler
|
15
|
+
requirement: !ruby/object:Gem::Requirement
|
16
|
+
requirements:
|
17
|
+
- - "~>"
|
18
|
+
- !ruby/object:Gem::Version
|
19
|
+
version: '1.11'
|
20
|
+
type: :development
|
21
|
+
prerelease: false
|
22
|
+
version_requirements: !ruby/object:Gem::Requirement
|
23
|
+
requirements:
|
24
|
+
- - "~>"
|
25
|
+
- !ruby/object:Gem::Version
|
26
|
+
version: '1.11'
|
27
|
+
- !ruby/object:Gem::Dependency
|
28
|
+
name: rake
|
29
|
+
requirement: !ruby/object:Gem::Requirement
|
30
|
+
requirements:
|
31
|
+
- - "~>"
|
32
|
+
- !ruby/object:Gem::Version
|
33
|
+
version: '10.0'
|
34
|
+
type: :development
|
35
|
+
prerelease: false
|
36
|
+
version_requirements: !ruby/object:Gem::Requirement
|
37
|
+
requirements:
|
38
|
+
- - "~>"
|
39
|
+
- !ruby/object:Gem::Version
|
40
|
+
version: '10.0'
|
41
|
+
- !ruby/object:Gem::Dependency
|
42
|
+
name: rspec
|
43
|
+
requirement: !ruby/object:Gem::Requirement
|
44
|
+
requirements:
|
45
|
+
- - "~>"
|
46
|
+
- !ruby/object:Gem::Version
|
47
|
+
version: '3.0'
|
48
|
+
type: :development
|
49
|
+
prerelease: false
|
50
|
+
version_requirements: !ruby/object:Gem::Requirement
|
51
|
+
requirements:
|
52
|
+
- - "~>"
|
53
|
+
- !ruby/object:Gem::Version
|
54
|
+
version: '3.0'
|
55
|
+
- !ruby/object:Gem::Dependency
|
56
|
+
name: bblib
|
57
|
+
requirement: !ruby/object:Gem::Requirement
|
58
|
+
requirements:
|
59
|
+
- - ">="
|
60
|
+
- !ruby/object:Gem::Version
|
61
|
+
version: '0'
|
62
|
+
type: :runtime
|
63
|
+
prerelease: false
|
64
|
+
version_requirements: !ruby/object:Gem::Requirement
|
65
|
+
requirements:
|
66
|
+
- - ">="
|
67
|
+
- !ruby/object:Gem::Version
|
68
|
+
version: '0'
|
69
|
+
description: Ava allows you to remotely control code in another process or on another
|
70
|
+
system using TCP sockets.
|
71
|
+
email:
|
72
|
+
- d2sm10@hotmail.com
|
73
|
+
executables: []
|
74
|
+
extensions: []
|
75
|
+
extra_rdoc_files: []
|
76
|
+
files:
|
77
|
+
- ".gitignore"
|
78
|
+
- ".rspec"
|
79
|
+
- ".travis.yml"
|
80
|
+
- CODE_OF_CONDUCT.md
|
81
|
+
- Gemfile
|
82
|
+
- LICENSE.txt
|
83
|
+
- README.md
|
84
|
+
- Rakefile
|
85
|
+
- ava.gemspec
|
86
|
+
- bin/console
|
87
|
+
- bin/setup
|
88
|
+
- lib/ava.rb
|
89
|
+
- lib/ava/version.rb
|
90
|
+
- lib/client/client.rb
|
91
|
+
- lib/client/replicant.rb
|
92
|
+
- lib/controller/controller.rb
|
93
|
+
homepage: http://github.com/bblack16/ava-ruby
|
94
|
+
licenses:
|
95
|
+
- MIT
|
96
|
+
metadata: {}
|
97
|
+
post_install_message:
|
98
|
+
rdoc_options: []
|
99
|
+
require_paths:
|
100
|
+
- lib
|
101
|
+
required_ruby_version: !ruby/object:Gem::Requirement
|
102
|
+
requirements:
|
103
|
+
- - ">="
|
104
|
+
- !ruby/object:Gem::Version
|
105
|
+
version: '0'
|
106
|
+
required_rubygems_version: !ruby/object:Gem::Requirement
|
107
|
+
requirements:
|
108
|
+
- - ">="
|
109
|
+
- !ruby/object:Gem::Version
|
110
|
+
version: '0'
|
111
|
+
requirements: []
|
112
|
+
rubyforge_project:
|
113
|
+
rubygems_version: 2.4.5.1
|
114
|
+
signing_key:
|
115
|
+
specification_version: 4
|
116
|
+
summary: Ava is a remote control class for Ruby using TCP sockets.
|
117
|
+
test_files: []
|