bastille 0.0.1

data/lib/bastille.rb

@@ -0,0 +1,2 @@
+module Bastille
+end

data/lib/bastille/cli.rb

@@ -0,0 +1,29 @@
+require 'base64'
+require 'gibberish'
+require 'highline'
+require 'httparty'
+require 'multi_json'
+require 'octokit'
+require 'thor'
+require 'yaml'
+
+begin
+  require 'system_timer'
+rescue LoadError
+end
+
+require 'bastille/client'
+require 'bastille/store'
+
+require 'bastille/cli/common'
+require 'bastille/cli/token'
+require 'bastille/cli/vault'
+
+module Bastille
+  module CLI
+    class Executable < Thor
+      register Token,        :token,        Token.usage,        Token.description
+      register Vault,        :vault,        Vault.usage,        Vault.description
+    end
+  end
+end

data/lib/bastille/cli/common.rb

@@ -0,0 +1,19 @@
+module Bastille
+  module CLI
+    module Common
+      private
+
+      def ask(*args, &block)
+        highline.ask(*args, &block)
+      end
+
+      def store
+        @store ||= Store.new
+      end
+
+      def highline
+        @highline ||= HighLine.new
+      end
+    end
+  end
+end

data/lib/bastille/cli/token.rb

@@ -0,0 +1,69 @@
+module Bastille
+  module CLI
+    class Token < Thor
+      include Common
+
+      def self.usage
+        'token [TASK]'
+      end
+
+      def self.description
+        'Provides the user with tools to create and view their bastille token'
+      end
+
+      desc :new, 'Generates an OAuth token from github to authenticate against Bastille'
+      def new
+        if store.exist?
+          say 'Found a local token in ~/.bastille. Aborting new token generation. Run `bastille token delete` and run this command again to generate a new token.', :yellow
+        else
+          if yes? 'This action will require you to authenticate with Github. Are you sure you want to generate a new token?', :red
+            username = ask 'Github username: '
+            password = ask 'Password: ' do |q|
+              q.echo = false
+            end
+            domain = ask 'Where is the bastille server?: '
+            name   = ask 'What should we call this bastille token? This can be anything: '
+            if store.generate(username, password, domain, name)
+              say 'Your token has been generated and authorized with github. It is stored in ~/.bastille. <3', :green
+            else
+              say 'The username and password entered do not match. Sorry. :(', :red
+            end
+          end
+        end
+      end
+
+      desc :show, 'Prints your credentials out to the commandline'
+      def show
+        if store.exist?
+          max_number_of_spaces = store.keys.map(&:to_s).sort { |a,b| a.length <=> b.length }.last.length + 1
+          store.each do |key, value|
+            say "  #{key}#{' ' * (max_number_of_spaces - key.to_s.length)}: #{value}"
+          end
+        else
+          say 'There is no token.', :red
+        end
+      end
+
+      desc :delete, 'Deletes the token'
+      def delete
+        if yes? 'Are you sure you want to delete your token? This cannot be undone.'
+          store.delete!
+        end
+      end
+
+      desc :validate, 'Validates your token with the bastille server.'
+      def validate
+        if store.exist?
+          say 'Validating your token with the bastille server...', :green
+          if store.authenticate
+            say 'Your token is valid. \m/', :green
+          else
+            say "Github says you aren't who you say you are. o_O", :red
+          end
+        else
+          say 'Could not validate your token. There is no token at ~/.bastille. Try running `bastille token new` to generate a new token.', :red
+        end
+      end
+    end
+  end
+end

data/lib/bastille/cli/vault.rb

@@ -0,0 +1,87 @@
+module Bastille
+  module CLI
+    class Vault < Thor
+      include Common
+
+      def self.usage
+        'vault [TASK]'
+      end
+
+      def self.description
+        'Provides access to your vaults'
+      end
+
+      desc :list, 'List out existing vaults'
+      def list
+        if (response = Client.new(store).vaults).success?
+          response.body.sort.each do |owner, vaults|
+            say "  #{owner}:"
+            vaults.sort.each do |vault|
+              say "    #{vault}"
+            end
+          end
+        else
+          say response.error_message, :red
+        end
+      end
+
+      desc 'set [SPACE]:[VAULT] [KEY]=[VALUE]', 'Sets a key in the given vault'
+      def set(space_vault, key_value)
+        space, vault = space_vault.split(':')
+        return say('Expected a : delimited space and vault argument (ie. defunkt:resque)', :red) unless space && vault
+        key, value = key_value.split('=')
+        return say('Expected a key=value argument (ie. RAILS_ENV=production)', :red) unless key && value
+
+        response = Client.new(store).set(space, vault, key, value)
+        if response.success?
+          say "\"#{key} => #{value}\" has been added to the #{space}:#{vault} vault.", :green
+        else
+          say response.error_message, :red
+        end
+      end
+
+      desc 'get [SPACE]:[VAULT]', 'Retrieves the contents of a given vault'
+      def get(space_vault)
+        space, vault = space_vault.split(':')
+        return say('Expected a : delimited space and vault argument (ie. defunkt:resque)', :red) unless space && vault
+
+        response = Client.new(store).get(space, vault)
+        if response.success?
+          if response.body.empty?
+            say 'There are no keys in this vault.', :yellow
+          else
+            response.body.sort.each do |key, value|
+              say "#{key}=#{value}"
+            end
+          end
+        else
+          say response.error_message, :red
+        end
+      end
+
+      desc 'delete [SPACE]:[VAULT] (KEY)', 'Deletes the given vault, or removes the key from this vault if given.'
+      def delete(space_vault, key = nil)
+        space, vault = space_vault.split(':')
+        return say('Expected a : delimited space and vault argument (ie. defunkt:resque)', :red) unless space && vault
+
+        question = if key.nil?
+          "Are you sure you want to delete the #{space}:#{vault} vault?"
+        else
+          "Are you sure you want to remove the #{key} key from the #{space}:#{vault} vault?"
+        end
+
+        if yes?(question)
+          response = Client.new(store).delete(space, vault, key)
+          if response.success?
+            say response.body, :green
+          else
+            say response.error_message, :red
+          end
+        else
+          say 'OK, nothing was deleted.', :green
+        end
+      end
+
+    end
+  end
+end

data/lib/bastille/client.rb

@@ -0,0 +1,131 @@
+module Bastille
+  class Client
+
+    def initialize(store)
+      @store = store
+    end
+
+    def vaults
+      http Request.new(:get, '/vaults')
+    end
+
+    def set(space, vault, key, value)
+      check_for_cipher!(space, vault)
+      contents = get(space, vault).body || {}
+      contents.merge!(key => value)
+      request  = Request.new(:put, "/vaults/#{space}/#{vault}", @store.key(space, vault), contents)
+      http request
+    end
+
+    def get(space, vault)
+      check_for_cipher!(space, vault)
+      key = @store.key(space, vault)
+      http Request.new(:get, "/vaults/#{space}/#{vault}", key), key
+    end
+
+    def delete(space, vault, key)
+      check_for_cipher!(space, vault)
+      if key
+        contents = get(space, vault).body || {}
+        contents.delete(key)
+        request  = Request.new(:put, "/vaults/#{space}/#{vault}", @store.key(space, vault), contents)
+        http request
+      else
+        http Request.new(:delete, "/vaults/#{space}/#{vault}")
+      end
+    end
+
+    def authenticate!
+      http Request.new(:get, '/authenticate')
+    end
+
+    private
+
+    def check_for_cipher!(space, vault)
+      existing_vaults = vaults.body
+      if existing_vaults[space] && existing_vaults[space].index(vault) && !@store.key(space, vault, :test)
+        raise 'You are trying to access a vault that you do not have a key for. Try adding the cipher to the cipher list in ~/.bastille'
+      end
+    end
+
+    def http(request, key = nil)
+      if [:get, :post, :put, :delete].include?(request.method)
+        url = domain + request.path
+        options = request.options.merge!(:headers => headers)
+        respond_to HTTParty.send(request.method, url, options), key
+      end
+    end
+
+    def headers
+      {
+        'X-BASTILLE-USERNAME' => @store.username,
+        'X-BASTILLE-TOKEN'    => @store.token
+      }
+    end
+
+    def domain
+      @store.domain
+    end
+
+    def respond_to(response, key)
+      Response.new(response, key)
+    end
+  end
+
+  class Request
+    attr_reader :method, :path
+
+    def initialize(method, path, key = nil, contents = nil)
+      @method   = method
+      @path     = path
+      @key      = key
+      @contents = contents
+    end
+
+    def options
+      if @contents
+        if @key
+          cipher   = Gibberish::AES.new(@key)
+          contents = MultiJson.dump(@contents)
+          contents = cipher.encrypt(contents)
+          contents = Base64.encode64(contents)
+        end
+        { :body => { :contents => contents } }
+      else
+        {}
+      end
+    end
+
+  end
+
+  class Response
+    SUCCESS_CODES = 200..299
+
+    def initialize(response, key = nil)
+      @response = response
+      @key      = key
+    end
+
+    def body
+      contents = @response.body
+      if @key && success? && !@response.body.empty?
+        cipher   = Gibberish::AES.new(@key)
+        contents = Base64.decode64(@response.body)
+        contents = cipher.decrypt(contents)
+      end
+      @body ||= MultiJson.load(contents)
+    end
+
+    def body=(body)
+      @body = body
+    end
+
+    def success?
+      SUCCESS_CODES.include?(@response.code.to_i)
+    end
+
+    def error_message
+      body.fetch('error')
+    end
+  end
+end

data/lib/bastille/hub.rb

@@ -0,0 +1,32 @@
+module Bastille
+  class Hub
+
+    def initialize(username, token)
+      @login = username
+      @oauth = token
+    end
+
+    def authenticate!
+      client.ratelimit
+      true
+    rescue Octokit::Unauthorized
+      false
+    end
+
+    def spaces
+      [@login] + client.organizations.collect(&:login)
+    end
+
+    def member_of_space?(space)
+      spaces.include?(space)
+    end
+
+    private
+
+    def client
+      raise Octokit::Unauthorized unless @login && @oauth
+      @client ||= Octokit::Client.new(:login => @login, :oauth_token => @oauth)
+    end
+
+  end
+end

data/lib/bastille/server.rb

@@ -0,0 +1,120 @@
+require 'multi_json'
+require 'octokit'
+require 'redis'
+require 'redis/namespace'
+require 'sinatra'
+
+begin
+  require 'system_timer'
+rescue LoadError
+end
+
+require 'bastille/hub'
+require 'bastille/space'
+
+module Bastille
+  class Server < Sinatra::Base
+    configure :production, :development do
+      enable :logging
+      set :raise_errors, Proc.new { false }
+      set :show_exceptions, false
+    end
+
+    before do
+      if authenticated?
+        pass
+      else
+        halt 401, MultiJson.dump(:error => "Github is saying that you aren't who you say you are. Try checking your credentials.")
+      end
+    end
+
+    not_found do
+      status 404
+      MultiJson.dump(:error => "Could not find this action on the Bastille server.")
+    end
+
+    error do
+      MultiJson.dump(:error => "We're sorry. Looks like there was an error processing your request.")
+    end
+
+    get '/vaults' do
+      json = {}
+      spaces.each do |space|
+        json[space] = Space.new(space).all
+      end
+      MultiJson.dump(json)
+    end
+
+    put '/vaults/:space/:vault' do
+      space    = params.fetch('space')
+      vault    = params.fetch('vault')
+      contents = params.fetch('contents')
+
+      authorize_space_access!(space)
+
+      space = Space.new(space)
+      space.set(vault, contents)
+      MultiJson.dump('OK!')
+    end
+
+    get '/vaults/:space/:vault' do
+      space = params.fetch('space')
+      vault = params.fetch('vault')
+
+      authorize_space_access!(space)
+
+      space = Space.new(space)
+      space.get(vault)
+    end
+
+    delete '/vaults/:space/:vault' do
+      space = params.fetch('space')
+      vault = params.fetch('vault')
+
+      authorize_space_access!(space)
+
+      space = Space.new(space)
+      space.delete(vault)
+      MultiJson.dump('OK!')
+    end
+
+    get '/authenticate' do
+      MultiJson.dump('OK!')
+    end
+
+    private
+
+    def authenticated?
+      logger.info "Authenticating #{username} with Github"
+      hub.authenticate!
+    end
+
+    def authorize_space_access!(space)
+      unless hub.member_of_space?(space)
+        error = <<-RESPONSE.gsub(/\s+/, ' ').strip
+          Github is saying that you are not the owner of this space.
+          Your spaces are #{spaces.inspect}
+        RESPONSE
+
+        halt 401, MultiJson.dump(:error => error)
+      end
+    end
+
+    def hub
+      @hub ||= Hub.new(username, token)
+    end
+
+    def username
+      @username ||= env['HTTP_X_BASTILLE_USERNAME']
+    end
+
+    def token
+      @token ||= env['HTTP_X_BASTILLE_TOKEN']
+    end
+
+    def spaces
+      @spaces ||= hub.spaces
+    end
+
+  end
+end