bcome 1.3.3 → 2.0.0

data/lib/objects/driver/gcp/authentication/api_key.rb

@@ -0,0 +1,6 @@
+# frozen_string_literal: true
+
+module Bcome::Driver::Gcp::Authentication
+  class ApiKey
+  end
+end

data/lib/objects/driver/gcp/authentication/base.rb

@@ -0,0 +1,36 @@
+# frozen_string_literal: true
+
+module Bcome::Driver::Gcp::Authentication
+  class Base
+    include ::Bcome::LoadingBar::Handler
+
+    ## Overrides
+    def authorized?
+      raise 'Should be overidden'
+    end
+
+    ## Loading bar -
+
+    def loader_title
+      'Authenticating' + "\s#{@driver.pretty_provider_name.bc_blue.bold}\s#{@driver.pretty_resource_location.underline}".bc_green
+    end
+
+    ## Credential helpers --
+
+    def credential_directory
+      '.gauth'
+    end
+
+    def full_path_to_credential_file
+      "#{credential_directory}/#{credential_file}"
+    end
+
+    def credential_file
+      "#{@node.keyed_namespace}:#{credential_file_suffix}"
+    end
+
+    def ensure_credential_directory
+      `mkdir -p #{credential_directory}`
+    end
+  end
+end

data/lib/objects/driver/gcp/authentication/oauth.rb

@@ -0,0 +1,96 @@
+# frozen_string_literal: true
+
+require 'google/api_client/auth/storage'
+require 'google/api_client/auth/storages/file_store'
+require 'google/api_client/client_secrets'
+
+module Bcome::Driver::Gcp::Authentication
+  class Oauth < Base
+    include Utilities
+
+    credential_directory = '.gauth'
+
+    attr_reader :scopes, :secrets_filename, :service, :client_config
+
+    def initialize(driver, service, client_config, node)
+      @service = service
+      @scopes = client_config.scopes
+      @node = node
+      @driver = driver
+      @client_config = client_config
+      @secrets_filename = client_config.secrets_filename
+      @path_to_secrets = "#{credential_directory}/#{@secrets_filename}"
+
+      raise ::Bcome::Exception::Generic, "Missing OAuth 2.0 client secrets file from GCP network configuration. Cannot find '#{@path_to_secrets}'" unless File.exist?(@path_to_secrets) && File.file?(@path_to_secrets)
+
+      # All credentials are held in .gauth
+      ensure_credential_directory
+    end
+
+    def authorized?
+      storage && !@storage.authorization.nil?
+    end
+
+    def credential_file_suffix
+      'oauth2.json'
+    end
+
+    def authorize!
+      @service.authorization = storage.authorize
+    end
+
+    def client_secrets
+      @client_secrets ||= load_client_secrets
+    end
+
+    def load_client_secrets
+      ::Google::APIClient::ClientSecrets.load(@path_to_secrets)
+    rescue Exception => e
+      raise ::Bcome::Exception::MissingOrInvalidClientSecrets, "#{@path_to_secrets}. Gcp exception: #{e.class} #{e.message}"
+    end
+
+    def storage
+      @storage ||= ::Google::APIClient::Storage.new(Google::APIClient::FileStore.new(full_path_to_credential_file))
+    end
+
+    def credential_file
+      # If an authorization has the same scopes & secrets file, it is the same authorization. Hence we store the resulting oauth2 access credentials as the same file. This allows
+      # re-use of authorizations and prevents multiple oauth loops.
+      "#{@client_config.checksum}:#{credential_file_suffix}"
+    end
+
+    def do!
+      authorize!
+      if @storage.authorization.nil?
+        # Total bloat from google here. Thanks google... requiring at last possible moment.
+        require 'google/api_client/auth/installed_app'
+
+          wrap_indicator type: :basic, title: loader_title, completed_title: '' do
+          flow = Google::APIClient::InstalledAppFlow.new(
+            client_id: client_secrets.client_id,
+            client_secret: client_secrets.client_secret,
+            scope: @scopes
+          )
+ 
+          ## Override the redirected-to screen so that clearer instruction can be given          
+          flow.class.send(:remove_const,'RESPONSE_BODY') if flow.class.const_defined?('RESPONSE_BODY')
+          flow.class.send(:const_set,'RESPONSE_BODY', oauth_redirect_html)
+
+          begin
+             @service.authorization = flow.authorize(storage)
+             signal_success
+          rescue ArgumentError => e
+            signal_failure
+            raise ::Bcome::Exception::MissingOrInvalidClientSecrets, "#{@path_to_secrets}. Gcp exception: #{e.class} #{e.message}"
+           end
+        end
+      end
+
+      @service
+    end
+
+    def notify_success
+      print "[\s" + "Credentials file written to\s" + full_path_to_credential_file + "\s]" + "\n"
+    end
+  end
+end

data/lib/objects/driver/gcp/authentication/oauth_client_config.rb

@@ -0,0 +1,22 @@
+# frozen_string_literal: true
+
+require 'digest/md5'
+
+module Bcome::Driver::Gcp::Authentication
+  class OauthClientConfig
+    attr_reader :scopes, :secrets_filename
+
+    def initialize(scopes, secrets_filename)
+      @scopes = scopes
+      @secrets_filename = secrets_filename
+    end
+
+    def ==(other)
+      checksum == other.checksum
+    end
+
+    def checksum
+      @checksum ||= ::Digest::MD5.hexdigest(Marshal.dump("#{@scopes}-#{@secrets_filename}"))
+    end
+  end
+end

data/lib/objects/driver/gcp/authentication/oauth_session_store.rb

@@ -0,0 +1,22 @@
+# frozen_string_literal: true
+
+module Bcome::Driver::Gcp::Authentication
+  class OauthSessionStore
+    include Singleton
+
+    def initialize
+      @oauth_sessions = []
+    end
+
+    def in_memory_session_for(oauth_client_config)
+      existing_session = @oauth_sessions.detect do |session|
+        session.client_config == oauth_client_config
+      end
+      existing_session
+    end
+
+    def <<(session)
+      @oauth_sessions << session
+    end
+  end
+end

data/lib/objects/driver/gcp/authentication/service_account.rb

@@ -0,0 +1,62 @@
+# frozen_string_literal: true
+
+module Bcome::Driver::Gcp::Authentication
+  class ServiceAccount < Base
+    def initialize(service, scopes, node, credentials_file_name, driver)
+      @service = service
+      @scopes = scopes
+      @node = node
+      @driver = driver
+      @credentials_file_name = credentials_file_name
+      ensure_credential_directory
+      ensure_credentials_file
+    end
+
+    def do!
+      @service.authorization = service_account
+    end
+
+    def authorized?
+      !@service.authorization.nil?
+    end
+
+    def service_account
+      @service_account ||= ::Bcome::Driver::Gcp::Authentication::SignetServiceAccountClient.new(@scopes, credentials_file_path)
+    end
+
+    def credentials_file_path
+      has_namespaced_keyed_filename? ? namespaced_keyed_filename : defined_credentials_files
+    end
+
+    def ensure_credentials_file
+      return if has_namespaced_keyed_filename?
+      raise ::Bcome::Exception::MissingGcpServiceAccountCredentialsFilename unless @credentials_file_name
+    end
+
+    ## New implementation - we take a defined file name for the service account credentials
+    ## Clean & may be re-used
+    def defined_credentials_files
+      "#{credential_directory}/#{@credentials_file_name}"
+    end
+
+    def has_namespaced_keyed_filename?
+      @has_namespaced_keyed_filename ||= File.exist?(namespaced_keyed_filename)
+    end
+
+    ## Older implementation - we infer the credentials file from the namespace
+    ## Retained to provide backwards compatibility
+    def namespaced_keyed_filename
+      full_path_to_credential_file
+    end
+
+    def credential_file_suffix
+      'service-account.json'
+    end
+    #######################################
+
+    def authorize!
+      storage.authorize
+      @service.authorization = storage.authorization
+    end
+  end
+end

data/lib/objects/driver/gcp/authentication/signet/service_account.rb

@@ -0,0 +1,27 @@
+# frozen_string_literal: true
+
+module Bcome::Driver::Gcp::Authentication
+  class SignetServiceAccountClient < Signet::OAuth2::Client
+    def initialize(scopes, service_account_json_path)
+      @scopes = scopes
+      @service_account_json_path = service_account_json_path
+      raise ::Bcome::Exception::GcpAuthServiceAccountMissingCredentials, @service_account_json_path unless File.exist?(@service_account_json_path)
+    end
+
+    def fetch_access_token(_options = {})
+      token = authorizer.fetch_access_token!
+      token
+    end
+
+    def authorize
+      @token ||= fetch_access_token
+    end
+
+    def authorizer
+      authorizer = Google::Auth::ServiceAccountCredentials.make_creds(
+        json_key_io: File.open(@service_account_json_path),
+        scope: @scopes
+      )
+    end
+  end
+end

data/lib/objects/driver/gcp/authentication/utilities.rb

@@ -0,0 +1,42 @@
+module Bcome::Driver::Gcp::Authentication::Utilities
+
+  def oauth_redirect_html
+    ## [GR] Style rules: Explicitly no assets to be pulled from bcome remote (no tracking). Inline styles only.
+    ## Made an exception for the google font, as the user is already oauthing against google in any case.
+    <<-HTML
+      <html>
+        <head>
+          <script>
+            function closeWindow() {
+              window.open('', '_self', '');
+              window.close();
+            }
+            setTimeout(closeWindow, 10);
+          </script>
+        </head>
+        <style>
+          @import url("https://fonts.googleapis.com/css2?family=Catamaran:wght@200;500&display=swap");
+
+          body {
+            font-family: 'Catamaran', sans-serif;
+            font-weight: 200;
+            color: #3E4E60;
+          }
+        </style>
+        <body>#{oauth_redirect_body}</body>
+      </html>
+    HTML
+  end
+
+  def oauth_redirect_body
+    <<-HTML
+     <p>
+       OAuth redirection for namespace <strong>#{@node.keyed_namespace}</strong> complete.
+     </p>
+     <p>
+       You may close this window and return to the Bcome Console.
+     </p>
+    HTML
+  end
+
+end

data/lib/objects/encryptor.rb

@@ -1,8 +1,12 @@
+# frozen_string_literal: true
+
+require 'diffy'
+
 module Bcome
   class Encryptor
-
-    UNENC_SIGNIFIER = "".freeze  
-    ENC_SIGNIFIER = "enc".freeze
+    UNENC_SIGNIFIER = ''
+    ENC_SIGNIFIER = 'enc'
+    AFFIRMATIVE = 'yes'
 
     include Singleton
 
@@ -19,13 +23,23 @@ module Bcome
       else
         puts "\nNo unencrypted files to encrypt.\n".warning
       end
-      return
+      nil
     end
 
     def prompt_for_key
-      print "Please enter an encryption key (and if your data is already encrypted, you must provide the same key): ".informational
+      puts "\n"
+      print 'Please enter an encryption key (and if your data is already encrypted, you must provide the same key): '.informational
       @key = STDIN.noecho(&:gets).chomp
+      # puts "\n"
+    end
+
+    def prompt_to_overwrite
+      valid_answers = [AFFIRMATIVE, 'no']
       puts "\n"
+      print "Do you want to continue with unpacking this file? Your local changes would be overwritten [#{valid_answers.join(',')}]\s"
+      answer = STDIN.gets.chomp
+      prompt_to_overwrite unless valid_answers.include?(answer)
+      answer
     end
 
     def has_encrypted_files?
@@ -46,45 +60,117 @@ module Bcome
 
     def unpack
       prompt_for_key
-      toggle_packed_files(all_encrypted_filenames,:decrypt)
-      return
+      toggle_packed_files(all_encrypted_filenames, :decrypt)
+      nil
+    end
+
+    def decrypt_file_data(filename)
+      raw_contents = File.read(filename)
+      raw_contents.send(:decrypt, @key)
+    end
+
+    def enc_file_diff(filename)
+      # Get decrypted file data
+      decrypted_data_for_filename = decrypt_file_data(filename)
+
+      # Get unpacked file data
+      opposing_filename = opposing_file_for_filename(filename)
+      return nil unless File.exist?(opposing_filename)
+
+      unpacked_file_data = File.read(opposing_filename)
+
+      # there are no differences
+      return nil if decrypted_data_for_filename.eql?(unpacked_file_data)
+
+      get_diffs(unpacked_file_data, decrypted_data_for_filename)
+    end
+
+    def opposing_file_for_filename(filename)
+      filename =~ %r{#{path_to_metadata}/(.+)\.enc}
+      "#{path_to_metadata}/#{Regexp.last_match(1)}"
+    end
+
+    def get_diffs(file_one, file_two)
+      diffy = ::Diffy::SplitDiff.new(file_one, file_two)
+      left_diffs = diffy.left.split("\n").each_with_index.collect { |l, index| "#{index + 1}:\s#{l}" }
+      right_diffs = diffy.right.split("\n").each_with_index.collect { |l, index| "#{index + 1}:\s#{l}" }
+
+      diffed_lines = (left_diffs + right_diffs).select { |line| line =~ /^[0-9]+:\s[+-](.+)$/ }
+      return nil if diffed_lines.empty?
+
+      diffed_lines.collect do |line|
+        line =~ /^[0-9]+:\s\+(.+)$/ ? line.bc_green : line.bc_red
+      end.join("\n")
+    end
+
+    def diff
+      prompt_for_key
+      puts "\n"
+      all_encrypted_filenames.each do |filename|
+        opposing_file = opposing_file_for_filename(filename)
+        if File.exist?(opposing_file)
+          if diffs = enc_file_diff(filename)
+            puts "\n[+/-]\s".warning + filename + "\sis different to your local unpacked version\n\n"
+            puts diffs + "\n\n"
+          else
+            puts filename.to_s.informational + "\s- no differences".bc_green
+          end
+        else
+          puts filename.to_s.informational + "\s- new file".warning
+        end
+      end
+      puts "\n"
     end
 
     def toggle_packed_files(filenames, packer_method)
-      raise "Missing encryption key. Please set an encryption key" unless @key
+      raise 'Missing encryption key. Please set an encryption key' unless @key
+
       filenames.each do |filename|
         # Get raw
         raw_contents = File.read(filename)
- 
+
         if packer_method == :decrypt
-          filename =~ /#{path_to_metadata}\/(.+)\.enc/
-          opposing_filename = $1
-          action = "Unpacking"
+          filename =~ %r{#{path_to_metadata}/(.+)\.enc}
+          opposing_filename = Regexp.last_match(1)
+          action = 'Unpacking'
+
+          # Skip unpacking a file if there are local modifications that the user does not want to lose.
+          if diffs = enc_file_diff(filename)
+            puts "\n[+/-]\s".warning + filename + "\sis different to your local unpacked version\n\n"
+            puts diffs
+
+            if prompt_to_overwrite != AFFIRMATIVE
+              puts "\n\nskipping\s".warning + filename + "\n"
+              next
+            end
+            puts "\n"
+          end
         else
-          filename =~ /#{path_to_metadata}\/(.*)/
-          opposing_filename = "#{$1}.enc"
-          action = "Packing"
-        end       
+          filename =~ %r{#{path_to_metadata}/(.*)}
+          opposing_filename = "#{Regexp.last_match(1)}.enc"
+          action = 'Packing'
+        end
 
         # Write encrypted/decryption action
         enc_decrypt_result = raw_contents.send(packer_method, @key)
+        print "\n\n"
         puts "#{action}\s".informational + filename + "\sto\s".informational + "#{path_to_metadata}/" + opposing_filename
         write_file(opposing_filename, enc_decrypt_result)
       end
       puts "\ndone".informational
-    end  
- 
+    end
+
     def path_to_metadata
-      "bcome/metadata"
+      'bcome/metadata'
     end
 
     def write_file(filename, contents)
       filepath = "#{path_to_metadata}/#{filename}"
-      File.open("#{filepath}", 'w') { |f| f.write(contents) }
+      File.open(filepath.to_s, 'w') { |f| f.write(contents) }
     end
- 
+
     def all_unencrypted_filenames
-      Dir["#{metadata_path}/*"].reject {|f| f =~ /\.enc/}  
+      Dir["#{metadata_path}/*"].reject { |f| f =~ /\.enc/ }
     end
 
     def all_encrypted_filenames
@@ -92,8 +178,7 @@ module Bcome
     end
 
     def metadata_path
-      "bcome/metadata"
+      'bcome/metadata'
     end
-
   end
 end