cabal-api 0.2.2 → 0.2.3

checksums.yaml

@@ -1,7 +1,7 @@
 ---
-SHA1:
-  metadata.gz: cd02a01c7d3ca61dc9abe5a212a02490d8d3cf5c
-  data.tar.gz: 1d0971bd27184290b814153df1329274eafe6109
+SHA256:
+  metadata.gz: 24c70d80c8dd38a65574f04cbc77bdae38614fe2e3105b0a842240c29f3b7089
+  data.tar.gz: dcda1995610094348fd395abf20b540d1bd2e075327d05224e655bc908c269ff
 SHA512:
-  metadata.gz: adcc708a3dde3f62f4e4bbaa57d6b4f71a51529d981e439f6350da4f6e803dba58b3182ddedf0efff585d915a5f7c55f75be7f987ede89e33eeba5402626da70
-  data.tar.gz: 84b8cc2bcb70e489f9bd8979a67906a7aacd1cf1492c91dc041608499e31352a4a522c4268c522040ef01c695dcf63e6a38ab026940e9b3c8daba61eca7fab16
+  metadata.gz: dc299c1679cadc10822a03033ce5c1c2ffbda45bd02511ffbf284be2cc67057f56f99123cace6e81735e6fa0309559c7f51d42994241733bc2d568e90bd11329
+  data.tar.gz: 88352f6445427c63c24fdda7d994ac0098d40f2f11bdc2bb2b0a74d62dc034460c0b8f17da21f2ec4f1a0de9b5fa26a36b810cec68407db7d9c30c6bc7b3663f

data/Dockerfile

@@ -0,0 +1,16 @@
+FROM ruby:2.5.3
+
+RUN apt-get update && apt-get install -y \
+  build-essential \
+  wamerican \
+  vim
+
+RUN mkdir -p /app
+WORKDIR /app
+
+COPY . ./
+RUN gem install bundler && bundle install
+
+EXPOSE 3000
+
+CMD ["/bin/bash"]

data/cabal-api.gemspec

@@ -25,13 +25,12 @@ Gem::Specification.new do |spec|
   spec.add_development_dependency "rspec", '~> 3.3'
   spec.add_development_dependency "factis", '~> 1.0'
   spec.add_development_dependency "simplecov", '~> 0.10'
-  spec.add_development_dependency "redis"
-  spec.add_development_dependency "database_cleaner"
   spec.add_development_dependency "yard", "~> 0.8.7"
   spec.add_runtime_dependency "cabal-util", '~> 0.1'
-  spec.add_runtime_dependency "grape", '~> 0.13'
-  spec.add_runtime_dependency "ohm"
-  spec.add_runtime_dependency "ohm-contrib"
-  spec.add_runtime_dependency "bcrypt"
-  spec.add_runtime_dependency "sshkey"
+  spec.add_runtime_dependency "grape", '~> 1.2'
+  spec.add_runtime_dependency "bcrypt", '~> 3.1'
+  spec.add_runtime_dependency "sshkey", '~> 1.9'
+  spec.add_runtime_dependency 'sekrat', '~> 1.0.0'
+  spec.add_runtime_dependency 'sekrat-crypter-aes', '~> 1.0.0'
+  spec.add_runtime_dependency 'dry-struct', '~> 0.6.0'
 end

data/docker-compose.yml

@@ -0,0 +1,5 @@
+app:
+  build: .
+  command: /bin/bash
+  volumes:
+    - .:/app

data/lib/cabal/api.rb

@@ -1,11 +1,21 @@
-require 'ohm'
 require 'cabal/api/version'
 require 'cabal/api/base'
-require 'cabal/api/cluster'
-require 'cabal/api/user'
+require 'cabal/api/cluster_service'
+require 'cabal/api/user_service'
+require 'sekrat'
 
 module Cabal
-  module Api
-    Ohm.redis = Redic.new(ENV['REDIS_URL'] || 'redis://localhost:6379')
+  module API
+    STORAGE = {
+      private: Sekrat::Warehouse::Memory.new,
+      public: Sekrat::Warehouse::Memory.new,
+      users: Sekrat::Warehouse::Memory.new,
+      access_keys: Sekrat::Warehouse::Memory.new,
+      secret_keys: Sekrat::Warehouse::Memory.new,
+    }
+
+    def cluster_service
+      @cluster_service ||= ClusterService.new
+    end
   end
 end

data/lib/cabal/api/cluster_service.rb

@@ -0,0 +1,71 @@
+require 'sshkey'
+require 'cabal/util'
+require 'sekrat'
+require 'sekrat/crypter/aes'
+
+module Cabal
+  module API
+    class ClusterService
+      attr_accessor :public_keys, :private_keys
+
+      def initialize(public_warehouse: STORAGE[:public], private_warehouse: STORAGE[:private])
+        @public_keys = Sekrat.manager(warehouse: public_warehouse)
+
+        @private_keys = Sekrat.manager(warehouse: private_warehouse, crypter: Sekrat::Crypter::Aes)
+      end
+
+      def create(name)
+        sshkey = SSHKey.generate(
+          type: 'RSA',
+          bits: 2048,
+          comment: "#{name}-cabal"
+        )
+
+        write_public_key(name, sshkey) && write_private_key(name, sshkey)
+      end
+
+      def names
+        public_keys.ids
+      end
+
+      def public_key(name)
+        begin
+          public_keys.get(name, name)
+        rescue
+          nil
+        end
+      end
+
+      def private_key(name)
+        begin
+          private_keys.get(name, public_key(name))
+        rescue
+          nil
+        end
+      end
+
+      private
+      def write_public_key(name, key)
+        begin
+          public_keys.put(name, name, key.ssh_public_key)
+          true
+        rescue
+          return false
+        end
+      end
+
+      def write_private_key(name, key)
+        begin
+          private_keys.put(
+            name,
+            key.ssh_public_key,
+            key.private_key
+          )
+          true
+        rescue
+          false
+        end
+      end
+    end
+  end
+end

data/lib/cabal/api/common/authenticated.rb

@@ -1,4 +1,4 @@
-require 'cabal/api/user'
+require 'cabal/api/common/services'
 
 module Cabal
   module API
@@ -6,11 +6,15 @@ module Cabal
       module Authenticated
         def self.included(base)
           base.class_eval do
+            include Cabal::API::Common::Services
+
             helpers do
               def current_user
                 authorization = headers['Authorization'].to_s
                 access_key, signature = authorization.split(':')
-                user = Cabal::API::User.find(access_key: access_key).first
+
+                user = user_service.by_access_key(access_key)
+
                 if user && user.authenticated_with?(signature)
                   user
                 else

data/lib/cabal/api/common/mistakes.rb

@@ -4,7 +4,7 @@ module Cabal
       module Mistakes
         def self.included(base)
           base.class_eval do
-            error_formatter :txt, ->(message, backtrace, options, env) {
+            error_formatter :txt, ->(message, backtrace, options, env, original_exception) {
               message[:message]
             }
 

data/lib/cabal/api/common/private_key.rb

@@ -1,8 +1,9 @@
 require 'cabal/util'
-require 'cabal/api/cluster'
+require 'cabal/api'
 require 'cabal/api/user'
 require 'cabal/api/common/authenticated'
 require 'cabal/api/common/mistakes'
+require 'cabal/api/common/services'
 
 module Cabal
   module API
@@ -12,6 +13,7 @@ module Cabal
           base.class_eval do
             include Cabal::API::Common::Authenticated
             include Cabal::API::Common::Mistakes
+            include Cabal::API::Common::Services
 
             formatter :txt, ->(object, env) {
               object[:private_ssh_key]
@@ -32,13 +34,13 @@ module Cabal
               authenticate!
 
               cluster_name = Cabal::Util.normalize(params[:name])
-              cluster = Cabal::API::Cluster.find(name: cluster_name).first
+              key = cluster_service.private_key(cluster_name)
 
-              error_if_not_found!(cluster, cluster_name)
+              error_if_not_found!(key, cluster_name)
 
               {
-                name: cluster.name,
-                private_ssh_key: cluster.private_key
+                name: cluster_name,
+                private_ssh_key: key
               }
             end
           end

data/lib/cabal/api/common/public_key.rb

@@ -1,5 +1,6 @@
 require 'cabal/util'
-require 'cabal/api/cluster'
+require 'cabal/api'
+require 'cabal/api/common/services'
 
 module Cabal
   module API
@@ -7,15 +8,20 @@ module Cabal
       module PublicKey
         def self.included(base)
           base.class_eval do
+            include Cabal::API::Common::Services
+
             formatter :txt, ->(object, env) {
               object[:public_ssh_key]
             }
 
             get '/key/:name' do
-              cluster = Cabal::API::Cluster.by_cluster_name(params[:name])
+              name = Cabal::Util.normalize(params[:name])
+              cluster_service.create(name) unless cluster_service.names.include?(name)
+              key = cluster_service.public_key(name)
+              
               {
-                name: cluster.name,
-                public_ssh_key: cluster.public_key
+                name: name,
+                public_ssh_key: key
               }
             end
           end

data/lib/cabal/api/common/services.rb

@@ -0,0 +1,30 @@
+require 'cabal/api'
+
+module Cabal
+  module API
+    module Common
+      module Services
+        def self.included(base)
+          base.class_eval do
+            helpers do
+              def cluster_service
+                @cluster_service ||= ClusterService.new(
+                  public_warehouse: STORAGE[:public],
+                  private_warehouse: STORAGE[:private]
+                )
+              end
+
+              def user_service
+                @user_service ||= UserService.new(
+                  user_warehouse: STORAGE[:users],
+                  access_key_warehouse: STORAGE[:access_keys],
+                  secret_key_warehouse: STORAGE[:secret_keys]
+                )
+              end
+            end
+          end
+        end
+      end
+    end
+  end
+end

data/lib/cabal/api/types.rb

@@ -0,0 +1,9 @@
+require 'dry-types'
+
+module Cabal
+  module API
+    module Types
+      include Dry::Types.module
+    end
+  end
+end

data/lib/cabal/api/user.rb

@@ -1,49 +1,28 @@
-require 'ohm'
-require 'ohm/contrib'
 require 'bcrypt'
+require 'dry-struct'
 require 'securerandom'
+require 'cabal/api/types'
 
 module Cabal
   module API
-    class User < Ohm::Model
-      include Ohm::Callbacks
+    class User < Dry::Struct
+      transform_keys(&:to_sym)
 
-      # The secret key should not be saved plain, but we want to access it
-      # immediately after creation
-      attr_accessor :secret_key
+      attribute :email, Types::Strict::String
+      attribute :access_key, Types::Strict::String
+      attribute :secret_key, Types::Strict::String.default('')
+      attribute :crypted_secret_key, Types::Strict::String.default('')
+      attribute :created_at, Types::JSON::Time
 
-      attribute :email
-      attribute :access_key
-      attribute :crypted_secret_key
-
-      # Enable lookups via either the user's email or their access key.
-      index :email
-      index :access_key
-
-      # Ensure that email and access keys are unique
-      unique :email
-      unique :access_key
-
-      def before_create
-        set_access_key
-        set_secret_key
+      def crypto_key
+        "#{email}::#{created_at}::#{access_key}"
       end
 
       def authenticated_with?(secret_key)
-        return false unless crypted_secret_key
+        return false unless crypted_secret_key.length > 0
 
         BCrypt::Password.new(crypted_secret_key) == secret_key
       end
-
-      private
-      def set_access_key
-        self.access_key = SecureRandom.hex(16)
-      end
-
-      def set_secret_key
-        self.secret_key = SecureRandom.hex(32)
-        self.crypted_secret_key = BCrypt::Password.create(secret_key)
-      end
     end
   end
 end

data/lib/cabal/api/user_service.rb

@@ -0,0 +1,115 @@
+require 'bcrypt'
+require 'cabal/api/user'
+require 'json'
+require 'sekrat'
+require 'sekrat/crypter/aes'
+require 'sekrat/crypter/passthrough'
+
+module Cabal
+  module API
+    class UserService
+      attr_reader :users, :access_keys, :secret_keys
+
+      def initialize(user_warehouse: STORAGE[:users], access_key_warehouse: STORAGE[:access_keys], secret_key_warehouse: STORAGE[:secret_keys])
+        passthrough = Sekrat::Crypter::Passthrough.new
+
+        @users = Sekrat.manager(
+          warehouse: user_warehouse,
+          crypter: passthrough
+        )
+
+        @access_keys = Sekrat.manager(
+          warehouse: access_key_warehouse,
+          crypter: passthrough
+        )
+
+        @secret_keys = Sekrat.manager(
+          warehouse: secret_key_warehouse,
+          crypter: Sekrat::Crypter::Aes
+        )
+      end
+
+      def create(email)
+        secret_key = SecureRandom.hex(32)
+
+        User.new(
+          email: email,
+          access_key: SecureRandom.hex(16),
+          secret_key: secret_key,
+          crypted_secret_key: BCrypt::Password.create(secret_key).to_s,
+          created_at: Time.now.utc
+        ).tap do |user|
+          return nil unless write_user(user) &&
+            write_access_key(user) &&
+            write_secret_key(user)
+        end
+      end
+
+      def list
+        users.ids.sort
+      end
+
+      def by_email(email)
+        user = begin
+                 User.new(JSON.load(users.get(email, email)))
+               rescue
+                 return nil
+               end
+
+        crypted_secret_key = begin
+                               secret_keys.get(user.access_key, user.crypto_key)
+                             rescue
+                               return nil
+                             end
+
+        user.new(crypted_secret_key: crypted_secret_key)
+      end
+
+      def by_access_key(access_key)
+        email = begin
+                  access_keys.get(access_key, access_key)
+                rescue
+                  return nil
+                end
+
+        by_email(email)
+      end
+
+      private
+      def write_user(user)
+        begin
+          users.put(
+            user.email,
+            user.email,
+            {
+              email: user.email,
+              access_key: user.access_key,
+              created_at: user.created_at
+            }.to_json
+          )
+          true
+        rescue
+          false
+        end
+      end
+
+      def write_access_key(user)
+        begin
+          access_keys.put(user.access_key, user.access_key, user.email)
+          true
+        rescue
+          false
+        end
+      end
+
+      def write_secret_key(user)
+        begin
+          secret_keys.put(user.access_key, user.crypto_key, user.crypted_secret_key)
+          true
+        rescue
+          false
+        end
+      end
+    end
+  end
+end

data/lib/cabal/api/v3/list.rb

@@ -1,6 +1,6 @@
 require 'grape'
 require 'cabal/util'
-require 'cabal/api/cluster'
+require 'cabal/api/cluster_service'
 require 'cabal/api/user'
 require 'cabal/api/common/authenticated'
 require 'cabal/api/common/mistakes'
@@ -13,16 +13,14 @@ module Cabal
         include Cabal::API::Common::Mistakes
 
         formatter :txt, ->(object, env) {
-          object.map {|cluster| cluster[:name]}.join("\n")
+          object.map {|cluster| cluster}.join("\n")
         }
 
         get '/clusters' do
           authenticate!
 
-          Cabal::API::Cluster.
-            all.
-            sort_by(:name, order: 'ALPHA').
-            map {|cluster| {name: cluster.name}}
+          clusters = Cabal::API::ClusterService.new
+          clusters.names.sort
         end
       end
     end

data/lib/cabal/api/version.rb

@@ -1,5 +1,5 @@
 module Cabal
   module Api
-    VERSION = "0.2.2"
+    VERSION = "0.2.3"
   end
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: cabal-api
 version: !ruby/object:Gem::Version
-  version: 0.2.2
+  version: 0.2.3
 platform: ruby
 authors:
 - Dennis Walters
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2016-02-24 00:00:00.000000000 Z
+date: 2019-01-10 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler
@@ -109,131 +109,117 @@ dependencies:
       - !ruby/object:Gem::Version
         version: '0.10'
 - !ruby/object:Gem::Dependency
-  name: redis
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '0'
-  type: :development
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '0'
-- !ruby/object:Gem::Dependency
-  name: database_cleaner
+  name: yard
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: '0'
+        version: 0.8.7
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: '0'
+        version: 0.8.7
 - !ruby/object:Gem::Dependency
-  name: yard
+  name: cabal-util
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 0.8.7
-  type: :development
+        version: '0.1'
+  type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 0.8.7
+        version: '0.1'
 - !ruby/object:Gem::Dependency
-  name: cabal-util
+  name: grape
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '0.1'
+        version: '1.2'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '0.1'
+        version: '1.2'
 - !ruby/object:Gem::Dependency
-  name: grape
+  name: bcrypt
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '0.13'
+        version: '3.1'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '0.13'
+        version: '3.1'
 - !ruby/object:Gem::Dependency
-  name: ohm
+  name: sshkey
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: '0'
+        version: '1.9'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: '0'
+        version: '1.9'
 - !ruby/object:Gem::Dependency
-  name: ohm-contrib
+  name: sekrat
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: '0'
+        version: 1.0.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: '0'
+        version: 1.0.0
 - !ruby/object:Gem::Dependency
-  name: bcrypt
+  name: sekrat-crypter-aes
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: '0'
+        version: 1.0.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: '0'
+        version: 1.0.0
 - !ruby/object:Gem::Dependency
-  name: sshkey
+  name: dry-struct
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: '0'
+        version: 0.6.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: '0'
+        version: 0.6.0
 description: 
 email:
 - dwalters@engineyard.com
@@ -246,20 +232,25 @@ files:
 - ".ruby-gemset"
 - ".ruby-version"
 - ".travis.yml"
+- Dockerfile
 - Gemfile
 - LICENSE.txt
 - README.md
 - Rakefile
 - cabal-api.gemspec
+- docker-compose.yml
 - lib/cabal/api.rb
 - lib/cabal/api/base.rb
-- lib/cabal/api/cluster.rb
+- lib/cabal/api/cluster_service.rb
 - lib/cabal/api/common.rb
 - lib/cabal/api/common/authenticated.rb
 - lib/cabal/api/common/mistakes.rb
 - lib/cabal/api/common/private_key.rb
 - lib/cabal/api/common/public_key.rb
+- lib/cabal/api/common/services.rb
+- lib/cabal/api/types.rb
 - lib/cabal/api/user.rb
+- lib/cabal/api/user_service.rb
 - lib/cabal/api/v1/base.rb
 - lib/cabal/api/v1/public_key.rb
 - lib/cabal/api/v2/base.rb
@@ -289,10 +280,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubyforge_project: 
-rubygems_version: 2.4.7
+rubygems_version: 3.0.1
 signing_key: 
 specification_version: 4
 summary: A Grape API for creating and distributing SSH keys
 test_files: []
-has_rdoc: 

data/lib/cabal/api/cluster.rb

@@ -1,39 +0,0 @@
-require 'ohm'
-require 'ohm/contrib'
-require 'sshkey'
-require 'cabal/util'
-
-module Cabal
-  module API
-    class Cluster < Ohm::Model
-      include Ohm::Callbacks
-
-      # The secret key should not be saved plain, but we want to access it
-      # immediately after creation
-      attr_accessor :secret_key
-
-      attribute :name
-      attribute :private_key
-      attribute :public_key
-
-      # Enable lookups via cluster name
-      index :name
-
-      # Ensure that cluster name is unique
-      unique :name
-
-      def before_create
-        self.name = Cabal::Util.normalize(name)
-
-        sshkey = SSHKey.generate(type: 'RSA', bits: 2048, comment: "#{name}-cabal")
-        self.private_key = sshkey.private_key
-        self.public_key = sshkey.ssh_public_key
-      end
-
-      def self.by_cluster_name(name)
-        name = Cabal::Util.normalize(name)
-        find(name: name).first || create(name: name)
-      end
-    end
-  end
-end