conf_conf 1.0.2 → 2.0.2

data/lib/conf_conf/project.rb

@@ -0,0 +1,20 @@
+module ConfConf
+  class Project
+    attr_reader :developers, :environments
+
+    def initialize
+      @developers   = Developers.load(self)
+      @environments = Environments.new(self)
+    end
+
+    def inconsistencies(environment)
+      all_environment_variable_names = Set.new
+
+      environments.to_a.each do |other_environment|
+        all_environment_variable_names += other_environment.variables.keys
+      end
+
+      all_environment_variable_names - environment.variables.keys
+    end
+  end
+end

data/lib/conf_conf/project/developer.rb

@@ -0,0 +1,38 @@
+require 'rbnacl'
+require 'base64'
+
+module ConfConf
+  class Project
+    class Developer < Struct.new(:pretty_public_key, :pretty_private_key)
+      def self.current
+        user_config_path = File.join(File.expand_path('~'), '.conf_conf.json')
+
+        if File.exists?(user_config_path)
+          user_config = MultiJson.load(File.read(user_config_path))
+
+        else
+          private_key        = RbNaCl::PrivateKey.generate
+          pretty_private_key = Base64.strict_encode64(private_key.to_s)
+          pretty_public_key  = Base64.strict_encode64(private_key.public_key.to_s)
+
+          user_config = {
+            'public_key'  => pretty_public_key,
+            'private_key' => pretty_private_key
+          }
+
+          File.write(user_config_path, MultiJson.dump(user_config))
+        end
+
+        Developer.new(user_config['public_key'], user_config['private_key'])
+      end
+
+      def private_key
+        Base64.decode64(pretty_private_key)
+      end
+
+      def public_key
+        Base64.decode64(pretty_public_key)
+      end
+    end
+  end
+end

data/lib/conf_conf/project/developers.rb

@@ -0,0 +1,48 @@
+module ConfConf
+  class Project
+    class Developers < Struct.new(:project)
+      class << self
+        def load(project)
+          developers      = Developers.new(project)
+
+          if File.exists?(Developers.path)
+            developers_json   = File.read(Developers.path)
+            developers_keys   = MultiJson.load(developers_json)
+            developers.keys   = developers_keys
+          end
+
+          developers
+        end
+
+        def path
+          File.join('config', 'conf_conf', 'developers.json')
+        end
+      end
+
+      def add(developer)
+        keys.add(developer.pretty_public_key).to_a
+      end
+
+      def remove(developer)
+        keys.delete(developer.pretty_public_key).to_a
+      end
+
+      def keys=(keys)
+        @keys = Set.new(keys)
+      end
+
+      def keys
+        @keys ||= Set.new
+      end
+
+      def to_a
+        keys.collect { |key| Developer.new(key) }
+      end
+
+      def save
+        developers_json = MultiJson.dump(keys.to_a)
+        File.write(Developers.path, developers_json)
+      end
+    end
+  end
+end

data/lib/conf_conf/project/environment.rb

@@ -0,0 +1,53 @@
+module ConfConf
+  class Project
+    class Environment < Struct.new(:project, :name, :variables, :schema)
+      class << self
+        def load(project, name)
+          ConfConf::Project::Environment::Storage.load_project_environment(project, name)
+        end
+      end
+
+      def initialize(*args)
+        super
+        self.variables  ||= {}
+        self.schema     ||= {}
+      end
+
+      def get(variable_name)
+        variable_name = normalized_variable_name(variable_name)
+        variables[variable_name]
+      end
+
+      def set(variable_name, variable_value)
+        variable_name = normalized_variable_name(variable_name)
+
+        if variables[variable_name] != variable_value
+          schema.delete variable_name
+        end
+
+        if schema[variable_name] && schema[variable_name]['access']
+          schema[variable_name]['access'] = (project.developers.keys + schema[variable_name]['access']).to_a
+        else
+          schema[variable_name] = { 'access' => project.developers.keys.to_a }
+        end
+
+        variables[variable_name] = variable_value
+      end
+
+      def remove(variable_name)
+        variable_name = normalized_variable_name(variable_name)
+        schema.delete variable_name
+        variables.delete variable_name
+      end
+
+      def save
+        ConfConf::Project::Environment::Storage.save_project_environment(project, self)
+      end
+
+      private
+      def normalized_variable_name(variable_name)
+        variable_name.strip.upcase
+      end
+    end
+  end
+end

data/lib/conf_conf/project/environment/storage.rb

@@ -0,0 +1,58 @@
+module ConfConf
+  class Project
+    class Environment
+      class NotAuthorizedError < StandardError; end;
+
+      class Storage
+        def self.load_project_environment(project, environment_name)
+          current_developer = ConfConf::Project::Developer.current
+          environment_config_file_path = File.join('config', 'conf_conf', 'environments', "#{environment_name}.json")
+
+          if File.exists?(environment_config_file_path)
+            environment_config       = MultiJson.load(File.read(environment_config_file_path))
+            environment_schema       = environment_config['schema']
+            author_public_key        = Base64.decode64(environment_config['author_public_key'])
+            encrypted_environment_secret_key   = environment_config['encrypted_environment_secret_key'][current_developer.pretty_public_key]
+
+            raise NotAuthorizedError if encrypted_environment_secret_key.nil?
+
+            box = RbNaCl::SimpleBox.from_keypair(author_public_key, current_developer.private_key)
+            environment_secret_key = box.decrypt(encrypted_environment_secret_key)
+
+            box = RbNaCl::SimpleBox.from_secret_key(environment_secret_key)
+            decrypted_environment_variables_json = box.decrypt(environment_config["encrypted_environment"])
+
+            environment_variables = MultiJson.load(decrypted_environment_variables_json)
+          else
+            environment_variables = {}
+            environment_schema = {}
+          end
+
+          Environment.new(project, environment_name, environment_variables, environment_schema)
+        end
+
+        def self.save_project_environment(project, environment)
+          author = ConfConf::Project::Developer.current
+
+          environment_config = {}
+          environment_config[:author_public_key] = author.pretty_public_key
+          environment_config[:schema] = environment.schema
+
+          environment_secret_key = RbNaCl::Random.random_bytes(RbNaCl::SecretBox.key_bytes)
+          project.developers.add(author)
+
+          environment_config[:encrypted_environment_secret_key] = project.developers.to_a.inject({}) do |keys,developer|
+            box = RbNaCl::SimpleBox.from_keypair(developer.public_key, author.private_key)
+            keys[developer.pretty_public_key] = box.encrypt(environment_secret_key); keys
+          end
+
+          box = RbNaCl::SimpleBox.from_secret_key(environment_secret_key)
+          environment_config[:encrypted_environment] = box.encrypt(MultiJson.dump(environment.variables))
+
+          environment_config_file_path = File.join('config', 'conf_conf', 'environments', "#{environment.name}.json")
+          File.write(environment_config_file_path, MultiJson.dump(environment_config))
+        end
+      end
+    end
+  end
+end

data/lib/conf_conf/project/environments.rb

@@ -0,0 +1,24 @@
+module ConfConf
+  class Project
+    class Environments < Struct.new(:project)
+      def length
+        Dir["config/conf_conf/environments/*.json"].length
+      end
+
+      def remove(name)
+        FileUtils.rm_f("config/conf_conf/environments/#{name}.json")
+      end
+
+      def to_a
+        Dir["config/conf_conf/environments/*.json"].collect do |path|
+          environment_name = File.basename(path, File.extname(path))
+          self[environment_name]
+        end
+      end
+
+      def [](name)
+        Environment.load(project, name)
+      end
+    end
+  end
+end

data/lib/conf_conf/remote.rb

@@ -0,0 +1,40 @@
+module ConfConf
+  ## Interfaces with the conf_conf.io system
+  module Remote
+    SAVE_ENVIRONMENT_URL = "https://api.conf_conf.io/save"
+    LOAD_ENVIRONMENT_URL = "https://api.conf_conf.io/load" 
+
+    def self.save_environment(environment)
+      request = HTTPI::Request.new
+      request.url = SAVE_ENVIRONMENT_URL
+      request.body = { 
+                        project:  environment.project, 
+                        name:     environment.name, 
+                        encrypted_env_variables:  environment.encrypted_env_variables 
+                     }
+
+      response = HTTPI.post(request)
+
+      raise ConfConf::Remote::SaveException.new(response.body) if response.error?
+    end
+
+    def self.load_environment(project, name)
+      request = HTTPI::Request.new
+      request.url = LOAD_ENVIRONMENT_URL
+      request.body = { 
+                       project: project,
+                       name: name
+                     }
+
+      response = HTTPI.post(request)
+
+      raise ConfConf::Remote::LoadException.new(response.body) if response.error?
+
+      parsed_response = MultiJson.load(response.body) 
+
+      environment = Environment.new(parsed_response.project, parsed_response.name)
+      environment.encrypted_env_variables = parsed_response.encrypted_env_variables
+      environment
+    end
+  end
+end

data/lib/conf_conf/user.rb

@@ -0,0 +1,38 @@
+require 'base64'
+require 'rbnacl/libsodium'
+require 'conf_conf/config'
+
+module ConfConf
+  class User < Struct.new(:public_key, :private_key)
+    class << self
+      def current
+        config = Config.load
+        User.new(config.public_key, config.private_key)
+      end
+    end
+
+    class Config < ConfConf::Config
+      def self.path
+        File.join(File.expand_path('~'), '.conf_conf.json')
+      end
+
+      config_attr :public_key, default: :new_public_key
+      config_attr :private_key, default: :new_private_key
+
+      private
+      def new_public_key
+        generate_keys! and @public_key
+      end
+
+      def new_private_key
+        generate_keys! and @private_key
+      end
+
+      def generate_keys!
+        @key ||= RbNaCl::PrivateKey.generate
+        @private_key = Base64.strict_encode64(@key.to_s)
+        @public_key = Base64.strict_encode64(@key.public_key.to_s)
+      end
+    end
+  end
+end

data/spec/project/developers_spec.rb

@@ -0,0 +1,25 @@
+require 'spec_helper'
+
+describe ConfConf::Project::Developers do
+  let(:developer) { ConfConf::Project::Developer.new(pretty_public_key) }
+  let(:pretty_public_key) { Base64.strict_encode64('hello') }
+
+  before do
+    stub_const('File', MockFile)
+  end
+
+  it 'adds a new developer to config/conf_conf/developers.json' do
+    subject.add(developer)
+    subject.save
+
+    expect(subject.keys.length).to eq(1)
+    expect(subject.keys.first).to eq(pretty_public_key)
+    expect(File.exists?('config/conf_conf/developers.json')).to be(true)
+  end
+
+  it 'removes a developer from config/conf_conf/developers.json' do
+    subject.add(developer)
+    subject.remove(developer)
+    expect(subject.keys.length).to eq(0)
+  end
+end

data/spec/project/environment/storage_spec.rb

@@ -0,0 +1,91 @@
+require 'spec_helper'
+
+describe ConfConf::Project::Environment::Storage do
+  before do
+    stub_const('RbNaCl', MockRbNaCl)
+    stub_const('File', MockFile)
+  end
+
+  let(:developer) {
+    pretty_public_key  = Base64.strict_encode64(developer_private_key.public_key.to_s)
+    ConfConf::Project::Developer.new(pretty_public_key)
+  }
+
+  let(:developer_private_key) {
+    RbNaCl::PrivateKey.generate
+  }
+
+  let(:project) {
+    project = ConfConf::Project.new
+    project.developers.add(developer)
+    project.developers.save
+    project
+  }
+
+  let(:environment) {
+    instance_double('ConfConf::Environment', {
+      name: environment_name,
+      schema: {},
+      variables: { 'VAR1' => 'VAL1' }
+    })
+  }
+
+  let(:environment_name) {
+    "environment-#{rand(10e6)}"
+  }
+
+  it 'encrypts and saves an environment' do
+    described_class.save_project_environment(project, environment)
+    expect(File.fs).to include("config/conf_conf/environments/#{environment_name}.json")
+
+    encrypted_environment_json   = File.read("config/conf_conf/environments/#{environment_name}.json")
+    encrypted_environment_config = MultiJson.load(encrypted_environment_json)
+    encrypted_environment        = RbNaCl::Info.new(encrypted_environment_config['encrypted_environment'])
+
+    expect(encrypted_environment.secret_key_encrypted?).to be(true)
+  end
+
+  it 'adds an encrypted version of the secret key for the author' do
+    described_class.save_project_environment(project, environment)
+
+    encrypted_environment_json   = File.read("config/conf_conf/environments/#{environment_name}.json")
+    encrypted_environment_config = MultiJson.load(encrypted_environment_json)
+
+    author_public_key = encrypted_environment_config["author_public_key"]
+    developer_public_keys = encrypted_environment_config["encrypted_environment_secret_key"].keys
+    expect(developer_public_keys).to include(author_public_key)
+  end
+
+  it 'loads an encrypted environment as an author' do
+    described_class.save_project_environment(project, environment)
+    environment = described_class.load_project_environment(project, environment_name)
+
+    expect(environment).to be_a(ConfConf::Project::Environment)
+    expect(environment.variables['VAR1']).to eq('VAL1')
+  end
+
+  it 'loads an encrypted environment as an authorized developer' do
+    described_class.save_project_environment(project, environment)
+
+    pretty_developer_private_key = Base64.strict_encode64(developer_private_key.to_s)
+    current_developer = ConfConf::Project::Developer.new(developer.pretty_public_key, pretty_developer_private_key)
+    expect(ConfConf::Project::Developer).to receive(:current).and_return(current_developer)
+
+    environment = described_class.load_project_environment(project, environment_name)
+    expect(environment).to be_a(ConfConf::Project::Environment)
+  end
+
+  it 'fails to load an encrypted environment when not authenticated' do
+    described_class.save_project_environment(project, environment)
+
+    private_key        = RbNaCl::PrivateKey.generate
+    pretty_private_key = Base64.strict_encode64(private_key.to_s)
+    pretty_public_key  = Base64.strict_encode64(private_key.public_key.to_s)
+    unauthorized_developer  = ConfConf::Project::Developer.new(pretty_public_key, pretty_private_key)
+    expect(ConfConf::Project::Developer).to receive(:current).and_return(unauthorized_developer)
+
+    expect {
+      described_class.load_project_environment(project, environment_name)
+    }.to raise_error(ConfConf::Project::Environment::NotAuthorizedError)
+  end
+end