conjur-asset-ui 1.3.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: 797e36ccfd5fb14495ce552972ae5f3cc2cc8047
+  data.tar.gz: aa0c926a8d45522ff5d373053c8fda223193fdd5
+SHA512:
+  metadata.gz: 046312f295fe2b3da327bc129f02ca90dd57d781e2e9805dacf42eebcc12a4a127c62b4d87510a46f5c773aabda54524e097f1059c6f932c84eceaa5d93cd02c
+  data.tar.gz: 082f28dad66cc39ea27b14b8846320a23375400affea0bfe32c9081f1999c7c425c2ddf3cdefde80e79f362012e1c69dd2853937bf5911dae0af980a93a01067

data/.git-hooks/pre_commit/ensure_livescript_compiled.rb

@@ -0,0 +1,31 @@
+require 'pathname'
+
+module Overcommit::Hook::PreCommit
+  # Ensure the livescript source files are compiled.
+  # Also make sure they're included in the commit.
+  class EnsureLivescriptCompiled < Base
+    def compiled_path ls
+      ls.sub('livescript/', 'public/js/').sub(/\.ls$/, '.js')
+    end
+
+    def relative path
+      Pathname.new(path).relative_path_from Pathname.getwd
+    end
+
+    def check_file lsfile
+      compiled = compiled_path lsfile
+
+      return "#{relative compiled}: older than #{relative lsfile}.
+          $ ./compile_ls &" if File.stat(lsfile) > File.stat(compiled)
+
+      return "#{relative lsfile}: compiled file not added.
+          $ git add #{relative compiled}" unless modified_files.include? compiled
+    end
+
+    def run
+      errs = applicable_files.map(&method(:check_file)).compact
+      return :bad, errs.join('\n') unless errs.empty?
+      :good
+    end
+  end
+end

data/.git-hooks/pre_commit/trailing_whitespace.rb

@@ -0,0 +1,26 @@
+module Overcommit::Hook::PreCommit
+  # Checks for trailing whitespace in files.
+  class TrailingWhitespace < Base
+    def message
+      "Trailing whitespace detected"
+    end
+
+    def lint_split output, message = message
+      # Keep lines from the output for files that we actually modified
+      error_lines, warning_lines = output.split("\n").partition do |output_line|
+        _, file, line = output_line.match(/^([^:]+):(\d+)/).to_a
+        modified_lines(file).include?(line.to_i)
+      end
+
+      return :bad, message + ":\n" + error_lines.join("\n") unless error_lines.empty?
+      return :warn, message + " (on lines you didn't modify):\n" + warning_lines.join("\n")\
+          unless warning_lines.empty?
+
+      :good
+    end
+
+    def run
+      lint_split execute(%w[grep -IHn \s$] + applicable_files).stdout
+    end
+  end
+end

data/.gitignore

@@ -0,0 +1,20 @@
+*.gem
+*.rbc
+.bundle
+.config
+.yardoc
+Gemfile.lock
+InstalledFiles
+_yardoc
+coverage
+doc/
+lib/bundler/man
+pkg
+rdoc
+spec/reports
+test/tmp
+test/version_tmp
+tmp
+.idea
+.DS_Store
+

data/.overcommit.yml

@@ -0,0 +1,5 @@
+PreCommit:
+  EnsureLivescriptCompiled:
+    description: 'Checking if LiveScript files are compiled'
+    include: 'livescript/*.ls'
+    requires_files: true

data/.project

@@ -0,0 +1,18 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<projectDescription>
+	<name>conjur-asset-ui</name>
+	<comment></comment>
+	<projects>
+	</projects>
+	<buildSpec>
+		<buildCommand>
+			<name>com.aptana.ide.core.unifiedBuilder</name>
+			<arguments>
+			</arguments>
+		</buildCommand>
+	</buildSpec>
+	<natures>
+		<nature>com.aptana.ruby.core.rubynature</nature>
+		<nature>com.aptana.projects.webnature</nature>
+	</natures>
+</projectDescription>

data/CHANGELOG.md

@@ -0,0 +1,3 @@
+# v1.3.0
+
+* resurrection of the UI

data/Gemfile

@@ -0,0 +1,8 @@
+source 'https://rubygems.org'
+
+# Specify your gem's dependencies in conjur-asset-pubkeys.gemspec
+gemspec
+
+group :development do
+  gem 'pry'
+end

data/LICENSE.txt

@@ -0,0 +1,22 @@
+Copyright (c) 2013 Kevin Gilpin
+
+MIT License
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.md

@@ -0,0 +1,41 @@
+conjur-asset-ui
+===============
+
+This Gem is a Conjur plugin providing UI features.
+
+Usage
+-----
+
+First install the gem, with the rather clumsy name `conjur-asset-ui-api`.
+
+```
+gem install conjur-asset-ui-api
+```
+
+Or add the following line to your `Gemfile`:
+
+```
+gem 'conjur-asset-ruby-api'
+```
+
+Next, edit your `.conjurrc` file to add the `"ui"` plugin, for example:
+
+```
+stack: v4
+account: sandbox
+plugins:
+  - ui
+  - layer
+```
+
+Make sure you are logged into conjur: 
+
+```
+conjur authn:login
+```
+
+And run the UI:
+
+```
+conjur ui
+```

data/Rakefile

@@ -0,0 +1,3 @@
+require "bundler/gem_tasks"
+require 'jasmine'
+load 'jasmine/tasks/jasmine.rake'

data/compile_ls

@@ -0,0 +1,6 @@
+#!/bin/bash
+lsc -w -c -o public/js livescript &
+lsc -w -c -o spec spec &
+while sleep 42; do true; done
+kill `jobs -p`
+

data/conjur-asset-ui.gemspec

@@ -0,0 +1,37 @@
+# coding: utf-8
+lib = File.expand_path('../lib', __FILE__)
+$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
+require 'conjur-asset-ui-version'
+
+Gem::Specification.new do |spec|
+  spec.name          = "conjur-asset-ui"
+  spec.version       = Conjur::Asset::UI::VERSION
+  spec.authors       = ["Jon Mason", "Kevin Gilpin", "Rafa\305\202 Rzepecki", "Hleb Rubanau"]
+  spec.email         = ["jon@conjur.net", "kgilpin@conjur.net", "rafal@conjur.net", "hleb@conjur.net"]
+  spec.homepage      = "http://conjur.net"
+  spec.summary       = "Conjur User Interface Plugin"
+  spec.homepage      = ""
+  spec.license       = "MIT"
+
+  spec.files         = `git ls-files`.split($/)
+  spec.executables   = spec.files.grep(%r{^bin/}) { |f| File.basename(f) }
+  spec.test_files    = spec.files.grep(%r{^(test|spec|features)/})
+  spec.require_paths = ["lib"]
+
+  spec.add_dependency "puma"
+  spec.add_dependency "conjur-api", ">= 4.10.2"
+  spec.add_dependency "launchy"
+  spec.add_dependency "rack"
+
+  # we're monkey patching hackily, so fix the version
+  spec.add_dependency "rack-streaming-proxy", "= 2.0.1"
+
+  spec.add_development_dependency "conjur-cli"
+  spec.add_development_dependency "bundler", "~> 1.3"
+  spec.add_development_dependency "rake"
+  spec.add_development_dependency "rspec"
+  spec.add_development_dependency "simplecov"
+  spec.add_development_dependency "spork"
+  spec.add_development_dependency "ci_reporter"
+  spec.add_development_dependency "jasmine"
+end

data/lib/conjur/command/ui.rb

@@ -0,0 +1,46 @@
+#
+# Copyright (C) 2013 Conjur Inc
+#
+# Permission is hereby granted, free of charge, to any person obtaining a copy of
+# this software and associated documentation files (the "Software"), to deal in
+# the Software without restriction, including without limitation the rights to
+# use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of
+# the Software, and to permit persons to whom the Software is furnished to do so,
+# subject to the following conditions:
+#
+# The above copyright notice and this permission notice shall be included in all
+# copies or substantial portions of the Software.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
+# FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
+# COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
+# IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
+# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+#
+class Conjur::Command::UI < Conjur::Command
+  desc "Launch a UI"
+  arg_name "root-path"
+  Conjur::CLI.command :ui do |c|
+    c.action do |global_options,options,args|
+      root = args.pop || File.expand_path('../../../public', File.dirname(__FILE__))
+
+      #TODO: login page
+      api # just initialize API so if user is not logged in it will be asked for credentials *before* server is launched
+      @@api=nil # reset to avoid conflicts on server launch 
+
+      # ugly hack to override Configuration.env issues which are not working any more
+      # after removal of sticky configurations support
+      ENV["RACK_ENV"]="production"
+
+      require 'conjur/webserver/server'
+      server = Conjur::WebServer::Server.new
+      thread = Thread.new do
+        server.start(root)
+      end
+      sleep 0.5
+      server.open
+      thread.join
+    end
+  end
+end

data/lib/conjur/webserver/api_proxy.rb

@@ -0,0 +1,94 @@
+module Conjur
+  module WebServer
+    require 'rack/streaming_proxy'
+    
+    class APIProxy < Rack::StreamingProxy::Proxy
+
+      class Request < Rack::StreamingProxy::Request
+        def initialize env
+          path = env["PATH_INFO"]
+
+          path =~ /^\/([^\/]+)(.*)/
+          app = $1
+          path_remainder = $2
+
+          new_url = case app
+          when 'authn', 'authz', 'audit', 'pubkeys'
+            [ Conjur.configuration.send("#{app}_url"), path_remainder ].join
+          else
+            [ Conjur.configuration.send("core_url"), path ].join
+          end
+          if query = env["QUERY_STRING"]
+            new_url = [ new_url, query ].join('?')
+          end
+
+          super new_url.to_s, Rack::Request.new(env)
+        end
+      end
+
+      Rack::StreamingProxy::Proxy.set_default_configuration
+
+      def initialize
+        super nil
+      end
+
+      def call env
+        request = Request.new(env)
+        request.http_request['Authorization'] = authorization_header
+        response = Rack::StreamingProxy::Session.new(request).start
+        rewrite_response(env, response.status, response.headers, response)
+      end
+
+      def rewrite_response(*args)
+        env, status, headers, body = args
+        
+        source_request = Rack::Request.new(env)
+
+        headers = Hash[*headers.flat_map { |k, v| [capitalize_header(k), v] }]
+        headers.delete 'Transfer-Encoding' # let Puma handle chunking
+    
+        # Rewrite location
+        if location = headers["Location"]
+          headers["Location"] = location.gsub(Conjur.configuration.service_url, "http://#{source_request.host}:#{source_request.port}")
+        end
+        
+        [ status, headers, body ]
+      end
+      
+      protected
+      
+      def authorization_header
+        require 'conjur/authn'
+        require 'base64'
+        token = Conjur::Authn.authenticate
+        "Token token=\"#{Base64.strict_encode64(token.to_json)}\""
+      end
+      
+      def perform_request(env)
+        triplet = super(env)
+        [ env ] + triplet
+      end
+
+      private
+
+      def capitalize_header hdr
+        hdr.split('-').map(&:capitalize).join('-')
+      end
+    end
+  end
+end
+
+# Rack::StreamingProxy by default doesn't handle closing, which leads to stale
+# (but still running) connections. Handle the close by quitting the child
+# (it will close connection with upstream automatically).
+class Rack::StreamingProxy::Response
+  def initialize piper
+    @piper = piper
+    @client_http_version = '1.0'
+    receive
+  end
+
+  def close
+    @piper.signal :QUIT
+  end
+end

data/lib/conjur/webserver/authorize.rb

@@ -0,0 +1,28 @@
+module Conjur
+  module WebServer
+    # Verifies that the request contains the authorization token, and then strips it.
+    class Authorize
+      attr_reader :app, :sessionid
+      
+      def initialize(app, sessionid)
+        @app = app
+        @sessionid = sessionid
+      end
+      
+      def call(env)
+        if token_valid?(env)
+          @app.call env
+        else
+          [403, {}, ["Authorization is missing or invalid"]]
+        end
+      end
+      
+      protected
+      
+      def token_valid?(env)
+        request = Rack::Request.new(env)
+        request.session[:sessionid] == sessionid
+      end
+    end
+  end
+end

data/lib/conjur/webserver/conjur_info.rb

@@ -0,0 +1,33 @@
+module Conjur
+  module WebServer
+    # Middleware that adds some conjur info to the rack environment
+    class ConjurInfo
+      def initialize app
+        @app = app
+      end
+      
+      def call env
+        update_env env
+        @app.call env
+      end
+      
+      def update_env env
+        PROPERTIES.each{|name| env["conjur.#{name}"] = send(name)}
+      end
+      
+      PROPERTIES = %w(roleid account stack)
+      
+      def roleid
+        "#{account}:user:#{Conjur::Authn.get_credentials[0]}"
+      end
+      
+      def account
+        Conjur.account
+      end
+      
+      def stack
+        Conjur.stack
+      end
+    end
+  end
+end

data/lib/conjur/webserver/home.rb

@@ -0,0 +1,42 @@
+require 'time'
+require 'rack/utils'
+require 'rack/mime'
+
+require 'conjur/webserver/renderer'
+
+module Conjur
+  module WebServer
+    class Home
+      def initialize(root)
+        @root = root
+      end
+
+      # From Rack::File
+      def call(env)
+        path = File.expand_path(INDEX, @root)
+        renderer = Renderer.new @root
+
+        page = renderer.render File.read(path)
+        files = renderer.files + [path]
+
+        last_modified = files.map(&File.method(:mtime)).max.httpdate
+
+        return [304, {}, []] if env['HTTP_IF_MODIFIED_SINCE'] == last_modified
+
+        size = Rack::Utils.bytesize(page)
+
+        headers = {
+          "Last-Modified"  => last_modified,
+          "Content-Type"   => "text/html",
+          "Content-Length" => size.to_s
+        }
+
+        [200, headers, env["REQUEST_METHOD"] == "HEAD" ? [] : [page]]
+      end
+
+      private
+
+      INDEX = 'index.html.erb'.freeze
+    end
+  end
+end

data/lib/conjur/webserver/login.rb

@@ -0,0 +1,57 @@
+
+module Conjur
+  module WebServer
+    class Login
+      attr_reader :sessionid
+      
+      def initialize(sessionid)
+        @sessionid = sessionid
+      end
+      
+      def call(env)
+        if sessionid = token_valid?(env)
+          require 'conjur/authn'
+          require 'base64'
+          token = Conjur::Authn.authenticate
+          api = Conjur::API.new_from_token token
+          userid = [ Conjur.configuration.account, "user", api.username ].join(':')
+
+          env["rack.session"][:sessionid] = sessionid
+          response = Rack::Response.new(env)
+          configuration = {
+            account: Conjur.configuration.account,
+            stack: Conjur.configuration.stack,
+            appliance_url: Conjur.configuration.appliance_url,
+            login: Conjur::Authn.get_credentials[0]
+          }
+          response.status = 302
+          response.set_cookie('conjur_configuration', value: JSON.pretty_generate(configuration), path: '/')
+          response.set_cookie('conjur_userid', value: userid, path: '/')
+          response['Location'] = "/ui"
+          response.finish
+        else
+          [ 403, {}, ["Authorization is missing or invalid"] ]
+        end
+      end
+      
+      protected
+      
+      def token_valid?(env)
+        token = extract_token(env)
+        if token == sessionid
+          sessionid
+        else
+          nil
+        end
+      end
+      
+      def extract_token(env)
+        require 'cgi'
+        require 'uri'
+        query = URI.parse(env['REQUEST_URI']).query
+        query && ( sessionid = CGI.parse(query)['sessionid'] ) && sessionid[0]
+      end
+    end
+  end
+end
+

data/lib/conjur/webserver/renderer.rb

@@ -0,0 +1,34 @@
+module Conjur
+  module WebServer
+    # a helper class to render HTML partials
+    class Renderer
+      def initialize root
+        @root = root
+        @files = []
+      end
+
+      attr_reader :files
+
+      def render template
+        ERB.new(template).result binding
+      end
+
+      private
+
+      def method_missing name, *a, &b
+        super if !a.empty? || block_given?
+
+        # try to load fragments
+        path = expand_path "_#{name}.html"
+        super unless File.exists? path
+
+        @files << path
+        File.read path
+      end
+
+      def expand_path filename
+        File.expand_path(filename, @root)
+      end
+    end
+  end
+end