donjon 0.0.1

data/lib/donjon/database.rb

@@ -0,0 +1,59 @@
+require 'donjon/encrypted_file'
+require 'json'
+
+module Donjon
+  class Database
+    def initialize(actor:)
+      @actor = actor
+    end
+
+    def [](key)
+      file = _file(key)
+      return unless file.readable? 
+      _key, value = _unpack(file.read)
+      assert(key == _key, "bad stored data for #{key}!")
+      return value
+    end
+
+    def []=(key, value)
+      _file(key).write(_pack(key, value))
+    end
+
+    def each
+      parent = @actor.repo.join('data')
+      return unless parent.exist?
+      parent.children.each do |child|
+        path = "data/#{child.basename}"
+        file = EncryptedFile.new(path: path, actor: @actor)
+        next unless file.readable?
+        yield *_unpack(file.read)
+      end
+    end
+
+    def update
+      each do |key, value|
+        self[key] = value
+      end
+      nil
+    end
+
+
+    private
+
+    def _pack(key, value)
+      JSON.dump([key, value])
+    end
+
+    def _unpack(data)
+      JSON.parse(data)
+    end
+
+    def _hash(key)
+      OpenSSL::Digest::SHA256.hexdigest(key)
+    end
+
+    def _file(key)
+      EncryptedFile.new(path: "data/#{_hash(key)}", actor: @actor)
+    end
+  end
+end

data/lib/donjon/encrypted_file.rb

@@ -0,0 +1,87 @@
+require 'openssl'
+require 'gibberish'
+require 'core_ext/assert'
+require 'digest'
+
+module Donjon
+  class EncryptedFile
+    def initialize(path:, actor:)
+      @path = path
+      @actor = actor
+    end
+
+    def exist?
+      _base_path.exist?
+    end
+
+    def readable?
+      _path_for(@actor).exist?
+    end
+
+    def read
+      path = _path_for(@actor)
+      exist? or raise 'file does not exist'
+      path.exist? or raise 'you were not granted access'
+      data = path.binread
+      _decrypt_from(@actor, data)
+    end
+
+    def write(data)
+      if data.nil?
+        _base_path.rmtree if exist?
+        return
+      end
+
+      User.each(@actor.repo) do |user|
+        payload = _encrypt_for(user, data)
+        path = _path_for(user)
+        path.parent.mkpath
+        path.binwrite(payload)
+      end
+    end
+
+    private
+
+    # random bytes added to the data to encrypt to obfuscate it
+    PADDING = 256
+
+    def _decrypt_from(user, data)
+      encrypted_key  = data[0...256]
+      encrypted_data = data[256..-1]
+
+      # _log_key "before decrypt", encrypted_key
+      decrypted_pw = user.key.private_decrypt(encrypted_key)
+      # _log_key "decrypted", decrypted_pw
+
+      assert(decrypted_pw.size == 32)
+      payload = Gibberish::AES.new(decrypted_pw).decrypt(encrypted_data, binary: true)
+      payload[0...-PADDING]
+    end
+
+    def _encrypt_for(user, data)
+      payload = data + OpenSSL::Random.random_bytes(PADDING)
+      password = OpenSSL::Random.random_bytes(32)
+      encrypted_data = Gibberish::AES.new(password).encrypt(payload, binary: true)
+      
+      # _log_key "before crypto", password
+      encrypted_key = user.key.public_encrypt(password)
+      # _log_key "encrypted", encrypted_key
+
+      assert(encrypted_key.size == 256)
+      encrypted_key + encrypted_data
+    end
+
+    def _log_key(message, key)
+      puts "#{message}: #{key.bytesize} bytes"
+      puts key.bytes.map { |b| "%02x" % b }.join(":")
+    end
+
+    def _base_path
+      @actor.repo.join(@path)
+    end
+
+    def _path_for(user)
+      _base_path.join("#{user.name}.db")
+    end
+  end
+end

data/lib/donjon/repository.rb

@@ -0,0 +1,6 @@
+require 'pathname'
+
+module Donjon
+  class Repository < Pathname
+  end
+end

data/lib/donjon/settings.rb

@@ -0,0 +1,60 @@
+require 'yaml'
+
+module Donjon
+  class Settings
+    attr_reader :path
+
+    def initialize(path = nil)
+      @path = path || _default_path
+      @data = nil
+    end
+
+    def configured?
+      user_name && private_key && vault_path
+    end
+
+    def method_missing(method_name, *args, &block)
+      if method_name.to_s.end_with?('=')
+        set(method_name.to_s.chop, *args)
+      else
+        get(method_name.to_s, *args)
+      end
+    end
+
+    def respond_to?(method_name)
+      !!(method_name.to_s =~ /[a-z][a-z_]*=?/)
+    end
+
+    private
+
+    def get(key)
+      @data ||= _load
+      @data[key]
+    end
+
+    def set(key, value)
+      @data ||= _load
+      @data[key] = value
+      _save(@data)
+      value
+    end
+
+    def _load
+      @path.exist? ? YAML.load_file(@path) : {}
+    end
+    
+    def _save(data)
+      @data['timestamp'] = Time.now
+      @path.parent.mkpath
+      @path.write data.to_yaml
+    end
+
+    def _fallback_path
+      Pathname.new('~').join('.donjonrc').expand_path
+    end
+
+    def _default_path
+      ENV.fetch('DONJONRC', _fallback_path)
+    end
+  end
+end

data/lib/donjon/shell.rb

@@ -0,0 +1,19 @@
+require 'thor'
+require 'delegate'
+require 'singleton'
+
+module Donjon
+  class Shell < SimpleDelegator
+    include Singleton
+
+    def initialize
+      shell = if $stdout.tty?
+        Thor::Shell::Color.new
+      else
+        Thor::Shell::Basic.new
+      end
+      super(shell)
+    end
+  end
+end
+

data/lib/donjon/user.rb

@@ -0,0 +1,61 @@
+require 'yaml'
+require 'core_ext/assert'
+
+module Donjon
+  class User
+    attr_reader :name, :key, :repo
+
+    def initialize(name:, key:, repo:)
+      assert(key.n.num_bits == 2048)
+      
+      @name  = name
+      @key   = key
+      @repo  = repo
+    end
+
+    def save
+      _path_for(@name, @repo).tap do |path|
+        path.parent.mkpath
+        path.write @key.public_key.to_pem
+      end
+      self
+    end
+
+    private
+
+    module SharedMethods
+      private 
+
+      def _path_for(name, repo)
+        repo.join("users/#{name}.pub")
+      end
+    end
+    extend SharedMethods
+    include SharedMethods
+
+    module ClassMethods
+      def find(name:, repo:)
+        path = _path_for(name, repo)
+        return unless path.exist?
+        key = OpenSSL::PKey::RSA.new(path.read)
+        new(name: name, key: key, repo: repo)
+      end
+
+      def each(repo, &block)
+        container = repo.join('users')
+        return unless container.exist?
+        container.children.each do |child|
+          next unless child.extname == '.pub'
+          name = child.basename.to_s.chomp('.pub')
+          key = OpenSSL::PKey::RSA.new(child.read)
+          block.call new(name: name, key: key, repo: repo)
+        end
+      end
+    end
+    extend ClassMethods
+  end
+
+
+
+end
+

data/lib/donjon/version.rb

@@ -0,0 +1,3 @@
+module Donjon
+  VERSION = "0.0.1"
+end

data/spec/donjon/database_spec.rb

@@ -0,0 +1,76 @@
+require 'spec_helper'
+require 'spec/support/keys'
+require 'spec/support/repos'
+require 'donjon/database'
+require 'donjon/user'
+
+describe Donjon::Database do
+  let_repo :repo
+
+  let(:actor) {
+    Donjon::User.new(name: 'alice', key: random_key, repo: repo).save
+  }
+
+  let(:other_user) {
+    Donjon::User.new(name: 'bob', key: random_key, repo: repo).save
+  }
+
+  let(:options) {{
+    actor: actor
+  }}
+
+  subject { described_class.new(**options) }
+
+  describe '#initialize' do
+    it 'passes with valid options' do
+      expect { subject }.not_to raise_error
+    end
+
+    it 'requires :actor' do
+      options.delete :actor
+      expect { subject }.to raise_error
+    end
+  end
+
+  describe '#[]=' do
+    it 'passes' do
+      expect {
+        subject['foo'] = 'bar'
+      }.not_to raise_error
+    end
+  end
+
+  describe '#[]' do
+    it 'returns nil is nothing saved' do
+      expect( subject['foo1'] ).to be_nil
+    end
+
+    it 'returns nil if nil saved' do
+      subject['foo2'] = nil
+      expect( subject['foo2'] ).to be_nil
+    end
+
+    it 'returns previously save values' do
+      subject['foo3'] = 'bar3'
+      expect( subject['foo3'] ).to eq('bar3')
+    end
+
+    it 'returns nil when the key is not readable' do
+      subject['foo4'] = 'bar4'
+      other_db = described_class.new(actor: other_user)
+      expect(other_db['foo4']).to be_nil
+    end
+  end
+
+  describe '#update' do
+    it 'makes keys reable for other users' do
+      subject['foo'] = 'bar'
+      other_db = described_class.new(actor: other_user)
+      subject.update
+      expect(other_db['foo']).to eq('bar')
+    end
+  end
+
+  describe '#each' do
+  end
+end

data/spec/donjon/encrypted_file_spec.rb

@@ -0,0 +1,110 @@
+require 'spec_helper'
+require 'donjon/encrypted_file'
+require 'donjon/user'
+require 'spec/support/repos'
+require 'spec/support/keys'
+
+describe Donjon::EncryptedFile do
+  let_repo :repo
+
+  let(:actor) {
+    Donjon::User.new(key: random_key, name: 'alice', repo: repo)
+  }
+
+  let(:other_user) {
+    Donjon::User.new(key: random_key, name: 'bob', repo: repo)
+  }
+
+  let(:options) {{
+    path: 'foo', actor: actor
+  }}
+
+  subject { described_class.new(**options) }
+
+  describe '#initialize' do
+    it 'passes with valid options' do
+      expect { subject }.not_to raise_error
+    end
+
+    it 'requires :path' do
+      options.delete :path
+      expect { subject }.to raise_error
+    end
+
+    it 'requires :actor' do
+      options.delete :actor
+      expect { subject }.to raise_error
+    end
+  end
+
+  describe '#write' do
+    before { actor.save } 
+
+    it 'passes' do
+      expect { subject.write('foo') }.not_to raise_error
+    end
+
+    it 'passes with large data' do
+      expect { subject.write('foo' * 1024) }.not_to raise_error
+    end
+
+    it 'works twice' do
+      expect {
+        2.times { subject.write 'foo' }
+      }.not_to raise_error
+    end
+  end
+
+  describe '#read' do
+    before do
+      actor.save
+      other_user.save
+
+      described_class.
+        new(actor: actor, path: options[:path]).
+        write('hello, world!')
+    end
+
+
+    it 'returns decrypted contents' do
+      expect(subject.read).to eq('hello, world!')
+    end
+
+    it 'works for other users' do
+      data = described_class.
+        new(actor: other_user, path: options[:path]).
+        read
+      expect(data).to eq('hello, world!')
+    end
+  end
+
+  describe '#readable?' do
+    let(:other_file) {
+      described_class.new(actor: other_user, path: options[:path])
+    }
+
+    before { actor.save }
+    
+    it 'is false for non-existing files' do
+      expect(subject).not_to be_readable
+    end
+
+    it 'is true for files I wrote' do
+      subject.write 'foo'
+      expect(subject).to be_readable
+    end
+
+    it 'is false for users added after I wrote' do
+      subject.write 'foo'
+      expect(other_file).not_to be_readable
+    end
+
+    it 'is true for users added before I wrote' do
+      other_user.save
+      subject.write 'foo'
+      expect(other_file).to be_readable
+    end
+  end
+end
+
+