donjon 0.0.1

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: e2e4af5e144eda80bddb067306735fad06605d4a
+  data.tar.gz: bba9c3dd427d5046289498073b47ddbe4d80b306
+SHA512:
+  metadata.gz: be4415356a0dfacb7b0a8b9389cfb24148688f06fe57d0dea72be24151f49c00d1ae9640df6cc9661d5ae292944b96577a5f1ab41a235598fb682ebc1350ecc3
+  data.tar.gz: e18dfe9d8769cb5c8bdc5b6dd20b96379c39b2208b26f3dae13f951567927af6020eae919ae4485879e70acf1d32a9bea633ef460c9ed39a4963bc5c44978337

data/.gitignore

@@ -0,0 +1,17 @@
+*.gem
+*.rbc
+.bundle
+.config
+.yardoc
+Gemfile.lock
+InstalledFiles
+_yardoc
+coverage
+doc/
+lib/bundler/man
+pkg
+rdoc
+spec/reports
+test/tmp
+test/version_tmp
+tmp

data/.rspec

@@ -0,0 +1,6 @@
+-I.
+--color
+--format progress
+--order random
+#--profile 5
+

data/.ruby-version

@@ -0,0 +1 @@
+2.1.2

data/Gemfile

@@ -0,0 +1,4 @@
+source ENV.fetch('GEM_SOURCE', 'https://rubygems.org')
+
+# Specify your gem's dependencies in donjon.gemspec
+gemspec

data/Guardfile

@@ -0,0 +1,10 @@
+# A sample Guardfile
+# More info at https://github.com/guard/guard#readme
+
+guard :rspec, cmd: 'bundle exec rspec' do
+  watch(%r{^spec/.+_spec\.rb$})
+  watch(%r{^lib/(.+)\.rb$})     { |m| "spec/#{m[1]}_spec.rb" }
+  watch('spec/spec_helper.rb')  { "spec" }
+end
+
+# vim: set filetype=ruby:

data/LICENSE.txt

@@ -0,0 +1,22 @@
+Copyright (c) 2014 HouseTrip Ltd
+
+MIT License
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.md

@@ -0,0 +1,37 @@
+# Donjon
+
+TODO: Write a gem description
+
+## Installation
+
+Install it as you would any gem:
+
+    $ gem install donjon
+
+Then run the interactive setup:
+
+    $ dj vault:init
+
+
+## Usage
+
+Once you've set up a vault (you can use `vault:init` to connect to an existing
+vault, e.g. on Dropbox).
+
+```
+Commands:
+  dj config:get KEY...         # Decrypts the value for KEY from the vault
+  dj config:mget [REGEXP]      # Decrypts multiple keys (all readable by default)
+  dj config:set KEY=VALUE ...  # Encrypts KEY and VALUE in the vault
+  dj help [COMMAND]            # Describe available commands or one specific command
+  dj init                      # Creates a new vault, or connects to an existing vault.
+  dj user:add NAME [PATH]      # Adds user and their public key to the vault. Reads from standard input if no path is given.
+```
+
+## Contributing
+
+1. Fork it ( http://github.com/<my-github-username>/donjon/fork )
+2. Create your feature branch (`git checkout -b my-new-feature`)
+3. Commit your changes (`git commit -am 'Add some feature'`)
+4. Push to the branch (`git push origin my-new-feature`)
+5. Create new Pull Request

data/Rakefile

@@ -0,0 +1 @@
+require "bundler/gem_tasks"

data/bin/dj

@@ -0,0 +1,6 @@
+#!/usr/bin/env ruby
+require 'donjon'
+require 'donjon/cli'
+
+Donjon::Commands::Base.start(ARGV)
+

data/donjon.gemspec

@@ -0,0 +1,28 @@
+# coding: utf-8
+lib = File.expand_path('../lib', __FILE__)
+$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
+require 'donjon/version'
+
+Gem::Specification.new do |spec|
+  spec.name          = "donjon"
+  spec.version       = Donjon::VERSION
+  spec.authors       = ["Julien Letessier"]
+  spec.email         = ["julien.letessier@gmail.com"]
+  spec.summary       = %q{Secure, multi-user data store.}
+  spec.homepage      = ""
+  spec.license       = "MIT"
+
+  spec.files         = `git ls-files`.split($/)
+  spec.executables   = spec.files.grep(%r{^bin/}) { |f| File.basename(f) }
+  spec.test_files    = spec.files.grep(%r{^(test|spec|features)/})
+  spec.require_paths = ["lib"]
+
+  spec.add_dependency 'thor'
+  spec.add_dependency 'gibberish'
+
+  spec.add_development_dependency 'bundler'
+  spec.add_development_dependency 'rake'
+  spec.add_development_dependency 'rspec'
+  spec.add_development_dependency 'pry'
+  spec.add_development_dependency 'guard-rspec'
+end

data/lib/core_ext/assert.rb

@@ -0,0 +1,6 @@
+module Kernel
+  def assert(condition, message = nil, error: RuntimeError)
+    return if condition
+    raise error.new(message || 'assertion failed')
+  end
+end

data/lib/core_ext/io_get_password.rb

@@ -0,0 +1,24 @@
+class IO
+  def get_password(out: $stderr)
+    result = ''
+    noecho do
+      while char = getch
+        case char
+        when /[\r\n]/
+          break
+        when /[\e\b\x7f]/
+          result.replace result.chop
+          out.write "\b \b"
+        when /[\x3\x1A]/ # interrupt, background
+          out.write "\nOk, aborting\n"
+          abort
+        else
+          result << char
+          out.write '*'
+        end
+      end
+    end
+    out.write "\n"
+    result
+  end
+end

data/lib/donjon.rb

@@ -0,0 +1,2 @@
+require "donjon/version"
+

data/lib/donjon/cli.rb

@@ -0,0 +1,4 @@
+require 'donjon/commands/vault'
+require 'donjon/commands/config'
+require 'donjon/commands/user'
+

data/lib/donjon/commands/base.rb

@@ -0,0 +1,66 @@
+require 'donjon/shell'
+require 'donjon/settings'
+require 'pathname'
+require 'pathname'
+require 'openssl'
+require 'donjon/user'
+require 'donjon/database'
+require 'core_ext/io_get_password'
+
+module Donjon
+  module Commands
+    class Base < Thor
+      def self.start(args)
+        super(args, shell: Shell.instance)
+      end
+
+      def self.decl(method_name)
+        define_method(method_name.to_sym) { |*args| send(method_name.gsub(':','_').to_sym, *args) }
+      end
+
+      protected
+
+      def settings
+        @settings ||= Settings.new
+      end
+
+      def check_configured
+        return if settings.configured?
+        say "Oops, I can't run that until you've configured me.", :red
+        say "Run 'vault:init' and I'll help out!"
+        exit 1
+      end
+
+      def repo
+        @repo ||= begin
+          check_configured
+          Repository.new(settings.vault_path)
+        end
+      end
+
+      def actor
+        @actor ||= begin
+          check_configured
+          pem_data = Pathname.new(settings.private_key).read
+          password = _get_password("Please enter the password for your private key (#{settings.private_key})")
+          key = OpenSSL::PKey::RSA.new(pem_data, password)
+          User.new(repo: repo, name: settings.user_name, key: key)
+        end
+      end
+
+      def database
+        @database ||= begin
+          Database.new(actor: actor)
+        end
+      end
+
+      private
+
+      def _get_password(message)
+        say message, :green
+        $stdout.write('> ')
+        $stdin.get_password
+      end
+    end
+  end
+end

data/lib/donjon/commands/config.rb

@@ -0,0 +1,41 @@
+require 'donjon/commands/base'
+
+module Donjon
+  module Commands
+    Base.class_eval do
+      desc 'config:set KEY=VALUE ...', 'Encrypts KEY and VALUE in the vault'
+      decl 'config:set'
+
+      desc 'config:get KEY...', 'Decrypts the value for KEY from the vault'
+      decl 'config:get'
+      
+      desc 'config:mget [REGEXP]', 'Decrypts multiple keys (all readable by default)'
+      decl 'config:mget'
+      
+      private
+      
+      def config_set(*keyvals)
+        keyvals.each do |keyval|
+          m = /([^=]*)=(.*)/.match(keyval)
+          key = m[1]
+          value = m[2]
+          database[key] = value
+        end
+      end
+
+      def config_get(*keys)
+        keys.each do |key|
+          puts "#{key}: #{database[key]}"
+        end
+      end
+
+      def config_mget(regexp = nil)
+        regexp = Regexp.new(regexp) if regexp
+        database.each do |key, value|
+          next if regexp && regexp !~ key
+          puts "#{key}: #{value}"
+        end
+      end
+    end
+  end
+end

data/lib/donjon/commands/user.rb

@@ -0,0 +1,36 @@
+require 'donjon/commands/base'
+require 'donjon/user'
+
+module Donjon
+  module Commands
+    Base.class_eval do
+      desc 'user:add NAME [PATH]', 'Adds user and their public key to the vault. Reads from standard input if no path is given.'
+      decl 'user:add'
+
+      private
+      
+      def user_add(name, path = nil)
+        if path == nil
+          say "Please paste #{name}'s public key in PEM format.", :green
+          say "They can obtain it by running e.g.:"
+          say "$ openssl rsa -in ~/.ssh/id_rsa -pubout -outform pem"
+          $stderr.write('> ')
+          key_data = ''
+          while line = $stdin.gets
+            break if line.strip.empty?
+            key_data << line
+          end
+        else
+          key_data = Pathname.new(key_path).expand_path.read
+        end
+
+        key = OpenSSL::PKey::RSA.new(key_data, '').public_key
+        say "Saving #{name}'s public key..."
+        User.new(name: name, key: key, repo: actor.repo).save
+        say "Making the database readable by #{name}..."
+        database.update
+        say "Success! #{name} has been added to the vault.", [:green, :bold]
+      end
+    end
+  end
+end

data/lib/donjon/commands/vault.rb

@@ -0,0 +1,28 @@
+require 'thor'
+require 'pathname'
+require 'donjon/commands/base'
+require 'donjon/repository'
+require 'donjon/settings'
+require 'donjon/configurator'
+require 'donjon/shell'
+
+module Donjon
+  module Commands
+    Base.class_eval do
+      desc "init", 'Creates a new vault, or connects to an existing vault.'
+      
+      def init
+        if settings.configured?
+          say 'This vault is already configured :)', :green
+          say 'If you want another one, set DONJONRC to a new configuration file'
+          say "(if it doesn't exist I will create one for you)"
+          return
+        end
+
+        Configurator.new(settings: settings).run
+      end
+
+
+    end
+  end
+end

data/lib/donjon/configurator.rb

@@ -0,0 +1,166 @@
+require 'donjon/user'
+require 'core_ext/io_get_password'
+require 'ostruct'
+
+module Donjon
+  class Configurator
+    def initialize(settings:)
+      @settings = settings
+    end
+
+    def run
+      _get_name
+      _get_repo
+      _get_private_key_path
+      _save_user
+      _thank_user if changes?
+      nil
+    end
+
+    private
+
+    def changes?
+      !!@changes
+    end
+
+    def changes!
+      @changes = true
+    end
+
+    def _thank_user
+      _shell.say "Thanks! All your settings are saved.", [:green, :bold]
+    end
+
+    def _get_repo
+      path = @settings.vault_path ||= begin
+        changes!
+        _shell.say "Where do you want your vault? [~/.donjon]", :green
+        ans = _shell.ask('>')
+        ans = '~/.donjon' if ans.empty?
+        Pathname.new(ans).expand_path.to_s
+      end
+      Donjon::Repository.new(path)
+    end
+
+    def _get_name
+      @settings.user_name ||= begin
+        changes!
+        _shell.say "Hi! How do you want to be called? [#{_default_name}]", :green
+        ans = _shell.ask '>'
+        ans.empty? ? _default_name : ans
+      end
+    end
+
+    def _get_private_key_path
+      @settings.private_key ||= begin
+        changes!
+        _get_key_path.path.to_s
+      end
+    end
+
+    def _get_key_path
+      @_key_path ||= begin
+        _shell.say [
+          'Do you want to use an existing private key or create one?',
+          'If you use an existing key, it needs to be an encrypted, 2048-bit RSA key.',
+          'Use [e]xisting or [c]reate?',
+        ].join("\n"), :green
+        ans = _shell.ask('>')
+
+        case ans
+        when /[Ee]/
+          _get_existing_key
+        when /[Cc]/
+          _get_new_key
+        else
+          _shell.say 'No idea what you mean, sorry.', :red
+          exit 1
+        end
+      end
+    end
+
+    def _get_existing_key
+      _shell.say('What is the path to your key? [~/.ssh/id_rsa]', :green)
+      ans = _shell.ask('>')
+      ans = '~/.ssh/id_rsa' if ans.empty?
+      path = Pathname.new(ans).expand_path
+      if !path.exist?
+        _shell.say 'Sorry, cannot find that file.', :red
+        exit 1
+      end
+      _check_key(path)
+    end
+
+
+    def _check_key(path, password = nil)
+      unless _is_key_encrypted?(path)
+        _shell.say 'That key is not password-protected. Sorry, I\' not taking that risk!', :red
+        exit 1
+      end
+
+      if password.nil?
+        _shell.say "I'll now try to load your private key.", :green
+        _shell.say "Please enter your key password (I won't store it anywhere)", :green
+        $stdout.write "> "
+        $stdout.flush
+        password = $stdin.get_password
+      end
+
+      key = OpenSSL::PKey::RSA.new(path.read, password)
+      if key.n.num_bits != 2_048
+        _shell.say "Sorry, that key isn't 2,048 bits long.", :red
+        exit 1
+      end
+
+      _shell.say "Okay, that key seems valid.", :green
+      OpenStruct.new key: key.public_key, path: path
+    end
+
+    def _get_new_key
+      _shell.say "Where do you want to store your new key? [~/.ssh/donjon_rsa]", :green
+      ans = _shell.ask('>')
+      ans = '~/.ssh/donjon_rsa' if ans.empty?
+      path = Pathname.new(ans).expand_path
+
+      _shell.say "Please enter a password for your new key (I won't store it anywhere)", :green
+      $stdout.write "> "
+      $stdout.flush
+      password = $stdin.get_password
+      
+      command = "ssh-keygen -q -t rsa -b 2048 -N '#{password}' -f #{path}"
+      unless system(command)
+        _shell.say "Sorry, key generation failed!", :red
+        exit 1
+      end
+
+      _check_key(path, password)
+    end
+
+    def _save_user
+      if user = User.find(repo: _get_repo, name: _get_name)
+        if user.key.to_pem.strip != _get_key_path.key.to_pem.strip
+          _shell.say "There's already a user with your name in the vault, and the public keys don't match. I'm afraid I'm a bit stumped.", :red
+          exit 1
+        end
+        return
+      end
+      User.new(name: _get_name, repo: _get_repo, key: _get_key_path.key).save
+      nil
+    end
+
+    def _is_key_encrypted?(path)
+      OpenSSL::PKey::RSA.new(path.read, '')
+      return false
+    rescue OpenSSL::PKey::RSAError
+      return true
+    end
+
+    def _default_name
+      ENV['USER'] || ENV['LOGNAME']
+    end
+
+    def _shell
+      Shell.instance
+    end
+  end
+end