RubyGems - event_store_client - Versions diffs - 0.1.9 → 0.1.10 - Mend

event_store_client 0.1.9 → 0.1.10

Files changed (9) hide show

checksums.yaml +4 -4
data/README.md +93 -0
data/lib/event_store_client/data_decryptor.rb +57 -0
data/lib/event_store_client/data_encryptor.rb +46 -0
data/lib/event_store_client/encryption_metadata.rb +24 -0
data/lib/event_store_client/mapper/encrypted.rb +91 -0
data/lib/event_store_client/mapper.rb +1 -0
data/lib/event_store_client/version.rb +1 -1
metadata +6 -2

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: b636decadc2eed63bfed5b4009ae853b491ddc7884d5e14f09d12f009c5abd08
-  data.tar.gz: f6ce4fc1720012d02dba592e53f67d255bec169b13a5cf0a367f7e464c397b98
+  metadata.gz: d6afde0e97c048d663713a6ce14f603d2d1814ca28850b38a8f40c9542e88e0a
+  data.tar.gz: 01b0b79bcc76bd604338793f7370a174eadd4f8642c32573166be95d0ea544a6
 SHA512:
-  metadata.gz: 8e075d3c6217f81cf54bbf532ccc67fe266b3678b7b443cdd9c56542820a8d219b12adb2fe87f7db1966cad06c6ce5672b7927314dc52e4ad1f627b45bf87417
-  data.tar.gz: 3ccff060e33c5eb492e164b7d4b4d7c37d14d6b91dbc7d9e0d5c3dab10b68c980fbf41019024715e62f74d65391798a702c65fe0ba6e81550b4432f8068c0eff
+  metadata.gz: d78af12542b70c63b14876bd42fef3cf146b71ec38e4316b4039f27b560fd82c0b04b41c0780b33921fc4e0635218dc663cd50d81b37dcc945702ef60036d45e
+  data.tar.gz: f986873a36732ef1b05cc3c92afa1edf15fe00d72591b08e25a0e6f1e337b1b9fc49a931e64fce4c0217c5e36fbd697f0ce56e113f18ef989593e73beeac89c6

data/README.md CHANGED Viewed

@@ -137,6 +137,99 @@ client.link_to(stream: 'anotherstream', events: [exisiting_event1, ...])
 When you read from stream where links are placed. By default Event Store Client always resolve links for you returning the event that points to the link. You can use the ES-ResolveLinkTos: false HTTP header during readin stream to tell Event Store Client to return you the actual link and to not resolve it.
 More info: [ES-ResolveLinkTos](https://eventstore.org/docs/http-api/optional-http-headers/resolve-linkto/index.html?tabs=tabid-1%2Ctabid-3).
+## Event Mappers
+We offer two types of mappers - default and encrypted.
+### Default Mapper
+This is used out of the box. It just translates the EventClass defined in your application to
+Event parsable by event_store and the other way around.
+### Encrypted Mapper
+This is implemented to match GDPR requirements. It allows you to encrypt any event using your
+encryption_key repository.
+```ruby
+mapper = EventStoreClient::Mapper::Encrypted.new(key_repository)
+EventStoreClient.configure do |config|
+  config.mapper = mapper
+end
+```
+The Encrypted mapper uses the encryption key repository to encrypt data in your events according to the event definition.
+Here is the minimal repository interface for this to work.
+```ruby
+class DummyRepository
+  class Key
+    attr_accessor :iv, :cipher, :id
+    def initialize(id:, **)
+      @id = id
+    end
+  end
+  def find(user_id)
+    Key.new(id: user_id)
+  end
+  def encrypt(*)
+    'darthvader'
+  end
+  def decrypt(*)
+    { first_name: 'Anakin', last_name: 'Skylwalker'}
+  end
+end
+```
+Now, having that, you only need to define the event encryption schema:
+```ruby
+class EncryptedEvent < EventStoreClient::DeserializedEvent
+  def schema
+    Dry::Schema.Params do
+      required(:user_id).value(:string)
+      required(:first_name).value(:string)
+      required(:last_name).value(:string)
+      required(:profession).value(:string)
+    end
+  end
+  def self.encryption_schema
+    {
+      key: ->(data) { data['user_id'] },
+      attributes: %i[first_name last_name email]
+    }
+  end
+end
+event = EncryptedEvent.new(
+  user_id: SecureRandom.uuid,
+  first_name: 'Anakin',
+  last_name: 'Skylwalker',
+  profession: 'Jedi'
+)
+```
+When you'll publish this event, in the store will be saved:
+```ruby
+{
+  'data' => {
+    'user_id' => 'dab48d26-e4f8-41fc-a9a8-59657e590716',
+    'first_name' => 'encrypted',
+    'last_name' => 'encrypted',
+    'profession' => 'Jedi',
+    'encrypted' => '2345l423lj1#$!lkj24f1'
+  },
+  type: 'EncryptedEvent'
+  metadata: { ... }
+}
+```
 ## Contributing
 Do you want to contribute? Welcome!

data/lib/event_store_client/data_decryptor.rb ADDED Viewed

@@ -0,0 +1,57 @@
+# frozen_string_literal: true
+module EventStoreClient
+  class DataDecryptor
+    KeyNotFoundError = Class.new(StandardError)
+    def call
+      return encrypted_data if encryption_metadata.empty?
+      decrypt_attributes(
+        key: find_key(encryption_metadata[:key]),
+        data: decrypted_data,
+        attributes: encryption_metadata[:attributes]
+      )
+    end
+    attr_reader :decrypted_data, :encryption_metadata
+    private
+    attr_reader :key_repository
+    def initialize(data:, schema:, repository:)
+      @decrypted_data = deep_dup(data).transform_keys!(&:to_sym)
+      @key_repository = repository
+      @encryption_metadata = schema.transform_keys(&:to_sym)
+    end
+    def decrypt_attributes(key:, data:, attributes:)
+      decrypted_text = key_repository.decrypt(
+        key_id: key.id, text: data[:es_encrypted], cipher: key.cipher, iv: key.iv
+      )
+      decrypted = JSON.parse(decrypted_text).transform_keys(&:to_sym)
+      decrypted.each { |key, value| data[key] = value if data.key?(key) }
+      data.delete(:es_encrypted)
+      data
+    end
+    def deep_dup(hash)
+      dupl = hash.dup
+      dupl.each { |k, v| dupl[k] = v.instance_of?(Hash) ? deep_dup(v) : v }
+      dupl
+    end
+    def find_key(identifier)
+      key =
+        begin
+          key_repository.find(identifier)
+        rescue StandardError => e
+          nil
+        end
+      raise KeyNotFoundError unless key
+      key
+    end
+  end
+end

data/lib/event_store_client/data_encryptor.rb ADDED Viewed

@@ -0,0 +1,46 @@
+# frozen_string_literal: true
+module EventStoreClient
+  class DataEncryptor
+    def call
+      return encrypted_data if encryption_metadata.empty?
+      key_id = encryption_metadata[:key]
+      key = key_repository.find(key_id) || key_repository.create(key_id)
+      encryption_metadata[:iv] = key.iv
+      encrypt_attributes(
+        key: key,
+        data: encrypted_data,
+        attributes: encryption_metadata[:attributes]
+      )
+    end
+    attr_reader :encrypted_data, :encryption_metadata
+    private
+    attr_reader :key_repository
+    def initialize(data:, schema:, repository:)
+      @encrypted_data = deep_dup(data).transform_keys!(&:to_sym)
+      @key_repository = repository
+      @encryption_metadata = EncryptionMetadata.new(data: data, schema: schema).call
+    end
+    def encrypt_attributes(key:, data:, attributes:)
+      text = JSON.generate(data.select { |hash_key, _value| attributes.include?(hash_key) })
+      encrypted = key_repository.encrypt(
+        key_id: key.id, text: text, cipher: key.cipher, iv: key.iv
+      )
+      attributes.each { |att| data[att] = 'es_encrypted' if data.key?(att) }
+      data[:es_encrypted] = encrypted
+      data
+    end
+    def deep_dup(hash)
+      dupl = hash.dup
+      dupl.each { |k, v| dupl[k] = v.instance_of?(Hash) ? deep_dup(v) : v }
+      dupl
+    end
+  end
+end

data/lib/event_store_client/encryption_metadata.rb ADDED Viewed

@@ -0,0 +1,24 @@
+# frozen_string_literal: true
+module EventStoreClient
+  class EncryptionMetadata
+    def call
+      return {} unless schema
+      {
+        key: schema[:key].call(data),
+        attributes: schema[:attributes].map(&:to_sym)
+      }
+    end
+    private
+    attr_reader :data, :schema
+    def initialize(data:, schema:)
+      @data = data
+      @schema = schema
+    end
+  end
+end

data/lib/event_store_client/mapper/encrypted.rb ADDED Viewed

@@ -0,0 +1,91 @@
+# frozen_string_literal: true
+require 'event_store_client/encryption_metadata'
+require 'event_store_client/data_encryptor'
+require 'event_store_client/data_decryptor'
+module EventStoreClient
+  module Mapper
+    ##
+    # Transforms given event's data and encrypts/decrypts selected subset of data
+    # based on encryption schema stored in the event itself.
+    class Encrypted
+      MissingEncryptionKey = Class.new(StandardError)
+      ##
+      # Encrypts the given event's subset of data.
+      # Accepts specific event class instance with:
+      # * +#data+ - hash with non-encrypted values.
+      # * encryption_schema - hash with information which data to encrypt and
+      #   which key should be used as an identifier.
+      # *Returns*: General +Event+ instance with encrypted data
+      def serialize(event)
+        encryption_schema = (
+          event.class.respond_to?(:encryption_schema) &&
+          event.class.encryption_schema
+        )
+        encryptor = DataEncryptor.new(
+          data: event.data,
+          schema: encryption_schema,
+          repository: key_repository
+        )
+        encryptor.call
+        Event.new(
+          data: serializer.serialize(encryptor.encrypted_data),
+          metadata: serializer.serialize(
+            event.metadata.merge(encryption: encryptor.encryption_metadata)
+          ),
+          type: event.class.to_s
+        )
+      end
+      ##
+      # Decrypts the given event's subset of data.
+      # General +Event+ instance with encrypted data
+      # * +#data+ - hash with encrypted values.
+      # * encryption_metadata - hash with information which data to encrypt and
+      #   which key should be used as an identifier.
+      # *Returns*: Specific event class with all data decrypted
+      def deserialize(event)
+        metadata = serializer.deserialize(event.metadata)
+        encryption_schema = serializer.deserialize(event.metadata)['encryption']
+        decrypted_data = DataDecryptor.new(
+          data: serializer.deserialize(event.data),
+          schema: encryption_schema,
+          repository: key_repository
+        ).call
+        event_class =
+          begin
+            Object.const_get(event.type)
+          rescue NameError
+            EventStoreClient::DeserializedEvent
+          end
+        event_class.new(
+          id: event.id,
+          type: event.type,
+          title: event.title,
+          data: decrypted_data,
+          metadata: metadata
+        )
+      end
+      private
+      attr_reader :key_repository, :serializer
+      ##
+      # Initializes the mapper with required dependencies. Accepts:
+      # * +key_repoistory+ - repository stored encryption keys. Passed down to the +DataEncryptor+
+      # * +serializer+ - object used to serialize data. By default JSON serializer is used.
+      def initialize(key_repository, serializer: Serializer::Json)
+        @key_repository = key_repository
+        @serializer = serializer
+      end
+    end
+  end
+end

data/lib/event_store_client/mapper.rb CHANGED Viewed

@@ -6,3 +6,4 @@ module EventStoreClient
 end
 require 'event_store_client/mapper/default'
+require 'event_store_client/mapper/encrypted'

data/lib/event_store_client/version.rb CHANGED Viewed

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 module EventStoreClient
-  VERSION = '0.1.9'
+  VERSION = '0.1.10'
 end

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: event_store_client
 version: !ruby/object:Gem::Version
-  version: 0.1.9
+  version: 0.1.10
 platform: ruby
 authors:
 - Sebastian Wilgosz
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2020-03-09 00:00:00.000000000 Z
+date: 2020-03-10 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: dry-schema
@@ -109,11 +109,15 @@ files:
 - lib/event_store_client/client.rb
 - lib/event_store_client/configuration.rb
 - lib/event_store_client/connection.rb
+- lib/event_store_client/data_decryptor.rb
+- lib/event_store_client/data_encryptor.rb
 - lib/event_store_client/deserialized_event.rb
+- lib/event_store_client/encryption_metadata.rb
 - lib/event_store_client/endpoint.rb
 - lib/event_store_client/event.rb
 - lib/event_store_client/mapper.rb
 - lib/event_store_client/mapper/default.rb
+- lib/event_store_client/mapper/encrypted.rb
 - lib/event_store_client/serializer/json.rb
 - lib/event_store_client/store_adapter.rb
 - lib/event_store_client/store_adapter/api/client.rb