evervault 1.3.1 → 2.0.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 291427781e97ac0ab65b8613c8e0f5255244c72ec826fb7cb0dc787c0931624f
-  data.tar.gz: bc8bae94e62c9ffb65bb81bd14e1d3bc576c6f083e37c4f23bb6a0bf20ef1d4b
+  metadata.gz: c750c2a56b880d7ef8c5c0cef1bb856476d8fa88bf2cc06c72be2e45b14935dd
+  data.tar.gz: f162eb3e45b0d907642753b9f387cece1f49e3f3531b7cfb6570bcf6a00eba66
 SHA512:
-  metadata.gz: 913ed8d651d680952deff0d635f4b3fc304b1154100093b7f8c40a8314fbcbfae4a1a5b1ae575cbc4e01f144917adf989601b45d81544835c9d28344ea66cac6
-  data.tar.gz: 658289523da203f6b7cac915bc410efe6e107b736badf548367bc05183c89dd3a2c0d7f168f14842bc298b833bfd831efe0ae3bfebbc43821c52607f37d8deff
+  metadata.gz: 322cc850f1d240e09ce26069af576efe8d588b2a939e67fb4bc4402cffc32a8eaaecc98abc4ced0f18ce6e912c52bab801f0b08197fb695a9e115edc8b5fc04d
+  data.tar.gz: fb7e6f187bdda3f361da65f6192424a6e09e20a97be40e486b29b9396d58a05a7d61f7df6d60338dce5133acecf3917091fa89f65005da93d29e69bb3c02a5ef

data/.github/workflows/release.yml

@@ -11,16 +11,16 @@ jobs:
       fail-fast: false
       matrix:
         os: [ubuntu, macos]
-        ruby: [2.5, 2.6, 2.7, 3.1, truffleruby]
+        ruby: [2.6, 2.7, 3.1, truffleruby]
     runs-on: ${{ matrix.os }}-latest
     continue-on-error: ${{ endsWith(matrix.ruby, 'head') || matrix.ruby == 'debug' }}
     steps:
-    - uses: actions/checkout@v2
-    - uses: ruby/setup-ruby@v1
-      with:
-        ruby-version: ${{ matrix.ruby }}
-    - run: bundle install
-    - run: bundle exec rake
+      - uses: actions/checkout@v2
+      - uses: ruby/setup-ruby@v1
+        with:
+          ruby-version: ${{ matrix.ruby }}
+      - run: bundle install
+      - run: bundle exec rake
 
   build:
     runs-on: ubuntu-latest

data/.github/workflows/run-tests.yml

@@ -7,13 +7,13 @@ jobs:
       fail-fast: false
       matrix:
         os: [ubuntu, macos]
-        ruby: [2.5, 2.6, 2.7, 3.1, truffleruby]
+        ruby: [2.6, 2.7, 3.1, truffleruby]
     runs-on: ${{ matrix.os }}-latest
     continue-on-error: ${{ endsWith(matrix.ruby, 'head') || matrix.ruby == 'debug' }}
     steps:
-    - uses: actions/checkout@v2
-    - uses: ruby/setup-ruby@v1
-      with:
-        ruby-version: ${{ matrix.ruby }}
-    - run: bundle install
-    - run: bundle exec rake
+      - uses: actions/checkout@v2
+      - uses: ruby/setup-ruby@v1
+        with:
+          ruby-version: ${{ matrix.ruby }}
+      - run: bundle install
+      - run: bundle exec rake

data/.gitignore

@@ -6,6 +6,7 @@
 /pkg/
 /spec/reports/
 /tmp/
+Gemfile.lock
 
 # rspec failure tracking
 .rspec_status

data/README.md

@@ -48,11 +48,15 @@ To make Evervault available for use in your app:
 ```ruby
 require "evervault"
 
-# Initialize the client with your team's API key
+# Initialize the client with your App's ID and App's API key
+Evervault.app_id = <YOUR-APP-ID>
 Evervault.api_key = <YOUR-API-KEY>
 
 # Encrypt your data
-encrypted_data = Evervault.encrypt({ hello: 'World!' })
+encrypted_data = Evervault.encrypt('Hello World!')
+
+# Decrypt your data
+decrypted = Evervault.decrypt(encrypted_data)
 
 # Process the encrypted data using a Function
 result = Evervault.run(<FUNCTION-NAME>, encrypted_data)
@@ -65,6 +69,7 @@ req.body = encrypted_data.to_json
 http = Net::HTTP.new(uri.host, uri.port)
 http.use_ssl = true
 res = http.request(req)
+
 ```
 
 ## Reference
@@ -79,13 +84,26 @@ The Evervault Ruby SDK exposes four methods.
 Evervault.encrypt(data = String | Number | Boolean | Hash | Array)
 ```
 
-| Parameter | Type | Description |
-| --------- | ---- | ----------- |
-| data | `String`, `Number`, `Boolean`, `Hash`, `Array` | Data to be encrypted |
+| Parameter | Type                                           | Description          |
+| --------- | ---------------------------------------------- | -------------------- |
+| data      | `String`, `Number`, `Boolean`, `Hash`, `Array` | Data to be encrypted |
+
+### Evervault.decrypt
+
+`Evervault.decrypt` decrypts data previously encrypted with the `encrypt()` function or through Evervault's Relay (Evervault's encryption proxy).
+An API Key with the `decrypt` permission must be used to perform this operation.
+
+```ruby
+Evervault.decrypt(data = String | Array | Hash)
+```
+
+| Parameter | Type                      | Description          |
+| --------- | ------------------------- | -------------------- |
+| data      | `String`, `Array`, `Hash` | Data to be decrypted |
 
 ### Evervault.enable_outbound_relay
 
-`Evervault.enable_outbound_relay` configures your application to proxy HTTP requests using Outbound Relay based on the configuration created in the Evervault UI. See [Outbound Relay](https://docs.evervault.com/concepts/outbound-relay/overview) to learn more.  
+`Evervault.enable_outbound_relay` configures your application to proxy HTTP requests using Outbound Relay based on the configuration created in the Evervault UI. See [Outbound Relay](https://docs.evervault.com/concepts/outbound-relay/overview) to learn more.
 
 ```ruby
 Evervault.enable_outbound_relay([decryption_domains = Array])
@@ -98,6 +116,7 @@ Evervault.enable_outbound_relay([decryption_domains = Array])
 ### Evervault.run
 
 `Evervault.run` invokes a Function with a given payload.
+An API Key with the `run Function` permission must be used to perform this operation.
 
 ```ruby
 Evervault.run(function_name = String, data = Hash[, options = Hash])
@@ -119,6 +138,7 @@ Evervault.run(function_name = String, data = Hash[, options = Hash])
 ### Evervault.create_run_token
 
 `Evervault.create_run_token` creates a single use, time bound token for invoking a Function.
+An API Key with the `create Run Token` permission must be used to perform this operation.
 
 ```ruby
 Evervault.create_run_token(function_name = String, data = Hash)

data/lib/evervault/client.rb

@@ -8,23 +8,25 @@ require_relative "crypto/client"
 module Evervault
   class Client
 
-    attr_accessor :api_key, :base_url, :cage_run_url, :request_timeout
+    attr_accessor :function_run_url
     def initialize(
+      app_uuid:,
       api_key:,
       base_url: "https://api.evervault.com/",
-      cage_run_url: "https://run.evervault.com/",
+      function_run_url: "https://run.evervault.com/",
       relay_url: "https://relay.evervault.com:8443",
       ca_host: "https://ca.evervault.com",
       request_timeout: 30,
       curve: 'prime256v1'
     )
-      @request = Evervault::Http::Request.new(timeout: request_timeout, api_key: api_key)
+      @function_run_url = function_run_url
+      @request = Evervault::Http::Request.new(timeout: request_timeout, app_uuid: app_uuid, api_key: api_key)
       @intercept = Evervault::Http::RequestIntercept.new(
         request: @request, ca_host: ca_host, api_key: api_key, base_url: base_url, relay_url: relay_url
       )
       @request_handler =
         Evervault::Http::RequestHandler.new(
-          request: @request, base_url: base_url, cage_run_url: cage_run_url, cert: @intercept
+          request: @request, base_url: base_url, cert: @intercept
         )
       @crypto_client = Evervault::Crypto::Client.new(request_handler: @request_handler, curve: curve)
       @intercept.setup()
@@ -34,8 +36,32 @@ module Evervault
       @crypto_client.encrypt(data)
     end
 
-    def run(function_name, encrypted_data, options = {})
-      @request_handler.post(function_name, encrypted_data, options: options, cage_run: true)
+    def decrypt(data)
+      unless data.is_a?(String) || data.is_a?(Array) || data.is_a?(Hash)
+        raise Evervault::Errors::ArgumentError.new("data is of invalid type")
+      end
+      payload = { data: data }
+      response = @request_handler.post("decrypt", payload, nil, nil, true)
+      response["data"]
+    end
+
+    def run(function_name, payload, options = {})
+      optional_headers = {}
+      if options.key?(:async)
+        if options[:async]
+          optional_headers["x-async"] = "true"
+        end
+      end
+      if options.key?(:version)
+        if options[:version].is_a? Integer
+          optional_headers["x-version-id"] = options[:version].to_s
+        end
+      end
+      @request_handler.post(function_name, payload, optional_headers, @function_run_url)
+    end
+
+    def create_run_token(function_name, data = {})
+      @request_handler.post("v2/functions/#{function_name}/run-token", data)
     end
 
     def enable_outbound_relay(decryption_domains = nil)
@@ -45,9 +71,5 @@ module Evervault
         @intercept.setup_decryption_domains(decryption_domains)
       end
     end
-
-    def create_run_token(function_name, data = {})
-      @request_handler.post("v2/functions/#{function_name}/run-token", data)
-    end
   end
 end

data/lib/evervault/http/request.rb

@@ -6,31 +6,52 @@ require_relative "../errors/error_map"
 module Evervault
   module Http
     class Request
-      def initialize(timeout:, api_key:)
+      def initialize(timeout:, app_uuid:, api_key:)
         @timeout = timeout
+        @app_uuid = app_uuid
         @api_key = api_key
       end
 
-      def execute(method, url, params, optional_headers = {})
-        resp = Faraday.send(method, url) do |req|
-            req.body = params.nil? || params.empty? ? nil : params.to_json
-            req.headers = build_headers(optional_headers)
+      def execute(method, url, body = nil, optional_headers = {}, basic_auth = false)
+        resp = faraday(basic_auth).public_send(method, url) do |req, url|
+            req.body = body.nil? || body.empty? ? nil : body.to_json
+            req.headers = build_headers(optional_headers, basic_auth)
             req.options.timeout = @timeout
         end
+
         if resp.status >= 200 && resp.status <= 300
           return resp
         end
+
         Evervault::Errors::ErrorMap.raise_errors_on_failure(resp.status, resp.body, resp.headers)
       end
 
-      private def build_headers(optional_headers)
-        optional_headers.merge({
+      private
+
+      def faraday(basic_auth = false)
+        Faraday.new do |conn|
+          if basic_auth
+            conn.request :authorization, :basic, @app_uuid, @api_key
+          end
+        end
+      end
+
+      def build_headers(optional_headers = {}, basic_auth = false)
+        headers = {
           "AcceptEncoding": "gzip, deflate",
           "Accept": "application/json",
           "Content-Type": "application/json",
           "User-Agent": "evervault-ruby/#{VERSION}",
-          "Api-Key": @api_key,
-        })
+        }
+        unless optional_headers.nil? || optional_headers.empty?
+          headers = headers.merge(optional_headers)
+        end
+        if !basic_auth
+          headers = headers.merge({
+            "Api-Key": @api_key,
+          })
+        end
+        headers
       end
     end
   end

data/lib/evervault/http/request_handler.rb

@@ -6,70 +6,51 @@ require_relative "../errors/error_map"
 module Evervault
   module Http
     class RequestHandler
-      def initialize(request:, base_url:, cage_run_url:, cert:)
+      def initialize(request:, base_url:, cert:)
         @request = request
         @base_url = base_url
-        @cage_run_url = cage_run_url
         @cert = cert
       end
 
-      def get(path, params = nil)
+      def get(path)
         if @cert.is_certificate_expired()
           @cert.setup()
         end
-        resp = @request.execute(:get, build_url(path), params)
+        resp = @request.execute(:get, build_url(path))
         parse_json_body(resp.body)
       end
 
-      def put(path, params)
+      def put(path, body)
         if @cert.is_certificate_expired()
           @cert.setup()
         end
-        resp = @request.execute(:put, build_url(path), params)
+        resp = @request.execute(:put, build_url(path), body)
         parse_json_body(resp.body)
       end
 
-      def delete(path, params)
+      def delete(path)
         if @cert.is_certificate_expired()
           @cert.setup()
         end
-        resp = @request.execute(:delete, build_url(path), params)
+        resp = @request.execute(:delete, build_url(path))
         parse_json_body(resp.body)
       end
 
-      def post(path, params, options: {}, cage_run: false)
+      def post(path, body, optional_headers = {}, alternative_base_url = nil, basic_auth = false)
         if @cert.is_certificate_expired()
           @cert.setup()
         end
-        resp = @request.execute(:post, build_url(path, cage_run), params, build_cage_run_headers(options, cage_run))
-        parse_json_body(resp.body)
+        resp = @request.execute(:post, build_url(path, alternative_base_url), body, optional_headers, basic_auth)
+        return parse_json_body(resp.body) unless resp.body.empty?
       end
 
       private def parse_json_body(body)
         JSON.parse(body)
       end
 
-      private def build_url(path, cage_run = false)
-        return "#{@base_url}#{path}" unless cage_run
-        "#{@cage_run_url}#{path}"
-      end
-
-      private def build_cage_run_headers(options, cage_run = false)
-        optional_headers = {}
-        return optional_headers unless cage_run
-        if options.key?(:async)
-          if options[:async]
-            optional_headers["x-async"] = "true"
-          end
-          options.delete(:async)
-        end
-        if options.key?(:version)
-          if options[:version].is_a? Integer
-            optional_headers["x-version-id"] = options[:version].to_s
-          end
-          options.delete(:version)
-        end
-        optional_headers.merge(options)
+      private def build_url(path, alternative_base_url = nil)
+        return "#{@base_url}#{path}" unless alternative_base_url
+        "#{alternative_base_url}#{path}"
       end
     end
   end

data/lib/evervault/http/request_intercept.rb

@@ -46,7 +46,7 @@ module NetHTTPOverride
     end
   end
 
-  def connect
+  def connect_with_intercept
     if NetHTTPOverride.should_decrypt(conn_address)
       @cert_store = OpenSSL::X509::Store.new
       @cert_store.add_cert(@@cert)
@@ -54,19 +54,25 @@ module NetHTTPOverride
       @proxy_address = @@relay_url
       @proxy_port = @@relay_port
     end
-    super
+    connect_without_intercept
   end
 
-  def request(req, body = nil, &block)
+  def request_with_intercept(req, body = nil, &block)
     should_decrypt = NetHTTPOverride.should_decrypt(@address)
     if should_decrypt
       req["Proxy-Authorization"] = @@api_key
     end
-    super
+    request_without_intercept(req, body, &block)
   end
 end
 
-Net::HTTP.send :prepend, NetHTTPOverride
+Net::HTTP.class_eval do
+  include NetHTTPOverride
+  alias_method :request_without_intercept, :request
+  alias_method :request, :request_with_intercept
+  alias_method :connect_without_intercept, :connect
+  alias_method :connect, :connect_with_intercept
+end
 
 module Evervault
   module Http

data/lib/evervault/utils/validation_utils.rb

@@ -0,0 +1,31 @@
+require 'digest'
+
+module Evervault
+  module Utils
+    class ValidationUtils
+
+      def self.validate_app_uuid_and_api_key(app_uuid, api_key)
+        if app_uuid.nil?
+          raise Evervault::Errors::AuthenticationError.new(
+            "No App ID provided. The App ID can be retrieved in the Evervault dashboard (App Settings)."
+          )
+        end
+        if api_key.nil?
+          raise Evervault::Errors::AuthenticationError.new(
+            "The provided App ID is invalid. The App ID can be retrieved in the Evervault dashboard (App Settings)."
+          )
+        end
+        if api_key.start_with?('ev:key')
+          # Scoped API key
+          app_uuid_hash = Digest::SHA512.base64digest(app_uuid)[0, 6]
+          app_uuid_hash_from_api_key = api_key.split(':')[4]
+          if app_uuid_hash != app_uuid_hash_from_api_key
+            raise Evervault::Errors::AuthenticationError.new(
+              "The API key is not valid for app #{app_uuid}. Make sure to use an API key belonging to the app #{app_uuid}."
+            )
+          end
+        end
+      end
+    end
+  end
+end

data/lib/evervault/version.rb

@@ -1,4 +1,4 @@
 module Evervault
-  VERSION = "1.3.1"
+  VERSION = "2.0.0"
   EV_VERSION = {"prime256v1" => "NOC", "secp256k1" => "DUB"}
 end

data/lib/evervault.rb

@@ -1,15 +1,21 @@
 require_relative "evervault/version"
 require_relative "evervault/client"
 require_relative "evervault/errors/errors"
+require_relative "evervault/utils/validation_utils"
 
 module Evervault
   class << self
+    attr_accessor :app_id
     attr_accessor :api_key
 
     def encrypt(data)
       client.encrypt(data)
     end
 
+    def decrypt(data)
+      client.decrypt(data)
+    end
+
     def run(function_name, encrypted_data, options = {})
       client.run(function_name, encrypted_data, options)
     end
@@ -23,12 +29,8 @@ module Evervault
     end
 
     private def client
-      if api_key.nil?
-        raise Evervault::Errors::AuthenticationError.new(
-                "Please enter your team's API Key"
-              )
-      end
-      @client ||= Evervault::Client.new(api_key: api_key)
+      Evervault::Utils::ValidationUtils.validate_app_uuid_and_api_key(app_id, api_key)
+      @client ||= Evervault::Client.new(app_uuid: app_id, api_key: api_key)
     end
   end
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: evervault
 version: !ruby/object:Gem::Version
-  version: 1.3.1
+  version: 2.0.0
 platform: ruby
 authors:
 - Jonny O'Mahony
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2023-03-28 00:00:00.000000000 Z
+date: 2023-07-21 00:00:00.000000000 Z
 dependencies: []
 description: 
 email:
@@ -42,6 +42,7 @@ files:
 - lib/evervault/http/request_handler.rb
 - lib/evervault/http/request_intercept.rb
 - lib/evervault/threading/repeated_timer.rb
+- lib/evervault/utils/validation_utils.rb
 - lib/evervault/version.rb
 - res/logo.svg
 - res/logo512.png