evervault 2.0.0 → 3.0.1

data/lib/evervault/errors/errors.rb

@@ -1,33 +1,26 @@
+# frozen_string_literal: true
+
 module Evervault
   module Errors
     class EvervaultError < StandardError; end
 
-    class ArgumentError < EvervaultError; end
-
-    class HttpError < EvervaultError; end
-
-    class ResourceNotFoundError < EvervaultError; end
-
-    class AuthenticationError < EvervaultError; end
-
-    class ServerError < EvervaultError; end
-
-    class BadGatewayError < EvervaultError; end
-
-    class ServiceUnavailableError < EvervaultError; end
-
-    class BadRequestError < EvervaultError; end
-
-    class UndefinedDataError < EvervaultError; end
+    class FunctionError < EvervaultError; end
 
-    class InvalidPublicKeyError < EvervaultError; end
+    class ForbiddenIPError < FunctionError; end
 
-    class UnexpectedError < EvervaultError; end
+    class FunctionTimeoutError < FunctionError; end
 
-    class CertDownloadError < EvervaultError; end
+    class FunctionNotReadyError < FunctionError; end
 
-    class UnsupportedEncryptType < EvervaultError; end
+    class FunctionRuntimeError < FunctionError
+      attr_reader :message, :stack, :id
 
-    class ForbiddenIPError < EvervaultError; end
+      def initialize(message, stack, id)
+        @message = message
+        @stack = stack
+        @id = id
+        super(message.to_s)
+      end
+    end
   end
 end

data/lib/evervault/errors/legacy_error_map.rb

@@ -0,0 +1,52 @@
+# frozen_string_literal: true
+
+require_relative 'errors'
+
+module Evervault
+  module Errors
+    class LegacyErrorMap
+      def self.raise_errors_on_failure(status_code, body, headers)
+        return if status_code < 400
+
+        case status_code
+        when 404
+          raise EvervaultError, 'Resource not found'
+        when 400
+          raise EvervaultError, 'Bad request'
+        when 401
+          raise EvervaultError, 'Unauthorized'
+        when 403
+          if (headers.include? 'x-evervault-error-code') && (headers['x-evervault-error-code'] == 'forbidden-ip-error')
+            raise ForbiddenIPError, 'IP is not present in Cage whitelist'
+          end
+
+          raise EvervaultError, 'Forbidden'
+
+        when 500
+          raise EvervaultError, 'Server error'
+        when 502
+          raise EvervaultError, 'Bad gateway error'
+        when 503
+          raise EvervaultError, 'Service unavailable'
+        else
+          raise EvervaultError, message_for_unexpected_error_without_type(body)
+        end
+      end
+
+      private
+
+      def message_for_unexpected_error_without_type(error_details)
+        if error_details.nil?
+          return(
+            'An unexpected error occurred without message or status code. Please contact Evervault support'
+          )
+        end
+        message = error_details['message']
+        status_code = error_details['statusCode']
+        "An unexpected error occured. It occurred with the message: #{
+          message
+        } and http_code: '#{status_code}'. Please contact Evervault support"
+      end
+    end
+  end
+end

data/lib/evervault/http/relay_outbound_config.rb

@@ -1,8 +1,10 @@
+# frozen_string_literal: true
+
 module Evervault
   module Http
     class RelayOutboundConfig
       DEFAULT_POLL_INTERVAL = 5
-      RELAY_OUTBOUND_CONFIG_API_ENDPOINT = "v2/relay-outbound"
+      RELAY_OUTBOUND_CONFIG_API_ENDPOINT = 'v2/relay-outbound'
 
       @@destination_domains_cache = nil
       @@poll_interval = DEFAULT_POLL_INTERVAL
@@ -11,12 +13,10 @@ module Evervault
       def initialize(base_url:, request:)
         @base_url = base_url
         @request = request
-        if @@destination_domains_cache.nil?
-          get_relay_outbound_config
-        end
-        if @@timer.nil?
-          @@timer = Evervault::Threading::RepeatedTimer.new(@@poll_interval, -> { get_relay_outbound_config })
-        end
+        get_relay_outbound_config if @@destination_domains_cache.nil?
+        return unless @@timer.nil?
+
+        @@timer = Evervault::Threading::RepeatedTimer.new(@@poll_interval, -> { get_relay_outbound_config })
       end
 
       def get_destination_domains
@@ -24,32 +24,34 @@ module Evervault
       end
 
       def self.disable_polling
-        unless @@timer.nil?
-          @@timer.stop
-          @@timer = nil
-        end
+        return if @@timer.nil?
+
+        @@timer.stop
+        @@timer = nil
       end
 
       def self.clear_cache
         @@destination_domains_cache = nil
       end
 
-      private def get_relay_outbound_config
-        resp = @request.execute(:get, "#{@base_url}#{RELAY_OUTBOUND_CONFIG_API_ENDPOINT}", nil)
-        poll_interval = resp.headers["x-poll-interval"]
-        unless poll_interval.nil?
-          update_poll_interval(poll_interval.to_f)
-        end
+      private
+
+      def get_relay_outbound_config
+        resp = @request.execute(:get, "#{@base_url}#{RELAY_OUTBOUND_CONFIG_API_ENDPOINT}")
+        poll_interval = resp.headers['x-poll-interval']
+        update_poll_interval(poll_interval.to_f) unless poll_interval.nil?
         resp_body = JSON.parse(resp.body)
-        @@destination_domains_cache = resp_body["outboundDestinations"].values.map{ |outbound_destination| outbound_destination["destinationDomain"] }
+        @@destination_domains_cache = resp_body['outboundDestinations'].values.map do |outbound_destination|
+          outbound_destination['destinationDomain']
+        end
       end
 
-      private def update_poll_interval(poll_interval)
+      def update_poll_interval(poll_interval)
         @@poll_interval = poll_interval
-        unless @@timer.nil?
-          @@timer.update_interval(poll_interval)
-        end
+        return if @@timer.nil?
+
+        @@timer.update_interval(poll_interval)
       end
     end
   end
-end
+end

data/lib/evervault/http/request.rb

@@ -1,55 +1,50 @@
-require "faraday"
-require "json"
-require_relative "../version"
-require_relative "../errors/error_map"
+# frozen_string_literal: true
+
+require 'faraday'
+require 'json'
+require_relative '../version'
+require_relative '../errors/legacy_error_map'
 
 module Evervault
   module Http
     class Request
-      def initialize(timeout:, app_uuid:, api_key:)
-        @timeout = timeout
-        @app_uuid = app_uuid
-        @api_key = api_key
+      attr_reader :config
+
+      def initialize(config:)
+        @config = config
       end
 
-      def execute(method, url, body = nil, optional_headers = {}, basic_auth = false)
-        resp = faraday(basic_auth).public_send(method, url) do |req, url|
-            req.body = body.nil? || body.empty? ? nil : body.to_json
-            req.headers = build_headers(optional_headers, basic_auth)
-            req.options.timeout = @timeout
+      def execute(method, url, body = nil, basic_auth = false, error_map = Evervault::Errors::LegacyErrorMap)
+        resp = faraday(basic_auth).public_send(method, url) do |req, _url|
+          req.body = body.nil? || body.empty? ? nil : body.to_json
+          req.headers = build_headers(basic_auth)
+          req.options.timeout = config.request_timeout
         end
 
-        if resp.status >= 200 && resp.status <= 300
-          return resp
-        end
+        return resp if resp.status >= 200 && resp.status <= 300
 
-        Evervault::Errors::ErrorMap.raise_errors_on_failure(resp.status, resp.body, resp.headers)
+        error_map.raise_errors_on_failure(resp.status, resp.body, resp.headers)
       end
 
       private
 
       def faraday(basic_auth = false)
         Faraday.new do |conn|
-          if basic_auth
-            conn.request :authorization, :basic, @app_uuid, @api_key
-          end
+          conn.request :authorization, :basic, config.app_id, config.api_key if basic_auth
         end
       end
 
-      def build_headers(optional_headers = {}, basic_auth = false)
+      def build_headers(basic_auth = false)
         headers = {
-          "AcceptEncoding": "gzip, deflate",
-          "Accept": "application/json",
-          "Content-Type": "application/json",
-          "User-Agent": "evervault-ruby/#{VERSION}",
+          "AcceptEncoding": 'gzip, deflate',
+          "Accept": 'application/json',
+          "Content-Type": 'application/json',
+          "User-Agent": "evervault-ruby/#{VERSION}"
         }
-        unless optional_headers.nil? || optional_headers.empty?
-          headers = headers.merge(optional_headers)
-        end
-        if !basic_auth
+        unless basic_auth
           headers = headers.merge({
-            "Api-Key": @api_key,
-          })
+                                    "Api-Key": config.api_key
+                                  })
         end
         headers
       end

data/lib/evervault/http/request_handler.rb

@@ -1,56 +1,53 @@
-require "faraday"
-require "json"
-require_relative "../version"
-require_relative "../errors/error_map"
+# frozen_string_literal: true
+
+require 'faraday'
+require 'json'
+require_relative '../version'
+require_relative '../errors/error_map'
 
 module Evervault
   module Http
     class RequestHandler
-      def initialize(request:, base_url:, cert:)
+      attr_reader :config
+
+      def initialize(request:, config:, cert:)
         @request = request
-        @base_url = base_url
+        @config = config
         @cert = cert
       end
 
       def get(path)
-        if @cert.is_certificate_expired()
-          @cert.setup()
-        end
+        @cert.setup if @cert.is_certificate_expired
         resp = @request.execute(:get, build_url(path))
         parse_json_body(resp.body)
       end
 
       def put(path, body)
-        if @cert.is_certificate_expired()
-          @cert.setup()
-        end
+        @cert.setup if @cert.is_certificate_expired
         resp = @request.execute(:put, build_url(path), body)
         parse_json_body(resp.body)
       end
 
       def delete(path)
-        if @cert.is_certificate_expired()
-          @cert.setup()
-        end
+        @cert.setup if @cert.is_certificate_expired
         resp = @request.execute(:delete, build_url(path))
         parse_json_body(resp.body)
       end
 
-      def post(path, body, optional_headers = {}, alternative_base_url = nil, basic_auth = false)
-        if @cert.is_certificate_expired()
-          @cert.setup()
-        end
-        resp = @request.execute(:post, build_url(path, alternative_base_url), body, optional_headers, basic_auth)
-        return parse_json_body(resp.body) unless resp.body.empty?
+      def post(path, body, basic_auth = false, error_map = Evervault::Errors::LegacyErrorMap)
+        @cert.setup if @cert.is_certificate_expired
+        resp = @request.execute(:post, build_url(path), body, basic_auth, error_map)
+        parse_json_body(resp.body) unless resp.body.empty?
       end
 
-      private def parse_json_body(body)
+      private
+
+      def parse_json_body(body)
         JSON.parse(body)
       end
 
-      private def build_url(path, alternative_base_url = nil)
-        return "#{@base_url}#{path}" unless alternative_base_url
-        "#{alternative_base_url}#{path}"
+      def build_url(path)
+        "#{config.base_url}#{path}"
       end
     end
   end

data/lib/evervault/http/request_intercept.rb

@@ -1,10 +1,12 @@
-require "faraday"
-require "json"
-require "tempfile"
-require "openssl"
+# frozen_string_literal: true
+
+require 'faraday'
+require 'json'
+require 'tempfile'
+require 'openssl'
 require 'net/http'
-require_relative "../version"
-require_relative "../errors/errors"
+require_relative '../version'
+require_relative '../errors/errors'
 
 module NetHTTPOverride
   @@api_key = nil
@@ -18,7 +20,7 @@ module NetHTTPOverride
   end
 
   def self.set_relay_url(value)
-    relay_address_and_port = value.gsub(/(^\w+:|^)\/\//, '').split(":")
+    relay_address_and_port = value.gsub(%r{(^\w+:|^)//}, '').split(':')
     @@relay_url = relay_address_and_port[0]
     @@relay_port = relay_address_and_port[1]
   end
@@ -35,14 +37,14 @@ module NetHTTPOverride
     if @@get_decryption_domains_func.nil?
       false
     else
-      decryption_domains = @@get_decryption_domains_func.call()
-      decryption_domains.any? { |decryption_domain| 
-        if decryption_domain.start_with?("*")
-          domain.end_with?(decryption_domain[1..-1])
+      decryption_domains = @@get_decryption_domains_func.call
+      decryption_domains.any? do |decryption_domain|
+        if decryption_domain.start_with?('*')
+          domain.end_with?(decryption_domain[1..])
         else
           domain == decryption_domain
         end
-      }
+      end
     end
   end
 
@@ -59,9 +61,7 @@ module NetHTTPOverride
 
   def request_with_intercept(req, body = nil, &block)
     should_decrypt = NetHTTPOverride.should_decrypt(@address)
-    if should_decrypt
-      req["Proxy-Authorization"] = @@api_key
-    end
+    req['Proxy-Authorization'] = @@api_key if should_decrypt
     request_without_intercept(req, body, &block)
   end
 end
@@ -77,58 +77,58 @@ end
 module Evervault
   module Http
     class RequestIntercept
-      def initialize(request:, ca_host:, api_key:, base_url:, relay_url:)
-        NetHTTPOverride.set_api_key(api_key)
-        NetHTTPOverride.set_relay_url(relay_url)
-        
+      attr_reader :config
+
+      def initialize(request:, config:)
+        @config = config
+        NetHTTPOverride.set_api_key(config.api_key)
+        NetHTTPOverride.set_relay_url(config.relay_url)
+
         @request = request
-        @base_url = base_url
-        @ca_host = ca_host
         @expire_date = nil
         @initial_date = nil
       end
 
-      def is_certificate_expired()
+      def is_certificate_expired
         if @expire_date
           now = Time.now
-          if now > @expire_date || now < @initial_date
-            return true
-          end
+          return true if now > @expire_date || now < @initial_date
         end
-        return false
+        false
       end
 
       def setup_decryption_domains(decryption_domains)
-        NetHTTPOverride.add_get_decryption_domains_func(-> {
+        NetHTTPOverride.add_get_decryption_domains_func(lambda {
           decryption_domains
         })
       end
 
       def setup_outbound_relay_config
-        @relay_outbound_config = Evervault::Http::RelayOutboundConfig.new(base_url: @base_url, request: @request)
-        NetHTTPOverride.add_get_decryption_domains_func(-> {
+        @relay_outbound_config = Evervault::Http::RelayOutboundConfig.new(base_url: config.base_url, request: @request)
+        NetHTTPOverride.add_get_decryption_domains_func(lambda {
           @relay_outbound_config.get_destination_domains
         })
       end
 
       def setup
-        get_cert()
+        get_cert
       end
 
-      def get_cert()
+      def get_cert
         ca_content = nil
         i = 0
 
         while !ca_content && i < 1
           i += 1
           begin
-            ca_content = @request.execute("get", @ca_host, nil, {}).body
-          rescue;
+            ca_content = @request.execute('get', config.ca_host).body
+          rescue StandardError
           end
         end
 
-        if !ca_content || ca_content == ""
-          raise Evervault::Errors::CertDownloadError.new("Unable to install the Evervault root certificate from #{@ca_host}")
+        if !ca_content || ca_content == ''
+          raise Evervault::Errors::EvervaultError,
+                "Unable to install the Evervault root certificate from #{config.ca_host}"
         end
 
         cert = OpenSSL::X509::Certificate.new ca_content
@@ -137,14 +137,11 @@ module Evervault
       end
 
       def set_cert_expire_date(cert)
-        begin
-          @expire_date = cert.not_after
-          @initial_date = cert.not_before
-        rescue => exception
-          @expire_date = nil
-        end
+        @expire_date = cert.not_after
+        @initial_date = cert.not_before
+      rescue StandardError
+        @expire_date = nil
       end
     end
   end
 end
-

data/lib/evervault/threading/repeated_timer.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 module Evervault
   module Threading
     class RepeatedTimer
@@ -9,15 +11,15 @@ module Evervault
       end
 
       def start
-        if !running?
-          @thread = Thread.new do
-            loop do
-              sleep @interval
-              begin 
-                @func.call
-              rescue => e
-                # Silently ignore exceptions
-              end
+        return if running?
+
+        @thread = Thread.new do
+          loop do
+            sleep @interval
+            begin
+              @func.call
+            rescue StandardError
+              # Silently ignore exceptions
             end
           end
         end
@@ -37,4 +39,4 @@ module Evervault
       end
     end
   end
-end
+end

data/lib/evervault/utils/validation_utils.rb

@@ -1,31 +1,30 @@
+# frozen_string_literal: true
+
 require 'digest'
 
 module Evervault
   module Utils
     class ValidationUtils
-
       def self.validate_app_uuid_and_api_key(app_uuid, api_key)
         if app_uuid.nil?
-          raise Evervault::Errors::AuthenticationError.new(
-            "No App ID provided. The App ID can be retrieved in the Evervault dashboard (App Settings)."
-          )
+          raise Evervault::Errors::EvervaultError,
+                'No App ID provided. The App ID can be retrieved in the Evervault dashboard (App Settings).'
         end
         if api_key.nil?
-          raise Evervault::Errors::AuthenticationError.new(
-            "The provided App ID is invalid. The App ID can be retrieved in the Evervault dashboard (App Settings)."
-          )
-        end
-        if api_key.start_with?('ev:key')
-          # Scoped API key
-          app_uuid_hash = Digest::SHA512.base64digest(app_uuid)[0, 6]
-          app_uuid_hash_from_api_key = api_key.split(':')[4]
-          if app_uuid_hash != app_uuid_hash_from_api_key
-            raise Evervault::Errors::AuthenticationError.new(
-              "The API key is not valid for app #{app_uuid}. Make sure to use an API key belonging to the app #{app_uuid}."
-            )
-          end
+          raise Evervault::Errors::EvervaultError,
+                'The provided App ID is invalid. The App ID can be retrieved in the Evervault dashboard (App Settings).'
         end
+        return unless api_key.start_with?('ev:key')
+
+        # Scoped API key
+        app_uuid_hash = Digest::SHA512.base64digest(app_uuid)[0, 6]
+        app_uuid_hash_from_api_key = api_key.split(':')[4]
+        return unless app_uuid_hash != app_uuid_hash_from_api_key
+
+        raise Evervault::Errors::EvervaultError,
+              "The API key is not valid for app #{app_uuid}. Make sure to use an API key belonging to the ap'\
+        'p #{app_uuid}."
       end
     end
   end
-end
+end

data/lib/evervault/version.rb

@@ -1,4 +1,6 @@
+# frozen_string_literal: true
+
 module Evervault
-  VERSION = "2.0.0"
-  EV_VERSION = {"prime256v1" => "NOC", "secp256k1" => "DUB"}
+  VERSION = "3.0.1"
+  EV_VERSION = { 'prime256v1' => 'QkTC', 'secp256k1' => 'S0lS' }.freeze
 end

data/lib/evervault.rb

@@ -1,36 +1,52 @@
-require_relative "evervault/version"
-require_relative "evervault/client"
-require_relative "evervault/errors/errors"
-require_relative "evervault/utils/validation_utils"
+# frozen_string_literal: true
+
+require 'time'
+require_relative 'evervault/version'
+require_relative 'evervault/client'
+require_relative 'evervault/config'
+require_relative 'evervault/errors/errors'
+require_relative 'evervault/utils/validation_utils'
 
 module Evervault
   class << self
-    attr_accessor :app_id
-    attr_accessor :api_key
+    attr_accessor :app_id, :api_key
+
+    def encrypt(...)
+      client.encrypt(...)
+    end
 
-    def encrypt(data)
-      client.encrypt(data)
+    def decrypt(...)
+      client.decrypt(...)
     end
 
-    def decrypt(data)
-      client.decrypt(data)
+    def run(...)
+      client.run(...)
     end
 
-    def run(function_name, encrypted_data, options = {})
-      client.run(function_name, encrypted_data, options)
+    def enable_outbound_relay(...)
+      client.enable_outbound_relay(...)
     end
 
-    def enable_outbound_relay(decryption_domains = nil)
-      client.enable_outbound_relay(decryption_domains)
+    def create_run_token(...)
+      client.create_run_token(...)
     end
 
-    def create_run_token(function_name, data = {})
-      client.create_run_token(function_name, data)
+    def create_client_side_decrypt_token(data, expiry = nil)
+      expiry = (expiry.to_f * 1000).to_i unless expiry.nil?
+      client.create_token('api:decrypt', data, expiry)
     end
 
-    private def client
-      Evervault::Utils::ValidationUtils.validate_app_uuid_and_api_key(app_id, api_key)
-      @client ||= Evervault::Client.new(app_uuid: app_id, api_key: api_key)
+    def configure(...)
+      client.configure(...)
+    end
+
+    private
+
+    def client
+      @client ||= begin
+        Evervault::Utils::ValidationUtils.validate_app_uuid_and_api_key(app_id, api_key)
+        Evervault::Client.new(app_uuid: app_id, api_key: api_key)
+      end
     end
   end
 end