familia 2.0.0.pre5 → 2.0.0.pre6

data/try/data_types/counter_try.rb

@@ -0,0 +1,93 @@
+# try/data_types/counter_try.rb
+
+require_relative '../helpers/test_helpers'
+
+@a = Bone.new(token: 'atoken3')
+
+## Bone#dbkey
+@a.dbkey
+#=> 'bone:atoken3:object'
+
+## Familia::Counter should have default value of 0
+@a.counter.value
+#=> 0
+
+## Familia::Counter#value=
+@a.counter.value = 42
+#=> 42
+
+## Familia::Counter#to_i
+@a.counter.to_i
+#=> 42
+
+## Familia::Counter#to_s
+@a.counter.to_s
+#=> '42'
+
+## Familia::Counter#increment
+@a.counter.increment
+#=> 43
+
+## Familia::Counter#incrementby
+@a.counter.incrementby(10)
+#=> 53
+
+## Familia::Counter#decrement
+@a.counter.decrement
+#=> 52
+
+## Familia::Counter#decrementby
+@a.counter.decrementby(5)
+#=> 47
+
+## Familia::Counter#reset with value
+@a.counter.reset(100)
+#=> true
+
+## Familia::Counter#reset without value (defaults to 0)
+@a.counter.reset
+@a.counter.reset
+@a.counter.value
+#=> 0
+
+## Familia::Counter#atomic_increment_and_get
+@a.counter.atomic_increment_and_get(25)
+#=> 25
+
+## Familia::Counter#increment_if_less_than (success case)
+@a.counter.increment_if_less_than(50, 10)
+#=> true
+
+## Familia::Counter#value after conditional increment
+@a.counter.to_i
+#=> 35
+
+## Familia::Counter#increment_if_less_than (failure case)
+@a.counter.increment_if_less_than(30, 10)
+#=> false
+
+## Familia::Counter#value unchanged after failed conditional increment
+@a.counter.to_i
+#=> 35
+
+## Familia::Counter.new standalone
+@counter = Familia::Counter.new 'test:counter'
+@counter.dbkey
+#=> 'test:counter'
+
+## Standalone counter starts at 0
+@counter.value
+#=> 0
+
+## Standalone counter increment
+@counter.increment
+#=> 1
+
+## Standalone counter set string value gets coerced to integer
+@counter.value = "123"
+@counter.to_i
+#=> 123
+
+# Cleanup
+@a.counter.delete!
+@counter.delete!

data/try/data_types/lock_try.rb

@@ -0,0 +1,133 @@
+# try/data_types/lock_try.rb
+
+require_relative '../helpers/test_helpers'
+
+@a = Bone.new(token: 'atoken4')
+
+## Bone#dbkey
+@a.dbkey
+#=> 'bone:atoken4:object'
+
+## Familia::Lock should start unlocked
+@a.lock.locked?
+#=> false
+
+## Familia::Lock#value should be nil when unlocked
+@a.lock.value
+#=> nil
+
+## Familia::Lock#acquire returns token when successful
+@token1 = @a.lock.acquire
+@token1.class
+#=> String
+
+## Familia::Lock#locked? after acquire
+@a.lock.locked?
+#=> true
+
+## Familia::Lock#held_by? with correct token
+@a.lock.held_by?(@token1)
+#=> true
+
+## Familia::Lock#held_by? with wrong token
+@a.lock.held_by?('wrong-token')
+#=> false
+
+## Familia::Lock#acquire when already locked returns false
+@a.lock.acquire
+#=> false
+
+## Familia::Lock#release with correct token
+@a.lock.release(@token1)
+#=> true
+
+## Familia::Lock#locked? after release
+@a.lock.locked?
+#=> false
+
+## Familia::Lock#release with wrong token (lock not held)
+@a.lock.release('wrong-token')
+#=> false
+
+## Familia::Lock#acquire with custom token
+@custom_token = 'my-custom-token-123'
+@result = @a.lock.acquire(@custom_token)
+@result
+#=> 'my-custom-token-123'
+
+## Familia::Lock#held_by? with custom token
+@a.lock.held_by?(@custom_token)
+#=> true
+
+## Familia::Lock#force_unlock!
+@a.lock.force_unlock!
+#=> true
+
+## Familia::Lock#locked? after force unlock
+@a.lock.locked?
+#=> false
+
+## Familia::Lock.new standalone
+@lock = Familia::Lock.new 'test:lock'
+@lock.dbkey
+#=> 'test:lock'
+
+## Standalone lock starts unlocked
+@lock.locked?
+#=> false
+
+## Standalone lock acquire
+@standalone_token = @lock.acquire
+@standalone_token.class
+#=> String
+
+## Standalone lock is now locked
+@lock.locked?
+#=> true
+
+## Standalone lock acquire with TTL
+@lock.force_unlock!
+@ttl_token = @lock.acquire('ttl-token', ttl: 1)
+@ttl_token
+#=> 'ttl-token'
+
+## Wait for TTL expiration and check if lock auto-expires
+# Note: This test might be flaky in fast test runs
+sleep 2
+@lock.locked?
+#=> false
+
+## Acquire with zero TTL should return false
+@lock2 = Familia::Lock.new 'test:lock2'
+@lock2.acquire('zero-ttl', ttl: 0)
+#=> false
+
+## Lock should not be held after zero TTL rejection
+@lock2.locked?
+#=> false
+
+## Acquire with negative TTL should return false
+@lock2.acquire('neg-ttl', ttl: -5)
+#=> false
+
+## Lock should not be held after negative TTL rejection
+@lock2.locked?
+#=> false
+
+## Acquire with nil TTL should work (no expiration)
+@nil_ttl_token = @lock2.acquire('no-expiry', ttl: nil)
+@nil_ttl_token
+#=> 'no-expiry'
+
+## Lock with nil TTL should be held
+@lock2.locked?
+#=> true
+
+## Lock with nil TTL should not have expiration
+@lock2.current_expiration
+#=> -1
+
+## Cleanup
+@a.lock.delete!
+@lock.delete!
+@lock2.delete!

data/try/debugging/debug_aad_process.rb

@@ -0,0 +1,82 @@
+#!/usr/bin/env ruby
+
+$LOAD_PATH.unshift(File.expand_path('lib', __dir__))
+ENV['TEST'] = 'true'
+require 'familia'
+require_relative 'try/helpers/test_helpers'
+
+puts "Debugging AAD during encrypt/decrypt process..."
+
+# Setup encryption keys
+test_keys = { v1: Base64.strict_encode64('a' * 32) }
+Familia.config.encryption_keys = test_keys
+Familia.config.current_key_version = :v1
+
+class DebugModelA < Familia::Horreum
+  feature :encrypted_fields
+  identifier_field :id
+  field :id
+  encrypted_field :api_key
+end
+
+class DebugModelB < Familia::Horreum
+  feature :encrypted_fields
+  identifier_field :id
+  field :id
+  encrypted_field :api_key
+end
+
+# Patch the EncryptedFieldType to add debug output
+class Familia::EncryptedFieldType
+  alias_method :original_encrypt_value, :encrypt_value
+  alias_method :original_decrypt_value, :decrypt_value
+  alias_method :original_build_aad, :build_aad
+
+  def encrypt_value(record, value)
+    context = build_context(record)
+    aad = build_aad(record)
+    puts "[ENCRYPT] Class: #{record.class}, ID: #{record.identifier}, Context: #{context}, AAD: #{aad}"
+    original_encrypt_value(record, value)
+  end
+
+  def decrypt_value(record, encrypted)
+    context = build_context(record)
+    aad = build_aad(record)
+    puts "[DECRYPT] Class: #{record.class}, ID: #{record.identifier}, Context: #{context}, AAD: #{aad}"
+    original_decrypt_value(record, encrypted)
+  end
+
+  def build_aad(record)
+    aad = original_build_aad(record)
+    puts "[BUILD_AAD] Class: #{record.class}, ID: #{record.identifier}, AAD: #{aad}"
+    aad
+  end
+end
+
+# Clean database
+Familia.dbclient.flushdb
+
+model_a = DebugModelA.new(id: 'same-id')
+model_b = DebugModelB.new(id: 'same-id')
+
+puts "\n=== ENCRYPTION PHASE ==="
+puts "Encrypting for ModelA:"
+model_a.api_key = 'secret-key'
+cipher_a = model_a.instance_variable_get(:@api_key)
+
+puts "\nEncrypting for ModelB:"
+model_b.api_key = 'secret-key'
+cipher_b = model_b.instance_variable_get(:@api_key)
+
+puts "\n=== DECRYPTION PHASE - Same Context ==="
+puts "Decrypting ModelA with ModelA context:"
+model_a.api_key.reveal { |plain| puts "Result: #{plain}" }
+
+puts "\n=== DECRYPTION PHASE - Cross Context ==="
+puts "Setting ModelB cipher into ModelA and trying to decrypt:"
+model_a.instance_variable_set(:@api_key, cipher_b)
+begin
+  model_a.api_key.reveal { |plain| puts "ERROR: Cross-context worked: #{plain}" }
+rescue => e
+  puts "SUCCESS: Cross-context failed as expected: #{e.class}: #{e.message}"
+end

data/try/debugging/debug_concealed_internal.rb

@@ -0,0 +1,59 @@
+#!/usr/bin/env ruby
+
+$LOAD_PATH.unshift(File.expand_path('lib', __dir__))
+ENV['TEST'] = 'true'  # Mark as test environment
+require 'familia'
+require_relative 'try/helpers/test_helpers'
+
+puts "Testing ConcealedString internal call chain..."
+
+class TestModel < Familia::Horreum
+  feature :encrypted_fields
+  identifier_field :id
+  field :id
+  encrypted_field :secret
+end
+
+test_keys = { v1: Base64.strict_encode64('a' * 32) }
+Familia.config.encryption_keys = test_keys
+Familia.config.current_key_version = :v1
+
+# Clean database
+Familia.dbclient.flushdb
+
+puts "\n=== CONCEALED STRING INTERNAL DEBUGGING ==="
+
+# Create and save model
+model = TestModel.new(id: 'test1')
+model.secret = 'plaintext-secret'
+model.save
+
+# Load model from database
+loaded_model = TestModel.load('test1')
+concealed_string = loaded_model.secret
+
+# Access internal ConcealedString components
+puts "ConcealedString @encrypted_data: #{concealed_string.instance_variable_get(:@encrypted_data)}"
+puts "ConcealedString @record: #{concealed_string.instance_variable_get(:@record)}"
+puts "ConcealedString @field_type: #{concealed_string.instance_variable_get(:@field_type)}"
+
+record = concealed_string.instance_variable_get(:@record)
+field_type = concealed_string.instance_variable_get(:@field_type)
+encrypted_data = concealed_string.instance_variable_get(:@encrypted_data)
+
+puts "\n=== STEP BY STEP DECRYPTION ==="
+puts "Record class: #{record.class}"
+puts "Record identifier: #{record.identifier}"
+puts "Record exists?: #{record.exists?}"
+puts "Field type class: #{field_type.class}"
+
+# Test the exact same call that ConcealedString.reveal makes
+puts "\nCalling field_type.decrypt_value(record, encrypted_data)..."
+begin
+  result = field_type.decrypt_value(record, encrypted_data)
+  puts "decrypt_value result: #{result}"
+  puts "Result class: #{result.class}"
+rescue => e
+  puts "decrypt_value ERROR: #{e.class}: #{e.message}"
+  puts e.backtrace.first(10)
+end

data/try/debugging/debug_concealed_reveal.rb

@@ -0,0 +1,61 @@
+#!/usr/bin/env ruby
+
+$LOAD_PATH.unshift(File.expand_path('lib', __dir__))
+ENV['TEST'] = 'true'  # Mark as test environment
+require 'familia'
+require_relative 'try/helpers/test_helpers'
+
+puts "Testing ConcealedString.reveal error handling..."
+
+class TestModel < Familia::Horreum
+  feature :encrypted_fields
+  identifier_field :id
+  field :id
+  encrypted_field :secret
+end
+
+test_keys = { v1: Base64.strict_encode64('a' * 32) }
+Familia.config.encryption_keys = test_keys
+Familia.config.current_key_version = :v1
+
+# Clean database
+Familia.dbclient.flushdb
+
+puts "\n=== CONCEALED STRING REVEAL ERROR PATH ==="
+
+# Create and save model (encrypt with AAD = nil)
+model = TestModel.new(id: 'test1')
+model.secret = 'plaintext-secret'
+model.save
+
+# Load model from database (decrypt with AAD = "test1")
+loaded_model = TestModel.load('test1')
+
+puts "Loaded model secret class: #{loaded_model.secret.class}"
+
+# Test ConcealedString.reveal directly
+concealed_string = loaded_model.secret
+puts "ConcealedString object: #{concealed_string.inspect}"
+
+puts "\nTesting ConcealedString.reveal..."
+begin
+  result = concealed_string.reveal do |plaintext|
+    puts "Inside reveal block, plaintext: #{plaintext}"
+    plaintext  # Return the plaintext
+  end
+  puts "Reveal result: #{result}"
+  puts "Result class: #{result.class}"
+rescue => e
+  puts "Reveal ERROR: #{e.class}: #{e.message}"
+  puts e.backtrace.first(5)
+end
+
+puts "\nTesting ConcealedString.reveal_for_testing..."
+begin
+  result = concealed_string.reveal_for_testing
+  puts "reveal_for_testing result: #{result}"
+  puts "Result class: #{result.class}"
+rescue => e
+  puts "reveal_for_testing ERROR: #{e.class}: #{e.message}"
+  puts e.backtrace.first(5)
+end

data/try/debugging/debug_context_aad.rb

@@ -0,0 +1,68 @@
+#!/usr/bin/env ruby
+
+$LOAD_PATH.unshift(File.expand_path('lib', __dir__))
+ENV['TEST'] = 'true'
+require 'familia'
+require_relative 'try/helpers/test_helpers'
+
+puts "Debugging context and AAD generation..."
+
+# Setup encryption keys
+test_keys = { v1: Base64.strict_encode64('a' * 32) }
+Familia.config.encryption_keys = test_keys
+Familia.config.current_key_version = :v1
+
+class ModelA < Familia::Horreum
+  feature :encrypted_fields
+  identifier_field :id
+  field :id
+  encrypted_field :api_key
+end
+
+class ModelB < Familia::Horreum
+  feature :encrypted_fields
+  identifier_field :id
+  field :id
+  encrypted_field :api_key
+end
+
+model_a = ModelA.new(id: 'same-id')
+model_b = ModelB.new(id: 'same-id')
+
+# Get the field type for each model
+field_type_a = ModelA.fields[:api_key]
+field_type_b = ModelB.fields[:api_key]
+
+puts "=== Context and AAD Analysis ==="
+
+# Test context generation
+context_a = field_type_a.send(:build_context, model_a)
+context_b = field_type_b.send(:build_context, model_b)
+
+puts "ModelA context: #{context_a}"
+puts "ModelB context: #{context_b}"
+puts "Contexts match: #{context_a == context_b}"
+
+# Test AAD generation
+aad_a = field_type_a.send(:build_aad, model_a)
+aad_b = field_type_b.send(:build_aad, model_b)
+
+puts "\nModelA AAD: #{aad_a}"
+puts "ModelB AAD: #{aad_b}"
+puts "AADs match: #{aad_a == aad_b}"
+
+puts "\n=== Testing different identifiers ==="
+model_a2 = ModelA.new(id: 'different-id')
+model_b2 = ModelB.new(id: 'different-id')
+
+context_a2 = field_type_a.send(:build_context, model_a2)
+context_b2 = field_type_b.send(:build_context, model_b2)
+aad_a2 = field_type_a.send(:build_aad, model_a2)
+aad_b2 = field_type_b.send(:build_aad, model_b2)
+
+puts "ModelA2 context: #{context_a2}"
+puts "ModelB2 context: #{context_b2}"
+puts "A2-B2 contexts match: #{context_a2 == context_b2}"
+puts "ModelA2 AAD: #{aad_a2}"
+puts "ModelB2 AAD: #{aad_b2}"
+puts "A2-B2 AADs match: #{aad_a2 == aad_b2}"

data/try/debugging/debug_context_simple.rb

@@ -0,0 +1,80 @@
+#!/usr/bin/env ruby
+
+$LOAD_PATH.unshift(File.expand_path('lib', __dir__))
+ENV['TEST'] = 'true'
+require 'familia'
+
+puts "Understanding the issue with cross-context decryption..."
+
+# Setup encryption keys
+test_keys = { v1: Base64.strict_encode64('a' * 32) }
+Familia.config.encryption_keys = test_keys
+Familia.config.current_key_version = :v1
+
+class ModelA < Familia::Horreum
+  feature :encrypted_fields
+  identifier_field :id
+  field :id
+  encrypted_field :api_key
+end
+
+class ModelB < Familia::Horreum
+  feature :encrypted_fields
+  identifier_field :id
+  field :id
+  encrypted_field :api_key
+end
+
+model_a = ModelA.new(id: 'same-id')
+model_b = ModelB.new(id: 'same-id')
+
+puts "ModelA class: #{model_a.class}"
+puts "ModelB class: #{model_b.class}"
+puts "Same class?: #{model_a.class == model_b.class}"
+
+# Inspect what context would be built
+puts "\nContext analysis:"
+puts "ModelA identifier: #{model_a.identifier}"
+puts "ModelB identifier: #{model_b.identifier}"
+
+# Let's see what happens with the field types
+modelA_api_key_type = nil
+modelB_api_key_type = nil
+
+ModelA.field_types.each do |name, type|
+  if name == :api_key
+    modelA_api_key_type = type
+    break
+  end
+end
+
+ModelB.field_types.each do |name, type|
+  if name == :api_key
+    modelB_api_key_type = type
+    break
+  end
+end
+
+puts "ModelA api_key type: #{modelA_api_key_type}"
+puts "ModelB api_key type: #{modelB_api_key_type}"
+puts "Same type object?: #{modelA_api_key_type.object_id == modelB_api_key_type.object_id}"
+
+# Check what context and AAD would be generated
+if modelA_api_key_type && modelB_api_key_type
+  context_a = "#{model_a.class.name}:api_key:#{model_a.identifier}"
+  context_b = "#{model_b.class.name}:api_key:#{model_b.identifier}"
+
+  puts "\nExpected contexts:"
+  puts "ModelA context: #{context_a}"
+  puts "ModelB context: #{context_b}"
+  puts "Contexts should be different: #{context_a != context_b}"
+
+  # AAD should be identifier when no aad_fields
+  aad_a = model_a.identifier
+  aad_b = model_b.identifier
+
+  puts "\nExpected AADs:"
+  puts "ModelA AAD: #{aad_a}"
+  puts "ModelB AAD: #{aad_b}"
+  puts "AADs are same: #{aad_a == aad_b}"
+end

data/try/debugging/debug_cross_context.rb

@@ -0,0 +1,62 @@
+#!/usr/bin/env ruby
+
+$LOAD_PATH.unshift(File.expand_path('lib', __dir__))
+ENV['TEST'] = 'true'
+require 'familia'
+require_relative 'try/helpers/test_helpers'
+
+puts "Debugging cross-context validation..."
+
+# Setup encryption keys
+test_keys = { v1: Base64.strict_encode64('a' * 32) }
+Familia.config.encryption_keys = test_keys
+Familia.config.current_key_version = :v1
+
+class ModelA < Familia::Horreum
+  feature :encrypted_fields
+  identifier_field :id
+  field :id
+  encrypted_field :api_key
+end
+
+class ModelB < Familia::Horreum
+  feature :encrypted_fields
+  identifier_field :id
+  field :id
+  encrypted_field :api_key
+end
+
+# Clean database
+Familia.dbclient.flushdb
+
+model_a = ModelA.new(id: 'same-id')
+model_b = ModelB.new(id: 'same-id')
+
+model_a.api_key = 'secret-key'
+model_b.api_key = 'secret-key'
+
+cipher_a = model_a.instance_variable_get(:@api_key)
+cipher_b = model_b.instance_variable_get(:@api_key)
+
+puts "cipher_a: #{cipher_a.class} - #{cipher_a.encrypted_value}"
+puts "cipher_b: #{cipher_b.class} - #{cipher_b.encrypted_value}"
+
+# Now try cross-context access
+puts "\n=== Cross-context test ==="
+model_a.instance_variable_set(:@api_key, cipher_b)
+puts "Set cipher_b into model_a"
+
+begin
+  result = model_a.api_key
+  puts "Got result: #{result.class} - should be ConcealedString"
+
+  # Try to reveal it
+  result.reveal do |plaintext|
+    puts "Successfully revealed: #{plaintext}"
+  end
+  puts "ERROR: Cross-context decryption should have failed!"
+rescue Familia::EncryptionError => e
+  puts "SUCCESS: Got expected encryption error: #{e.message}"
+rescue => e
+  puts "Got unexpected error: #{e.class}: #{e.message}"
+end

data/try/debugging/debug_database_load.rb

@@ -0,0 +1,64 @@
+#!/usr/bin/env ruby
+
+$LOAD_PATH.unshift(File.expand_path('lib', __dir__))
+ENV['TEST'] = 'true'  # Mark as test environment
+require 'familia'
+require_relative 'try/helpers/test_helpers'
+
+puts "Testing database load vs in-memory encryption..."
+
+class TestModel < Familia::Horreum
+  feature :encrypted_fields
+  identifier_field :id
+  field :id
+  field :title
+  encrypted_field :secret
+end
+
+test_keys = { v1: Base64.strict_encode64('a' * 32) }
+Familia.config.encryption_keys = test_keys
+Familia.config.current_key_version = :v1
+
+# Clean database
+Familia.dbclient.flushdb
+
+puts "\n=== PHASE 1: In-memory object ==="
+model = TestModel.new(id: 'test1')
+model.title = 'Test Title'
+puts "PRE-ENCRYPT: model.exists? = #{model.exists?}"
+model.secret = 'plaintext-secret'
+
+puts "In-memory secret class: #{model.secret.class}"
+puts "In-memory secret value: #{model.secret}"
+
+model.secret.reveal do |plaintext|
+  puts "In-memory reveal: #{plaintext}"
+end
+
+puts "\n=== PHASE 2: Save to database ==="
+model.save
+
+puts "Keys in database: #{Familia.dbclient.keys('*')}"
+puts "Hash contents: #{Familia.dbclient.hgetall('testmodel:test1:object')}"
+
+raw_secret = Familia.dbclient.hget('testmodel:test1:object', 'secret')
+puts "Raw secret from DB: #{raw_secret}"
+
+puts "\n=== PHASE 3: Load from database ==="
+loaded_model = TestModel.load('test1')
+
+if loaded_model
+  puts "Loaded model exists: #{loaded_model.exists?}"
+  puts "Loaded secret class: #{loaded_model.secret.class}"
+  puts "Loaded secret value: #{loaded_model.secret}"
+
+  begin
+    loaded_model.secret.reveal do |plaintext|
+      puts "Loaded reveal: #{plaintext}"
+    end
+  rescue => e
+    puts "Loaded reveal ERROR: #{e.class}: #{e.message}"
+  end
+else
+  puts "Failed to load model"
+end