icfs 0.1.0 → 0.1.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 9baaf0f9a648c931471f897b8115705720dc5cff6408275821101864cdc9f397
-  data.tar.gz: 8c4c2b8e4cbc2bb7690479537455be38b7e39a5d615d4ce5b0e2769d31ebd9c5
+  metadata.gz: ecd555ee72ea33e646323a37019652a7fb111c4aec34146c92825fbe30fd7ded
+  data.tar.gz: 2c53ec9caf008aa4a6a1f187a7b2d2d4a631d19081ed83c497717f4386facbca
 SHA512:
-  metadata.gz: 21db3f31c1c4c285b6a66ccda41c21c7816b09184bf02443b2a06951e1af84c0320ccd240e82deed200ed45dcf666a84b6676c167189657890a77dff46d2b929
-  data.tar.gz: 0b5a75bb922177b8e0e53bc0a3f6478fd7379f28f129ec9ba16e59f88875fb1ac4815efed70531daa984cac47cd775e215b763ad930c5b39edc02756fa7d21c7
+  metadata.gz: 5ae5fc9857d14845419257717150815b3deb7ae55e17d72e0990928916c0561dbe6c56e99bdaa4a74c3d8d92b99ead2b3f3bfcb9b34190de0dd1ac12c3d56e32
+  data.tar.gz: 4d98034fe142019aaed7cd7208fa6d8841942361755e58eb49fa04dbfd6b678aeea44299800ed8536088b7e5addcaa4ccc68adb94c39e63f60ded95d7bccf263

data/bin/icfs_demo_check.rb

@@ -0,0 +1,29 @@
+#!/usr/bin/env ruby
+#
+# Investigative Case File System
+#
+# Copyright 2019 by Graham A. Field
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 3.
+#
+# This program is distributed WITHOUT ANY WARRANTY; without even the
+# implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+
+require 'yaml'
+require 'logger'
+
+require_relative '../lib/icfs'
+require_relative '../lib/icfs/utils/check'
+require_relative '../lib/icfs/store_fs'
+
+# load the config file
+cfg = YAML.load_file(ARGV[0])
+
+# objects
+store = ICFS::StoreFs.new(cfg['store']['dir'])
+log = Logger.new(STDOUT, level: Logger::INFO)
+check = ICFS::Utils::Check.new(store, log)
+
+# check
+check.check(ARGV[1], ARGV[2].to_i, nil, {hash_all: true})

data/data/docker/build-web.sh

@@ -0,0 +1,27 @@
+#!/bin/bash
+#
+# Investigative Case File System
+#
+# Copyright 2019 by Graham A. Field
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 3.
+#
+# This program is distributed WITHOUT ANY WARRANTY; without even the
+# implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+
+# make certs
+../../bin/icfs_demo_ssl_gen.rb
+
+# copy static content
+mkdir web
+mkdir web/static
+mkdir web/static/static
+cp ../icfs.css web/static/static/
+cp ../icfs.js web/static/static/
+
+# config files
+mkdir web/config
+mv ca_cert.pem web/config/
+mv srv_cert.pem web/config/
+mv srv_key.pem web/config/

data/data/docker/compose-demo.yml

@@ -0,0 +1,41 @@
+#
+# Investigative Case File System
+#
+# Copyright 2019 by Graham A. Field
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 3.
+#
+# This program is distributed WITHOUT ANY WARRANTY; without even the
+# implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+
+version: '3'
+
+services:
+
+  icfs-web:
+    image: nginx:alpine
+    ports:
+      - "443:443"
+    volumes:
+      - ./nginx.conf:/etc/nginx/nginx.conf:ro
+      - ./web:/usr/share/icfs:ro
+
+  icfs-app:
+    image: icfs-ruby
+    volumes:
+      - icfs-app:/var/lib/icfs
+      - ./icfs-app.rb:/usr/local/bin/icfs
+      - ./icfs-cfg.yml:/etc/icfs.yml
+    command: ["/usr/local/bin/icfs"]
+
+  icfs-elastic:
+    image: docker.elastic.co/elasticsearch/elasticsearch:6.7.2
+    environment:
+      - discovery.type=single-node
+    volumes:
+      - icfs-es:/usr/share/elasticsearch/data
+
+volumes:
+  icfs-app:
+  icfs-es:

data/data/docker/compose-init.yml

@@ -0,0 +1,32 @@
+#
+# Investigative Case File System
+#
+# Copyright 2019 by Graham A. Field
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 3.
+#
+# This program is distributed WITHOUT ANY WARRANTY; without even the
+# implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+
+version: '3'
+
+services:
+  icfs-init:
+    image: icfs-ruby
+    volumes:
+      - ./icfs-init.rb:/usr/local/bin/icfs
+      - ./icfs-cfg.yml:/etc/icfs.yml
+      - icfs-app:/var/lib/icfs
+    command: ["/usr/local/bin/icfs"]
+
+  icfs-elastic:
+    image: docker.elastic.co/elasticsearch/elasticsearch:6.7.2
+    environment:
+      - discovery.type=single-node
+    volumes:
+      - icfs-es:/usr/share/elasticsearch/data
+
+volumes:
+  icfs-app:
+  icfs-es:

data/data/docker/icfs-app.rb

@@ -0,0 +1,50 @@
+#!/usr/bin/env ruby
+#
+# Investigative Case File System
+#
+# Copyright 2019 by Graham A. Field
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 3.
+#
+# This program is distributed WITHOUT ANY WARRANTY; without even the
+# implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+
+require 'faraday'
+require 'rack'
+require 'yaml'
+
+require 'icfs'
+require 'icfs/cache_elastic'
+require 'icfs/store_fs'
+require 'icfs/users_fs'
+require 'icfs/web/client'
+require 'icfs/web/auth_ssl'
+require 'icfs/demo/timezone'
+
+
+# load the config file
+cfg = YAML.load_file('/etc/icfs.yml')
+map = {}
+cfg['cache']['map'].each{|key, val| map[key.to_sym] = val }
+
+es = Faraday.new(cfg['elastic']['base'])
+cache = ICFS::CacheElastic.new(map, es)
+store = ICFS::StoreFs.new(cfg['store']['dir'])
+users = ICFS::UsersFs.new(cfg['users']['dir'])
+api = ICFS::Api.new([], users, cache, store)
+web = ICFS::Web::Client.new(cfg['web']['css'], cfg['web']['script'])
+
+user_map = {
+  'CN=client 1,OU=Test Client,OU=example,OU=org' => 'user1',
+  'CN=client 2,OU=Test Client,OU=example,OU=org' => 'user2',
+  'CN=client 3,OU=Test Client,OU=example,OU=org' => 'user3'
+}
+
+app = Rack::Builder.new do
+  use(ICFS::Web::AuthSsl, user_map, api)
+  use(ICFS::Demo::Timezone, cfg['web']['tz'])
+  run web
+end
+
+Rack::Handler::FastCGI.run(app, {Host: '0.0.0.0', Port: 9000})

data/data/docker/icfs-cfg.yml

@@ -0,0 +1,88 @@
+#
+# Investigative Case File System
+#
+# Copyright 2019 by Graham A. Field
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 3.
+#
+# This program is distributed WITHOUT ANY WARRANTY; without even the
+# implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+
+sleep: 15.0
+
+cache:
+  map:
+    entry: entry
+    case: case
+    action: action
+    index: index
+    log: log
+    lock: lock
+    current: current
+
+elastic:
+  base: "http://icfs-elastic:9200"
+
+store:
+  dir: /var/lib/icfs/store
+
+users:
+  dir: /var/lib/icfs/users
+
+web:
+  css: "/static/icfs.css"
+  script: "/static/icfs.js"
+  tz: "-04:00"
+
+init:
+  user: user1
+  urg:
+    - name: role1
+      type: role
+
+    - name: role2
+      type: role
+
+    - name: role3
+      type: role
+
+    - name: group1
+      type: group
+
+    - name: group2
+      type: group
+
+    - name: user1
+      type: user
+      roles:
+        - role2
+        - role3
+      groups:
+        - group2
+      perms:
+        - "{perm_a}"
+        - "{perm_b}"
+
+    - name: user2
+      type: user
+      roles:
+        - role1
+        - role2
+      groups:
+        - group1
+      perms:
+        - "{perm_b}"
+
+  templates:
+    - caseid: template1
+      template: "New Template"
+      access:
+        - perm: "[manage]"
+          grant:
+            - user1
+        - perm: "[write]"
+          grant:
+            - group1
+      entry: "Create new template"
+      content: "New template being created"

data/data/docker/icfs-init.rb

@@ -0,0 +1,75 @@
+#!/usr/bin/env ruby
+#
+# Investigative Case File System
+#
+# Copyright 2019 by Graham A. Field
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 3.
+#
+# This program is distributed WITHOUT ANY WARRANTY; without even the
+# implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+
+require 'faraday'
+require 'rack'
+require 'yaml'
+require 'fileutils'
+
+require 'icfs'
+require 'icfs/cache_elastic'
+require 'icfs/store_fs'
+require 'icfs/users_fs'
+
+
+# load the config file
+cfg = YAML.load_file('/etc/icfs.yml')
+map = {}
+cfg['cache']['map'].each{|key, val| map[key.to_sym] = val }
+
+# sleep to allow elasticsearch to come up
+if cfg['sleep']
+  puts 'sleeping: %f' % cfg['sleep']
+  sleep(cfg['sleep'])
+end
+
+es = Faraday.new(cfg['elastic']['base'])
+cache = ICFS::CacheElastic.new(map, es)
+store = ICFS::StoreFs.new(cfg['store']['dir'])
+users = ICFS::UsersFs.new(cfg['users']['dir'])
+api = ICFS::Api.new([], users, cache, store)
+
+# create store and users
+FileUtils.mkdir(cfg['store']['dir'])
+puts "Created store directory: %s" % cfg['store']['dir']
+FileUtils.mkdir(cfg['users']['dir'])
+puts "Created users directory: %s" % cfg['users']['dir']
+
+# add the users
+cfg['init']['urg'].each do |usr|
+  users.write(usr)
+  puts "Added user/role/group: %s" % usr['name']
+end
+
+# create the indexes
+cache.create(ICFS::CacheElastic::Maps)
+puts "Indexes created"
+
+# set initial user
+api.user = cfg['init']['user']
+
+# add the templates
+cfg['init']['templates'].each do |tmpl|
+  tp = {
+    'template' => true,
+    'status' => true,
+    'title' => tmpl['template'],
+    'access' => tmpl['access'],
+  }
+  ent = {
+    'caseid' => tmpl['caseid'],
+    'title' => tmpl['entry'],
+    'content' => tmpl['content']
+  }
+  api.case_create(ent, tp)
+  puts "Created template: %s" % tmpl['caseid']
+end

data/data/docker/icfs-ruby/Dockerfile

@@ -0,0 +1,22 @@
+#
+# Investigative Case File System
+#
+# Copyright 2019 by Graham A. Field
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 3.
+#
+# This program is distributed WITHOUT ANY WARRANTY; without even the
+# implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+FROM alpine
+
+RUN apk update && apk upgrade && \
+    apk add ruby fcgi ruby-json tzdata && \
+    apk --update add --virtual build-deps ruby-dev build-base fcgi-dev && \
+    gem install -N rack faraday fcgi && \
+    apk del build-deps && \
+    rm -rf /var/cache/apk/*
+
+COPY ./icfs-0.1.1.gem /icfs.gem
+
+RUN gem install -N --local /icfs.gem && rm /icfs.gem

data/data/docker/icfs-ruby/build.sh

@@ -0,0 +1,14 @@
+#!/bin/bash
+#
+# Investigative Case File System
+#
+# Copyright 2019 by Graham A. Field
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 3.
+#
+# This program is distributed WITHOUT ANY WARRANTY; without even the
+# implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+
+cp ../../../icfs-0.1.1.gem .
+docker build -t icfs-ruby .

data/data/docker/nginx.conf

@@ -0,0 +1,68 @@
+#
+# Investigative Case File System
+#
+# Copyright 2019 by Graham A. Field
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 3.
+#
+# This program is distributed WITHOUT ANY WARRANTY; without even the
+# implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+
+user  nginx;
+worker_processes  1;
+
+error_log  /var/log/nginx/error.log warn;
+pid        /var/run/nginx.pid;
+
+
+events {
+    worker_connections  1024;
+}
+
+
+http {
+    include       /etc/nginx/mime.types;
+    default_type  application/octet-stream;
+
+    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
+                      '$status $body_bytes_sent "$http_referer" '
+                      '"$http_user_agent" "$http_x_forwarded_for"';
+
+    access_log  /var/log/nginx/access.log  main;
+
+    sendfile        on;
+    #tcp_nopush     on;
+
+    keepalive_timeout  65;
+
+    #gzip  on;
+
+    server {
+      listen 443 ssl http2;
+      server_name localhost;
+
+      ssl_certificate /usr/share/icfs/config/srv_cert.pem;
+      ssl_certificate_key /usr/share/icfs/config/srv_key.pem;
+      ssl_client_certificate /usr/share/icfs/config/ca_cert.pem;
+      ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:ECDHE-RSA-RC4-SHA:ECDHE-ECDSA-RC4-SHA:RC4-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!3DES:!MD5:!PSK';
+
+      ssl_protocols TLSv1.1 TLSv1.2;
+      ssl_verify_client on;
+
+      location /static/ {
+        root /usr/share/icfs/static;
+      }
+
+      location /icfs/ {
+        fastcgi_split_path_info ^(/icfs)(.*)$;
+        include /etc/nginx/fastcgi.conf;
+        fastcgi_param SSL_CLIENT_VERIFY $ssl_client_verify;
+        fastcgi_param SSL_CLIENT_S_DN $ssl_client_s_dn;
+        fastcgi_param PATH_INFO $fastcgi_path_info;
+
+        fastcgi_pass icfs-app:9000;
+      }
+
+    }
+}