icfs 0.1.0

data/lib/icfs/users.rb

@@ -0,0 +1,80 @@
+#
+# Investigative Case File System
+#
+# Copyright 2019 by Graham A. Field
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 3.
+#
+# This program is distributed WITHOUT ANY WARRANTY; without even the
+# implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+
+require 'set'
+
+module ICFS
+
+##########################################################################
+# User, Role, Group, and Global Perms
+#
+#
+# @abstract
+#
+class Users
+
+  ###############################################
+  # Validate a user
+  #
+  ValUser = {
+    method: :hash,
+    required: {
+      'name' => Items::FieldUsergrp,
+      'type' => {
+        method: :string,
+        allowed: Set[
+          'user'.freeze,
+          'role'.freeze,
+          'group'.freeze,
+        ].freeze
+      }.freeze
+    }.freeze,
+    optional: {
+      'roles' => {
+        method: :array,
+        check: Items::FieldUsergrp,
+        uniq: true
+      }.freeze,
+      'groups' => {
+        method: :array,
+        check: Items::FieldUsergrp,
+        uniq: true
+      }.freeze,
+      'perms' => {
+        method: :array,
+        check: Items::FieldPermGlobal,
+        uniq: true
+      }.freeze
+    }.freeze
+  }.freeze
+
+
+  ###############################################
+  # Read a user/role/group
+  #
+  # @param urg [String] User/Role/Group name
+  # @return [Hash] Will include :type and, if a user :roles, :groups, :perms
+  #
+  def read(urg); raise NotImplementedError; end
+
+
+  ###############################################
+  # Write a user/role/group
+  #
+  # @param obj [Hash] Will include :name, :type, and if a user
+  #    :roles, :groups, :perms
+  #
+  def write(obj); raise NotImplementedError; end
+
+
+end # class ICFS::Users
+
+end # module ICFS

data/lib/icfs/users_elastic.rb

@@ -0,0 +1,166 @@
+#
+# Investigative Case File System
+#
+# Copyright 2019 by Graham A. Field
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 3.
+#
+# This program is distributed WITHOUT ANY WARRANTY; without even the
+# implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+
+require 'set'
+require_relative 'elastic'
+
+module ICFS
+
+##########################################################################
+# Implements {ICFS::Users Users} using Elasticsearch to cache
+# details from another {ICFS::Users Users} instance.
+#
+class UsersElastic < Users
+
+  include Elastic
+
+  private
+
+  ###############################################
+  # The ES mappings for the indexes
+  #
+  Maps = {
+    :users => '{
+  "mappings": { "_doc": { "properties": {
+    "name": { "type": "text" },
+    "type": { "type": "keyword" },
+    "roles": { "type": "keyword" },
+    "groups": { "type": "keyword" },
+    "perms": { "type": "keyword" },
+    "first": { "enabled": false },
+    "last": { "type": "date", "format": "epoch_second" },
+    "active": { "type": "boolean" }
+  }}}
+}'.freeze,
+  }.freeze
+
+  public
+
+  ###############################################
+  # New instance
+  #
+  # @param map [Hash] Symbol to String of the indexes.
+  #    Must provide :user
+  # @param es [Faraday] Faraday instance to the Elasticsearch cluster
+  # @param src [Users] Source of authoritative information
+  # @param exp [Integer] Maximum time to cache a response
+  #
+  def initialize(map, es, src, exp=3600)
+    @map = map
+    @es = es
+    @src = src
+    @exp = exp
+  end
+
+
+  ###############################################
+  # Validate a user
+  #
+  ValUserCache = {
+    method: :hash,
+    required: {
+      'name' => Items::FieldUsergrp,
+      'type' => {
+        method: :string,
+        allowed: Set[
+          'user'.freeze,
+          'role'.freeze,
+          'group'.freeze,
+        ].freeze
+      }.freeze,
+      'first' => Validate::IsIntPos,
+      'last' => Validate::IsIntPos,
+      'active' => Validate::IsBoolean,
+    }.freeze,
+    optional: {
+      'roles' => {
+        method: :array,
+        check: Items::FieldUsergrp,
+        uniq: true
+      }.freeze,
+      'groups' => {
+        method: :array,
+        check: Items::FieldUsergrp,
+        uniq: true
+      }.freeze,
+      'perms' => {
+        method: :array,
+        check: Items::FieldPermGlobal,
+        uniq: true
+      }.freeze
+    }.freeze
+  }.freeze
+
+
+  ###############################################
+  # (see Users#read)
+  #
+  def read(urg)
+    json = _read(:users, urg)
+    now = Time.now.to_i
+
+    # not in the cache
+    if !json
+
+      # read from source
+      obj = @src.read(urg)
+      return nil if !obj
+
+      # first time
+      obj['first'] = now
+      obj['last'] = now
+      obj['active'] = true
+
+      # store in cache
+      json = Validate.generate(obj, 'User/Role/Group'.freeze, ValUserCache)
+      _write(:users, urg, json)
+
+    # use cached version
+    else
+      obj = Validate.parse(json, 'User/Role/Group'.freeze, ValUserCache)
+    end
+
+    # expired
+    if (obj['last'] + @exp) < now
+
+      # read from source
+      obj2 = @src.read(urg)
+
+      # update
+      if obj2
+        obj['active'] = true
+        obj['roles'] = obj2['roles']
+        obj['groups'] = obj2['groups']
+        obj['perms'] = obj2['perms']
+      else
+        obj['active'] = false
+      end
+      obj['last'] = now
+
+      # and store in cache
+      json = Validate.generate(obj, 'User/Role/Group'.freeze, ValUserCache)
+      _write(:users, urg, json)
+    end
+
+    # not active
+    return nil unless obj['active']
+
+    # clean out cached info
+    obj.delete('first'.freeze)
+    obj.delete('last'.freeze)
+    obj.delete('active'.freeze)
+
+    return obj
+  end # def read()
+
+end # class ICFS::Users
+
+end # module ICFS

data/lib/icfs/users_fs.rb

@@ -0,0 +1,132 @@
+#
+# Investigative Case File System
+#
+# Copyright 2019 by Graham A. Field
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 3.
+#
+# This program is distributed WITHOUT ANY WARRANTY; without even the
+# implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+
+require 'tempfile'
+require 'fileutils'
+require 'set'
+
+module ICFS
+
+##########################################################################
+# Implements {ICFS::Users Users} from a file system
+#
+class UsersFs < Users
+
+  private
+
+  ###############################################
+  # read a raw file
+  def _read(fn)
+    json = File.read(File.join(@path, fn + '.json'.freeze))
+    obj = Validate.parse(json, 'User/Role/Group'.freeze, Users::ValUser)
+    if obj['name'] != fn
+      raise(Error::Values, 'UsersFs user %s name mismatch'.freeze % fn)
+    end
+    return obj
+  end # _read
+
+
+  public
+
+
+  ###############################################
+  # New instance
+  #
+  # @param path [String] Base directory
+  #
+  def initialize(path)
+    @path = path.dup
+  end
+
+
+  ###############################################
+  # (see Users#read)
+  #
+  def read(urg)
+    Validate.validate(urg, 'User/Role/Group'.freeze, Items::FieldUsergrp)
+
+    # get the base user
+    usr = _read(urg)
+    return usr if usr['type'] != 'user'.freeze
+
+    # assemble
+    type = usr['type']
+    done_s = Set.new.add(urg)
+    ary = []
+    roles_s = Set.new
+    if usr['roles']
+      ary.concat usr['roles']
+      roles_s.merge usr['roles']
+    end
+    grps_s = Set.new
+    if usr['groups']
+      ary.concat usr['groups']
+      grps_s.merge usr['groups']
+    end
+    perms_s = Set.new
+    if usr['perms']
+      perms_s.merge usr['perms']
+    end
+
+    # roles & groups
+    while itm = ary.shift
+      next if done_s.include?(itm)
+      done_s.add(itm)
+
+      usr = _read(itm)
+      if usr['roles']
+        ary.concat usr['roles']
+        roles_s.merge usr['roles']
+      end
+      if usr['groups']
+        ary.concat usr['groups']
+        grps_s.merge usr['groups']
+      end
+      if usr['perms']
+        perms_s.merge usr['perms']
+      end
+    end
+
+    # assemble final
+    return {
+      'name' => urg.dup,
+      'type' => type,
+      'roles' => roles_s.to_a,
+      'groups' => grps_s.to_a,
+      'perms' => perms_s.to_a,
+    }
+
+  rescue Errno::ENOENT
+    return nil
+  end # def read()
+
+
+  ###############################################
+  # (see Users#write)
+  #
+  def write(obj)
+    Validate.validate(obj, 'User/Role/Group'.freeze, Users::ValUser)
+    json = JSON.pretty_generate(obj)
+
+    # write to temp file
+    tmp = Tempfile.new('_tmp'.freeze, @path, :encoding => 'ascii-8bit'.freeze)
+    tmp.write(json)
+    tmp.close
+
+    # move
+    FileUtils.mv(tmp.path, File.join(@path, obj['name'] + '.json'.freeze))
+    tmp.unlink
+  end # def write()
+
+
+end # class ICFS::UsersFs
+
+end # module ICFS

data/lib/icfs/validate.rb

@@ -0,0 +1,479 @@
+#
+# Investigative Case File System
+#
+# Copyright 2019 by Graham A. Field
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 3.
+#
+# This program is distributed WITHOUT ANY WARRANTY; without even the
+# implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+
+require 'set'
+require 'json'
+require 'tempfile'
+
+module ICFS
+
+##########################################################################
+# Object validation
+#
+# @todo Move .parse and .generate to items or ICFS
+# @todo Remove all use of Error module
+#
+module Validate
+
+
+  ###############################################
+  # Parse JSON string and validate
+  #
+  # @param json [String] the JSON to parse
+  # @param name [String] description of the item
+  # @param val [Hash] the check to use
+  # @return [Object] the item
+  #
+  # @raise [Error::NotFound] if json is nil
+  # @raise [Error::Value] if parsing or validation fails
+  #
+  def self.parse(json, name, val)
+    if json.nil?
+      raise(Error::NotFound, '%s not found'.freeze % name)
+    end
+    begin
+      itm = JSON.parse(json)
+    rescue
+      raise(Error::Value, 'JSON parsing failed'.freeze)
+    end
+    Validate.validate(itm, name, val)
+    return itm
+  end # def self.parse()
+
+
+  ###############################################
+  # Validate and generate JSON
+  #
+  # @param itm [Object] item to validate
+  # @param name [String] description of the item
+  # @param val [Hash] the check to use
+  # @return [String] JSON encoded item
+  #
+  # @raise [Error::Value] if validation fails
+  #
+  def self.generate(itm, name, val)
+    Validate.validate(itm, name, val)
+    return JSON.pretty_generate(itm)
+  end # def self.generate()
+
+
+  ###############################################
+  # Validate an object
+  #
+  # @param obj [Object] object to validate
+  # @param name [String] description of the object
+  # @param val [Hash] the check to use
+  #
+  # @raise [Error::Value] if validation fails
+  #
+  def self.validate(obj, name, val)
+    err = Validate.check(obj, val)
+    if err
+      raise(Error::Value, '%s has bad values: %s'.freeze %
+        [name, err.inspect])
+    end
+  end
+
+
+  ###############################################
+  # check an object
+  #
+  # @param obj [Object] object to validate
+  # @param val [Hash] the check to use
+  # @return [Object] error description
+  #
+  def self.check(obj, val)
+    if val.key?(:object)
+      err = val[:object].send(val[:method], obj, val)
+    else
+      err = Validate.send(val[:method], obj, val)
+    end
+    return err
+  end # def self.check()
+
+
+  ##############################################################
+  # Check Methods
+  ##############################################################
+
+
+  ###############################################
+  # check that any one validation is good
+  #
+  # @param obj [Object] object to validate
+  # @param val [Hash] options
+  # @option val [Array<Hash>] :check validations to check
+  # @return [Array,NilClass] error descriptions
+  #
+  def self.any(obj, val)
+    return nil unless val[:check].is_a?(Array)
+
+    errors = []
+
+    val[:check].each do |chk|
+      err = Validate.check(obj, chk)
+      return nil if err.nil?
+      errors << err
+    end
+
+    return errors
+  end # def self.any()
+
+
+  ###############################################
+  # check that all the validations are good
+  #
+  # @param obj [Object] object to validate
+  # @param val [Hash] options
+  # @option val [Array<Hash>] :check validations to check
+  # @option val [Boolean] :all Always check all the validations
+  # @return [Array, NilClass] error descriptions
+  #
+  def self.all(obj, val)
+    return nil unless val[:check].is_a?(Array)
+
+    errors = []
+    bad = false
+
+    val[:check].each do |check|
+      err = Validate.check(obj, check)
+      if err
+        errors << err
+        bad = true
+        break unless val[:all]
+      else
+        errors << nil
+      end
+    end
+
+    return bad ? errors : nil
+  end # def self.all()
+
+
+  ###############################################
+  # Check for an exact value
+  #
+  # @param obj [Object] object to validate
+  # @param val [Hash] options
+  # @option val [Integer] :check Value to compare
+  # @return [String,NilClass] error descriptions
+  #
+  def self.equals(obj, val)
+    if val[:check] == obj
+      return nil
+    else
+      return 'not equal'.freeze
+    end
+  end # def self.equals()
+
+
+  ###############################################
+  # check an integer
+  #
+  # @param obj [Object] object to validate
+  # @param val [Hash] options
+  # @option val [Integer] :min Minimum value
+  # @option val [Integer] :max Maximum value
+  # @return [String,NilClass] error descriptions
+  #
+  #
+  def self.integer(obj, val)
+    return 'not an Integer'.freeze unless obj.is_a?(Integer)
+
+    if val[:min] && obj < val[:min]
+      return 'too small: %d < %d'.freeze % [obj, val[:min]]
+    end
+
+    if val[:max] && obj > val[:max]
+      return 'too large: %d > %d '.freeze % [obj, val[:max]]
+    end
+
+    return nil
+  end # def self.integer()
+
+
+  ###############################################
+  # check a float
+  #
+  # @param obj [Object] object to validate
+  # @param val [Hash] options
+  # @option val [Float] :min Minimum value
+  # @option val [Float] :max Maximum value
+  # @return [String,NilClass] error descriptions
+  #
+  def self.float(obj, val)
+    return 'not a Float'.freeze unless obj.is_a?(Float)
+
+    if val[:min] && obj < val[:min]
+      return 'too small: %f < %f'.freeze % [obj, val[:min]]
+    end
+
+    if val[:max] && obj > val[:max]
+      return 'too large: %f > %f'.freeze % [obj, val[:max]]
+    end
+
+    return nil
+  end # def self.float()
+
+
+  ###############################################
+  # check for a type
+  #
+  # @param obj [Object] object to validate
+  # @param val [Hash] options
+  # @option val [Class,Array] :type The class or module to check
+  # @return [String,NilClass] error descriptions
+  #
+  def self.type(obj, val)
+    if val[:type]
+      if val[:type].is_a?(Array)
+        val[:type].each{|cl| return nil if obj.is_a?(cl) }
+        return 'not a listed type'.freeze
+      else
+        if !obj.is_a?(val[:type])
+          return 'not a %s'.freeze % val[:type].name
+        end
+      end
+    end
+    return nil
+  end # def self.type
+
+
+  ###############################################
+  # check a string
+  #
+  # @param obj [Object] object to validate
+  # @param val [Hash] options
+  # @option val [#include?] :allowed Value which is always okay
+  # @option val [#match] :valid check for okay value
+  # @option val [Boolean] :whitelist Must be valid or allowed
+  # @option val [#match] :invalid check for bad values
+  # @option val [Integer] :min Minimum length
+  # @option val [Integer] :max Maximum length
+  # @return [Hash,NilClass] error descriptions
+  #
+  def self.string(obj, val)
+
+    # type
+    return 'not a String'.freeze unless obj.is_a?(String)
+
+    errors = {}
+
+    # good values
+    if (val[:allowed] && val[:allowed].include?(obj)) ||
+       (val[:valid] && val[:valid].match(obj))
+      return nil
+    end
+
+    # if whitelisting
+    if val[:whitelist]
+      errors[:whitelist] = 'Value was not whitelisted'.freeze
+    end
+
+    # min length
+    if val[:min] && obj.size < val[:min]
+      errors[:min] = 'too short: %d < %d' % [obj.size, val[:min]]
+    end
+
+    # max length
+    if val[:max] && obj.size > val[:max]
+      errors[:max] = 'too long: %d > %d' % [obj.size, val[:max]]
+    end
+
+    # invalid
+    if val[:invalid] && val[:invalid].match(obj)
+      errors[:invalid] = true
+    end
+
+    return errors.empty? ? nil : errors
+  end # def self.string()
+
+
+  ###############################################
+  # check an array
+  #
+  # @param obj [Object] object to validate
+  # @param val [Hash] options
+  # @option val [Integer] :min Minimum length
+  # @option val [Integer] :max Maximum length
+  # @option val [TrueClass] :uniq Require all members to be unique
+  # @option val [Hash,Array] :check Validations for members of the array.
+  #    If a Hash is provided, all members will be checked against it.
+  #    If an Array is provided, they will be checked in order.
+  # @return [Hash,NilClass] error descriptions
+  #
+  def self.array(obj, val)
+
+    # type
+    return 'not an Array'.freeze unless obj.is_a?(Array)
+
+    errors = {}
+
+    # min size
+    if val[:min] && obj.size < val[:min]
+      errors[:min] = true
+    end
+
+    # max size
+    if val[:max] && obj.size > val[:max]
+      errors[:max] = true
+    end
+
+    # all members uniq
+    if val[:uniq] && obj.size != obj.uniq.size
+      errors[:uniq] = true
+    end
+
+    # single check, all items of the array
+    if val[:check].is_a?(Hash)
+      check = val[:check]
+
+      # each value
+      obj.each_index do |ix|
+        if val[ix]
+          err = Validate.check(obj[ix], val[ix])
+        else
+          err = Validate.check(obj[ix], check)
+        end
+        errors[ix] = err if err
+      end
+
+    # an array of checks
+    elsif val[:check].is_a?(Array)
+      cka = val[:check]
+      cs = cka.size
+
+      # each value
+      obj.each_index do |ix|
+        if val[ix]
+          err = Validate.check(obj[ix], val[ix])
+        else
+          err = Validate.check(obj[ix], cka[ix % cs])
+        end
+        errors[ix] = err if err
+      end
+    end
+
+    return errors.empty? ? nil : errors
+  end # def self.array()
+
+
+  ###############################################
+  # check a hash
+  #
+  # @param obj [Object] object to validate
+  # @param val [Hash] options
+  # @option val [Hash] :required Keys which must be present and their checks
+  # @option val [Hash] :optional Keys which may be present and their checks
+  # @option val [TrueClass] :others Allow other keys
+  # @return [Hash,NilClass] error descriptions
+  #
+  def self.hash(obj, val)
+
+    # type
+    return 'not a Hash'.freeze unless obj.is_a?(Hash)
+
+    ary = obj.to_a
+    chk = Array.new(ary.size)
+    errors = {}
+
+    # check all required keys
+    if val[:required]
+      val[:required].each do |key, check|
+
+        # find the index
+        ix = ary.index{|ok, ov| ok == key }
+
+        # missing required key
+        if ix.nil?
+          errors[key] = 'missing'.freeze
+          next
+        end
+
+        # check it
+        err = Validate.check(ary[ix][1], check)
+        errors[key] = err if err
+        chk[ix] = true
+      end
+    end
+
+    # check all optional keys
+    if val[:optional]
+      val[:optional].each do |key, check|
+
+        # find the index
+        ix = ary.index{|ok, ov| ok == key }
+        next if ix.nil?
+
+        # do the check
+        err = Validate.check(ary[ix][1], check)
+        errors[key] = err if err
+        chk[ix] = true
+      end
+    end
+
+    # make sure we have validated all keys
+    if !val[:others]
+      chk.each_index do |ix|
+        next if chk[ix]
+        errors[ary[ix][0]] = 'not allowed'.freeze
+      end
+    end
+
+    # do we have any errors?
+    return errors.empty? ? nil : errors
+
+  end # def self.hash()
+
+
+  ##############################################################
+  # Common checks
+  ##############################################################
+
+
+  # Boolean
+  IsBoolean = {
+    method: :type,
+    type: [ TrueClass, FalseClass ].freeze,
+  }.freeze
+
+
+  # Tempfile
+  IsTempfile = {
+    method: :type,
+    type: Tempfile,
+  }.freeze
+
+
+  # Float
+  IsFloat = {
+    method: :type,
+    type: [ Float ].freeze
+  }.freeze
+
+
+  # Positive Integer
+  IsIntPos = {
+    method: :integer,
+    min: 1
+  }.freeze
+
+
+  # Unsigned Integer
+  IsIntUns = {
+    method: :integer,
+    min: 0
+  }.freeze
+
+
+end # module ICFS::Validate
+
+end # module ICFS