kstor 0.4.3 → 0.5.0

data/lib/kstor/controller/secret.rb

@@ -3,6 +3,7 @@
 require 'kstor/store'
 require 'kstor/model'
 require 'kstor/crypto'
+require 'kstor/controller/base'
 
 module KStor
   class SecretNotFound < Error
@@ -12,79 +13,70 @@ module KStor
 
   module Controller
     # Handle secret-related requests.
-    class Secret
-      def initialize(store)
-        @store = store
-      end
-
-      def handle_request(user, req)
-        case req.type
-        when 'secret-create' then handle_create(user, req)
-        when 'secret-search' then handle_search(user, req)
-        when 'secret-unlock' then handle_unlock(user, req)
-        when 'secret-update-meta' then handle_update_meta(user, req)
-        when 'secret-update-value' then handle_update_value(user, req)
-        when 'secret-delete' then handle_delete(user, req)
-        else
-          raise Error.for_code('REQ/UNKNOWN', req.type)
-        end
-      end
+    class Secret < Base
+      request_type Message::SecretCreate
+      request_type Message::SecretSearch
+      request_type Message::SecretUnlock
+      request_type Message::SecretUpdateMeta
+      request_type Message::SecretUpdateValue
+      request_type Message::SecretDelete
+
+      response_type Message::SecretCreated
+      response_type Message::SecretList
+      response_type Message::SecretValue
+      response_type Message::SecretUpdated
+      response_type Message::SecretDeleted
 
       private
 
-      def handle_create(user, req)
-        meta = Model::SecretMeta.new(**req.args['meta'])
-        secret_groups = req.args['group_ids'].map { |gid| groups[gid.to_i] }
-        secret_id = create(
-          user, req.args['plaintext'], secret_groups, meta
-        )
-        Response.new('secret.created', 'secret_id' => secret_id)
-      end
-
-      def handle_search(user, req)
-        secrets = search(user, Model::SecretMeta.new(**req.args))
-        args = secrets.map do |s|
-          h = s.to_h
-          h.delete('group_id')
-          h
+      def handle_secret_create(user, req)
+        meta = Model::SecretMeta.new(**req.meta)
+        secret_groups = req.group_ids.map do |gid|
+          @store.groups[gid.to_i]
         end
-        Response.new(
-          'secret.list',
-          'secrets' => args
-        )
+        args = {
+          'secret_id' => create(user, req.plaintext, secret_groups, meta)
+        }
+        [Message::SecretCreated, args]
       end
 
-      def handle_unlock(user, req)
-        secret_id = req.args['secret_id']
-        secret = unlock(user, secret_id)
+      def handle_secret_search(user, req)
+        Log.debug("secretcontroller#handle_secret_search: #{req.args.inspect}")
+        secrets = search(user, Model::SecretMeta.new(**req.meta))
+        args = { 'secrets' => secrets.map { |s| s.to_h.except('group_id') } }
+        [Message::SecretList, args]
+      end
+
+      def handle_secret_unlock(user, req)
+        secret = unlock(user, req.secret_id)
         args = unlock_format(secret)
 
-        Response.new('secret.value', **args)
+        [Message::SecretValue, args]
       end
 
-      def handle_update_meta(user, req)
-        meta = Model::SecretMeta.new(req.args['meta'])
+      def handle_secret_update_meta(user, req)
+        meta = Model::SecretMeta.new(req.meta)
         Log.debug("secret#handle_update_meta: meta=#{meta.to_h.inspect}")
-        update_meta(user, req.args['secret_id'], meta)
-        Response.new('secret.updated', 'secret_id' => req.args['secret_id'])
+        update_meta(user, req.secret_id, meta)
+        [Message::SecretUpdated, { 'secret_id' => req.secret_id }]
       end
 
-      def handle_update_value(user, req)
-        update_value(user, req.args['secret_id'], req.args['plaintext'])
-        Response.new('secret.updated', 'secret_id' => req.args['secret_id'])
+      def handle_secret_update_value(user, req)
+        update_value(user, req.secret_id, req.plaintext)
+        [Message::SecretUpdated, { 'secret_id' => req.secret_id }]
       end
 
-      def handle_delete(user, req)
-        delete(user, req.args['secret_id'])
-        Response.new('secret.deleted', 'secret_id' => req.args['secret_id'])
+      def handle_secret_delete(user, req)
+        delete(user, req.secret_id)
+        [Message::SecretDeleted, { 'secret_id' => req.secret_id }]
       end
 
       def users
-        @users ||= @store.users
+        @store.users
       end
 
       def groups
-        @groups ||= @store.groups
+        @store.groups
       end
 
       # in: metadata wildcards
@@ -106,13 +98,13 @@ module KStor
       # needs: private key of one common group between user and secret
       # out: plaintext
       def unlock(user, secret_id)
-        secret = @store.secret_fetch(secret_id, user.id)
+        secret = secret_fetch(secret_id, user.id)
         group_privk = user.keychain[secret.group_id].privk
 
-        value_author = users[secret.value_author_id]
+        value_author = @store.users[secret.value_author_id]
         secret.unlock(value_author.pubk, group_privk)
 
-        meta_author = users[secret.meta_author_id]
+        meta_author = @store.users[secret.meta_author_id]
         secret.unlock_metadata(meta_author.pubk, group_privk)
 
         secret
@@ -137,12 +129,12 @@ module KStor
       # needs: every group public key for this secret, user private key
       # out: nil
       def update_meta(user, secret_id, partial_meta)
-        secret = @store.secret_fetch(secret_id, user.id)
+        secret = secret_fetch(secret_id, user.id)
         unlock_metadata(user, secret)
         meta = secret.metadata.merge(partial_meta)
         group_ids = @store.groups_for_secret(secret.id)
         group_encrypted_metadata = group_ids.to_h do |group_id|
-          group_pubk = groups[group_id].pubk
+          group_pubk = @store.groups[group_id].pubk
           author_privk = user.privk
           encrypted_meta = Crypto.encrypt_secret_metadata(
             group_pubk, author_privk, meta.to_h
@@ -156,10 +148,10 @@ module KStor
       # needs: every group public key for this secret, user private key
       # out: nil
       def update_value(user, secret_id, plaintext)
-        secret = @store.secret_fetch(secret_id, user.id)
+        secret = secret_fetch(secret_id, user.id)
         group_ids = @store.groups_for_secret(secret.id)
         group_ciphertexts = group_ids.to_h do |group_id|
-          group_pubk = groups[group_id].pubk
+          group_pubk = @store.groups[group_id].pubk
           author_privk = user.privk
           encrypted_value = Crypto.encrypt_secret_value(
             group_pubk, author_privk, plaintext
@@ -174,7 +166,7 @@ module KStor
       # out: nil
       def delete(user, secret_id)
         # Check if user can see this secret:
-        secret = @store.secret_fetch(secret_id, user.id)
+        secret = secret_fetch(secret_id, user.id)
         raise Error.for_code('SECRET/NOTFOUND', secret_id) if secret.nil?
 
         @store.secret_delete(secret_id)
@@ -182,20 +174,27 @@ module KStor
 
       def unlock_format(secret)
         args = secret.to_h
-        args['value_author'] = users[secret.value_author_id].to_h
-        args['metadata_author'] = users[secret.meta_author_id].to_h
+        args['value_author'] = @store.users[secret.value_author_id].to_h
+        args['metadata_author'] = @store.users[secret.meta_author_id].to_h
 
         group_ids = @store.groups_for_secret(secret.id)
-        args['groups'] = groups.values_at(*group_ids).map(&:to_h)
+        args['groups'] = @store.groups.values_at(*group_ids).map(&:to_h)
 
         args
       end
 
       def unlock_metadata(user, secret)
         group_privk = user.keychain[secret.group_id].privk
-        author = users[secret.meta_author_id]
+        author = @store.users[secret.meta_author_id]
         secret.unlock_metadata(author.pubk, group_privk)
       end
+
+      def secret_fetch(secret_id, user_id)
+        secret = @store.secret_fetch(secret_id, user_id)
+        raise Error.for_code('SECRET/NOTFOUND', secret_id) if secret.nil?
+
+        secret
+      end
     end
   end
 end

data/lib/kstor/controller/users.rb

@@ -4,36 +4,25 @@ require 'kstor/store'
 require 'kstor/model'
 require 'kstor/crypto'
 require 'kstor/log'
+require 'kstor/controller/base'
 
 module KStor
   module Controller
     # Handle user and group related requests.
-    class User
-      def initialize(store)
-        @store = store
-      end
-
-      def handle_request(user, req)
-        case req.type
-        when /^group-create$/ then handle_group_create(user, req)
-        end
-      end
+    class User < Base
+      request_type Message::GroupCreate
+      response_type Message::GroupCreated
 
       private
 
       def handle_group_create(user, req)
-        unless req.args['name']
-          raise Error.for_code('REQ/MISSINGARG', 'name', req.type)
-        end
-
-        group = group_create(user, req.args['name'])
-        @groups = nil
-        Response.new(
-          'group.created',
-          'group_id' => group.id,
-          'group_name' => group.name,
-          'group_pubk' => group.pubk
-        )
+        group = group_create(user, req.name)
+        args = {
+          group_id: group.id,
+          group_name: group.name,
+          group_pubk: group.pubk
+        }
+        [Message::GroupCreated, args]
       end
 
       def group_create(user, name)

data/lib/kstor/controller.rb

@@ -34,8 +34,8 @@ module KStor
   end
 
   # Error: missing request argument.
-  class MissingArgument < Error
-    error_code 'REQ/MISSINGARG'
-    error_message 'Missing argument %s for request type %s'
+  class MissingMessageArgument < Error
+    error_code 'REQ/MISSINGARGS'
+    error_message 'Missing argument(s) %s for message type %s'
   end
 end

data/lib/kstor/crypto/armored_value.rb

@@ -0,0 +1,82 @@
+# frozen_string_literal: true
+
+require 'kstor/crypto/ascii_armor'
+
+module KStor
+  module Crypto
+    # Wrapper class for an ASCII-armored value.
+    class ArmoredValue
+      # Create a new ASCII-armored value.
+      #
+      # @param value [String] ASCII-armored string
+      # @return [KStor::Crypto::ArmoredValue] new armored value
+      #
+      # @see KStor::Crypto::ASCIIArmor#decode
+      # @see KStor::Crypto::ASCIIArmor#encode
+      def initialize(value)
+        @value = value
+      end
+
+      # Serialize value.
+      #
+      # @return [String] serialized value
+      def to_ascii
+        @value
+      end
+      alias to_s to_ascii
+
+      # Get back original value.
+      #
+      # @return [String] binary data
+      def to_binary
+        ASCIIArmor.decode(@value)
+      end
+
+      # Create from binary data
+      #
+      # @param bin_str [String] binary data
+      # @return [KStor::Crypto::ArmoredValue] new value
+      def self.from_binary(bin_str)
+        new(ASCIIArmor.encode(bin_str))
+      end
+    end
+
+    # A Hash that can be easily serialized to ASCII chars.
+    #
+    # Uses JSON as intermediary data format.
+    class ArmoredHash < ArmoredValue
+      # Create from Ruby Hash.
+      #
+      # @param hash [Hash] a Ruby Hash.
+      # @return [KStor::Crypto::ArmoredHash] new hash
+      def self.from_hash(hash)
+        from_binary(hash.to_json)
+      end
+
+      # Convert to Ruby Hash.
+      #
+      # @return [Hash] new Ruby Hash
+      def to_hash
+        JSON.parse(to_binary)
+      end
+
+      # Access value for this key.
+      #
+      # @param key [String] what to lookup
+      # @return [Any, nil] value
+      def [](key)
+        to_hash[key]
+      end
+
+      # Set value for a key.
+      #
+      # @param key [String] hash key
+      # @param val [Any] hash value
+      def []=(key, val)
+        h = to_hash
+        h[key] = val
+        @value = ASCIIArmor.encode(h.to_json)
+      end
+    end
+  end
+end

data/lib/kstor/crypto/keys.rb

@@ -1,6 +1,7 @@
 # frozen_string_literal: true
 
 require 'kstor/crypto/ascii_armor'
+require 'kstor/crypto/armored_value'
 
 module KStor
   module Crypto
@@ -39,49 +40,13 @@ module KStor
       end
     end
 
-    # Wrapper class for an ASCII-armored value.
-    class ArmoredValue
-      def initialize(value)
-        @value = value
-      end
-
-      def to_ascii
-        @value
-      end
-      alias to_s to_ascii
-
-      def to_binary
-        ASCIIArmor.decode(@value)
-      end
-
-      def self.from_binary(bin_str)
-        new(ASCIIArmor.encode(bin_str))
-      end
-    end
-
-    # A Hash.
-    class ArmoredHash < ArmoredValue
-      def self.from_hash(hash)
-        from_binary(hash.to_json)
-      end
-
-      def to_hash
-        JSON.parse(to_binary)
-      end
-
-      def [](key)
-        to_hash[key]
-      end
-
-      def []=(key, val)
-        h = to_hash
-        h[key] = val
-        @value = ASCIIArmor.encode(h.to_json)
-      end
-    end
-
     # KDF parameters.
     class KDFParams < ArmoredHash
+      # Create new Key Derivation Function parameters from a Ruby Hash.
+      #
+      # Hash parameter must have keys for "salt"," opslimit" and "memlimit".
+      #
+      # @param hash [Hash] KDF parameters data.
       def self.from_hash(hash)
         hash['salt'] = ASCIIArmor.encode(hash['salt'])
         hash['opslimit'] = hash['opslimit'].to_s
@@ -89,6 +54,7 @@ module KStor
         super(hash)
       end
 
+      # Convert back to a Ruby Hash.
       def to_hash
         hash = super
         hash['salt'] = ASCIIArmor.decode(hash['salt'])
@@ -101,6 +67,7 @@ module KStor
 
     # A private key.
     class PrivateKey < ArmoredValue
+      # Convert ASCII-armored value to a RbNaCl private key.
       def to_rbnacl
         RbNaCl::PrivateKey.new(to_binary)
       end
@@ -108,6 +75,7 @@ module KStor
 
     # A public key.
     class PublicKey < ArmoredValue
+      # Convert ASCII-armored value to a RbNaCl public key.
       def to_rbnacl
         RbNaCl::PublicKey.new(to_binary)
       end

data/lib/kstor/crypto.rb

@@ -39,7 +39,6 @@ module KStor
       # @return [SecretKey] secret key and KDF parameters
       def key_derive(passphrase, params = nil)
         params ||= key_derive_params_generate
-        Log.debug("crypto: kdf params = #{params.to_hash}")
         data = RbNaCl::PasswordHash.argon2(
           passphrase, params['salt'],
           params['opslimit'], params['memlimit'], params['digest_size']

data/lib/kstor/error.rb

@@ -12,26 +12,41 @@ module KStor
       attr_reader :message
       attr_reader :registry
 
+      # Declare error code for a subclass.
+      #
+      # @param str [String] unique error code.
       def error_code(str)
         @code = str
       end
 
+      # Declare error message for a subclass.
+      #
+      # This will be passed to String#format as a format string.
+      #
+      # @param str [String] error message or format.
       def error_message(str)
         @message = str
       end
 
+      # Create a new error for this code.
+      #
+      # @param code [String] error code
+      # @param args [Array] arguments to subclass initialize method.
       def for_code(code, *args)
         @registry[code].new(*args)
       end
 
+      # List of all subclasses.
       def list
         @registry.classes
       end
     end
 
+    # When subclassed, add child to registry.
+    #
+    # @param subclass [Class] subclass to add to error registry.
     def self.inherited(subclass)
       super
-      Log.debug("#{subclass} inherits from Error")
       @registry ||= ErrorRegistry.new
       if @registry.key?(subclass.code)
         code = subclass.code
@@ -43,35 +58,53 @@ module KStor
       @registry << subclass
     end
 
+    # Create new error.
+    #
+    # @param args [Array] arguments to String#format with the message as a
+    #   format string.
+    # @return [KStor::Error] instance of subclass of Error.
     def initialize(*args)
       super(format("ERR/%s #{self.class.message}", self.class.code, *args))
     end
 
-    def response
-      Response.new('error', 'code' => self.class.code, 'message' => message)
+    # Create a new server response from an error.
+    #
+    # @return [KStor::Message::Error] error response
+    def response(sid)
+      Message::Error.new(
+        { 'code' => self.class.code, 'message' => message },
+        { session_id: sid }
+      )
     end
   end
 
+  # Basically an Array of error subclasses, with an index on error codes.
+  #
   # @api private
   class ErrorRegistry
+    # Create new registry.
     def initialize
       @error_classes = []
       @index = nil
     end
 
+    # List of subclasses.
     def classes
       @error_classes.values
     end
 
+    # Append an error class.
     def <<(klass)
       @error_classes << klass
       @index = nil
     end
 
+    # True if registry knows a subclass with this error code.
     def key?(code)
       index.key?(code)
     end
 
+    # Return subclass for this error code.
     def [](code)
       index[code]
     end

data/lib/kstor/log/simple_logger.rb

@@ -0,0 +1,83 @@
+# frozen_string_literal: true
+
+require 'logger'
+
+module KStor
+  # rubocop:disable Style/Documentation
+  module Log
+    # rubocop:enable Style/Documentation
+
+    # Simple logger using Ruby Logger.
+    #
+    # It just defines some convenient methods that Journald::Logger has.
+    #
+    # @api private
+    class SimpleLogger
+      # Create a new logger.
+      #
+      # @return [KStor::Log::SimpleLogger] a simple logger to STDOUT
+      def initialize
+        @logger = Logger.new($stdout)
+      end
+
+      # Set minimum log level
+      #
+      # @param lvl [Integer] log level from constants in Logger class
+      def level=(lvl)
+        @logger.level = lvl
+      end
+
+      # Log a debug message.
+      #
+      # @param msg [String] message
+      def debug(msg)
+        @logger.debug(msg)
+      end
+
+      # Log an informative message.
+      #
+      # @param msg [String] message
+      def info(msg)
+        @logger.info(msg)
+      end
+
+      # Log a warning.
+      #
+      # @param msg [String] message
+      def warn(msg)
+        @logger.warn(msg)
+      end
+
+      # Log an error message.
+      #
+      # @param msg [String] message
+      def error(msg)
+        @logger.error(msg)
+      end
+
+      # Log an exception with full backtrace and all.
+      #
+      # @param exc [Exception] an exception
+      def exception(exc)
+        @logger.error(exc.full_message)
+      end
+
+      alias notice info
+      alias critical error
+      alias alert error
+      alias emergency error
+    end
+
+    DEBUG = Logger::DEBUG
+    INFO = Logger::INFO
+    WARN = Logger::WARN
+    ERROR = Logger::ERROR
+
+    class << self
+      # Create new simple logger to stdout
+      def create_logger
+        SimpleLogger.new
+      end
+    end
+  end
+end

data/lib/kstor/log/systemd_logger.rb

@@ -0,0 +1,22 @@
+# frozen_string_literal: true
+
+require 'journald/logger'
+
+module KStor
+  # rubocop:disable Style/Documentation
+  module Log
+    # rubocop:enable Style/Documentation
+
+    DEBUG = Journald::LOG_DEBUG
+    INFO = Journald::LOG_INFO
+    WARN = Journald::LOG_WARNING
+    ERROR = Journald::LOG_ERR
+
+    class << self
+      # Create new systemd journald logger
+      def create_logger
+        Journald::Logger.new('kstor')
+      end
+    end
+  end
+end