kstor 0.4.1 → 0.4.2

Sign up to get free protection for your applications and to get access to all the features.
Files changed (8) hide show
  1. checksums.yaml +4 -4
  2. data/README.md +44 -2
  3. data/lib/kstor/config.rb +4 -4
  4. data/lib/kstor/controller/authentication.rb +6 -0
  5. data/lib/kstor/controller/request_handler.rb +50 -0
  6. data/lib/kstor/controller.rb +1 -40
  7. data/lib/kstor/version.rb +1 -1
  8. metadata +2 -1
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 02213472fae2012da7f7b3b0fb8eada910b04930877cb4cff03efcf7345b08e9
4
- data.tar.gz: 1c4ae47f6195c103c5f8873c2f275d0beb1eacebee748b52f2ee184b6a5ca81b
3
+ metadata.gz: 2d00405a6f9eaa621194511869f62b80eb9736bfb665e15d87d6e6ac4f0fa6a2
4
+ data.tar.gz: 4bb86aa9a8cfbfdb868525b9cc93f77d8410146cf99a78c1abe594058aac5ba7
5
5
  SHA512:
6
- metadata.gz: 6f325b269554163bc7166c718f8d06a3d508f9bba24b694dab8bcc09eca22c2defcc457fc9d5855cafcb29bc6228278ee20ab884dcb0a5457910f798678f6ded
7
- data.tar.gz: bc13d87122b1c23538ad2edf48e5d99d391b7f31ea61f33f63900e693150daac6ca2e7117edf2b6762fe898a92183a1374ac3ccc3b5ea4c8d9c4fb5d46328a18
6
+ metadata.gz: 13548da3eb9f804f6014995c77485776c775b924def753a2787731644f8358a497a2de02ba0e8fb275dd98c9ae0d0158d9365ebaa32abc2baf329b8c0dd94d00
7
+ data.tar.gz: fcc75b3d3ff85698ad8ea588ba03967875df4648b306834e907448865587c47edb57d07b56ff8808fad037e337db073b88d5107aa27e9a007208b088c25086aa
data/README.md CHANGED
@@ -2,6 +2,48 @@
2
2
 
3
3
  KStor stores and shares secrets among teams of users.
4
4
 
5
- It doesn't work yet.
5
+ It doesn't work yet. No error checks. Glaring holes everywhere. Will empty your
6
+ fridge and scare your cat. Obviously, don't store anything valuable and not
7
+ public in KStor!
6
8
 
7
- This is the server part, supporting a command-line client and a web user interface.
9
+ It has a server and an ugly command-line client. The plan is to have a web user
10
+ interface someday; the command-line client is mostly here to help me do basic
11
+ debugging.
12
+
13
+ Basic principle means that (when it will be ready), data at rest will always be
14
+ encrypted. To read secret values and metadata, you need user passwords.
15
+
16
+ User passwords are derived to make secret keys. Secret keys are used to decrypt
17
+ user key pairs (public and private). User private keys are used to decrypt
18
+ group key pairs. Group private keys are used to decrypt secrets. Pfew!
19
+
20
+ ## Basic usage
21
+
22
+ 1. create config file in YAML with the following keys:
23
+ * database: path to SQLite database file
24
+ * socket: path to UNIX socket that the server will listen to
25
+ * nworkers: number of worker threads
26
+ 2. copy systemd/kstor.* to ~/.config/systemd/user/ and adjust paths
27
+ 3. systemctl --user daemon-reload
28
+ 4. systemctl --user start kstor.socket
29
+ 5. bundle exec kstor --help
30
+
31
+ ### Available request types
32
+
33
+ So far I've implemented:
34
+ * group-create
35
+ * secret-create
36
+ * secret-search
37
+ * secret-unlock
38
+ * secret-update-metadata
39
+ * secret-update-value
40
+ * secret-delete
41
+
42
+ ### Notes
43
+
44
+ On first access, it will create your user in database (login defaults to your
45
+ login). Passwords are asked interactively.
46
+
47
+ It will store session ID in XDG_RUNTIME_DIR/kstor/session-id .
48
+
49
+ Each request can be authentified either with login/password or with session ID.
data/lib/kstor/config.rb CHANGED
@@ -25,8 +25,8 @@ module KStor
25
25
  # @!attribute [r] session_life_timeout
26
26
  # @return [Integer] seconds before a session is closed
27
27
  DEFAULTS = {
28
- 'database' => 'data/db.sqlite',
29
- 'socket' => 'run/kstor-server.socket',
28
+ 'database' => '/var/lib/kstor/kstor.sqlite',
29
+ 'socket' => '/run/kstor-server.socket',
30
30
  'nworkers' => 5,
31
31
  'session_idle_timeout' => 15 * 60,
32
32
  'session_life_timeout' => 4 * 60 * 60
@@ -46,7 +46,7 @@ module KStor
46
46
  else
47
47
  {}
48
48
  end
49
- new(DEFAULTS.merge(hash))
49
+ new(hash)
50
50
  end
51
51
  end
52
52
 
@@ -54,7 +54,7 @@ module KStor
54
54
  #
55
55
  # @param hash [Hash] configuration items
56
56
  def initialize(hash)
57
- @data = hash
57
+ @data = DEFAULTS.merge(hash)
58
58
  end
59
59
 
60
60
  DEFAULTS.each_key do |k|
data/lib/kstor/controller/authentication.rb CHANGED
@@ -1,5 +1,11 @@
1
1
  # frozen_string_literal: true
2
2
 
3
+ require 'kstor/error'
4
+ require 'kstor/log'
5
+ require 'kstor/store'
6
+ require 'kstor/session'
7
+ require 'kstor/model'
8
+
3
9
  module KStor
4
10
  module Controller
5
11
  # Handle user authentication and sessions.
data/lib/kstor/controller/request_handler.rb ADDED
@@ -0,0 +1,50 @@
1
+ # frozen_string_literal: true
2
+
3
+ require 'rbnacl'
4
+
5
+ require 'kstor/error'
6
+ require 'kstor/controller/authentication'
7
+ require 'kstor/controller/secret'
8
+ require 'kstor/controller/users'
9
+
10
+ module KStor
11
+ module Controller
12
+ # Request handler.
13
+ class RequestHandler
14
+ def initialize(store, session_store)
15
+ @auth = Controller::Authentication.new(store, session_store)
16
+ @secret = Controller::Secret.new(store)
17
+ @user = Controller::User.new(store)
18
+ @store = store
19
+ end
20
+
21
+ def handle_request(req)
22
+ user, sid = @auth.authenticate(req)
23
+ controller = controller_from_request_type(req)
24
+ resp = @store.transaction { controller.handle_request(user, req) }
25
+ user.lock
26
+ resp.session_id = sid
27
+ resp
28
+ rescue RbNaClError => e
29
+ Log.exception(e)
30
+ Error.for_code('CRYPTO/UNSPECIFIED').response
31
+ rescue Error => e
32
+ Log.info(e.message)
33
+ e.response
34
+ end
35
+
36
+ private
37
+
38
+ def controller_from_request_type(req)
39
+ case req.type
40
+ when /^secret-(create|delete|search|unlock|update-(meta|value)?)$/
41
+ @secret
42
+ when /^group-create$/
43
+ @user
44
+ else
45
+ raise Error.for_code('REQ/UNKNOWN', req.type)
46
+ end
47
+ end
48
+ end
49
+ end
50
+ end
data/lib/kstor/controller.rb CHANGED
@@ -7,6 +7,7 @@ require 'kstor/message'
7
7
  require 'kstor/controller/authentication'
8
8
  require 'kstor/controller/secret'
9
9
  require 'kstor/controller/users'
10
+ require 'kstor/controller/request_handler'
10
11
 
11
12
  module KStor
12
13
  # Error: user was not allowed to access application.
@@ -37,44 +38,4 @@ module KStor
37
38
  error_code 'REQ/MISSINGARG'
38
39
  error_message 'Missing argument %s for request type %s'
39
40
  end
40
-
41
- module Controller
42
- # Request handler.
43
- class RequestHandler
44
- def initialize(store, session_store)
45
- @auth = Controller::Authentication.new(store, session_store)
46
- @secret = Controller::Secret.new(store)
47
- @user = Controller::User.new(store)
48
- @store = store
49
- end
50
-
51
- def handle_request(req)
52
- user, sid = @auth.authenticate(req)
53
- controller = controller_from_request_type(req)
54
- resp = @store.transaction { controller.handle_request(user, req) }
55
- user.lock
56
- resp.session_id = sid
57
- resp
58
- rescue RbNaClError => e
59
- Log.exception(e)
60
- Error.for_code('CRYPTO/UNSPECIFIED').response
61
- rescue Error => e
62
- Log.info(e.message)
63
- e.response
64
- end
65
-
66
- private
67
-
68
- def controller_from_request_type(req)
69
- case req.type
70
- when /^secret-(create|delete|search|unlock|update-(meta|value)?)$/
71
- @secret
72
- when /^group-create$/
73
- @user
74
- else
75
- raise Error.for_code('REQ/UNKNOWN', req.type)
76
- end
77
- end
78
- end
79
- end
80
41
  end
data/lib/kstor/version.rb CHANGED
@@ -1,5 +1,5 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  module KStor
4
- VERSION = '0.4.1'
4
+ VERSION = '0.4.2'
5
5
  end
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: kstor
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.4.1
4
+ version: 0.4.2
5
5
  platform: ruby
6
6
  authors:
7
7
  - Jérémie Pierson
@@ -100,6 +100,7 @@ files:
100
100
  - lib/kstor/config.rb
101
101
  - lib/kstor/controller.rb
102
102
  - lib/kstor/controller/authentication.rb
103
+ - lib/kstor/controller/request_handler.rb
103
104
  - lib/kstor/controller/secret.rb
104
105
  - lib/kstor/controller/users.rb
105
106
  - lib/kstor/crypto.rb