kstor 0.4.3 → 0.5.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 72e1dae661e2cb26fb40e0ac19f066ae35b9eb09605123915f0119a7ed98100c
-  data.tar.gz: 9a10808b3a5e5c6b65babc84281984b5c3aed4974227808db992652eab7542e5
+  metadata.gz: 74582d56a367754e14553d134666e9fe82322f5a61d2e87905b846e539f5a395
+  data.tar.gz: 36bc6b27ea95681d1214f2c2194773114cee637b4f039a56571b0fdf606174a0
 SHA512:
-  metadata.gz: ed9c26317bb1765ca766abbc1531b24eb0cf33b6e44820b6c37dee62ea6b1c063bd34cd8c15d0f562dddb7766e7f2d841a87b30d1a8c094c882937790d29819b
-  data.tar.gz: c2c3d2f28793d0a55b62491b1a3bc5950e3b80784e7bb3ba72f996530d6a104d9d6a74d88ab55756d4193cae486dfb5addbe362c40b60bbbf29966fa7f943b62
+  metadata.gz: 18522832bdcd1af680938d8f89857ce74c535763d4912782ea40b303374ce3bbd8fe9d6f8432773b19c86b44459ded250e3048a897678086b6b72c8cc863cdc6
+  data.tar.gz: 76798cadbb665be06ca2292c5365603fc242b3f841efc2411d9e93f32091e05366bc82ba06dc9d0ed87e178f0bdd552cf1021deb129a33ea1f8511b2abba9c96

data/README.md

@@ -28,7 +28,7 @@ group key pairs. Group private keys are used to decrypt secrets. Pfew!
 4. systemctl --user start kstor.socket
 5. bundle exec kstor --help
 
-### Available request types
+## Available request types
 
 So far I've implemented:
 * group-create
@@ -39,7 +39,7 @@ So far I've implemented:
 * secret-update-value
 * secret-delete
 
-### Notes
+## Notes
 
 On first access, it will create your user in database (login defaults to your
 login). Passwords are asked interactively.
@@ -47,3 +47,7 @@ login). Passwords are asked interactively.
 It will store session ID in XDG_RUNTIME_DIR/kstor/session-id .
 
 Each request can be authentified either with login/password or with session ID.
+
+## Badges
+
+Gem version on Rubygems.org: [![Gem Version](https://badge.fury.io/rb/kstor.svg)](https://badge.fury.io/rb/kstor)

data/bin/kstor

@@ -13,14 +13,17 @@ module KStor
   # Manage KStor client configuration and state on disk.
   module ClientState
     class << self
+      # Default client config.
       DEFAULT_CONFIG = {
-        'socket' => '/home/jpi/code/kstor/testworkdir/kstor.socket'
+        'socket' => '/run/kstor.socket'
       }.freeze
 
+      # Load client config from disk.
       def load_config(progr)
         DEFAULT_CONFIG.merge(load_config_file(progr))
       end
 
+      # Path to session ID file on disk.
       def session_id_file(progr)
         dir = File.join(xdg_runtime, progr)
         FileUtils.mkdir_p(dir)
@@ -30,6 +33,7 @@ module KStor
         file
       end
 
+      # Load session ID from disk.
       def load_session_id(progr)
         sid = nil
         File.open(session_id_file(progr)) { |f| sid = f.read.chomp }
@@ -59,12 +63,11 @@ module KStor
       def config_file(progr)
         dir = File.join(xdg_config, progr)
         FileUtils.mkdir_p(dir)
-        File.join(dir, 'session-id')
+        File.join(dir, 'config.yaml')
       end
 
       def load_config_file(progr)
-        data = File.read(config_file(progr))
-        YAML.parse(data)
+        YAML.load_file(config_file(progr))
       rescue Errno::ENOENT
         {}
       end
@@ -73,14 +76,16 @@ module KStor
 
   # Sub-commands that can be invoked from the command-line.
   module ClientSubCommands
+    # Create a user group.
     def group_create
-      request('group-create') do |o|
+      request('group_create') do |o|
         o.string('-n', '--name', 'Group name')
       end
     end
 
+    # Create a secret.
     def secret_create
-      req = request('secret-create') do |o|
+      request_with_meta('secret_create') do |o|
         o.string('-p', '--plaintext', 'Value of the secret')
         o.array('-g', '--group_ids', 'Groups that can unlock the secret')
         o.string('-a', '--app', 'application of this secret')
@@ -89,11 +94,11 @@ module KStor
         o.string('-S', '--server', 'server of this secret')
         o.string('-u', '--url', 'url for this secret')
       end
-      reorganize_secret_meta_args(req)
     end
 
+    # Return a list of matching secrets.
     def secret_search
-      request('secret-search') do |o|
+      request_with_meta('secret_search') do |o|
         o.string('-a', '--app', 'secrets for this application')
         o.string('-d', '--database', 'secrets for this database')
         o.string('-l', '--login', 'secrets for this login')
@@ -102,14 +107,16 @@ module KStor
       end
     end
 
+    # Decrypt secret value and metadata
     def secret_unlock
-      request('secret-unlock') do |o|
+      request('secret_unlock') do |o|
         o.string('-s', '--secret-id', 'secret ID to unlock')
       end
     end
 
+    # Update secret metadata
     def secret_update_meta
-      req = request('secret-update-meta') do |o|
+      request_with_meta('secret_update_meta') do |o|
         o.string('-s', '--secret-id', 'secret ID to modify')
         o.string('-a', '--app', 'new application of this secret')
         o.string('-d', '--database', 'new database of this secret')
@@ -117,18 +124,19 @@ module KStor
         o.string('-S', '--server', 'new server of this secret')
         o.string('-u', '--url', 'new url for this secret')
       end
-      reorganize_secret_meta_args(req)
     end
 
+    # Update secret value
     def secret_update_value
-      request('secret-update-value') do |o|
+      request('secret_update_value') do |o|
         o.string('-s', '--secret-id', 'secret ID to modify')
         o.string('-p', '--plaintext', 'new plaintext value')
       end
     end
 
+    # Delete secret
     def secret_delete
-      request('secret-delete') do |o|
+      request('secret_delete') do |o|
         o.string('-s', '--secret-id', 'secret ID to delete')
       end
     end
@@ -138,14 +146,16 @@ module KStor
   class Client
     include ClientSubCommands
 
+    # Create new command-line client.
     def initialize
       @progr = File.basename($PROGRAM_NAME)
       @config = ClientState.load_config(@progr)
       @user = user_from_argv
     end
 
+    # Read command-line args, send request to server and display results..
     def run
-      request_type = ARGV.shift
+      request_type = ARGV.shift.to_sym
       resp = send_request(request_type)
       handle_error!(resp) if resp.error?
 
@@ -178,7 +188,7 @@ module KStor
     end
 
     def handle_error!(resp)
-      if resp.args['code'] == 'AUTH/BADSESSION'
+      if resp.code == 'AUTH/BADSESSION'
         FileUtils.rm(ClientState.session_id_file(@progr))
         warn('session expired')
       else
@@ -195,34 +205,23 @@ module KStor
       socket.send(req.serialize, 0)
 
       data, = socket.recvfrom(4096)
-      Response.parse(data)
-    rescue UnparsableResponse
-      warn('server speaks funny; look at logs!')
+      Message::Base.parse(data)
+    rescue Message::UnparsableResponse
+      warn('Invalid response from server; look at logs!')
       exit(1)
     end
 
-    REQUEST_METHODS = {
-      'group-create' => :group_create,
-      'secret-create' => :secret_create,
-      'secret-search' => :secret_search,
-      'secret-unlock' => :secret_unlock,
-      'secret-update-meta' => :secret_update_meta,
-      'secret-update-value' => :secret_update_value,
-      'secret-delete' => :secret_delete
-    }.freeze
-
     def method_name(request_type)
       if request_type.nil?
         base_usage
         exit 0
       end
-      meth = REQUEST_METHODS[request_type]
-      if meth.nil?
+      unless KStor::Message::Base.type?(request_type)
         warn("Unknown request type #{request_type.inspect}")
         base_usage
         exit 1
       end
-      meth
+      request_type
     end
 
     def user_from_argv
@@ -250,19 +249,28 @@ module KStor
       session_id = ClientState.load_session_id(@progr)
 
       if session_id
-        { 'session_id' => session_id }
+        { session_id: }
       else
-        { 'login' => @user, 'password' => ask_password }
+        { login: @user, password: ask_password }
       end
     end
 
+    def request_with_meta(type, &block)
+      args = parse_opts(type) { |o| block.call(o) }
+      args['meta'] = {
+        'app' => args.delete('app'),
+        'database' => args.delete('database'),
+        'login' => args.delete('login'),
+        'server' => args.delete('server'),
+        'url' => args.delete('url')
+      }
+      args['meta'].compact!
+      KStor::Message::Base.for_type(type, args, **auth)
+    end
+
     def request(type, &block)
-      hreq = {}
-      hreq['type'] = type
-      hreq['args'] = parse_opts(type) do |o|
-        block.call(o)
-      end
-      KStor::Message.parse_request(hreq.merge(auth).to_json)
+      args = parse_opts(type) { |o| block.call(o) }
+      KStor::Message::Base.for_type(type, args, **auth)
     end
 
     def parse_opts(request_type)
@@ -277,7 +285,7 @@ module KStor
         o.separator('')
         yield o
       end
-      opts.to_hash.compact
+      opts.to_hash.compact.transform_keys(&:to_s)
     end
   end
 end

data/bin/kstor-srv

@@ -3,10 +3,10 @@
 
 require 'kstor'
 
-KStor::Log.reporting_level = Journald::LOG_DEBUG
-
 config = KStor::Config.load(ARGV.shift)
 
+KStor::Log.reporting_level = config.log_level
+
 store = KStor::Store.new(config.database)
 session_store = KStor::SessionStore.new(
   config.session_idle_timeout,

data/lib/kstor/config.rb

@@ -29,7 +29,8 @@ module KStor
       'socket' => '/run/kstor-server.socket',
       'nworkers' => 5,
       'session_idle_timeout' => 15 * 60,
-      'session_life_timeout' => 4 * 60 * 60
+      'session_life_timeout' => 4 * 60 * 60,
+      'log_level' => 'warn'
     }.freeze
 
     class << self

data/lib/kstor/controller/authentication.rb

@@ -8,13 +8,28 @@ require 'kstor/model'
 
 module KStor
   module Controller
-    # Handle user authentication and sessions.
+    # Specialized controller for user authentication and sessions.
     class Authentication
+      # Create new auth controller.
+      #
+      # @param store [KStor::Store] data store where users are
+      # @param session_store [KStor::SessionStore] where user sessions are
+      # @return [KStor::Controller::Authentication] new auth controller
       def initialize(store, session_store)
         @store = store
         @sessions = session_store
       end
 
+      # Authenticate request user.
+      #
+      # Request may either contain a login/password, or a session ID.
+      #
+      # @param req [KStor::Message::Base] client request
+      # @return [KStor::Model::User] client user
+      # @raise [KStor::InvalidSession] if session ID is invalid
+      # @raise [KStor::UserNotAllowed] if user is not allowed
+      # @raise [KStor::MissingLoginPassword] if database is empty and request
+      #   only contains a session ID
       def authenticate(req)
         if @store.users?
           unlock_user(req)
@@ -23,13 +38,19 @@ module KStor
         end
       end
 
-      # return true if login is allowed to access the database.
+      # Check if user is allowed to access the application.
+      #
+      # @param user [KStor::Model::User] client user
+      # @return [Boolean] true if login is allowed to access application data.
       def allowed?(user)
         user.status == 'new' || user.status == 'active'
       end
 
+      private
+
+      # Load user from database and decrypt private key and keychain.
       def unlock_user(req)
-        if req.respond_to?(:session_id)
+        if req.session_request?
           session_id = req.session_id
           user, secret_key = load_session(session_id)
         else
@@ -72,7 +93,7 @@ module KStor
         )
         secret_key = user.secret_key(req.password)
         user.unlock(secret_key)
-        @store.user_create(user)
+        user.id = @store.user_create(user)
         Log.info("user #{user.login} created")
 
         session = Session.create(user, secret_key)

data/lib/kstor/controller/base.rb

@@ -0,0 +1,61 @@
+# frozen_string_literal: true
+
+module KStor
+  # Various controllers that participate in serving client.
+  module Controller
+    # Common code for all controllers (except RequestHandler).
+    #
+    # @abstract
+    class Base
+      class << self
+        attr_accessor :request_types
+        attr_accessor :response_types
+
+        # Declare that this controller handles this type of request.
+        def request_type(klass)
+          @request_types ||= []
+          @request_types << klass
+        end
+
+        # Declare that this controller produces this type of response.
+        def response_type(klass)
+          @response_types ||= []
+          @response_types << klass
+        end
+
+        # True if sub-controller handles these requests.
+        #
+        # @param type [String] request type
+        # @return [Boolean] true if request type may be handled
+        def handles?(req)
+          @request_types.include?(req.class)
+        end
+      end
+
+      # Create sub-controller with access to data store.
+      #
+      # @param store [KStor::Store] data store
+      # @return [KStor::Controller::Base] a new sub-controller
+      def initialize(store)
+        @store = store
+        @request_handlers = self.class.request_types.to_h do |klass|
+          meth = "handle_#{klass.type}".to_sym
+          [klass, meth]
+        end
+      end
+
+      # Handle client request.
+      #
+      # @param user [KStor::Model::User] user making this request
+      # @param req [KStor::Message::Base] client request
+      def handle_request(user, sid, req)
+        unless @request_handlers.key?(req.class)
+          raise Error.for_code('REQ/UNKNOWN', req.type)
+        end
+
+        klass, args = __send__(@request_handlers[req.class], user, req)
+        klass.new(args, { session_id: sid })
+      end
+    end
+  end
+end

data/lib/kstor/controller/request_handler.rb

@@ -9,41 +9,109 @@ require 'kstor/controller/users'
 
 module KStor
   module Controller
-    # Request handler.
+    # Undeclared response type.
+    class UnknownResponseType < RuntimeError
+    end
+
+    # Top-level request handler.
+    #
+    # Dispatches requests to specialized sub-controller.
     class RequestHandler
+      class << self
+        # List of sub-controllers.
+        attr_accessor :controllers
+
+        # Request types handled by all sub-controllers.
+        #
+        # @return [Array[String]] list of all handled request types
+        def request_types
+          @controllers.map(&:request_types).inject([], &:+)
+        end
+
+        # Response types that sub-controllers can produce.
+        #
+        # @return [Array[String]] list of all response types that this handler
+        #   can produce
+        def response_types
+          [Message::Error] + @controllers.map(&:response_types).inject([], &:+)
+        end
+
+        # All message types handled and produced by this controller.
+        #
+        # @return [Array[String]] List of all message types
+        def message_types
+          request_types + response_types
+        end
+
+        # True if this controller can handle this request type.
+        #
+        # @param type [Class] request type
+        # @return [Boolean] true if handled
+        def handles?(type)
+          request_types.include?(type)
+        end
+
+        # True if this controller can respond to a client with this type of
+        # reponse.
+        #
+        # @param type [String] response type
+        # @return [Boolean] true if can be produced.
+        def responds?(type)
+          response_types.include?(type)
+        end
+      end
+
+      self.controllers = [Controller::User, Controller::Secret]
+
+      # Create new request handler controller from data store and session store.
+      #
+      # @param store [KStor::Store] data store
+      # @param session_store [KStor::SessionStore] session store
+      # @return [KStor::Controller::RequestHandler] new top-level controller.
       def initialize(store, session_store)
         @auth = Controller::Authentication.new(store, session_store)
-        @secret = Controller::Secret.new(store)
-        @user = Controller::User.new(store)
         @store = store
+        @controllers = self.class.controllers.map do |klass|
+          klass.new(store)
+        end
       end
 
+      # Serve a client.
+      #
+      # @param req [KStor::Message::Base] client request
+      # @return [KStor::Message::Base] server response
       def handle_request(req)
         user, sid = @auth.authenticate(req)
         controller = controller_from_request_type(req)
-        resp = @store.transaction { controller.handle_request(user, req) }
+        resp = @store.transaction { controller.handle_request(user, sid, req) }
         user.lock
-        resp.session_id = sid
-        resp
+        finish_response(resp)
       rescue RbNaClError => e
         Log.exception(e)
-        Error.for_code('CRYPTO/UNSPECIFIED').response
-      rescue Error => e
+        Error.for_code('CRYPTO/UNSPECIFIED').response(sid)
+      rescue KStor::MissingMessageArgument => e
+        raise e
+      rescue KStor::Error => e
         Log.info(e.message)
-        e.response
+        e.response(sid)
       end
 
       private
 
+      def finish_response(resp)
+        unless self.class.responds?(resp.class)
+          raise UnknownResponseType, 'Unknown response type ' \
+                                     "#{resp.type.inspect}"
+        end
+        resp
+      end
+
       def controller_from_request_type(req)
-        case req.type
-        when /^secret-(create|delete|search|unlock|update-(meta|value)?)$/
-          @secret
-        when /^group-create$/
-          @user
-        else
-          raise Error.for_code('REQ/UNKNOWN', req.type)
+        @controllers.each do |ctrl|
+          return ctrl if ctrl.class.handles?(req)
         end
+
+        raise Error.for_code('REQ/UNKNOWN', req.type)
       end
     end
   end