RubyGems - localvault - Versions diffs - 0.9.6 → 0.9.7 - Mend

localvault 0.9.6 → 0.9.7

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (8) hide show

checksums.yaml +4 -4
data/lib/localvault/api_client.rb +69 -0
data/lib/localvault/cli/sync.rb +111 -0
data/lib/localvault/cli.rb +83 -1
data/lib/localvault/sync_bundle.rb +30 -0
data/lib/localvault/version.rb +1 -1
data/lib/localvault.rb +1 -0
metadata +3 -1

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 671f50a3af0358b5344e1ee94f39cee7b74c7d45c5a55fce9e42da3b1f5b3ffc
-  data.tar.gz: a7f41141bff442117b919c5aba3864d51830aedf32ca8ef0ee025bd15bd5ea57
+  metadata.gz: 6c83c59a70defa431aff5c24ddaf567b90363c38faa1498d764e41cb15130e91
+  data.tar.gz: 23f6f02e4e17b3fa94e25cdc8266022e2dbe173444381813caed959f4bdd6d04
 SHA512:
-  metadata.gz: bde2aaed764d7317de96dda2f962a569fe4a9ae9084e14971ee7a0f838d9c2c0a698bf0f3c0ba151f6179b16522ca61a368f5b881b9491d5db7ab74ec8f50e43
-  data.tar.gz: dfdeb12993ae4236e98b8b19424b9b03d60f29f842c4586f5f31b4dfeef13e44791e04f0b53d50fb14fb2794bc2939b69eedb71c1029b614a907868a27df0958
+  metadata.gz: 39f17c0a2ab68e9c4ca99d7bdfc92451548da65640fafdf02fad4dcb50dd7105d42d1861f46183a8928a1159d1e0cb24a2f0dca120f359ed384f5785c77f1375
+  data.tar.gz: b34099c10e14a8547ef3cca0953310e36995b082e308898b01fedfc710c487628f8e1d96d9f6e65adee33d7f832d77042f52a52f3dc4697b10148b427ed23daa

data/lib/localvault/api_client.rb CHANGED Viewed

@@ -20,6 +20,11 @@ module LocalVault
       @base_url = base_url || Config.api_url
     end
+    # GET /api/v1/me
+    def me
+      get("/me")
+    end
     # GET /api/v1/users/:handle/public_key
     def get_public_key(handle)
       get("/users/#{handle}/public_key")
@@ -71,6 +76,26 @@ module LocalVault
       get("/sites/#{site_slug}/crew/public_keys")
     end
+    # GET /api/v1/vaults
+    def list_vaults
+      get("/vaults")
+    end
+    # PUT /api/v1/vaults/:name — sends raw binary blob, returns JSON
+    def push_vault(name, blob)
+      request_binary(:put, "/vaults/#{URI.encode_uri_component(name)}", blob)
+    end
+    # GET /api/v1/vaults/:name — returns raw binary blob
+    def pull_vault(name)
+      request_raw(:get, "/vaults/#{URI.encode_uri_component(name)}")
+    end
+    # DELETE /api/v1/vaults/:name
+    def delete_vault(name)
+      delete("/vaults/#{URI.encode_uri_component(name)}")
+    end
     private
     def get(path)
@@ -121,5 +146,49 @@ module LocalVault
     rescue Errno::ECONNREFUSED, SocketError => e
       raise ApiError.new("Cannot connect to #{@base_url}: #{e.message}")
     end
+    # PUT /api/v1/vaults/:name — sends raw binary body, expects JSON response
+    def request_binary(method, path, blob)
+      uri  = URI("#{@base_url}#{BASE_PATH}#{path}")
+      http = Net::HTTP.new(uri.host, uri.port)
+      http.use_ssl = uri.scheme == "https"
+      req_class = { put: Net::HTTP::Put }.fetch(method)
+      req = req_class.new(uri.request_uri)
+      req["Authorization"] = "Bearer #{@token}"
+      req["Content-Type"]  = "application/octet-stream"
+      req["Accept"]        = "application/json"
+      req.body = blob
+      res = http.request(req)
+      unless res.is_a?(Net::HTTPSuccess)
+        err = begin JSON.parse(res.body)["error"] rescue nil end
+        raise ApiError.new(err || "HTTP #{res.code}", status: res.code.to_i)
+      end
+      JSON.parse(res.body)
+    rescue Errno::ECONNREFUSED, SocketError => e
+      raise ApiError.new("Cannot connect to #{@base_url}: #{e.message}")
+    end
+    # GET /api/v1/vaults/:name — returns raw binary body
+    def request_raw(method, path)
+      uri  = URI("#{@base_url}#{BASE_PATH}#{path}")
+      http = Net::HTTP.new(uri.host, uri.port)
+      http.use_ssl = uri.scheme == "https"
+      req_class = { get: Net::HTTP::Get }.fetch(method)
+      req = req_class.new(uri.request_uri)
+      req["Authorization"] = "Bearer #{@token}"
+      req["Accept"]        = "application/octet-stream"
+      res = http.request(req)
+      unless res.is_a?(Net::HTTPSuccess)
+        err = begin JSON.parse(res.body)["error"] rescue nil end
+        raise ApiError.new(err || "HTTP #{res.code}", status: res.code.to_i)
+      end
+      res.body
+    rescue Errno::ECONNREFUSED, SocketError => e
+      raise ApiError.new("Cannot connect to #{@base_url}: #{e.message}")
+    end
   end
 end

data/lib/localvault/cli/sync.rb ADDED Viewed

@@ -0,0 +1,111 @@
+require "thor"
+require "fileutils"
+module LocalVault
+  class CLI
+    class Sync < Thor
+      desc "push [NAME]", "Push a vault to InventList cloud sync"
+      def push(vault_name = nil)
+        return unless logged_in?
+        vault_name ||= Config.default_vault
+        store = Store.new(vault_name)
+        unless store.exists?
+          $stderr.puts "Error: Vault '#{vault_name}' does not exist. Run: localvault init #{vault_name}"
+          return
+        end
+        blob   = SyncBundle.pack(store)
+        client = ApiClient.new(token: Config.token)
+        client.push_vault(vault_name, blob)
+        $stdout.puts "Synced vault '#{vault_name}' (#{blob.bytesize} bytes)"
+      rescue ApiClient::ApiError => e
+        $stderr.puts "Error: #{e.message}"
+      end
+      desc "pull [NAME]", "Pull a vault from InventList cloud sync"
+      method_option :force, type: :boolean, default: false, desc: "Overwrite existing local vault"
+      def pull(vault_name = nil)
+        return unless logged_in?
+        vault_name ||= Config.default_vault
+        store  = Store.new(vault_name)
+        if store.exists? && !options[:force]
+          $stderr.puts "Error: Vault '#{vault_name}' already exists locally. Use --force to overwrite."
+          return
+        end
+        client = ApiClient.new(token: Config.token)
+        blob   = client.pull_vault(vault_name)
+        data   = SyncBundle.unpack(blob)
+        FileUtils.mkdir_p(store.vault_path)
+        File.write(store.meta_path, data[:meta])
+        store.write_encrypted(data[:secrets]) unless data[:secrets].empty?
+        $stdout.puts "Pulled vault '#{vault_name}'."
+        $stdout.puts "Unlock it with: localvault unlock -v #{vault_name}"
+      rescue ApiClient::ApiError => e
+        if e.status == 404
+          $stderr.puts "Error: Vault '#{vault_name}' not found in cloud."
+        else
+          $stderr.puts "Error: #{e.message}"
+        end
+      end
+      desc "status", "Show sync status for all vaults"
+      def status
+        return unless logged_in?
+        client    = ApiClient.new(token: Config.token)
+        result    = client.list_vaults
+        remote    = (result["vaults"] || []).each_with_object({}) { |v, h| h[v["name"]] = v }
+        local_set = Store.list_vaults.to_set
+        all_names = (remote.keys + local_set.to_a).uniq.sort
+        if all_names.empty?
+          $stdout.puts "No vaults found locally or in cloud."
+          return
+        end
+        rows = all_names.map do |name|
+          r         = remote[name]
+          l_exists  = local_set.include?(name)
+          row_status = if r && l_exists then "synced"
+                       elsif r          then "remote only"
+                       else                  "local only"
+                       end
+          synced_at = r ? (r["synced_at"]&.slice(0, 10) || "—") : "—"
+          [name, row_status, synced_at]
+        end
+        max_name   = (["Vault"] + rows.map { |r| r[0] }).map(&:length).max
+        max_status = (["Status"] + rows.map { |r| r[1] }).map(&:length).max
+        $stdout.puts "#{"Vault".ljust(max_name)}  #{"Status".ljust(max_status)}  Synced At"
+        $stdout.puts "#{"─" * max_name}  #{"─" * max_status}  ─────────"
+        rows.each do |name, row_status, synced_at|
+          $stdout.puts "#{name.ljust(max_name)}  #{row_status.ljust(max_status)}  #{synced_at}"
+        end
+      rescue ApiClient::ApiError => e
+        $stderr.puts "Error: #{e.message}"
+      end
+      def self.exit_on_failure?
+        true
+      end
+      private
+      def logged_in?
+        return true if Config.token
+        $stderr.puts "Error: Not logged in. Run: localvault login TOKEN"
+        false
+      end
+    end
+  end
+end

data/lib/localvault/cli.rb CHANGED Viewed

@@ -421,13 +421,95 @@ module LocalVault
       $stdout.puts "  localvault exec -- env | grep -E 'DATABASE|REDIS'"
     end
-    # ── Teams / sharing ──────────────────────────────────────────────
+    # ── Teams / sharing / sync ────────────────────────────────────
     require_relative "cli/keys"
     require_relative "cli/team"
+    require_relative "cli/sync"
     register(Keys, "keys", "keys SUBCOMMAND", "Manage your X25519 keypair for vault sharing")
     register(Team, "team", "team SUBCOMMAND", "Manage vault team access")
+    register(Sync, "sync", "sync SUBCOMMAND", "Sync vaults to InventList cloud")
+    desc "keygen", "Generate your identity keypair for vault sync"
+    method_option :force, type: :boolean, default: false, desc: "Overwrite existing keypair"
+    method_option :show,  type: :boolean, default: false, desc: "Print your existing public key"
+    def keygen
+      if options[:show]
+        unless Identity.exists?
+          $stdout.puts "No keypair found. Run: localvault keygen"
+          return
+        end
+        $stdout.puts Identity.public_key
+        return
+      end
+      if Identity.exists? && !options[:force]
+        $stdout.puts "Keypair already exists. Use --force to regenerate."
+        return
+      end
+      Config.ensure_directories!
+      Identity.generate!(force: options[:force])
+      $stdout.puts "Keypair generated."
+      $stdout.puts "Public key: #{Identity.public_key}"
+    end
+    desc "login [TOKEN]", "Log in to InventList — validate token, auto-keygen, publish public key"
+    method_option :status, type: :boolean, default: false, desc: "Show current login status"
+    def login(token = nil)
+      if options[:status]
+        handle = Config.inventlist_handle
+        if handle
+          $stdout.puts "Logged in as @#{handle}"
+        else
+          $stdout.puts "Not logged in. Run: localvault login TOKEN"
+        end
+        return
+      end
+      unless token
+        $stdout.puts "Usage: localvault login TOKEN"
+        $stdout.puts "Get your token at: https://inventlist.com/settings"
+        return
+      end
+      client = ApiClient.new(token: token)
+      data   = client.me
+      handle = data.dig("user", "handle")
+      Config.token             = token
+      Config.inventlist_handle = handle
+      Config.ensure_directories!
+      Identity.generate! unless Identity.exists?
+      client.publish_public_key(Identity.public_key)
+      $stdout.puts "Logged in as @#{handle}"
+      $stdout.puts "Public key published to your InventList profile."
+      $stdout.puts
+      $stdout.puts "Next: localvault sync push   # sync your vault to the cloud"
+    rescue ApiClient::ApiError => e
+      if e.status == 401
+        $stdout.puts "Invalid token. Check your token at: https://inventlist.com/settings"
+      else
+        $stdout.puts "Error connecting to InventList: #{e.message}"
+      end
+    end
+    desc "logout", "Log out of InventList"
+    def logout
+      unless Config.token
+        $stdout.puts "Not logged in."
+        return
+      end
+      handle = Config.inventlist_handle
+      Config.token             = nil
+      Config.inventlist_handle = nil
+      $stdout.puts "Logged out#{" @#{handle}" if handle}."
+    end
     desc "connect", "Connect to InventList for vault sharing"
     method_option :token,  required: true, type: :string, desc: "InventList API token"

data/lib/localvault/sync_bundle.rb ADDED Viewed

@@ -0,0 +1,30 @@
+require "json"
+require "base64"
+require "digest"
+module LocalVault
+  module SyncBundle
+    VERSION = 1
+    # Pack a vault's meta.yml + secrets.enc into a single JSON blob.
+    # The secrets.enc is already encrypted — this bundle is opaque to the server.
+    def self.pack(store)
+      meta_content    = File.read(store.meta_path)
+      secrets_content = store.read_encrypted || ""
+      JSON.generate(
+        "version" => VERSION,
+        "meta"    => Base64.strict_encode64(meta_content),
+        "secrets" => Base64.strict_encode64(secrets_content)
+      )
+    end
+    # Unpack a blob back into {meta:, secrets:} strings.
+    def self.unpack(blob)
+      data = JSON.parse(blob)
+      {
+        meta:    Base64.strict_decode64(data.fetch("meta")),
+        secrets: Base64.strict_decode64(data.fetch("secrets"))
+      }
+    end
+  end
+end

data/lib/localvault/version.rb CHANGED Viewed

@@ -1,3 +1,3 @@
 module LocalVault
-  VERSION = "0.9.6"
+  VERSION = "0.9.7"
 end

data/lib/localvault.rb CHANGED Viewed

@@ -6,6 +6,7 @@ require_relative "localvault/vault"
 require_relative "localvault/identity"
 require_relative "localvault/share_crypto"
 require_relative "localvault/api_client"
+require_relative "localvault/sync_bundle"
 module LocalVault
 end

metadata CHANGED Viewed

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: localvault
 version: !ruby/object:Gem::Version
-  version: 0.9.6
+  version: 0.9.7
 platform: ruby
 authors:
 - Nauman Tariq
@@ -109,6 +109,7 @@ files:
 - lib/localvault/api_client.rb
 - lib/localvault/cli.rb
 - lib/localvault/cli/keys.rb
+- lib/localvault/cli/sync.rb
 - lib/localvault/cli/team.rb
 - lib/localvault/config.rb
 - lib/localvault/crypto.rb
@@ -118,6 +119,7 @@ files:
 - lib/localvault/session_cache.rb
 - lib/localvault/share_crypto.rb
 - lib/localvault/store.rb
+- lib/localvault/sync_bundle.rb
 - lib/localvault/vault.rb
 - lib/localvault/version.rb
 homepage: https://github.com/inventlist/localvault