nexus-debug 1.4.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: c5e977b37cb2b84fdff288647f916aaf31d72e330fbb75219732cf40acef41b8
+  data.tar.gz: 65c9201977d7d1a661834015c1dd9d24aa125a8d3d5341ea418c5c144ef5dd2c
+SHA512:
+  metadata.gz: 5dffd2d02171b34bad106eb0eed21fc4c4990802f91d5d6a67c00176caaf8d0cc418de995a4c65385871d8ec9e72a7d74aa4e24943da0ac775c9ec846cefa3f1
+  data.tar.gz: 3a5cfd62ff57b6c97d262b7abe43dab2b5366e71e1c378d6b98a783f06f7fe86e1b516e8eaf0a1c6cc63c6e18eb200a8543bf392230bcf630957411cb4164358

data/MIT-LICENSE

@@ -0,0 +1,22 @@
+Copyright (c) 2009, Nick Quaranto
+
+Permission is hereby granted, free of charge, to any person
+obtaining a copy of this software and associated documentation
+files (the "Software"), to deal in the Software without
+restriction, including without limitation the rights to use,
+copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the
+Software is furnished to do so, subject to the following
+conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES
+OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT
+HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
+WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
+FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR
+OTHER DEALINGS IN THE SOFTWARE.

data/Rakefile

@@ -0,0 +1,18 @@
+#-*- mode: ruby -*-
+
+require 'rake'
+require 'rake/testtask'
+require 'rubygems/package_task'
+
+task :default => [ :test, :package ]
+
+Gem::PackageTask.new( Gem::Specification.load( 'nexus.gemspec' ) ) do
+end
+
+Rake::TestTask.new(:test) do |t|
+  t.libs << "test"
+  t.test_files = FileList['test/*_test.rb']
+  t.verbose = true
+end
+
+# vim: syntax=Ruby

data/bin/nbundle

@@ -0,0 +1,5 @@
+#!/usr/bin/env ruby
+require 'rubygems'
+require 'bundler/monkey_patch'
+
+load Gem.bin_path('bundler', 'bundle')

data/lib/commands/abstract_command.rb

@@ -0,0 +1,225 @@
+# frozen_string_literal: true
+
+require 'rubygems/local_remote_options'
+require 'net/http'
+require 'base64'
+require 'nexus/config'
+
+module Gem
+  class AbstractCommand < Gem::Command
+    include Gem::LocalRemoteOptions
+
+    def initialize(name, summary)
+      super
+
+      add_option('-r', '--repo KEY',
+                 "pick the configuration under that key.\n                                     can be used in conjuction with --clear-repo and the upload itself.") do |value, options|
+        options[:nexus_repo] = value
+      end
+
+      add_option('-c', '--clear-repo',
+                 'Clears the nexus config for the given repo or the default repo') do |value, options|
+        options[:nexus_clear] = value
+      end
+
+      add_option('--url URL',
+                 'URL of the rubygems repository on a Nexus server') do |value, options|
+        options[:nexus_url] = value
+      end
+
+      add_option('--credential USER:PASS',
+                 'Enter your Nexus credentials in "Username:Password" format') do |value, options|
+        options[:nexus_credential] = value
+      end
+
+      add_option('--nexus-config FILE',
+                 "File location of nexus config to use.\n                                     default #{Nexus::Config.default_file}") do |value, options|
+        options[:nexus_config] = File.expand_path(value)
+      end
+
+      add_option('--ignore-ssl-errors',
+                 'No check certificate.') do |_value, options|
+        options[:ssl_verify_mode] = OpenSSL::SSL::VERIFY_NONE
+      end
+    end
+
+    def url
+      url = config.url
+      # no leading slash
+      url&.sub!(%r{/$}, '')
+      url
+    end
+
+    def configure_url
+      url =
+        if options[:nexus_url]
+          options[:nexus_url]
+        else
+          say 'Enter the URL of the rubygems repository on a Nexus server'
+          ask('URL: ')
+        end
+
+      if !URI.parse(url.to_s).host.nil?
+        config.url = url
+
+        say "The Nexus URL has been stored in #{config}"
+      else
+        raise 'no URL given'
+      end
+    end
+
+    def setup
+      prompt_encryption if config.encrypted?
+      configure_url if config.url.nil? || options[:nexus_clear]
+      use_proxy!(url) if http_proxy(url)
+      if authorization.nil? ||
+         config.always_prompt? ||
+         options[:nexus_clear]
+        sign_in
+      end
+    end
+
+    def prompt_encryption
+      password = ask_for_password('Enter your Nexus encryption credentials (no prompt)')
+
+      # recreate config with password
+      config.password = password
+    end
+
+    def sign_in
+      token =
+        if options[:nexus_credential]
+          options[:nexus_credential]
+        else
+          say 'Enter your Nexus credentials'
+          username = ask('Username: ')
+          password = ask_for_password('Password: ')
+          "#{username}:#{password}"
+        end
+
+      # mimic strict_encode64 which is not there on ruby1.8
+      auth = "Basic #{Base64.encode64(token).gsub(/\s+/, '')}"
+      @authorization = token == ':' ? nil : auth
+
+      return if config.always_prompt?
+
+      config.authorization = @authorization
+      if @authorization
+        say "Your Nexus credentials have been stored in #{config}"
+      else
+        say "Your Nexus credentials have been deleted from #{config}"
+      end
+    end
+
+    def this_config(_pass = nil)
+      Nexus::Config.new(options[:nexus_config],
+                        options[:nexus_repo])
+    end
+
+    private :this_config
+
+    def config(pass = nil)
+      @config = this_config(pass) if pass
+      @config ||= this_config
+    end
+
+    def authorization
+      @authorization || config.authorization
+    end
+
+    def make_request(method, path)
+      require 'net/http'
+      require 'net/https'
+
+      url = URI.parse("#{self.url}/#{path}")
+
+      http = proxy_class.new(url.host, url.port)
+
+      if url.scheme == 'https'
+        http.use_ssl = true
+        http.verify_mode =
+          options[:ssl_verify_mode] || config.ssl_verify_mode || OpenSSL::SSL::VERIFY_PEER
+      end
+
+      # Because sometimes our gems are huge and our people are on vpns
+      http.read_timeout = 300
+
+      request_method =
+        case method
+        when :get
+          proxy_class::Get
+        when :post
+          proxy_class::Post
+        when :put
+          proxy_class::Put
+        when :delete
+          proxy_class::Delete
+        else
+          raise ArgumentError
+        end
+
+      request = request_method.new(url.path)
+      request.add_field 'User-Agent', 'Ruby' unless RUBY_VERSION =~ /^1.9/
+
+      yield request if block_given?
+
+      if Gem.configuration.verbose.to_s.to_i.positive?
+        warn "#{request.method} #{url}"
+        if config.authorization
+          warn 'use authorization'
+        else
+          warn 'no authorization'
+        end
+
+        warn "use proxy at #{http.proxy_address}:#{http.proxy_port}" if http.proxy_address
+      end
+
+      if Gem.configuration.verbose.to_s.to_i.positive?
+        say "http request to #{self.url}/#{path} for #{method}"
+      end
+      http.request(request)
+    end
+
+    def use_proxy!(url)
+      proxy_uri = http_proxy(url)
+      @proxy_class = Net::HTTP::Proxy(proxy_uri.host,
+                                      proxy_uri.port,
+                                      proxy_uri.user,
+                                      proxy_uri.password)
+    end
+
+    def proxy_class
+      @proxy_class || Net::HTTP
+    end
+
+    # @return [URI, nil] the HTTP-proxy as a URI if set; +nil+ otherwise
+    def http_proxy(url)
+      uri = begin
+        URI.parse(url)
+      rescue StandardError
+        nil
+      end
+      return nil if uri.nil?
+
+      no_proxy = ENV['no_proxy']
+      if (no_proxy || ENV['NO_PROXY']) && no_proxy.split(/, */).member?(uri.host)
+        # does not look on ip-adress ranges
+        return nil
+      end
+
+      key = uri.scheme == 'http' ? 'http_proxy' : 'https_proxy'
+      proxy = Gem.configuration[:http_proxy] || ENV[key] || ENV[key.upcase]
+      return nil if proxy.nil? || proxy == :no_proxy
+
+      URI.parse(proxy)
+    end
+
+    def ask_for_password(message)
+      system 'stty -echo'
+      password = ask(message)
+      system 'stty echo'
+      ui.say("\n")
+      password
+    end
+  end
+end

data/lib/commands/nexus.rb

@@ -0,0 +1,137 @@
+# frozen_string_literal: true
+
+module Gem
+  module Commands
+    class NexusCommand < Gem::AbstractCommand
+      def description
+        'Upload a gem up to Nexus server'
+      end
+
+      def arguments
+        'GEM       built gem to upload. some options do not require it.'
+      end
+
+      def usage
+        "#{program_name} GEM [GEM [...]]"
+      end
+
+      def list_repos
+        puts
+        config.repos.each do |k, v|
+          puts "#{k}: #{v}"
+        end
+        puts
+      end
+
+      private :list_repos
+
+      def initialize
+        super 'nexus', description
+        add_proxy_option
+
+        add_option('--all-repos',
+                   'list all configured repos with their respective urls.') do |value, options|
+          options[:nexus_all_repos] = value
+        end
+
+        add_option('--clear-all',
+                   'clears all credentials') do |value, options|
+          options[:nexus_clear_all] = value
+        end
+
+        add_option('--secrets FILE',
+                   'move the credentials to the given secrets file.') do |value, options|
+          options[:nexus_secrets] = File.expand_path(value)
+        end
+
+        add_option('--no-secrets',
+                   'move the credentials to the configuration file and delete the secrets file.') do |_value, options|
+          options[:nexus_secrets] = false
+        end
+
+        add_option('--[no-]prompt',
+                   'always prompt for the credentials. this is helpful to reset your username/password for a specific host.') do |value, options|
+          options[:nexus_prompt_all] = value
+        end
+
+        add_option('--[no-]encrypt',
+                   'encrypt/decrypt the credentials with a master password.') do |value, options|
+          options[:nexus_encrypt] = value
+        end
+      end
+
+      def execute
+        names = begin
+          get_all_gem_names
+        rescue StandardError
+          nil
+        end
+        if names && (!options[:nexus_all_repos].nil? ||
+          !options[:nexus_clear_all].nil? ||
+          !options[:nexus_prompt_all].nil? ||
+          !options[:nexus_encrypt].nil? ||
+          !options[:nexus_secrets].nil?)
+          warn "given gemfile(s) #{names.join(' ')} get ignored due to the options used"
+        end
+
+        if options[:nexus_all_repos]
+          list_repos
+        elsif options[:nexus_prompt_all]
+          if ask('setup nexus to always prompt username/passwords and delete all current credentials ? (y/N)') == 'y'
+            config.always_prompt
+          end
+        elsif options[:nexus_prompt_all] == false
+          say('setup nexus to store username/passwords')
+          config.clear_always_prompt
+        elsif options[:nexus_clear_all]
+          config.clear_credentials if ask('delete all current credentials ? (y/N)') == 'y'
+        elsif options[:nexus_encrypt]
+          prompt_encryption
+          config.encrypt_credentials
+        elsif options[:nexus_encrypt] == false
+          prompt_encryption
+          config.decrypt_credentials
+        elsif options[:nexus_secrets] == false
+          config.new_secrets(nil)
+        elsif options[:nexus_secrets]
+          config.new_secrets(options[:nexus_secrets])
+        else
+          setup
+          # if there is no gemname and no options which then fail with send_gem
+          send_gem
+        end
+      end
+
+      def send_gem
+        gems = get_all_gem_names
+
+        say "Uploading #{gems.size} gem#{'s' if gems.size != 1} to Nexus..."
+
+        gems.each do |path|
+          response = make_request(:put, "gems/#{File.basename(path)}") do |request|
+            request.body = Gem.read_binary(path)
+            request.add_field('Content-Length', request.body.size)
+            request.add_field('Content-Type', 'application/octet-stream')
+            request.add_field('Authorization', authorization.strip) if authorization
+          end
+
+          case response.code
+          when '400'
+            say 'something went wrong - maybe (re)deployment is not allowed'
+          when '401'
+            say 'Unauthorized'
+          when '500'
+            say 'something went wrong'
+          else
+            if Gem.configuration.verbose.to_s.to_i.positive?
+              say "body:\n\t`#{response.message}`\n"
+            end
+            say "#{response.message} #{path.split(%r{/}).last}"
+          end
+
+          exit 1 unless response.is_a? Net::HTTPSuccess
+        end
+      end
+    end
+  end
+end

data/lib/nexus/cipher.rb

@@ -0,0 +1,53 @@
+require 'openssl'
+require 'base64'
+
+module Nexus
+  class Cipher
+
+    def initialize(pass, token = nil)
+      @token = Base64.strict_decode64(token) if token
+      @token ||= OpenSSL::Random.random_bytes(32)
+
+      iter = 20_000
+      key_len = 32
+      @key = OpenSSL::PKCS5.pbkdf2_hmac_sha1(pass,
+                                             @token,
+                                             iter,
+                                             key_len)
+    end
+
+    def cipher
+      @cipher ||= OpenSSL::Cipher.new('aes-256-cbc')
+    end
+
+    private :cipher
+
+    def token
+      Base64.strict_encode64(@token)
+    end
+
+    def iv
+      Base64.strict_encode64(@iv) if @iv
+    end
+
+    def iv=(iv)
+      @iv = Base64.strict_decode64(iv)
+    end
+
+    def encrypt(data)
+      c = cipher
+      c.encrypt
+      c.key = @key
+      @iv = c.random_iv
+      Base64.strict_encode64(c.update(data) + c.final)
+    end
+
+    def decrypt(data)
+      c = cipher
+      c.decrypt
+      c.key = @key
+      c.iv = @iv
+      c.update(Base64.strict_decode64(data)) + c.final
+    end
+  end
+end

data/lib/nexus/config.rb

@@ -0,0 +1,195 @@
+# frozen_string_literal: true
+require 'nexus/cipher'
+require 'nexus/config_file'
+
+module Nexus
+  class Config
+
+    def self.default_file
+      File.join(Gem.user_home, '.gem', 'nexus')
+    end
+
+    def initialize(file = nil, repo = nil)
+      @repo = repo
+      @conf = ConfigFile.new(file || self.class.default_file)
+      @secr = ConfigFile.new(@conf[:secrets]) if @conf.key? :secrets
+    end
+
+    private
+
+    def encrypt_or_decrypt_credentials
+      map = config.all
+      yield map if map[:authorization]
+      map.each do |k, v|
+        yield v if v.is_a?(Hash) && v[:authorization]
+      end
+    end
+
+    def move_credentials(from, to)
+      keys = %i[secrets token iv authorization]
+      ([nil] + from.repos).each do |repo|
+        keys.each do |k|
+          to[k, repo] = from[k, repo]
+          from[k, repo] = nil
+        end
+      end
+    end
+
+    def config
+      @config ||= @secr || @conf
+    end
+
+    def key?(key)
+      config.key?(key, @repo)
+    end
+
+    def [](key)
+      config[key, @repo]
+    end
+
+    def []=(key, value)
+      config[key, @repo] = value
+    end
+
+    public
+
+    def encrypted?
+      config.key?(:token)
+    end
+
+    def password=(pass)
+      @cipher = Cipher.new(pass, config[:token])
+    end
+
+    def always_prompt?
+      @conf[:always_prompt]
+    end
+
+    def clear_always_prompt
+      @conf.delete(:always_prompt)
+      @conf.store
+    end
+
+    def clear_credentials(store = true)
+      secrets = @conf[:secrets]
+      if secrets && !config.key?(:token)
+        FileUtils.rm_f(secrets)
+        @map = @conf
+      else
+        config.delete :iv, :authorization
+      end
+      @conf.delete(:secrets)
+      @conf.store if store
+    end
+
+    def always_prompt
+      @conf[:always_prompt, nil] = true
+
+      config.delete(:token)
+
+      clear_credentials(false)
+
+      @conf.store
+    end
+
+    def decrypt_credentials
+      unless encrypted?
+        warn 'not encrypted - nothing to do'
+        return
+      end
+      encrypt_or_decrypt_credentials do |c|
+        @cipher.iv = c[:iv]
+        c[:authorization] = @cipher.decrypt(c[:authorization])
+        c.delete(:iv)
+      end
+      config.all.delete(:token)
+      config.store
+      @cipher = nil
+    end
+
+    def encrypt_credentials
+      if encrypted?
+        warn 'already encrypted - nothing to do'
+        return
+      end
+      encrypt_or_decrypt_credentials do |c|
+        c[:authorization] = @cipher.encrypt(c[:authorization])
+        c[:iv] = @cipher.iv
+      end
+      config.all[:token] = @cipher.token
+      config.store
+    end
+
+    def new_secrets(new)
+      old = @conf.all[:secrets]
+      FileUtils.mv(old, new) if old && new
+      @secr = ConfigFile.new(new) if new
+
+      if new.nil? && old
+        @conf.merge!(@secr)
+        FileUtils.rm_f(old)
+        @secr = nil
+      end
+
+      if old.nil? && new
+        move_credentials(@conf, @secr)
+
+        @secr.store
+      end
+
+      # store the new location
+      @conf[:secrets, nil] = new
+      @conf.store
+    end
+
+    def repos
+      result = @conf.section(:url)
+      url = result.delete(:url)
+      result['DEFAULT'] = url if url
+      result.each_key do |key|
+        result[key] = result[key][:url] if key != 'DEFAULT'
+      end
+      result
+    end
+
+    def authorization
+      auth = self[:authorization]
+      if @cipher && auth && self[:iv]
+        @cipher.iv = self[:iv]
+        @cipher.decrypt(auth)
+      elsif @cipher && auth
+        _authorization = auth
+      else
+        auth
+      end
+    end
+
+    def authorization=(auth)
+      if @cipher && auth
+        self[:authorization] = @cipher.encrypt(auth)
+        self[:iv] = @cipher.iv
+      else
+        self[:authorization] = auth
+      end
+      config.store
+      auth
+    end
+
+    def url
+      @conf[:url, @repo]
+    end
+
+    def url=(repo_url)
+      @conf[:url, @repo] = repo_url
+      @conf.store
+    end
+
+    def ssl_verify_mode
+      @conf[:ssl_verify_mode, @repo]
+    end
+
+    def to_s
+      config.file
+    end
+  end
+end