onboardbase 1.0.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: b06da9457180637a621c7bb90cea5717e2290d23f42d64241e7632fd9e98a32b
+  data.tar.gz: 964d051e732645c0176ade32486eeb3bf53ef81b472c0933b721822652ec7504
+SHA512:
+  metadata.gz: ccf1384fdd1a642a950347f3545d2cb757b0ef9d0b7d8102788b421febe3d9c25eaf242af1a710e04223789e28de690d1d00f319b89e152a823e1898ccc0c5a1
+  data.tar.gz: 1338c5e937270ad6dd67af4d928fe8f35958397fb5d11cfd59570f73486b1b91ee405542440d7772bcad791533049549e45609962a37eba6f33d5acac5a2f9aa

data/Gemfile

@@ -0,0 +1,2 @@
+source 'https://rubygems.org'
+gemspec

data/lib/AES.rb

@@ -0,0 +1,30 @@
+require 'base64'
+require 'digest'
+require 'openssl'
+
+module AESCrypt
+  def AESCrypt.encrypt(password, iv, cleardata)
+    cipher = OpenSSL::Cipher.new('AES-256-CBC')
+    cipher.encrypt  # set cipher to be encryption mode
+    cipher.key = password
+    cipher.iv  = iv
+    encrypted = ''
+    encrypted << cipher.update(cleardata)
+    encrypted << cipher.final
+    AESCrypt.b64enc(encrypted)
+  end
+
+  def AESCrypt.decrypt(password, iv, secretdata)
+    secretdata = Base64::decode64(secretdata)
+    decipher = OpenSSL::Cipher::Cipher.new('aes-256-cbc')
+    decipher.decrypt
+    decipher.key = password
+    decipher.iv = iv if iv != nil
+    decipher.update(secretdata) + decipher.final
+  end
+
+  def AESCrypt.b64enc(data)
+    Base64.encode64(data).gsub(/\n/, '')
+  end
+
+end

data/lib/onboardbase/version.rb

@@ -0,0 +1,3 @@
+module Onboardbase
+  VERSION = '1.0.0'
+end

data/lib/onboardbase.rb

@@ -0,0 +1,268 @@
+require 'yaml'
+require 'httparty'
+require 'json'
+require 'gibberish'
+require 'digest/md5'
+require 'AES'
+require 'machineid'
+
+module Onboardbase
+  class << self
+    attr_accessor :env, :is_dev
+
+    def is_dev
+      @is_dev.nil? ? false : @is_dev
+    end
+
+    def env
+      @env.nil?
+    end
+
+
+    def encrypt(password, iv, cleardata)
+      cipher = OpenSSL::Cipher.new('AES-256-CBC')
+      cipher.encrypt  # set cipher to be encryption mode
+      cipher.key = password
+      cipher.iv  = iv
+      encrypted = ''
+      encrypted << cipher.update(cleardata)
+      encrypted << cipher.final
+      b64enc(encrypted)
+    end
+
+    def decrypt(password, iv, secretdata)
+      secretdata = Base64::decode64(secretdata)
+      decipher = OpenSSL::Cipher::Cipher.new('aes-256-cbc')
+      decipher.decrypt
+      decipher.key = password
+      decipher.iv = iv if iv != nil
+      decipher.update(secretdata) + decipher.final
+    end
+
+    def b64enc(data)
+      Base64.encode64(data).gsub(/\n/, '')
+    end
+
+    def apiURL
+      return "https://devapi.onboardbase.com/graphql" if self.is_dev
+      "https://api.onboardbase.com/graphql"
+    end
+
+    def configuration
+      @configuration ||= {}
+    end
+    def initialize
+      super
+    end
+
+    def config
+      yield self
+    end
+
+    def getWorkingDirectory
+        Dir.pwd
+    end
+
+    def getOnboardbaseDir
+      "#{Dir.home}/.onboardbase"
+    end
+
+    def getFallbackDir
+      "#{self.getOnboardbaseDir}/fallback"
+    end
+
+
+    def getProjectFallbackDir
+      project = self.configuration['setup']['project']
+      "#{self.getFallbackDir}/#{project}"
+    end
+
+    def getEnvironmentFallbackDir
+      environment = self.configuration['setup']['environment']
+      "#{self.getProjectFallbackDir}_#{environment}"
+    end
+
+    def config_exists?(directory)
+      return File.exist?(directory)
+    end
+
+
+    def loadConfig
+      configPath = self.getWorkingDirectory + '/onboardbase.yaml'
+      unless self.config_exists?(configPath)
+        puts "Please create onboardbase.yaml in the root of the project at: " + configPath
+        exit 1
+      end
+      config = YAML.load_file(configPath)
+      if (config['api_key'] == nil)
+        puts "Your onboardbase.yaml file does not have an api_key"
+        exit 1
+      end
+
+      if (config['passcode'] == nil)
+        puts "Your onboardbase.yaml file does not have a passcode"
+        exit 1
+      end
+      @configuration = config
+    end
+
+    def makeRequest
+      url = self.apiURL
+      headers = {
+        KEY: self.configuration['api_key'],
+      }
+        body = {
+          query: %{
+            query {
+              generalPublicProjects(filterOptions: { title: "#{self .configuration['setup']['project']}", disableCustomSelect: true }) {
+                list {
+                  id
+                  title
+                  publicEnvironments(filterOptions: { title: "#{self .configuration['setup']['environment']}" }) {
+                    list {
+                      id
+                      key
+                      title
+                    }
+                  }
+                }
+              }
+            }
+          }
+        }
+      response = HTTParty.post(url, headers: headers, body: body)
+      JSON.parse(response.body)
+    end
+
+    def parseResponse?(response)
+      error = response["errors"]
+      data = response["data"]
+      return data["generalPublicProjects"] if error == nil
+      {:error=> true, :message => error[0]["message"] }
+    end
+
+    def getProject?(data)
+      project = data["list"][0]
+      return project if project != nil
+      false
+    end
+
+
+    def getSecrets?(project)
+      env = project["publicEnvironments"]["list"][0]
+      return JSON.parse(env["key"]) if env != nil
+      false
+    end
+
+    def bytes_to_key(data, salt, output=48)
+      merged = data + salt
+      key = Digest::MD5.digest(merged)
+      final_key = key
+      while final_key.length < output
+        key = Digest::MD5.digest(key + merged)
+        final_key =  final_key + key
+      end
+      final_key[0..output-1]
+    end
+
+    def aes256_cbc_decrypt(key, data, iv)
+      key = Digest::SHA256.digest(key) if(key.kind_of?(String) && 32 != key.bytesize)
+      iv = Digest::MD5.digest(iv) if(iv.kind_of?(String) && 16 != iv.bytesize)
+      aes = OpenSSL::Cipher.new('AES-256-CBC')
+      aes.decrypt
+      aes.key = key
+      aes.iv = iv
+      aes.update(data) + aes.final
+    end
+
+    def parseSecrets(secrets)
+        secrets.each_with_index do |secret, i|
+          secret = Base64.decode64(secret)
+          unless secret[0..7] == 'Salted__'
+            puts "Invalid encrypted data"
+            exit(1)
+          end
+          salt = secret[8..15]
+          key_iv = bytes_to_key(self.configuration["passcode"], salt, 48)
+          key = key_iv[0..31]
+          iv = key_iv[32..]
+          parsedSecret = aes256_cbc_decrypt(key, secret[16..], iv)
+          secrets[i] = JSON.parse(parsedSecret)
+        end
+        secrets
+    end
+
+    def setEnv(secretsHash)
+      secretsHash.keys.sort.each do |key|
+        ENV["#{key}"] = "#{secretsHash[key]}"
+      end
+      # Overried local secrets
+      configSecrets = self.configuration["secrets"]
+      unless configSecrets
+        configSecrets = { "local" => {} }
+      end
+      configSecrets["local"].keys.sort.each do |key|
+        ENV["#{key}"] = "#{configSecrets["local"][key]}"
+      end
+      ENV.to_hash
+    end
+
+    def hashSecrets?(secretsArr)
+      secretsHash = Hash.new
+      secretsArr.each do |secret|
+        secretsHash["#{secret["key"]}"] = "#{secret["value"]}"
+      end
+      secretsHash
+    end
+
+    def storeToFallback?(secrets)
+      unless File.directory?(self.getOnboardbaseDir)
+        Dir.new(self.getOnboardbaseDir)
+      end
+      unless File.directory?(self.getFallbackDir)
+        Dir.new(self.getFallbackDir)
+      end
+      password = MachineID.ID?
+      cipher = Gibberish::AES::CBC.new(password)
+      cipher_text = cipher.encrypt(JSON.generate(secrets))
+      data = cipher_text
+      File.write(self.getEnvironmentFallbackDir, data, nil , mode: 'w')
+    end
+
+
+    def readFallback
+      unless File.directory?(self.getOnboardbaseDir)
+        Dir.new(self.getOnboardbaseDir)
+      end
+      unless File.directory?(self.getFallbackDir)
+        Dir.new(self.getFallbackDir)
+      end
+
+      if !File.exist?(self.getEnvironmentFallbackDir) || File.read(self.getEnvironmentFallbackDir).length <= 0
+        puts "No valid fallback for #{self .configuration['setup']['project']} project using #{self .configuration['setup']['environment']} environment"
+        return JSON.parse("{}") # Graceful failure, ensure the application continues to run without secrets.
+      end
+      data  = File.read(self.getEnvironmentFallbackDir)
+      password = MachineID.ID?
+      cipher = Gibberish::AES::CBC.new(password)
+      decoded_data = cipher.decrypt(data)
+      JSON.parse(decoded_data)
+    end
+
+    def loadSecrets
+      self.loadConfig
+      response = self.parseResponse?(self.makeRequest)
+      if response[:error]
+        puts "Unable to fetch secrets with the specified api key, reading from fallback file"
+        secrets = self.readFallback
+      else
+        project = self.getProject?(response)
+        projectSecrets = self.getSecrets?(project)
+        parsedSecrets = self.parseSecrets(projectSecrets)
+        secrets = self.hashSecrets?(parsedSecrets)
+      end
+      finalEnvs = self.setEnv(secrets)
+      self.storeToFallback?(finalEnvs)
+    end
+  end
+end

data/onboardbase.gemspec

@@ -0,0 +1,29 @@
+require File.expand_path('lib/onboardbase/version', __dir__)
+
+Gem::Specification.new do |spec|
+  spec.name = 'onboardbase'
+  spec.version = Onboardbase::VERSION
+  spec.authors = ['Onboardbase']
+  spec.email = ['admin@treadie.com']
+  spec.description = "Access onboardbase secrets in your Ruby projects"
+  spec.summary = "Use Onboardbase in your Ruby projects"
+  spec.homepage= 'https://github.com/Onboardbase/onboardbase-ruby'
+  spec.license = 'MIT'
+  spec.platform = Gem::Platform::RUBY
+  spec.required_ruby_version = '>= 2.5.0'
+
+  spec.files = Dir['README.md', 'LICENSE', 'CHANGELOG.md', 'lib/**/*.rb', 'lib/**/*.rake', 'onboardbase.gemspec', '.github/*.md', 'Gemfile', 'Rakefile']
+
+  spec.extra_rdoc_files = ['README.md']
+
+  spec.add_dependency 'rubyzip', '~> 2.3'
+  spec.add_dependency 'http', '~> 5.0.4'
+  spec.add_dependency 'httparty', '~> 0.20.0'
+  spec.add_dependency 'aes', '~> 0.5.1'
+  spec.add_dependency 'machineid', '~> 1.0.0'
+  spec.add_dependency 'gibberish', '~> 2.1.1'
+
+  spec.add_development_dependency 'rubocop', '~> 0.60'
+  spec.add_development_dependency 'rubocop-performance', '~> 1.5'
+  spec.add_development_dependency 'rubocop-rspec', '~> 1.37'
+end

metadata

@@ -0,0 +1,178 @@
+--- !ruby/object:Gem::Specification
+name: onboardbase
+version: !ruby/object:Gem::Version
+  version: 1.0.0
+platform: ruby
+authors:
+- Onboardbase
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2022-02-17 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: rubyzip
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.3'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.3'
+- !ruby/object:Gem::Dependency
+  name: http
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 5.0.4
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 5.0.4
+- !ruby/object:Gem::Dependency
+  name: httparty
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.20.0
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.20.0
+- !ruby/object:Gem::Dependency
+  name: aes
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.5.1
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.5.1
+- !ruby/object:Gem::Dependency
+  name: machineid
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 1.0.0
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 1.0.0
+- !ruby/object:Gem::Dependency
+  name: gibberish
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 2.1.1
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 2.1.1
+- !ruby/object:Gem::Dependency
+  name: rubocop
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.60'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.60'
+- !ruby/object:Gem::Dependency
+  name: rubocop-performance
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.5'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.5'
+- !ruby/object:Gem::Dependency
+  name: rubocop-rspec
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.37'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.37'
+description: Access onboardbase secrets in your Ruby projects
+email:
+- admin@treadie.com
+executables: []
+extensions: []
+extra_rdoc_files:
+- README.md
+files:
+- CHANGELOG.md
+- Gemfile
+- README.md
+- Rakefile
+- lib/AES.rb
+- lib/onboardbase.rb
+- lib/onboardbase/version.rb
+- onboardbase.gemspec
+homepage: https://github.com/Onboardbase/onboardbase-ruby
+licenses:
+- MIT
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: 2.5.0
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubygems_version: 3.0.3.1
+signing_key: 
+specification_version: 4
+summary: Use Onboardbase in your Ruby projects
+test_files: []