RubyGems - onboardbase - Versions diffs - 1.0.0 - Mend

onboardbase 1.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (10) hide show

checksums.yaml ADDED Viewed

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: b06da9457180637a621c7bb90cea5717e2290d23f42d64241e7632fd9e98a32b
+  data.tar.gz: 964d051e732645c0176ade32486eeb3bf53ef81b472c0933b721822652ec7504
+SHA512:
+  metadata.gz: ccf1384fdd1a642a950347f3545d2cb757b0ef9d0b7d8102788b421febe3d9c25eaf242af1a710e04223789e28de690d1d00f319b89e152a823e1898ccc0c5a1
+  data.tar.gz: 1338c5e937270ad6dd67af4d928fe8f35958397fb5d11cfd59570f73486b1b91ee405542440d7772bcad791533049549e45609962a37eba6f33d5acac5a2f9aa

data/CHANGELOG.md ADDED Viewed

File without changes

data/Gemfile ADDED Viewed

	@@ -0,0 +1,2 @@
1	+ source 'https://rubygems.org'
2	+ gemspec

data/README.md ADDED Viewed

File without changes

data/Rakefile ADDED Viewed

File without changes

data/lib/AES.rb ADDED Viewed

@@ -0,0 +1,30 @@
+require 'base64'
+require 'digest'
+require 'openssl'
+module AESCrypt
+  def AESCrypt.encrypt(password, iv, cleardata)
+    cipher = OpenSSL::Cipher.new('AES-256-CBC')
+    cipher.encrypt  # set cipher to be encryption mode
+    cipher.key = password
+    cipher.iv  = iv
+    encrypted = ''
+    encrypted << cipher.update(cleardata)
+    encrypted << cipher.final
+    AESCrypt.b64enc(encrypted)
+  end
+  def AESCrypt.decrypt(password, iv, secretdata)
+    secretdata = Base64::decode64(secretdata)
+    decipher = OpenSSL::Cipher::Cipher.new('aes-256-cbc')
+    decipher.decrypt
+    decipher.key = password
+    decipher.iv = iv if iv != nil
+    decipher.update(secretdata) + decipher.final
+  end
+  def AESCrypt.b64enc(data)
+    Base64.encode64(data).gsub(/\n/, '')
+  end
+end

data/lib/onboardbase/version.rb ADDED Viewed

@@ -0,0 +1,3 @@
+module Onboardbase
+  VERSION = '1.0.0'
+end

data/lib/onboardbase.rb ADDED Viewed

@@ -0,0 +1,268 @@
+require 'yaml'
+require 'httparty'
+require 'json'
+require 'gibberish'
+require 'digest/md5'
+require 'AES'
+require 'machineid'
+module Onboardbase
+  class << self
+    attr_accessor :env, :is_dev
+    def is_dev
+      @is_dev.nil? ? false : @is_dev
+    end
+    def env
+      @env.nil?
+    end
+    def encrypt(password, iv, cleardata)
+      cipher = OpenSSL::Cipher.new('AES-256-CBC')
+      cipher.encrypt  # set cipher to be encryption mode
+      cipher.key = password
+      cipher.iv  = iv
+      encrypted = ''
+      encrypted << cipher.update(cleardata)
+      encrypted << cipher.final
+      b64enc(encrypted)
+    end
+    def decrypt(password, iv, secretdata)
+      secretdata = Base64::decode64(secretdata)
+      decipher = OpenSSL::Cipher::Cipher.new('aes-256-cbc')
+      decipher.decrypt
+      decipher.key = password
+      decipher.iv = iv if iv != nil
+      decipher.update(secretdata) + decipher.final
+    end
+    def b64enc(data)
+      Base64.encode64(data).gsub(/\n/, '')
+    end
+    def apiURL
+      return "https://devapi.onboardbase.com/graphql" if self.is_dev
+      "https://api.onboardbase.com/graphql"
+    end
+    def configuration
+      @configuration ||= {}
+    end
+    def initialize
+      super
+    end
+    def config
+      yield self
+    end
+    def getWorkingDirectory
+        Dir.pwd
+    end
+    def getOnboardbaseDir
+      "#{Dir.home}/.onboardbase"
+    end
+    def getFallbackDir
+      "#{self.getOnboardbaseDir}/fallback"
+    end
+    def getProjectFallbackDir
+      project = self.configuration['setup']['project']
+      "#{self.getFallbackDir}/#{project}"
+    end
+    def getEnvironmentFallbackDir
+      environment = self.configuration['setup']['environment']
+      "#{self.getProjectFallbackDir}_#{environment}"
+    end
+    def config_exists?(directory)
+      return File.exist?(directory)
+    end
+    def loadConfig
+      configPath = self.getWorkingDirectory + '/onboardbase.yaml'
+      unless self.config_exists?(configPath)
+        puts "Please create onboardbase.yaml in the root of the project at: " + configPath
+        exit 1
+      end
+      config = YAML.load_file(configPath)
+      if (config['api_key'] == nil)
+        puts "Your onboardbase.yaml file does not have an api_key"
+        exit 1
+      end
+      if (config['passcode'] == nil)
+        puts "Your onboardbase.yaml file does not have a passcode"
+        exit 1
+      end
+      @configuration = config
+    end
+    def makeRequest
+      url = self.apiURL
+      headers = {
+        KEY: self.configuration['api_key'],
+      }
+        body = {
+          query: %{
+            query {
+              generalPublicProjects(filterOptions: { title: "#{self .configuration['setup']['project']}", disableCustomSelect: true }) {
+                list {
+                  id
+                  title
+                  publicEnvironments(filterOptions: { title: "#{self .configuration['setup']['environment']}" }) {
+                    list {
+                      id
+                      key
+                      title
+                    }
+                  }
+                }
+              }
+            }
+          }
+        }
+      response = HTTParty.post(url, headers: headers, body: body)
+      JSON.parse(response.body)
+    end
+    def parseResponse?(response)
+      error = response["errors"]
+      data = response["data"]
+      return data["generalPublicProjects"] if error == nil
+      {:error=> true, :message => error[0]["message"] }
+    end
+    def getProject?(data)
+      project = data["list"][0]
+      return project if project != nil
+      false
+    end
+    def getSecrets?(project)
+      env = project["publicEnvironments"]["list"][0]
+      return JSON.parse(env["key"]) if env != nil
+      false
+    end
+    def bytes_to_key(data, salt, output=48)
+      merged = data + salt
+      key = Digest::MD5.digest(merged)
+      final_key = key
+      while final_key.length < output
+        key = Digest::MD5.digest(key + merged)
+        final_key =  final_key + key
+      end
+      final_key[0..output-1]
+    end
+    def aes256_cbc_decrypt(key, data, iv)
+      key = Digest::SHA256.digest(key) if(key.kind_of?(String) && 32 != key.bytesize)
+      iv = Digest::MD5.digest(iv) if(iv.kind_of?(String) && 16 != iv.bytesize)
+      aes = OpenSSL::Cipher.new('AES-256-CBC')
+      aes.decrypt
+      aes.key = key
+      aes.iv = iv
+      aes.update(data) + aes.final
+    end
+    def parseSecrets(secrets)
+        secrets.each_with_index do |secret, i|
+          secret = Base64.decode64(secret)
+          unless secret[0..7] == 'Salted__'
+            puts "Invalid encrypted data"
+            exit(1)
+          end
+          salt = secret[8..15]
+          key_iv = bytes_to_key(self.configuration["passcode"], salt, 48)
+          key = key_iv[0..31]
+          iv = key_iv[32..]
+          parsedSecret = aes256_cbc_decrypt(key, secret[16..], iv)
+          secrets[i] = JSON.parse(parsedSecret)
+        end
+        secrets
+    end
+    def setEnv(secretsHash)
+      secretsHash.keys.sort.each do |key|
+        ENV["#{key}"] = "#{secretsHash[key]}"
+      end
+      # Overried local secrets
+      configSecrets = self.configuration["secrets"]
+      unless configSecrets
+        configSecrets = { "local" => {} }
+      end
+      configSecrets["local"].keys.sort.each do |key|
+        ENV["#{key}"] = "#{configSecrets["local"][key]}"
+      end
+      ENV.to_hash
+    end
+    def hashSecrets?(secretsArr)
+      secretsHash = Hash.new
+      secretsArr.each do |secret|
+        secretsHash["#{secret["key"]}"] = "#{secret["value"]}"
+      end
+      secretsHash
+    end
+    def storeToFallback?(secrets)
+      unless File.directory?(self.getOnboardbaseDir)
+        Dir.new(self.getOnboardbaseDir)
+      end
+      unless File.directory?(self.getFallbackDir)
+        Dir.new(self.getFallbackDir)
+      end
+      password = MachineID.ID?
+      cipher = Gibberish::AES::CBC.new(password)
+      cipher_text = cipher.encrypt(JSON.generate(secrets))
+      data = cipher_text
+      File.write(self.getEnvironmentFallbackDir, data, nil , mode: 'w')
+    end
+    def readFallback
+      unless File.directory?(self.getOnboardbaseDir)
+        Dir.new(self.getOnboardbaseDir)
+      end
+      unless File.directory?(self.getFallbackDir)
+        Dir.new(self.getFallbackDir)
+      end
+      if !File.exist?(self.getEnvironmentFallbackDir) || File.read(self.getEnvironmentFallbackDir).length <= 0
+        puts "No valid fallback for #{self .configuration['setup']['project']} project using #{self .configuration['setup']['environment']} environment"
+        return JSON.parse("{}") # Graceful failure, ensure the application continues to run without secrets.
+      end
+      data  = File.read(self.getEnvironmentFallbackDir)
+      password = MachineID.ID?
+      cipher = Gibberish::AES::CBC.new(password)
+      decoded_data = cipher.decrypt(data)
+      JSON.parse(decoded_data)
+    end
+    def loadSecrets
+      self.loadConfig
+      response = self.parseResponse?(self.makeRequest)
+      if response[:error]
+        puts "Unable to fetch secrets with the specified api key, reading from fallback file"
+        secrets = self.readFallback
+      else
+        project = self.getProject?(response)
+        projectSecrets = self.getSecrets?(project)
+        parsedSecrets = self.parseSecrets(projectSecrets)
+        secrets = self.hashSecrets?(parsedSecrets)
+      end
+      finalEnvs = self.setEnv(secrets)
+      self.storeToFallback?(finalEnvs)
+    end
+  end
+end

data/onboardbase.gemspec ADDED Viewed

@@ -0,0 +1,29 @@
+require File.expand_path('lib/onboardbase/version', __dir__)
+Gem::Specification.new do |spec|
+  spec.name = 'onboardbase'
+  spec.version = Onboardbase::VERSION
+  spec.authors = ['Onboardbase']
+  spec.email = ['admin@treadie.com']
+  spec.description = "Access onboardbase secrets in your Ruby projects"
+  spec.summary = "Use Onboardbase in your Ruby projects"
+  spec.homepage= 'https://github.com/Onboardbase/onboardbase-ruby'
+  spec.license = 'MIT'
+  spec.platform = Gem::Platform::RUBY
+  spec.required_ruby_version = '>= 2.5.0'
+  spec.files = Dir['README.md', 'LICENSE', 'CHANGELOG.md', 'lib/**/*.rb', 'lib/**/*.rake', 'onboardbase.gemspec', '.github/*.md', 'Gemfile', 'Rakefile']
+  spec.extra_rdoc_files = ['README.md']
+  spec.add_dependency 'rubyzip', '~> 2.3'
+  spec.add_dependency 'http', '~> 5.0.4'
+  spec.add_dependency 'httparty', '~> 0.20.0'
+  spec.add_dependency 'aes', '~> 0.5.1'
+  spec.add_dependency 'machineid', '~> 1.0.0'
+  spec.add_dependency 'gibberish', '~> 2.1.1'
+  spec.add_development_dependency 'rubocop', '~> 0.60'
+  spec.add_development_dependency 'rubocop-performance', '~> 1.5'
+  spec.add_development_dependency 'rubocop-rspec', '~> 1.37'
+end

metadata ADDED Viewed

@@ -0,0 +1,178 @@
+--- !ruby/object:Gem::Specification
+name: onboardbase
+version: !ruby/object:Gem::Version
+  version: 1.0.0
+platform: ruby
+authors:
+- Onboardbase
+autorequire:
+bindir: bin
+cert_chain: []
+date: 2022-02-17 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: rubyzip
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.3'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.3'
+- !ruby/object:Gem::Dependency
+  name: http
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 5.0.4
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 5.0.4
+- !ruby/object:Gem::Dependency
+  name: httparty
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.20.0
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.20.0
+- !ruby/object:Gem::Dependency
+  name: aes
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.5.1
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.5.1
+- !ruby/object:Gem::Dependency
+  name: machineid
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 1.0.0
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 1.0.0
+- !ruby/object:Gem::Dependency
+  name: gibberish
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 2.1.1
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 2.1.1
+- !ruby/object:Gem::Dependency
+  name: rubocop
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.60'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.60'
+- !ruby/object:Gem::Dependency
+  name: rubocop-performance
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.5'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.5'
+- !ruby/object:Gem::Dependency
+  name: rubocop-rspec
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.37'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.37'
+description: Access onboardbase secrets in your Ruby projects
+email:
+- admin@treadie.com
+executables: []
+extensions: []
+extra_rdoc_files:
+- README.md
+files:
+- CHANGELOG.md
+- Gemfile
+- README.md
+- Rakefile
+- lib/AES.rb
+- lib/onboardbase.rb
+- lib/onboardbase/version.rb
+- onboardbase.gemspec
+homepage: https://github.com/Onboardbase/onboardbase-ruby
+licenses:
+- MIT
+metadata: {}
+post_install_message:
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: 2.5.0
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubygems_version: 3.0.3.1
+signing_key:
+specification_version: 4
+summary: Use Onboardbase in your Ruby projects
+test_files: []