pgcrypto 0.0.4 → 0.1.0

data/CHANGES

@@ -1,12 +1,21 @@
+0.1.0
+	* Overhauled the underpinnings to rely on a separate column. Adds
+	  on-demand loading of encrypted attributes from a central table
+	  which provides dramatic speed improvements when a record's
+	  encrypted attributes aren't needed most of the time.
+
+0.0.4
+	* Compatibility fix between ActiveRecord 3.2.1 and 3.2.2
+
 0.0.3
 	* Fixed a join bug on SELECT statements
 
 0.0.2
-	* Fixed a number of key-related bugs discovered in testing with our
-		second production app with encrypted columns. Also duck-typed AREL
-		statement types in a few places.
+  * Fixed a number of key-related bugs discovered in testing with our
+    second production app with encrypted columns. Also duck-typed AREL
+    statement types in a few places.
 
 0.0.1
-	* INSERT, SELECT, and UPDATE statements are working. But I wrote this
-	  while testing with a production app, and thus haven't written
+  * INSERT, SELECT, and UPDATE statements are working. But I wrote this
+    while testing with a production app, and thus haven't written
     specific tests, so don't get your panties in a twist.

data/Gemfile

@@ -0,0 +1 @@
+gem 'activerecord', '>= 3.2'

data/README.markdown

@@ -17,18 +17,16 @@ You need to have PGCrypto installed before this guy will work. [LMGTFY](http://l
 	
 		bundle
 
-3. Now point it to your public and private GPG keys:
+3. Generate the migration and the initializer:
+
+		rails g pgcrypto:install
+		rake db:migrate
+
+4. Edit the initializer in `config/initializers/pgcrypto.rb` to point out your public and private GPG keys:
 	
 		PGCrypto.keys[:private] = {:path => "~/.keys/private.key"}
 		PGCrypto.keys[:public] = {:path => "~/.keys/public.key"}
 
-4. PGCrypto columns are named `attribute_encrypted` in the binary format, so do something like this:
-		
-		add_column :users, :social_security_number_encrypted, :binary
-		
-	This will allow you to access `User#social_security_number` and store the user's social in an encrypted
-	column called `social_security_number_encryped`.
-
 5. Tell the User class to encrypt and decrypt the `social_security_number` attribute on the fly:
 		
 		class User < ActiveRecord::Base

data/VERSION

@@ -1 +1 @@
-0.0.4
+0.1.0

data/lib/generators/pgcrypto/install/USAGE

@@ -0,0 +1,9 @@
+Description:
+    Generates the PGCrypto installation migration and key configuration files
+
+Example:
+    rails generate pgcrypto:install
+
+    This will create:
+        config/initializers/pgcrypto.rb
+        db/migrate/XXXXXX_install_pgcrypto.rb

data/lib/generators/pgcrypto/install/install_generator.rb

@@ -0,0 +1,21 @@
+require 'rails/generators/migration'
+require 'rails/generators/active_record/migration'
+
+module Pgcrypto
+  module Generators
+    class InstallGenerator < Rails::Generators::Base
+      include Rails::Generators::Migration
+      extend ActiveRecord::Generators::Migration
+
+      source_root File.expand_path('../templates', __FILE__)
+
+      def copy_migration
+        migration_template("migration.rb", "db/migrate/install_pgcrypto")
+      end
+
+      def create_initializer
+        copy_file("initializer.rb", "config/initializers/pgcrypto.rb")
+      end
+    end
+  end
+end

data/lib/generators/pgcrypto/install/templates/initializer.rb

@@ -0,0 +1,9 @@
+# Uncomment the line below and point it to your private key
+# PGCrypto.keys[:private] = {:path => 'path/to/private/keyfile'}
+
+# You can also specify the file contents directly:
+# PGCrypto.keys[:private] = ENV['PRIVATE_KEY']
+
+# You can also specify custom keys:
+# PGCrypto.keys[:message_columns] = {:path => 'path/to/message_columns/keyfile'}
+# PGCrypto.keys[:user_columns] = {:path => 'path/to/user_columns/keyfile'}

data/lib/generators/pgcrypto/install/templates/migration.rb

@@ -0,0 +1,14 @@
+class InstallPgcrypto < ActiveRecord::Migration
+  def up
+    create_table :pgcrypto_columns do |t|
+      t.belongs_to :owner, :polymorphic => true
+      t.string :name, :limit => 64
+      t.binary :value
+    end
+    add_index :pgcrypto_columns, [:owner_id, :owner_type, :name], :name => :pgcrypto_column_finder
+  end
+
+  def down
+    drop_table :pgcrypto_columns
+  end
+end

data/lib/pgcrypto.rb

@@ -1,5 +1,6 @@
 require 'pgcrypto/active_record'
 require 'pgcrypto/arel'
+require 'pgcrypto/column'
 require 'pgcrypto/key'
 require 'pgcrypto/table_manager'
 
@@ -17,40 +18,77 @@ module PGCrypto
   class Error < StandardError; end
 
   module ClassMethods
-    def pgcrypto(*column_names)
+    def pgcrypto(*pgcrypto_column_names)
+      options = pgcrypto_column_names.last.is_a?(Hash) ? pgcrypto_column_names.pop : {}
+      options = {:include => false, :type => :pgp}.merge(options)
 
-      options = column_names.last.is_a?(Hash) ? column_names.pop : {}
-      options = {:type => :pgp}.merge(options)
-
-      column_names.map(&:to_s).each do |column_name|
-        encrypted_column_name = "#{column_name}_encrypted"
-        unless columns_hash[encrypted_column_name]
-          puts "WARNING: You defined #{column_name} as an encrypted column, but you don't have a corresponding #{encrypted_column_name} column in your database!"
-        end
+      has_many :pgcrypto_columns, :as => :owner, :autosave => true, :class_name => 'PGCrypto::Column', :dependent => :delete_all
 
+      pgcrypto_column_names.map(&:to_s).each do |column_name|
         # Stash the encryption type in our module so various monkeypatches can access it later!
-        PGCrypto[table_name][encrypted_column_name] = options.symbolize_keys!
+        PGCrypto[table_name][column_name] = options.symbolize_keys
 
         # Add attribute readers/writers to keep this baby as fluid and clean as possible.
-        class_eval <<-encrypted_attribute_writer
+        start_line = __LINE__; pgcrypto_methods = <<-PGCRYPTO_METHODS
         def #{column_name}
-          @attributes["#{column_name}"]
+          return @_pgcrypto_#{column_name}.try(:value) if defined?(@_pgcrypto_#{column_name})
+          @_pgcrypto_#{column_name} ||= select_pgcrypto_column(:#{column_name})
+          @_pgcrypto_#{column_name}.try(:value)
         end
 
-        # We write the attribute twice - once as the alias so the accessor keeps working, and once
-        # so the actual attribute value is dirty and will be queued up for assignment
+        # We write the attribute directly to its child value. Neato!
         def #{column_name}=(value)
-          @attributes["#{column_name}"] = value
-          write_attribute(:#{encrypted_column_name}, value)
+          if value.nil?
+            pgcrypto_columns.where(:name => "#{column_name}").mark_for_destruction
+            remove_instance_variable("@_pgcrypto_#{column_name}") if defined?(@_pgcrypto_#{column_name})
+          else
+            @_pgcrypto_#{column_name} ||= pgcrypto_columns.select{|column| column.name == "#{column_name}"}.first || pgcrypto_columns.new(:name => "#{column_name}")
+            @_pgcrypto_#{column_name}.value = value
+          end
         end
-        encrypted_attribute_writer
-        # Did you notice how I was all, "clean as possible" before I fucked w/AR's internal
-        # instance variables rather than use the API? *Hilarious.*
+        PGCRYPTO_METHODS
+
+        class_eval pgcrypto_methods, __FILE__, start_line
+      end
+
+      # If any columns are set to be included in the parent record's finder,
+      # we'll go ahead and add 'em!
+      if PGCrypto[table_name].any?{|column, options| options[:include] }
+        default_scope includes(:pgcrypto_columns)
+      end
+    end
+  end
+
+  module InstanceMethods
+    def select_pgcrypto_column(column_name)
+      # Now here's the fun part. We want the selector on PGCrypto columns to do the decryption
+      # for us, so we have override the SELECT and add a JOIN to build out the decrypted value
+      # whenever it's requested.
+      options = PGCrypto[self.class.table_name][column_name]
+      pgcrypto_column_finder = pgcrypto_columns
+      if key = PGCrypto.keys[options[:private_key] || :private]
+        pgcrypto_column_finder = pgcrypto_column_finder.select([
+          '"pgcrypto_columns"."id"',
+          %[pgp_pub_decrypt("pgcrypto_columns"."value", pgcrypto_keys.#{key.name}_key#{", '#{key.password}'" if key.password}) AS "value"]
+        ]).joins(%[CROSS JOIN (SELECT #{key.dearmored} AS "#{key.name}_key") AS pgcrypto_keys])
+      end
+      pgcrypto_column_finder.where(:name => column_name).first
+    rescue ActiveRecord::StatementInvalid => e
+      case e.message
+      when /^PGError: ERROR:  Wrong key or corrupt data/
+        # If a column has been corrupted, we'll return nil and let the DBA
+        # figure out WTF the is going on
+        logger.error(e.message.split("\n").first)
+        nil
+      else
+        raise e
       end
     end
   end
 end
 
 PGCrypto.keys[:public] = {:path => '.pgcrypto'} if File.file?('.pgcrypto')
-
-ActiveRecord::Base.extend PGCrypto::ClassMethods if defined? ActiveRecord::Base
+if defined? ActiveRecord::Base
+  ActiveRecord::Base.extend PGCrypto::ClassMethods
+  ActiveRecord::Base.send :include, PGCrypto::InstanceMethods
+end

data/lib/pgcrypto/active_record.rb

@@ -1,26 +1,30 @@
 require 'active_record/connection_adapters/postgresql_adapter'
 
 ActiveRecord::ConnectionAdapters::PostgreSQLAdapter.class_eval do
-  alias :original_to_sql :to_sql
+  unless instance_methods.include?(:to_sql_without_pgcrypto) || instance_methods.include?('to_sql_without_pgcrypto')
+    alias :to_sql_without_pgcrypto :to_sql
+  end
+
   def to_sql(arel, *args)
     case arel
     when Arel::InsertManager
-      pgcrypto_tweak_insert(arel)
-    when Arel::SelectManager
-      pgcrypto_tweak_select(arel)
+      pgcrypto_tweak_insert(arel, *args)
     when Arel::UpdateManager
       pgcrypto_tweak_update(arel)
     end
-    original_to_sql(arel, *args)
+    to_sql_without_pgcrypto(arel, *args)
   end
 
   private
-  def pgcrypto_tweak_insert(arel)
-    table = arel.ast.relation.name
-    unless PGCrypto[table].empty?
+  def pgcrypto_tweak_insert(arel, *args)
+    if arel.ast.relation.name == PGCrypto::Column.table_name && (binds = args.last).is_a?(Array)
       arel.ast.columns.each_with_index do |column, i|
-        if options = PGCrypto[table][column.name]
-          if key = PGCrypto.keys[options[:public_key] || :public]
+        if column.name == 'value'
+          model_column, model_class_name = binds.select {|column, value| column.name == 'owner_type' }.first
+          model_class = Object.const_get(model_class_name)
+          column_column, model_column_name = binds.select {|column, value| column.name == 'name' }.first
+          options = PGCrypto[model_class.table_name][model_column_name]
+          if options && key = PGCrypto.keys[options[:public_key] || :public]
             value = arel.ast.values.expressions[i]
             quoted_value = quote_string(value)
             encryption_instruction = %[pgp_pub_encrypt(#{quoted_value}, #{key.dearmored})]
@@ -31,73 +35,18 @@ ActiveRecord::ConnectionAdapters::PostgreSQLAdapter.class_eval do
     end
   end
 
-  def pgcrypto_tweak_select(arel)
-    # We start by looping through each "core," which is just
-    # a SelectStatement, and tweaking both *what* it's selecting
-    # and correcting plain-text queries against an encrypted
-    # column...
-    joins = {}
-    arel.ast.cores.each do |core|
-      # Now we loop through each SelectStatement's actual selction -
-      # typically it's just '*'; and, in fact, that one of the only
-      # things we care about!
-      new_projections = []
-      core.projections.each do |projection|
-        next unless projection.respond_to?(:relation)
-        # The one other situation we might care about is if the projection is
-        # selecting a specifically encrypted column, in which case, we want to
-        # _wrap_ it. See how that's different?
-        if !PGCrypto[projection.relation.name].empty?
-          # Okay, so first, check if it's a broad select
-          if projection.name == '*'
-            # In this case, we want to just grab all the keys from columns in this table
-            # and select them fancy-like
-            PGCrypto[projection.relation.name].each do |column, options|
-              new_projections.push(pgcrypto_tweak_select_column(column, options, joins))
-            end
-          elsif options = PGCrypto[projection.relation.name][projection.name]
-            # And in this case, we're just selecting a single column!
-            new_projections.push(pgcrypto_tweak_select_column(projection.name, options, joins))
-          end
-        end
-      end
-      core.projections.push(*new_projections.compact)
-
-      # Dios mio! What an operation! Now we'll do something similar for the WHERE statements
-      core.wheres.each do |where|
-        # Now loop through the children to encrypt them for the SELECT
-        where.children.each do |child|
-          if options = PGCrypto[child.left.relation.name]["#{child.left.name}_encrypted"]
-            if key = PGCrypto.keys[options[:private_key] || :private]
-              joins[key.name] ||= "#{key.dearmored} AS #{key.name}_key"
-              child.left = Arel::Nodes::SqlLiteral.new("pgp_pub_decrypt(#{child.left.name}_encrypted, keys.#{key.name}_key)")
-            end
-          end
-        end if where.respond_to?(:children)
-      end
-    end
-    unless joins.empty?
-      arel.join(Arel::Nodes::SqlLiteral.new("CROSS JOIN (SELECT #{joins.values.join(', ')}) AS keys"))
-    end
-  end
-
-  def pgcrypto_tweak_select_column(column, options, joins)
-    return nil unless options[:type] == :pgp
-    if key = PGCrypto.keys[options[:private_key] || :private]
-      select = %[pgp_pub_decrypt(#{column}, keys.#{key.name}_key#{", '#{key.password}'" if key.password}) AS "#{column.to_s.gsub(/_encrypted$/, '')}"]
-      joins[key.name] ||= "#{key.dearmored} AS #{key.name}_key"
-      Arel::Nodes::SqlLiteral.new(select)
-    end
-  end
-
   def pgcrypto_tweak_update(arel)
-    # Loop through the assignments and make sure we take care of that whole
-    # NULL value thing!
-    arel.ast.values.each do |value|
-      if value.respond_to?(:left) && options = PGCrypto[value.left.relation.name][value.left.name]
-        if value.right.nil?
-          value.right = Arel::Nodes::SqlLiteral.new('NULL')
-        elsif key = PGCrypto.keys[options[:public_key] || :public]
+    if arel.ast.relation.name == PGCrypto::Column.table_name
+      # Loop through the assignments and make sure we take care of that whole
+      # NULL value thing!
+      value = arel.ast.values.select{|value| value.respond_to?(:left) && value.left.name == 'value' }.first
+      id = arel.ast.wheres.map { |where| where.children.select { |child| child.left.name == 'id' }.first }.first.right
+      if value.right.nil?
+        value.right = Arel::Nodes::SqlLiteral.new('NULL')
+      else column = PGCrypto::Column.select([:id, :owner_id, :owner_type, :name]).find(id)
+        model_class = Object.const_get(column.owner_type)
+        options = PGCrypto[model_class.table_name][column.name]
+        if key = PGCrypto.keys[options[:public_key] || :public]
           quoted_right = quote_string(value.right)
           encryption_instruction = %[pgp_pub_encrypt('#{quoted_right}', #{key.dearmored})]
           value.right = Arel::Nodes::SqlLiteral.new(encryption_instruction)

data/lib/pgcrypto/arel.rb

@@ -8,15 +8,17 @@ require 'arel/visitors/postgresql'
 # more specific bits here!
 
 Arel::Visitors::PostgreSQL.class_eval do
-  alias :original_visit_Arel_Nodes_Assignment :visit_Arel_Nodes_Assignment
+  unless instance_methods.include?(:visit_Arel_Nodes_Assignment_without_pgcrypto) || instance_methods.include?('visit_Arel_Nodes_Assignment_without_pgcrypto')
+    alias :visit_Arel_Nodes_Assignment_without_pgcrypto :visit_Arel_Nodes_Assignment
+  end
+
   def visit_Arel_Nodes_Assignment(assignment)
     # Hijack the normally inoccuous assignment that happens, seeing as how
     # Arel normally forwards this shit to someone else and I hate it. 
-    if PGCrypto[assignment.left.relation.name][assignment.left.name]
-      # raise "#{visit(assignment.left)} = #{visit(assignment.right)}"
+    if assignment.left.relation.name == PGCrypto::Column.table_name && assignment.left.name == 'value'
       "#{visit(assignment.left)} = #{visit(assignment.right)}"
     else
-      original_visit_Arel_Nodes_Assignment(assignment)
+      visit_Arel_Nodes_Assignment_without_pgcrypto(assignment)
     end
   end
 end

data/lib/pgcrypto/column.rb

@@ -0,0 +1,6 @@
+module PGCrypto
+  class Column < ActiveRecord::Base
+    self.table_name = 'pgcrypto_columns'
+    belongs_to :owner, :autosave => false, :inverse_of => :pgcrypto_columns, :polymorphic => true
+  end
+end

data/pgcrypto.gemspec

@@ -5,11 +5,11 @@
 
 Gem::Specification.new do |s|
   s.name = "pgcrypto"
-  s.version = "0.0.4"
+  s.version = "0.1.0"
 
   s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
   s.authors = ["Flip Sasser"]
-  s.date = "2012-03-02"
+  s.date = "2012-03-28"
   s.description = "\n      PGCrypto is an ActiveRecord::Base extension that allows you to asymmetrically\n      encrypt PostgreSQL columns with as little trouble as possible. It's totally\n      freaking rad.\n    "
   s.email = "flip@x451.com"
   s.extra_rdoc_files = [
@@ -19,13 +19,19 @@ Gem::Specification.new do |s|
   s.files = [
     ".rspec",
     "CHANGES",
+    "Gemfile",
     "LICENSE",
     "README.markdown",
     "Rakefile",
     "VERSION",
+    "lib/generators/pgcrypto/install/USAGE",
+    "lib/generators/pgcrypto/install/install_generator.rb",
+    "lib/generators/pgcrypto/install/templates/initializer.rb",
+    "lib/generators/pgcrypto/install/templates/migration.rb",
     "lib/pgcrypto.rb",
     "lib/pgcrypto/active_record.rb",
     "lib/pgcrypto/arel.rb",
+    "lib/pgcrypto/column.rb",
     "lib/pgcrypto/key.rb",
     "lib/pgcrypto/table_manager.rb",
     "pgcrypto.gemspec"
@@ -39,9 +45,12 @@ Gem::Specification.new do |s|
     s.specification_version = 3
 
     if Gem::Version.new(Gem::VERSION) >= Gem::Version.new('1.2.0') then
+      s.add_runtime_dependency(%q<activerecord>, [">= 3.2"])
     else
+      s.add_dependency(%q<activerecord>, [">= 3.2"])
     end
   else
+    s.add_dependency(%q<activerecord>, [">= 3.2"])
   end
 end
 

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: pgcrypto
 version: !ruby/object:Gem::Version
-  version: 0.0.4
+  version: 0.1.0
   prerelease: 
 platform: ruby
 authors:
@@ -9,8 +9,19 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2012-03-02 00:00:00.000000000 Z
-dependencies: []
+date: 2012-03-28 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: activerecord
+  requirement: &70130059262260 !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '3.2'
+  type: :runtime
+  prerelease: false
+  version_requirements: *70130059262260
 description: ! "\n      PGCrypto is an ActiveRecord::Base extension that allows you
   to asymmetrically\n      encrypt PostgreSQL columns with as little trouble as possible.
   It's totally\n      freaking rad.\n    "
@@ -23,13 +34,19 @@ extra_rdoc_files:
 files:
 - .rspec
 - CHANGES
+- Gemfile
 - LICENSE
 - README.markdown
 - Rakefile
 - VERSION
+- lib/generators/pgcrypto/install/USAGE
+- lib/generators/pgcrypto/install/install_generator.rb
+- lib/generators/pgcrypto/install/templates/initializer.rb
+- lib/generators/pgcrypto/install/templates/migration.rb
 - lib/pgcrypto.rb
 - lib/pgcrypto/active_record.rb
 - lib/pgcrypto/arel.rb
+- lib/pgcrypto/column.rb
 - lib/pgcrypto/key.rb
 - lib/pgcrypto/table_manager.rb
 - pgcrypto.gemspec