rahasia 0.0.2

data/lib/adapter/lockbox.rb

@@ -0,0 +1,20 @@
+# frozen_string_literal: true
+
+module Rahasia
+  module Adapter
+    # Adapter lockbox
+    class Lockbox
+      def self.encrypt(key:, value:)
+        lockbox = ::Lockbox.new(key: key)
+        string = lockbox.encrypt(value)
+        Base64.strict_encode64(string)
+      end
+
+      def self.decrypt(key:, value:)
+        lockbox = ::Lockbox.new(key: key)
+        chipertext = Base64.decode64(value)
+        lockbox.decrypt(chipertext)
+      end
+    end
+  end
+end

data/lib/adapter/vault.rb

@@ -0,0 +1,36 @@
+# frozen_string_literal: true
+
+# You may need to set the following environment variable:
+
+#     $ export VAULT_ADDR='http://127.0.0.1:8200'
+
+# The unseal key and root token are displayed below in case you want to
+# seal/unseal the Vault or re-authenticate.
+
+# Unseal Key: Rq8uhQeS7BgyMd/T3AeDA9wWGk9XHIlejTgZCSu8ug8=
+# Root Token: s.TaWtwLTczBiwd0w36fMkrO8i
+
+module Rahasia
+  module Adapter
+    # Adapter vault
+    class Vault
+      def self.encrypt(key:, value:)
+        unless ::Vault::Transit.sys.mounts.key? :transit
+          ::Vault::Transit.sys.mount('transit', :transit)
+        end
+        ::Vault::Transit.logical.write("transit/keys/#{key}")
+        ::Vault::Transit.enabled = true
+        ::Vault::Transit.encrypt(key, value)
+      end
+
+      def self.decrypt(key:, value:)
+        unless ::Vault::Transit.sys.mounts.key? :transit
+          ::Vault::Transit.sys.mount('transit', :transit)
+        end
+        ::Vault::Transit.logical.write("transit/keys/#{key}")
+        ::Vault::Transit.enabled = true
+        ::Vault::Transit.decrypt(key, value)
+      end
+    end
+  end
+end

data/lib/generators/rahasia/install_generator.rb

@@ -0,0 +1,23 @@
+# frozen_string_literal: true
+
+require 'rails/generators/base'
+
+#
+# Generate file init/rahasia.rb
+#
+module Rahasia
+  module Generators
+    # Extend Rails Base Generator
+    class InstallGenerator < Rails::Generators::Base
+      source_root File.join(__dir__, '../templates')
+
+      def copy_initializer
+        template 'rahasia.rb', 'config/initializers/rahasia.rb'
+      end
+
+      def show_readme
+        readme 'README' if behavior == :invoke
+      end
+    end
+  end
+end

data/lib/generators/rahasia/migration_generator.rb

@@ -0,0 +1,33 @@
+# frozen_string_literal: true
+
+require 'rails/generators'
+require 'rails/generators/rails/model/model_generator'
+require 'rails/generators/active_record/migration/migration_generator'
+
+#
+# Generate Encrypt Column using Rahasia generator
+#
+module Rahasia
+  module Generators
+    # Extend Rails Model Generator
+    class MigrationGenerator < Rails::Generators::ModelGenerator
+      include ActiveRecord::Generators::Migration
+
+      source_root File.join(__dir__, '../templates')
+
+      def copy_migration
+        suffix = attributes_names.join('_').first(13).to_s.presence || 'encrypt'
+        migration_template \
+          'migration.rb.tt',
+          "db/migrate/rahasia_#{table_name}#{suffix}.rb",
+          migration_version: migration_version
+      end
+
+      def migration_version
+        return if ActiveRecord::VERSION::MAJOR == 4
+
+        "[#{ActiveRecord::VERSION::MAJOR}.#{ActiveRecord::VERSION::MINOR}]"
+      end
+    end
+  end
+end

data/lib/generators/templates/README

@@ -0,0 +1,18 @@
+===============================================================================
+
+Depending on your application's configuration some manual setup may be required:
+
+  1. Ensure you have defined initializer/rahasia.rb. Here
+     is an example of adapter appropriate for a development environment
+     in config/environments/development.rb:
+
+       config.master_key = 'masterkey' # SecureRandom.hex(32)
+       config.adapter = 'lockbox' # available ['vault','lockbox']
+       config.vault = {host: 'http://localhost', token: 'token'}
+       config.vault_app = 'qontak'
+
+     * Required for all applications. *
+
+
+
+===============================================================================

data/lib/generators/templates/migration.rb.tt

@@ -0,0 +1,6 @@
+class <%= migration_class_name %> < ActiveRecord::Migration<%= migration_version %>
+  def change<% attributes_names.each do |t| %>
+    add_column :<%=table_name%>, :<%= t %>, :string
+    add_column :<%=table_name%>, :<%= t %>_encrypted, :text<% end %>
+  end
+end

data/lib/generators/templates/rahasia.rb.tt

@@ -0,0 +1,8 @@
+# frozen_string_literal: true
+
+Rahasia.setup do |config|
+  config.master_key = 'please-change-me-at-config-initializers-rahasia' # SecureRandom.hex(32)
+  config.adapter = 'lockbox' # available ['vault','lockbox']
+  config.vault_app = 'qontak'
+  config.vault = {address: 'http://localhost', ssl_verify: false, token: 'token'}
+end

data/lib/rahasia.rb

@@ -0,0 +1,107 @@
+# frozen_string_literal: true
+
+require 'active_support'
+
+require 'lockbox'
+require 'vault'
+require 'vault/transit'
+require 'adapter/lockbox'
+require 'adapter/vault'
+require 'rahasia/version'
+require 'rahasia/model'
+
+if defined?(ActiveSupport)
+  ActiveSupport.on_load(:active_record) do
+    extend Rahasia::Model
+  end
+end
+
+require 'generators/rahasia/migration_generator' if defined?(ActiveRecord)
+
+# Wrapper for encrypt and keep our credentials secret
+module Rahasia
+  def self.setup
+    yield self
+  end
+
+  # Masterkey
+  mattr_accessor :master_key
+  def self.master_key=(master_key)
+    @master_key = master_key
+  end
+
+  def self.master_key
+    @master_key ||
+      '0000000000000000000000000000000000000000000000000000000000000000'
+  end
+
+  # Rahasia key
+  mattr_accessor :rahasia_key
+  def self.rahasia_key=(key)
+    @rahasia_key = key
+  end
+
+  def self.rahasia_key
+    @rahasia_key =
+      if Rahasia.adapter == 'vault'
+        Rahasia.vault_app
+      else
+        Rahasia.master_key
+      end
+  end
+
+  # Adapter
+  mattr_accessor :adapter
+  def self.adapter=(adapter)
+    @adapter = adapter
+    @encryptor =
+      if adapter == 'vault'
+        Adapter::Vault
+      else
+        Adapter::Lockbox
+      end
+    adapter
+  end
+
+  def self.adapter
+    @adapter || null_adapter
+  end
+
+  # Encryptor
+  mattr_accessor :encryptor
+  def self.encryptor=(encryptor)
+    @encryptor = encryptor
+  end
+
+  def self.encryptor
+    @encryptor || null_encryptor
+  end
+
+  # Vault Setting
+  mattr_accessor :vault
+  def self.vault=(vault)
+    @vault = vault
+  end
+
+  def self.vault
+    @vault
+  end
+
+  # VaultApp Name KV Setting
+  mattr_accessor :vault_app
+  def self.vault_app=(vault_app)
+    @vault_app = vault_app
+  end
+
+  def self.vault_app
+    @vault_app
+  end
+
+  def self.null_adapter
+    'lockbox'
+  end
+
+  def self.null_encryptor
+    Adapter::Lockbox
+  end
+end

data/lib/rahasia/model.rb

@@ -0,0 +1,96 @@
+# frozen_string_literal: true
+
+module Rahasia
+  # Model for ActiveRecord extension
+  # https://github.com/ankane/lockbox/blob/80adc597b27172b5e420471db5888b8f962ad829/lib/lockbox/model.rb
+  module Model
+    def enrcypt_column(*attributes, **options)
+      unless [nil, :string].include?(options[:type])
+        raise ArgumentError, "UnknownType #{options[:type]}."
+      end
+
+      activerecord = defined?(ActiveRecord::Base) && self < ActiveRecord::Base
+      if options[:type] && !activerecord
+        raise ArgumentError, 'Type not supported yet with Mongoid'
+      end
+
+      define_attributes(attributes)
+    end
+
+    def default_string
+      "--encrypted:#{SecureRandom.hex(16)}---"
+    end
+
+    def define_attributes(attributes)
+      attributes.each do |name|
+        encrypted_attribute = "#{name}_encrypted"
+        decrypt_method_name = "decrypt_#{encrypted_attribute}"
+
+        define_decrypt_method_name(decrypt_method_name)
+        define_decrypt(name, encrypted_attribute, decrypt_method_name)
+        define_setter(name)
+      end
+    end
+
+    # ------------------------------------
+    # available column refresh_token, name
+    # ------------------------------------
+    # Credential < ActiveRecord
+    #   enrcypt_column :refresh_token
+    # end
+    #
+    #  available method
+    #   # decrypt_refresh_token_encrypted
+    #   # refresh_token_chipertext?
+    #   # refresh_token
+    #   # refresh_token=(string)
+    #   # refresh_token_encrypted
+    #
+    # refresh_token_encrypted
+    # token_encrypted
+    #
+    def define_decrypt_method_name(decrypt_method_name)
+      define_singleton_method decrypt_method_name do |encrypted, **_opts|
+        Rahasia.encryptor.decrypt(
+          key: Rahasia.rahasia_key,
+          value: encrypted
+        )
+      end
+    end
+
+    # refresh_token
+    # token
+    def define_decrypt(name, encrypted_attribute, decrypt_method_name)
+      define_method(name) do
+        message = super()
+        if self.class.not_encrypted?(message)
+          ciphertext = send(encrypted_attribute)
+          message =
+            self.class.send(decrypt_method_name, ciphertext, context: self)
+        end
+        message
+      end
+    end
+
+    # refresh_token=(string)
+    #  # refresh_token_encrypted
+    def define_setter(name)
+      define_method("#{name}=") do |val|
+        begin
+          val = val.presence || ''
+          str = Rahasia.encryptor.encrypt(key: Rahasia.rahasia_key, value: val)
+          send("#{name}_encrypted=", str)
+          super(self.class.default_string)
+        rescue ArgumentError => e
+          puts e
+        end
+      end
+    end
+
+    def not_encrypted?(message)
+      return false if message.nil?
+
+      message.match(/--encrypted:/) ? true : false
+    end
+  end
+end

data/lib/rahasia/version.rb

@@ -0,0 +1,5 @@
+# frozen_string_literal: true
+
+module Rahasia
+  VERSION = '0.0.2'
+end

data/rahasia.gemspec

@@ -0,0 +1,37 @@
+# frozen_string_literal: true
+
+lib = File.expand_path('lib', __dir__)
+$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
+require 'rahasia/version'
+
+Gem::Specification.new do |spec|
+  spec.name          = 'rahasia'
+  spec.version       = Rahasia::VERSION
+  spec.authors       = ['burhanudin hakim']
+  spec.email         = ['udnpico@gmail.com']
+
+  spec.summary       = 'Wrapper encryption gem'
+  spec.description   = 'Wrapper encryption gem'
+  spec.homepage      = 'https://github.com/qontak-dev/rahasia'
+  spec.license       = 'MIT'
+
+  if spec.respond_to?(:metadata)
+    spec.metadata['allowed_push_host'] = 'https://rubygems.org'
+  else
+    raise 'RubyGems 2.0 or newer is required to protect against ' \
+      'public gem pushes.'
+  end
+
+  spec.files = `git ls-files -z`.split("\x0").reject do |f|
+    f.match(%r{^(test|spec|features)/})
+  end
+  spec.bindir        = 'exe'
+  spec.executables   = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
+  spec.require_paths = ['lib']
+
+  spec.required_ruby_version = '>= 2.3.8'
+  spec.add_dependency 'activesupport'
+  spec.add_dependency 'lockbox', '~> 0.3.1'
+  spec.add_dependency 'vault', '~> 0.13.0'
+  spec.add_dependency 'vault-transit'
+end

metadata

@@ -0,0 +1,133 @@
+--- !ruby/object:Gem::Specification
+name: rahasia
+version: !ruby/object:Gem::Version
+  version: 0.0.2
+platform: ruby
+authors:
+- burhanudin hakim
+autorequire: 
+bindir: exe
+cert_chain: []
+date: 2020-02-15 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: activesupport
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: lockbox
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.3.1
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.3.1
+- !ruby/object:Gem::Dependency
+  name: vault
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.13.0
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.13.0
+- !ruby/object:Gem::Dependency
+  name: vault-transit
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+description: Wrapper encryption gem
+email:
+- udnpico@gmail.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- ".gitignore"
+- ".hound.yml"
+- ".rspec"
+- ".rubocop.yml"
+- ".travis.yml"
+- CODE_OF_CONDUCT.md
+- Gemfile
+- Gemfile.lock
+- LICENSE.txt
+- README.md
+- Rakefile
+- bin/console
+- bin/setup
+- config.ru
+- gemfiles/.bundle/config
+- gemfiles/rails_4.gemfile
+- gemfiles/rails_4.gemfile.lock
+- gemfiles/rails_5.gemfile
+- gemfiles/rails_5.gemfile.lock
+- gemfiles/rails_6.gemfile
+- gemfiles/rails_6.gemfile.lock
+- lib/adapter/lockbox.rb
+- lib/adapter/vault.rb
+- lib/generators/rahasia/install_generator.rb
+- lib/generators/rahasia/migration_generator.rb
+- lib/generators/templates/README
+- lib/generators/templates/migration.rb.tt
+- lib/generators/templates/rahasia.rb.tt
+- lib/rahasia.rb
+- lib/rahasia/model.rb
+- lib/rahasia/version.rb
+- rahasia.gemspec
+homepage: https://github.com/qontak-dev/rahasia
+licenses:
+- MIT
+metadata:
+  allowed_push_host: https://rubygems.org
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: 2.3.8
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.7.7
+signing_key: 
+specification_version: 4
+summary: Wrapper encryption gem
+test_files: []