ruby_event_store 0.37.0 → 0.38.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 4c759197c7079350367b3669fefa272cf9eee74c46cb084e73be1412f0fcfd53
-  data.tar.gz: ba5fa3e80f410e2d773217eb02985fa34157bf12b9dec933e77cb1ea2d9eaff0
+  metadata.gz: 7e2526ad20e1d86146a978c5de1c9171d772c323afa2b6d6dce9fdedfc972d45
+  data.tar.gz: 19ab66ae3e11671e774f00279cc9dd4273559b4efd88b7fd555b3f7af4ad882d
 SHA512:
-  metadata.gz: b10c08c3ec291f278d667f9768d20b912f69bdcc0e9c37162350e2017cb5462608ec95ae63a6bdbefccfd169916a2d930bc0ba000a0d2327c2b3804300d6f236
-  data.tar.gz: cd35806dfe6c323eec8c30c3e2ddef0146c694a620a4366f640aa0fa9a90f85f825f9cc8c9ed73f6e5bda6194339d254c197a1d1472be6442e018d8e82c55a36
+  metadata.gz: 3773bb45339a106e8c40871ed22004b0c23fded77f3d621a6bf6ede2df7c5881d47aaf2d5bc705a6e794d7829f522184ef89a8258f7be2db40223b680e2ac2fd
+  data.tar.gz: 1c8372486ef7f311ead954b4ee20409cb10b258ec0b023d3bdbdb2fbd2acd754b339a2e5d7e029427560be59f73b975ce60a8f5d6cf4515c98475fea726f0751

data/Makefile

@@ -4,7 +4,11 @@ REQUIRE     = $(GEM_NAME)
 IGNORE      = RubyEventStore::InMemoryRepository\#append_with_synchronize \
               RubyEventStore::Client::Within\#add_thread_subscribers \
               RubyEventStore::Client::Within\#add_thread_global_subscribers \
-              RubyEventStore::Client::Within\#call
+              RubyEventStore::Client::Within\#call \
+              RubyEventStore::Mappers::InMemoryEncryptionKeyRepository\#prepare_encrypt \
+              RubyEventStore::Mappers::EncryptionKey\#prepare_encrypt \
+              RubyEventStore::Mappers::EncryptionKey\#prepare_decrypt
+
 SUBJECT     ?= RubyEventStore*
 
 include ../lib/install.mk

data/lib/ruby_event_store.rb

@@ -19,6 +19,7 @@ require 'ruby_event_store/mappers/default'
 require 'ruby_event_store/mappers/protobuf'
 require 'ruby_event_store/mappers/null_mapper'
 require 'ruby_event_store/mappers/instrumented_mapper'
+require 'ruby_event_store/mappers/encryption_mapper'
 require 'ruby_event_store/batch_enumerator'
 require 'ruby_event_store/correlated_commands'
 require 'ruby_event_store/link_by_metadata'

data/lib/ruby_event_store/mappers/encryption_mapper.rb

@@ -0,0 +1,218 @@
+module RubyEventStore
+  module Mappers
+    class ForgottenData
+      FORGOTTEN_DATA = 'FORGOTTEN_DATA'.freeze
+
+      def initialize(string = FORGOTTEN_DATA)
+        @string = string
+      end
+
+      def to_s
+        @string
+      end
+
+      def ==(other)
+        @string == other
+      end
+
+      def method_missing(*)
+        self
+      end
+
+      def respond_to_missing?(*)
+        true
+      end
+    end
+
+    class InMemoryEncryptionKeyRepository
+      DEFAULT_CIPHER = 'aes-256-cbc'.freeze
+
+      def initialize
+        @keys = {}
+      end
+
+      def key_of(identifier, cipher: DEFAULT_CIPHER)
+        @keys[[identifier, cipher]]
+      end
+
+      def create(identifier, cipher: DEFAULT_CIPHER)
+        crypto = prepare_encrypt(cipher)
+        @keys[[identifier, cipher]] = EncryptionKey.new(cipher: cipher, key: crypto.random_key)
+      end
+
+      def forget(identifier)
+        @keys = @keys.reject { |(id, _)| id.eql?(identifier) }
+      end
+
+      private
+
+      def prepare_encrypt(cipher)
+        crypto = OpenSSL::Cipher.new(cipher)
+        crypto.encrypt
+        crypto
+      end
+    end
+
+    class EncryptionKey
+      def initialize(cipher:, key:)
+        @cipher = cipher
+        @key    = key
+      end
+
+      def encrypt(message, iv)
+        crypto     = prepare_encrypt(cipher)
+        crypto.iv  = iv
+        crypto.key = key
+        crypto.update(message) + crypto.final
+      end
+
+      def decrypt(message, iv)
+        crypto     = prepare_decrypt(cipher)
+        crypto.iv  = iv
+        crypto.key = key
+        crypto.update(message) + crypto.final
+      end
+
+      def random_iv
+        crypto = prepare_encrypt(cipher)
+        crypto.random_iv
+      end
+
+      attr_reader :cipher, :key
+
+      private
+
+      def prepare_encrypt(cipher)
+        crypto = OpenSSL::Cipher.new(cipher)
+        crypto.encrypt
+        crypto
+      end
+
+      def prepare_decrypt(cipher)
+        crypto = OpenSSL::Cipher.new(cipher)
+        crypto.decrypt
+        crypto
+      end
+    end
+
+    class MissingEncryptionKey < StandardError
+      def initialize(key_identifier)
+        super %Q|Could not find encryption key for '#{key_identifier}'|
+      end
+    end
+
+    class EncryptionMapper
+      class Leaf
+        def self.===(hash)
+          hash.keys.sort.eql? %i(cipher identifier iv)
+        end
+      end
+      private_constant :Leaf
+
+      def initialize(key_repository, serializer: YAML, forgotten_data: ForgottenData.new)
+        @key_repository = key_repository
+        @serializer     = serializer
+        @forgotten_data = forgotten_data
+      end
+
+      def event_to_serialized_record(domain_event)
+        metadata              = domain_event.metadata.to_h
+        crypto_description    = encryption_metadata(domain_event.data, encryption_schema(domain_event))
+        metadata[:encryption] = crypto_description unless crypto_description.empty?
+
+        SerializedRecord.new(
+          event_id: domain_event.event_id,
+          metadata: serializer.dump(metadata),
+          data: serializer.dump(encrypt_data(deep_dup(domain_event.data), crypto_description)),
+          event_type: domain_event.class.to_s
+        )
+      end
+
+      def serialized_record_to_event(record)
+        metadata           = serializer.load(record.metadata)
+        crypto_description = Hash(metadata.delete(:encryption))
+
+        Object.const_get(record.event_type).new(
+          event_id: record.event_id,
+          data: decrypt_data(serializer.load(record.data), crypto_description),
+          metadata: metadata,
+        )
+      end
+
+      private
+      attr_reader :key_repository, :serializer, :forgotten_data
+
+      def encryption_schema(event)
+        event.class.respond_to?(:encryption_schema) ? event.class.encryption_schema : {}
+      end
+
+      def deep_dup(hash)
+        duplicate = hash.dup
+        duplicate.each do |k, v|
+          duplicate[k] = v.instance_of?(Hash) ? deep_dup(v) : v
+        end
+        duplicate
+      end
+
+      def encryption_metadata(data, schema)
+        schema.inject({}) do |acc, (key, value)|
+          case value
+          when Hash
+            acc[key] = encryption_metadata(data, value)
+          when Proc
+            key_identifier = value.call(data)
+            encryption_key = key_repository.key_of(key_identifier) or raise MissingEncryptionKey.new(key_identifier)
+            acc[key] = {
+              cipher: encryption_key.cipher,
+              iv: encryption_key.random_iv,
+              identifier: key_identifier,
+            }
+          end
+          acc
+        end
+      end
+
+      def encrypt_data(data, meta)
+        meta.reduce(data) do |acc, (key, value)|
+          acc[key] = encrypt_attribute(acc, key, value)
+          acc
+        end
+      end
+
+      def decrypt_data(data, meta)
+        meta.reduce(data) do |acc, (key, value)|
+          acc[key] = decrypt_attribute(data, key, value)
+          acc
+        end
+      end
+
+      def encrypt_attribute(data, attribute, meta)
+        case meta
+        when Leaf
+          value = data.fetch(attribute)
+          return unless value
+
+          encryption_key = key_repository.key_of(meta.fetch(:identifier))
+          encryption_key.encrypt(serializer.dump(value), meta.fetch(:iv))
+        when Hash
+          encrypt_data(data.fetch(attribute), meta)
+        end
+      end
+
+      def decrypt_attribute(data, attribute, meta)
+        case meta
+        when Leaf
+          cryptogram = data.fetch(attribute)
+          return unless cryptogram
+
+          encryption_key = key_repository.key_of(meta.fetch(:identifier), cipher: meta.fetch(:cipher)) or return forgotten_data
+          serializer.load(encryption_key.decrypt(cryptogram, meta.fetch(:iv)))
+        when Hash
+          decrypt_data(data.fetch(attribute), meta)
+        end
+      rescue OpenSSL::Cipher::CipherError
+        forgotten_data
+      end
+    end
+  end
+end

data/lib/ruby_event_store/mappers/null_mapper.rb

@@ -1,7 +1,6 @@
 module RubyEventStore
   module Mappers
     class NullMapper
-
       def event_to_serialized_record(domain_event)
         domain_event
       end

data/lib/ruby_event_store/version.rb

@@ -1,3 +1,3 @@
 module RubyEventStore
-  VERSION = "0.37.0"
+  VERSION = "0.38.0"
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: ruby_event_store
 version: !ruby/object:Gem::Version
-  version: 0.37.0
+  version: 0.38.0
 platform: ruby
 authors:
 - Arkency
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2019-03-05 00:00:00.000000000 Z
+date: 2019-03-08 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: concurrent-ruby
@@ -50,6 +50,7 @@ files:
 - lib/ruby_event_store/instrumented_repository.rb
 - lib/ruby_event_store/link_by_metadata.rb
 - lib/ruby_event_store/mappers/default.rb
+- lib/ruby_event_store/mappers/encryption_mapper.rb
 - lib/ruby_event_store/mappers/instrumented_mapper.rb
 - lib/ruby_event_store/mappers/null_mapper.rb
 - lib/ruby_event_store/mappers/protobuf.rb
@@ -95,8 +96,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubyforge_project: 
-rubygems_version: 2.7.6
+rubygems_version: 3.0.2
 signing_key: 
 specification_version: 4
 summary: Event Store in Ruby