standard-file 0.1.2 → 0.1.3

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 876c9c726c38da76cf6cd5d55ce1dedac5890d91
-  data.tar.gz: a523ca9e95aac6e104a6199f16d2ab2fd0ad41f2
+  metadata.gz: a59d62786a05ab1ca7d8c9b0c3b6bda41405a9aa
+  data.tar.gz: 69dfd3ecc8d0cf67afd0c0d1e2ef6395b16489df
 SHA512:
-  metadata.gz: a57bfbe1a79fd96bc15bd19305041d606133f9ecc87bc252f52889edd7e2a74d95215fe0ca31e798c48e85108cffc2e1e450e177460213647edb2cfdd143bf28
-  data.tar.gz: 3cb2dd80edba92b32365f26ca17156db02208c20bddf0a2bf0f9629466f52e7494ee03e90e27b4f45fac7da0885f959956ee0b9d2ed923dc1742a9ed6747f20c
+  metadata.gz: b3738a096e0f49552c0f1afea404bc849d96d2141eaf2aebc5db7b6c15d59508c7e9b6bbf82b7d7259b8f5e9b1622b5da5275cadadab980804fdb559968e4b4c
+  data.tar.gz: c585d6b12c4b92cb02ed14a08ded3b15762b9f39e96e8299009036aa0e27357f5bc132f4658d488a30240a7beda3518af71a582a51f090a5750d9960d88ee92b

data/MIT-LICENSE

@@ -0,0 +1,20 @@
+Copyright 2017 
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.md

@@ -0,0 +1,28 @@
+# StandardFile
+Short description and motivation.
+
+## Usage
+How to use my plugin.
+
+## Installation
+Add this line to your application's Gemfile:
+
+```ruby
+gem 'standard_file'
+```
+
+And then execute:
+```bash
+$ bundle
+```
+
+Or install it yourself as:
+```bash
+$ gem install standard_file
+```
+
+## Contributing
+Contribution directions go here.
+
+## License
+The gem is available as open source under the terms of the [MIT License](http://opensource.org/licenses/MIT).

data/Rakefile

@@ -0,0 +1,37 @@
+begin
+  require 'bundler/setup'
+rescue LoadError
+  puts 'You must `gem install bundler` and `bundle install` to run rake tasks'
+end
+
+require 'rdoc/task'
+
+RDoc::Task.new(:rdoc) do |rdoc|
+  rdoc.rdoc_dir = 'rdoc'
+  rdoc.title    = 'StandardFile'
+  rdoc.options << '--line-numbers'
+  rdoc.rdoc_files.include('README.md')
+  rdoc.rdoc_files.include('lib/**/*.rb')
+end
+
+APP_RAKEFILE = File.expand_path("../test/dummy/Rakefile", __FILE__)
+load 'rails/tasks/engine.rake'
+
+
+load 'rails/tasks/statistics.rake'
+
+
+
+require 'bundler/gem_tasks'
+
+require 'rake/testtask'
+
+Rake::TestTask.new(:test) do |t|
+  t.libs << 'lib'
+  t.libs << 'test'
+  t.pattern = 'test/**/*_test.rb'
+  t.verbose = false
+end
+
+
+task default: :test

data/lib/standard_file/engine.rb

@@ -0,0 +1,6 @@
+module StandardFile
+  class Engine < ::Rails::Engine
+    isolate_namespace StandardFile
+    engine_name 'standard_file'    
+  end
+end

data/lib/standard_file/jwt_helper.rb

@@ -0,0 +1,17 @@
+module StandardFile
+  module JwtHelper
+    require "jwt"
+
+    def self.encode(payload)
+      JWT.encode(payload, Rails.application.secrets.secret_key_base, 'HS256')
+    end
+
+    def self.decode(token)
+      return HashWithIndifferentAccess.new(JWT.decode(token, Rails.application.secrets.secret_key_base, true, { :algorithm => 'HS256' })[0])
+    rescue => exception
+      puts exception
+      nil
+    end
+  end
+
+end

data/lib/standard_file/sync_manager.rb

@@ -0,0 +1,162 @@
+module StandardFile
+  class SyncManager
+
+    attr_accessor :sync_fields
+
+    def initialize(user)
+      @user = user
+      raise "User must be set" unless @user
+    end
+
+    def set_sync_fields(val)
+      @sync_fields = val
+    end
+
+    def sync_fields
+      return @sync_fields || [:content, :enc_item_key, :content_type, :auth_hash, :deleted, :created_at]
+    end
+
+    def sync(item_hashes, options)
+      in_sync_token = options[:sync_token]
+      in_cursor_token = options[:cursor_token]
+      limit = options[:limit]
+
+      retrieved_items, cursor_token = _sync_get(in_sync_token, in_cursor_token, limit).to_a
+      last_updated = DateTime.now
+      saved_items, unsaved = _sync_save(item_hashes)
+      if saved_items.length > 0
+        last_updated = saved_items.sort_by{|m| m.updated_at}.last.updated_at
+      end
+
+      # manage conflicts
+      saved_ids = saved_items.map{|x| x.uuid }
+      retrieved_ids = retrieved_items.map{|x| x.uuid }
+      conflicts = saved_ids & retrieved_ids # & is the intersection
+      # saved items take precedence, retrieved items are duplicated with a new uuid
+      conflicts.each do |conflicted_uuid|
+        # if changes are greater than 60 seconds apart, create conflicted copy, otherwise discard conflicted
+        saved = saved_items.find{|i| i.uuid == conflicted_uuid}
+        conflicted = retrieved_items.find{|i| i.uuid == conflicted_uuid}
+        if (saved.updated_at - conflicted.updated_at).abs > 60
+          puts "\n\n\n Creating conflicted copy of #{saved.uuid}\n\n\n"
+          dup = conflicted.dup
+          dup.user = conflicted.user
+          dup.save
+          retrieved_items.push(dup)
+        end
+        retrieved_items.delete(conflicted)
+      end
+
+      sync_token = sync_token_from_datetime(last_updated)
+      return {
+        :retrieved_items => retrieved_items,
+        :saved_items => saved_items,
+        :unsaved => unsaved,
+        :sync_token => sync_token,
+        :cursor_token => cursor_token
+      }
+    end
+
+    def destroy_items(uuids)
+      items = @user.items.where(uuid: uuids)
+      items.destroy_all
+    end
+
+
+    private
+
+    def sync_token_from_datetime(datetime)
+      version = 1
+      Base64.encode64("#{version}:" + "#{datetime.to_i}")
+    end
+
+    def datetime_from_sync_token(sync_token)
+      decoded = Base64.decode64(sync_token)
+      parts = decoded.rpartition(":")
+      timestamp_string = parts.last
+      date = DateTime.strptime(timestamp_string,'%s')
+      return date
+    end
+
+    def _sync_save(item_hashes)
+      if !item_hashes
+        return [], []
+      end
+      saved_items = []
+      unsaved = []
+
+      item_hashes.each do |item_hash|
+        begin
+          item = @user.items.find_or_create_by(:uuid => item_hash[:uuid])
+        rescue => error
+          unsaved.push({
+            :item => item_hash,
+            :error => {:message => error.message, :tag => "uuid_conflict"}
+            })
+          next
+        end
+
+        item.update(item_hash.permit(*permitted_params))
+        # we want to force update the updated_at field, even if no changes were made
+        # item.touch
+
+        if item.deleted == true
+          set_deleted(item)
+          item.save
+        end
+
+        saved_items.push(item)
+      end
+
+      return saved_items, unsaved
+    end
+
+    def _sync_get(sync_token, input_cursor_token, limit)
+      cursor_token = nil
+      if limit == nil
+        limit = 100000
+      end
+
+      # if both are present, cursor_token takes precendence as that would eventually return all results
+      # the distinction between getting results for a cursor and a sync token is that cursor results use a
+      # >= comparison, while a sync token uses a > comparison. The reason for this is that cursor tokens are
+      # typically used for initial syncs or imports, where a bunch of notes could have the exact same updated_at
+      # by using >=, we don't miss those results on a subsequent call with a cursor token
+      if input_cursor_token
+        date = datetime_from_sync_token(input_cursor_token)
+        items = @user.items.order(:updated_at).where("updated_at >= ?", date)
+      elsif sync_token
+        date = datetime_from_sync_token(sync_token)
+        items = @user.items.order(:updated_at).where("updated_at > ?", date)
+      else
+        items = @user.items.order(:updated_at)
+      end
+
+      items = items.sort_by{|m| m.updated_at}
+
+      if items.count > limit
+        items = items.slice(0, limit)
+        date = items.last.updated_at
+        cursor_token = sync_token_from_datetime(date)
+      end
+
+      return items, cursor_token
+    end
+
+    def set_deleted(item)
+      item.deleted = true
+      item.content = nil if item.has_attribute?(:content)
+      item.enc_item_key = nil if item.has_attribute?(:enc_item_key)
+      item.auth_hash = nil if item.has_attribute?(:auth_hash)
+    end
+
+    def item_params
+      params.permit(*permitted_params)
+    end
+
+    def permitted_params
+      sync_fields
+    end
+
+  end
+end

data/lib/standard_file/user_manager.rb

@@ -0,0 +1,70 @@
+module StandardFile
+  class UserManager
+
+    def initialize(user_class, salt_psuedo_nonce)
+      @user_class = user_class
+      @salt_psuedo_nonce = salt_psuedo_nonce
+    end
+
+    def sign_in(email, password)
+      user = @user_class.find_by_email(email)
+      if user and test_password(password, user.encrypted_password)
+        return { user: user, token: jwt(user) }
+      else
+        return {:error => {:message => "Invalid email or password.", :status => 401}}
+      end
+    end
+
+    def register(email, password, params)
+      user = @user_class.find_by_email(email)
+      if user
+        return {:error => {:message => "Unable to register.", :status => 401}}
+      else
+        user = @user_class.new(:email => email, :encrypted_password => hash_password(password))
+        user.update!(registration_params(params))
+        return { user: user, token: jwt(user) }
+      end
+    end
+
+    def change_pw(user, password, params)
+      user.encrypted_password = hash_password(password)
+      user.update!(registration_params(params))
+      return { user: user, token: jwt(user) }
+    end
+
+    def auth_params(email)
+      user = @user_class.find_by_email(email)
+      pw_salt = user ? Digest::SHA1.hexdigest(email + "SN" + user.pw_nonce) : Digest::SHA1.hexdigest(email + "SN" + @salt_psuedo_nonce)
+      pw_cost = user ? user.pw_cost : 5000
+      pw_alg = user ? user.pw_alg : "sha512"
+      pw_key_size = user ? user.pw_key_size : 512
+      pw_func = user ? user.pw_func : "pbkdf2"
+      return {:pw_func => pw_func, :pw_alg => pw_alg, :pw_salt => pw_salt, :pw_cost => pw_cost, :pw_key_size => pw_key_size}
+    end
+
+    private
+
+    require "bcrypt"
+
+    DEFAULT_COST = 11
+
+    def hash_password(password)
+      BCrypt::Password.create(password, cost: DEFAULT_COST).to_s
+    end
+
+    def test_password(password, hash)
+      bcrypt = BCrypt::Password.new(hash)
+      password = BCrypt::Engine.hash_secret(password, bcrypt.salt)
+      return password == hash
+    end
+
+    def jwt(user)
+      JwtHelper.encode({:user_uuid => user.uuid, :pw_hash => Digest::SHA256.hexdigest(user.encrypted_password)})
+    end
+
+    def registration_params(params)
+      params.permit(:pw_func, :pw_alg, :pw_cost, :pw_key_size, :pw_nonce)
+    end
+
+  end
+end

data/lib/standard_file/version.rb

@@ -0,0 +1,3 @@
+module StandardFile
+  VERSION = '0.1.3'
+end

data/lib/standard_file.rb

@@ -0,0 +1,8 @@
+require "standard_file/engine"
+require_relative 'standard_file/sync_manager'
+require_relative 'standard_file/user_manager'
+require_relative 'standard_file/jwt_helper'
+
+module StandardFile
+
+end

data/lib/tasks/standard_file_tasks.rake

@@ -0,0 +1,4 @@
+# desc "Explaining what the task does"
+# task :standard_file do
+#   # Task goes here
+# end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: standard-file
 version: !ruby/object:Gem::Version
-  version: 0.1.2
+  version: 0.1.3
 platform: ruby
 authors:
 - Standard File
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2017-01-29 00:00:00.000000000 Z
+date: 2017-02-10 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rails
@@ -30,14 +30,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 1.5.6
+        version: 1.5.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 1.5.6
+        version: 1.5.0
 - !ruby/object:Gem::Dependency
   name: bcrypt
   requirement: !ruby/object:Gem::Requirement
@@ -52,14 +52,24 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: '3.1'
-description: Standard File allows for storage, sync, encryption of items such as notes,
-  tags, and any other custom schema.
+description: Standard File allows for storage, sync, and encryption of items such
+  as notes, tags, and any other models with a custom schema.
 email:
 - me@bitar.io
 executables: []
 extensions: []
 extra_rdoc_files: []
-files: []
+files:
+- MIT-LICENSE
+- README.md
+- Rakefile
+- lib/standard_file.rb
+- lib/standard_file/engine.rb
+- lib/standard_file/jwt_helper.rb
+- lib/standard_file/sync_manager.rb
+- lib/standard_file/user_manager.rb
+- lib/standard_file/version.rb
+- lib/tasks/standard_file_tasks.rake
 homepage: https://standardnotes.org
 licenses:
 - GPLv3