yopass 2.2.1 → 3.0.0

data/lib/yopass.rb

@@ -2,77 +2,86 @@ require 'memcached'
 require 'sinatra/base'
 require 'securerandom'
 require 'encryptor'
-require 'yaml'
 require 'uri'
 require 'yopass/sms_provider'
+require 'sinatra/json'
+require 'json'
+
+def too_many_tries?(m, key)
+  key += key + '_ratelimit'
+  begin
+    result = m.get key
+  rescue Memcached::NotFound
+    m.set key, 1, 3600 * 24
+    return false
+  end
+  m.set key, result + 1
+
+  # This dude has tried to many times...
+  true if result >= 2
+end
 
-# Share your secrets securely
 class Yopass < Sinatra::Base
+  helpers Sinatra::JSON
+
   configure :development do
     require 'sinatra/reloader'
     register Sinatra::Reloader
   end
 
   configure do
-    config = ENV['YOPASS_CONFIG'] || 'conf/yopass.yaml'
-    cfg = YAML.load_file(config)
-    set :config, cfg
-    set :base_url, ENV['YOPASS_BASE_URL'] || cfg['base_url']
-    set :public_folder, File.dirname(__FILE__) + '/static'
-    set :mc, Memcached.new(ENV['YOPASS_MEMCACHED_URL'] || cfg['memcached_url'])
-  end
-
-  get '/' do
-    # display mobile number field if send_sms is true
-    erb :index, locals: { send_sms: settings.config['send_sms'], error: nil }
-  end
-
-  get '/:key' do
-    erb :get_secret, locals: { key: params[:key] }
+    set :public_folder, File.dirname(__FILE__) + '/public'
+    set :max_length, 10000
+    if ENV['YP_SECRET_MAX_LENGTH']
+      set :max_length, ENV['YP_SECRET_MAX_LENGTH'].to_i
+    end
   end
 
-  get '/:key/:password' do
-    # Disable all caching
-    headers 'Cache-Control' => 'no-cache, no-store, must-revalidate'
-    headers 'Pragma' => 'no-cache'
-    headers 'Expires' => '0'
-
+  get '/v1/secret/:key/:password' do
+    m = Memcached.new(ENV['YP_MEMCACHED'] || 'localhost:11211')
     begin
-      result = settings.mc.get params[:key]
+      result = m.get params[:key]
     rescue Memcached::NotFound
-      return erb :'404'
+      status 404
+      return json message: 'Not found'
     end
-    content_type 'text/plain'
 
     begin
       result = Encryptor.decrypt(value: result, key: params[:password])
     rescue OpenSSL::Cipher::CipherError
-      settings.mc.delete(params[:key]) if too_many_tries?(params[:key])
-      return 'Invalid decryption key'
+      m.delete(params[:key]) if too_many_tries?(m, params[:key])
+      status 401
+      return json message: 'Invalid decryption key'
     end
-    settings.mc.delete params[:key]
-    result
+    m.delete params[:key]
+    return json secret: result
   end
 
-  post '/' do
-    headers 'Cache-Control' => 'no-cache, no-store, must-revalidate'
-    headers 'Pragma' => 'no-cache'
-    headers 'Expires' => '0'
+  post '/v1/secret' do
+    begin
+      r = JSON.parse(request.body.read)
+    rescue JSON::ParserError
+      status 400
+      return json message: 'Bad request, seek API docs at https://github.com/jhaals/yopass'
+    end
 
-    lifetime = params[:lifetime]
+    lifetime = r['lifetime']
     # calculate lifetime in secounds
     lifetime_options = { '1w' => 3600 * 24 * 7,
                          '1d' => 3600 * 24,
                          '1h' => 3600 }
 
     # Verify that user has posted a valid lifetime
-    return 'Invalid lifetime' unless lifetime_options.include? lifetime
-    return 'No secret submitted' if params[:secret].empty?
-
-    if params[:secret].length >= settings.config['secret_max_length']
-      return erb :index, locals: {
-        send_sms: settings.config['send_sms'],
-        error: 'This site is meant to store secrets not novels' }
+    status 400
+    # default lifetime
+    lifetime = '1d' if lifetime.nil?
+    secret = r['secret']
+    return json message: 'Invalid lifetime' unless lifetime_options.include? lifetime
+    return json message: 'No secret submitted' if secret.nil?
+    return json message: 'No secret submitted' if secret.empty?
+
+    if secret.length >= settings.max_length
+      return json message: 'error: This site is meant to store secrets not novels'
     end
 
     # goes in URL
@@ -80,54 +89,40 @@ class Yopass < Sinatra::Base
     # decryption_key goes in URL or via SMS if provider is configured
     decryption_key = SecureRandom.hex[0..8]
     # encrypt secret with generated decryption_key
-    data = Encryptor.encrypt(params[:secret], key: decryption_key)
+    data = Encryptor.encrypt(secret, key: decryption_key)
 
+    m = Memcached.new(ENV['YP_MEMCACHED'] || 'localhost:11211')
     # store secret in memcached
     begin
-      settings.mc.set key, data, lifetime_options[lifetime]
+      m.set key, data, lifetime_options[lifetime]
     rescue Memcached::ServerIsMarkedDead
-      return erb :index, locals: {
-        send_sms: settings.config['send_sms'],
-        error: 'Error: Unable to contact memcached' }
+      status 500
+      return json message: 'Error: Unable to contact memcached'
     end
-
-    if settings.config['send_sms'] == true && !params[:mobile_number].nil?
-      # strip everything except digits
-      mobile_number = params[:mobile_number].gsub(/[^0-9]/, '')
-      # load specified sms provider
-      sms = SmsProvider.create(settings.config['sms::provider'],
-                               settings.config['sms::settings'])
-
-      unless params[:mobile_number].empty?
+    mobile_number = r['mobile_number']
+    if ENV['YP_SEND_SMS'] && !mobile_number.nil?
+      unless mobile_number.empty?
+        # strip everything except digits
+        mobile_number = mobile_number.gsub(/[^0-9]/, '')
+        # load SMS provider
+        sms_settings = JSON.parse(ENV['YP_SMS_SETTINGS'])
+        sms = SmsProvider.create(
+          sms_settings['provider'],
+          sms_settings['settings'])
         sms.send(mobile_number, decryption_key)
-        return erb :secret_url, locals: {
-          full_url: URI.join(settings.base_url, key + '/' + decryption_key),
-          short_url: URI.join(settings.base_url, key),
-          decryption_key: decryption_key,
-          key_sent_to_mobile: true }
       end
     end
-
-    erb :secret_url, locals: {
-      full_url: URI.join(settings.base_url, key + '/' + decryption_key),
-      short_url: URI.join(settings.base_url, key),
+    status 200
+    json key: key,
       decryption_key: decryption_key,
-      key_sent_to_mobile: false }
+      full_url: "/v1/secret/#{key}/#{decryption_key}",
+      short_url: "/v1/secret/#{key}",
+      message: 'secret stored'
   end
-  run! if app_file == $PROGRAM_NAME
-end
 
-def too_many_tries?(key)
-  key += key + '_ratelimit'
-  begin
-    result = settings.mc.get key
-  rescue Memcached::NotFound
-    settings.mc.set key, 1, 3600 * 24
-    return false
+  get '/' do
+    # Ugly way of serving index...
+    File.read(File.join(settings.public_folder, 'index.html'))
   end
-  settings.mc.set key, result + 1
-
-  # This dude has tried to many times...
-  return true if result >= 2
-  false
+  run! if app_file == $PROGRAM_NAME
 end

data/spec/yopass_spec.rb

@@ -1,49 +1,56 @@
 require 'spec_helper'
-
+require 'json'
 describe 'yopass' do
 
-  it 'expect give the website' do
-    get '/'
-    expect(last_response.body).to match(/Share Secrets Securely/)
-  end
-
   it 'expect complain about invalid lifetime' do
-    post '/', 'lifetime' => 'foo'
+    post '/v1/secret', JSON.dump('lifetime' => 'foo')
     expect(last_response.body).to match(/Invalid lifetime/)
+    expect(last_response.status).to eq 400
   end
 
   it 'expect complain about missing secret' do
-    post '/', 'lifetime' => '1h', 'secret' => ''
+    post '/v1/secret', JSON.dump('lifetime' => '1h', 'secret' => '')
     expect(last_response.body).to match(/No secret submitted/)
+    expect(last_response.status).to eq 400
+
   end
 
   it 'expect complain about secret being to long' do
-    post '/', 'lifetime' => '1h', 'secret' => '0' * 1000000
+    post '/v1/secret', JSON.dump('lifetime' => '1h', 'secret' => '0' * 10000)
     expect(last_response.body).to match(/This site is meant to store secrets not novels/)
+    expect(last_response.status).to eq 400
   end
 
   it 'expect complain about not being able to connect to memcached' do
     allow_any_instance_of(Memcached).to receive(:set).and_raise(Memcached::ServerIsMarkedDead)
-    post '/', 'lifetime' => '1h', 'secret' => '0' * 100
+    post '/v1/secret', JSON.dump('lifetime' => '1h', 'secret' => '0' * 100)
     expect(last_response.body).to match(/Unable to contact memcached/)
+    expect(last_response.status).to eq 500
   end
 
   it 'expect store secret' do
     allow_any_instance_of(Memcached).to receive(:set).and_return true
-    post '/', 'lifetime' => '1h', 'secret' => '0' * 100
-    expect(last_response.body).to match(/http:\/\/127.0.0.1:4567/)
+    post '/v1/secret', JSON.dump('lifetime' => '1h', 'secret' => 'test')
+
+    expect(last_response.body).to match(/full_url/)
+    expect(last_response.body).to match(/decryption_key/)
+    expect(last_response.body).to match(/key/)
+    expect(last_response.body).to match(/short_url/)
+    expect(last_response.status).to eq 200
   end
 
   it 'expect receive secret' do
     allow_any_instance_of(Memcached).to receive(:get).and_return("\xD5\x9E\xF7\xB1\xA0\xEC\xD6\xBD\xCA\x00nW\xAD\xB3\xF4\xDA")
     allow_any_instance_of(Memcached).to receive(:delete).and_return true
-    get '/8937c6de9fb7b0ba9b7652b769743b4e/3af71378a'
+    get '/v1/secret/8937c6de9fb7b0ba9b7652b769743b4e/3af71378a'
     expect(last_response.body).to match(/hello world/)
+    expect(last_response.status).to eq 200
   end
 
   it 'expect raise Memcached::NotFound' do
     allow_any_instance_of(Memcached).to receive(:get).and_raise(Memcached::NotFound)
-    get '/mykey/123'
-    expect(last_response.body).to match(/Secret does not exist/)
+    get '/v1/secret/mykey/123'
+    expect(last_response.body).to match(/Not found/)
+    expect(last_response.status).to eq 404
   end
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: yopass
 version: !ruby/object:Gem::Version
-  version: 2.2.1
+  version: 3.0.0
 platform: ruby
 authors:
 - Johan Haals
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2015-01-24 00:00:00.000000000 Z
+date: 2015-02-13 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: encryptor
@@ -42,16 +42,22 @@ dependencies:
   name: rack
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 1.5.0
+    - - "<"
       - !ruby/object:Gem::Version
-        version: '1.5'
+        version: '1.6'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
-        version: '1.5'
+        version: 1.5.0
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '1.6'
 - !ruby/object:Gem::Dependency
   name: sinatra
   requirement: !ruby/object:Gem::Requirement
@@ -73,7 +79,7 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: '1.4'
-  type: :development
+  type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
@@ -117,56 +123,25 @@ files:
 - ".gemspec"
 - ".gitignore"
 - ".travis.yml"
-- CHANGELOG.md
 - Dockerfile
 - Gemfile
 - Gemfile.lock
 - LICENSE
-- Procfile
 - README.md
 - Rakefile
-- conf/config.ru
-- conf/yopass.yaml
 - config.ru
-- lib/static/flash/clippy.swf
-- lib/static/js/jquery.address.js
-- lib/static/js/jquery.js
-- lib/static/packaged/css/font.css
-- lib/static/packaged/css/semantic.css
-- lib/static/packaged/css/semantic.min.css
-- lib/static/packaged/fonts/basic.icons.eot
-- lib/static/packaged/fonts/basic.icons.svg
-- lib/static/packaged/fonts/basic.icons.ttf
-- lib/static/packaged/fonts/basic.icons.woff
-- lib/static/packaged/fonts/icons.eot
-- lib/static/packaged/fonts/icons.otf
-- lib/static/packaged/fonts/icons.svg
-- lib/static/packaged/fonts/icons.ttf
-- lib/static/packaged/fonts/icons.woff
-- lib/static/packaged/fonts/sans/OpenSans-Bold.ttf
-- lib/static/packaged/fonts/sans/OpenSans-Light.ttf
-- lib/static/packaged/fonts/sans/OpenSans.ttf
-- lib/static/packaged/fonts/sans/OpenSansLight-Italic.ttf
-- lib/static/packaged/fonts/sans/SourceSansPro-Bold.ttf
-- lib/static/packaged/fonts/sans/SourceSansPro-Regular.ttf
-- lib/static/packaged/images/loader-large-inverted.gif
-- lib/static/packaged/images/loader-large.gif
-- lib/static/packaged/images/loader-medium-inverted.gif
-- lib/static/packaged/images/loader-medium.gif
-- lib/static/packaged/images/loader-mini-inverted.gif
-- lib/static/packaged/images/loader-mini.gif
-- lib/static/packaged/images/loader-small-inverted.gif
-- lib/static/packaged/images/loader-small.gif
-- lib/static/packaged/javascript/semantic.js
-- lib/static/packaged/javascript/semantic.min.js
-- lib/static/yopass.css
-- lib/static/yopass.js
-- lib/views/404.erb
-- lib/views/footer.erb
-- lib/views/get_secret.erb
-- lib/views/header.erb
-- lib/views/index.erb
-- lib/views/secret_url.erb
+- lib/public/create-secret.html
+- lib/public/css/bootstrap.min.css
+- lib/public/display-secret.html
+- lib/public/fonts/glyphicons-halflings-regular.eot
+- lib/public/fonts/glyphicons-halflings-regular.svg
+- lib/public/fonts/glyphicons-halflings-regular.ttf
+- lib/public/fonts/glyphicons-halflings-regular.woff
+- lib/public/fonts/glyphicons-halflings-regular.woff2
+- lib/public/index.html
+- lib/public/js/angular-route.min.js
+- lib/public/js/angular.js
+- lib/public/js/app.js
 - lib/yopass.rb
 - lib/yopass/sms_provider.rb
 - lib/yopass/sms_provider/bulksms.rb
@@ -174,7 +149,6 @@ files:
 - spec/sms_provder_spec.rb
 - spec/spec_helper.rb
 - spec/yopass_spec.rb
-- yopass.god
 homepage: https://github.com/jhaals/yopass
 licenses:
 - Apache 2.0
@@ -183,7 +157,6 @@ post_install_message:
 rdoc_options: []
 require_paths:
 - lib
-- conf
 required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="

data/CHANGELOG.md

@@ -1,39 +0,0 @@
-# Yopass changelog
-
-### 2.2.0 - 2014-08-30
-
-- rate limiting - Secrets will be deleted after 3 failed attempts
-- fix issues building the docker container
-
-### 2.1.1
-
-- fix missconfigured template rendering when sending decryption key over SMS
-
-### 2.1.0
-
-- remove /get part from URLs
-- copy to clipboard for URLs
-
-### 2.0.0
-
-- Rename `http_base_url` to base_url
-- Move configuration settings to environment variables
-- Use thin as webserver
-- Bump rspec version
-- Drop ruby 1.8.7 support
-
-### 1.1.5
-- Ability to configure secret_max_length in yopass.yaml
-
-### 1.1.4
-- remove gui messup
-
-### 1.1.3
-
-- display placeholder for mobile number in form.
-- fixes bug where test would fail is memcached was running.
-
-### 1.1.2
-
-- Typo
-- Shipp all fonts instead of loading them from external site. Caused insecure content warning

data/Procfile

@@ -1 +0,0 @@
-web: bundle exec rackup config.ru -p 4567 -s thin -o 0.0.0.0

data/conf/config.ru

@@ -1,3 +0,0 @@
-require 'rubygems'
-require 'yopass'
-run Yopass

data/conf/yopass.yaml

@@ -1,10 +0,0 @@
-memcached_url: 'localhost:11211'
-base_url: 'http://127.0.0.1:4567'
-secret_max_length: 100000
-send_sms: false
-
-sms::provider: 'bulksms'
-sms::settings:
-  username: 'username'
-  password: 'fancypass'
-  sender: 'YoPass'