Class: E3DB::Client

Inherits:

Object

• Object
• E3DB::Client

Defined in:

lib/e3db/client.rb,
lib/e3db/crypto.rb

Overview

A connection to the E3DB service used to perform database operations.

Instance Attribute Summary

• #config ⇒ Config readonly

  The client configuration object.

Instance Method Summary

• #client_info(client_id) ⇒ ClientInfo

  Query the server for information about an E3DB client.

• #client_key(client_id) ⇒ RbNaCl::PublicKey

  Query the server for a client’s public key.

• #delete(record_id) ⇒ Object

  Delete a record from the E3DB storage service.

• #initialize(config) ⇒ Client constructor

  Create a connection to the E3DB service given a configuration.

• #new_record(type) ⇒ Record

  Create a new, empty record that can be written to E3DB by calling #write.

• #query(data: true, raw: false, writer: nil, record: nil, type: nil, plain: nil) ⇒ Object

  Query E3DB records according to a set of selection criteria.

• #read(record_id) ⇒ Record

  Read a single record by ID from E3DB and return it.

• #read_raw(record_id) ⇒ Record

  Read a single record by ID from E3DB and return it without decrypting the data fields.

• #revoke(type, reader_id) ⇒ Object

  Revoke another E3DB client’s access to records of a particular type.

• #share(type, reader_id) ⇒ Object

  Grant another E3DB client access to records of a particular type.

• #write(record) ⇒ String

  Write a new record to the E3DB storage service.

Constructor Details

#initialize(config) ⇒ Client

Create a connection to the E3DB service given a configuration.

Parameters:

• config (Config) —

  configuration and credentials to use

# File 'lib/e3db/client.rb', line 118

def initialize(config)
  @config = config
  @public_key = RbNaCl::PublicKey.new(Crypto.base64decode(@config.public_key))
  @private_key = RbNaCl::PrivateKey.new(Crypto.base64decode(@config.private_key))

  @ak_cache = LruRedux::ThreadSafeCache.new(1024)
  @oauth_client = OAuth2::Client.new(
      config.api_key_id,
      config.api_secret,
      :site => config.api_url,
      :token_url => '/v1/auth/token',
      :auth_scheme => :basic_auth,
      :raise_errors => false)

  if config.logging
    @oauth_client.connection.response :logger, ::Logger.new($stdout)
  end

  @conn = Faraday.new(DEFAULT_API_URL) do |faraday|
    faraday.use TokenHelper, @oauth_client
    faraday.request :json
    faraday.response :raise_error
    if config.logging
      faraday.response :logger, nil, :bodies => true
    end
    faraday.adapter :net_http_persistent
  end
end

Instance Attribute Details

#config ⇒ Config (readonly)

Returns the client configuration object.

Returns:

• (Config) —

  the client configuration object

# File 'lib/e3db/client.rb', line 111

class Client
  attr_reader :config

  # Create a connection to the E3DB service given a configuration.
  #
  # @param config [Config] configuration and credentials to use
  # @return [Client] a connection to the E3DB service
  def initialize(config)
    @config = config
    @public_key = RbNaCl::PublicKey.new(Crypto.base64decode(@config.public_key))
    @private_key = RbNaCl::PrivateKey.new(Crypto.base64decode(@config.private_key))

    @ak_cache = LruRedux::ThreadSafeCache.new(1024)
    @oauth_client = OAuth2::Client.new(
        config.api_key_id,
        config.api_secret,
        :site => config.api_url,
        :token_url => '/v1/auth/token',
        :auth_scheme => :basic_auth,
        :raise_errors => false)

    if config.logging
      @oauth_client.connection.response :logger, ::Logger.new($stdout)
    end

    @conn = Faraday.new(DEFAULT_API_URL) do |faraday|
      faraday.use TokenHelper, @oauth_client
      faraday.request :json
      faraday.response :raise_error
      if config.logging
        faraday.response :logger, nil, :bodies => true
      end
      faraday.adapter :net_http_persistent
    end
  end

  # Query the server for information about an E3DB client.
  #
  # @param client_id [String] client ID to look up
  # @return [ClientInfo] information about this client
  def client_info(client_id)
    resp = @conn.get(get_url('v1', 'storage', 'clients', client_id))
    ClientInfo.new(JSON.parse(resp.body, symbolize_names: true))
  end

  # Query the server for a client's public key.
  #
  # @param client_id [String] client ID to look up
  # @return [RbNaCl::PublicKey] decoded Curve25519 public key
  def client_key(client_id)
    if client_id == @config.client_id
      @public_key
    else
      Crypto.decode_public_key(client_info(client_id).public_key.curve25519)
    end
  end

  # Read a single record by ID from E3DB and return it without
  # decrypting the data fields.
  #
  # @param record_id [String] record ID to look up
  # @return [Record] encrypted record object
  def read_raw(record_id)
    resp = @conn.get(get_url('v1', 'storage', 'records', record_id))
    json = JSON.parse(resp.body, symbolize_names: true)
    Record.new(json)
  end

  # Read a single record by ID from E3DB and return it.
  #
  # @param record_id [String] record ID to look up
  # @return [Record] decrypted record object
  def read(record_id)
    decrypt_record(read_raw(record_id))
  end

  # Create a new, empty record that can be written to E3DB
  # by calling {Client#write}.
  #
  # @param type [String] free-form content type of this record
  # @return [Record] an empty record of `type`
  def new_record(type)
    id = @config.client_id
    meta = Meta.new(record_id: nil, writer_id: id, user_id: id,
                    type: type, plain: Hash.new, created: nil,
                    last_modified: nil)
    Record.new(meta: meta, data: Hash.new)
  end

  # Write a new record to the E3DB storage service.
  #
  # Create new records with {Client#new_record}.
  #
  # @param record [Record] record to write
  # @return [String] the unique ID of the written record
  def write(record)
    url = get_url('v1', 'storage', 'records')
    resp = @conn.post(url, encrypt_record(record).to_hash)
    json = JSON.parse(resp.body, symbolize_names: true)
    json[:meta][:record_id]
  end

  # Delete a record from the E3DB storage service.
  #
  # @param record_id [String] unique ID of record to delete
  def delete(record_id)
    resp = @conn.delete(get_url('v1', 'storage', 'records', record_id))
  end

  class Query < Dry::Struct
    attribute :count,         Types::Int
    attribute :include_data,  Types::Bool.optional
    attribute :writer_ids,    Types::Coercible::Array.member(Types::String).optional
    attribute :user_ids,      Types::Coercible::Array.member(Types::String).optional
    attribute :record_ids,    Types::Coercible::Array.member(Types::String).optional
    attribute :content_types, Types::Coercible::Array.member(Types::String).optional
    attribute :plain,         Types::Hash.optional
    attribute :after_index,   Types::Int.optional

    def after_index=(index)
      @after_index = index
    end

    def as_json
      JSON.generate(to_hash.reject { |k, v| v.nil? })
    end
  end

  private_constant :Query

  DEFAULT_QUERY_COUNT = 100
  private_constant :DEFAULT_QUERY_COUNT

  # Query E3DB records according to a set of selection criteria.
  #
  # Each record (optionally including data) is yielded to the block
  # argument.
  #
  # @param writer [String,Array<String>] select records written by these client IDs
  # @param record [String,Array<String>] select records with these record IDs
  # @param type [String,Array<string>] select records with these types
  # @param plain [Hash] plaintext query expression to select
  # @param data [Boolean] include data in records
  # @param raw [Boolean] when true don't decrypt record data
  def query(data: true, raw: false, writer: nil, record: nil, type: nil, plain: nil)
    q = Query.new(after_index: 0, include_data: data, writer_ids: writer,
                  record_ids: record, content_types: type, plain: plain,
                  user_ids: nil, count: DEFAULT_QUERY_COUNT)
    url = get_url('v1', 'storage', 'search')
    loop do
      resp = @conn.post(url, q.as_json)
      json = JSON.parse(resp.body, symbolize_names: true)
      results = json[:results]
      results.each do |r|
        record = Record.new(meta: r[:meta], data: r[:record_data] || Hash.new)
        if data && !raw
          record = decrypt_record(record)
        end
        yield record
      end

      if results.length < q.count
        break
      end

      q.after_index = json[:last_index]
    end
  end

  # Grant another E3DB client access to records of a particular type.
  #
  # @param type [String] type of records to share
  # @param reader_id [String] client ID of reader to grant access to
  def share(type, reader_id)
    if reader_id == @config.client_id
      return
    end

    id = @config.client_id
    ak = get_access_key(id, id, id, type)
    put_access_key(id, id, reader_id, type, ak)

    url = get_url('v1', 'storage', 'policy', id, id, reader_id, type)
    @conn.put(url, JSON.generate({:allow => [{:read => {}}]}))
  end

  # Revoke another E3DB client's access to records of a particular type.
  #
  # @param type [String] type of records to revoke access to
  # @param reader_id [String] client ID of reader to revoke access from
  def revoke(type, reader_id)
    if reader_id == @config.client_id
      return
    end

    id = @config.client_id
    url = get_url('v1', 'storage', 'policy', id, id, reader_id, type)
    @conn.put(url, JSON.generate({:deny => [{:read => {}}]}))
  end

  private
  def get_url(*paths)
    sprintf('%s/%s', @config.api_url.chomp('/'), paths.map { |x| URI.escape x }.join('/'))
  end
end

Instance Method Details

#client_info(client_id) ⇒ ClientInfo

Query the server for information about an E3DB client.

Parameters:

• client_id (String) —

  client ID to look up

Returns:

• (ClientInfo) —

  information about this client

# File 'lib/e3db/client.rb', line 151

def client_info(client_id)
  resp = @conn.get(get_url('v1', 'storage', 'clients', client_id))
  ClientInfo.new(JSON.parse(resp.body, symbolize_names: true))
end

#client_key(client_id) ⇒ RbNaCl::PublicKey

Query the server for a client’s public key.

Parameters:

• client_id (String) —

  client ID to look up

Returns:

• (RbNaCl::PublicKey) —

  decoded Curve25519 public key

# File 'lib/e3db/client.rb', line 160

def client_key(client_id)
  if client_id == @config.client_id
    @public_key
  else
    Crypto.decode_public_key(client_info(client_id).public_key.curve25519)
  end
end

#delete(record_id) ⇒ Object

Delete a record from the E3DB storage service.

Parameters:

• record_id (String) —

  unique ID of record to delete

# File 'lib/e3db/client.rb', line 216

def delete(record_id)
  resp = @conn.delete(get_url('v1', 'storage', 'records', record_id))
end

#new_record(type) ⇒ Record

Create a new, empty record that can be written to E3DB by calling #write.

Parameters:

• type (String) —

  free-form content type of this record

Returns:

• (Record) —

  an empty record of type

# File 'lib/e3db/client.rb', line 192

def new_record(type)
  id = @config.client_id
  meta = Meta.new(record_id: nil, writer_id: id, user_id: id,
                  type: type, plain: Hash.new, created: nil,
                  last_modified: nil)
  Record.new(meta: meta, data: Hash.new)
end

#query(data: true, raw: false, writer: nil, record: nil, type: nil, plain: nil) ⇒ Object

Query E3DB records according to a set of selection criteria.

Each record (optionally including data) is yielded to the block argument.

Parameters:

• writer (String, Array<String>) (defaults to: nil) —

  select records written by these client IDs

• record (String, Array<String>) (defaults to: nil) —

  select records with these record IDs

• type (String, Array<string>) (defaults to: nil) —

  select records with these types

• plain (Hash) (defaults to: nil) —

  plaintext query expression to select

• data (Boolean) (defaults to: true) —

  include data in records

• raw (Boolean) (defaults to: false) —

  when true don’t decrypt record data

# File 'lib/e3db/client.rb', line 255

def query(data: true, raw: false, writer: nil, record: nil, type: nil, plain: nil)
  q = Query.new(after_index: 0, include_data: data, writer_ids: writer,
                record_ids: record, content_types: type, plain: plain,
                user_ids: nil, count: DEFAULT_QUERY_COUNT)
  url = get_url('v1', 'storage', 'search')
  loop do
    resp = @conn.post(url, q.as_json)
    json = JSON.parse(resp.body, symbolize_names: true)
    results = json[:results]
    results.each do |r|
      record = Record.new(meta: r[:meta], data: r[:record_data] || Hash.new)
      if data && !raw
        record = decrypt_record(record)
      end
      yield record
    end

    if results.length < q.count
      break
    end

    q.after_index = json[:last_index]
  end
end

#read(record_id) ⇒ Record

Read a single record by ID from E3DB and return it.

Parameters:

• record_id (String) —

  record ID to look up

Returns:

• (Record) —

  decrypted record object

# File 'lib/e3db/client.rb', line 183

def read(record_id)
  decrypt_record(read_raw(record_id))
end

#read_raw(record_id) ⇒ Record

Read a single record by ID from E3DB and return it without decrypting the data fields.

Parameters:

• record_id (String) —

  record ID to look up

Returns:

• (Record) —

  encrypted record object

# File 'lib/e3db/client.rb', line 173

def read_raw(record_id)
  resp = @conn.get(get_url('v1', 'storage', 'records', record_id))
  json = JSON.parse(resp.body, symbolize_names: true)
  Record.new(json)
end

#revoke(type, reader_id) ⇒ Object

Revoke another E3DB client’s access to records of a particular type.

Parameters:

• type (String) —

  type of records to revoke access to

• reader_id (String) —

  client ID of reader to revoke access from

# File 'lib/e3db/client.rb', line 301

def revoke(type, reader_id)
  if reader_id == @config.client_id
    return
  end

  id = @config.client_id
  url = get_url('v1', 'storage', 'policy', id, id, reader_id, type)
  @conn.put(url, JSON.generate({:deny => [{:read => {}}]}))
end

#share(type, reader_id) ⇒ Object

Grant another E3DB client access to records of a particular type.

Parameters:

• type (String) —

  type of records to share

• reader_id (String) —

  client ID of reader to grant access to

# File 'lib/e3db/client.rb', line 284

def share(type, reader_id)
  if reader_id == @config.client_id
    return
  end

  id = @config.client_id
  ak = get_access_key(id, id, id, type)
  put_access_key(id, id, reader_id, type, ak)

  url = get_url('v1', 'storage', 'policy', id, id, reader_id, type)
  @conn.put(url, JSON.generate({:allow => [{:read => {}}]}))
end

#write(record) ⇒ String

Write a new record to the E3DB storage service.

Create new records with #new_record.

Parameters:

• record (Record) —

  record to write

Returns:

• (String) —

  the unique ID of the written record

# File 'lib/e3db/client.rb', line 206

def write(record)
  url = get_url('v1', 'storage', 'records')
  resp = @conn.post(url, encrypt_record(record).to_hash)
  json = JSON.parse(resp.body, symbolize_names: true)
  json[:meta][:record_id]
end