Class: E3DB::Client

Inherits:

Object

• Object
• E3DB::Client

Defined in:

lib/e3db/client.rb,
lib/e3db/crypto.rb

Overview

A connection to the E3DB service used to perform database operations.

Defined Under Namespace

Classes: Result

Instance Attribute Summary

• #config ⇒ Config readonly

  The client configuration object.

Instance Method Summary

• #client_info(client_id) ⇒ ClientInfo

  Query the server for information about an E3DB client.

• #client_key(client_id) ⇒ RbNaCl::PublicKey

  Query the server for a client's public key.

• #delete(record_id) ⇒ Object

  Delete a record from the E3DB storage service.

• #incoming_sharing ⇒ Object
• #initialize(config) ⇒ Client constructor

  Create a connection to the E3DB service given a configuration.

• #outgoing_sharing ⇒ Object
• #query(data: true, raw: false, writer: nil, record: nil, type: nil, plain: nil, page_size: DEFAULT_QUERY_COUNT) ⇒ Result

  Query E3DB records according to a set of selection criteria.

• #read(record_id) ⇒ Record

  Read a single record by ID from E3DB and return it.

• #read_raw(record_id) ⇒ Record

  Read a single record by ID from E3DB and return it without decrypting the data fields.

• #revoke(type, reader_id) ⇒ Object

  Revoke another E3DB client's access to records of a particular type.

• #share(type, reader_id) ⇒ Object

  Grant another E3DB client access to records of a particular type.

• #update(record) ⇒ Object

  Update an existing record in the E3DB storage service.

• #write(type, data, plain = Hash.new) ⇒ Record

  Write a new record to the E3DB storage service.

Constructor Details

#initialize(config) ⇒ Client

Create a connection to the E3DB service given a configuration.

Parameters:

• config (Config) —

  configuration and credentials to use

# File 'lib/e3db/client.rb', line 180

def initialize(config)
  @config = config
  @public_key = RbNaCl::PublicKey.new(Crypto.base64decode(@config.public_key))
  @private_key = RbNaCl::PrivateKey.new(Crypto.base64decode(@config.private_key))

  @ak_cache = LruRedux::ThreadSafeCache.new(1024)
  @oauth_client = OAuth2::Client.new(
      config.api_key_id,
      config.api_secret,
      :site => config.api_url,
      :token_url => '/v1/auth/token',
      :auth_scheme => :basic_auth,
      :raise_errors => false)

  if config.logging
    @oauth_client.connection.response :logger, ::Logger.new($stdout)
  end

  @conn = Faraday.new(DEFAULT_API_URL) do |faraday|
    faraday.use TokenHelper, @oauth_client
    faraday.request :json
    faraday.response :raise_error
    if config.logging
      faraday.response :logger, nil, :bodies => true
    end
    faraday.adapter :net_http_persistent
  end
end

Instance Attribute Details

#config ⇒ Config (readonly)

Returns the client configuration object.

Returns:

• (Config) —

  the client configuration object

# File 'lib/e3db/client.rb', line 173

class Client
  attr_reader :config

  # Create a connection to the E3DB service given a configuration.
  #
  # @param config [Config] configuration and credentials to use
  # @return [Client] a connection to the E3DB service
  def initialize(config)
    @config = config
    @public_key = RbNaCl::PublicKey.new(Crypto.base64decode(@config.public_key))
    @private_key = RbNaCl::PrivateKey.new(Crypto.base64decode(@config.private_key))

    @ak_cache = LruRedux::ThreadSafeCache.new(1024)
    @oauth_client = OAuth2::Client.new(
        config.api_key_id,
        config.api_secret,
        :site => config.api_url,
        :token_url => '/v1/auth/token',
        :auth_scheme => :basic_auth,
        :raise_errors => false)

    if config.logging
      @oauth_client.connection.response :logger, ::Logger.new($stdout)
    end

    @conn = Faraday.new(DEFAULT_API_URL) do |faraday|
      faraday.use TokenHelper, @oauth_client
      faraday.request :json
      faraday.response :raise_error
      if config.logging
        faraday.response :logger, nil, :bodies => true
      end
      faraday.adapter :net_http_persistent
    end
  end

  # Query the server for information about an E3DB client.
  #
  # @param client_id [String] client ID or e-mail address to look up
  # @return [ClientInfo] information about this client
  def client_info(client_id)
    if client_id.include? "@"
      base_url = get_url('v1', 'storage', 'clients', 'find')
      url = base_url + sprintf('?email=%s', CGI.escape(client_id))
      resp = @conn.post(url)
    else
      resp = @conn.get(get_url('v1', 'storage', 'clients', client_id))
    end

    ClientInfo.new(JSON.parse(resp.body, symbolize_names: true))
  end

  # Query the server for a client's public key.
  #
  # @param client_id [String] client ID to look up
  # @return [RbNaCl::PublicKey] decoded Curve25519 public key
  def client_key(client_id)
    if client_id == @config.client_id
      @public_key
    else
      Crypto.decode_public_key(client_info(client_id).public_key.curve25519)
    end
  end

  # Read a single record by ID from E3DB and return it without
  # decrypting the data fields.
  #
  # @param record_id [String] record ID to look up
  # @return [Record] encrypted record object
  def read_raw(record_id)
    resp = @conn.get(get_url('v1', 'storage', 'records', record_id))
    json = JSON.parse(resp.body, symbolize_names: true)
    Record.new(json)
  end

  # Read a single record by ID from E3DB and return it.
  #
  # @param record_id [String] record ID to look up
  # @return [Record] decrypted record object
  def read(record_id)
    decrypt_record(read_raw(record_id))
  end

  # Write a new record to the E3DB storage service.
  #
  # @param type [String] free-form content type name of this record
  # @param data [Hash<String, String>] record data to be stored encrypted
  # @param plain [Hash<String, String>] record data to be stored unencrypted for querying
  # @return [Record] the newly created record object
  def write(type, data, plain=Hash.new)
    url = get_url('v1', 'storage', 'records')
    id = @config.client_id
    meta = Meta.new(record_id: nil, writer_id: id, user_id: id,
                    type: type, plain: plain, created: nil,
                    last_modified: nil, version: nil)
    record = Record.new(meta: meta, data: data)
    resp = @conn.post(url, encrypt_record(record).to_hash)
    decrypt_record(Record.new(JSON.parse(resp.body, symbolize_names: true)))
  end

  # Update an existing record in the E3DB storage service.
  #
  # If the record has been modified by another client since it was
  # read, this method raises {ConflictError}, which should be caught
  # by the caller so that the record can be re-fetched and the update retried.
  #
  # The metadata of the input record will be updated in-place to reflect
  # the new version number and modification time returned by the server.
  #
  # @param record [Record] the record to update
  def update(record)
    record_id = record.meta.record_id
    version = record.meta.version
    url = get_url('v1', 'storage', 'records', 'safe', record_id, version)
    begin
      resp = @conn.put(url, encrypt_record(record).to_hash)
    rescue Faraday::ClientError => e
      if e.response[:status] == 409
        raise E3DB::ConflictError, record
      else
        raise e   # re-raise on other failures
      end
    end
    json = JSON.parse(resp.body, symbolize_names: true)
    record.meta = Meta.new(json[:meta])
  end

  # Delete a record from the E3DB storage service.
  #
  # @param record_id [String] unique ID of record to delete
  def delete(record_id)
    resp = @conn.delete(get_url('v1', 'storage', 'records', record_id))
  end

  class Query < Dry::Struct
    attribute :count,               Types::Int
    attribute :include_data,        Types::Bool.optional
    attribute :writer_ids,          Types::Coercible::Array.member(Types::String).optional
    attribute :user_ids,            Types::Coercible::Array.member(Types::String).optional
    attribute :record_ids,          Types::Coercible::Array.member(Types::String).optional
    attribute :content_types,       Types::Coercible::Array.member(Types::String).optional
    attribute :plain,               Types::Hash.optional
    attribute :after_index,         Types::Int.optional
    attribute :include_all_writers, Types::Bool.optional

    def after_index=(index)
      @after_index = index
    end

    def as_json
      JSON.generate(to_hash.reject { |k, v| v.nil? })
    end
  end

  private_constant :Query

  DEFAULT_QUERY_COUNT = 100
  private_constant :DEFAULT_QUERY_COUNT

  # A set of records returned by {Client#query}. This implements the
  # `Enumerable` interface which can be used to loop over the records
  # in the result set (using eg: `Enumerable#each`).
  #
  # Every traversal of the result set will execute a query to the server,
  # so if multiple in-memory traversals are needed, use `Enumerable#to_a` to
  # fetch all records into an array first.
  class Result
    include Enumerable

    def initialize(client, query, raw)
      @client = client
      @query = query
      @raw = raw
    end

    # Invoke a block for each record matching a query.
    def each
      # Every invocation of 'each' gets its own copy of the query since
      # it will be modified as we loop through the result pages. This
      # allows multiple traversals of the same result set to start from
      # the beginning each time.
      q = Query.new(@query.to_hash)
      loop do
        json = @client.instance_eval { query1(q) }
        results = json[:results]
        results.each do |r|
          record = Record.new(meta: r[:meta], data: r[:record_data] || Hash.new)
          if q.include_data && !@raw
            access_key = r[:access_key]
            if access_key
              record = @client.instance_eval {
                ak = decrypt_eak(access_key)
                decrypt_record_with_key(record, ak)
              }
            else
              record = @client.instance_eval { decrypt_record(record) }
            end
          end
          yield record
        end

        if results.length < q.count
          break
        end

        q.after_index = json[:last_index]
      end
    end
  end

  # Query E3DB records according to a set of selection criteria.
  #
  # The default behavior is to return all records written by the
  # current authenticated client.
  #
  # To restrict the results to a particular type, pass a type or
  # list of types as the `type` argument.
  #
  # To restrict the results to a set of clients, pass a single or
  # list of client IDs as the `writer` argument. To list records
  # written by any client that has shared with the current client,
  # pass the special token `:any` as the `writer` argument.
  #
  # If a block is supplied, each record matching the query parameters
  # is fetched from the server and yielded to the block.
  #
  # If no block is supplied, a {Result} is returned that will
  # iterate over the records matching the query parameters. This
  # iterator is lazy and will query the server each time it is used,
  # so calling `Enumerable#to_a` to convert to an array is recommended
  # if multiple traversals are necessary.
  #
  # @param writer [String,Array<String>,:all] select records written by these client IDs or :all for all writers
  # @param record [String,Array<String>] select records with these record IDs
  # @param type [String,Array<string>] select records with these types
  # @param plain [Hash] plaintext query expression to select
  # @param data [Boolean] include data in records
  # @param raw [Boolean] when true don't decrypt record data
  # @param page_size [Integer] number of records to fetch per request
  # @return [Result] a result set object enumerating matched records
  def query(data: true, raw: false, writer: nil, record: nil, type: nil, plain: nil, page_size: DEFAULT_QUERY_COUNT)
    all_writers = false
    if writer == :all
      all_writers = true
      writer = []
    end

    q = Query.new(after_index: 0, include_data: data, writer_ids: writer,
                  record_ids: record, content_types: type, plain: plain,
                  user_ids: nil, count: page_size,
                  include_all_writers: all_writers)
    result = Result.new(self, q, raw)
    if block_given?
      result.each do |rec|
        yield rec
      end
    else
      result
    end
  end

  # Grant another E3DB client access to records of a particular type.
  #
  # @param type [String] type of records to share
  # @param reader_id [String] client ID or e-mail address of reader to grant access to
  def share(type, reader_id)
    if reader_id == @config.client_id
      return
    elsif reader_id.include? "@"
      reader_id = client_info(reader_id).client_id
    end

    id = @config.client_id
    ak = get_access_key(id, id, id, type)
    put_access_key(id, id, reader_id, type, ak)

    url = get_url('v1', 'storage', 'policy', id, id, reader_id, type)
    @conn.put(url, JSON.generate({:allow => [{:read => {}}]}))
  end

  # Revoke another E3DB client's access to records of a particular type.
  #
  # @param type [String] type of records to revoke access to
  # @param reader_id [String] client ID of reader to revoke access from
  def revoke(type, reader_id)
    if reader_id == @config.client_id
      return
    elsif reader_id.include? "@"
      reader_id = client_info(reader_id).client_id
    end

    id = @config.client_id
    url = get_url('v1', 'storage', 'policy', id, id, reader_id, type)
    @conn.put(url, JSON.generate({:deny => [{:read => {}}]}))
  end

  def outgoing_sharing
    url = get_url('v1', 'storage', 'policy', 'outgoing')
    resp = @conn.get(url)
    json = JSON.parse(resp.body, symbolize_names: true)
    return json.map {|x| OutgoingSharingPolicy.new(x)}
  end

  def incoming_sharing
    url = get_url('v1', 'storage', 'policy', 'incoming')
    resp = @conn.get(url)
    json = JSON.parse(resp.body, symbolize_names: true)
    return json.map {|x| IncomingSharingPolicy.new(x)}
  end

  private

  # Fetch a single page of query results. Used internally by {Client#query}.
  def query1(query)
    url = get_url('v1', 'storage', 'search')
    resp = @conn.post(url, query.as_json)
    return JSON.parse(resp.body, symbolize_names: true)
  end

  def get_url(*paths)
    sprintf('%s/%s', @config.api_url.chomp('/'), paths.map { |x| CGI.escape x }.join('/'))
  end
end

Instance Method Details

#client_info(client_id) ⇒ ClientInfo

Query the server for information about an E3DB client.

Parameters:

• client_id (String) —

  client ID or e-mail address to look up

Returns:

• (ClientInfo) —

  information about this client

# File 'lib/e3db/client.rb', line 213

def client_info(client_id)
  if client_id.include? "@"
    base_url = get_url('v1', 'storage', 'clients', 'find')
    url = base_url + sprintf('?email=%s', CGI.escape(client_id))
    resp = @conn.post(url)
  else
    resp = @conn.get(get_url('v1', 'storage', 'clients', client_id))
  end

  ClientInfo.new(JSON.parse(resp.body, symbolize_names: true))
end

#client_key(client_id) ⇒ RbNaCl::PublicKey

Query the server for a client's public key.

Parameters:

• client_id (String) —

  client ID to look up

Returns:

• (RbNaCl::PublicKey) —

  decoded Curve25519 public key

# File 'lib/e3db/client.rb', line 229

def client_key(client_id)
  if client_id == @config.client_id
    @public_key
  else
    Crypto.decode_public_key(client_info(client_id).public_key.curve25519)
  end
end

#delete(record_id) ⇒ Object

Delete a record from the E3DB storage service.

Parameters:

• record_id (String) —

  unique ID of record to delete

# File 'lib/e3db/client.rb', line 303

def delete(record_id)
  resp = @conn.delete(get_url('v1', 'storage', 'records', record_id))
end

#incoming_sharing ⇒ Object

# File 'lib/e3db/client.rb', line 476

def incoming_sharing
  url = get_url('v1', 'storage', 'policy', 'incoming')
  resp = @conn.get(url)
  json = JSON.parse(resp.body, symbolize_names: true)
  return json.map {|x| IncomingSharingPolicy.new(x)}
end

#outgoing_sharing ⇒ Object

# File 'lib/e3db/client.rb', line 469

def outgoing_sharing
  url = get_url('v1', 'storage', 'policy', 'outgoing')
  resp = @conn.get(url)
  json = JSON.parse(resp.body, symbolize_names: true)
  return json.map {|x| OutgoingSharingPolicy.new(x)}
end

#query(data: true, raw: false, writer: nil, record: nil, type: nil, plain: nil, page_size: DEFAULT_QUERY_COUNT) ⇒ Result

Query E3DB records according to a set of selection criteria.

The default behavior is to return all records written by the current authenticated client.

To restrict the results to a particular type, pass a type or list of types as the type argument.

To restrict the results to a set of clients, pass a single or list of client IDs as the writer argument. To list records written by any client that has shared with the current client, pass the special token :any as the writer argument.

If a block is supplied, each record matching the query parameters is fetched from the server and yielded to the block.

If no block is supplied, a Result is returned that will iterate over the records matching the query parameters. This iterator is lazy and will query the server each time it is used, so calling Enumerable#to_a to convert to an array is recommended if multiple traversals are necessary.

Parameters:

• writer (String, Array<String>, :all) (defaults to: nil) —

  select records written by these client IDs or :all for all writers

• record (String, Array<String>) (defaults to: nil) —

  select records with these record IDs

• type (String, Array<string>) (defaults to: nil) —

  select records with these types

• plain (Hash) (defaults to: nil) —

  plaintext query expression to select

• data (Boolean) (defaults to: true) —

  include data in records

• raw (Boolean) (defaults to: false) —

  when true don't decrypt record data

• page_size (Integer) (defaults to: DEFAULT_QUERY_COUNT) —

  number of records to fetch per request

Returns:

• (Result) —

  a result set object enumerating matched records

# File 'lib/e3db/client.rb', line 413

def query(data: true, raw: false, writer: nil, record: nil, type: nil, plain: nil, page_size: DEFAULT_QUERY_COUNT)
  all_writers = false
  if writer == :all
    all_writers = true
    writer = []
  end

  q = Query.new(after_index: 0, include_data: data, writer_ids: writer,
                record_ids: record, content_types: type, plain: plain,
                user_ids: nil, count: page_size,
                include_all_writers: all_writers)
  result = Result.new(self, q, raw)
  if block_given?
    result.each do |rec|
      yield rec
    end
  else
    result
  end
end

#read(record_id) ⇒ Record

Read a single record by ID from E3DB and return it.

Parameters:

• record_id (String) —

  record ID to look up

Returns:

• (Record) —

  decrypted record object

# File 'lib/e3db/client.rb', line 252

def read(record_id)
  decrypt_record(read_raw(record_id))
end

#read_raw(record_id) ⇒ Record

Read a single record by ID from E3DB and return it without decrypting the data fields.

Parameters:

• record_id (String) —

  record ID to look up

Returns:

• (Record) —

  encrypted record object

# File 'lib/e3db/client.rb', line 242

def read_raw(record_id)
  resp = @conn.get(get_url('v1', 'storage', 'records', record_id))
  json = JSON.parse(resp.body, symbolize_names: true)
  Record.new(json)
end

#revoke(type, reader_id) ⇒ Object

Revoke another E3DB client's access to records of a particular type.

Parameters:

• type (String) —

  type of records to revoke access to

• reader_id (String) —

  client ID of reader to revoke access from

# File 'lib/e3db/client.rb', line 457

def revoke(type, reader_id)
  if reader_id == @config.client_id
    return
  elsif reader_id.include? "@"
    reader_id = client_info(reader_id).client_id
  end

  id = @config.client_id
  url = get_url('v1', 'storage', 'policy', id, id, reader_id, type)
  @conn.put(url, JSON.generate({:deny => [{:read => {}}]}))
end

#share(type, reader_id) ⇒ Object

Grant another E3DB client access to records of a particular type.

Parameters:

• type (String) —

  type of records to share

• reader_id (String) —

  client ID or e-mail address of reader to grant access to

# File 'lib/e3db/client.rb', line 438

def share(type, reader_id)
  if reader_id == @config.client_id
    return
  elsif reader_id.include? "@"
    reader_id = client_info(reader_id).client_id
  end

  id = @config.client_id
  ak = get_access_key(id, id, id, type)
  put_access_key(id, id, reader_id, type, ak)

  url = get_url('v1', 'storage', 'policy', id, id, reader_id, type)
  @conn.put(url, JSON.generate({:allow => [{:read => {}}]}))
end

#update(record) ⇒ Object

Update an existing record in the E3DB storage service.

If the record has been modified by another client since it was read, this method raises E3DB::ConflictError, which should be caught by the caller so that the record can be re-fetched and the update retried.

The metadata of the input record will be updated in-place to reflect the new version number and modification time returned by the server.

Parameters:

• record (Record) —

  the record to update

# File 'lib/e3db/client.rb', line 283

def update(record)
  record_id = record.meta.record_id
  version = record.meta.version
  url = get_url('v1', 'storage', 'records', 'safe', record_id, version)
  begin
    resp = @conn.put(url, encrypt_record(record).to_hash)
  rescue Faraday::ClientError => e
    if e.response[:status] == 409
      raise E3DB::ConflictError, record
    else
      raise e   # re-raise on other failures
    end
  end
  json = JSON.parse(resp.body, symbolize_names: true)
  record.meta = Meta.new(json[:meta])
end

#write(type, data, plain = Hash.new) ⇒ Record

Write a new record to the E3DB storage service.

Parameters:

• type (String) —

  free-form content type name of this record

• data (Hash<String, String>) —

  record data to be stored encrypted

• plain (Hash<String, String>) (defaults to: Hash.new) —

  record data to be stored unencrypted for querying

Returns:

• (Record) —

  the newly created record object

# File 'lib/e3db/client.rb', line 262

def write(type, data, plain=Hash.new)
  url = get_url('v1', 'storage', 'records')
  id = @config.client_id
  meta = Meta.new(record_id: nil, writer_id: id, user_id: id,
                  type: type, plain: plain, created: nil,
                  last_modified: nil, version: nil)
  record = Record.new(meta: meta, data: data)
  resp = @conn.post(url, encrypt_record(record).to_hash)
  decrypt_record(Record.new(JSON.parse(resp.body, symbolize_names: true)))
end