Class: KStor::Store

Inherits:

Object

• Object
• KStor::Store

Defined in:

lib/kstor/store.rb

Overview

Store and fetch objects in an SQLite database. rubocop:disable Metrics/MethodLength

Instance Method Summary

• #group_create(name, pubk) ⇒ Integer

  Create a new group.

• #groups ⇒ Array[KStor::Model::Group]

  List all groups.

• #groups_for_secret(secret_id) ⇒ Array[KStor::Model::Group]

  List of group IDs that can read this secret.

• #initialize(file_path) ⇒ KStor::Store constructor

  Create a new store backed by the given SQLite database file.

• #keychain_item_create(user_id, group_id, encrypted_privk) ⇒ Object

  Add a group private key to a user keychain.

• #secret_create(author_id, encrypted_data) ⇒ Integer

  Create a new secret.

• #secret_delete(secret_id) ⇒ Object

  Delete a secrete from database.

• #secret_fetch(secret_id, user_id) ⇒ KStor::Model::Secret^?

  Fetch one secret by it’s ID.

• #secret_setmeta(secret_id, user_id, group_encrypted_metadata) ⇒ Object

  Overwrite secret metadata.

• #secret_setvalue(secret_id, user_id, group_ciphertexts) ⇒ Object

  Overwrite secret value.

• #secrets_for_user(user_id) ⇒ Array[KStor::Model::Secret]

  List of all secrets that should be readable by a user.

• #transaction ⇒ Object

  Execute the given block in a database transaction.

• #user_by_id(user_id) ⇒ KStor::Model::User^?

  Lookup user by ID.

• #user_by_login(login) ⇒ KStor::Model::User^?

  Lookup user by login.

• #user_create(user) ⇒ KStor::Model::User

  Create a new user in database.

• #user_update(user) ⇒ Object

  Update user name, status and keychain.

• #users ⇒ Array[KStor::Model::User]

  List all users.

• #users? ⇒ Boolean

  True if database contains any users.

Constructor Details

#initialize(file_path) ⇒ KStor::Store

Create a new store backed by the given SQLite database file.

Parameters:

• file_path (String) —

  path to SQLite database file

# File 'lib/kstor/store.rb', line 58

def initialize(file_path)
  @file_path = file_path
  @db = SQLConnection.new(file_path)
  @cache = StoreCache.new
end

Instance Method Details

#group_create(name, pubk) ⇒ Integer

Create a new group.

Note that it doesn’t store the group private key, as it must only exist in users keychains.

Parameters:

• name (String) —

  Name of the new group (must be unique in database)

• pubk (KStor::Crypto::PublicKey) —

  group public key

Returns:

• (Integer) —

  ID of the new group

# File 'lib/kstor/store.rb', line 143

def group_create(name, pubk)
  @db.execute("    INSERT INTO groups (name, pubk)\n         VALUES (?, ?)\n  EOSQL\n  @cache.forget_groups\n  @db.last_insert_row_id\nend\n", name, pubk.to_s)

#groups ⇒ Array[KStor::Model::Group]

List all groups.

Note that this list is cached in memory, so calling this method multiple times should be cheap.

Returns:

• (Array[KStor::Model::Group]) —

  a list of all groups in database

# File 'lib/kstor/store.rb', line 158

def groups
  @cache.groups do
    Log.debug('store: loading groups')
    rows = @db.execute("        SELECT id,\n               name,\n               pubk\n          FROM groups\n      ORDER BY name\n    EOSQL\n    rows.to_h do |r|\n      a = []\n      a << r['id']\n      a << Model::Group.new(\n        id: r['id'], name: r['name'], pubk: Crypto::PublicKey.new(r['pubk'])\n      )\n      a\n    end\n  end\nend\n")

#groups_for_secret(secret_id) ⇒ Array[KStor::Model::Group]

List of group IDs that can read this secret.

Parameters:

• secret_id (Integer) —

  ID of secret

Returns:

• (Array[KStor::Model::Group]) —

  list of group ids

# File 'lib/kstor/store.rb', line 331

def groups_for_secret(secret_id)
  Log.debug("store: loading group IDs for secret #{secret_id}")
  rows = @db.execute("      SELECT group_id\n        FROM secret_values\n       WHERE secret_id = ?\n  EOSQL\n  rows.map { |r| r['group_id'] }\nend\n", secret_id)

#keychain_item_create(user_id, group_id, encrypted_privk) ⇒ Object

Add a group private key to a user keychain.

Parameters:

• user_id (Integer) —

  ID of an existing user

• group_id (Integer) —

  ID of an existing group

• encrypted_privk (KStor::Crypto::ArmoredValue) —

  group private key encrypted with user public key

# File 'lib/kstor/store.rb', line 128

def keychain_item_create(user_id, group_id, encrypted_privk)
  @db.execute("    INSERT INTO group_members (user_id, group_id, encrypted_privk)\n         VALUES (?, ?, ?)\n  EOSQL\nend\n", user_id, group_id, encrypted_privk.to_s)

#secret_create(author_id, encrypted_data) ⇒ Integer

Create a new secret.

Encrypted data should be a map of group_id to encrypted data for this group’s key pair as a two-value array, first metadata and then value.

Parameters:

• author_id (Integer) —

  ID of user that creates the new secret

• encrypted_data —

  Array[Hash[Integer, Array]]

  see above

  description for shape of value.

Returns:

• (Integer) —

  ID of new secret

# File 'lib/kstor/store.rb', line 314

def secret_create(author_id, encrypted_data)
  Log.debug("store: creating secret for user #{author_id}")
  @db.execute("    INSERT INTO secrets (value_author_id, meta_author_id) VALUES (?, ?)\n  EOSQL\n  secret_id = @db.last_insert_row_id\n  encrypted_data.each do |group_id, (ciphertext, encrypted_metadata)|\n    secret_value_create(secret_id, group_id, ciphertext, encrypted_metadata)\n  end\n\n  secret_id\nend\n", author_id, author_id)

#secret_delete(secret_id) ⇒ Object

Delete a secrete from database.

Parameters:

• secret_id (Integer) —

  ID of secret

# File 'lib/kstor/store.rb', line 388

def secret_delete(secret_id)
  Log.debug("store: delete secret ##{secret_id}")
  # Will cascade to secret_values:
  @db.execute("    DELETE FROM secrets WHERE id = ?\n  EOSQL\nend\n", secret_id)

#secret_fetch(secret_id, user_id) ⇒ KStor::Model::Secret^?

Fetch one secret by it’s ID.

Parameters:

• secret_id (Integer) —

  ID of secret

• user_id (Integer) —

  ID of secret reader

Returns:

• (KStor::Model::Secret, nil) —

  A secret, or nil if secret_id was not found or user_id can’t read it.

# File 'lib/kstor/store.rb', line 280

def secret_fetch(secret_id, user_id)
  Log.debug(
    "store: loading secret value ##{secret_id} for user ##{user_id}"
  )
  rows = @db.execute("       SELECT s.id,\n              s.value_author_id,\n              s.meta_author_id,\n              sv.group_id,\n              sv.ciphertext,\n              sv.encrypted_metadata\n         FROM secrets s,\n              secret_values sv,\n              group_members gm\n        WHERE gm.user_id = ?\n          AND gm.group_id = sv.group_id\n          AND sv.secret_id = ?\n          AND s.id = sv.secret_id\n  EOSQL\n  return nil if rows.empty?\n\n  secret_from_row(rows.first)\nend\n", user_id, secret_id)

#secret_setmeta(secret_id, user_id, group_encrypted_metadata) ⇒ Object

Overwrite secret metadata.

Parameters:

• secret_id (Integer) —

  ID of secret to update

• user_id (Integer) —

  ID of user that changes metadata

• group_encrypted_metadata —

  Array[Hash[Integer, KStor::Crypt::ArmoredValue]]

  map of group IDs to

  encrypted metadata.

# File 'lib/kstor/store.rb', line 348

def secret_setmeta(secret_id, user_id, group_encrypted_metadata)
  Log.debug("store: set metadata for secret ##{secret_id}")
  @db.execute("    UPDATE secrets SET meta_author_id = ? WHERE id = ?\n  EOSQL\n  group_encrypted_metadata.each do |group_id, encrypted_metadata|\n    @db.execute(<<-EOSQL, encrypted_metadata.to_s, secret_id, group_id)\n      UPDATE secret_values\n         SET encrypted_metadata = ?\n       WHERE secret_id = ?\n         AND group_id = ?\n    EOSQL\n  end\nend\n", user_id, secret_id)

#secret_setvalue(secret_id, user_id, group_ciphertexts) ⇒ Object

Overwrite secret value.

Parameters:

• secret_id (Integer) —

  ID of secret to update

• user_id (Integer) —

  ID of user that changes the value

• group_ciphertexts —

  Array[Hash[Integer, KStor::Crypt::ArmoredValue]]

  map of group IDs to

  encrypted values.

# File 'lib/kstor/store.rb', line 370

def secret_setvalue(secret_id, user_id, group_ciphertexts)
  Log.debug("store: set value for secret ##{secret_id}")
  @db.execute("    UPDATE secrets SET value_author_id = ? WHERE id = ?\n  EOSQL\n  group_ciphertexts.each do |group_id, ciphertext|\n    @db.execute(<<-EOSQL, ciphertext.to_s, secret_id, group_id)\n      UPDATE secret_values\n         SET ciphertext = ?\n       WHERE secret_id = ?\n         AND group_id = ?\n    EOSQL\n  end\nend\n", user_id, secret_id)

#secrets_for_user(user_id) ⇒ Array[KStor::Model::Secret]

List of all secrets that should be readable by a user.

Parameters:

• user_id (Integer) —

  ID of user that will read the secrets

Returns:

• (Array[KStor::Model::Secret]) —

  A list of secrets, that may be empty.

# File 'lib/kstor/store.rb', line 252

def secrets_for_user(user_id)
  Log.debug("store: loading secrets for user ##{user_id}")
  rows = @db.execute("       SELECT s.id,\n              s.value_author_id,\n              s.meta_author_id,\n              sv.group_id,\n              sv.ciphertext,\n              sv.encrypted_metadata\n         FROM secrets s,\n              secret_values sv,\n              group_members gm\n        WHERE gm.user_id = ?\n          AND gm.group_id = sv.group_id\n          AND sv.secret_id = s.id\n     GROUP BY s.id\n     ORDER BY s.id, sv.group_id\n  EOSQL\n\n  rows.map { |r| secret_from_row(r) }\nend\n", user_id)

#transaction ⇒ Object

Execute the given block in a database transaction.

# File 'lib/kstor/store.rb', line 65

def transaction(&)
  @db.transaction(&)
end

#user_by_id(user_id) ⇒ KStor::Model::User^?

Lookup user by ID.

Parameters:

• user_id (Integer) —

  User ID

Returns:

• (KStor::Model::User, nil) —

  a user object instance with encrypted private data, or nil if login was not found in database.

# File 'lib/kstor/store.rb', line 230

def user_by_id(user_id)
  Log.debug("store: loading user by ID ##{user_id}")
  rows = @db.execute("       SELECT u.id,\n              u.login,\n              u.name,\n              u.status,\n              c.kdf_params,\n              c.pubk,\n              c.encrypted_privk,\n         FROM users u\n    LEFT JOIN users_crypto_data c ON (c.user_id = u.id)\n        WHERE u.id = ?\n  EOSQL\n  user_from_resultset(rows, include_crypto_data: true)\nend\n", user_id)

#user_by_login(login) ⇒ KStor::Model::User^?

Lookup user by login.

Parameters:

• login (String) —

  User login

Returns:

• (KStor::Model::User, nil) —

  a user object instance with encrypted private data, or nil if login was not found in database.

# File 'lib/kstor/store.rb', line 208

def user_by_login(login)
  Log.debug("store: loading user by login #{login.inspect}")
  rows = @db.execute("       SELECT u.id,\n              u.login,\n              u.name,\n              u.status,\n              c.kdf_params,\n              c.pubk,\n              c.encrypted_privk\n         FROM users u\n    LEFT JOIN users_crypto_data c ON (c.user_id = u.id)\n        WHERE u.login = ?\n  EOSQL\n  user_from_resultset(rows, include_crypto_data: true)\nend\n", login)

#user_create(user) ⇒ KStor::Model::User

Create a new user in database.

Parameters:

• user (KStor::Model::User) —

  the user to create

Returns:

• (KStor::Model::User) —

  the same user with a brand-new ID

# File 'lib/kstor/store.rb', line 84

def user_create(user)
  @db.execute("    INSERT INTO users (login, name, status)\n         VALUES (?, ?, ?)\n  EOSQL\n  user_id = @db.last_insert_row_id\n  Log.debug(\"store: stored new user \#{user.login}\")\n  params = [user.kdf_params, user.pubk, user.encrypted_privk].map(&:to_s)\n  return user_id if params.any?(&:nil?)\n\n  @db.execute(<<-EOSQL, user.id, *params)\n    INSERT INTO users_crypto_data (user_id, kdf_params, pubk, encrypted_privk)\n         VALUES (?, ?, ?, ?)\n  EOSQL\n  Log.debug(\"store: stored user crypto data for \#{user.login}\")\n  @cache.forget_users\n\n  user_id\nend\n", user.login, user.name, 'new')

#user_update(user) ⇒ Object

Update user name, status and keychain.

Parameters:

• user (KStor::Model::User) —

  user to modify.

# File 'lib/kstor/store.rb', line 107

def user_update(user)
  @db.execute("    UPDATE users SET name = ?, status = ?\n     WHERE id = ?\n  EOSQL\n  params = [user.kdf_params, user.pubk, user.encrypted_privk, user.id]\n  @db.execute(<<-EOSQL, *params)\n    UPDATE users_crypto_data SET\n           kdf_params = ?,\n           pubk = ?\n           encrypted_params = ?\n     WHERE user_id = ?\n  EOSQL\nend\n", user.name, user.status, user.id)

#users ⇒ Array[KStor::Model::User]

List all users.

Note that this list is cached in memory, so calling this method multiple times should be cheap.

Returns:

• (Array[KStor::Model::User]) —

  a list of all users in database

# File 'lib/kstor/store.rb', line 185

def users
  @cache.users do
    Log.debug('store: loading users')
    rows = @db.execute("         SELECT u.id,\n                u.login,\n                u.name,\n                u.status,\n                c.pubk\n           FROM users u\n      LEFT JOIN users_crypto_data c ON (c.user_id = u.id)\n       ORDER BY u.login\n    EOSQL\n\n    users_from_resultset(rows)\n  end\nend\n")

#users? ⇒ Boolean

True if database contains any users.

Returns:

• (Boolean) —

  false if user table is empty

# File 'lib/kstor/store.rb', line 72

def users?
  rows = @db.execute('SELECT count(*) AS n FROM users')
  count = Integer(rows.first['n'])
  Log.debug("store: count of users is #{count}")

  count.positive?
end