From b8ba4f27a82868e0b3338b4af761f7c44226e729 Mon Sep 17 00:00:00 2001 From: Azul Date: Mon, 15 Jan 2018 18:21:44 +0100 Subject: (WIP) first steps towards implementing keys API --- app/controllers/api/keys_controller.rb | 63 ++++++++++++++++++++++++++++++++++ app/models/keyring.rb | 38 ++++++++++++++++++++ 2 files changed, 101 insertions(+) create mode 100644 app/controllers/api/keys_controller.rb create mode 100644 app/models/keyring.rb (limited to 'app') diff --git a/app/controllers/api/keys_controller.rb b/app/controllers/api/keys_controller.rb new file mode 100644 index 0000000..d4cb759 --- /dev/null +++ b/app/controllers/api/keys_controller.rb @@ -0,0 +1,63 @@ +class Api::KeysController < ApiController + + before_filter :require_login + before_filter :require_enabled + + # get /keys + def index + keys = identity.keys.map do |k,v| + [k, JSON.parse(v)] + end + render json: keys.to_h + end + + def show + render json: JSON.parse(identity.keys[params[:id]]) + end + + def create + keyring.create type, value + head :no_content + rescue Keyring::Error, ActionController::ParameterMissing => e + render status: 422, json: {error: e.message} + end + + def update + keyring.update type, rev: rev, value: value + head :no_content + rescue Keyring::Error, ActionController::ParameterMissing => e + render status: 422, json: {error: e.message} + end + + protected + + def require_enabled + if !current_user.enabled? + access_denied + end + end + + def service_level + current_user.effective_service_level + end + + def type + params.require :type + end + + def value + params.require :value + end + + def rev + params.require :rev + end + + def keyring + @keyring ||= Keyring.new identity + end + + def identity + @identity ||= Identity.for(current_user) + end +end diff --git a/app/models/keyring.rb b/app/models/keyring.rb new file mode 100644 index 0000000..6779d5d --- /dev/null +++ b/app/models/keyring.rb @@ -0,0 +1,38 @@ +# +# Keyring +# +# A collection of cryptographic keys. +# + +class Keyring + class Error < RuntimeError + end + + def initialize(storage) + @storage = storage + end + + def create(type, value) + raise Error, "key already exists" if storage.keys[type].present? + storage.set_key type, {type: type, value: value, rev: new_rev}.to_json + storage.save + end + + def update(type, rev:, value:) + old_rev = key_of_type(type)['rev'] + raise Error, "wrong revision: #{rev}" unless old_rev == rev + storage.set_key type, {type: type, value: value, rev: new_rev}.to_json + storage.save + end + + def key_of_type(type) + JSON.parse(storage.keys[type]) + end + + protected + attr_reader :storage + + def new_rev + SecureRandom.urlsafe_base64(8) + end +end -- cgit v1.2.3 From 54653f75cf44890310a06c3a8a6be59625629d2a Mon Sep 17 00:00:00 2001 From: Azul Date: Fri, 19 Jan 2018 14:11:24 +0100 Subject: API: implement deleting keys through new keys api --- app/controllers/api/keys_controller.rb | 12 ++++++++++++ app/models/identity.rb | 5 +++++ app/models/keyring.rb | 23 ++++++++++++++++++++--- 3 files changed, 37 insertions(+), 3 deletions(-) (limited to 'app') diff --git a/app/controllers/api/keys_controller.rb b/app/controllers/api/keys_controller.rb index d4cb759..7eb76ee 100644 --- a/app/controllers/api/keys_controller.rb +++ b/app/controllers/api/keys_controller.rb @@ -25,10 +25,22 @@ class Api::KeysController < ApiController def update keyring.update type, rev: rev, value: value head :no_content + rescue Keyring::NotFound => e + render status: 404, json: {error: e.message} rescue Keyring::Error, ActionController::ParameterMissing => e render status: 422, json: {error: e.message} end + def destroy + keyring.delete type, rev: rev + head :no_content + rescue Keyring::NotFound => e + render status: 404, json: {error: e.message} + rescue Keyring::Error, ActionController::ParameterMissing => e + render status: 422, json: {error: e.message} + end + + protected def require_enabled diff --git a/app/models/identity.rb b/app/models/identity.rb index 92f8f7a..b8c2245 100644 --- a/app/models/identity.rb +++ b/app/models/identity.rb @@ -136,6 +136,11 @@ class Identity < CouchRest::Model::Base write_attribute('keys', keys.merge(type => key.to_s)) end + def delete_key(type) + raise 'key not found' unless keys[type] + write_attribute('keys', keys.except(type)) + end + def cert_fingerprints read_attribute('cert_fingerprints') || Hash.new end diff --git a/app/models/keyring.rb b/app/models/keyring.rb index 6779d5d..66f7bfd 100644 --- a/app/models/keyring.rb +++ b/app/models/keyring.rb @@ -8,6 +8,12 @@ class Keyring class Error < RuntimeError end + class NotFound < Error + def initialize(type) + super "no such key: #{type}" + end + end + def initialize(storage) @storage = storage end @@ -19,19 +25,30 @@ class Keyring end def update(type, rev:, value:) - old_rev = key_of_type(type)['rev'] - raise Error, "wrong revision: #{rev}" unless old_rev == rev + check_rev type, rev storage.set_key type, {type: type, value: value, rev: new_rev}.to_json storage.save end + def delete(type, rev:) + check_rev type, rev + storage.delete_key type + storage.save + end + def key_of_type(type) - JSON.parse(storage.keys[type]) + JSON.parse(storage.keys[type]) if storage.keys[type] end protected attr_reader :storage + def check_rev(type, rev) + old = key_of_type(type) + raise NotFound, type unless old + raise Error, "wrong revision: #{rev}" unless old['rev'] == rev + end + def new_rev SecureRandom.urlsafe_base64(8) end -- cgit v1.2.3