Module: Reedb::Vault

Includes:

Reedb

Defined in:

lib/reedb.rb

Overview

Vault submodule of the Interface stack

Constant Summary

Constants included from Reedb

CERT_PATH, DEBOUNCE_DELTA, DEB_ADD, DEB_REM, DEFAULT_PATH, EXIT_CORRUPT_FS, EXIT_HTTP_MALFUNCT, EXIT_MISSING_USER_CODE, EXIT_OS_PARSE, EXIT_PANIC_INTERUPT, EXIT_STILL_LOCKED, FILE_CACHE_TIME, KEY_CACHE_TIME, KEY_PATH, NET_PORT, THREAD_TIMEOUT_TIME, TOKEN_BYTE_SIZE, VERSION

Class Method Summary

• .access_file(uuid, token, file_name, history = false) ⇒ Object

  Access file contents with a file ID in a vault that a token has already been authenticated on.

• .access_headers(uuid, token, search = nil) ⇒ Object

  List headers from a vault with a search qeury (nil by default).

• .access_vault(uuid, passphrase) ⇒ Object

  !!! NOT IMPLEMENTED YET !!!.

• .available_vaults ⇒ Object

  Returns a list of all vaults tracked by Reedb (by the current user).

• .close_vault(uuid, token) ⇒ Object

  Closes a vault to end the file transaction between you and the vault.

• .create_vault(name, path, passphrase, encryption = :auto) ⇒ Object

  Creates a new vault on the current system.

• .insert(uuid, token, file_name, data) ⇒ Object

  Access file contents with a file ID in a vault that a token has already been authenticated on.

• .remove(uuid, token, file_name) ⇒ Object

  Removes a file from a vault that a token was authorised to access.

• .remove_vault(uuid, passphrase, token) ⇒ Object

  Removes a vault from the file system.

• .scope_vault(name, path) ⇒ Object

  Adds a new vault to the tracking scope of this Reedb daemon.

• .unscope_vault(uuid) ⇒ Object

  Removes a vault from the application scope with a uuid.

Methods included from Reedb

archos, daemon?, included, passlength, verbose?

Class Method Details

.access_file(uuid, token, file_name, history = false) ⇒ Object

Access file contents with a file ID in a vault that a token has already been authenticated on.

Depending on the history flag (false by default) the history or only current dataset will be returned.

Parameters:

• uuid (String) —

  UUID of a vault (as an ID)

• token (String) —

  Authentication token for access

• file_name (String) —

  File identifier

• history (Boolean) (defaults to: false) —

  history idenfitier

Raises:

• (VaultNotAvailableError.new)

# File 'lib/reedb.rb', line 746

def access_file(uuid, token, file_name, history = false)
	token.delete!("\n")

	raise VaultNotAvailableError.new, 'The vault you have requested data from is not currently active on this system.' unless @@active_vaults[uuid]
	raise UnknownTokenError.new, 'The token you provided is unknown to this system. Access denied!' unless @@tokens[token]
	raise UnautherisedTokenError.new, 'The token you provided currently has no access to the desired vault. Access denied!' unless @@tokens[token].include?(uuid)

	debouncer.debounce_vault(uuid)

	return @@active_vaults[uuid].read_file(file_name, history)
end

.access_headers(uuid, token, search = nil) ⇒ Object

List headers from a vault with a search qeury (nil by default). Can only be used with a token on vaults that authentication has been successful before.

Parameters:

• uuid (String) —

  UUID of a vault (as an ID)

• token (String) —

  Authentication token for access

• search (String) (defaults to: nil) —

  Search qeury as described in the wiki

Raises:

• (VaultNotAvailableError.new)

# File 'lib/reedb.rb', line 721

def access_headers(uuid, token, search = nil)
	token.delete!("\n")

	raise VaultNotAvailableError.new, 'The vault you have requested data from is not currently active on this system.' unless @@active_vaults[uuid]
	raise UnknownTokenError.new, 'The token you provided is unknown to this system. Access denied!' unless @@tokens[token]
	raise UnautherisedTokenError.new, 'The token you provided currently has no access to the desired vault. Access denied!' unless @@tokens[token].include?(uuid)

	debouncer.debounce_vault(uuid)

	return @@active_vaults[uuid].list_headers(search)
end

.access_vault(uuid, passphrase) ⇒ Object

!!! NOT IMPLEMENTED YET !!!

ONLY PERMITTED WHEN IN NO_TOKEN MODE! Loads a vault with a UUID and passphrase into the current vault set. Ignores the token set (as not applicable when in token mode) and simply returns a confirmation that vault access was granted.

Raises:

• (MissingTokenError.new)

# File 'lib/reedb.rb', line 611

def access_vault(uuid, passphrase)
	raise MissingTokenError.new, 'Reedb is running in token mode. Please specify a token via the DAEMON module
access handler' unless @@no_token

	raise FunctionNotImplementedError.new, 'This has not been implemented yet! Use token authentication via the DAEMON module.'
	return false

	# debouncer_token = generate_token(uuid, path)
	# check = Reedb::mirror_debounce(uuid, debouncer_token, Reedb::DEB_ADD)
	# Reedb::remove_token(uuid, debouncer_token) unless check

end

.available_vaults ⇒ Object

Returns a list of all vaults tracked by Reedb (by the current user). Vaults are ordered in a dictionary under their UUID that’s used by the Reedb daemon.

# File 'lib/reedb.rb', line 542

def available_vaults
	available = {}

	@@config[:vaults].each do |uuid, value|
		# puts @@config[:vaults][uuid]
		available[uuid] = {}
		available[uuid][:name] = value[:meta].name
		available[uuid][:path] = value[:meta].path
		available[uuid][:size] = value[:meta].size
	end
	return available
end

.close_vault(uuid, token) ⇒ Object

Closes a vault to end the file transaction between you and the vault. The encryption key will be unloaded and scrubbed from memory which means you will have to unlock a vault again (which usually means more user interaction).

Parameters:

• uuid (String) —

  UUID of a vault (as an ID)

• token (String) —

  Authentication token for access

Returns:

• nil

Raises:

• (VaultNotAvailableError.new)

# File 'lib/reedb.rb', line 829

def close_vault(uuid, token)
	token.delete!("\n")

	raise VaultNotAvailableError.new, 'The vault you have requested data from is not currently active on this system.' unless @@active_vaults[uuid]
	raise UnknownTokenError.new, 'The token you provided is unknown to this system. Access denied!' unless @@tokens[token]
	raise UnautherisedTokenError.new, 'The token you provided currently has no access to the desired vault. Access denied!' unless @@tokens[token].include?(uuid)

	DaemonLogger.write("Closing vault with #{uuid}.", 'debug')

	# Remove the vault from the debouncer
	@@debouncer.remove_vault(uuid)

	# Close the vault
	@@active_vaults[uuid].close

	# Delete the vault from the active_vault record with UUID
	@@active_vaults.delete(uuid)

	# TODO: Alert other applications
	# TODO: Don't delete the token if it is being used to access
	# 			other vaults on the system!
	@@tokens.delete(token)

	# Removes token from config
	@@config[:vaults][uuid][:tokens].delete(token)
	write_config
end

.create_vault(name, path, passphrase, encryption = :auto) ⇒ Object

Creates a new vault on the current system. Returns nil if vault already existed at location. Returns a token if the creation and authentication was successful on the user side.

Also adds that token to the @@tokens list.

! THROWS A LOT OF EXCEPTIONS !

Parameters:

• name (String) —

  Name of the vault

• path (String) —

  Path of the vault

• passphrase (String) —

  User passphrase for decryption

• encryption (enum) (defaults to: :auto) —

  Encryption method (:aes, :twofish, :auto)

# File 'lib/reedb.rb', line 570

def create_vault(name, path, passphrase, encryption = :auto)
	# Creates new UUIDs until one is found that doesn't already exist in the scope
	uuid = UUID.new
	loop do
		uuid = uuid.generate
		(break) unless @@config[:vaults].include?(uuid)
	end

	# Create actual Vault object
	# This throws errors!
	tmp_vault = ReeVault.new("#{name}", "#{path}", encryption).create("#{passphrase}")

	# Creates a metavault with name, path, size and uuid to be tracked on the system
	# metavault = MetaVault.new("#{name}", "#{path}", 0, uuid)

	# Adds vault to the active set of vaults
	@@active_vaults[uuid] = tmp_vault

	# Track the vault in the config
	track_vault(name, path, 0, uuid)

	# Generate a token
	token = generate_token(uuid, path)

	# Generate a token for the debouncer and remove it if the vault was already accessable
	debouncer_token = generate_token(uuid, path)
	check = mirror_debounce(uuid, debouncer_token, Reedb::DEB_ADD)
	Reedb::remove_token(uuid, debouncer_token) unless check

	# Then return the token for the user
	token.delete!("\n")
	return token
end

.insert(uuid, token, file_name, data) ⇒ Object

Access file contents with a file ID in a vault that a token has already been authenticated on.

Inserts data into a vault. Depending on parameters and runtime settings this function has different effects. It can be used to create a new file if it doesn’t already exists.

Please refer to the wiki for details on how to use this function as it (! MAY !) have unwanted side-effects if it is used wrong!

Parameters:

• uuid (String) —

  UUID of a vault (as an ID)

• token (String) —

  Authentication token for access

• file_name (String) —

  File identifier

• data (Hash) —

  Data that should be written to the vault.

Raises:

• (VaultNotAvailableError.new)

# File 'lib/reedb.rb', line 776

def insert(uuid, token, file_name, data)
	token.delete!("\n")

	raise VaultNotAvailableError.new, 'The vault you have requested data from is not currently active on this system.' unless @@active_vaults[uuid]
	raise UnknownTokenError.new, 'The token you provided is unknown to this system. Access denied!' unless @@tokens[token]
	raise UnautherisedTokenError.new, 'The token you provided currently has no access to the desired vault. Access denied!' unless @@tokens[token].include?(uuid)


	DaemonLogger.write("Writing data to #{uuid}", 'debug')
	@@debouncer.debounce_vault(uuid)
	@@active_vaults[uuid].update(file_name, data)

	update_tracked_vault(uuid, nil, nil, @@active_vaults[uuid].count, token)
	return nil
end

.remove(uuid, token, file_name) ⇒ Object

Removes a file from a vault that a token was authorised to access. File is identified via an ID handle. This operation is dangerous as it can NOT be reverted!

Parameters:

• uuid (String) —

  UUID of a vault (as an ID)

• token (String) —

  Authentication token for access

• file_name (String) —

  File identifier

Returns:

• nil

Raises:

• (VaultNotAvailableError.new)

# File 'lib/reedb.rb', line 802

def remove(uuid, token, file_name)
	token.delete!("\n")

	raise VaultNotAvailableError.new, 'The vault you have requested data from is not currently active on this system.' unless @@active_vaults[uuid]
	raise UnknownTokenError.new, 'The token you provided is unknown to this system. Access denied!' unless @@tokens[token]
	raise UnautherisedTokenError.new, 'The token you provided currently has no access to the desired vault. Access denied!' unless @@tokens[token].include?(uuid)

	DaemonLogger.write("Writing data to #{uuid}", 'debug')
	Reedb::debouncer.debounce_vault(uuid)


	@@active_vaults[uuid].remove_file(file_name)
	update_tracked_vault(uuid, nil, nil, @@active_vaults[uuid].count, token)
	return nil
end

.remove_vault(uuid, passphrase, token) ⇒ Object

Removes a vault from the file system. This requires special privileges to do via this interface to prevent deleting vaults without the users permission. Will also fire a user interrupt to alert them of this behaviour depending on platform.

Parameters:

• uuid (String) —

  UUID of a vault (as an ID)

• passphrase (String) —

  User passphrase for decryption

• token (String) —

  Authentication token for validation

Raises:

• (FunctionNotImplementedError.new)

# File 'lib/reedb.rb', line 635

def remove_vault(uuid, passphrase, token)
	token.delete!("\n")
	# Returns false if that token isn't authorised
	return false unless @@tokens[token].include?(uuid)

	# Return false if vault has never been scoped before
	return false unless @@config[:vaults].include?(uuid)

	# Return false if vault is currently locked
	return false if @@active_vaults[uuid].locked?

	# Mark a vault for removal and only actually
	raise FunctionNotImplementedError.new, "This has not been implemented yet! Don't do this."
	return false
end

.scope_vault(name, path) ⇒ Object

Adds a new vault to the tracking scope of this Reedb daemon. Does not grant access or generate a new token for application interaction. On a new install usually called just before requesting a token

Parameters:

• name (String) —

  Name of the vault

• path (String) —

  Path of the vault

# File 'lib/reedb.rb', line 660

def scope_vault(name, path)
	# Checks if that specific vault was already scoped
	@@config[:vaults].each do |_, value|
		if value[:meta].name == "#{name}" && value[:meta].path == "#{path}"
			DaemonLogger.write("Vault already scoped at #{path}", 'info')
			raise VaultAlreadyScopedError.new, "Vault #{name} already scoped!"
			return false
		end
	end
	vault = ReeVault.new("#{name}", "#{path}", :auto)
	# If it hasn't, proceed here
	if vault.try?
		uuid = UUID.new
		loop do
			uuid = uuid.generate
			(break) unless @@config[:vaults].include?(uuid)
		end

		# At this point a vault has been confirmed and a UUID generated
		track_vault(name, path, vault.count, uuid)
		DaemonLogger.write("Vault successfully scoped at #{path}", 'info')
		cache_config
		return true
	else
		DaemonLogger.write("Tried to scope empty target at #{path}", 'warn')
		raise VaultDoesNotExistError.new, "Tried to scope empty target at #{path}"
		return false
	end
end

.unscope_vault(uuid) ⇒ Object

Removes a vault from the application scope with a uuid. Closes the vault from the active vault set.

Parameters:

• uuid (String) —

  UUID of a vault (as an ID)

# File 'lib/reedb.rb', line 698

def unscope_vault(uuid)
	unless @@config[:vaults][uuid]
		raise VaultNotScopedError.new, "Vault #{name} not scoped!"
		return nil
	end

	path = @@config[:vaults][uuid][:path]
	DaemonLogger.write("Unscoping vault #{uuid} at #{path}")
	@@active_vaults[uuid].close if @@active_vaults[uuid]
	@@config[:vaults].delete(uuid)
	cache_config
end