-
Notifications
You must be signed in to change notification settings - Fork 2
/
Copy pathhubic-git-annex-hook
executable file
·384 lines (327 loc) · 11.6 KB
/
hubic-git-annex-hook
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
#!/usr/bin/ruby
require 'rubygems'
require 'json'
require 'mechanize'
require 'dbus'
class SecretStore
def byte_arr_to_s(arr)
arr.inject("") do |sum,e| sum + e.chr end
end
def prompt (prompt,signal)
if prompt == "/" then
return
end
prompt_object = @dbus_service.object(prompt)
prompt_object.introspect
prompt_object.default_iface = "org.freedesktop.Secret.Prompt"
main = DBus::Main.new()
main << @bus
dismiss=true
prompt_object.on_signal(signal) do |u|
dismiss = u
main.quit()
end
prompt_object.Prompt("")
main.run
if dismiss
exit(-5)
end
return dismiss
end
def initialize
@bus = DBus::SessionBus.instance
@dbus_service = @bus.service("org.freedesktop.secrets")
@main_object = @dbus_service.object("/org/freedesktop/secrets")
@main_object.introspect
@main_object.default_iface = "org.freedesktop.Secret.Service"
@session = @main_object.OpenSession("plain","")[1]
default_collection_name = @main_object.ReadAlias("default").first
@default_collection = @dbus_service.object(default_collection_name)
@default_collection.introspect
@default_collection.default_iface = "org.freedesktop.Secret.Collection"
prompt = @main_object.Unlock([default_collection_name])
unlocked = prompt.first.first
if unlocked.nil?
prompt(prompt[1],"Completed")
end
end
def lookup_items(info,public_info=nil,username=nil)
search = { "Service" => "Hubic", "Info" => info }
if public_info and username then
search[public_info]=username
end
name = @default_collection.SearchItems(search).first
if name.first
item=@dbus_service.object(name.first)
item.introspect
item.default_iface = "org.freedesktop.Secret.Item"
return item
end
end
def lookup_secret(info,public_info,username = nil)
item = lookup_items(info,public_info,username)
unless item # There is no item in the secret store
exit(-6) # let die
end
[item["org.freedesktop.Secret.Item"]["Attributes"][public_info], byte_arr_to_s(item.GetSecret(@session).first[2])]
end
def lookup_connection_token(username)
item = lookup_items("tokens","username",username)
return nil unless item
JSON.load(byte_arr_to_s(item.GetSecret(@session).first[2]))
end
def store_connection_token(username,token)
IO.popen(["secret-tool", "store", "--label=Hubic tokens", "Service", "Hubic", "Info", "tokens", "username", username],"r+") do |fd|
fd.puts JSON.dump(token)
end
end
def userpass(username)
lookup_secret("user","username",username)[1]
end
def get_client_info
@client_id, @client_secret = lookup_secret("client","client_id")
end
def client_id
@client_id || get_client_info[0]
end
def client_secret
@client_secret || get_client_info[1]
end
def creds_available?(username)
lookup_items("user","username",username) and lookup_items("client")
end
def clean_connexion_token(username)
item = lookup_items("tokens","username",username)
item.Delete
end
def clean_creds
search = { "Service" => "Hubic" }
items = @default_collection.SearchItems(search).first
if items then
for name in items do
item=@dbus_service.object(name)
item.introspect
item.default_iface = "org.freedesktop.Secret.Item"
item.Delete
end
end
end
def new_secret(info,public_info,username = nil)
# I failed to create it with dbus, so let cheat
Process.wait(Process.spawn("secret-tool", "store", "--label=Hubic #{info}", "Service", "Hubic", "Info", info, public_info, username))
end
end
TOKEN_URL = "https://api.hubic.com/oauth/token/"
AUTH_URL = "https://api.hubic.com/oauth/auth/"
REDIRECT_URI = "http://localhost:4567/"
CREDENTIALS_URL="https://api.hubic.com/1.0/account/credentials"
class HubicInterface
def initialize(secret_store,username)
@secret_store=secret_store
@username=username
end
def agent
unless @agent
@agent = Mechanize.new
@agent.redirect_ok=false
end
@agent
end
def connect!
@token = @secret_store.lookup_connection_token(@username)
connect_to_hubic unless @token # If no token, we must connect to hubic
if @token["expires"] then
if Time.now + 5 * 60 > Time.utc(@token["expires"][0],@token["expires"][1],@token["expires"][2],@token["expires"][3]) then
refresh_hubic_token
connect_to_os
end
else
connect_to_os
end
end
def connect_to_hubic
warn 'connect hubic'
page = agent.get(AUTH_URL,{
"client_id" => @secret_store.client_id,
"redirect_uri" => REDIRECT_URI,
"scope" => "usage.r,account.r,getAllLinks.r,credentials.r,links.drw",
"response_type" => "code",
"state" => "none"
},nil,nil)
form = page.forms.first
form['login']=@username
form['user_pwd']=@secret_store.userpass(@username)
page2=form.click_button
response_url=page2["location"]
exit(-7) unless response_url
@code = response_url.scan(/code=[^&]*/).first[5..-1]
unless @code
warn response_url
exit(-8)
end
@base64cred = Base64.encode64("#{@secret_store.client_id}:#{@secret_store.client_secret}").gsub(/\n/, '')
response=agent.post(TOKEN_URL,{ "code"=>@code, "redirect_uri"=>REDIRECT_URI, "grant_type"=>"authorization_code"},
{ "Authorization" => "Basic #{@base64cred}" })
@token = JSON.load(response.body)
@token['code']=@code
return @token
end
def refresh_hubic_token
warn 'refresh hubic'
response=agent.post(TOKEN_URL,{ "refresh_token" => @token['refresh_token'], "grant_type"=>"refresh_token", "client_id"=>@secret_store.client_id, "client_secret" => @secret_store.client_secret })
new_token = JSON.load(response.body)
@token.merge!(new_token)
@secret_store.store_connection_token(@username,@token)
@token
end
def connect_to_os
warn 'connect_to_os'
response=agent.get(CREDENTIALS_URL,parameters={},referer=nil,header = { "Authorization" => "Bearer #{@token["access_token"]}" })
new_token = JSON.load(response.body)
new_token["expires"]=new_token["expires"].scan(/[0-9]+/).map { |s| s.to_i }
@token.merge!(new_token)
@secret_store.store_connection_token(@username,@token)
@token
end
def endpoint
@token['endpoint']
end
def os_token
@token['token']
end
def container(container)
@container = container
response = ""
try_or_reconnect do
response=agent.put("#{endpoint}/#{@container}",'',"X-Auth-Token" => os_token)
end
exit (-1) unless response.code[0] == '2' # Let die if we don't have 2?? response
self
end
def try_or_reconnect # It can yield severall time the block
yield # We try
rescue Net::HTTPUnauthorized => e
begin
refresh_hubic_token # We then try to refresh
yield
rescue Net::HTTPUnauthorized => e
@secret_store.clean_connexion_token(@username)
connect!
yield
end
end
def set_body_stream file, agent, request
request.body_stream = file
end
def store(path,file)
file=File.open(file,'rb')
# Mechanize don't do file upload on streem
hook = lambda {|agent, request| set_body_stream file, agent, request }
@agent.pre_connect_hooks.push hook
response=agent.put("#{endpoint}/#{@container}/#{Mechanize::Util::uri_escape(path)}",file,"X-Auth-Token" => os_token)
@agent.pre_connect_hooks.pop
exit (-1) unless response.code == "201" # Let die if we don't have "201 created" response
file.close
end
def get(path,file)
agent.pluggable_parser.default = Mechanize::Download
response=agent.get("#{endpoint}/#{@container}/#{Mechanize::Util::uri_escape(path)}",{},nil,"X-Auth-Token" => os_token)
exit (-11) unless response.code == "200" # Let die if we don't have the "200" response
response.save!(file)
end
def delete(path)
response=agent.delete("#{endpoint}/#{@container}/#{Mechanize::Util::uri_escape(path)}",{},"X-Auth-Token" => os_token)
exit (-12) unless response.code == "204" # Let die if we don't have the "200" response
end
def head(path)
response=agent.head("#{endpoint}/#{@container}/#{Mechanize::Util::uri_escape(path)}",{},"X-Auth-Token" => os_token)
response.code=="200"
rescue Mechanize::ResponseCodeError => e
false
end
end
class GitAnnexHook
def initialize(secret,hubic)
@secret_store = secret
@hubic = hubic
end
attr_reader :hubic
def store(container,hash1, hash2, key,file)
hubic.container(container).store("#{hash1}/#{hash2}/#{key}",file)
end
def get(container,hash1, hash2, key,file)
hubic.container(container).get("#{hash1}/#{hash2}/#{key}",file)
end
def remove(container,hash1, hash2, key)
hubic.container(container).delete("#{hash1}/#{hash2}/#{key}")
end
def checkpresent(container,hash1, hash2, key)
if hubic.container(container).head("#{hash1}/#{hash2}/#{key}") then
print(key)
end
end
def dispatch(container)
action = ENV['ANNEX_ACTION']
if action == "store" then
store(container,ENV['ANNEX_HASH_1'],ENV['ANNEX_HASH_2'],ENV['ANNEX_KEY'],ENV['ANNEX_FILE'])
elsif action == "retrieve" then
get(container,ENV['ANNEX_HASH_1'],ENV['ANNEX_HASH_2'],ENV['ANNEX_KEY'],ENV['ANNEX_FILE'])
elsif action == "remove" then
remove(container,ENV['ANNEX_HASH_1'],ENV['ANNEX_HASH_2'],ENV['ANNEX_KEY'])
elsif action == "checkpresent" then
checkpresent(container,ENV['ANNEX_HASH_1'],ENV['ANNEX_HASH_2'],ENV['ANNEX_KEY'])
end
end
end
def main
secret_store=SecretStore.new
if ARGV.first=="--init" then
print "What is your username: "
username = STDIN.readline.chomp
secret_store.new_secret("user", "username", username)
print "What is your client id: "
client_id = STDIN.readline.chomp
secret_store.new_secret("client","client_id",client_id)
exit(0)
elsif ARGV.first=="--help" then
warn "This is a git annex remote hook, that should no be run directly,"
warn "but mainly as a specila remote hook, see git annex doc"
warn "you have to intialise it by running it with the `--init` option to store your"
warn "cred in your gnome-keyring or kwallet"
# warn "or with --clean-connexion-token and --clean-creds to remove some information from them"
exit(0)
elsif ARGV.first == "--clean-connexion-token" then
if ARGV[1].nil? then
warn "You have to specify the username you want cleaning for"
warn "call hubic-git-annex-hook --clean-connexion-token [username]"
exit(-1)
end
secret_store.clean_connexion_token(ARGV[1])
exit(0)
elsif ARGV.first == "--clean-credentials" then
secret_store.clean_creds
exit(0)
end
if ENV['ANNEX_ACTION'].nil? then
warn "I don\'t now what to do"
warn "Either run with --init to store credential in your gnome-keyring or kwallet"
warn "or run it as special remote hook"
warn "see http://git-annex.branchable.com/special_remotes/hook/"
exit(-2)
elsif ARGV[0].nil? then
warn "The first argument of the hook should be the your hubig login name"
exit(-3)
elsif ARGV[1].nil? then
warn "The second argument of the hook should be the name of the container"
warn "bye default hubic have only one container named default"
warn "this hook will create the container if it do no exist"
exit(-3)
elsif not(secret_store.creds_available?(ARGV[0])) then
exit(-4)
end
hubic = HubicInterface.new(secret_store,ARGV[0])
hook = GitAnnexHook.new(secret_store,hubic)
hubic.connect!
hook.dispatch(ARGV[1])
end
main