lib/client/client.rb in factor-0.1.07 vs lib/client/client.rb in factor-0.1.09

@@ -2,11 +2,15 @@
 require 'rest_client'
 require 'zip'
 require 'zip/zipfilesystem'
 require 'zip/zip'
 require 'open-uri'
+require 'digest/sha2'
+require 'openssl'
+require 'base64'
 
+
 module Factor
   module Client
     class Client
       attr_accessor :host
       FACTOR_HOST = ENV["FACTOR_HOST"] || "factor.io"
@@ -38,15 +42,34 @@
           code.call("loading complete for '#{workflow_info['name']}'") 
         end
         engine
       end
     
-      def load_credentials(engine,&code)
+      def load_credentials(engine,secret=nil,&code)
         code.call("downloading credential list")
-        credentials = rest_get("credentials")
+        credentials = rest_get("credentials")["value"]
         code.call("loading credentials")
-        engine.load_credentials(credentials["value"])
+
+        if secret
+          code.call("decrypting credentials")
+          decrypter = OpenSSL::Cipher.new("AES-256-CFB")
+          sha256= Digest::SHA2.new(256)
+          decrypter.key=Base64.encode64(sha256.digest(secret))
+          decrypter.decrypt
+          credentials.each do |service,creds|
+            creds.each do |credential,value|
+              if value["encrypted"]
+                decrypted = decrypter.update(Base64.decode64(value["value"])) + decrypter.final
+                credentials[service][credential]["value"]=decrypted
+                credentials[service][credential]["encrypted"]=false
+              end
+            end
+          end  
+          code.call("decrypting credentials complete")
+        end
+
+        engine.load_credentials(credentials)
       
         engine
       end
     
       def load_channels(engine,&code)
@@ -89,20 +112,34 @@
       
         engine
       end
     
     
-      def set_credential(key,value)
+      def set_credential(service,name,value,secret=nil)
         # this is a PUT not POST because it is technically editing, not creating a new one
-        rest_put("credentials",{:key=>key,:value=>value})
+        credential = {:service=>service,:name=>name,:value=>value}
+
+        if secret
+          payload=value
+          sha256= Digest::SHA2.new(256)
+          encrypter = OpenSSL::Cipher.new("AES-256-CFB")
+          encrypter.encrypt
+          encrypter.key=Base64.encode64(sha256.digest(secret))
+
+          encrypted = Base64.encode64(encrypter.update(value) + encrypter.final)
+          credential[:value]=encrypted
+          credential[:encrypted]=true
+        end
+
+        rest_post("credentials",credential)
       end
       
-      def get_credential(key="")
-        rest_get("credentials",{:key=>key})
+      def get_credentials()
+        rest_get("credentials")
       end
       
-      def remove_credential(key="")
-        rest_delete("credentials",{:key=>key})
+      def remove_credential(service,name)
+        rest_delete("credentials",{:service=>service,:name=>name})
       end
     
     
     
     
\ No newline at end of file