access_token 0.1.0

data/examples/sinatra-app/config.ru

@@ -0,0 +1,2 @@
+require File.expand_path('../server', __FILE__)
+run App

data/examples/sinatra-app/server.rb

@@ -0,0 +1,78 @@
+require 'bundler/setup'
+Bundler.require
+
+ActiveRecord::Base.establish_connection(
+  adapter: 'sqlite3',
+  database: 'sample.sqlite3'
+)
+
+class User < ActiveRecord::Base
+  has_secure_password
+end
+
+ActiveRecord::Schema.define(version: 0) do
+  next if table_exists?(:users)
+
+  create_table :users do |t|
+    t.string :email, null: false
+    t.string :password_digest, null: false
+    t.timestamps null: false
+  end
+
+  add_index :users, :email, unique: true
+  User.create!(email: 'john@example.com', password: 'test')
+end
+
+class BaseEndpoint < Sinatra::Application
+  helpers do
+    def access_token
+      @access_token ||= AccessToken.new(
+        request: request,
+        response: response,
+        secret: '220c6a866bff52edc0825ee5e15be8f02953764cb7a8d54ba44b46c26a7fa8867d8aa09cc11f23843d72819d98823248e1a6dcd52abc0783cace5de459dd43dd7d8da6313cbebacb475e099c0686d210cf51636800206a19526844ab8ced6af1906a9500',
+        store: AccessToken::RedisStore.new
+      )
+    end
+
+    def authenticate!
+      user_id = access_token.resolve
+      halt(401) unless user_id
+
+      @current_user = User.find_by_id(user_id)
+      halt(401) unless @current_user
+      access_token.update(current_user)
+    end
+
+    def current_user
+      @current_user
+    end
+  end
+
+  before do
+    content_type 'application/json'
+  end
+end
+
+class ProfileEndpoint < BaseEndpoint
+  before { authenticate! }
+
+  get '/profile' do
+    current_user.to_json
+  end
+end
+
+class AuthEndpoint < BaseEndpoint
+  post '/auth' do
+    user = User.find_by_email(params[:email].to_s)
+            .try(:authenticate, params[:password].to_s)
+
+    halt(401) unless user
+    access_token.update(user)
+    user.to_json
+  end
+end
+
+App = Rack::Cascade.new([
+  AuthEndpoint,
+  ProfileEndpoint
+])

data/lib/access_token.rb

@@ -0,0 +1,84 @@
+class AccessToken
+  require 'parsel'
+
+  require 'access_token/version'
+  require 'access_token/redis_store'
+  require 'access_token/memcached_store'
+  require 'access_token/null_store'
+
+  BEARER_HEADER        = 'Bearer'.freeze
+  EXPIRES_HEADER       = 'Expires'.freeze
+  AUTHORIZATION_HEADER = 'HTTP_AUTHORIZATION'.freeze
+  TIME_KEY             = 'time'.freeze
+  ID_KEY               = 'id'.freeze
+  SIGNATURE_KEY        = 'signature'.freeze
+  BEARER_REGEX         = /\ABearer (.*?)\z/
+
+  # Set the HTTP request object.
+  # It must implement the `ip` and `user_agent` methods.
+  attr_reader :request
+
+  # Set the HTTP response object.
+  # It must implement the `headers` method.
+  attr_reader :response
+
+  # Set the token store strategy.
+  # By default it uses in-memory store.
+  attr_reader :store
+
+  # Set the token encryptor strategy.
+  # By default it uses the Parsel::JSON encryptor.
+  attr_reader :encryptor
+
+  # Set the token TTL.
+  # Defaults to 86400 (24 hours).
+  attr_reader :ttl
+
+  # Set the encryption secret.
+  attr_reader :secret
+
+  def initialize(request:, response:, secret:, ttl: 3600, store: NullStore.new, encryptor: Parsel::JSON)
+    @request = request
+    @response = response
+    @store = store
+    @secret = secret
+    @ttl = ttl
+    @encryptor = encryptor
+  end
+
+  def request_signature
+    @request_signature ||= Digest::SHA1.hexdigest("#{request.ip}#{request.user_agent}")
+  end
+
+  def update(record)
+    now = Time.now
+    timestamp = now.to_i
+    data = {TIME_KEY => timestamp, SIGNATURE_KEY => request_signature, ID_KEY => record.id}
+    token = encryptor.encrypt(secret, data)
+    store.set(token, timestamp, ttl)
+    response[BEARER_HEADER] = token
+    response[EXPIRES_HEADER] = (Time.now + ttl).httpdate
+    token
+  end
+
+  def resolve(token = bearer)
+    return unless store.key?(token)
+
+    data = encryptor.decrypt(secret, token)
+    store.del(token)
+
+    return unless data
+    return unless fresh?(data[TIME_KEY])
+    return unless request_signature == data[SIGNATURE_KEY]
+
+    data[ID_KEY]
+  end
+
+  def bearer
+    request.env[AUTHORIZATION_HEADER].to_s[BEARER_REGEX, 1]
+  end
+
+  def fresh?(timestamp)
+    timestamp > Time.now.to_i - ttl
+  end
+end

data/lib/access_token/memcached_store.rb

@@ -0,0 +1,25 @@
+class AccessToken
+  class MemcachedStore
+    attr_reader :client
+
+    def initialize(client = Dalli::Client.new)
+      @client = client
+    end
+
+    def set(key, value, ttl)
+      client.set(key, value)
+    end
+
+    def get(key)
+      client.get(key)
+    end
+
+    def del(key)
+      client.delete(key)
+    end
+
+    def key?(key)
+      client.get(key) != nil
+    end
+  end
+end

data/lib/access_token/null_store.rb

@@ -0,0 +1,19 @@
+class AccessToken
+  class NullStore
+    def set(key, value, ttl)
+      true
+    end
+
+    def get(key)
+      true
+    end
+
+    def del(key)
+      true
+    end
+
+    def key?(key)
+      true
+    end
+  end
+end

data/lib/access_token/redis_store.rb

@@ -0,0 +1,28 @@
+class AccessToken
+  class RedisStore
+    attr_reader :client
+
+    def initialize(client = Redis.new)
+      @client = client
+    end
+
+    def set(key, value, ttl)
+      client.multi do
+        client.set(key, value)
+        client.expire(key, ttl)
+      end
+    end
+
+    def get(key)
+      client.get(key)
+    end
+
+    def del(key)
+      client.del(key)
+    end
+
+    def key?(key)
+      client.exists(key)
+    end
+  end
+end

data/lib/access_token/version.rb

@@ -0,0 +1,3 @@
+class AccessToken
+  VERSION = '0.1.0'
+end

metadata

@@ -0,0 +1,305 @@
+--- !ruby/object:Gem::Specification
+name: access_token
+version: !ruby/object:Gem::Version
+  version: 0.1.0
+platform: ruby
+authors:
+- Nando Vieira
+autorequire: 
+bindir: exe
+cert_chain: []
+date: 2015-06-01 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: parsel
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: bundler
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.9'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.9'
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '10.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '10.0'
+- !ruby/object:Gem::Dependency
+  name: minitest
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: minitest-utils
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: rack-test
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: sinatra
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: activerecord
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: sqlite3
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: bcrypt
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: pry-meta
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: redis
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: dalli
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+description: Access token for client-side and API authentication.
+email:
+- fnando.vieira@gmail.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- ".gitignore"
+- ".travis.yml"
+- CHANGELOG.md
+- CODE_OF_CONDUCT.md
+- Gemfile
+- LICENSE.txt
+- README.md
+- Rakefile
+- access_token.gemspec
+- examples/rails-app/.gitignore
+- examples/rails-app/Gemfile
+- examples/rails-app/Gemfile.lock
+- examples/rails-app/README.rdoc
+- examples/rails-app/Rakefile
+- examples/rails-app/app/assets/images/.keep
+- examples/rails-app/app/assets/stylesheets/application.css
+- examples/rails-app/app/controllers/application_controller.rb
+- examples/rails-app/app/controllers/auth_controller.rb
+- examples/rails-app/app/controllers/concerns/.keep
+- examples/rails-app/app/controllers/profile_controller.rb
+- examples/rails-app/app/helpers/application_helper.rb
+- examples/rails-app/app/mailers/.keep
+- examples/rails-app/app/models/.keep
+- examples/rails-app/app/models/concerns/.keep
+- examples/rails-app/app/models/user.rb
+- examples/rails-app/app/views/layouts/application.html.erb
+- examples/rails-app/bin/bundle
+- examples/rails-app/bin/rails
+- examples/rails-app/bin/rake
+- examples/rails-app/bin/setup
+- examples/rails-app/config.ru
+- examples/rails-app/config/application.rb
+- examples/rails-app/config/boot.rb
+- examples/rails-app/config/database.yml
+- examples/rails-app/config/environment.rb
+- examples/rails-app/config/environments/development.rb
+- examples/rails-app/config/environments/production.rb
+- examples/rails-app/config/environments/test.rb
+- examples/rails-app/config/initializers/assets.rb
+- examples/rails-app/config/initializers/backtrace_silencers.rb
+- examples/rails-app/config/initializers/cookies_serializer.rb
+- examples/rails-app/config/initializers/filter_parameter_logging.rb
+- examples/rails-app/config/initializers/inflections.rb
+- examples/rails-app/config/initializers/mime_types.rb
+- examples/rails-app/config/initializers/session_store.rb
+- examples/rails-app/config/initializers/wrap_parameters.rb
+- examples/rails-app/config/locales/en.yml
+- examples/rails-app/config/routes.rb
+- examples/rails-app/config/secrets.yml
+- examples/rails-app/db/migrate/20150601000736_create_users.rb
+- examples/rails-app/db/schema.rb
+- examples/rails-app/db/seeds.rb
+- examples/rails-app/lib/assets/.keep
+- examples/rails-app/lib/tasks/.keep
+- examples/rails-app/log/.keep
+- examples/rails-app/public/404.html
+- examples/rails-app/public/422.html
+- examples/rails-app/public/500.html
+- examples/rails-app/public/favicon.ico
+- examples/rails-app/public/robots.txt
+- examples/rails-app/test/controllers/.keep
+- examples/rails-app/test/fixtures/.keep
+- examples/rails-app/test/fixtures/users.yml
+- examples/rails-app/test/helpers/.keep
+- examples/rails-app/test/integration/.keep
+- examples/rails-app/test/mailers/.keep
+- examples/rails-app/test/models/.keep
+- examples/rails-app/test/models/user_test.rb
+- examples/rails-app/test/test_helper.rb
+- examples/rails-app/vendor/assets/stylesheets/.keep
+- examples/sinatra-app/Gemfile
+- examples/sinatra-app/Gemfile.lock
+- examples/sinatra-app/config.ru
+- examples/sinatra-app/server.rb
+- lib/access_token.rb
+- lib/access_token/memcached_store.rb
+- lib/access_token/null_store.rb
+- lib/access_token/redis_store.rb
+- lib/access_token/version.rb
+homepage: http://rubygems.org/gems/access_token
+licenses:
+- MIT
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.4.6
+signing_key: 
+specification_version: 4
+summary: Access token for client-side and API authentication.
+test_files: []