agora_dynamic_key 0.1.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: fc5aad7f3d500a314906d62f0aaf3cfb2266890e
+  data.tar.gz: 1d8f2023302be38b0deccd0db0894e60216fe369
+SHA512:
+  metadata.gz: e742e625976a71cf5c0ca53b92f3be6ff28435c4170132c4dc12763637f2933aec892053a0263eba5fbb73b070af8b69dee245689941b7ba9871af9b1c28679a
+  data.tar.gz: 9a669a7c61cfc91c093fc11e185354dedce2b59f0697f2967862fd2abbc10851ed1d944786849f6b031064b5f44526bb2547c8e853d42cc3120916dad9e34fd9

data/lib/dynamic_key.rb

@@ -0,0 +1,13 @@
+require 'openssl'
+require 'securerandom'
+require 'zlib'
+require 'base64'
+
+require_relative 'dynamic_key/sign'
+require_relative 'dynamic_key/access_token'
+require_relative 'dynamic_key/rtc_token_builder'
+require_relative 'dynamic_key/rtm_token_builder'
+
+module AgoraDynamicKey
+  VERSION = "0.1.0"
+end

data/lib/dynamic_key/access_token.rb

@@ -0,0 +1,55 @@
+module AgoraDynamicKey
+  module Privilege
+    JOIN_CHANNEL = 1
+    PUBLISH_AUDIO_STREAM = 2
+    PUBLISH_VIDEO_STREAM = 3
+    PUBLISH_DATA_STREAM = 4
+    RTM_LOGIN = 1000 # for RTM Only
+  end
+
+  class AccessToken
+    VERSION = "006"
+
+    ONE_DAY = 864_00
+    SEED = 2 ** 32 - 1
+
+    attr_accessor :app_id, :channel_name, :app_certificate,
+                  :uid, :privileges, :privilege_expired_ts,
+                  :salt, :expired_ts
+
+    def initialize args={}
+      @app_id = args[:app_id]
+      @channel_name = args.fetch(:channel_name, "")
+      @app_certificate = args[:app_certificate]
+      @uid = "#{args.fetch(:uid, "")}"
+      @privileges = {}
+      @privilege_expired_ts = args[:privilege_expired_ts]
+      @salt = SecureRandom.rand(SEED)
+      @expired_ts = Time.now.to_i + ONE_DAY
+    end
+
+    def add_privilege privilege, ts
+      privileges[privilege] = ts
+    end
+
+    alias grant add_privilege
+
+    def build
+      Sign.encode self
+    end
+
+    def build!
+      Sign.encode! self
+    end
+
+    def from_string token
+      Sign.decode token
+    end
+
+    def self.generate! payload={}, &block
+      token = AccessToken.new payload
+      block.call token
+      token.build!
+    end
+  end
+end

data/lib/dynamic_key/rtc_token_builder.rb

@@ -0,0 +1,112 @@
+module AgoraDynamicKey
+
+  class RTCTokenBuilder
+    class InvalidParamsError < StandardError
+      attr_reader :params, :missing_keys
+      def initialize args={}
+        super
+        @params = args[:params]
+        @missing_keys = args[:missing_keys]
+      end
+    end
+
+    module Role
+      # DEPRECATED. Role::ATTENDEE has the same privileges as Role::PUBLISHER.
+      ATTENDEE = 0
+
+      # RECOMMENDED. Use this role for a voice/video call or a live broadcast, if your scenario does not require authentication for [Hosting-in](https://docs.agora.io/en/Agora%20Platform/terms?platform=All%20Platforms#hosting-in).
+      PUBLISHER = 1
+
+      # Only use this role if your scenario require authentication for [Hosting-in](https://docs.agora.io/en/Agora%20Platform/terms?platform=All%20Platforms#hosting-in).
+      # @note In order for this role to take effect, please contact our support team to enable authentication for Hosting-in for you. Otherwise, Role::SUBSCRIBER still has the same privileges as Role::PUBLISHER.
+      SUBSCRIBER = 2
+
+      # DEPRECATED. Role::ADMIN has the same privileges as Role::PUBLISHER.
+      ADMIN = 101
+    end
+
+    class << self
+
+      #
+      # Builds an RTC token using an Integer uid.
+      # @param payload
+      # :app_id The App ID issued to you by Agora.
+      # :app_certificate Certificate of the application that you registered in the Agora Dashboard.
+      # :channel_name The unique channel name for the AgoraRTC session in the string format. The string length must be less than 64 bytes. Supported character scopes are:
+      # - The 26 lowercase English letters: a to z.
+      # - The 26 uppercase English letters: A to Z.
+      # - The 10 digits: 0 to 9.
+      # - The space.
+      # - "!", "#", "$", "%", "&", "(", ")", "+", "-", ":", ";", "<", "=", ".", ">", "?", "@", "[", "]", "^", "_", " {", "}", "|", "~", ",".
+      # :uid User ID. A 32-bit unsigned integer with a value ranging from 1 to (2^32-1).
+      # :role See #userRole.
+      # - Role::PUBLISHER; RECOMMENDED. Use this role for a voice/video call or a live broadcast.
+      # - Role::SUBSCRIBER: ONLY use this role if your live-broadcast scenario requires authentication for [Hosting-in](https://docs.agora.io/en/Agora%20Platform/terms?platform=All%20Platforms#hosting-in). In order for this role to take effect, please contact our support team to enable authentication for Hosting-in for you. Otherwise, Role_Subscriber still has the same privileges as Role_Publisher.
+      # :privilege_expired_ts represented by the number of seconds elapsed since 1/1/1970. If, for example, you want to access the Agora Service within 10 minutes after the token is generated, set expireTimestamp as the current timestamp + 600 (seconds).
+      # 
+      # @return The new Token.
+      #
+      def build_token_with_uid payload
+        check! payload, %i[app_id app_certificate channel_name role uid privilege_expired_ts]
+        build_token_with_account @params.merge(:account => @params[:uid])
+      end
+
+      #
+      # Builds an RTC token using a string user_account.
+      # @param payload
+      # :app_id The App ID issued to you by Agora.
+      # :app_certificate Certificate of the application that you registered in the Agora Dashboard.
+      # :channel_name The unique channel name for the AgoraRTC session in the string format. The string length must be less than 64 bytes. Supported character scopes are:
+      # - The 26 lowercase English letters: a to z.
+      # - The 26 uppercase English letters: A to Z.
+      # - The 10 digits: 0 to 9.
+      # - The space.
+      # - "!", "#", "$", "%", "&", "(", ")", "+", "-", ":", ";", "<", "=", ".", ">", "?", "@", "[", "]", "^", "_", " {", "}", "|", "~", ",".
+      # :account The user account.
+      # :role See #userRole.
+      # - Role::PUBLISHER; RECOMMENDED. Use this role for a voice/video call or a live broadcast.
+      # - Role::SUBSCRIBER: ONLY use this role if your live-broadcast scenario requires authentication for [Hosting-in](https://docs.agora.io/en/Agora%20Platform/terms?platform=All%20Platforms#hosting-in). In order for this role to take effect, please contact our support team to enable authentication for Hosting-in for you. Otherwise, Role_Subscriber still has the same privileges as Role_Publisher.
+      # :privilege_expired_ts represented by the number of seconds elapsed since 1/1/1970. If, for example, you want to access the Agora Service within 10 minutes after the token is generated, set expireTimestamp as the current timestamp + 600 (seconds).
+      # 
+      # @return The new Token.
+      #                        
+      def build_token_with_account payload
+        check! payload, %i[app_id app_certificate channel_name role account privilege_expired_ts]
+        @params.merge!(:uid => @params[:account])
+        generate_access_token!
+      end
+
+      private
+
+      # generate access token
+      def generate_access_token!
+        # Assign appropriate access privileges to each role.
+        AgoraDynamicKey::AccessToken.generate!(@params) do |t|
+          t.grant AgoraDynamicKey::Privilege::JOIN_CHANNEL, t.privilege_expired_ts
+          if @params[:role] == Role::PUBLISHER ||
+            @params[:role] == Role::SUBSCRIBER ||
+            @params[:role] == Role::ADMIN
+            t.grant AgoraDynamicKey::Privilege::PUBLISH_AUDIO_STREAM, t.privilege_expired_ts
+            t.grant AgoraDynamicKey::Privilege::PUBLISH_VIDEO_STREAM, t.privilege_expired_ts
+            t.grant AgoraDynamicKey::Privilege::PUBLISH_DATA_STREAM, t.privilege_expired_ts
+          end
+        end
+      end
+
+      # params check
+      def check!(payload, args)
+        raise InvalidParamsError.new(params: payload), "invalid params" if payload.nil? or payload.empty?
+        symbolize_keys payload.select { |key| args.include? key }
+        missing_keys = args - @params.keys
+        raise InvalidParamsError.new(params: payload, missing_keys: missing_keys), "missing params" if missing_keys.size != 0
+        _invalid_params = @params.select { |hash, (k, v)| v.nil? or v.empty?}
+        raise InvalidParamsError.new(params: payload), "invalid params" if _invalid_params.empty?
+      end
+      
+      # symbolize keys
+      def symbolize_keys payload
+        @params = payload.inject({}) { |hash, (k, v)| hash[k.to_sym] = v; hash }
+      end
+    end
+  end
+end

data/lib/dynamic_key/rtm_token_builder.rb

@@ -0,0 +1,46 @@
+module AgoraDynamicKey
+  class RTMTokenBuilder
+    module Role
+      RTM_USER = 1
+    end
+
+    class << self
+      attr_accessor :token
+
+      # 
+      # @param payload
+      # :app_id app_id The App ID issued to you by Agora. Apply for a new App ID from 
+      #        Agora Dashboard if it is missing from your kit. See Get an App ID.
+      # :app_certificate app_certificate Certificate of the application that you registered in 
+      #        the Agora Dashboard. See Get an App Certificate.
+      # :role role AgoraDynamicKey::RTCTokenBuilder::Role::RTM_USER = 1: RTM USER
+      # :account  User Account.
+      # :privilege_expired_ts represented by the number of seconds elapsed since 1/1/1970.
+      #        If, for example, you want to access the Agora Service within 10 minutes
+      #        after the token is generated, set expireTimestamp as the current time stamp
+      #        + 600 (seconds).                             
+      def build_token payload
+        check! payload, %i[app_id app_certificate role account privilege_expired_ts]
+        token = AccessToken.new @params.merge(:channel_name => @params[:account])
+        token.grant Privilege::RTM_LOGIN, @params[:privilege_expired_ts]
+        token.build!
+      end
+
+      private
+      # params check
+      def check!(payload, args)
+        raise InvalidParamsError.new(params: payload), "invalid params" if payload.nil? or payload.empty?
+        symbolize_keys payload.select { |key| args.include? key }
+        missing_keys = args - @params.keys
+        raise InvalidParamsError.new(params: payload, missing_keys: missing_keys), "missing params" if missing_keys.size != 0
+        _invalid_params = @params.select { |hash, (k, v)| v.nil? or v.empty?}
+        raise InvalidParamsError.new(params: payload), "invalid params" if _invalid_params.empty?
+      end
+      
+      # symbolize keys
+      def symbolize_keys payload
+        @params = payload.inject({}) { |hash, (k, v)| hash[k.to_sym] = v; hash }
+      end
+    end
+  end
+end

data/lib/dynamic_key/sign.rb

@@ -0,0 +1,73 @@
+# encoding: utf-8
+
+module AgoraDynamicKey
+  class Sign
+    MAX_SIZE = 1024
+    SHA256 = OpenSSL::Digest.new("sha256")
+    class InvalidToken < StandardError; end
+
+    class << self
+      private def parse_map_uint32 map
+        binary = [map.size].pack "v"
+        binary << map.flatten.pack("vV"*map.size)
+      end
+
+      def encode option
+        encode! option
+      rescue
+        false 
+      end
+
+      def encode! option
+        # pack message
+        message = [option.salt, option.expired_ts].pack "VV" # pack into uint16 with little endian
+        message << parse_map_uint32(option.privileges)
+
+        # generate signature
+        to_sign = "#{option.app_id}#{option.channel_name}#{option.uid}#{message}"
+
+        sign = OpenSSL::HMAC.new(option.app_certificate, SHA256).update(to_sign).digest
+
+        crc32_channel_name = Zlib::crc32(option.channel_name) & 0xffffffff
+        crc32_uid = Zlib::crc32("#{option.uid}") & 0xffffffff
+
+        uint32_channel_name = [crc32_channel_name].pack "V"
+        uint32_uid = [crc32_uid].pack "V"
+
+        uint16_sign_size = [sign.size].pack "v"
+
+        uint16_message_size = [message.size].pack "v"
+        # generate content
+        content = "#{uint16_sign_size}#{sign}#{uint32_channel_name}#{uint32_uid}#{uint16_message_size}#{message}"
+        # final content
+        "#{AccessToken::VERSION}#{option.app_id}#{Base64.strict_encode64(content)}"
+      end
+
+      def decode string
+        docode!
+      rescue
+        false
+      end
+
+      def decode! string
+        version = string[0..2]
+        raise InvalidToken, "can't match version" unless version == VERSION
+        appId = string[3..3+31]
+        content = string[3+32..-1]
+        content_binary = Base64.strict_decode64(content)
+        uint16_sign_size = content_binary.unpack("v")[0]
+        sign = content_binary[2, uint16_sign_size].unpack "H*"
+        offset = uint16_sign_size + 2
+        uint32_channel_name, uint32_uid = content_binary[offset..offset+1].unpack("VV")
+        offset = offset + 8
+        uint16_message_size = content_binary[offset..offset+1].unpack("v")[0]
+        offset = offset + 2
+        message = content_binary[offset..offset+uint16_message_size]
+        salt, expired_ts = message[0..7].unpack("V*")
+        privileges_size = message[8..9].unpack("v")[0]
+        message[10..-1].unpack("vV"*privileges_size)
+        true
+      end
+    end
+  end
+end

metadata

@@ -0,0 +1,49 @@
+--- !ruby/object:Gem::Specification
+name: agora_dynamic_key
+version: !ruby/object:Gem::Version
+  version: 0.1.0
+platform: ruby
+authors:
+- matrixbirds
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2020-06-08 00:00:00.000000000 Z
+dependencies: []
+description: A Simple Agora Dynamic Key Implementation
+email: sales@agora.io
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- lib/dynamic_key.rb
+- lib/dynamic_key/access_token.rb
+- lib/dynamic_key/rtc_token_builder.rb
+- lib/dynamic_key/rtm_token_builder.rb
+- lib/dynamic_key/sign.rb
+homepage: https://github.com/AgoraIO/Tools/tree/master/DynamicKey/AgoraDynamicKey/ruby/sample
+licenses:
+- MIT
+metadata:
+  source_code_uri: https://github.com/AgoraIO/Tools/tree/master/DynamicKey/AgoraDynamicKey/ruby
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.5.2.3
+signing_key: 
+specification_version: 4
+summary: Agora Dynamic Key Client
+test_files: []