apill 3.1.3 → 4.0.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: d4626664836143aaf78bf2b5b3484ba7da329a7d
-  data.tar.gz: 70758012561218a831754e3a6f85678f92da35c7
+  metadata.gz: a868c1d22d4ed7815afb667e309f54dafcbf70c9
+  data.tar.gz: 70eb9a1d4ea3c9b061febe6eeb6c1fd975abc43f
 SHA512:
-  metadata.gz: e4fe0941c2ce6d10a1cf60950bd4742a78a6cb3fd3f5a17701932b1b35ec95c177637eddcd9caf75a0ad19ff872252266dda004c028d7cc254d2d247bd3b7c50
-  data.tar.gz: d021d2ebc2314c817889df412c77fa2718433b4f314a6066a6a74b503620f8512e0e99f31c767d03fbfb7e4d83750f379391d09c1519df392d7efe2d156d5ef9
+  metadata.gz: 92c289f7396d2523847834b5f7a25074c71384387434d987b8eb65fc174d44df7487adde5004eac3521d1493d410bea739588b7fd0ba9e867ad0b897194d9c95
+  data.tar.gz: d63a1ec7bbfa94244eba6c3f706c6fa71dee5260bd51c7c40cf8042f148ebf24787f73c4a2f2a47a8f45730c2a57772dd4c009d6d05f69e5d56981ce6a6cc9f6

data/lib/apill/configuration.rb

@@ -4,7 +4,8 @@ module  Apill
       :allowed_subdomains,
       :allowed_api_subdomains,
       :application_name,
-      :default_api_version
+      :default_api_version,
+      :token_private_key
 
     def to_h
       {

data/lib/apill/errors/{invalid_api_request_error.rb → invalid_api_request.rb}

@@ -2,7 +2,7 @@ require 'human_error'
 
 module  Apill
 module  Errors
-class   InvalidApiRequestError < RuntimeError
+class   InvalidApiRequest < RuntimeError
   include HumanError::Error
 
   attr_accessor :accept_header

data/lib/apill/errors/{invalid_subdomain_error.rb → invalid_subdomain.rb}

@@ -2,7 +2,7 @@ require 'human_error'
 
 module  Apill
 module  Errors
-class   InvalidSubdomainError < RuntimeError
+class   InvalidSubdomain < RuntimeError
   include HumanError::Error
 
   attr_accessor :http_host

data/lib/apill/errors/invalid_token.rb

@@ -0,0 +1,21 @@
+require 'human_error'
+
+module  Apill
+module  Errors
+class   InvalidToken < RuntimeError
+  include HumanError::Error
+
+  def http_status
+    401
+  end
+
+  def title
+    'Invalid or Unauthorized Token'
+  end
+
+  def detail
+    'Either the token you passed is invalid or is not allowed to perform this action.'
+  end
+end
+end
+end

data/lib/apill/matchers/accept_header.rb

@@ -0,0 +1,13 @@
+require 'apill/matchers/generic'
+
+module  Apill
+module  Matchers
+class   AcceptHeader
+  include Generic
+
+  def matches?
+    accept_header.valid?
+  end
+end
+end
+end

data/lib/apill/matchers/{generic_matcher.rb → generic.rb}

@@ -1,20 +1,16 @@
-require 'apill/accept_header'
-require 'apill/requests/base'
-
 module  Apill
 module  Matchers
-module  GenericMatcher
+module  Generic
   attr_accessor :application,
-                :accept_header
+                :accept_header,
+                :request
 
-  def initialize(**args)
+  def initialize(request:, **args)
     args.each do |variable, value|
       __send__("#{variable}=", value)
     end
-  end
 
-  def matches?(request)
-    request            = Requests::Base.resolve(request)
+    self.request       = request
     self.application   = request.application_name
     self.accept_header = request.accept_header
   end

data/lib/apill/matchers/{subdomain_matcher.rb → subdomain.rb}

@@ -1,6 +1,6 @@
 module  Apill
 module  Matchers
-class   SubdomainMatcher
+class   Subdomain
   def initialize(allowed_subdomains:     Apill.configuration.allowed_subdomains,
                  allowed_api_subdomains: Apill.configuration.allowed_api_subdomains,
                  request:)
@@ -11,11 +11,11 @@ class   SubdomainMatcher
   end
 
   def matches?
-    allowed_subdomains.include? request_subdomain
+    allowed_subdomains.include? request.subdomain
   end
 
   def matches_api_subdomain?
-    allowed_api_subdomains.include? request_subdomain
+    allowed_api_subdomains.include? request.subdomain
   end
 
   protected
@@ -23,12 +23,6 @@ class   SubdomainMatcher
   attr_accessor :allowed_subdomains,
                 :allowed_api_subdomains,
                 :request
-
-  private
-
-  def request_subdomain
-    @request_subdomain ||= request.fetch('HTTP_HOST', '')[/\A([a-z\-]+)/i, 1]
-  end
 end
 end
 end

data/lib/apill/matchers/{version_matcher.rb → version.rb}

@@ -1,17 +1,15 @@
 require 'apill/configuration'
-require 'apill/matchers/generic_matcher'
+require 'apill/matchers/generic'
 
 module  Apill
 module  Matchers
-class   VersionMatcher
-  include GenericMatcher
+class   Version
+  include Generic
 
   attr_accessor :version_constraint,
                 :default_version
 
-  def matches?(request)
-    super
-
+  def matches?
     requested_version == version_constraint
   end
 

data/lib/apill/middleware/api_request.rb

@@ -1,42 +1,43 @@
 require 'apill/configuration'
 require 'apill/parameters'
-require 'apill/matchers/subdomain_matcher'
-require 'apill/matchers/accept_header_matcher'
-require 'apill/responses/invalid_api_request_response'
-require 'apill/responses/invalid_subdomain_response'
+require 'apill/matchers/subdomain'
+require 'apill/matchers/accept_header'
+require 'apill/requests/base'
+require 'apill/responses/invalid_api_request'
+require 'apill/responses/invalid_subdomain'
+require 'apill/responses/invalid_token'
 
 module  Apill
 module  Middleware
 class   ApiRequest
-  JSON_API_MIME_TYPE_PATTERN = %r{application/vnd\.api\+json(?=\z|;)}
-
   def initialize(app)
     @app = app
   end
 
+  # rubocop:disable Metrics/LineLength
   def call(env)
     env['HTTP_X_APPLICATION_NAME'] = Apill.configuration.application_name
 
-    subdomain_matcher = Matchers::SubdomainMatcher.new(request: env)
+    request               = Requests::Base.resolve(env)
+    subdomain_matcher     = Matchers::Subdomain.new(request: request)
+    accept_header_matcher = Matchers::AcceptHeader.new(request: request)
+    token                 = request.authorization_token
 
-    if subdomain_matcher.matches?
-      if !subdomain_matcher.matches_api_subdomain? ||
-          Matchers::AcceptHeaderMatcher.new.matches?(env)
+    return Responses::InvalidSubdomain.call(env)  unless subdomain_matcher.matches?
+    return Responses::InvalidApiRequest.call(env) unless !subdomain_matcher.matches_api_subdomain? ||
+                                                         accept_header_matcher.matches?
+    return Responses::InvalidToken.call(env)      unless token.valid?
 
-        env['QUERY_STRING'] = Parameters.process(env['QUERY_STRING'])
-        env['CONTENT_TYPE'] = env['CONTENT_TYPE'].
-                              to_s.
-                              gsub! JSON_API_MIME_TYPE_PATTERN,
-                                    'application/json'
+    env['HTTP_X_JSON_WEB_TOKEN'] = token.to_h
+    env['QUERY_STRING']          = Parameters.process(env['QUERY_STRING'])
 
-        @app.call(env)
-      else
-        Responses::InvalidApiRequestResponse.call(env)
-      end
-    else
-      Responses::InvalidSubdomainResponse.call(env)
+    if env['CONTENT_TYPE'] == 'application/vnd.api+json'
+      env['CONTENT_TYPE'] = 'application/json'
     end
+
+    @app.call(env)
   end
+  # rubocop:enable Metrics/LineLength
 end
 end
 end

data/lib/apill/parameters/index.rb

@@ -1,7 +1,7 @@
 module  Apill
 class   Parameters
 class   Index
-  DEFAULT_QUERY = '*'
+  DEFAULT_QUERY = '*'.freeze
 
   attr_accessor :raw_parameters
 

data/lib/apill/parameters/page.rb

@@ -1,7 +1,7 @@
 module  Apill
 class   Parameters
 class   Page
-  PAGING_PARAMETERS     = %w{number size limit offset cursor}
+  PAGING_PARAMETERS     = %w{number size limit offset cursor}.freeze
   DEFAULT_STARTING_PAGE = 1
   DEFAULT_PAGE_SIZE     = 25
 

data/lib/apill/parameters/sort.rb

@@ -1,7 +1,7 @@
 module  Apill
 class   Parameters
 class   Sort
-  DESCENDING_PREFIX = '-'
+  DESCENDING_PREFIX = '-'.freeze
 
   attr_accessor :raw_parameters
 

data/lib/apill/requests/base.rb

@@ -1,12 +1,19 @@
+require 'apill/tokens/invalid_request_authorization'
+require 'apill/tokens/request_authorization'
+
 module  Apill
 module  Requests
 class   Base
-  def self.resolve(original_request)
-    if original_request.respond_to? :headers
-      rails_request_class.new(original_request)
-    else
-      rack_request_class.new(original_request)
-    end
+  TOKEN_PATTERN = %r{\A(?:Token ([A-Za-z0-9_/\+\=\-\.]+))?\z}
+
+  attr_accessor :token_private_key,
+                :request
+
+  def initialize(token_private_key: Apill.configuration.token_private_key,
+                 request:)
+
+    self.token_private_key = token_private_key
+    self.request           = request
   end
 
   def accept_header
@@ -19,16 +26,85 @@ class   Base
     end
   end
 
+  def authorization_token
+    if (
+         !authorization_token_from_header.blank? &&
+         authorization_token_from_header.valid?
+    ) ||
+    (
+      authorization_token_from_params.blank? ||
+      !authorization_token_from_params.valid?
+    )
+
+      authorization_token_from_header
+    else
+      authorization_token_from_params
+    end
+  end
+
+  def application_name
+    raw_request_application_name || Apill.configuration.application_name
+  end
+
+  def subdomain
+    @subdomain ||= raw_host[/\A([a-z\-]+)/i, 1]
+  end
+
+  def self.resolve(original_request)
+    if original_request.respond_to? :headers
+      rails_request_class.new(request: original_request)
+    else
+      rack_request_class.new(request: original_request)
+    end
+  end
+
   def self.rails_request_class
-    require 'apill/requests/rails_request'
+    require 'apill/requests/rails'
 
-    Object.const_get('Apill::Requests::RailsRequest')
+    Object.const_get('Apill::Requests::Rails')
   end
 
   def self.rack_request_class
-    require 'apill/requests/rack_request'
+    require 'apill/requests/rack'
+
+    Object.const_get('Apill::Requests::Rack')
+  end
+
+  private
+
+  def accept_header_from_header
+    AcceptHeader.new(application: application_name,
+                     header:      raw_accept_header_from_header || '')
+  end
+
+  def accept_header_from_params
+    AcceptHeader.new(application: application_name,
+                     header:      raw_accept_header_from_params || '')
+  end
+
+  def authorization_token_from_header
+    return Tokens::InvalidRequestAuthorization.instance \
+      unless raw_authorization_header.match(TOKEN_PATTERN)
+
+    Tokens::RequestAuthorization.convert(
+      token_private_key: token_private_key,
+      raw_token:         raw_authorization_token_from_header || '')
+  end
+
+  def authorization_token_from_params
+    Tokens::RequestAuthorization.convert(
+      token_private_key: token_private_key,
+      raw_token:         raw_authorization_token_from_params || '')
+  end
+
+  private
+
+  def raw_host
+    request.fetch('HTTP_HOST', '')
+  end
 
-    Object.const_get('Apill::Requests::RackRequest')
+  def raw_authorization_token_from_header
+    raw_authorization_header[TOKEN_PATTERN, 1] || ''
   end
 end
 end

data/lib/apill/requests/rack.rb

@@ -0,0 +1,34 @@
+require 'apill/configuration'
+require 'apill/requests/base'
+require 'apill/accept_header'
+
+module  Apill
+module  Requests
+class   Rack < Base
+  ACCEPT_PARAM_PATTERN     = /(?:\A|&)accept=(.+?)(?=\z|&)/
+  AUTH_TOKEN_PARAM_PATTERN = /(?:\A|&)auth_token=(.+?)(?=\z|&)/
+
+  private
+
+  def raw_accept_header_from_header
+    request['HTTP_ACCEPT']
+  end
+
+  def raw_accept_header_from_params
+    URI.unescape(request['QUERY_STRING'][ACCEPT_PARAM_PATTERN, 1] || '')
+  end
+
+  def raw_authorization_header
+    request['HTTP_AUTHORIZATION'] || ''
+  end
+
+  def raw_authorization_token_from_params
+    URI.unescape(request['QUERY_STRING'][AUTH_TOKEN_PARAM_PATTERN, 1] || '')
+  end
+
+  def raw_request_application_name
+    request['HTTP_X_APPLICATION_NAME']
+  end
+end
+end
+end

data/lib/apill/requests/rails.rb

@@ -0,0 +1,31 @@
+require 'apill/configuration'
+require 'apill/requests/base'
+require 'apill/accept_header'
+
+module  Apill
+module  Requests
+class   Rails < Base
+  private
+
+  def raw_accept_header_from_header
+    request.headers['Accept']
+  end
+
+  def raw_accept_header_from_params
+    request.params['accept']
+  end
+
+  def raw_authorization_header
+    request.headers['HTTP_AUTHORIZATION'] || ''
+  end
+
+  def raw_authorization_token_from_params
+    request.params['auth_token'] || ''
+  end
+
+  def raw_request_application_name
+    request.headers['X-Application-Name']
+  end
+end
+end
+end

data/lib/apill/resource/model.rb

@@ -6,7 +6,7 @@ require 'apill/resource/processors/indexing'
 module  Apill
 module  Resource
 class   Model
-  DEFAULT_PROCESSORS = %w{filtering sorting paging indexing}
+  DEFAULT_PROCESSORS = %w{filtering sorting paging indexing}.freeze
 
   attr_accessor :resource,
                 :parameters,

data/lib/apill/resource/processors/filtering.rb

@@ -7,10 +7,12 @@ class  Filtering
   attr_accessor :resource,
                 :parameters
 
+  # rubocop:disable Style/OptionHash
   def initialize(resource, parameters = {})
     self.resource   = resource
     self.parameters = Parameters::Filter.new(parameters['filter'] || {})
   end
+  # rubocop:enable Style/OptionHash
 
   def self.processed(*attrs)
     new(*attrs).processed

data/lib/apill/resource/processors/indexing.rb

@@ -7,10 +7,12 @@ class  Indexing
   attr_accessor :resource,
                 :parameters
 
+  # rubocop:disable Style/OptionHash
   def initialize(resource, parameters = {})
     self.resource   = resource
     self.parameters = Parameters::Index.new(parameters['filter'] || {})
   end
+  # rubocop:enable Style/OptionHash
 
   def self.processed(*attrs)
     new(*attrs).processed

data/lib/apill/resource/processors/paging.rb

@@ -7,10 +7,12 @@ class   Paging
   attr_accessor :resource,
                 :parameters
 
+  # rubocop:disable Style/OptionHash
   def initialize(resource, parameters = {})
     self.resource   = resource
     self.parameters = Parameters::Page.new(parameters['page'] || {})
   end
+  # rubocop:enable Style/OptionHash
 
   def self.processed(*attrs)
     new(*attrs).processed

data/lib/apill/resource/processors/sorting.rb

@@ -7,10 +7,12 @@ class   Sorting
   attr_accessor :resource,
                 :parameters
 
+  # rubocop:disable Style/OptionHash
   def initialize(resource, parameters = {})
     self.resource   = resource
     self.parameters = Parameters::Sort.new(parameters['sort'])
   end
+  # rubocop:enable Style/OptionHash
 
   def self.processed(*attrs)
     new(*attrs).processed

data/lib/apill/responses/{invalid_subdomain_response.rb → invalid_api_request.rb}

@@ -1,10 +1,10 @@
-require 'apill/errors/invalid_subdomain_error'
+require 'apill/errors/invalid_api_request'
 
 module  Apill
 module  Responses
-class   InvalidSubdomainResponse
+class   InvalidApiRequest
   def self.call(env)
-    error = Apill::Errors::InvalidSubdomainError.new(http_host: env['HTTP_HOST'])
+    error = Apill::Errors::InvalidApiRequest.new(accept_header: env['HTTP_ACCEPT'])
 
     [
       error.http_status,  # HTTP Status Code

data/lib/apill/responses/{invalid_api_request_response.rb → invalid_subdomain.rb}

@@ -1,10 +1,10 @@
-require 'apill/errors/invalid_api_request_error'
+require 'apill/errors/invalid_subdomain'
 
 module  Apill
 module  Responses
-class   InvalidApiRequestResponse
+class   InvalidSubdomain
   def self.call(env)
-    error = Apill::Errors::InvalidApiRequestError.new(accept_header: env['HTTP_ACCEPT'])
+    error = Apill::Errors::InvalidSubdomain.new(http_host: env['HTTP_HOST'])
 
     [
       error.http_status,  # HTTP Status Code

data/lib/apill/responses/invalid_token.rb

@@ -0,0 +1,17 @@
+require 'apill/errors/invalid_token'
+
+module  Apill
+module  Responses
+class   InvalidToken
+  def self.call(_env)
+    error = Apill::Errors::InvalidToken.new
+
+    [
+      error.http_status, # HTTP Status Code
+      {},                # Response Headers
+      [error.to_json],   # Message
+    ]
+  end
+end
+end
+end

data/lib/apill/tokens/invalid_request_authorization.rb

@@ -0,0 +1,21 @@
+require 'singleton'
+
+module  Apill
+module  Tokens
+class   InvalidRequestAuthorization
+  include Singleton
+
+  def valid?
+    false
+  end
+
+  def blank?
+    false
+  end
+
+  def to_h
+    {}
+  end
+end
+end
+end

data/lib/apill/tokens/null_request_authorization.rb

@@ -0,0 +1,21 @@
+require 'singleton'
+
+module  Apill
+module  Tokens
+class   NullRequestAuthorization
+  include Singleton
+
+  def valid?
+    true
+  end
+
+  def blank?
+    true
+  end
+
+  def to_h
+    {}
+  end
+end
+end
+end

data/lib/apill/tokens/request_authorization.rb

@@ -0,0 +1,62 @@
+require 'jwt'
+require 'json/jwt'
+require 'apill/tokens/invalid_request_authorization'
+require 'apill/tokens/null_request_authorization'
+
+module  Apill
+module  Tokens
+class   RequestAuthorization
+  attr_accessor :token
+
+  def initialize(token:)
+    self.token = token
+  end
+
+  def valid?
+    true
+  end
+
+  def blank?
+    false
+  end
+
+  def to_h
+    token
+  end
+
+  def self.convert(raw_token:, token_private_key: Apill.configuration.token_private_key)
+    return NullRequestAuthorization.instance if raw_token.to_s == ''
+
+    decrypted_token = JSON::JWT.decode(raw_token, token_private_key).plain_text
+    decoded_token   = JWT.decode(decrypted_token,
+                                 token_private_key,
+                                 true,
+                                 algorithm:         'RS256',
+                                 verify_expiration: true,
+                                 verify_not_before: true,
+                                 verify_iat:        true,
+                                 leeway:            5,
+                                )
+
+    new(token: decoded_token)
+  rescue JSON::JWT::Exception,
+         JSON::JWT::InvalidFormat,
+         JSON::JWT::VerificationFailed,
+         JSON::JWT::UnexpectedAlgorithm,
+         JWT::DecodeError,
+         JWT::VerificationError,
+         JWT::ExpiredSignature,
+         JWT::IncorrectAlgorithm,
+         JWT::ImmatureSignature,
+         JWT::InvalidIssuerError,
+         JWT::InvalidIatError,
+         JWT::InvalidAudError,
+         JWT::InvalidSubError,
+         JWT::InvalidJtiError,
+         OpenSSL::PKey::RSAError
+
+    InvalidRequestAuthorization.instance
+  end
+end
+end
+end

data/lib/apill/version.rb

@@ -1,3 +1,3 @@
 module Apill
-  VERSION = '3.1.3'
+  VERSION = '4.0.0'.freeze
 end