authbox 0.0.1

Sign up to get free protection for your applications and to get access to all the features.
Files changed (3) hide show
  1. checksums.yaml +7 -0
  2. data/lib/authbox.rb +196 -0
  3. metadata +84 -0
checksums.yaml ADDED
@@ -0,0 +1,7 @@
1
+ ---
2
+ SHA1:
3
+ metadata.gz: e141dfb9225bbe2ab57222f2a20c8ccffc55470a
4
+ data.tar.gz: b344c19419a40d1dc730b638c35c19fd79ad8ec9
5
+ SHA512:
6
+ metadata.gz: df7933e149fe281b4be2b2044c9cb3e5f3555d10471da2bd9561c3e3fa2d7a600bfabde2ce6ccb0ada9ab18b16f7d022c7408720e6b534f24a9d7d30a1437f32
7
+ data.tar.gz: cfc3346953eede700e6f5ed4f5764ac24982b5e893eb22cd09e0e7b8f919594df2ccccafda980e2081c6003e189f80e7b5a80e955c338d510722e7eb5c690e5d
data/lib/authbox.rb ADDED
@@ -0,0 +1,196 @@
1
+ require 'active_support/concern'
2
+ require 'digest'
3
+ require 'json'
4
+ require 'net/http'
5
+ require 'securerandom'
6
+ require 'thread'
7
+ require 'thread/pool'
8
+ require 'uri'
9
+
10
+ ##
11
+ # This module adds support for Authbox to your Rails controller. We recommend
12
+ # you add it to +app/controllers/application_controller.rb+ like this:
13
+ #
14
+ # require 'authbox'
15
+ #
16
+ # class ApplicationController < ActionController::Base
17
+ # include Authbox
18
+ # end
19
+ #
20
+ # Once this is included in your controller, you'll need to add your credentials.
21
+ # Add them to config/application.rb like this:
22
+ #
23
+ # config.authbox = {
24
+ # :api_key => 'yourApiKey',
25
+ # :secret_key => 'yourSecret'
26
+ # }
27
+ #
28
+ # That's it! Authbox can start logging basic metadata immediately.
29
+ #
30
+ # To get the most out of Authbox you should tell us who your users are. You do
31
+ # this by overriding the authbox_get_request_data() method on the controller.
32
+ # Here's how you would tell Authbox about your users while using Devise:
33
+ #
34
+ # class ApplicationController < ActionController::Base
35
+ # include Authbox
36
+ #
37
+ # def authbox_get_request_data
38
+ # return {
39
+ # '$user' => {
40
+ # '$creationTime' => current_user.created_at,
41
+ # '$userIDs' => [
42
+ # {'$type' => '$email', '$key' => current_user.email}
43
+ # ]
44
+ # }
45
+ # }
46
+ # end
47
+ # end
48
+
49
+ module Authbox
50
+ extend ActiveSupport::Concern
51
+
52
+ ##
53
+ # Report a custom action to Authbox.
54
+ # If this is not called during a request, an $unknown action
55
+ # will be logged. See the documentation for what information
56
+ # you can pass here in the features hash.
57
+ def authbox_log(features={})
58
+ return authbox_request(features, true)
59
+ end
60
+
61
+ ##
62
+ # Override me to inject a custom HTTP POST library
63
+ def authbox_post_form(uri, body)
64
+ req = Net::HTTP::Post.new(uri.path, initheader = {'Content-Type' =>'application/json'})
65
+ req.body = body.to_json
66
+
67
+ return Net::HTTP.start(uri.host, uri.port, :use_ssl => uri.scheme == 'https') do |http|
68
+ begin
69
+ http.request(req)
70
+ rescue => e
71
+ logger.warn 'AUTHBOX: HTTP request error: #{e}'
72
+ end
73
+ end
74
+ end
75
+
76
+ ##
77
+ # Override me to return additional data for the request
78
+ # (like the user)
79
+ def authbox_get_request_data
80
+ return {}
81
+ end
82
+
83
+ private
84
+
85
+ def self.authbox_pool
86
+ if @authbox_pool.nil?
87
+ @authbox_pool = Thread.pool(Rails.configuration.authbox[:threads] || 5)
88
+ end
89
+ return @authbox_pool
90
+ end
91
+
92
+ def authbox_get_cookie(cookie_type)
93
+ sha256 = Digest::SHA256.new
94
+ return sha256.hexdigest(
95
+ 'authbox:' + cookie_type + ':' + Rails.configuration.authbox[:api_key]
96
+ )
97
+ end
98
+
99
+ def authbox_get_endpoint
100
+ return Rails.configuration.authbox[:endpoint] || 'https://api.authbox.io/api'
101
+ end
102
+
103
+ def authbox_request(features, async)
104
+ if @authbox_requested
105
+ logger.warn 'authbox_log() already called'
106
+ return
107
+ end
108
+
109
+ @authbox_requested = true
110
+
111
+ cookie_name = authbox_get_cookie('local_machine_id')
112
+
113
+ if cookies[cookie_name].blank?
114
+ local_machine_id = SecureRandom.hex(32)
115
+ @authbox_insert_pixel = true
116
+ else
117
+ local_machine_id = cookies[cookie_name]
118
+ end
119
+
120
+ cookies[cookie_name] = {
121
+ :value => local_machine_id,
122
+ :expires => 2.years.from_now,
123
+ :httponly => true,
124
+ :domain => :all
125
+ }
126
+
127
+ if cookies[authbox_get_cookie('did_get_pixel')].blank?
128
+ @authbox_insert_pixel = true
129
+ end
130
+
131
+ remote_ip = request.remote_ip
132
+
133
+ body = {
134
+ '$actionName' => '$unknown',
135
+ '$localMachineID' => local_machine_id,
136
+ '$userAgent' => request.user_agent,
137
+ '$ipAddress' => remote_ip,
138
+ '$apiKey' => Rails.configuration.authbox[:api_key],
139
+ '$secretKey' => Rails.configuration.authbox[:secret_key]
140
+ }
141
+
142
+ body.merge!(authbox_get_request_data())
143
+ body.merge!(features)
144
+
145
+ base_uri = authbox_get_endpoint()
146
+ uri = URI(base_uri + '/action')
147
+
148
+ if async
149
+ Authbox.authbox_pool.process do
150
+ authbox_post_form(uri, body)
151
+ end
152
+ return
153
+ end
154
+
155
+ response = authbox_post_form(uri, body)
156
+
157
+ begin
158
+ return JSON.parse(response.body)
159
+ rescue => e
160
+ logger.warn "AUTHBOX: Error decoding body: #{e}"
161
+
162
+ # Fail open
163
+ return {'type' => 'ALLOW', 'info' => 'Error from server'}
164
+ end
165
+ end
166
+
167
+ included do
168
+ before_filter :authbox_before
169
+ after_filter :authbox_after
170
+ end
171
+
172
+ def authbox_before
173
+ @authbox_requested = false
174
+ @authbox_insert_pixel = rand() < 0.01
175
+ end
176
+
177
+ def authbox_after
178
+ if not @authbox_requested
179
+ authbox_log({})
180
+
181
+ if @authbox_insert_pixel and Rails.configuration.authbox.fetch(:enable_tracking_pixel, true)
182
+ endpoint = authbox_get_endpoint()
183
+ local_machine_id = cookies[authbox_get_cookie('local_machine_id')]
184
+ pixel_markup = "<iframe src='#{endpoint}/pixel?LMID=#{local_machine_id}' width='0' height='0' style='border: none' />"
185
+
186
+ prev_length = response.body.length
187
+ response.body = response.body.gsub(/(<\/body>)/i, pixel_markup + '\1')
188
+
189
+ if response.body.length > prev_length
190
+ # we actually inserted the pixel, so send the cookie
191
+ cookies[authbox_get_cookie('did_get_pixel')] = '1'
192
+ end
193
+ end
194
+ end
195
+ end
196
+ end
metadata ADDED
@@ -0,0 +1,84 @@
1
+ --- !ruby/object:Gem::Specification
2
+ name: authbox
3
+ version: !ruby/object:Gem::Version
4
+ version: 0.0.1
5
+ platform: ruby
6
+ authors:
7
+ - Authbox, Inc.
8
+ autorequire:
9
+ bindir: bin
10
+ cert_chain: []
11
+ date: 2014-11-20 00:00:00.000000000 Z
12
+ dependencies:
13
+ - !ruby/object:Gem::Dependency
14
+ name: thread
15
+ requirement: !ruby/object:Gem::Requirement
16
+ requirements:
17
+ - - "~>"
18
+ - !ruby/object:Gem::Version
19
+ version: 0.1.4
20
+ - - ">="
21
+ - !ruby/object:Gem::Version
22
+ version: 0.1.4
23
+ type: :runtime
24
+ prerelease: false
25
+ version_requirements: !ruby/object:Gem::Requirement
26
+ requirements:
27
+ - - "~>"
28
+ - !ruby/object:Gem::Version
29
+ version: 0.1.4
30
+ - - ">="
31
+ - !ruby/object:Gem::Version
32
+ version: 0.1.4
33
+ - !ruby/object:Gem::Dependency
34
+ name: rdoc
35
+ requirement: !ruby/object:Gem::Requirement
36
+ requirements:
37
+ - - "~>"
38
+ - !ruby/object:Gem::Version
39
+ version: 4.1.2
40
+ - - ">="
41
+ - !ruby/object:Gem::Version
42
+ version: 4.1.2
43
+ type: :development
44
+ prerelease: false
45
+ version_requirements: !ruby/object:Gem::Requirement
46
+ requirements:
47
+ - - "~>"
48
+ - !ruby/object:Gem::Version
49
+ version: 4.1.2
50
+ - - ">="
51
+ - !ruby/object:Gem::Version
52
+ version: 4.1.2
53
+ description: Authbox client
54
+ email: pete@authbox.io
55
+ executables: []
56
+ extensions: []
57
+ extra_rdoc_files: []
58
+ files:
59
+ - lib/authbox.rb
60
+ homepage: http://authbox.io/
61
+ licenses:
62
+ - MIT
63
+ metadata: {}
64
+ post_install_message:
65
+ rdoc_options: []
66
+ require_paths:
67
+ - lib
68
+ required_ruby_version: !ruby/object:Gem::Requirement
69
+ requirements:
70
+ - - ">="
71
+ - !ruby/object:Gem::Version
72
+ version: '0'
73
+ required_rubygems_version: !ruby/object:Gem::Requirement
74
+ requirements:
75
+ - - ">="
76
+ - !ruby/object:Gem::Version
77
+ version: '0'
78
+ requirements: []
79
+ rubyforge_project:
80
+ rubygems_version: 2.2.2
81
+ signing_key:
82
+ specification_version: 4
83
+ summary: Authbox
84
+ test_files: []