authify-api 0.0.5

data/lib/authify/api/models/organization_membership.rb

@@ -0,0 +1,16 @@
+module Authify
+  module API
+    module Models
+      # Linkage between Organizations and users
+      class OrganizationMembership < ActiveRecord::Base
+        include JSONAPIUtils
+
+        belongs_to :organization,
+                   class_name: 'Authify::API::Models::Organization'
+
+        belongs_to :user,
+                   class_name: 'Authify::API::Models::User'
+      end
+    end
+  end
+end

data/lib/authify/api/models/trusted_delegate.rb

@@ -0,0 +1,44 @@
+module Authify
+  module API
+    module Models
+      # Trusted Delegates are remote applications that can do anything
+      class TrustedDelegate < ActiveRecord::Base
+        include Core::SecureHashing
+        extend Core::SecureHashing
+
+        attr_reader :secret_key
+
+        validates_uniqueness_of :name
+        validates_uniqueness_of :access_key
+
+        def secret_key=(unencrypted_string)
+          @secret_key = unencrypted_string
+          self.secret_key_digest = salted_sha512(unencrypted_string) if viable(unencrypted_string)
+        end
+
+        def compare_secret(unencrypted_string)
+          compare_salted_sha512(unencrypted_string, secret_key_digest)
+        end
+
+        def set_secret!
+          self.secret_key = self.class.generate_access_key + self.class.generate_access_key
+        end
+
+        def self.generate_access_key
+          to_hex(SecureRandom.gen_random(32))[0...32]
+        end
+
+        def self.from_access_key(access, secret)
+          trusted_delegate = find_by_access_key(access)
+          trusted_delegate if trusted_delegate && trusted_delegate.compare_secret(secret)
+        end
+
+        private
+
+        def viable(string)
+          string && !string.empty?
+        end
+      end
+    end
+  end
+end

data/lib/authify/api/models/user.rb

@@ -0,0 +1,73 @@
+module Authify
+  module API
+    module Models
+      # A User of the system
+      class User < ActiveRecord::Base
+        include Core::SecureHashing
+        include JSONAPIUtils
+
+        attr_reader :password
+
+        validates_uniqueness_of :email
+        validates_format_of :email, with: /[-a-z0-9_+\.+]+\@([-a-z0-9]+\.)+[a-z0-9]{2,4}/i
+
+        validates_presence_of :password_digest
+
+        has_many :api_keys,
+                 class_name: 'Authify::API::Models::APIKey',
+                 dependent: :destroy
+
+        has_many :identities,
+                 class_name: 'Authify::API::Models::Identity',
+                 dependent: :destroy
+
+        has_many :organization_memberships,
+                 class_name: 'Authify::API::Models::OrganizationMembership',
+                 dependent: :destroy
+
+        has_many :organizations,
+                 through: :organization_memberships,
+                 class_name: 'Authify::API::Models::Organization'
+
+        has_and_belongs_to_many :groups,
+                                class_name: 'Authify::API::Models::Group'
+
+        # Encrypts the password into the password_digest attribute.
+        def password=(plain_password)
+          @password = plain_password
+          self.password_digest = salted_sha512(plain_password) if viable(plain_password)
+        end
+
+        def authenticate(unencrypted_password)
+          return false unless unencrypted_password && !unencrypted_password.empty?
+          compare_salted_sha512(unencrypted_password, password_digest)
+        end
+
+        def admin_for?(organization)
+          organization.admins.include?(self)
+        end
+
+        def self.from_api_key(access, secret)
+          key = APIKey.find_by_access_key(access)
+          key.user if key && key.compare_secret(secret)
+        end
+
+        def self.from_email(email, password)
+          found_user = Models::User.find_by_email(email)
+          found_user if found_user && found_user.authenticate(password)
+        end
+
+        def self.from_identity(provider, uid)
+          provided_identity = Identity.find_by_provider_and_uid(provider, uid)
+          provided_identity.user if provided_identity
+        end
+
+        private
+
+        def viable(string)
+          string && !string.empty?
+        end
+      end
+    end
+  end
+end

data/lib/authify/api/serializers/api_key_serializer.rb

@@ -0,0 +1,13 @@
+module Authify
+  module API
+    module Serializers
+      # JSON API Serializer for APIKey model
+      class APIKeySerializer
+        include JSONAPI::Serializer
+
+        attribute :access_key
+        has_one :user
+      end
+    end
+  end
+end

data/lib/authify/api/serializers/group_serializer.rb

@@ -0,0 +1,15 @@
+module Authify
+  module API
+    module Serializers
+      # JSON API Serializer for Group model
+      class GroupSerializer
+        include JSONAPI::Serializer
+
+        attribute :name
+        attribute :description
+        has_one :organization
+        has_many :users
+      end
+    end
+  end
+end

data/lib/authify/api/serializers/organization_serializer.rb

@@ -0,0 +1,15 @@
+module Authify
+  module API
+    module Serializers
+      # JSON API Serializer for Organization model
+      class OrganizationSerializer
+        include JSONAPI::Serializer
+
+        attribute :name
+        attribute :description
+        has_many :groups
+        has_many :users
+      end
+    end
+  end
+end

data/lib/authify/api/serializers/user_serializer.rb

@@ -0,0 +1,17 @@
+module Authify
+  module API
+    module Serializers
+      # JSON API Serializer for User model
+      class UserSerializer
+        include JSONAPI::Serializer
+
+        attribute :email
+        attribute :full_name
+        has_many :api_keys
+        has_many :groups
+        has_many :organizations
+        has_many :identities
+      end
+    end
+  end
+end

data/lib/authify/api/service.rb

@@ -0,0 +1,11 @@
+module Authify
+  module API
+    # Base class for building Sinatra apps (web services)
+    class Service < Sinatra::Base
+      helpers Helpers::JWTEncryption
+      register Sinatra::ActiveRecordExtension
+
+      set :database, CONFIG[:db]
+    end
+  end
+end

data/lib/authify/api/services/api.rb

@@ -0,0 +1,58 @@
+module Authify
+  module API
+    module Services
+      # The main API Sinatra App
+      class API < Service
+        use Middleware::JWTAuth
+        register Sinatra::JSONAPI
+
+        configure do
+          set :protection, except: :http_origin
+        end
+
+        # rubocop:disable Metrics/BlockLength
+        before '*' do
+          headers 'Access-Control-Allow-Origin' => '*',
+                  'Access-Control-Allow-Methods' => %w(
+                    OPTIONS
+                    DELETE
+                    GET
+                    PATCH
+                    POST
+                    PUT
+                  )
+
+          unless env[:authenticated]
+            processed_headers = request.env.dup.each_with_object({}) do |(k, v), acc|
+              acc[Regexp.last_match(1).downcase] = v if k =~ /^http_(.*)/i
+            end
+            if processed_headers.key?('x_authify_access')
+              access = processed_headers['x_authify_access']
+              secret = processed_headers['x_authify_secret']
+              remote_app = Models::TrustedDelegate.from_access_key(access, secret)
+              env[:authenticated] = true if remote_app
+
+              if remote_app && processed_headers.key?('x_authify_on_behalf_of')
+                @current_user = Models::User.find_by_email(
+                  processed_headers['x_authify_on_behalf_of']
+                )
+              end
+            end
+          end
+          unless env[:authenticated]
+            halt 401, env[:authentication_errors].map(&:message).join(', ')
+          end
+        end
+
+        helpers Helpers::APIUser
+
+        resource :api_keys, &Controllers::APIKey
+        resource :groups, &Controllers::Group
+        resource :organizations, &Controllers::Organization
+        resource :users, &Controllers::User
+
+        freeze_jsonapi
+      end
+    end
+  end
+end

data/lib/authify/api/services/jwt_provider.rb

@@ -0,0 +1,61 @@
+module Authify
+  module API
+    module Services
+      # A Sinatra App specifically for managing JWT tokens
+      class JWTProvider < Service
+        helpers Helpers::APIUser
+
+        configure do
+          set :protection, except: :http_origin
+        end
+
+        before '*' do
+          content_type 'application/json'
+          headers 'Access-Control-Allow-Origin' => '*',
+                  'Access-Control-Allow-Methods' => %w(
+                    OPTIONS
+                    GET
+                    POST
+                  )
+
+          begin
+            unless request.get? || request.options?
+              request.body.rewind
+              @parsed_body = JSON.parse(request.body.read)
+            end
+          rescue => e
+            halt(400, { error: "Request must be valid JSON: #{e.message}" }.to_json)
+          end
+        end
+
+        post '/token' do
+          # For CLI / Typical API clients
+          access = @parsed_body['access_key']
+          secret = @parsed_body['secret_key']
+          # For Web UIs
+          email = @parsed_body['email']
+          password = @parsed_body['password']
+
+          found_user = if access
+                         Models::User.from_api_key(access, secret)
+                       elsif email
+                         Models::User.from_email(email, password)
+                       end
+
+          if found_user
+            update_current_user found_user
+            { jwt: jwt_token }.to_json
+          else
+            halt 401
+          end
+        end
+
+        get '/key' do
+          content_type 'application/x-pem-file'
+          headers['Content-Disposition'] = 'attachment;filename=public_key.pem'
+          public_key.export
+        end
+      end
+    end
+  end
+end

data/lib/authify/api/version.rb

@@ -0,0 +1,9 @@
+module Authify
+  module API
+    VERSION = [
+      0, # Major
+      0, # Minor
+      5  # Patch
+    ].join('.')
+  end
+end

metadata

@@ -0,0 +1,324 @@
+--- !ruby/object:Gem::Specification
+name: authify-api
+version: !ruby/object:Gem::Version
+  version: 0.0.5
+platform: ruby
+authors:
+- Jonathan Gnagy
+autorequire: 
+bindir: exe
+cert_chain: []
+date: 2017-02-07 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: authify-core
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: authify-middleware
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: connection_pool
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.2'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.2'
+- !ruby/object:Gem::Dependency
+  name: sinatra
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.4'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.4'
+- !ruby/object:Gem::Dependency
+  name: sinatra-activerecord
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.0'
+- !ruby/object:Gem::Dependency
+  name: moneta
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.8'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.8'
+- !ruby/object:Gem::Dependency
+  name: mysql2
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.4'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.4'
+- !ruby/object:Gem::Dependency
+  name: jsonapi-serializers
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.16'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.16'
+- !ruby/object:Gem::Dependency
+  name: sinja
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.2'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.2'
+- !ruby/object:Gem::Dependency
+  name: puma
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.7'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.7'
+- !ruby/object:Gem::Dependency
+  name: bundler
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.12'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.12'
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '10.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '10.0'
+- !ruby/object:Gem::Dependency
+  name: rspec
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.1'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.1'
+- !ruby/object:Gem::Dependency
+  name: rubocop
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.35'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.35'
+- !ruby/object:Gem::Dependency
+  name: yard
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.8'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.8'
+- !ruby/object:Gem::Dependency
+  name: travis
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.8'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.8'
+- !ruby/object:Gem::Dependency
+  name: simplecov
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.13'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.13'
+description: 
+email:
+- jgnagy@knuedge.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- ".gitignore"
+- ".rspec"
+- ".rubocop.yml"
+- ".travis.yml"
+- Gemfile
+- LICENSE.txt
+- README.md
+- Rakefile
+- authify-api.gemspec
+- bin/console
+- bin/setup
+- config.ru
+- db/migrate/20170201213901_create_users.rb
+- db/migrate/20170201220029_create_api_keys.rb
+- db/migrate/20170202004557_create_identities.rb
+- db/migrate/20170203231922_create_organizations_and_organization_memberships.rb
+- db/migrate/20170203231929_create_groups.rb
+- db/migrate/20170204001405_create_trusted_delegates.rb
+- db/schema.rb
+- lib/authify/api.rb
+- lib/authify/api/controllers/api_key.rb
+- lib/authify/api/controllers/group.rb
+- lib/authify/api/controllers/organization.rb
+- lib/authify/api/controllers/user.rb
+- lib/authify/api/helpers/api_user.rb
+- lib/authify/api/helpers/jwt_encryption.rb
+- lib/authify/api/jsonapi_utils.rb
+- lib/authify/api/models/api_key.rb
+- lib/authify/api/models/group.rb
+- lib/authify/api/models/identity.rb
+- lib/authify/api/models/organization.rb
+- lib/authify/api/models/organization_membership.rb
+- lib/authify/api/models/trusted_delegate.rb
+- lib/authify/api/models/user.rb
+- lib/authify/api/serializers/api_key_serializer.rb
+- lib/authify/api/serializers/group_serializer.rb
+- lib/authify/api/serializers/organization_serializer.rb
+- lib/authify/api/serializers/user_serializer.rb
+- lib/authify/api/service.rb
+- lib/authify/api/services/api.rb
+- lib/authify/api/services/jwt_provider.rb
+- lib/authify/api/version.rb
+homepage: https://github.com/knuedge/authify-api
+licenses:
+- MIT
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - "~>"
+    - !ruby/object:Gem::Version
+      version: '2.0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.5.1
+signing_key: 
+specification_version: 4
+summary: Authify API Server library
+test_files: []