bard-api 0.1.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: 88e72bcfdbda52d9fe76f647c7f29b18f6610c755c416728dfa4d5333f8b45e5
+  data.tar.gz: 55a480c5e5e72e4041c3bf9a1eb973104af8b40da1d31a1c9eb289ab5eb97ac8
+SHA512:
+  metadata.gz: c64aaf163b756bc6f02286ecccca3aed8fc1835b15fc7b991fb9eed9662e187bdfc74802cf624c578759894de0967c83a69f0a27d7d739dffa9f351808c148a1
+  data.tar.gz: ab6a6c87a4ae2a692cdb3039fb087749b882eeb7cb1c0599c9b6eba9a221c3243cab4b3c78a118438c9a03ca8a951a5ff4cd8a3f3e11d1f7795a3c67e1c37414

data/.rspec

@@ -0,0 +1,3 @@
+--format documentation
+--color
+--require spec_helper

data/LICENSE.txt

@@ -0,0 +1,21 @@
+The MIT License (MIT)
+
+Copyright (c) 2025 Micah Geisel
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.

data/README.md

@@ -0,0 +1,105 @@
+# Bard::Api
+
+REST API for BARD-managed Rails projects. This gem provides a lightweight Rack application that mounts in Rails projects to expose management endpoints for BARD Tracker.
+
+## Overview
+
+The bard-api gem enables BARD Tracker to manage Rails applications through a REST API. It provides:
+
+- **Database backups**: Trigger and monitor database backups using Backhoe
+- **Health monitoring**: Check application status
+
+## Usage
+
+### Mounting in Rails
+
+Add to your `config/routes.rb`:
+
+```ruby
+mount Bard::Api::App.new => "/bard-api"
+```
+
+This makes the API available at `/bard-api/*` endpoints.
+
+### Endpoints
+
+#### GET /bard-api/health
+
+Health check endpoint (no authentication required).
+
+**Response:**
+```json
+{
+  "status": "ok"
+}
+```
+
+#### POST /bard-api/backups
+
+Trigger a backup (requires JWT authentication).
+
+**Headers:**
+```
+Authorization: Bearer <jwt-token>
+```
+
+**Request:**
+```json
+{
+  "urls": [
+    "https://s3.amazonaws.com/presigned-url..."
+  ]
+}
+```
+
+**Response (200 OK):**
+```json
+{
+  "timestamp": "2025-12-06T10:30:00Z",
+  "size": 123456789,
+  "destinations": [
+    {
+      "name": "bard",
+      "type": "bard",
+      "status": "success"
+    }
+  ]
+}
+```
+
+#### GET /bard-api/backups/latest
+
+Get status of most recent backup (requires JWT authentication).
+
+**Headers:**
+```
+Authorization: Bearer <jwt-token>
+```
+
+**Response (200 OK):**
+```json
+{
+  "timestamp": "2025-12-06T10:30:00Z",
+  "size": 123456789,
+  "destinations": [
+    {
+      "name": "primary",
+      "type": "s3",
+      "status": "success"
+    }
+  ]
+}
+```
+
+### Authentication
+
+The API uses JWT with asymmetric RSA keys for authentication. The public key is embedded in the gem, and only BARD Tracker with the private key can create valid tokens.
+
+Tokens expire after 5 minutes and must include:
+- `urls`: Array of presigned S3 URLs for backup destinations
+- `exp`: Expiration timestamp
+- `iat`: Issued at timestamp
+
+## License
+
+The gem is available as open source under the terms of the [MIT License](https://opensource.org/licenses/MIT).

data/Rakefile

@@ -0,0 +1,8 @@
+# frozen_string_literal: true
+
+require "bundler/gem_tasks"
+require "rspec/core/rake_task"
+
+RSpec::Core::RakeTask.new(:spec)
+
+task default: :spec

data/config.ru

@@ -0,0 +1,5 @@
+# frozen_string_literal: true
+
+require_relative "lib/bard/api"
+
+run Bard::Api::App.new

data/lib/bard/api/app.rb

@@ -0,0 +1,88 @@
+# frozen_string_literal: true
+
+require "rack"
+require "json"
+require_relative "auth"
+require_relative "backup"
+
+module Bard
+  module Api
+    class App
+      def call(env)
+        request = Rack::Request.new(env)
+        method = request.request_method
+        path = request.path_info
+
+        case [method, path]
+        when ["GET", "/health"]
+          health(request)
+        when ["POST", "/backups"]
+          create_backup(request)
+        when ["GET", "/backups/latest"]
+          latest_backup(request)
+        else
+          not_found
+        end
+      rescue => e
+        internal_error(e)
+      end
+
+      private
+
+      def health(request)
+        json_response(200, { status: "ok" })
+      end
+
+      def create_backup(request)
+        with_auth(request) do |payload|
+          # Extract URLs from the JWT payload
+          urls = payload["urls"]
+          raise "Missing 'urls' in token payload" if urls.nil? || urls.empty?
+
+          # Perform the backup
+          backup = Backup.new
+          result = backup.perform(urls)
+
+          json_response(200, result)
+        end
+      rescue => e
+        json_response(500, { error: "Backup failed: #{e.message}" })
+      end
+
+      def latest_backup(request)
+        with_auth(request) do
+          # Get the latest backup status
+          backup = Backup.new
+          result = backup.latest
+
+          if result
+            json_response(200, result)
+          else
+            json_response(404, { error: "No backups found" })
+          end
+        end
+      rescue => e
+        json_response(500, { error: e.message })
+      end
+
+      def with_auth(request)
+        payload = Auth.verify!(request.env["HTTP_AUTHORIZATION"])
+        yield payload
+      rescue Auth::AuthenticationError => e
+        json_response(401, { error: "Unauthorized: #{e.message}" })
+      end
+
+      def json_response(status, body)
+        Rack::Response.new(body.to_json, status, { "Content-Type" => "application/json" }).finish
+      end
+
+      def not_found
+        json_response(404, { error: "Not found" })
+      end
+
+      def internal_error(e)
+        json_response(500, { error: "Internal server error: #{e.message}" })
+      end
+    end
+  end
+end

data/lib/bard/api/auth.rb

@@ -0,0 +1,56 @@
+# frozen_string_literal: true
+
+require "jwt"
+
+module Bard
+  module Api
+    class Auth
+      # BARD Tracker's public RSA key for JWT verification
+      # This public key can be safely included in the open-source gem
+      # Only BARD Tracker with the private key can create valid tokens
+      BARD_PUBLIC_KEY = OpenSSL::PKey::RSA.new(<<~KEY)
+        -----BEGIN PUBLIC KEY-----
+        MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyWnrycx4wOR8Hm73F60L
+        x0iadR9+r40BRvUPGApg21fxMrNa263rH0nM+W8BX44YpusA1yEbxchbh6lvz7J7
+        msjwBgqmpUaSZrSDapoGm7D0bTmXPun84BvFbw0GGOP3K0FYfl859ylaqKw1LyxW
+        +b6OK7ccOAM6LmAcILTL9ox4e87SLctXc/Nu8I2Fcj4U83q8chgbtu2JsrqfP8sH
+        do0B/dOZRP3Ciwu2tPkwggBVKxGs4dIrXQzjCs7EhKYGGwKa4nyI2/IONebq0w9Q
+        QRkn7oivSUNXW3Y+iznoapwgo5c5IO82OrfaQ2tGMvhqtzDa3KNY96ebVCX8HHV/
+        gQIDAQAB
+        -----END PUBLIC KEY-----
+      KEY
+
+      class AuthenticationError < StandardError; end
+
+      def initialize(token)
+        @token = token
+      end
+
+      def verify!
+        raise AuthenticationError, "Missing authorization token" if @token.nil? || @token.empty?
+
+        # Remove 'Bearer ' prefix if present
+        token = @token.start_with?("Bearer ") ? @token[7..] : @token
+
+        # Decode and verify the JWT
+        payload = JWT.decode(
+          token,
+          BARD_PUBLIC_KEY,
+          true,
+          algorithm: "RS256"
+        ).first
+
+        # Return the payload for use by the caller
+        payload
+      rescue JWT::ExpiredSignature
+        raise AuthenticationError, "Token has expired"
+      rescue JWT::DecodeError => e
+        raise AuthenticationError, "Invalid token: #{e.message}"
+      end
+
+      def self.verify!(token)
+        new(token).verify!
+      end
+    end
+  end
+end

data/lib/bard/api/backup.rb

@@ -0,0 +1,95 @@
+# frozen_string_literal: true
+
+require "backhoe"
+require "http"
+require "time"
+require "fileutils"
+
+module Bard
+  module Api
+    class Backup
+      class BackupError < StandardError; end
+
+      # Perform a backup to the specified URLs
+      def perform(urls)
+        raise BackupError, "No URLs provided" if urls.nil? || urls.empty?
+
+        timestamp = Time.now.utc
+        destinations = []
+        errors = []
+
+        # Create temp file with timestamp
+        filename = "#{timestamp.iso8601}.sql.gz"
+        temp_path = "/tmp/#{filename}"
+
+        begin
+          # Dump database to temp file using Backhoe
+          Backhoe.dump(temp_path)
+
+          # Get file size
+          file_size = File.size(temp_path)
+
+          # Upload to all URLs in parallel
+          threads = urls.map do |url|
+            Thread.new do
+              begin
+                upload_to_url(url, temp_path)
+                {
+                  name: "bard",
+                  type: "bard",
+                  status: "success"
+                }
+              rescue => e
+                errors << e
+                {
+                  name: "bard",
+                  type: "bard",
+                  status: "failed",
+                  error: e.message
+                }
+              end
+            end
+          end
+
+          # Wait for all uploads to complete
+          destinations = threads.map(&:value)
+        ensure
+          # Clean up temp file
+          FileUtils.rm_f(temp_path)
+        end
+
+        # Store backup metadata
+        @last_backup = {
+          timestamp: timestamp.iso8601,
+          size: file_size,
+          destinations: destinations
+        }
+
+        # Raise error if any destination failed
+        unless errors.empty?
+          raise BackupError, "Some destinations failed: #{errors.map(&:message).join(", ")}"
+        end
+
+        @last_backup
+      end
+
+      # Get the latest backup status
+      def latest
+        # TODO: Retrieve from database instead of instance variable
+        @last_backup
+      end
+
+      private
+
+      def upload_to_url(url, file_path)
+        File.open(file_path, "rb") do |file|
+          response = HTTP.put(url, body: file)
+
+          unless response.status.success?
+            raise BackupError, "Upload failed with status #{response.status}: #{response.body}"
+          end
+        end
+      end
+    end
+  end
+end

data/lib/bard/api/version.rb

@@ -0,0 +1,7 @@
+# frozen_string_literal: true
+
+module Bard
+  module Api
+    VERSION = "0.1.0"
+  end
+end

data/lib/bard/api.rb

@@ -0,0 +1,12 @@
+# frozen_string_literal: true
+
+require_relative "api/version"
+require_relative "api/auth"
+require_relative "api/backup"
+require_relative "api/app"
+
+module Bard
+  module Api
+    class Error < StandardError; end
+  end
+end

metadata

@@ -0,0 +1,123 @@
+--- !ruby/object:Gem::Specification
+name: bard-api
+version: !ruby/object:Gem::Version
+  version: 0.1.0
+platform: ruby
+authors:
+- Micah Geisel
+bindir: exe
+cert_chain: []
+date: 2025-12-07 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: jwt
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.7'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.7'
+- !ruby/object:Gem::Dependency
+  name: rack
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.0'
+- !ruby/object:Gem::Dependency
+  name: http
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '5.0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '5.0'
+- !ruby/object:Gem::Dependency
+  name: backhoe
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.10'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.10'
+- !ruby/object:Gem::Dependency
+  name: rack-test
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.1'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.1'
+description: Rack app that mounts in Rails projects to expose management endpoints
+  for BARD Tracker
+email:
+- micah@botandrose.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- ".rspec"
+- LICENSE.txt
+- README.md
+- Rakefile
+- config.ru
+- lib/bard/api.rb
+- lib/bard/api/app.rb
+- lib/bard/api/auth.rb
+- lib/bard/api/backup.rb
+- lib/bard/api/version.rb
+homepage: https://github.com/botandrose/bard-api
+licenses:
+- MIT
+metadata:
+  homepage_uri: https://github.com/botandrose/bard-api
+  source_code_uri: https://github.com/botandrose/bard-api
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: 3.1.0
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubygems_version: 3.6.2
+specification_version: 4
+summary: REST API for BARD-managed Rails projects
+test_files: []