bows 0.0.1

data/lib/ribbon/intercom/service/channel.rb

@@ -0,0 +1,203 @@
+require 'securerandom'
+require 'bcrypt'
+
+module Ribbon::Intercom
+  class Service
+    class Channel
+      autoload(:Stores, 'ribbon/intercom/service/channel/stores')
+
+      include BCrypt
+
+      attr_reader :name
+      attr_reader :store
+      attr_reader :token
+      attr_reader :signing_keys
+      attr_reader :secret_hash_crt
+      attr_reader :secret_hash_prv
+
+      def initialize(store, params={})
+        @store = store
+        @name = params[:name] or raise Errors::ChannelNameMissingError
+        @token = params[:token]
+        refresh(params)
+      end
+
+      ##
+      # Refreshes the channel. To be called by the store after obtaining a lock.
+      def refresh(params={})
+        @secret_hash_crt = params[:secret_hash_crt]
+        @secret_hash_prv = params[:secret_hash_prv]
+        @signing_keys = params[:signing_keys] || {}
+
+        @_allowed_to = nil
+        may(*params.fetch(:may, []))
+      end
+
+      def rotate_secret
+        SecureRandom.hex(16).tap { |secret|
+          @secret_hash_prv = secret_hash_crt
+          @secret_hash_crt = Password.create(secret)
+        }
+      end
+
+      def rotate_secret!
+        rotate_secret.tap { save }
+      end
+
+      def sign(data)
+        key_id, key = _signing_key
+        "\x01" + [key_id].pack('N') + Utils::Signer.new(key).sign(data)
+      end
+
+      def verify(signed_data)
+        key_id = signed_data.slice(1, 4).unpack('N').first
+
+        if (key=_retrieve_signing_key(key_id))
+          Utils::Signer.new(key).verify(signed_data[5..-1])
+        end
+      end
+
+      def may(*args)
+        (@_allowed_to ||= Hash.new(false)).merge!(
+          Hash[
+            args.map { |perm| [perm.to_s, true] }
+          ]
+        ).keys.to_set
+      end
+
+      def may!(*args)
+        may(*args).tap { save }
+      end
+
+      def may?(*perms)
+        perms.all? { |perm| _may?(perm) }
+      end
+
+      def permissions
+        @_allowed_to.keys.to_set
+      end
+
+      def valid_secret?(secret)
+        !!secret && (secret_crt == secret || secret_prv == secret)
+      end
+
+      def secret_crt
+        @__secret_crt ||= _to_bcrypt_pw(secret_hash_crt)
+      end
+
+      def secret_prv
+        @__secret_prv ||= _to_bcrypt_pw(secret_hash_prv)
+      end
+
+      def with_lock(&block)
+        store.with_lock(self, &block)
+      end
+
+      def save
+        # Loop until unique
+        unless token
+          loop { break unless store.token_exists?(@token = SecureRandom.hex(4)) }
+        end
+
+        _run_validations
+        store.persist(self)
+      end
+
+      def close
+        store.delete(self)
+      end
+
+      def ==(other)
+        other.is_a?(Channel) &&
+          name == other.name &&
+          store == other.store &&
+          token == other.token &&
+          secret_crt.to_s == other.secret_crt.to_s &&
+          secret_prv.to_s == other.secret_prv.to_s &&
+          permissions == other.permissions
+      end
+
+      private
+
+      def _may?(required_perm)
+        permissions.any? { |perm|
+          regex = /\A#{Regexp.escape(perm).gsub('\*', '.*')}\z/
+          regex.match(required_perm)
+        }
+      end
+
+      def _to_bcrypt_pw(pw)
+        Password.new(pw) if pw && !pw.empty?
+      end
+
+      def _run_validations
+        raise Errors::ChannelNameMissingError unless name
+        raise Errors::ChannelTokenMissingError unless token
+        raise Errors::ChannelSecretMissingError unless secret_hash_crt
+      end
+
+      def _latest_signing_key_id
+        ((signing_keys || {}).sort_by { |k, v| v[:timestamp] }.last || []).first
+      end
+
+      def _retrieve_signing_key(key_id)
+        (data=_retrieve_signing_key_data(key_id)) && data[:key]
+      end
+
+      def _retrieve_signing_key_data(key_id)
+        if key_id && (data=signing_keys[key_id])
+          data.merge(key_id: key_id)
+        else
+          {}
+        end
+      end
+
+      ##
+      # Returns whether the key is expired. Optionally, an offset may be specified
+      # to expire the key earlier or later.
+      def _signing_key_expired?(key_id)
+        _signing_key_ttl(key_id) <= 0
+      end
+
+      def _signing_key_ttl(key_id, ttl=3600)
+        timestamp = _retrieve_signing_key_data(key_id)[:timestamp]
+        (timestamp && (ttl - (Time.now.to_i - timestamp))).to_i
+      end
+
+      ##
+      # Retrieve the latest signing key or generate a new one if the latest has
+      # expired (older than 1 hour).
+      def _signing_key
+        latest_id = _latest_signing_key_id
+
+        # Refresh the key if the current key has less than 5 minutes to live.
+        if _signing_key_ttl(latest_id) < 300
+          with_lock {
+            latest_id = _latest_signing_key_id
+
+            if _signing_key_ttl(latest_id) < 300
+              latest_id = _add_signing_key
+              _delete_expired_signing_keys
+              save # Need to persist changes to signing keys.
+            end
+          }
+        end
+
+        [latest_id, _retrieve_signing_key(latest_id)]
+      end
+
+      def _add_signing_key
+        (_latest_signing_key_id.to_i + 1).tap { |key_id|
+          signing_keys[key_id] = {
+            key: Utils::Signer.random_key,
+            timestamp: Time.now.to_i
+          }
+        }
+      end
+
+      def _delete_expired_signing_keys
+        signing_keys.reject! { |key_id| _signing_key_expired?(key_id) }
+      end
+    end # Service
+  end # Channel
+end # Ribbon::Intercom

data/lib/ribbon/intercom/service/channel/stores.rb

@@ -0,0 +1,9 @@
+module Ribbon::Intercom
+  class Service::Channel
+    module Stores
+      autoload(:Store, 'ribbon/intercom/service/channel/stores/store')
+      autoload(:RedisStore, 'ribbon/intercom/service/channel/stores/redis_store')
+      autoload(:MockStore, 'ribbon/intercom/service/channel/stores/mock_store')
+    end # Stores
+  end # Service::Channel
+end # Ribbon::Intercom

data/lib/ribbon/intercom/service/channel/stores/mock_store.rb

@@ -0,0 +1,40 @@
+module Ribbon::Intercom
+  class Service
+    module Channel::Stores
+      class MockStore < Store
+        def channels
+          @__channels ||= {}
+        end
+
+        def lock
+          @__lock ||= Mutex.new
+        end
+
+        def token_exists?(token)
+          channels.key?(token)
+        end
+
+        def lookup_channel(token)
+          channels[token]
+        end
+
+        def persist(channel)
+          raise Errors::InvalidChannelError, channel.inspect unless channel.is_a?(Channel)
+          channels[channel.token] = channel
+        end
+
+        def delete(channel)
+          raise Errors::InvalidChannelError, channel.inspect unless channel.is_a?(Channel)
+          channels.delete(channel.token)
+          nil
+        end
+
+        def with_lock(channel, &block)
+          # This is a global lock, not a per-channel lock, but this store is only
+          # for testing so let's KISS.
+          lock.synchronize(&block)
+        end
+      end # RedisStore
+    end # Channel::Stores
+  end # Service
+end # Ribbon::Intercom

data/lib/ribbon/intercom/service/channel/stores/redis_store.rb

@@ -0,0 +1,196 @@
+require 'redis'
+require 'securerandom'
+require 'base64'
+
+module Ribbon::Intercom
+  class Service
+    module Channel::Stores
+      class RedisStore < Store
+        def initialize(params={})
+          if params[:url]
+            @_redis = Redis.new(url: params[:url])
+          elsif params[:redis]
+            @_redis = params[:redis]
+          else
+            raise Errors::InvalidStoreParamsError
+          end
+        end
+
+        def token_exists?(token)
+          @_redis.exists("channel:#{token}")
+        end
+
+        def lookup_channel(token)
+          if (data=_load_data(token))
+            Channel.new(self, data)
+          end
+        end
+
+        def persist(channel)
+          raise Errors::InvalidChannelError, channel.inspect unless channel.is_a?(Channel)
+
+          channel.tap { |channel|
+            data_hash = {}
+            [:name, :token, :secret_hash_crt, :secret_hash_prv].each { |key|
+              value = channel.send(key)
+              data_hash[key] = value if value
+            }
+
+            # Save channel data as hash
+            @_redis.mapped_hmset(_key_name(channel), data_hash)
+
+            # Associate permissions set to its channel
+            channel.permissions.each { |p|
+              @_redis.sadd(_key_name(channel, 'permissions'), p)
+            }
+
+            # Save signing keys
+            key_hash = Hash[
+              channel.signing_keys.map { |key_id, data|
+                [key_id, Base64.strict_encode64(Marshal.dump(data))]
+              }
+            ]
+
+            @_redis.mapped_hmset(_key_name(channel, 'signing_keys'), key_hash) unless key_hash.empty?
+          }
+        end
+
+        def delete(channel)
+          raise Errors::InvalidChannelError, channel.inspect unless channel.is_a?(Channel)
+
+          @_redis.del(_key_name(channel))
+          @_redis.del(_key_name(channel, 'permissions'))
+          nil
+        end
+
+        def with_lock(channel, ttl=1000)
+          Mutex.new(@_redis, _key_name(channel, 'lock')).synchronize(ttl) { |validity|
+            start_time = Mutex.time_in_ms
+            channel.refresh(_load_data(channel.token))
+            yield validity - (Mutex.time_in_ms - start_time)
+          }
+        end
+
+        private
+
+        def _load_data(token)
+          channel_data_future = nil
+          permissions_future  = nil
+          signing_keys_future = nil
+
+          @_redis.pipelined {
+            channel_data_future = @_redis.hgetall(_key_name(token))
+            permissions_future  = @_redis.smembers(_key_name(token, 'permissions'))
+            signing_keys_future = @_redis.hgetall(_key_name(token, 'signing_keys'))
+          }
+
+          channel_data = channel_data_future.value
+
+          if channel_data && !channel_data.empty?
+            permissions = permissions_future.value
+
+            signing_keys = signing_keys_future.value.map { |key_id, data|
+              [key_id.to_i, Marshal.load(Base64.strict_decode64(data))]
+            }.to_h
+
+            Utils.symbolize_keys(
+              channel_data.merge(
+                may: permissions,
+                signing_keys: signing_keys
+              )
+            )
+          end
+        end
+
+        ##
+        # A redis mutex inspired by <https://github.com/leandromoreira/redlock-rb>
+        class Mutex
+          class LockUnobtainableError < StandardError; end
+
+          ##
+          # Lua script to send to Redis when releasing a lock.
+          # See: http://redis.io/commands/set
+          UNLOCK_SCRIPT = <<-LUA
+            if redis.call("get",KEYS[1]) == ARGV[1] then
+              return redis.call("del",KEYS[1])
+            else
+              return 0
+            end
+          LUA
+
+          DEFAULT_RETRY_COUNT = 3
+          DEFAULT_RETRY_DELAY = 200
+          CLOCK_DRIFT_FACTOR  = 0.01
+
+          class << self
+            def time_in_ms
+              (Time.now.to_f * 1000).to_i
+            end
+          end # Class Methods
+
+          attr_reader :redis
+          attr_reader :name
+          attr_reader :retry_count
+          attr_reader :retry_delay
+
+          def initialize(redis, name, opts={})
+            @redis = redis
+            @name = name
+            @retry_count = opts[:retry_count] || DEFAULT_RETRY_COUNT
+            @retry_delay = opts[:retry_delay] || DEFAULT_RETRY_DELAY
+          end
+
+          def synchronize(ttl)
+            retry_count.times {
+              start_time = self.class.time_in_ms
+
+              if (handle=lock(ttl))
+                begin
+                  time_elapsed = (self.class.time_in_ms - start_time).to_i
+                  return yield(ttl - time_elapsed - _drift(ttl))
+                ensure
+                  unlock(handle)
+                end
+              else
+                sleep(rand(retry_delay).to_f / 1000)
+              end
+            }
+
+            raise LockUnobtainableError, name
+          end
+
+          ##
+          # Acquire a lock (non-blocking).
+          def lock(ttl=1000)
+            handle = SecureRandom.uuid
+            redis.set(name, handle, nx: true, px: ttl) && handle
+          end
+
+          ##
+          # Release a lock.
+          def unlock(handle)
+            redis.eval(UNLOCK_SCRIPT, [name], [handle])
+          rescue
+            # Do nothing, unlocking is best effort.
+          end
+
+          private
+
+          ##
+          # Approximate clock drift.
+          def _drift(ttl)
+            # Add 2 milliseconds to the drift to account for Redis expires
+            # precision, which is 1 millisecond, plus 1 millisecond min drift
+            # for small TTLs.
+            (ttl * CLOCK_DRIFT_FACTOR).to_i + 2
+          end
+        end # Mutex
+
+        def _key_name(channel_or_token, *sub_names)
+          token = channel_or_token.is_a?(Channel) ? channel_or_token.token : channel_or_token
+          ['channel', token, *sub_names].join(':')
+        end
+      end # RedisStore
+    end # Channel::Stores
+  end # Service
+end # Ribbon::Intercom