bucket_client 0.1.0

data/lib/bucket_client/aws/aws_bucket.rb

@@ -0,0 +1,85 @@
+module BucketClient
+	class AWSBucket < Bucket
+
+		attr_reader :key
+
+		# @param [String] region the region of the bucket
+		# @param [AWSHttpClient] http the AWS http client
+		# @param [AWSClient] client the parent client
+		# @param [String] key the key of this bucket
+		def initialize(region, http, client, key)
+			@region = region
+			@http = http
+			@bucket_client = client
+			@key = key
+		end
+
+		def get_uri(key)
+			"https://s3-#{@region}.amazonaws.com/#{@key}/#{key}"
+		end
+
+		def get_blob_with_uri(uri)
+			@bucket_client.get_blob uri
+		end
+
+		def exist_blob_with_uri(uri)
+			@bucket_client.exist_blob(uri)
+		end
+
+		def put_blob_with_uri(payload, uri)
+			@bucket_client.put_blob payload, uri
+		end
+
+		def update_blob_with_uri(payload, uri)
+			exist = exist_blob_with_uri uri
+			if exist
+				put_blob_with_uri payload, uri
+			else
+				OperationResult.new false, "Blob does not exist", nil, 400
+			end
+		end
+
+		def delete_blob_with_uri(uri)
+			@bucket_client.delete_blob(uri)
+		end
+
+		def delete_blob_if_exist_with_uri(uri)
+			@bucket_client.delete_blob_if_exist(uri)
+		end
+
+		def get_blob(key)
+			get_blob_with_uri(get_uri key)
+		end
+
+		def exist_blob(key)
+			exist_blob_with_uri(get_uri key)
+		end
+
+		def put_blob(payload, key)
+			put_blob_with_uri(payload, get_uri(key))
+		end
+
+		def create_blob(payload, key)
+			exist = exist_blob key
+			if exist
+				OperationResult.new false, "Blob already exist", nil, 400
+			else
+				put_blob payload, key
+			end
+		end
+
+		def update_blob(payload, key)
+			update_blob_with_uri(payload, get_uri(key))
+		end
+
+		def delete_blob(key)
+			delete_blob_with_uri(get_uri key)
+		end
+
+		def delete_blob_if_exist(key)
+			delete_blob_if_exist_with_uri(get_uri key)
+		end
+
+	end
+end
+

data/lib/bucket_client/aws/aws_client.rb

@@ -0,0 +1,195 @@
+require "bucket_client/client"
+require "bucket_client/aws4_request_signer"
+require "bucket_client/aws/aws_http_client"
+require "bucket_client/aws/aws_policy_factory"
+require "bucket_client/aws/aws_bucket"
+require "bucket_client/aws/aws_http_client"
+require "bucket_client/operation_result"
+require "mimemagic"
+require "json"
+
+module BucketClient
+	class AWSClient < Client
+
+		# @param [KirinHttp::Client] client Basic http client
+		# @param [String] id AWS id
+		# @param [String] secret AWS secret
+		# @param [String] region Region for bucket
+		def initialize(client, id, secret, region)
+			signer = AWS4RequestSigner.new(id, secret)
+			@region = region
+			@http = AWSHttpClient.new(signer, region, client)
+			@policy_factory = AWSPolicyFactory.new
+		end
+
+		def exist_bucket(key)
+			resp = @http.query(:head, "https://s3-#{@region}.amazonaws.com/#{key}")
+			resp.code == 200
+		end
+
+		def get_bucket!(key)
+			AWSBucket.new(@region, @http, self, key)
+		end
+
+		def put_bucket(key)
+			exist = exist_bucket key
+			if exist
+				bucket = get_bucket! key
+				OperationResult.new(true, "OK", bucket, 200)
+			else
+				create_bucket key
+			end
+		end
+
+		def create_bucket(key)
+			content = "<CreateBucketConfiguration xmlns='http://s3.amazonaws.com/doc/2006-03-01/'>
+                                    <LocationConstraint>#{@region}</LocationConstraint>
+                           </CreateBucketConfiguration>"
+			endpoint = "https://s3-#{@region}.amazonaws.com/#{key}"
+			resp = @http.query(:put, endpoint, content)
+			success = resp.code === 200
+			if success
+				bucket = get_bucket! key
+				OperationResult.new(success, "Bucket created", bucket, 200)
+			else
+				OperationResult.new(success, resp.content, nil, resp.code)
+			end
+		end
+
+		def delete_bucket(key)
+			endpoint = "https://s3-#{@region}.amazonaws.com/#{key}"
+			resp = @http.query(:delete, endpoint)
+			success = resp.code === 204
+			if success
+				OperationResult.new(success, "Bucket deleted", nil, resp.code)
+			else
+				OperationResult.new(success, resp.content, nil, resp.code)
+			end
+		end
+
+		def delete_bucket_if_exist(key)
+			exist = exist_bucket key
+			if exist
+				delete_bucket key
+			else
+				OperationResult.new(true, "Bucket already deleted", nil, 204)
+			end
+		end
+
+		def set_read_policy(key, access)
+			raise ArgumentError.new("Read Policy not accepted") if access != :public && access != :private
+			resp = set_policy key, access, 10
+			OperationResult.new(resp.code === 204, resp.content, nil, resp.code)
+		end
+
+		def set_get_cors(key, cors)
+			resp = set_cors key, cors, 10
+			OperationResult.new(resp.code === 200, resp.content, nil, resp.code)
+		end
+
+		def get_blob(uri)
+			resp = @http.query(:get, uri)
+			success = resp.code === 200
+			if success
+				OperationResult.new(success, "OK", resp.content, resp.code)
+			else
+				OperationResult.new(success, resp.content, nil, resp.code)
+			end
+		end
+
+		def exist_blob(uri)
+			@http.query(:head, uri).code === 200
+		end
+
+		def put_blob(payload, uri)
+			mime = MimeMagic.by_magic payload
+			resp = @http.query(:put, uri, payload, mime.type, "text/plain")
+			success = resp.code === 200
+			if success
+				OperationResult.new(success, "Blob put", uri, resp.code)
+			else
+				OperationResult.new(success, resp.content, nil, resp.code)
+			end
+		end
+
+		def update_blob(payload, uri)
+			exist = exist_blob uri
+			if exist
+				put_blob payload, uri
+			else
+				OperationResult.new(false, "Blob does not exist", nil, 404)
+			end
+		end
+
+		def delete_blob_if_exist(uri)
+			resp = @http.query(:delete, uri)
+			success = resp.code === 204
+			if success
+				OperationResult.new(success, "Blob deleted", nil, resp.code)
+			else
+				OperationResult.new(success, resp.content, nil, resp.code)
+			end
+		end
+
+		def delete_blob(uri)
+			exist = exist_blob uri
+			if exist
+				delete_blob_if_exist uri
+			else
+				OperationResult.new(false, "Blob does not exist", nil, 404)
+			end
+		end
+
+		private
+
+			def set_policy(key, access, max, count = 0)
+				failure = "Failed too many times due to conflict"
+				return OperationResult.new(false, failure, nil, 400) if ++count === max
+				endpoint = "https://s3-#{@region}.amazonaws.com/#{key}/?policy="
+				if access === :public
+					policy = @policy_factory.generate_policy access, key
+					resp = @http.query(:put, endpoint, policy.to_json, "application/json")
+				else
+					resp = @http.query :delete, endpoint
+				end
+				if resp.code === 409
+					set_policy key, access, max, count
+				else
+					resp
+				end
+			end
+
+			def set_cors(key, cors, max, count = 0)
+				failure = "Failed too many times due to conflict"
+				return OperationResult.new(false, failure, nil, 400) if ++count === max
+				endpoint = "https://s3-#{@region}.amazonaws.com/#{key}/?cors="
+				if cors.length > 0
+					xml = cors_xml cors
+					resp = @http.query :put, endpoint, xml
+				else
+					resp = @http.query :delete, endpoint
+				end
+				if resp.code === 409
+					set_cors key, cors, max, count
+				else
+					resp
+				end
+			end
+
+			def cors_xml(cors)
+				rules = cors.map(&method(:cors_rule))
+				"<CORSConfiguration>#{rules.join "\n"}</CORSConfiguration>"
+			end
+
+			def cors_rule(cors)
+				"<CORSRule>
+		       		<AllowedOrigin>#{cors}</AllowedOrigin>
+		       		<AllowedMethod>GET</AllowedMethod>
+		       		<AllowedHeader>*</AllowedHeader>
+		       		<MaxAgeSeconds>3000</MaxAgeSeconds>
+		     	</CORSRule>"
+			end
+
+	end
+end
+

data/lib/bucket_client/aws/aws_http_client.rb

@@ -0,0 +1,32 @@
+require "kirin_http"
+
+module BucketClient
+	class AWSHttpClient
+
+		# @param [Client::AWS4RequestSigner] signer aws4 signer
+		# @param [String] region region of the service
+		# @param [KirinHttp::Client] http Http client to send http Message
+		def initialize(signer, region, http)
+			@signer = signer
+			@region = region
+			@http = http
+		end
+
+		# @param [Symbol] method
+		# @param [String] endpoint
+		# @param [Object] content
+		# @param [String] type
+		# @return [KirinHttp::Response]
+		def query(method, endpoint, content = nil, type = "text/plain", accept = nil)
+			accept = type if accept.nil?
+			header = {
+				"Content-Type": type,
+				"Accept": accept
+			}
+			message = KirinHttp::Message.new(endpoint, method, content, header)
+			message = @signer.sign message, "s3", @region
+			@http.send message
+		end
+
+	end
+end

data/lib/bucket_client/aws/aws_policy_factory.rb

@@ -0,0 +1,26 @@
+require 'securerandom'
+
+class AWSPolicyFactory
+	def generate_policy(access, key)
+		statements = []
+		if access === :public
+			# uuid_2 = "69cab402-0674-40e6-9915-982b92016d6a"
+			uuid_2 = SecureRandom.uuid.to_s
+			policy_statement = {
+				"Sid": "AllowPublicRead#{uuid_2}",
+				"Action": ["s3:GetObject"],
+				"Effect": "Allow",
+				"Resource": "arn:aws:s3:::#{key}/*",
+				"Principal": "*"
+			}
+			statements.push policy_statement
+		end
+		uuid_1 = SecureRandom.uuid.to_s
+		# uuid_1 = "668c8c5d-3efb-458d-bebb-6fa194b55732"
+		{
+			"Id": "ReadPolicy#{uuid_1}",
+			"Version": "2012-10-17",
+			"Statement": statements
+		}
+	end
+end

data/lib/bucket_client/aws4_request_signer.rb

@@ -0,0 +1,133 @@
+require 'digest'
+require 'openssl'
+require "pathname"
+require 'base64'
+require 'kirin_http'
+require "addressable/uri"
+
+module BucketClient
+	class AWS4RequestSigner
+		def initialize(id, secret)
+			@id = id
+			@secret = secret
+			@algorithm = "AWS4-HMAC-SHA256"
+		end
+
+		# Signs the http request using the AWS4 signing protocol
+		#
+		# @param [KirinHttp::Message] request http request message to sign
+		# @param [String] service service type
+		# @param [String] region region of service
+		# @return [KirinHttp::Message]
+		def sign(request, service, region)
+
+			request.header["x-amz-date"] = amz_date
+			request.header["Content-MD5"] = request_md5(request)
+			request.header["x-amz-content-sha256"] = sha256 request.content
+
+			cred = credential region, service
+			canonical_req = canonical_request request
+			signed_payload = string_to_sign(cred, canonical_req)
+			signature = get_signature @secret, date_stamp, region, service, signed_payload
+			request.header["Authorization"] = auth cred, signed_headers(request), signature
+			request
+		end
+
+		private
+
+			def auth(cred, signed_headers, signature)
+				[
+					"#{@algorithm} Credential=#{@id}/#{cred}",
+					"SignedHeaders=#{signed_headers}",
+					"Signature=#{signature}"
+				].join ","
+			end
+
+			def get_signature(key, date, region, service, signed_payload)
+				k_date = hmac("AWS4" + key, date)
+				k_region = hmac(k_date, region)
+				k_service = hmac(k_region, service)
+				token = hmac(k_service, "aws4_request")
+				hmac_hex token, signed_payload
+			end
+
+			def string_to_sign(cred, can_req)
+				[
+					@algorithm,
+					amz_date,
+					cred,
+					sha256(can_req)
+				].join "\n"
+			end
+
+			def credential(region, service)
+				[
+					date_stamp,
+					region,
+					service,
+					"aws4_request"
+				].join "/"
+			end
+
+			def canonical_request(request)
+				[
+					request.method.to_s.upcase,
+					message_path(request),
+					canonical_query_params(request),
+					header_format(request),
+					signed_headers(request),
+					sha256(request.content || '')
+				].join "\n"
+			end
+
+
+		protected
+
+			def header_format(request)
+				sorted = request.header.dup.transform_keys {|k| k.to_s.downcase}.sort_by {|k| k}
+				sorted.map {|k, v| "#{k}:#{v.strip}"}.join("\n") + "\n"
+			end
+
+			def signed_headers(request)
+				request.header.dup.to_h.transform_keys(&:to_s).keys.map(&:downcase).sort.join(";")
+			end
+
+			def message_path(request)
+				Addressable::URI.parse(request.uri).path
+			end
+
+			def sha256(payload)
+				Digest::SHA256.new.update(payload || '').hexdigest
+			end
+
+			def request_md5(request)
+				np = Digest::MD5.new
+				np << (request.content || "")
+				Base64.encode64(np.digest)
+			end
+
+			def amz_date
+				Time.now.utc.strftime('%Y%m%dT%H%M%SZ')
+			end
+
+			def date_stamp
+				Time.now.utc.strftime('%Y%m%d')
+			end
+
+			def hmac(key, data)
+				OpenSSL::HMAC.digest('sha256', key, data)
+			end
+
+			def hmac_hex(key, data)
+				OpenSSL::HMAC.hexdigest('sha256', key, data)
+			end
+
+
+			def canonical_query_params(request)
+				q = Addressable::URI.parse(request.uri).query || ""
+				param_map = Hash[q.split("&").map {|x| x.split("=")}].sort_by(&:to_s)
+				param_map.select {|k| !k.nil?}.map {|k, v| "#{k}=#{v}"}.to_a.join "&"
+			end
+
+	end
+end