buddy 0.4.0

data/README.md

@@ -0,0 +1,26 @@
+# Buddy
+
+Buddy is a lightweight Facebook library for Ruby.
+
+## Overview
+
+* Support for iFrame Apps
+* Uses signed_request parameters for authentication
+* Supports the Graph API and old REST API
+* Fully compatible with **Rails 3** and **Ruby 1.9.2**
+
+
+## License
+
+released under the **MIT license**
+
+Copyright (c) 2010:
+
+* Ole Riesenberg
+* Klaus Breyer
+
+Some concepts and code adapted from [Facebooker](http://github.com/mmangino/facebooker)
+
+Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the ‘Software’), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
+The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
+THE SOFTWARE IS PROVIDED ‘AS IS’, WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/lib/buddy/rails/backwards_compatible_param_checks.rb

@@ -0,0 +1,33 @@
+module Buddy
+  module Rails
+    module BackwardsCompatibleParamChecks
+      def one_or_true( value )
+        case value
+          when String then
+            value == "1"
+          when Numeric then
+            value.to_f == 1.0
+          when TrueClass then
+            true
+          else
+            false
+        end
+      end
+
+      def zero_or_false( value )
+        case value
+          when String then
+            value.empty? || value == "0"
+          when Numeric then
+            value.to_f == 0.0
+          when FalseClass then
+            true
+          when NilClass then
+            true
+          else
+            false
+        end
+      end
+    end
+  end
+end

data/lib/buddy/rails/controller.rb

@@ -0,0 +1,88 @@
+module Buddy
+  module Rails
+    module Controller
+      include Buddy::Rails::BackwardsCompatibleParamChecks
+      include Buddy::Rails::UrlHelper
+
+      def self.included(controller)
+        controller.helper_method :request_comes_from_facebook?
+      end
+
+      def js_redirect_to(uri, target = nil)
+        if request_is_facebook_canvas? and !request_is_facebook_tab? and !target.nil?
+          render(:text => "<script>#{target.to_s}.location.href='#{uri}'</script>", :layout => false)
+        elsif request_is_facebook_canvas? and !request_is_facebook_tab?
+          render(:text => "<script>self.location.href='#{uri}'</script>", :layout => false)
+        end
+      end
+
+      def top_redirect_to(uri)
+        js_redirect_to(uri, :top)
+      end
+
+      private
+      def facebook_session
+        @facebook_session
+      end
+
+      def application_is_installed?
+        !params[:oauth_token].blank?
+      end
+
+      def request_is_facebook_canvas?
+        params[:profile_id].blank?
+      end
+
+      def request_is_facebook_tab?
+        !params[:profile_id].blank?
+      end
+
+      def clear_facebook_session_information
+        session[:facebook_session] = nil
+        @facebook_session          = nil
+      end
+
+      def new_facebook_session
+        Buddy::Session.create(Buddy.current_config['app_id'], Buddy.current_config['secret'])
+      end
+
+      def create_facebook_session
+        @facebook_session = new_facebook_session
+        @facebook_session.secure!(params[:user_id], params[:oauth_token], params[:expires])
+        @facebook_session.secured?
+      end
+
+      def set_facebook_session
+        session_set = !@facebook_session.blank? && @facebook_session.secured?
+        unless session_set
+          session_set = create_facebook_session
+          session[:facebook_session] = @facebook_session if session_set
+        end
+        if session_set
+          Session.current = @facebook_session
+        end
+        return session_set
+      end
+
+      def ensure_facebook_session
+        return create_new_facebook_session_and_redirect! unless application_is_installed?
+        set_facebook_session || create_new_facebook_session_and_redirect!
+      end
+
+      def default_after_install_url
+        url_for('/')
+      end
+
+      def create_new_facebook_session_and_redirect!
+        session[:facebook_session] = new_facebook_session
+        next_url = defined?(:after_install_url) ? default_after_install_url : after_install_url
+        top_redirect_to session[:facebook_session].install_url({:next => next_url}) if @installation_required
+      end
+
+      def ensure_application_is_installed
+        @installation_required = true
+        ensure_facebook_session
+      end
+    end
+  end
+end

data/lib/buddy/rails/controller_extensions.rb

@@ -0,0 +1,31 @@
+module ::ActionController
+  class Base
+    def self.inherited_with_buddy(subclass)
+      inherited_without_buddy(subclass)
+      #if subclass.to_s == "ApplicationController"
+        subclass.send(:include, Buddy::Rails::Controller)
+        #subclass.helper Buddy::Rails::Helpers
+      #end
+    end
+    class << self
+      alias_method_chain :inherited, :buddy
+    end
+  end
+end
+
+
+# When making get requests, Facebook sends fb_sig parameters both in the query string
+# and also in the post body. We want to ignore the query string ones because they are one
+# request out of date
+# We only do thise when there are POST parameters so that IFrame linkage still works
+#class ActionController::Request
+#  def query_parameters_with_buddy
+#    if request_parameters.blank?
+#      query_parameters_without_buddy
+#    else
+#      (query_parameters_without_buddy||{}).reject {|key,value| key.to_s =~ /^fb_sig/}
+#    end
+#  end
+
+#  alias_method_chain :query_parameters, :buddy
+#end

data/lib/buddy/rails/url_helper.rb

@@ -0,0 +1,24 @@
+module Buddy
+  module Rails
+    module UrlHelper
+      def url_for(options = {})
+        options ||= {}
+        opts = case options
+        when Hash
+          options.merge!({ :only_path => true }) #unless options[:canvas] == false
+        else
+          options
+        end
+        url = super(opts)
+
+        if url.include?("http://")  #todo: make it better
+          url
+        elsif options.is_a?(Hash) && options[:canvas] == false
+          "#{Buddy.current_config["callback_url"]}#{url}"
+        else
+          "http://apps.facebook.com/#{Buddy.current_config["canvas_page_name"]}#{url}"
+        end
+      end
+    end
+  end
+end

data/lib/buddy/railtie.rb

@@ -0,0 +1,19 @@
+require 'buddy'
+require 'buddy/rails/url_helper'
+require 'rails'
+
+module Buddy
+  class Railtie < ::Rails::Railtie
+    initializer "buddy.configure_rails_initialization" do |app|
+      app.config.middleware.insert_before(ActionDispatch::RemoteIp, ::Rack::Facebook::RemoteIp)
+      app.config.middleware.insert_before(ActionDispatch::ParamsParser, ::Rack::Facebook::ParamsParser)
+      app.config.action_controller.asset_host = Buddy.buddy_config['default']['callback_url']
+
+      ActionView::Helpers::UrlHelper.send(:include, Buddy::Rails::UrlHelper)
+
+      Mime::Type.register "text/html", :fbml
+      Mime::Type.register "text/javascript", :fbjs
+      Buddy.logger = ::Rails.logger
+    end
+  end
+end

data/lib/buddy/service.rb

@@ -0,0 +1,54 @@
+require 'observer'
+module Buddy
+  class OAuthException < ArgumentError
+  end
+
+  module Service
+    class << self
+      def call(api_method, params = {}, options = {})
+        Buddy.caller.call(api_method, params, options)
+      end
+
+      def get(resource, params = {})
+        result = GraphApiClient.get(resource, :query => params).parsed_response
+        raise OAuthException.new(result["error"]["message"]) if result["error"]
+	      result
+      end
+
+      def post(resource, params = {})
+        result = GraphApiClient.post(resource, :query => params).parsed_response
+        raise OAuthException.new(result["error"]["message"]) if result["error"]
+	      result
+      end
+    end
+
+    class GraphApiClient
+      include HTTParty
+      base_uri 'https://graph.facebook.com'
+    end
+
+    class Caller
+      include Observable
+      def call(api_method, params = {}, options = {})
+        begin
+          application = options[:app] || 'default'
+        rescue NoMethodError => e
+          raise ArgumentError.new("app not specified in buddy.yml")
+        end
+
+        changed
+        notify_observers(api_method, params, options)
+
+        result = nil
+        time = Benchmark.realtime do
+          result = MiniFB.call(Buddy.buddy_config[application]["api_key"],
+            Buddy.buddy_config[application]["secret"],
+            api_method,
+            params.stringify_keys)
+        end
+        Buddy.logger.info("Calling #{api_method} (#{params.inspect}) - #{time}")
+        result
+      end
+    end
+  end
+end

data/lib/buddy/session.rb

@@ -0,0 +1,91 @@
+module Buddy
+  class Session
+    def self.create(app_id = nil, secret_key = nil)
+      app_id     ||= self.app_id
+      secret_key ||= self.secret_key
+      raise ArgumentError unless !app_id.nil? && !secret_key.nil?
+      new(app_id, secret_key)
+    end
+
+    def self.app_id
+      Buddy.current_config["app_id"]
+    end
+
+    def self.api_key
+      Buddy.current_config["api_key"]
+    end
+
+    def self.secret_key
+       Buddy.current_config["secret"]
+    end
+
+    def self.current
+      Thread.current['facebook_session']
+    end
+
+    def self.current=(session)
+      Thread.current['facebook_session'] = session
+    end
+
+    def call(api_method, params = {}, options = {})
+      params.merge!(:uids => uid, :access_token => access_token)
+      Buddy::Service.call(api_method, params, options)
+    end
+
+    def get(resource, params = {})
+      params.merge!(:access_token => access_token) unless params[:access_token]
+      Buddy::Service.get(resource, params)
+    end
+
+    def post(resource, params = {})
+      params.merge!(:access_token => access_token) unless params[:access_token]
+      Buddy::Service.post(resource, params)
+    end
+
+    def install_url(options = {})
+      "http://www.facebook.com/connect/uiserver.php?app_id=#{Buddy.current_config['app_id']}&next=#{options[:next]}&display=page&locale=de_DE&return_session=0&fbconnect=0&canvas=1&legacy_return=1&method=permissions.request#{"&perms="+Buddy.current_config['perms'] if Buddy.current_config['perms']}"
+    end
+
+    def initialize(app_id, secret_key)
+      @app_id         = app_id
+      @secret_key     = secret_key
+      @uid            = nil
+      @access_token   = nil
+      @expires        = nil
+    end
+
+    def secure!(uid, access_token, expires)
+      @uid          = uid
+      @access_token = access_token
+      @expires      = expires
+    end
+
+    def infinite?
+      @expires == 0
+    end
+
+    def expired?
+      @expires.nil? || (!infinite? && Time.at(@expires) <= Time.now)
+    end
+
+    def secured?
+      !@uid.nil? && !@access_token.nil? && !expired?
+    end
+
+    def user
+      @user ||= Buddy::User.new(@uid, self)
+    end
+
+    def uid
+      @uid
+    end
+
+    def access_token
+      @access_token
+    end
+
+    def expires
+      @expires
+    end
+  end
+end

data/lib/buddy/user.rb

@@ -0,0 +1,22 @@
+module Buddy
+  class User
+    FIELDS = [:status, :political, :pic_small, :name, :quotes, :is_app_user, :tv, :profile_update_time, :meeting_sex, :hs_info, :timezone, :relationship_status, :hometown_location, :about_me, :wall_count, :significant_other_id, :pic_big, :music, :work_history, :sex, :religion, :notes_count, :activities, :pic_square, :movies, :has_added_app, :education_history, :birthday, :birthday_date, :first_name, :meeting_for, :last_name, :interests, :current_location, :pic, :books, :affiliations, :locale, :profile_url, :proxied_email, :email_hashes, :allowed_restrictions, :pic_with_logo, :pic_big_with_logo, :pic_small_with_logo, :pic_square_with_logo, :online_presence, :verified, :profile_blurb, :username, :website, :is_blocked, :family, :email]
+    STANDARD_FIELDS = [:uid, :first_name, :last_name, :name, :timezone, :birthday, :sex, :affiliations, :locale, :profile_url, :proxied_email, :email]
+
+    def initialize(uid, session)
+      @uid = uid
+      @session = session
+    end
+    
+    def uid
+      @uid
+    end
+
+    alias :facebook_id :uid
+    alias :id :uid
+
+    def to_i
+      @uid
+    end
+  end
+end

data/lib/buddy.rb

@@ -0,0 +1,70 @@
+require 'bundler'
+
+require 'base64'
+require 'openssl'
+require 'yajl'
+require 'mini_fb'
+require 'httparty'
+
+require 'rack/facebook'
+
+require 'buddy/user'
+require 'buddy/session'
+require 'buddy/service'
+
+module Buddy
+  @buddy_config = {}
+
+  class << self
+    attr_accessor :logger, :caller
+
+    def load_configuration(yaml)
+      return false unless File.exist?(yaml)
+      @buddy_config = YAML.load(ERB.new(File.read(yaml)).result)[::Rails.env]
+      self.current_config = buddy_config['default']
+
+      buddy_config
+    end
+
+    def buddy_config
+      @buddy_config
+    end
+
+    def set_asset_host_to_callback_url
+      buddy_config[app]['set_asset_host_to_callback_url']
+    end
+
+    def timeout(app = 'default')
+      buddy_config[app]['timeout']
+    end
+
+    def use_application(api_key)
+      buddy_config.each do |c|
+        if c[1]["api_key"] == api_key
+          return self.current_config = c[1]
+        end
+      end
+    end
+
+    def current_config
+      Thread.current['current_buddy_config']
+    end
+
+    def current_config=(config)
+      Thread.current['current_buddy_config'] = config
+    end
+  end
+end
+
+buddy_config = File.join(Bundler.root, "config", "buddy.yml")
+
+BUDDY = Buddy.load_configuration(buddy_config)
+Buddy.logger = Rails.logger
+Buddy.caller = Buddy::Service::Caller.new
+
+require 'buddy/rails/backwards_compatible_param_checks'
+require 'buddy/rails/url_helper'
+require 'buddy/rails/controller'
+require 'buddy/rails/controller_extensions'
+
+require 'buddy/railtie'

data/lib/rack/facebook.rb

@@ -0,0 +1,86 @@
+module Rack
+  # This Rack middleware checks the signature of Facebook params, and
+  # converts them to Ruby objects when appropiate. Also, it converts
+  # the request method from the Facebook POST to the original HTTP
+  # method used by the client.
+  #
+  # If the signature is wrong, it returns a "400 Invalid Facebook Signature".
+  #
+  # Optionally, it can take a block that receives the Rack environment
+  # and returns a value that evaluates to true when we want the middleware to
+  # be executed for the specific request.
+  #
+  # == Usage
+  #
+  # In your config.ru:
+  #
+  #   require 'rack/facebook'
+  #   use Rack::Facebook, "my_facebook_secret_key"
+  #
+  # Using a block condition:
+  #
+  #   use Rack::Facebook, "my_facebook_secret_key" do |env|
+  #     env['REQUEST_URI'] =~ /^\/facebook_only/
+  #   end
+  #
+
+  module Facebook
+    class RemoteIp
+      def initialize(app)
+        @app = app
+      end
+
+      def call(env)
+        env['REMOTE_ADDR'] = env['X-FB-USER-REMOTE-ADDR'] if env['X-FB-USER-REMOTE-ADDR']
+        @app.call(env)
+      end
+    end
+
+    class ParamsParser
+      def initialize(app, &condition)
+        @app = app
+        @condition = condition
+      end
+
+      def call(env)
+        return @app.call(env) unless @condition.nil? || @condition.call(env)
+
+        request = Rack::Request.new(env)
+
+        signed_request = request.params["signed_request"]
+        if signed_request
+          signature, signed_params = signed_request.split('.')
+
+          unless signed_request_is_valid?(Buddy.current_config['secret'], signature, signed_params)
+            return Rack::Response.new(["Invalid Facebook signature"], 400).finish
+          end
+
+          signed_params = Yajl::Parser.new.parse(base64_url_decode(signed_params))
+          signed_params.each do |k,v|
+            request.params[k] = v
+          end
+        end
+
+        @app.call(env)
+      end
+
+      private
+
+     # This function takes the app secret and the signed request, and verifies if the request is valid.
+      def signed_request_is_valid?(secret, signature, params)
+        sig = base64_url_decode(signature)
+        expected_sig = OpenSSL::HMAC.digest('SHA256', secret, params.tr("-_", "+/"))
+        return sig == expected_sig
+      end
+
+      # Ruby's implementation of base64 decoding reads the string in multiples of 6 and ignores any extra bytes.
+      # Since facebook does not take this into account, this function fills any string with white spaces up to
+      # the point where it becomes divisible by 6, then it replaces '-' with '+' and '_' with '/' (URL-safe decoding),
+      # and decodes the result.
+      def base64_url_decode(str)
+        str = str + "=" * (6 - str.size % 6) unless str.size % 6 == 0
+        return Base64.decode64(str.tr("-_", "+/"))
+      end
+    end
+  end
+end

data/test/test_buddy.rb

@@ -0,0 +1,10 @@
+require 'test/unit'
+require 'mocha'
+
+class BuddyTests < Test::Unit::TestCase
+  def test_user_getinfo
+    result = [{"first_name"=>"Ole", "name"=>"Foo Bar", "uid"=>123456789}]
+
+    Buddy::Service.expects(:call).with('Users.getInfo', {:uids => '686373959', :fields => 'uid, name, first_name'}).returns(result)
+  end
+end

metadata

@@ -0,0 +1,115 @@
+--- !ruby/object:Gem::Specification 
+name: buddy
+version: !ruby/object:Gem::Version 
+  prerelease: false
+  segments: 
+  - 0
+  - 4
+  - 0
+  version: 0.4.0
+platform: ruby
+authors: 
+- Ole Riesenberg
+autorequire: 
+bindir: bin
+cert_chain: []
+
+date: 2010-09-08 00:00:00 +02:00
+default_executable: 
+dependencies: 
+- !ruby/object:Gem::Dependency 
+  name: mini_fb
+  prerelease: false
+  requirement: &id001 !ruby/object:Gem::Requirement 
+    none: false
+    requirements: 
+    - - ">="
+      - !ruby/object:Gem::Version 
+        segments: 
+        - 0
+        - 2
+        - 2
+        version: 0.2.2
+  type: :runtime
+  version_requirements: *id001
+- !ruby/object:Gem::Dependency 
+  name: yajl-ruby
+  prerelease: false
+  requirement: &id002 !ruby/object:Gem::Requirement 
+    none: false
+    requirements: 
+    - - ">="
+      - !ruby/object:Gem::Version 
+        segments: 
+        - 0
+        version: "0"
+  type: :runtime
+  version_requirements: *id002
+- !ruby/object:Gem::Dependency 
+  name: httparty
+  prerelease: false
+  requirement: &id003 !ruby/object:Gem::Requirement 
+    none: false
+    requirements: 
+    - - ">="
+      - !ruby/object:Gem::Version 
+        segments: 
+        - 0
+        version: "0"
+  type: :runtime
+  version_requirements: *id003
+description: buddybrand's facebook library
+email: labs@buddybrand.de
+executables: []
+
+extensions: []
+
+extra_rdoc_files: 
+- README.md
+files: 
+- lib/buddy.rb
+- lib/buddy/rails/backwards_compatible_param_checks.rb
+- lib/buddy/rails/controller.rb
+- lib/buddy/rails/controller_extensions.rb
+- lib/buddy/rails/url_helper.rb
+- lib/buddy/railtie.rb
+- lib/buddy/service.rb
+- lib/buddy/session.rb
+- lib/buddy/user.rb
+- lib/rack/facebook.rb
+- test/test_buddy.rb
+- README.md
+has_rdoc: true
+homepage: http://buddybrand.de
+licenses: []
+
+post_install_message: 
+rdoc_options: 
+- --charset=UTF-8
+require_paths: 
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement 
+  none: false
+  requirements: 
+  - - ">="
+    - !ruby/object:Gem::Version 
+      segments: 
+      - 0
+      version: "0"
+required_rubygems_version: !ruby/object:Gem::Requirement 
+  none: false
+  requirements: 
+  - - ">="
+    - !ruby/object:Gem::Version 
+      segments: 
+      - 0
+      version: "0"
+requirements: []
+
+rubyforge_project: 
+rubygems_version: 1.3.7
+signing_key: 
+specification_version: 3
+summary: buddybrand's facebook library
+test_files: 
+- test/test_buddy.rb