canvas-embed 0.1.4 → 0.1.5

data/example/tmp/pids/server.pid

@@ -0,0 +1 @@
+32082

data/lib/canvas/embed/version.rb

@@ -2,6 +2,6 @@
 
 module Canvas
   module Embed
-    VERSION = "0.1.4"
+    VERSION = '0.1.5'
   end
 end

data/lib/canvas/embed.rb

@@ -1,26 +1,42 @@
-# frozen_string_literal: true
+# Uses your signing key from Canvas to generate a token granting access to scoped Canvas data
 
-require_relative "embed/version"
+require_relative 'embed/version'
 require 'json'
 require 'rbnacl'
-require "base64"
+require 'base64'
 
 module Canvas
-  module Embed
-    extend self
-    def generate_token(private_key, scopes)
+  class InvalidScopeError < StandardError 
+  end
+  module Embeds
+    module_function 
+    # Public: Generate a token granting access to a scoped set of your data in Canvas
+    #
+    # private_key - String, signing key obtained from Canvas
+    # scopes - Hash, containing the scopes to grant for this token
+    # expiration_seconds - Optional Integer, how long the token should be valid for
+    # user_id - Optional String, identifier for the user, used in logging in Canvas.
+    #
+    def generate_token(private_key, scopes, expiration_seconds = 3600, user_id = nil)
+      if !scopes.is_a?(Hash)
+        raise InvalidScopeError.new("Invalid scope #{scopes} type #{scopes.class}")
+      end
       # token consists of an id and the signing key
       key_id, key = private_key.split('.')
       # transform signing key hex into bytes
       key_bytes = [key].pack('H*')
       secret_box = RbNaCl::SecretBox.new(key_bytes)
       nonce = RbNaCl::Random.random_bytes(secret_box.nonce_bytes)
-      message = { "scopes" => scopes }.to_json
-      ciphertext = secret_box.encrypt(nonce, message)
+      exp = Time.now.to_i + expiration_seconds
+      message = { 'scopes' => scopes, 'exp' => exp }
+      if user_id != nil
+        message['userId'] = user_id
+      end
+      ciphertext = secret_box.encrypt(nonce, message.to_json)
       # transform bytes into hex
-      unpacked_message = ciphertext.unpack('H*').first
-      unpacked_nonce = nonce.unpack('H*').first
-      token = { "message" => unpacked_message, "nonce" => unpacked_nonce, "keyId" => key_id }.to_json;
+      unpacked_message = ciphertext.unpack1('H*')
+      unpacked_nonce = nonce.unpack1('H*')
+      token = { 'message' => unpacked_message, 'nonce' => unpacked_nonce, 'keyId' => key_id }.to_json
       # strict for no newlines
       Base64.strict_encode64(token)
     end

data/spec/canvas/embed_spec.rb

@@ -1,19 +1,25 @@
 # frozen_string_literal: true
 
-require "canvas/embed"
+# require 'rails_helper'
+require 'rbnacl'
+require 'canvas/embed'
 
 RSpec.describe Canvas::Embed do
-  it "has a version number" do
+  subject do
+    self.extend(Canvas::Embed)
+  end
+
+  it 'has a version number' do
     expect(Canvas::Embed::VERSION).not_to be nil
   end
 
-  it "generates valid encrypted token" do
+  it 'generates valid encrypted token' do
     key = RbNaCl::Random.random_bytes(RbNaCl::SecretBox.key_bytes)
-    unpacked_key = "emk_ZRzQbE9d." + key.unpack('H*').first
+    unpacked_key = "emk_ZRzQbE9d.#{key.unpack1('H*')}"
 
-    original_message = { "team" => "canvas"};
+    original_message = { 'team' => 'canvas' }
 
-    token = Canvas::Embed::generate_token(unpacked_key, original_message)
+    token = Canvas::Embeds.generate_token(unpacked_key, original_message)
     expect(token).not_to be nil
 
     decoded = JSON.parse(Base64.decode64(token))
@@ -29,6 +35,37 @@ RSpec.describe Canvas::Embed do
     decrypted_message = secret_box.decrypt(nonce, message)
     context = JSON.parse(decrypted_message)
 
-    expect(context["scopes"]["team"]).to eq("canvas")
+    expect(context['scopes']['team']).to eq('canvas')
+    expect(context['exp']).to eq(Time.now.to_i + 3600)
+    expect(context['userId']).to eq(nil)
+  end
+
+  it 'rejects non-hash' do
+    key = RbNaCl::Random.random_bytes(RbNaCl::SecretBox.key_bytes)
+    unpacked_key = "emk_ZRzQbE9d.#{key.unpack1('H*')}"
+    original_message = "'team': 'canvas'"
+    expect { Canvas::Embeds.generate_token(unpacked_key, original_message) }.to raise_error(Canvas::InvalidScopeError)
+  end
+
+  it 'accepts custom expiration and userId' do
+    key = RbNaCl::Random.random_bytes(RbNaCl::SecretBox.key_bytes)
+    unpacked_key = "emk_ZRzQbE9d.#{key.unpack1('H*')}"
+    original_message = { 'team' => 'canvas' }
+    token = Canvas::Embeds.generate_token(unpacked_key, original_message, 7200, "cus_abc123")
+    expect(token).not_to be nil
+    decoded = JSON.parse(Base64.decode64(token))
+    expect(decoded['keyId']).to eq('emk_ZRzQbE9d')
+
+    message_hex = decoded['message']
+    nonce_hex = decoded['nonce']
+    nonce = [nonce_hex].pack('H*')
+    message = [message_hex].pack('H*')
+
+    secret_box = RbNaCl::SecretBox.new(key)
+    decrypted_message = secret_box.decrypt(nonce, message)
+    context = JSON.parse(decrypted_message)
+
+    expect(context['exp']).to eq(Time.now.to_i + 7200)
+    expect(context['userId']).to eq("cus_abc123")
   end
 end

data/spec/spec_helper.rb

@@ -1,10 +1,10 @@
 # frozen_string_literal: true
 
-require "canvas/embed"
+# require 'canvas-embed'
 
 RSpec.configure do |config|
   # Enable flags like --only-failures and --next-failure
-  config.example_status_persistence_file_path = ".rspec_status"
+  config.example_status_persistence_file_path = '.rspec_status'
 
   # Disable RSpec exposing methods globally on `Module` and `main`
   config.disable_monkey_patching!

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: canvas-embed
 version: !ruby/object:Gem::Version
-  version: 0.1.4
+  version: 0.1.5
 platform: ruby
 authors:
 - Will Pride
@@ -63,7 +63,7 @@ extra_rdoc_files: []
 files:
 - Gemfile
 - Gemfile.lock
-- LICENSE.txt
+- LICENSE
 - README.md
 - Rakefile
 - bin/console
@@ -177,6 +177,7 @@ files:
 - example/tmp/cache/bootsnap/compile-cache-iseq/0a/469b451850b921
 - example/tmp/cache/bootsnap/compile-cache-iseq/0a/4bda7fdbdf4107
 - example/tmp/cache/bootsnap/compile-cache-iseq/0a/6390c610b26fd1
+- example/tmp/cache/bootsnap/compile-cache-iseq/0a/707c6e76401f50
 - example/tmp/cache/bootsnap/compile-cache-iseq/0a/e615070628fb80
 - example/tmp/cache/bootsnap/compile-cache-iseq/0a/ee6e39a5d73ccf
 - example/tmp/cache/bootsnap/compile-cache-iseq/0b/0c487dfdaa3d16
@@ -366,6 +367,7 @@ files:
 - example/tmp/cache/bootsnap/compile-cache-iseq/23/cff797bfa51532
 - example/tmp/cache/bootsnap/compile-cache-iseq/23/d026b0f79546cb
 - example/tmp/cache/bootsnap/compile-cache-iseq/24/1c7af6e85f5ccd
+- example/tmp/cache/bootsnap/compile-cache-iseq/24/4134f174d68291
 - example/tmp/cache/bootsnap/compile-cache-iseq/24/b6fd6db603b55d
 - example/tmp/cache/bootsnap/compile-cache-iseq/24/bb7c22318dc3d8
 - example/tmp/cache/bootsnap/compile-cache-iseq/24/bfa8386af50833
@@ -544,6 +546,7 @@ files:
 - example/tmp/cache/bootsnap/compile-cache-iseq/3b/10260e9f0aef7e
 - example/tmp/cache/bootsnap/compile-cache-iseq/3b/1e1db1be0438eb
 - example/tmp/cache/bootsnap/compile-cache-iseq/3b/285adc4394d621
+- example/tmp/cache/bootsnap/compile-cache-iseq/3b/64ba0c52596b87
 - example/tmp/cache/bootsnap/compile-cache-iseq/3b/7bf86a11746de3
 - example/tmp/cache/bootsnap/compile-cache-iseq/3b/8087c8f02e8681
 - example/tmp/cache/bootsnap/compile-cache-iseq/3b/b54befdbc84d77
@@ -667,6 +670,7 @@ files:
 - example/tmp/cache/bootsnap/compile-cache-iseq/4c/383a38512e4570
 - example/tmp/cache/bootsnap/compile-cache-iseq/4c/43df3e4a240376
 - example/tmp/cache/bootsnap/compile-cache-iseq/4c/55eb24b65029b7
+- example/tmp/cache/bootsnap/compile-cache-iseq/4c/837c8a08879a20
 - example/tmp/cache/bootsnap/compile-cache-iseq/4c/907dbc57f42021
 - example/tmp/cache/bootsnap/compile-cache-iseq/4c/97a9746f58838d
 - example/tmp/cache/bootsnap/compile-cache-iseq/4c/c54dd9153acccd
@@ -866,6 +870,7 @@ files:
 - example/tmp/cache/bootsnap/compile-cache-iseq/68/26225d919a195a
 - example/tmp/cache/bootsnap/compile-cache-iseq/68/6e8af278257638
 - example/tmp/cache/bootsnap/compile-cache-iseq/68/9dcbc323ffed61
+- example/tmp/cache/bootsnap/compile-cache-iseq/68/a73620fd7d4284
 - example/tmp/cache/bootsnap/compile-cache-iseq/68/f1cdd7e9091e18
 - example/tmp/cache/bootsnap/compile-cache-iseq/68/fbf396ca9e546a
 - example/tmp/cache/bootsnap/compile-cache-iseq/69/520a93dbc5821a
@@ -973,6 +978,7 @@ files:
 - example/tmp/cache/bootsnap/compile-cache-iseq/78/c5842b4437cdde
 - example/tmp/cache/bootsnap/compile-cache-iseq/78/d30c508cda8b38
 - example/tmp/cache/bootsnap/compile-cache-iseq/78/f61c15c553c783
+- example/tmp/cache/bootsnap/compile-cache-iseq/79/1a2ebed1814cfa
 - example/tmp/cache/bootsnap/compile-cache-iseq/79/342a608d5d1515
 - example/tmp/cache/bootsnap/compile-cache-iseq/79/4ede59d3f0b51a
 - example/tmp/cache/bootsnap/compile-cache-iseq/79/73a9af77a7eca3
@@ -1858,6 +1864,7 @@ files:
 - example/tmp/cache/bootsnap/compile-cache-iseq/ed/cf94cbf291244d
 - example/tmp/cache/bootsnap/compile-cache-iseq/ed/fdc17978ec173c
 - example/tmp/cache/bootsnap/compile-cache-iseq/ee/013dff52fec7ae
+- example/tmp/cache/bootsnap/compile-cache-iseq/ee/02ad963145723a
 - example/tmp/cache/bootsnap/compile-cache-iseq/ee/79e36bad363cee
 - example/tmp/cache/bootsnap/compile-cache-iseq/ee/7def47930ad4ae
 - example/tmp/cache/bootsnap/compile-cache-iseq/ee/b7c1a394a98742
@@ -1960,6 +1967,7 @@ files:
 - example/tmp/cache/bootsnap/compile-cache-iseq/fb/12c8ce722adb93
 - example/tmp/cache/bootsnap/compile-cache-iseq/fb/379879ab6ff445
 - example/tmp/cache/bootsnap/compile-cache-iseq/fb/4da182e3c59f07
+- example/tmp/cache/bootsnap/compile-cache-iseq/fb/4f5abf058e6979
 - example/tmp/cache/bootsnap/compile-cache-iseq/fb/783d0d4c99556c
 - example/tmp/cache/bootsnap/compile-cache-iseq/fb/85b0151933145c
 - example/tmp/cache/bootsnap/compile-cache-iseq/fb/bd0386cf2acdec
@@ -1998,11 +2006,10 @@ files:
 - example/tmp/cache/bootsnap/compile-cache-yaml/dc/10ca6b40828fd3
 - example/tmp/cache/bootsnap/load-path-cache
 - example/tmp/local_secret.txt
+- example/tmp/pids/server.pid
 - example/tmp/restart.txt
 - lib/canvas/embed.rb
 - lib/canvas/embed/version.rb
-- pkg/canvas-embed-0.1.2.gem
-- pkg/canvas-embed-0.1.3.gem
 - sig/canvas/embed.rbs
 - spec/canvas/embed_spec.rb
 - spec/spec_helper.rb
@@ -2012,6 +2019,7 @@ licenses:
 metadata:
   homepage_uri: https://canvasapp.com
   source_code_uri: https://github.com/canvas/embeds
+  bug_tracker_uri: https://github.com/canvas/embeds/issues
 post_install_message:
 rdoc_options: []
 require_paths: