cased-ruby 0.3.3 → 0.4.0

data/lib/cased/cli/identity.rb

@@ -0,0 +1,38 @@
+# frozen_string_literal: true
+
+module Cased
+  module CLI
+    class Identity
+      def initialize
+        @timeout = 30
+      end
+
+      def identify
+        response = Cased.clients.cli.post('cli/applications/users/identify')
+        case response.status
+        when 201 # Created
+          url = response.body.fetch('url')
+          Cased::CLI::Log.log 'To login, please visit:'
+          puts url
+          poll(response.body['api_url'])
+        when 401 # Unauthorized
+          false
+        end
+      end
+
+      def poll(poll_url)
+        count = 0
+        user_id = nil
+
+        while user_id.nil?
+          count += 1
+          response = Cased.clients.cli.get(poll_url)
+          user_id = response.body.dig('user', 'id')
+          sleep 1 if user_id.nil?
+        end
+
+        user_id
+      end
+    end
+  end
+end

data/lib/cased/cli/interactive_session.rb

@@ -0,0 +1,84 @@
+# frozen_string_literal: true
+
+require 'cased/cli/session'
+
+module Cased
+  module CLI
+    # InteractiveSession is responsible for initiating a Cased CLI session and
+    # responding to all its possible states.
+    #
+    # InteractiveSession is intended to be used where a TTY is present to handle
+    # the entire flow from authentication, reason required, waiting for
+    # approval, canceled, or timed out.
+    class InteractiveSession
+      def self.start(reason: nil, command: nil, metadata: {})
+        return Cased::CLI::Session.current if Cased::CLI::Session.current&.approved?
+
+        Cased::CLI::Log.log 'Running under Cased CLI.'
+
+        new(reason: reason, command: command, metadata: metadata).create
+      end
+
+      attr_reader :session
+
+      def initialize(reason: nil, command: nil, metadata: {})
+        @session = Cased::CLI::Session.new(
+          reason: reason,
+          command: command,
+          metadata: metadata,
+        )
+      end
+
+      def create
+        if session.create
+          handle_state(session.state)
+        elsif session.unauthorized?
+          if session.authentication.exists?
+            Cased::CLI::Log.log "Existing credentials at #{session.authentication.credentials_path} are not valid."
+          else
+            Cased::CLI::Log.log "Could not find credentials at #{session.authentication.credentials_path}, looking up now…"
+          end
+
+          identity = Cased::CLI::Identity.new
+          session.authentication.token = identity.identify
+
+          create
+        elsif session.reason_required?
+          reason_prompt && create
+        else
+          Cased::CLI::Log.log 'Could not start CLI session.'
+          exit 1 if Cased.config.guard_deny_if_unreachable?
+        end
+
+        session
+      end
+
+      private
+
+      def reason_prompt
+        print Cased::CLI::Log.string 'Please enter a reason for access: '
+        session.reason = gets.chomp
+      end
+
+      def wait_for_approval
+        session.refresh && handle_state(session.state)
+      end
+
+      def handle_state(state)
+        case state
+        when 'approved'
+          Cased::CLI::Log.log 'CLI session has been approved'
+          session.record
+        when 'requested'
+          wait_for_approval
+        when 'denied'
+          Cased::CLI::Log.log 'CLI session has been denied'
+        when 'timed_out'
+          Cased::CLI::Log.log 'CLI session has timed out'
+        when 'canceled'
+          Cased::CLI::Log.log 'CLI session has been canceled'
+        end
+      end
+    end
+  end
+end

data/lib/cased/cli/log.rb

@@ -0,0 +1,25 @@
+# frozen_string_literal: true
+
+module Cased
+  module CLI
+    module Log
+      CLEAR   = "\e[0m"
+      YELLOW  = "\e[33m"
+      BOLD    = "\e[1m"
+
+      def self.string(text)
+        [color('[cased]', YELLOW, true), text].join(' ')
+      end
+
+      def self.log(text)
+        puts string(text)
+      end
+
+      def self.color(text, color, bold = false)
+        color = self.class.const_get(color.upcase) if color.is_a?(Symbol)
+        bold  = bold ? BOLD : ''
+        "#{bold}#{color}#{text}#{CLEAR}"
+      end
+    end
+  end
+end

data/lib/cased/cli/recorder.rb

@@ -0,0 +1,57 @@
+# frozen_string_literal: true
+
+require 'subprocess'
+
+module Cased
+  module CLI
+    class Recorder
+      KEY = 'CASED_CLI_RECORDING'
+
+      attr_reader :command
+      attr_reader :events
+      attr_reader :started_at
+      attr_reader :width
+      attr_reader :height
+      attr_reader :options
+      attr_accessor :writer
+
+      # @return [Boolean] if CLI session is being recorded.
+      def self.recording?
+        ENV[KEY] == '1'
+      end
+
+      def initialize(command, env: {})
+        @command = command
+        @events = []
+        @width = Subprocess.check_output(%w[tput cols]).strip.to_i
+        @height = Subprocess.check_output(%w[tput lines]).strip.to_i
+
+        subprocess_env = ENV.to_h.dup
+        subprocess_env[KEY] = '1'
+        subprocess_env.merge!(env)
+        @writer = Cased::CLI::Asciinema::Writer.new(
+          command: command.join(' '),
+          width: width,
+          height: height,
+        )
+
+        @options = {
+          stdout: Subprocess::PIPE,
+          env: subprocess_env,
+        }
+      end
+
+      def start
+        writer.time do
+          Subprocess.check_call(command, options) do |t|
+            t.communicate do |stdout, _stderr|
+              STDOUT.write(stdout)
+
+              writer << stdout.gsub("\n", "\r\n")
+            end
+          end
+        end
+      end
+    end
+  end
+end

data/lib/cased/cli/session.rb

@@ -0,0 +1,278 @@
+# frozen_string_literal: true
+
+require 'cased/cli/authentication'
+require 'cased/cli/identity'
+require 'cased/cli/recorder'
+require 'cased/model'
+
+module Cased
+  module CLI
+    class Session
+      include Cased::Model
+
+      def self.find(guard_session_id)
+        authentication = Cased::CLI::Authentication.new
+
+        response = Cased.clients.cli.get("cli/sessions/#{guard_session_id}", user_token: authentication.token)
+        new.tap do |session|
+          session.session = response.body
+        end
+      end
+
+      # If we're inside of a recorded session we can lookup the session
+      # we're in.
+      def self.current
+        return @current if defined?(@current)
+
+        @current = if ENV['GUARD_SESSION_ID']
+          Cased::CLI::Session.find(ENV['GUARD_SESSION_ID'])
+        end
+      end
+
+      def self.current?
+        current.present?
+      end
+
+      class << self
+        attr_writer :current
+      end
+
+      # @return [Cased::CLI::Authentication]
+      attr_reader :authentication
+
+      # Public: The CLI session ID
+      # @example
+      #   session.id #=> "guard_session_1oFqm5GBQYwhH8pfIpnS0A5QgFJ"
+      # @return [String, nil]
+      attr_reader :id
+
+      # Public: The CLI session web URL
+      # @example
+      #   session.url #=> "https://api.cased.com/cli/programs/ruby/sessions/guard_session_1oFqm5GBQYwhH8pfIpnS0A5QgFJ"
+      # @return [String, nil]
+      attr_reader :url
+
+      # Public: The CLI session API URL
+      # @example
+      #   session.api_url #=> "https://api.cased.com/cli/sessions/guard_session_1oFqm5GBQYwhH8pfIpnS0A5QgFJ"
+      # @return [String, nil]
+      attr_reader :api_url
+
+      # Public: The CLI session record API URL
+      # @example
+      #   session.api_record_url #=> "https://api.cased.com/cli/sessions/guard_session_1oFqm5GBQYwhH8pfIpnS0A5QgFJ/record"
+      # @return [String, nil]
+      attr_reader :api_record_url
+
+      # Public: The current state the CLI session is in
+      # @example
+      #   session.api_url #=> "approved"
+      # @return [String, nil]
+      attr_reader :state
+
+      # Public: Command that invoked CLI session.
+      # @example
+      #   session.command #=> "/usr/local/bin/rails console"
+      # @return [String]
+      attr_accessor :command
+
+      # Public: Additional user supplied metadata about the CLI session.
+      # @example
+      #   session.metadata #=> {"hostname" => "Mac.local"}
+      # @return [Hash]
+      attr_accessor :metadata
+
+      # Public: The user supplied reason for the CLI session for taking place.
+      # @example
+      #   session.reason #=> "Investigating customer support ticket."
+      # @return [String, nil]
+      attr_accessor :reason
+
+      # Public: The client's IP V4 or IP V6 address that initiated the CLI session.
+      # @example
+      #   session.reason #=> "1.1.1.1"
+      # @return [String, nil]
+      attr_reader :ip_address
+
+      # Public: The Cased user that requested the CLI session.
+      # @example
+      #   session.requester #=> {"id" => "user_1oFqlROLNRGVLOXJSsHkJiVmylr"}
+      # @return [Hash, nil]
+      attr_reader :requester
+
+      # Public: The Cased user that requested the CLI session.
+      # @example
+      #   session.responded_at #=> "2021-02-10 12:08:44 -0800"
+      # @return [Time, nil]
+      attr_reader :responded_at
+
+      # Public: The Cased user that responded to the CLI session.
+      # @example
+      #   session.responder #=> {"id" => "user_1oFqlROLNRGVLOXJSsHkJiVmylr"}
+      # @return [Hash, nil]
+      attr_reader :responder
+
+      # Public: The CLI application that the CLI session belongs to.
+      # @example
+      #   session.guard_application #=> {"id" => "guard_application_1oFqltbMqSEtJQKRCAYQNrQoXsS"}
+      # @return [Hash, nil]
+      attr_reader :guard_application
+
+      def initialize(reason: nil, command: nil, metadata: {}, authentication: nil)
+        @authentication = authentication || Cased::CLI::Authentication.new
+        @reason = reason
+        @command = command
+        @metadata = metadata
+        @requester = {}
+        @responder = {}
+        @guard_application = {}
+      end
+
+      def to_s
+        command
+      end
+
+      def to_param
+        id
+      end
+
+      def session=(session)
+        @error = nil
+        @id = session.fetch('id')
+        @api_url = session.fetch('api_url')
+        @api_record_url = session.fetch('api_record_url')
+        @url = session.fetch('url')
+        @state = session.fetch('state')
+        @command = session.fetch('command')
+        @metadata = session.fetch('metadata')
+        @reason = session.fetch('reason')
+        @ip_address = session.fetch('ip_address')
+        @requester = session.fetch('requester')
+        @responded_at = session['responded_at']
+        @responder = session['responder'] || {}
+        @guard_application = session.fetch('guard_application')
+      end
+
+      def requested?
+        state == 'requested'
+      end
+
+      def approved?
+        state == 'approved'
+      end
+
+      def denied?
+        state == 'denied'
+      end
+
+      def canceled?
+        state == 'canceled'
+      end
+
+      def timed_out?
+        state == 'timed_out'
+      end
+
+      def refresh
+        return false unless api_url
+
+        response = Cased.clients.cli.get(api_url, user_token: authentication.token)
+        self.session = response.body if response.success?
+      end
+
+      def error?
+        !error.nil?
+      end
+
+      def success?
+        id && !error?
+      end
+
+      def reason_required?
+        error == :reason_required || guard_application.dig('settings', 'reason_required')
+      end
+
+      def unauthorized?
+        error == :unauthorized
+      end
+
+      def record_output?
+        guard_application.dig('settings', 'record_output') || false
+      end
+
+      def record
+        return unless recordable? && record_output?
+
+        Cased::CLI::Log.log 'CLI session is now recording'
+
+        recorder = Cased::CLI::Recorder.new(command.split(' '), env: {
+          'GUARD_SESSION_ID' => id,
+          'GUARD_APPLICATION_ID' => guard_application.fetch('id'),
+          'GUARD_USER_TOKEN' => requester.fetch('id'),
+        })
+        recorder.start
+
+        Cased.clients.cli.put(api_record_url,
+          recording: recorder.writer.to_cast,
+          user_token: authentication.token)
+
+        Cased::CLI::Log.log 'CLI session recorded'
+      end
+
+      def create
+        return false unless id.nil?
+
+        response = Cased.clients.cli.post('cli/sessions',
+          user_token: authentication.token,
+          reason: reason,
+          metadata: metadata,
+          command: command)
+        if response.success?
+          self.session = response.body
+        else
+          case response.body['error']
+          when 'reason_required'
+            @error = :reason_required
+          when 'unauthorized'
+            @error = :unauthorized
+          else
+            @error = true
+            return false
+          end
+        end
+
+        response.success?
+      end
+
+      def cancel
+        response = Cased.clients.cli.post("#{api_url}/cancel", user_token: authentication.token)
+        self.session = response.body if response.success?
+
+        canceled?
+      end
+
+      def cased_category
+        :cli
+      end
+
+      def cased_id
+        id
+      end
+
+      def cased_context(category: cased_category)
+        {
+          "#{category}_id".to_sym => cased_id,
+          category.to_sym => to_s,
+        }
+      end
+
+      def recordable?
+        STDOUT.isatty
+      end
+
+      private
+
+      attr_reader :error
+    end
+  end
+end