castle-rb 3.6.2

data/lib/castle/command.rb

@@ -0,0 +1,5 @@
+# frozen_string_literal: true
+
+module Castle
+  Command = Struct.new(:path, :data, :method)
+end

data/lib/castle/commands/authenticate.rb

@@ -0,0 +1,23 @@
+# frozen_string_literal: true
+
+module Castle
+  module Commands
+    class Authenticate
+      def initialize(context)
+        @context = context
+      end
+
+      def build(options = {})
+        Castle::Validators::Present.call(options, %i[event])
+        context = Castle::Context::Merger.call(@context, options[:context])
+        context = Castle::Context::Sanitizer.call(context)
+
+        Castle::Command.new(
+          'authenticate',
+          options.merge(context: context, sent_at: Castle::Utils::Timestamp.call),
+          :post
+        )
+      end
+    end
+  end
+end

data/lib/castle/commands/identify.rb

@@ -0,0 +1,23 @@
+# frozen_string_literal: true
+
+module Castle
+  module Commands
+    class Identify
+      def initialize(context)
+        @context = context
+      end
+
+      def build(options = {})
+        Castle::Validators::NotSupported.call(options, %i[properties])
+        context = Castle::Context::Merger.call(@context, options[:context])
+        context = Castle::Context::Sanitizer.call(context)
+
+        Castle::Command.new(
+          'identify',
+          options.merge(context: context, sent_at: Castle::Utils::Timestamp.call),
+          :post
+        )
+      end
+    end
+  end
+end

data/lib/castle/commands/impersonate.rb

@@ -0,0 +1,26 @@
+# frozen_string_literal: true
+
+module Castle
+  module Commands
+    # builder for impersonate command
+    class Impersonate
+      def initialize(context)
+        @context = context
+      end
+
+      def build(options = {})
+        Castle::Validators::Present.call(options, %i[user_id])
+        context = Castle::Context::Merger.call(@context, options[:context])
+        context = Castle::Context::Sanitizer.call(context)
+
+        Castle::Validators::Present.call(context, %i[user_agent ip])
+
+        Castle::Command.new(
+          'impersonate',
+          options.merge(context: context, sent_at: Castle::Utils::Timestamp.call),
+          options[:reset] ? :delete : :post
+        )
+      end
+    end
+  end
+end

data/lib/castle/commands/review.rb

@@ -0,0 +1,14 @@
+# frozen_string_literal: true
+
+module Castle
+  module Commands
+    class Review
+      class << self
+        def build(review_id)
+          Castle::Validators::Present.call({ review_id: review_id }, %i[review_id])
+          Castle::Command.new("reviews/#{review_id}", nil, :get)
+        end
+      end
+    end
+  end
+end

data/lib/castle/commands/track.rb

@@ -0,0 +1,23 @@
+# frozen_string_literal: true
+
+module Castle
+  module Commands
+    class Track
+      def initialize(context)
+        @context = context
+      end
+
+      def build(options = {})
+        Castle::Validators::Present.call(options, %i[event])
+        context = Castle::Context::Merger.call(@context, options[:context])
+        context = Castle::Context::Sanitizer.call(context)
+
+        Castle::Command.new(
+          'track',
+          options.merge(context: context, sent_at: Castle::Utils::Timestamp.call),
+          :post
+        )
+      end
+    end
+  end
+end

data/lib/castle/configuration.rb

@@ -0,0 +1,80 @@
+# frozen_string_literal: true
+
+module Castle
+  # manages configuration variables
+  class Configuration
+    HOST = 'api.castle.io'
+    PORT = 443
+    URL_PREFIX = 'v1'
+    FAILOVER_STRATEGY = :allow
+    REQUEST_TIMEOUT = 500 # in milliseconds
+    FAILOVER_STRATEGIES = %i[allow deny challenge throw].freeze
+
+    # @note this value is not assigned as we don't recommend using a whitelist. If you need to use
+    #   one, this constant is provided as a good default.
+    DEFAULT_WHITELIST = %w[
+      Accept
+      Accept-Charset
+      Accept-Datetime
+      Accept-Encoding
+      Accept-Language
+      Cache-Control
+      Connection
+      Content-Length
+      Content-Type
+      Host
+      Origin
+      Pragma
+      Referer
+      TE
+      Upgrade-Insecure-Requests
+      X-Castle-Client-Id
+    ].freeze
+
+    attr_accessor :host, :port, :request_timeout, :url_prefix
+    attr_reader :api_secret, :whitelisted, :blacklisted, :failover_strategy
+
+    def initialize
+      @formatter = Castle::HeaderFormatter.new
+      @request_timeout = REQUEST_TIMEOUT
+      self.failover_strategy = FAILOVER_STRATEGY
+      self.host = HOST
+      self.port = PORT
+      self.url_prefix = URL_PREFIX
+      self.whitelisted = [].freeze
+      self.blacklisted = [].freeze
+      self.api_secret = ''
+    end
+
+    def api_secret=(value)
+      @api_secret = ENV.fetch('CASTLE_API_SECRET', value).to_s
+    end
+
+    def whitelisted=(value)
+      @whitelisted = (value ? value.map { |header| @formatter.call(header) } : []).freeze
+    end
+
+    def blacklisted=(value)
+      @blacklisted = (value ? value.map { |header| @formatter.call(header) } : []).freeze
+    end
+
+    def valid?
+      !api_secret.to_s.empty? && !host.to_s.empty? && !port.to_s.empty?
+    end
+
+    def failover_strategy=(value)
+      @failover_strategy = FAILOVER_STRATEGIES.detect { |strategy| strategy == value.to_sym }
+      raise Castle::ConfigurationError, 'unrecognized failover strategy' if @failover_strategy.nil?
+    end
+
+    private
+
+    def respond_to_missing?(method_name, _include_private)
+      /^(\w+)=$/ =~ method_name
+    end
+
+    def method_missing(setting, *_args)
+      raise Castle::ConfigurationError, "there is no such a config #{setting}"
+    end
+  end
+end

data/lib/castle/context/default.rb

@@ -0,0 +1,40 @@
+# frozen_string_literal: true
+
+module Castle
+  module Context
+    class Default
+      def initialize(request, cookies = nil)
+        @client_id = Extractors::ClientId.new(request, cookies || request.cookies).call
+        @headers = Extractors::Headers.new(request).call
+        @request_ip = Extractors::IP.new(request).call
+      end
+
+      def call
+        defaults.merge!(additional_defaults)
+      end
+
+      private
+
+      def defaults
+        {
+          client_id: @client_id,
+          active: true,
+          origin: 'web',
+          headers: @headers,
+          ip: @request_ip,
+          library: {
+            name: 'castle-rb',
+            version: Castle::VERSION
+          }
+        }
+      end
+
+      def additional_defaults
+        {}.tap do |result|
+          result[:locale] = @headers['Accept-Language'] if @headers['Accept-Language']
+          result[:user_agent] = @headers['User-Agent'] if @headers['User-Agent']
+        end
+      end
+    end
+  end
+end

data/lib/castle/context/merger.rb

@@ -0,0 +1,14 @@
+# frozen_string_literal: true
+
+module Castle
+  module Context
+    class Merger
+      class << self
+        def call(initial_context, request_context)
+          main_context = Castle::Utils::Cloner.call(initial_context)
+          Castle::Utils::Merger.call(main_context, request_context || {})
+        end
+      end
+    end
+  end
+end

data/lib/castle/context/sanitizer.rb

@@ -0,0 +1,23 @@
+# frozen_string_literal: true
+
+module Castle
+  module Context
+    # removes not proper active flag values
+    class Sanitizer
+      class << self
+        def call(context)
+          sanitized_active_mode(context) || {}
+        end
+
+        private
+
+        def sanitized_active_mode(context)
+          return unless context
+          return context unless context.key?(:active)
+          return context if [true, false].include?(context[:active])
+          context.reject { |key| key == :active }
+        end
+      end
+    end
+  end
+end

data/lib/castle/errors.rb

@@ -0,0 +1,41 @@
+# frozen_string_literal: true
+
+module Castle
+  # general error
+  class Error < RuntimeError; end
+  # Raised when anything is wrong with the request (any unhappy path)
+  # This error indicates that either we would wait too long for a response or something
+  # else happened somewhere in the middle and we weren't able to get the results
+  class RequestError < Castle::Error
+    attr_reader :reason
+
+    # @param reason [Exception] the core exception that causes this error
+    def initialize(reason)
+      @reason = reason
+    end
+  end
+  # security error
+  class SecurityError < Castle::Error; end
+  # wrong configuration error
+  class ConfigurationError < Castle::Error; end
+  # error returned by api
+  class ApiError < Castle::Error; end
+
+  # api error bad request 400
+  class BadRequestError < Castle::ApiError; end
+  # api error forbidden 403
+  class ForbiddenError < Castle::ApiError; end
+  # api error not found 404
+  class NotFoundError < Castle::ApiError; end
+  # api error user unauthorized 419
+  class UserUnauthorizedError < Castle::ApiError; end
+  # api error invalid param 422
+  class InvalidParametersError < Castle::ApiError; end
+  # api error unauthorized 401
+  class UnauthorizedError < Castle::ApiError; end
+  # all internal server errors
+  class InternalServerError < Castle::ApiError; end
+
+  # impersonation command failed
+  class ImpersonationFailed < Castle::ApiError; end
+end

data/lib/castle/extractors/client_id.rb

@@ -0,0 +1,17 @@
+# frozen_string_literal: true
+
+module Castle
+  module Extractors
+    # used for extraction of cookies and headers from the request
+    class ClientId
+      def initialize(request, cookies)
+        @request = request
+        @cookies = cookies || {}
+      end
+
+      def call
+        @request.env['HTTP_X_CASTLE_CLIENT_ID'] || @cookies['__cid'] || ''
+      end
+    end
+  end
+end

data/lib/castle/extractors/headers.rb

@@ -0,0 +1,51 @@
+# frozen_string_literal: true
+
+module Castle
+  module Extractors
+    # used for extraction of cookies and headers from the request
+    class Headers
+      # Headers that we will never scrub, even if they land on the configuration blacklist.
+      ALWAYS_INCLUDED_HEADERS = %w[User-Agent].freeze
+
+      # Headers that will always be scrubbed, even if whitelisted.
+      ALWAYS_SCRUBBED_HEADERS = %w[Cookie Authorization].freeze
+
+      # Rack does not add the HTTP_ prefix to Content-Length for some reason
+      CONTENT_LENGTH = 'CONTENT_LENGTH'
+
+      # Prefix that Rack adds for HTTP headers
+      HTTP_HEADER_PREFIX = 'HTTP_'
+
+      private_constant :ALWAYS_INCLUDED_HEADERS, :ALWAYS_SCRUBBED_HEADERS,
+                       :CONTENT_LENGTH, :HTTP_HEADER_PREFIX
+
+      # @param request [Rack::Request]
+      def initialize(request)
+        @request_env = request.env
+        @formatter = HeaderFormatter.new
+      end
+
+      # Serialize HTTP headers
+      # @return [Hash]
+      def call
+        @request_env.keys.each_with_object({}) do |env_header, acc|
+          next unless env_header.to_s.start_with?(HTTP_HEADER_PREFIX) || env_header == CONTENT_LENGTH
+
+          header = @formatter.call(env_header)
+
+          if ALWAYS_SCRUBBED_HEADERS.include?(header)
+            acc[header] = true
+          elsif ALWAYS_INCLUDED_HEADERS.include?(header)
+            acc[header] = @request_env[env_header]
+          elsif Castle.config.blacklisted.include?(header)
+            acc[header] = true
+          elsif Castle.config.whitelisted.empty? || Castle.config.whitelisted.include?(header)
+            acc[header] = @request_env[env_header]
+          else
+            acc[header] = true
+          end
+        end
+      end
+    end
+  end
+end

data/lib/castle/extractors/ip.rb

@@ -0,0 +1,18 @@
+# frozen_string_literal: true
+
+module Castle
+  module Extractors
+    # used for extraction of ip from the request
+    class IP
+      def initialize(request)
+        @request = request
+      end
+
+      def call
+        return @request.env['HTTP_CF_CONNECTING_IP'] if @request.env['HTTP_CF_CONNECTING_IP']
+        return @request.remote_ip if @request.respond_to?(:remote_ip)
+        @request.ip
+      end
+    end
+  end
+end

data/lib/castle/failover_auth_response.rb

@@ -0,0 +1,21 @@
+# frozen_string_literal: true
+
+module Castle
+  # generate failover authentication response
+  class FailoverAuthResponse
+    def initialize(user_id, strategy: Castle.config.failover_strategy, reason:)
+      @strategy = strategy
+      @reason = reason
+      @user_id = user_id
+    end
+
+    def generate
+      {
+        action: @strategy.to_s,
+        user_id: @user_id,
+        failover: true,
+        failover_reason: @reason
+      }
+    end
+  end
+end

data/lib/castle/header_formatter.rb

@@ -0,0 +1,9 @@
+# frozen_string_literal: true
+
+module Castle
+  class HeaderFormatter
+    def call(header)
+      header.to_s.gsub(/^HTTP(?:_|-)/i, '').split(/_|-/).map(&:capitalize).join('-')
+    end
+  end
+end