castle-rb 1.0.0

data/lib/castle/models/monitoring.rb

@@ -0,0 +1,6 @@
+module Castle
+  class Monitoring < Model
+    collection_path '/v1' # Her doesn't accept the empty string
+    custom_post :heartbeat
+  end
+end

data/lib/castle/models/pairing.rb

@@ -0,0 +1,11 @@
+module Castle
+  class Pairing < Model
+    collection_path "users/:user_id/pairings"
+    instance_post :verify
+    instance_post :set_default!
+    belongs_to :user
+    has_one :config
+  end
+
+  class Config < Model; end
+end

data/lib/castle/models/recommendation.rb

@@ -0,0 +1,3 @@
+module Castle
+  class Recommendation < Model; end
+end

data/lib/castle/models/session.rb

@@ -0,0 +1,6 @@
+module Castle
+  class Session < Model
+    collection_path "users/:user_id/sessions"
+    has_one :context
+  end
+end

data/lib/castle/models/trusted_device.rb

@@ -0,0 +1,5 @@
+module Castle
+  class TrustedDevice < Model
+    collection_path "users/:user_id/trusted_devices"
+  end
+end

data/lib/castle/models/user.rb

@@ -0,0 +1,20 @@
+module Castle
+  class User < Model
+    instance_post :enable_mfa!
+    instance_post :disable_mfa!
+
+    has_many :challenges
+    has_many :events
+    has_many :pairings
+    has_many :sessions
+    has_many :trusted_devices
+
+    def backup_codes(params={})
+      Castle::BackupCodes.get("/v1/users/#{id}/backup_codes", params)
+    end
+
+    def generate_backup_codes(params={})
+      Castle::BackupCodes.post("/v1/users/#{id}/backup_codes", params)
+    end
+  end
+end

data/lib/castle/request.rb

@@ -0,0 +1,164 @@
+module Castle
+  module Request
+
+    def self.client_user_agent
+      @uname ||= get_uname
+      lang_version = "#{RUBY_VERSION} p#{RUBY_PATCHLEVEL} (#{RUBY_RELEASE_DATE})"
+
+      {
+        :bindings_version => Castle::VERSION,
+        :lang => 'ruby',
+        :lang_version => lang_version,
+        :platform => RUBY_PLATFORM,
+        :publisher => 'castle',
+        :uname => @uname
+      }
+    end
+
+    def self.get_uname
+      `uname -a 2>/dev/null`.strip if RUBY_PLATFORM =~ /linux|darwin/i
+    rescue Errno::ENOMEM # couldn't create subprocess
+      "uname lookup failed"
+    end
+
+    #
+    # Faraday middleware
+    #
+    module Middleware
+      # Sets credentials dynamically, allowing them to change between requests.
+      #
+      class BasicAuth < Faraday::Middleware
+        def initialize(app, api_secret)
+          super(app)
+          @api_secret = api_secret
+        end
+
+        def call(env)
+          value = Base64.encode64(":#{@api_secret || Castle.config.api_secret}")
+          value.delete!("\n")
+          env[:request_headers]["Authorization"] = "Basic #{value}"
+          @app.call(env)
+        end
+      end
+
+      # Handle request errors
+      #
+      class RequestErrorHandler < Faraday::Middleware
+        def call(env)
+          env.request.timeout = Castle.config.request_timeout
+          begin
+            @app.call(env)
+          rescue Faraday::ConnectionFailed
+            raise Castle::RequestError, 'Could not connect to Castle API'
+          rescue Faraday::TimeoutError
+            raise Castle::RequestError, 'Castle API timed out'
+          end
+        end
+      end
+
+      # Adds details about current environment
+      #
+      class EnvironmentHeaders < Faraday::Middleware
+        def call(env)
+          begin
+            env[:request_headers]["X-Castle-Client-User-Agent"] =
+              MultiJson.encode(Castle::Request.client_user_agent)
+          rescue # ignored
+          end
+
+          env[:request_headers]["User-Agent"] =
+            "Castle/v1 RubyBindings/#{Castle::VERSION}"
+
+          @app.call(env)
+        end
+      end
+
+      # Sends the active session token in a header, and extracts the returned
+      # session token and sets it locally.
+      #
+      class SessionToken < Faraday::Middleware
+        def call(env)
+          castle = RequestStore.store[:castle]
+          return @app.call(env) unless castle
+
+          # get the session token from our local store
+          if castle.session_token
+            env[:request_headers]['X-Castle-Session-Token'] =
+              castle.session_token.to_s
+          end
+
+          # call the API
+          response = @app.call(env)
+
+          # update the local store with the updated session token
+          token = response.env.response_headers['X-Castle-set-session-token']
+          castle.session_token = token if token
+
+          response
+        end
+      end
+
+      # Adds request context like IP address and user agent to any request.
+      #
+      class ContextHeaders < Faraday::Middleware
+        def call(env)
+          castle = RequestStore.store[:castle]
+          return @app.call(env) unless castle
+
+          castle.request_context.each do |key, value|
+            if value
+             header =
+              "X-Castle-#{key.to_s.gsub('_', '-').gsub(/\w+/) {|m| m.capitalize}}"
+              env[:request_headers][header] = value
+            end
+          end
+          @app.call(env)
+        end
+      end
+
+      class JSONParser < Faraday::Response::Middleware
+        def on_complete(env)
+          response = if env[:body].nil? || env[:body].empty?
+            {}
+          else
+            begin
+              MultiJson.load(env[:body], :symbolize_keys => true)
+            rescue MultiJson::LoadError
+              raise Castle::ApiError, 'Invalid response from Castle API'
+            end
+          end
+
+          case env[:status]
+          when 200..299
+            # OK
+          when 400
+            raise Castle::BadRequestError, response[:message]
+          when 401
+            raise Castle::UnauthorizedError, response[:message]
+          when 403
+            raise Castle::ForbiddenError, response[:message]
+          when 404
+            raise Castle::NotFoundError, response[:message]
+          when 419
+            # session token is invalid so clear it
+            RequestStore.store[:castle].session_token = nil
+
+            raise Castle::UserUnauthorizedError, response[:message]
+          when 422
+            raise Castle::InvalidParametersError, response[:message]
+          else
+            raise Castle::ApiError, response[:message]
+          end
+
+          env[:body] = {
+            data: response,
+            metadata: [],
+            errors: {}
+          }
+        end
+      end
+
+    end
+
+  end
+end

data/lib/castle/session_store.rb

@@ -0,0 +1,35 @@
+module Castle
+  class SessionStore
+    class Rack < SessionStore
+      def initialize(session)
+        @session = session
+      end
+
+      def user_id
+        @session['Castleuser_id']
+      end
+
+      def user_id=(value)
+        @session['Castleuser_id'] = value
+      end
+
+      def read
+        @session[key]
+      end
+
+      def write(value)
+        @session[key] = value
+      end
+
+      def destroy
+        @session.delete(key)
+      end
+
+      private
+
+      def key
+        "Castleuser.#{user_id}"
+      end
+    end
+  end
+end

data/lib/castle/session_token.rb

@@ -0,0 +1,39 @@
+require 'jwt'
+
+module Castle
+  class SessionToken
+    def initialize(token)
+      if token
+        @jwt = Castle::JWT.new(token)
+      end
+    end
+
+    def to_s
+      @jwt.to_token
+    end
+
+    def expired?
+      @jwt.expired?
+    end
+
+    def device_trusted?
+      @jwt.payload['tru'] == 1
+    end
+
+    def has_default_pairing?
+      @jwt.payload['dpr'] > 0
+    end
+
+    def mfa_enabled?
+      @jwt.payload['mfa'] == 1
+    end
+
+    def mfa_in_progress?
+      @jwt.payload['chg'] == 1
+    end
+
+    def mfa_required?
+      @jwt.payload['vfy'] > 0
+    end
+  end
+end

data/lib/castle/support/cookie_store.rb

@@ -0,0 +1,48 @@
+module Castle
+  module CookieStore
+    class Base
+      def initialize(request, response)
+        @request = request
+        @response = response
+      end
+
+      def [](key)
+        @request.cookies[key]
+      end
+
+      def []=(key, value)
+        @request.cookies[key] = value
+        if value
+          @response.set_cookie(key, value: value,
+                                    expires: Time.now + (20 * 365 * 24 * 60 * 60),
+                                    path: '/')
+        else
+          @response.delete_cookie(key)
+        end
+      end
+    end
+
+    class Rack
+      def initialize(cookies)
+        @cookies = cookies
+      end
+
+      def [](key)
+        @cookies[key]
+      end
+
+      def []=(key, value)
+        if value
+          @cookies[key] = {
+            value: value,
+            expires: Time.now + (20 * 365 * 24 * 60 * 60),
+            path: '/'
+          }
+        else
+          @cookies.delete(key)
+        end
+      end
+    end
+
+  end
+end

data/lib/castle/support/padrino.rb

@@ -0,0 +1,19 @@
+require_relative 'cookie_store'
+
+module Padrino
+  class Application
+    module Castle
+      module Helpers
+        def castle
+          @castle ||= ::Castle::Client.new(request, response)
+        end
+      end
+
+      def self.registered(app)
+        app.helpers Helpers
+      end
+    end
+
+    register Castle
+  end
+end

data/lib/castle/support/rails.rb

@@ -0,0 +1,11 @@
+module Castle
+  module CastleClient
+    def castle
+      @castle ||= env['castle'] || Castle::Client.new(request, response)
+    end
+  end
+
+  ActiveSupport.on_load(:action_controller) do
+    include CastleClient
+  end
+end

data/lib/castle/support/sinatra.rb

@@ -0,0 +1,17 @@
+require_relative 'cookie_store'
+
+module Sinatra
+  module Castle
+    module Helpers
+      def castle
+        @castle ||= ::Castle::Client.new(request, response)
+      end
+    end
+
+    def self.registered(app)
+      app.helpers Helpers
+    end
+  end
+
+  register Castle
+end

data/lib/castle/token_store.rb

@@ -0,0 +1,30 @@
+module Castle
+  class TokenStore
+    def initialize(cookies)
+      @cookies = cookies
+    end
+
+    def session_token
+      token = @cookies['_ubs']
+      Castle::SessionToken.new(token) if token
+    end
+
+    def session_token=(value)
+      @cookies['_ubs'] = value
+
+      if value && value != @cookies['_ubs']
+        @cookies['_ubs']
+      elsif !value
+        @cookies['_ubs'] = nil
+      end
+    end
+
+    def trusted_device_token
+      @cookies['_ubt']
+    end
+
+    def trusted_device_token=(value)
+      @cookies['_ubt'] = value
+    end
+  end
+end

data/lib/castle/utils.rb

@@ -0,0 +1,22 @@
+# TODO: scope Castle::Utils
+
+module Castle
+  class << self
+    def setup_api(api_secret = nil)
+      api_endpoint = ENV.fetch('CASTLE_API_ENDPOINT') {
+        "https://api.castle.io/v1"
+      }
+
+      Her::API.setup url: api_endpoint do |c|
+        c.use Castle::Request::Middleware::BasicAuth, api_secret
+        c.use Castle::Request::Middleware::RequestErrorHandler
+        c.use Castle::Request::Middleware::EnvironmentHeaders
+        c.use Castle::Request::Middleware::ContextHeaders
+        c.use Castle::Request::Middleware::SessionToken
+        c.use FaradayMiddleware::EncodeJson
+        c.use Castle::Request::Middleware::JSONParser
+        c.use Faraday::Adapter::NetHttp
+      end
+    end
+  end
+end