castle-rb 3.5.0 → 3.5.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 6376098ba7a5b711d926fe187c38d2ed31a68b7ddf53024f2d51a81a14482604
-  data.tar.gz: b4ca1f4dbd10607b5c5bfad6a9b7528d3ebb8ebf7a2b6fd1287af08333b110d4
+  metadata.gz: a710c22d8a912a0918f42fe092f6c3b883a4a03ad7e2b86572b17b6ee901931e
+  data.tar.gz: e7325e9e957881ddcee78729d6274805d29b62c1f468e26fd03d34cf88286ac3
 SHA512:
-  metadata.gz: 70c04aa5f1d0f3f4af5789a7aad877380b3d82fafbd935ec746bd40aab904c110bea4410d161c48521fee108a5212c7d81b8a00b465b82940e7f6f9c48236f26
-  data.tar.gz: 345383199ba415d699f97f1ebf242d21dc8e1eb921a4c60f6366464a1e6bc5b5ac0680d7010e6f2b4b9ff5366393c9fd9b70237951ac7b013328e05af3af11b7
+  metadata.gz: 84f69693b63c3c52b3084348aba0bc5e28e047f6f56a5a756559abf895e8031d8c33df06f385c6383c62bcaa240dfb1b8d3550dc7bb6f9b3872b9dd1bf7851ae
+  data.tar.gz: 24ecbd126fa6bb601acf00c442d8204c6042c87b9c47709af42e639e40409b70feca5c06f1c0fab50d7c9d0eb5ba20390229c6f7b6c74f170ab1918b5dec3b03

data/README.md

@@ -3,7 +3,6 @@
 [![Build Status](https://travis-ci.org/castle/castle-ruby.svg?branch=master)](https://travis-ci.org/castle/castle-ruby)
 [![Coverage Status](https://coveralls.io/repos/github/castle/castle-ruby/badge.svg?branch=coveralls)](https://coveralls.io/github/castle/castle-ruby?branch=coveralls)
 [![Gem Version](https://badge.fury.io/rb/castle-rb.svg)](https://badge.fury.io/rb/castle-rb)
-[![Dependency Status](https://gemnasium.com/badges/github.com/castle/castle-ruby.svg)](https://gemnasium.com/github.com/castle/castle-ruby)
 
 **[Castle](https://castle.io) analyzes device, location, and interaction patterns in your web and mobile apps and lets you stop account takeover attacks in real-time..**
 

data/lib/castle.rb

@@ -1,39 +1,44 @@
 # frozen_string_literal: true
 
-require 'openssl'
-require 'net/http'
-require 'json'
-require 'time'
+%w[
+  openssl
+  net/http
+  json
+  time
+].each(&method(:require))
 
-require 'castle/version'
-require 'castle/errors'
-require 'castle/command'
-require 'castle/utils'
-require 'castle/utils/merger'
-require 'castle/utils/cloner'
-require 'castle/utils/timestamp'
-require 'castle/validators/present'
-require 'castle/validators/not_supported'
-require 'castle/context/merger'
-require 'castle/context/sanitizer'
-require 'castle/context/default'
-require 'castle/commands/identify'
-require 'castle/commands/authenticate'
-require 'castle/commands/track'
-require 'castle/commands/review'
-require 'castle/commands/impersonate'
-require 'castle/configuration'
-require 'castle/failover_auth_response'
-require 'castle/client'
-require 'castle/header_formatter'
-require 'castle/secure_mode'
-require 'castle/extractors/client_id'
-require 'castle/extractors/headers'
-require 'castle/extractors/ip'
-require 'castle/response'
-require 'castle/request'
-require 'castle/review'
-require 'castle/api'
+%w[
+  castle/version
+  castle/errors
+  castle/command
+  castle/utils
+  castle/utils/merger
+  castle/utils/cloner
+  castle/utils/timestamp
+  castle/validators/present
+  castle/validators/not_supported
+  castle/context/merger
+  castle/context/sanitizer
+  castle/context/default
+  castle/commands/identify
+  castle/commands/authenticate
+  castle/commands/track
+  castle/commands/review
+  castle/commands/impersonate
+  castle/configuration
+  castle/failover_auth_response
+  castle/client
+  castle/header_formatter
+  castle/secure_mode
+  castle/extractors/client_id
+  castle/extractors/headers
+  castle/extractors/ip
+  castle/api/response
+  castle/api/request
+  castle/api/request/build
+  castle/review
+  castle/api
+].each(&method(:require))
 
 # main sdk module
 module Castle

data/lib/castle/api.rb

@@ -2,44 +2,38 @@
 
 module Castle
   # this class is responsible for making requests to api
-  class API
-    def initialize(headers = {})
-      @config = Castle.config
-      @http = prepare_http
-      @headers = headers.merge('Content-Type' => 'application/json')
-    end
-
-    def request(command)
-      request = Castle::Request.new(@headers).build(
-        command.path,
-        command.data,
-        command.method
-      )
-      perform_request(request)
-    end
+  module API
+    # Errors we handle internally
+    HANDLED_ERRORS = [
+      Timeout::Error,
+      Errno::EINVAL,
+      Errno::ECONNRESET,
+      EOFError,
+      Net::HTTPBadResponse,
+      Net::HTTPHeaderSyntaxError,
+      Net::ProtocolError
+    ].freeze
 
-    private
+    private_constant :HANDLED_ERRORS
 
-    def prepare_http
-      http = Net::HTTP.new(@config.host, @config.port)
-      http.read_timeout = @config.request_timeout / 1000.0
-      prepare_http_for_ssl(http) if @config.port == 443
-      http
-    end
-
-    def prepare_http_for_ssl(http)
-      http.use_ssl = true
-      http.verify_mode = OpenSSL::SSL::VERIFY_PEER
-    end
+    class << self
+      def request(command, headers = {})
+        raise Castle::ConfigurationError, 'configuration is not valid' unless Castle.config.valid?
 
-    def perform_request(request)
-      raise Castle::ConfigurationError, 'configuration is not valid' unless @config.valid?
-      begin
-        Castle::Response.new(@http.request(request)).parse
-      rescue Timeout::Error, Errno::EINVAL, Errno::ECONNRESET, EOFError,
-             Net::HTTPBadResponse, Net::HTTPHeaderSyntaxError,
-             Net::ProtocolError
-        raise Castle::RequestError, 'Castle API connection error'
+        begin
+          Castle::API::Response.call(
+            Castle::API::Request.call(
+              command,
+              Castle.config.api_secret,
+              headers
+            )
+          )
+        rescue *HANDLED_ERRORS => error
+          # @note We need to initialize the error, as the original error is a cause for this
+          # custom exception. If we would do it the default Ruby way, the original error
+          # would get converted into a string
+          raise Castle::RequestError.new(error) # rubocop:disable Style/RaiseArgs
+        end
       end
     end
   end

data/lib/castle/api/request.rb

@@ -0,0 +1,37 @@
+# frozen_string_literal: true
+
+module Castle
+  # this class is responsible for making requests to api
+  module API
+    module Request
+      # Default headers that we add to passed ones
+      DEFAULT_HEADERS = {
+        'Content-Type' => 'application/json'
+      }.freeze
+
+      private_constant :DEFAULT_HEADERS
+
+      class << self
+        def call(command, api_secret, headers)
+          http.request(
+            Castle::API::Request::Build.call(
+              command,
+              headers.merge(DEFAULT_HEADERS),
+              api_secret
+            )
+          )
+        end
+
+        def http
+          http = Net::HTTP.new(Castle.config.host, Castle.config.port)
+          http.read_timeout = Castle.config.request_timeout / 1000.0
+          if Castle.config.port == 443
+            http.use_ssl = true
+            http.verify_mode = OpenSSL::SSL::VERIFY_PEER
+          end
+          http
+        end
+      end
+    end
+  end
+end

data/lib/castle/api/request/build.rb

@@ -0,0 +1,27 @@
+# frozen_string_literal: true
+
+module Castle
+  module API
+    # generate api request
+    module Request
+      module Build
+        class << self
+          def call(command, headers, api_secret)
+            request = Net::HTTP.const_get(
+              command.method.to_s.capitalize
+            ).new("/#{Castle.config.url_prefix}/#{command.path}", headers)
+
+            unless command.method == :get
+              request.body = ::Castle::Utils.replace_invalid_characters(
+                command.data
+              ).to_json
+            end
+
+            request.basic_auth('', api_secret)
+            request
+          end
+        end
+      end
+    end
+  end
+end

data/lib/castle/api/response.rb

@@ -0,0 +1,40 @@
+# frozen_string_literal: true
+
+module Castle
+  module API
+    # parses api response
+    module Response
+      RESPONSE_ERRORS = {
+        400 => Castle::BadRequestError,
+        401 => Castle::UnauthorizedError,
+        403 => Castle::ForbiddenError,
+        404 => Castle::NotFoundError,
+        419 => Castle::UserUnauthorizedError,
+        422 => Castle::InvalidParametersError
+      }.freeze
+
+      class << self
+        def call(response)
+          verify!(response)
+
+          return {} if response.body.nil? || response.body.empty?
+
+          begin
+            JSON.parse(response.body, symbolize_names: true)
+          rescue JSON::ParserError
+            raise Castle::ApiError, 'Invalid response from Castle API'
+          end
+        end
+
+        def verify!(response)
+          return if response.code.to_i.between?(200, 299)
+
+          raise Castle::InternalServerError if response.code.to_i.between?(500, 599)
+
+          error = RESPONSE_ERRORS.fetch(response.code.to_i, Castle::ApiError)
+          raise error, response[:message]
+        end
+      end
+    end
+  end
+end

data/lib/castle/client.rb

@@ -27,13 +27,12 @@ module Castle
       end
     end
 
-    attr_accessor :api
+    attr_accessor :context
 
     def initialize(context, options = {})
       @do_not_track = options.fetch(:do_not_track, false)
       @timestamp = options[:timestamp]
       @context = context
-      @api = API.new
     end
 
     def authenticate(options = {})
@@ -43,7 +42,7 @@ module Castle
         add_timestamp_if_necessary(options)
         command = Castle::Commands::Authenticate.new(@context).build(options)
         begin
-          @api.request(command).merge(failover: false, failover_reason: nil)
+          Castle::API.request(command).merge(failover: false, failover_reason: nil)
         rescue Castle::RequestError, Castle::InternalServerError => error
           self.class.failover_response_or_raise(
             FailoverAuthResponse.new(options[:user_id], reason: error.to_s), error
@@ -64,7 +63,7 @@ module Castle
       add_timestamp_if_necessary(options)
 
       command = Castle::Commands::Identify.new(@context).build(options)
-      @api.request(command)
+      Castle::API.request(command)
     end
 
     def track(options = {})
@@ -74,14 +73,14 @@ module Castle
       add_timestamp_if_necessary(options)
 
       command = Castle::Commands::Track.new(@context).build(options)
-      @api.request(command)
+      Castle::API.request(command)
     end
 
     def impersonate(options = {})
       options = Castle::Utils.deep_symbolize_keys(options || {})
       add_timestamp_if_necessary(options)
       command = Castle::Commands::Impersonate.new(@context).build(options)
-      @api.request(command).tap do |response|
+      Castle::API.request(command).tap do |response|
         raise Castle::ImpersonationFailed unless response[:success]
       end
     end

data/lib/castle/configuration.rb

@@ -3,6 +3,10 @@
 module Castle
   # manages configuration variables
   class Configuration
+    HOST = 'api.castle.io'
+    PORT = 443
+    URL_PREFIX = 'v1'
+    FAILOVER_STRATEGY = :allow
     REQUEST_TIMEOUT = 500 # in milliseconds
     FAILOVER_STRATEGIES = %i[allow deny challenge throw].freeze
     WHITELISTED = [
@@ -20,7 +24,6 @@ module Castle
       'X-Forwarded-For',
       'CF_CONNECTING_IP'
     ].freeze
-
     BLACKLISTED = ['HTTP_COOKIE'].freeze
 
     attr_accessor :host, :port, :request_timeout, :url_prefix
@@ -29,10 +32,10 @@ module Castle
     def initialize
       @formatter = Castle::HeaderFormatter.new
       @request_timeout = REQUEST_TIMEOUT
-      self.failover_strategy = :allow
-      self.host = 'api.castle.io'
-      self.port = 443
-      self.url_prefix = 'v1'
+      self.failover_strategy = FAILOVER_STRATEGY
+      self.host = HOST
+      self.port = PORT
+      self.url_prefix = URL_PREFIX
       self.whitelisted = WHITELISTED
       self.blacklisted = BLACKLISTED
       self.api_secret = ''

data/lib/castle/errors.rb

@@ -3,8 +3,17 @@
 module Castle
   # general error
   class Error < RuntimeError; end
-  # request error
-  class RequestError < Castle::Error; end
+  # Raised when anything is wrong with the request (any unhappy path)
+  # This error indicates that either we would wait too long for a response or something
+  # else happened somewhere in the middle and we weren't able to get the results
+  class RequestError < Castle::Error
+    attr_reader :reason
+
+    # @param reason [Exception] the core exception that causes this error
+    def initialize(reason)
+      @reason = reason
+    end
+  end
   # security error
   class SecurityError < Castle::Error; end
   # wrong configuration error

data/lib/castle/review.rb

@@ -3,9 +3,9 @@
 module Castle
   class Review
     def self.retrieve(review_id)
-      command = Castle::Commands::Review.build(review_id)
-
-      API.new.request(command)
+      Castle::API.request(
+        Castle::Commands::Review.build(review_id)
+      )
     end
   end
 end

data/lib/castle/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module Castle
-  VERSION = '3.5.0'
+  VERSION = '3.5.1'
 end

data/spec/lib/castle/api/request/build_spec.rb

@@ -0,0 +1,44 @@
+# frozen_string_literal: true
+
+describe Castle::API::Request::Build do
+  subject(:call) { described_class.call(command, headers, api_secret) }
+
+  let(:headers) { { 'SAMPLE-HEADER' => '1' } }
+  let(:api_secret) { 'secret' }
+
+  describe 'call' do
+    context 'when get' do
+      let(:command) { Castle::Commands::Review.build(review_id) }
+      let(:review_id) { SecureRandom.uuid }
+
+      it { expect(call.body).to be_nil }
+      it { expect(call.method).to eql('GET') }
+      it { expect(call.path).to eql("/v1/#{command.path}") }
+      it { expect(call.to_hash).to have_key('authorization') }
+      it { expect(call.to_hash).to have_key('sample-header') }
+      it { expect(call.to_hash['sample-header']).to eql(['1']) }
+    end
+
+    context 'when post' do
+      let(:time) { Time.now.utc.iso8601(3) }
+      let(:command) { Castle::Commands::Track.new({}).build(event: '$login.succeeded', name: "\xC4") }
+      let(:expected_body) do
+        {
+          event: '$login.succeeded',
+          name: "�",
+          context: {},
+          sent_at: time
+        }
+      end
+
+      before { allow(Castle::Utils::Timestamp).to receive(:call).and_return(time) }
+
+      it { expect(call.body).to be_eql(expected_body.to_json) }
+      it { expect(call.method).to eql('POST') }
+      it { expect(call.path).to eql("/v1/#{command.path}") }
+      it { expect(call.to_hash).to have_key('authorization') }
+      it { expect(call.to_hash).to have_key('sample-header') }
+      it { expect(call.to_hash['sample-header']).to eql(['1']) }
+    end
+  end
+end

data/spec/lib/castle/api/request_spec.rb

@@ -0,0 +1,59 @@
+# frozen_string_literal: true
+
+describe Castle::API::Request do
+  describe '#call' do
+    subject(:call) { described_class.call(command, api_secret, headers) }
+
+    let(:http) { instance_double('Net::HTTP') }
+    let(:request_build) { instance_double('Castle::API::Request::Build') }
+    let(:command) { Castle::Commands::Track.new({}).build(event: '$login.succeeded') }
+    let(:headers) { {} }
+    let(:api_secret) { 'secret' }
+    let(:expected_headers) { { 'Content-Type' => 'application/json' } }
+
+    before do
+      allow(described_class).to receive(:http).and_return(http)
+      allow(http).to receive(:request).with(request_build)
+      allow(Castle::API::Request::Build).to receive(:call)
+        .with(command, expected_headers, api_secret)
+        .and_return(request_build)
+      call
+    end
+
+    it do
+      expect(Castle::API::Request::Build).to have_received(:call)
+        .with(command, expected_headers, api_secret)
+    end
+    it { expect(http).to have_received(:request).with(request_build) }
+  end
+
+  describe '#http' do
+    subject(:http) { described_class.http }
+
+    context 'when ssl false' do
+      before do
+        Castle.config.host = 'localhost'
+        Castle.config.port = 3002
+      end
+
+      after do
+        Castle.config.host = Castle::Configuration::HOST
+        Castle.config.port = Castle::Configuration::PORT
+      end
+
+      it { expect(http).to be_instance_of(Net::HTTP) }
+      it { expect(http.address).to eq(Castle.config.host) }
+      it { expect(http.port).to eq(Castle.config.port) }
+      it { expect(http.use_ssl?).to be false }
+      it { expect(http.verify_mode).to be_nil }
+    end
+
+    context 'when ssl true' do
+      it { expect(http).to be_instance_of(Net::HTTP) }
+      it { expect(http.address).to eq(Castle.config.host) }
+      it { expect(http.port).to eq(Castle.config.port) }
+      it { expect(http.use_ssl?).to be true }
+      it { expect(http.verify_mode).to eq(OpenSSL::SSL::VERIFY_PEER) }
+    end
+  end
+end

data/spec/lib/castle/api/response_spec.rb

@@ -0,0 +1,58 @@
+# frozen_string_literal: true
+
+describe Castle::API::Response do
+  describe '#call' do
+    subject(:call) { described_class.call(response) }
+
+    context 'when success' do
+      let(:response) { OpenStruct.new(body: '{"user":1}', code: 200) }
+
+      it { expect(call).to eql(user: 1) }
+    end
+
+    context 'when response empty' do
+      let(:response) { OpenStruct.new(body: '', code: 200) }
+
+      it { expect(call).to eql({}) }
+    end
+
+    context 'when response nil' do
+      let(:response) { OpenStruct.new(code: 200) }
+
+      it { expect(call).to eql({}) }
+    end
+
+    context 'when json is malformed' do
+      let(:response) { OpenStruct.new(body: '{a', code: 200) }
+
+      it { expect { call }.to raise_error(Castle::ApiError) }
+    end
+  end
+
+  describe '#verify!' do
+    subject(:verify!) { described_class.verify!(response) }
+
+    context 'without error when response is 2xx' do
+      let(:response) { OpenStruct.new(code: 200) }
+
+      it { expect { verify! }.not_to raise_error }
+    end
+
+    shared_examples 'response_failed' do |code, error|
+      let(:response) { OpenStruct.new(code: code) }
+
+      it "fail when response is #{code}" do
+        expect { verify! }.to raise_error(error)
+      end
+    end
+
+    it_behaves_like 'response_failed', '400', Castle::BadRequestError
+    it_behaves_like 'response_failed', '401', Castle::UnauthorizedError
+    it_behaves_like 'response_failed', '403', Castle::ForbiddenError
+    it_behaves_like 'response_failed', '404', Castle::NotFoundError
+    it_behaves_like 'response_failed', '419', Castle::UserUnauthorizedError
+    it_behaves_like 'response_failed', '422', Castle::InvalidParametersError
+    it_behaves_like 'response_failed', '499', Castle::ApiError
+    it_behaves_like 'response_failed', '500', Castle::InternalServerError
+  end
+end

data/spec/lib/castle/api_spec.rb

@@ -1,44 +1,36 @@
 # frozen_string_literal: true
 
 describe Castle::API do
-  let(:api) { described_class.new('X-Castle-Client-Id' => 'abcd', 'X-Castle-Ip' => '1.2.3.4') }
-  let(:command) { Castle::Command.new('authenticate', '1234', :post) }
-  let(:result_headers) do
-    { 'Accept' => '*/*',
-      'Accept-Encoding' => 'gzip;q=1.0,deflate;q=0.6,identity;q=0.3',
-      'User-Agent' => 'Ruby', 'X-Castle-Client-Id' => 'abcd',
-      'X-Castle-Ip' => '1.2.3.4' }
-  end
+  subject(:request) { described_class.request(command) }
+
+  let(:command) { Castle::Commands::Track.new({}).build(event: '$login.succeeded') }
+
+  context 'when request timeouts' do
+    before { stub_request(:any, /api.castle.io/).to_timeout }
 
-  describe 'handles timeout' do
-    before do
-      stub_request(:any, /api.castle.io/).to_timeout
-    end
     it do
       expect do
-        api.request(command)
+        request
       end.to raise_error(Castle::RequestError)
     end
   end
 
-  describe 'handles non-OK response code' do
-    before do
-      stub_request(:any, /api.castle.io/).to_return(status: 400)
-    end
+  context 'when non-OK response code' do
+    before { stub_request(:any, /api.castle.io/).to_return(status: 400) }
+
     it do
       expect do
-        api.request(command)
+        request
       end.to raise_error(Castle::BadRequestError)
     end
   end
 
-  describe 'handles missing configuration' do
-    before do
-      allow(Castle.config).to receive(:api_secret).and_return('')
-    end
+  context 'when no api_secret' do
+    before { allow(Castle.config).to receive(:api_secret).and_return('') }
+
     it do
       expect do
-        api.request(command)
+        request
       end.to raise_error(Castle::ConfigurationError)
     end
   end

data/spec/lib/castle/client_spec.rb

@@ -50,12 +50,12 @@ describe Castle::Client do
 
   describe 'parses the request' do
     before do
-      allow(Castle::API).to receive(:new).and_call_original
+      allow(Castle::API).to receive(:request).and_call_original
     end
 
     it do
       client.authenticate(event: '$login.succeeded', user_id: '1234')
-      expect(Castle::API).to have_received(:new)
+      expect(Castle::API).to have_received(:request)
     end
   end
 
@@ -244,7 +244,7 @@ describe Castle::Client do
     end
 
     context 'when request with fail' do
-      before { allow(client.api).to receive(:request).and_raise(Castle::RequestError) }
+      before { allow(Castle::API).to receive(:request).and_raise(Castle::RequestError.new(Timeout::Error)) }
 
       context 'with request error and throw strategy' do
         before { allow(Castle.config).to receive(:failover_strategy).and_return(:throw) }
@@ -262,7 +262,7 @@ describe Castle::Client do
     end
 
     context 'when request is internal server error' do
-      before { allow(client.api).to receive(:request).and_raise(Castle::InternalServerError) }
+      before { allow(Castle::API).to receive(:request).and_raise(Castle::InternalServerError) }
 
       describe 'throw strategy' do
         before { allow(Castle.config).to receive(:failover_strategy).and_return(:throw) }

data/spec/lib/castle/review_spec.rb

@@ -14,10 +14,6 @@ describe Castle::Review do
 
     before { retrieve }
 
-    it do
-      assert_requested :get,
-                       "https://api.castle.io/v1/reviews/#{review_id}",
-                       times: 1
-    end
+    it { assert_requested :get, "https://api.castle.io/v1/reviews/#{review_id}", times: 1 }
   end
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: castle-rb
 version: !ruby/object:Gem::Version
-  version: 3.5.0
+  version: 3.5.1
 platform: ruby
 authors:
 - Johan Brissmyr
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2018-04-18 00:00:00.000000000 Z
+date: 2018-10-27 00:00:00.000000000 Z
 dependencies: []
 description: Castle protects your users from account compromise
 email: johan@castle.io
@@ -20,6 +20,9 @@ files:
 - lib/castle-rb.rb
 - lib/castle.rb
 - lib/castle/api.rb
+- lib/castle/api/request.rb
+- lib/castle/api/request/build.rb
+- lib/castle/api/response.rb
 - lib/castle/client.rb
 - lib/castle/command.rb
 - lib/castle/commands/authenticate.rb
@@ -37,8 +40,6 @@ files:
 - lib/castle/extractors/ip.rb
 - lib/castle/failover_auth_response.rb
 - lib/castle/header_formatter.rb
-- lib/castle/request.rb
-- lib/castle/response.rb
 - lib/castle/review.rb
 - lib/castle/secure_mode.rb
 - lib/castle/support/hanami.rb
@@ -52,6 +53,9 @@ files:
 - lib/castle/validators/not_supported.rb
 - lib/castle/validators/present.rb
 - lib/castle/version.rb
+- spec/lib/castle/api/request/build_spec.rb
+- spec/lib/castle/api/request_spec.rb
+- spec/lib/castle/api/response_spec.rb
 - spec/lib/castle/api_spec.rb
 - spec/lib/castle/client_spec.rb
 - spec/lib/castle/command_spec.rb
@@ -68,8 +72,6 @@ files:
 - spec/lib/castle/extractors/headers_spec.rb
 - spec/lib/castle/extractors/ip_spec.rb
 - spec/lib/castle/header_formatter_spec.rb
-- spec/lib/castle/request_spec.rb
-- spec/lib/castle/response_spec.rb
 - spec/lib/castle/review_spec.rb
 - spec/lib/castle/secure_mode_spec.rb
 - spec/lib/castle/utils/cloner_spec.rb
@@ -101,7 +103,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubyforge_project: 
-rubygems_version: 2.7.4
+rubygems_version: 2.7.6
 signing_key: 
 specification_version: 4
 summary: Castle
@@ -121,8 +123,9 @@ test_files:
 - spec/lib/castle/utils/timestamp_spec.rb
 - spec/lib/castle/utils/merger_spec.rb
 - spec/lib/castle/command_spec.rb
-- spec/lib/castle/request_spec.rb
-- spec/lib/castle/response_spec.rb
+- spec/lib/castle/api/request_spec.rb
+- spec/lib/castle/api/response_spec.rb
+- spec/lib/castle/api/request/build_spec.rb
 - spec/lib/castle/commands/review_spec.rb
 - spec/lib/castle/commands/authenticate_spec.rb
 - spec/lib/castle/commands/track_spec.rb

data/lib/castle/request.rb

@@ -1,28 +0,0 @@
-# frozen_string_literal: true
-
-module Castle
-  # generate api request
-  class Request
-    def initialize(headers = {})
-      @config = Castle.config
-      @headers = headers
-    end
-
-    def build(endpoint, args, method)
-      request = Net::HTTP.const_get(method.to_s.capitalize).new(build_url(endpoint), @headers)
-      request.body = ::Castle::Utils.replace_invalid_characters(args).to_json unless method == :get
-      add_basic_auth(request)
-      request
-    end
-
-    private
-
-    def build_url(endpoint)
-      "/#{@config.url_prefix}/#{endpoint}"
-    end
-
-    def add_basic_auth(request)
-      request.basic_auth('', @config.api_secret)
-    end
-  end
-end

data/lib/castle/response.rb

@@ -1,45 +0,0 @@
-# frozen_string_literal: true
-
-module Castle
-  # parses api response
-  class Response
-    RESPONSE_ERRORS = {
-      400 => Castle::BadRequestError,
-      401 => Castle::UnauthorizedError,
-      403 => Castle::ForbiddenError,
-      404 => Castle::NotFoundError,
-      419 => Castle::UserUnauthorizedError,
-      422 => Castle::InvalidParametersError
-    }.freeze
-
-    def initialize(response)
-      @response = response
-      verify_response_code
-    end
-
-    def parse
-      response_body = @response.body
-
-      return {} if response_body.nil? || response_body.empty?
-
-      begin
-        JSON.parse(response_body, symbolize_names: true)
-      rescue JSON::ParserError
-        raise Castle::ApiError, 'Invalid response from Castle API'
-      end
-    end
-
-    private
-
-    def verify_response_code
-      response_code = @response.code.to_i
-
-      return if response_code.between?(200, 299)
-
-      raise Castle::InternalServerError if response_code.between?(500, 599)
-
-      error = RESPONSE_ERRORS.fetch(response_code, Castle::ApiError)
-      raise error, @response[:message]
-    end
-  end
-end

data/spec/lib/castle/request_spec.rb

@@ -1,40 +0,0 @@
-# frozen_string_literal: true
-
-describe Castle::Request do
-  subject { described_class.new(headers) }
-
-  let(:headers) { { 'SAMPLE-HEADER' => '1' } }
-  let(:api_secret) { Castle.config.api_secret }
-
-  describe 'build' do
-    context 'when get' do
-      let(:path) { 'endpoint' }
-      let(:params) { { user_id: 1 } }
-      let(:request) { subject.build(path, params, :get) }
-
-      it { expect(request.body).to be_nil }
-      it { expect(request.method).to eql('GET') }
-      it { expect(request.path).to eql('/v1/endpoint') }
-      it { expect(request.to_hash['sample-header']).to eql(['1']) }
-      it { expect(request.to_hash['authorization'][0]).to match(/Basic \w/) }
-    end
-
-    context 'when post' do
-      let(:path) { 'endpoint' }
-      let(:params) { { user_id: 1 } }
-      let(:request) { subject.build(path, params, :post) }
-
-      it { expect(request.body).to be_eql('{"user_id":1}') }
-      it { expect(request.method).to eql('POST') }
-      it { expect(request.path).to eql('/v1/endpoint') }
-      it { expect(request.to_hash['sample-header']).to eql(['1']) }
-      it { expect(request.to_hash['authorization'][0]).to match(/Basic \w/) }
-
-      context 'with non-UTF-8 charaters' do
-        let(:params) { { name: "\xC4" } }
-
-        it { expect(request.body).to eq '{"name":"�"}' }
-      end
-    end
-  end
-end

data/spec/lib/castle/response_spec.rb

@@ -1,69 +0,0 @@
-# frozen_string_literal: true
-
-describe Castle::Response do
-  subject(:castle_response) do
-    described_class.new(response)
-  end
-
-  describe 'initialize' do
-    context 'without error when response is 2xx' do
-      let(:response) { OpenStruct.new(code: 200) }
-
-      it do
-        expect(castle_response).to be_truthy
-      end
-    end
-
-    shared_examples 'response_failed' do |code, error|
-      let(:response) { OpenStruct.new(code: code) }
-
-      it "fail when response is #{code}" do
-        expect do
-          castle_response
-        end.to raise_error(error)
-      end
-    end
-
-    it_behaves_like 'response_failed', 400, Castle::BadRequestError
-    it_behaves_like 'response_failed', 401, Castle::UnauthorizedError
-    it_behaves_like 'response_failed', 403, Castle::ForbiddenError
-    it_behaves_like 'response_failed', 404, Castle::NotFoundError
-    it_behaves_like 'response_failed', 419, Castle::UserUnauthorizedError
-    it_behaves_like 'response_failed', 422, Castle::InvalidParametersError
-    it_behaves_like 'response_failed', 499, Castle::ApiError
-    it_behaves_like 'response_failed', 500, Castle::InternalServerError
-  end
-
-  describe 'parse' do
-    context 'when success' do
-      let(:response) { OpenStruct.new(body: '{"user":1}', code: 200) }
-
-      it do
-        expect(castle_response.parse).to eql(user: 1)
-      end
-    end
-    context 'when response empty' do
-      let(:response) { OpenStruct.new(body: '', code: 200) }
-
-      it do
-        expect(castle_response.parse).to eql({})
-      end
-    end
-    context 'when response nil' do
-      let(:response) { OpenStruct.new(code: 200) }
-
-      it do
-        expect(castle_response.parse).to eql({})
-      end
-    end
-    context 'when json is malformed' do
-      let(:response) { OpenStruct.new(body: '{a', code: 200) }
-
-      it do
-        expect do
-          castle_response.parse
-        end.to raise_error(Castle::ApiError)
-      end
-    end
-  end
-end