castle-rb 4.2.1 → 7.0.0

data/lib/castle/api/request.rb

@@ -1,42 +0,0 @@
-# frozen_string_literal: true
-
-module Castle
-  module API
-    # this class is responsible for making requests to api
-    module Request
-      # Default headers that we add to passed ones
-      DEFAULT_HEADERS = {
-        'Content-Type' => 'application/json'
-      }.freeze
-
-      private_constant :DEFAULT_HEADERS
-
-      class << self
-        def call(command, api_secret, headers)
-          Castle::API::Session.get.request(
-            build(
-              command,
-              headers.merge(DEFAULT_HEADERS),
-              api_secret
-            )
-          )
-        end
-
-        def build(command, headers, api_secret)
-          request_obj = Net::HTTP.const_get(
-            command.method.to_s.capitalize
-          ).new("#{Castle.config.url_prefix}/#{command.path}", headers)
-
-          unless command.method == :get
-            request_obj.body = ::Castle::Utils.replace_invalid_characters(
-              command.data
-            ).to_json
-          end
-
-          request_obj.basic_auth('', api_secret)
-          request_obj
-        end
-      end
-    end
-  end
-end

data/lib/castle/api/session.rb

@@ -1,39 +0,0 @@
-# frozen_string_literal: true
-
-require 'singleton'
-
-module Castle
-  module API
-    # this class keeps http config object
-    # and provides start/finish methods for persistent connection usage
-    # when there is a need of sending multiple requests at once
-    class Session
-      include Singleton
-
-      attr_accessor :http
-
-      def initialize
-        reset
-      end
-
-      def reset
-        @http = Net::HTTP.new(Castle.config.host, Castle.config.port)
-        @http.read_timeout = Castle.config.request_timeout / 1000.0
-
-        if Castle.config.port == 443
-          @http.use_ssl = true
-          @http.verify_mode = OpenSSL::SSL::VERIFY_PEER
-        end
-
-        @http
-      end
-
-      class << self
-        # @return [Net::HTTP]
-        def get
-          instance.http
-        end
-      end
-    end
-  end
-end

data/lib/castle/commands/identify.rb

@@ -1,23 +0,0 @@
-# frozen_string_literal: true
-
-module Castle
-  module Commands
-    class Identify
-      def initialize(context)
-        @context = context
-      end
-
-      def build(options = {})
-        Castle::Validators::NotSupported.call(options, %i[properties])
-        context = Castle::Context::Merger.call(@context, options[:context])
-        context = Castle::Context::Sanitizer.call(context)
-
-        Castle::Command.new(
-          'identify',
-          options.merge(context: context, sent_at: Castle::Utils::Timestamp.call),
-          :post
-        )
-      end
-    end
-  end
-end

data/lib/castle/commands/impersonate.rb

@@ -1,26 +0,0 @@
-# frozen_string_literal: true
-
-module Castle
-  module Commands
-    # builder for impersonate command
-    class Impersonate
-      def initialize(context)
-        @context = context
-      end
-
-      def build(options = {})
-        Castle::Validators::Present.call(options, %i[user_id])
-        context = Castle::Context::Merger.call(@context, options[:context])
-        context = Castle::Context::Sanitizer.call(context)
-
-        Castle::Validators::Present.call(context, %i[user_agent ip])
-
-        Castle::Command.new(
-          'impersonate',
-          options.merge(context: context, sent_at: Castle::Utils::Timestamp.call),
-          options[:reset] ? :delete : :post
-        )
-      end
-    end
-  end
-end

data/lib/castle/commands/review.rb

@@ -1,14 +0,0 @@
-# frozen_string_literal: true
-
-module Castle
-  module Commands
-    class Review
-      class << self
-        def build(review_id)
-          Castle::Validators::Present.call({ review_id: review_id }, %i[review_id])
-          Castle::Command.new("reviews/#{review_id}", nil, :get)
-        end
-      end
-    end
-  end
-end

data/lib/castle/events.rb

@@ -1,49 +0,0 @@
-# frozen_string_literal: true
-
-module Castle
-  # list of events based on https://docs.castle.io/api_reference/#list-of-recognized-events
-  module Events
-    # Record when a user succesfully logs in.
-    LOGIN_SUCCEEDED = '$login.succeeded'
-    # Record when a user failed to log in.
-    LOGIN_FAILED = '$login.failed'
-    # Record when a user logs out.
-    LOGOUT_SUCCEEDED = '$logout.succeeded'
-    # Record when a user updated their profile (including password, email, phone, etc).
-    PROFILE_UPDATE_SUCCEEDED = '$profile_update.succeeded'
-    # Record errors when updating profile.
-    PROFILE_UPDATE_FAILED = '$profile_update.failed'
-    # Capture account creation, both when a user signs up as well as when created manually
-    # by an administrator.
-    REGISTRATION_SUCCEEDED = '$registration.succeeded'
-    # Record when an account failed to be created.
-    REGISTRATION_FAILED = '$registration.failed'
-    # The user completed all of the steps in the password reset process and the password was
-    # successfully reset.Password resets do not required knowledge of the current password.
-    PASSWORD_RESET_SUCCEEDED = '$password_reset.succeeded'
-    # Use to record when a user failed to reset their password.
-    PASSWORD_RESET_FAILED = '$password_reset.failed'
-    # The user successfully requested a password reset.
-    PASSWORD_RESET_REQUEST_SUCCCEEDED = '$password_reset_request.succeeded'
-    # The user failed to request a password reset.
-    PASSWORD_RESET_REQUEST_FAILED = '$password_reset_request.failed'
-    # User account has been reset.
-    INCIDENT_MITIGATED = '$incident.mitigated'
-    # User confirmed malicious activity.
-    REVIEW_ESCALATED = '$review.escalated'
-    # User confirmed safe activity.
-    REVIEW_RESOLVED = '$review.resolved'
-    # Record when a user is prompted with additional verification, such as two-factor
-    # authentication or a captcha.
-    CHALLENGE_REQUESTED = '$challenge.requested'
-    # Record when additional verification was successful.
-    CHALLENGE_SUCCEEDED = '$challenge.succeeded'
-    # Record when additional verification failed.
-    CHALLENGE_FAILED = '$challenge.failed'
-    # Record when a user attempts an in-app transaction, such as a purchase or withdrawal.
-    TRANSACTION_ATTEMPTED = '$transaction.attempted'
-    # Record when a user session is extended, or use any time you want
-    # to re-authenticate a user mid-session.
-    SESSION_EXTENDED = '$session.extended'
-  end
-end

data/lib/castle/extractors/headers.rb

@@ -1,45 +0,0 @@
-# frozen_string_literal: true
-
-module Castle
-  module Extractors
-    # used for extraction of cookies and headers from the request
-    class Headers
-      # Headers that we will never scrub, even if they land on the configuration blacklist.
-      ALWAYS_WHITELISTED = %w[User-Agent].freeze
-
-      # Headers that will always be scrubbed, even if whitelisted.
-      ALWAYS_BLACKLISTED = %w[Cookie Authorization].freeze
-
-      private_constant :ALWAYS_WHITELISTED, :ALWAYS_BLACKLISTED
-
-      # @param headers [Hash]
-      def initialize(headers)
-        @headers = headers
-        @no_whitelist = Castle.config.whitelisted.empty?
-      end
-
-      # Serialize HTTP headers
-      # @return [Hash]
-      def call
-        @headers.each_with_object({}) do |(name, value), acc|
-          acc[name] = header_value(name, value)
-        end
-      end
-
-      private
-
-      # scrub header value
-      # @param name [String]
-      # @param value [String]
-      # @return [TrueClass | FalseClass | String]
-      def header_value(name, value)
-        return true if ALWAYS_BLACKLISTED.include?(name)
-        return value if ALWAYS_WHITELISTED.include?(name)
-        return true if Castle.config.blacklisted.include?(name)
-        return value if @no_whitelist || Castle.config.whitelisted.include?(name)
-
-        true
-      end
-    end
-  end
-end

data/lib/castle/failover_auth_response.rb

@@ -1,21 +0,0 @@
-# frozen_string_literal: true
-
-module Castle
-  # generate failover authentication response
-  class FailoverAuthResponse
-    def initialize(user_id, strategy: Castle.config.failover_strategy, reason:)
-      @strategy = strategy
-      @reason = reason
-      @user_id = user_id
-    end
-
-    def generate
-      {
-        action: @strategy.to_s,
-        user_id: @user_id,
-        failover: true,
-        failover_reason: @reason
-      }
-    end
-  end
-end

data/lib/castle/headers_filter.rb

@@ -1,35 +0,0 @@
-# frozen_string_literal: true
-
-module Castle
-  # used for preparing valuable headers list
-  class HeadersFilter
-    # headers filter
-    # HTTP_ - this is how Rack prefixes incoming HTTP headers
-    # CONTENT_LENGTH - for responses without Content-Length or Transfer-Encoding header
-    # REMOTE_ADDR - ip address header returned by web server
-    VALUABLE_HEADERS = /^
-      HTTP(?:_|-).*|
-      CONTENT(?:_|-)LENGTH|
-      REMOTE(?:_|-)ADDR
-    $/xi.freeze
-
-    private_constant :VALUABLE_HEADERS
-
-    # @param request [Rack::Request]
-    def initialize(request)
-      @request_env = request.env
-      @formatter = HeadersFormatter
-    end
-
-    # Serialize HTTP headers
-    # @return [Hash]
-    def call
-      @request_env.keys.each_with_object({}) do |header_name, acc|
-        next unless header_name.match(VALUABLE_HEADERS)
-
-        formatted_name = @formatter.call(header_name)
-        acc[formatted_name] = @request_env[header_name]
-      end
-    end
-  end
-end

data/lib/castle/headers_formatter.rb

@@ -1,22 +0,0 @@
-# frozen_string_literal: true
-
-module Castle
-  # formats header name
-  class HeadersFormatter
-    class << self
-      # @param header [String]
-      # @return [String]
-      def call(header)
-        format(header.to_s.gsub(/^HTTP(?:_|-)/i, ''))
-      end
-
-      private
-
-      # @param header [String]
-      # @return [String]
-      def format(header)
-        header.split(/_|-/).map(&:capitalize).join('-')
-      end
-    end
-  end
-end

data/lib/castle/review.rb

@@ -1,11 +0,0 @@
-# frozen_string_literal: true
-
-module Castle
-  class Review
-    def self.retrieve(review_id)
-      Castle::API.request(
-        Castle::Commands::Review.build(review_id)
-      )
-    end
-  end
-end

data/lib/castle/utils.rb

@@ -1,55 +0,0 @@
-# frozen_string_literal: true
-
-module Castle
-  module Utils
-    class << self
-      # Returns a new hash with all keys converted to symbols, as long as
-      # they respond to +to_sym+. This includes the keys from the root hash
-      # and from all nested hashes and arrays.
-      #
-      #   hash = { 'person' => { 'name' => 'Rob', 'age' => '28' } }
-      #
-      #   Castle::Hash.deep_symbolize_keys(hash)
-      #   # => {:person=>{:name=>"Rob", :age=>"28"}}
-      def deep_symbolize_keys(object, &block)
-        case object
-        when Hash
-          object.each_with_object({}) do |(key, value), result|
-            result[key.to_sym] = deep_symbolize_keys(value, &block)
-          end
-        when Array
-          object.map { |e| deep_symbolize_keys(e, &block) }
-        else
-          object
-        end
-      end
-
-      def deep_symbolize_keys!(object, &block)
-        case object
-        when Hash
-          object.keys.each do |key|
-            value = object.delete(key)
-            object[key.to_sym] = deep_symbolize_keys!(value, &block)
-          end
-          object
-        when Array
-          object.map! { |e| deep_symbolize_keys!(e, &block) }
-        else
-          object
-        end
-      end
-
-      def replace_invalid_characters(arg)
-        if arg.is_a?(::String)
-          arg.encode('UTF-8', invalid: :replace, undef: :replace)
-        elsif arg.is_a?(::Hash)
-          arg.each_with_object({}) { |(k, v), h| h[k] = replace_invalid_characters(v) }
-        elsif arg.is_a?(::Array)
-          arg.map(&method(:replace_invalid_characters))
-        else
-          arg
-        end
-      end
-    end
-  end
-end

data/lib/castle/utils/cloner.rb

@@ -1,11 +0,0 @@
-# frozen_string_literal: true
-
-module Castle
-  module Utils
-    class Cloner
-      def self.call(object)
-        Marshal.load(Marshal.dump(object))
-      end
-    end
-  end
-end

data/lib/castle/utils/timestamp.rb

@@ -1,12 +0,0 @@
-# frozen_string_literal: true
-
-module Castle
-  module Utils
-    # generates proper timestamp
-    class Timestamp
-      def self.call
-        Time.now.utc.iso8601(3)
-      end
-    end
-  end
-end

data/spec/lib/castle/api/request_spec.rb

@@ -1,72 +0,0 @@
-# frozen_string_literal: true
-
-describe Castle::API::Request do
-  describe '#call' do
-    subject(:call) { described_class.call(command, api_secret, headers) }
-
-    let(:session) { instance_double('Castle::API::Session') }
-    let(:http) { instance_double('Net::HTTP') }
-    let(:command) { Castle::Commands::Track.new({}).build(event: '$login.succeeded') }
-    let(:headers) { {} }
-    let(:api_secret) { 'secret' }
-    let(:request_build) { {} }
-    let(:expected_headers) { { 'Content-Type' => 'application/json' } }
-
-    before do
-      allow(Castle::API::Session).to receive(:instance).and_return(session)
-      allow(session).to receive(:http).and_return(http)
-      allow(http).to receive(:request)
-      allow(described_class).to receive(:build).and_return(request_build)
-      call
-    end
-
-    it do
-      expect(described_class).to have_received(:build).with(command, expected_headers, api_secret)
-    end
-
-    it { expect(http).to have_received(:request).with(request_build) }
-  end
-
-  describe '#build' do
-    subject(:build) { described_class.build(command, headers, api_secret) }
-
-    let(:headers) { { 'SAMPLE-HEADER' => '1' } }
-    let(:api_secret) { 'secret' }
-
-    context 'when get' do
-      let(:command) { Castle::Commands::Review.build(review_id) }
-      let(:review_id) { SecureRandom.uuid }
-
-      it { expect(build.body).to be_nil }
-      it { expect(build.method).to eql('GET') }
-      it { expect(build.path).to eql("/v1/#{command.path}") }
-      it { expect(build.to_hash).to have_key('authorization') }
-      it { expect(build.to_hash).to have_key('sample-header') }
-      it { expect(build.to_hash['sample-header']).to eql(['1']) }
-    end
-
-    context 'when post' do
-      let(:time) { Time.now.utc.iso8601(3) }
-      let(:command) do
-        Castle::Commands::Track.new({}).build(event: '$login.succeeded', name: "\xC4")
-      end
-      let(:expected_body) do
-        {
-          event: '$login.succeeded',
-          name: '�',
-          context: {},
-          sent_at: time
-        }
-      end
-
-      before { allow(Castle::Utils::Timestamp).to receive(:call).and_return(time) }
-
-      it { expect(build.body).to be_eql(expected_body.to_json) }
-      it { expect(build.method).to eql('POST') }
-      it { expect(build.path).to eql("/v1/#{command.path}") }
-      it { expect(build.to_hash).to have_key('authorization') }
-      it { expect(build.to_hash).to have_key('sample-header') }
-      it { expect(build.to_hash['sample-header']).to eql(['1']) }
-    end
-  end
-end