castle-rb 5.0.0 → 7.1.1

data/lib/castle/context/{merger.rb → merge.rb}

@@ -2,11 +2,11 @@
 
 module Castle
   module Context
-    class Merger
+    class Merge
       class << self
         def call(initial_context, request_context)
-          main_context = Castle::Utils::Cloner.call(initial_context)
-          Castle::Utils::Merger.call(main_context, request_context || {})
+          main_context = Castle::Utils::Clone.call(initial_context)
+          Castle::Utils::Merge.call(main_context, request_context || {})
         end
       end
     end

data/lib/castle/context/prepare.rb

@@ -0,0 +1,18 @@
+# frozen_string_literal: true
+
+module Castle
+  module Context
+    # prepares the context from the request
+    module Prepare
+      class << self
+        # @param request [Request]
+        # @param options [Hash]
+        # @return [Hash]
+        def call(request, options = {})
+          default_context = Castle::Context::GetDefault.new(request, options[:cookies]).call
+          Castle::Context::Merge.call(default_context, options[:context])
+        end
+      end
+    end
+  end
+end

data/lib/castle/context/{sanitizer.rb → sanitize.rb}

@@ -3,7 +3,7 @@
 module Castle
   module Context
     # removes not proper active flag values
-    class Sanitizer
+    class Sanitize
       class << self
         def call(context)
           sanitized_active_mode(context) || {}

data/lib/castle/core/get_connection.rb

@@ -0,0 +1,27 @@
+# frozen_string_literal: true
+
+module Castle
+  module Core
+    # this module returns a new configured Net::HTTP object
+    module GetConnection
+      HTTPS_SCHEME = 'https'
+
+      class << self
+        # @param config [Castle::Configuration, Castle::SingletonConfiguration]
+        # @return [Net::HTTP]
+        def call(config = nil)
+          config ||= Castle.config
+          http = Net::HTTP.new(config.base_url.host, config.base_url.port)
+          http.read_timeout = config.request_timeout / 1000.0
+
+          if config.base_url.scheme == HTTPS_SCHEME
+            http.use_ssl = true
+            http.verify_mode = OpenSSL::SSL::VERIFY_PEER
+          end
+
+          http
+        end
+      end
+    end
+  end
+end

data/lib/castle/{api/response.rb → core/process_response.rb}

@@ -1,9 +1,9 @@
 # frozen_string_literal: true
 
 module Castle
-  module API
+  module Core
     # parses api response
-    module Response
+    module ProcessResponse
       RESPONSE_ERRORS = {
         400 => Castle::BadRequestError,
         401 => Castle::UnauthorizedError,
@@ -14,9 +14,14 @@ module Castle
       }.freeze
 
       class << self
-        def call(response)
+        # @param response [Response]
+        # @param config [Castle::Configuration, Castle::SingletonConfiguration, nil]
+        # @return [Hash]
+        def call(response, config = nil)
           verify!(response)
 
+          Castle::Logger.call('response:', response.body.to_s, config)
+
           return {} if response.body.nil? || response.body.empty?
 
           begin

data/lib/castle/core/process_webhook.rb

@@ -0,0 +1,25 @@
+# frozen_string_literal: true
+
+module Castle
+  module Core
+    # Parses a webhook
+    module ProcessWebhook
+      class << self
+        # Checks if webhook is valid
+        # @param webhook [Request]
+        # @param config [Castle::Configuration, Castle::SingletonConfiguration, nil]
+        # @return [String]
+        def call(webhook, config = nil)
+          webhook
+            .body
+            .read
+            .tap do |result|
+              raise Castle::ApiError, 'Invalid webhook from Castle API' if result.blank?
+
+              Castle::Logger.call('webhook:', result.to_s, config)
+            end
+        end
+      end
+    end
+  end
+end

data/lib/castle/core/send_request.rb

@@ -0,0 +1,42 @@
+# frozen_string_literal: true
+
+module Castle
+  module Core
+    # this class is responsible for making requests to api
+    module SendRequest
+      # Default headers that we add to passed ones
+      DEFAULT_HEADERS = { 'Content-Type' => 'application/json' }.freeze
+
+      private_constant :DEFAULT_HEADERS
+
+      class << self
+        # @param command [String]
+        # @param headers [Hash]
+        # @param http [Net::HTTP]
+        # @param config [Castle::Configuration, Castle::SingletonConfiguration, nil]
+        def call(command, headers, http = nil, config = nil)
+          (http || Castle::Core::GetConnection.call).request(
+            build(command, headers.merge(DEFAULT_HEADERS), config)
+          )
+        end
+
+        # @param command [String]
+        # @param headers [Hash]
+        # @param config [Castle::Configuration, Castle::SingletonConfiguration, nil]
+        def build(command, headers, config)
+          url = "#{config.base_url.path}/#{command.path}"
+          request_obj = Net::HTTP.const_get(command.method.to_s.capitalize).new(url, headers)
+
+          unless command.method == :get
+            request_obj.body = ::Castle::Utils::CleanInvalidChars.call(command.data).to_json
+          end
+
+          Castle::Logger.call("#{url}:", request_obj.body, config)
+
+          request_obj.basic_auth('', config.api_secret)
+          request_obj
+        end
+      end
+    end
+  end
+end

data/lib/castle/errors.rb

@@ -2,7 +2,9 @@
 
 module Castle
   # general error
-  class Error < RuntimeError; end
+  class Error < RuntimeError
+  end
+
   # Raised when anything is wrong with the request (any unhappy path)
   # This error indicates that either we would wait too long for a response or something
   # else happened somewhere in the middle and we weren't able to get the results
@@ -14,28 +16,52 @@ module Castle
       @reason = reason
     end
   end
+
   # security error
-  class SecurityError < Castle::Error; end
+  class SecurityError < Castle::Error
+  end
+
   # wrong configuration error
-  class ConfigurationError < Castle::Error; end
+  class ConfigurationError < Castle::Error
+  end
+
   # error returned by api
-  class ApiError < Castle::Error; end
+  class ApiError < Castle::Error
+  end
+
+  # webhook signature verification error
+  class WebhookVerificationError < Castle::Error
+  end
 
   # api error bad request 400
-  class BadRequestError < Castle::ApiError; end
+  class BadRequestError < Castle::ApiError
+  end
+
   # api error forbidden 403
-  class ForbiddenError < Castle::ApiError; end
+  class ForbiddenError < Castle::ApiError
+  end
+
   # api error not found 404
-  class NotFoundError < Castle::ApiError; end
+  class NotFoundError < Castle::ApiError
+  end
+
   # api error user unauthorized 419
-  class UserUnauthorizedError < Castle::ApiError; end
+  class UserUnauthorizedError < Castle::ApiError
+  end
+
   # api error invalid param 422
-  class InvalidParametersError < Castle::ApiError; end
+  class InvalidParametersError < Castle::ApiError
+  end
+
   # api error unauthorized 401
-  class UnauthorizedError < Castle::ApiError; end
+  class UnauthorizedError < Castle::ApiError
+  end
+
   # all internal server errors
-  class InternalServerError < Castle::ApiError; end
+  class InternalServerError < Castle::ApiError
+  end
 
   # impersonation command failed
-  class ImpersonationFailed < Castle::ApiError; end
+  class ImpersonationFailed < Castle::ApiError
+  end
 end

data/lib/castle/failover/prepare_response.rb

@@ -0,0 +1,28 @@
+# frozen_string_literal: true
+
+module Castle
+  module Failover
+    # generate failover authentication response
+    class PrepareResponse
+      def initialize(user_id, reason:, strategy:)
+        @strategy = strategy
+        @reason = reason
+        @user_id = user_id
+      end
+
+      def call
+        {
+          # v1/risk v1/filter structure
+          policy: {
+            action: @strategy.to_s
+          },
+          # v1/authenticate structure
+          action: @strategy.to_s,
+          user_id: @user_id,
+          failover: true,
+          failover_reason: @reason
+        }
+      end
+    end
+  end
+end

data/lib/castle/failover/strategy.rb

@@ -0,0 +1,23 @@
+# frozen_string_literal: true
+
+module Castle
+  module Failover
+    # handles failover strategy consts
+    module Strategy
+      # allow
+      ALLOW = :allow
+
+      # deny
+      DENY = :deny
+
+      # challenge
+      CHALLENGE = :challenge
+
+      # throw an error
+      THROW = :throw
+    end
+
+    # list of possible strategies
+    STRATEGIES = %i[allow deny challenge throw].freeze
+  end
+end

data/lib/castle/{extractors/headers.rb → headers/extract.rb}

@@ -1,9 +1,9 @@
 # frozen_string_literal: true
 
 module Castle
-  module Extractors
+  module Headers
     # used for extraction of cookies and headers from the request
-    class Headers
+    class Extract
       # Headers that we will never scrub, even if they land on the configuration denylist.
       ALWAYS_ALLOWLISTED = %w[User-Agent].freeze
 
@@ -13,9 +13,11 @@ module Castle
       private_constant :ALWAYS_ALLOWLISTED, :ALWAYS_DENYLISTED
 
       # @param headers [Hash]
-      def initialize(headers)
+      # @param config [Castle::Configuration, Castle::SingletonConfiguration, nil]
+      def initialize(headers, config = nil)
         @headers = headers
-        @no_allowlist = Castle.config.allowlisted.empty?
+        @config = config || Castle.config
+        @no_allowlist = @config.allowlisted.empty?
       end
 
       # Serialize HTTP headers
@@ -35,8 +37,8 @@ module Castle
       def header_value(name, value)
         return true if ALWAYS_DENYLISTED.include?(name)
         return value if ALWAYS_ALLOWLISTED.include?(name)
-        return true if Castle.config.denylisted.include?(name)
-        return value if @no_allowlist || Castle.config.allowlisted.include?(name)
+        return true if @config.denylisted.include?(name)
+        return value if @no_allowlist || @config.allowlisted.include?(name)
 
         true
       end

data/lib/castle/headers/filter.rb

@@ -0,0 +1,40 @@
+# frozen_string_literal: true
+
+module Castle
+  module Headers
+    # used for preparing valuable headers list
+    class Filter
+      # headers filter
+      # HTTP_ - this is how Rack prefixes incoming HTTP headers
+      # CONTENT_LENGTH - for responses without Content-Length or Transfer-Encoding header
+      # REMOTE_ADDR - ip address header returned by web server
+      VALUABLE_HEADERS = /^
+      HTTP(?:_|-).*|
+        CONTENT(?:_|-)LENGTH|
+      REMOTE(?:_|-)ADDR
+      $/xi
+        .freeze
+
+      private_constant :VALUABLE_HEADERS
+
+      # @param request [Rack::Request]
+      def initialize(request)
+        @request_env = request.env
+        @header_format = Castle::Headers::Format
+      end
+
+      # Serialize HTTP headers
+      # @return [Hash]
+      def call
+        @request_env
+          .keys
+          .each_with_object({}) do |header_name, acc|
+            next unless header_name.match(VALUABLE_HEADERS)
+
+            formatted_name = @header_format.call(header_name)
+            acc[formatted_name] = @request_env[header_name]
+          end
+      end
+    end
+  end
+end

data/lib/castle/headers/format.rb

@@ -0,0 +1,24 @@
+# frozen_string_literal: true
+
+module Castle
+  module Headers
+    # formats header name
+    class Format
+      class << self
+        # @param header [String]
+        # @return [String]
+        def call(header)
+          format(header.to_s.gsub(/^HTTP(?:_|-)/i, ''))
+        end
+
+        private
+
+        # @param header [String]
+        # @return [String]
+        def format(header)
+          header.split(/_|-/).map(&:capitalize).join('-')
+        end
+      end
+    end
+  end
+end

data/lib/castle/{extractors/ip.rb → ips/extract.rb}

@@ -1,23 +1,27 @@
 # frozen_string_literal: true
 
 module Castle
-  module Extractors
+  # IPs-related module
+  module IPs
     # used for extraction of ip from the request
-    class IP
+    class Extract
       # ordered list of ip headers for ip extraction
       DEFAULT = %w[X-Forwarded-For Remote-Addr].freeze
+
       # list of header which are used with proxy depth setting
       DEPTH_RELATED = %w[X-Forwarded-For].freeze
 
       private_constant :DEFAULT
 
       # @param headers [Hash]
-      def initialize(headers)
+      # @param config [Castle::Configuration, Castle::SingletonConfiguration, nil]
+      def initialize(headers, config = nil)
+        config ||= Castle.config
         @headers = headers
-        @ip_headers = Castle.config.ip_headers.empty? ? DEFAULT : Castle.config.ip_headers
-        @proxies = Castle.config.trusted_proxies + Castle::Configuration::TRUSTED_PROXIES
-        @trust_proxy_chain = Castle.config.trust_proxy_chain
-        @trusted_proxy_depth = Castle.config.trusted_proxy_depth
+        @ip_headers = config.ip_headers.empty? ? DEFAULT : config.ip_headers
+        @proxies = config.trusted_proxies + Castle::Configuration::TRUSTED_PROXIES
+        @trust_proxy_chain = config.trust_proxy_chain
+        @trusted_proxy_depth = config.trusted_proxy_depth
       end
 
       # Order of headers:

data/lib/castle/logger.rb

@@ -0,0 +1,19 @@
+# frozen_string_literal: true
+
+module Castle
+  # module for logger handling
+  module Logger
+    class << self
+      # @param message [String]
+      # @param data [String]
+      # @param config [Castle::Configuration, Castle::SingletonConfiguration, nil]
+      def call(message, data = nil, config = nil)
+        logger = (config || Castle.config).logger
+
+        return unless logger
+
+        logger.info("[CASTLE] #{message} #{data}".strip)
+      end
+    end
+  end
+end