castle-rb 5.0.0 → 7.1.1

data/lib/castle/payload/prepare.rb

@@ -0,0 +1,26 @@
+# frozen_string_literal: true
+
+module Castle
+  module Payload
+    # prepares payload based on the request
+    module Prepare
+      class << self
+        # @param payload_options [Hash]
+        # @param request [Request]
+        # @param options [Hash] required for context preparation
+        # @return [Hash]
+        def call(payload_options, request, options = {})
+          context = Castle::Context::Prepare.call(request, payload_options.merge(options))
+
+          payload =
+            Castle::Utils::DeepSymbolizeKeys.call(payload_options || {}).merge(context: context)
+          payload[:timestamp] ||= Castle::Utils::GetTimestamp.call
+
+          warn '[DEPRECATION] use user_traits instead of traits key' if payload.key?(:traits)
+
+          payload
+        end
+      end
+    end
+  end
+end

data/lib/castle/secure_mode.rb

@@ -4,8 +4,13 @@ require 'openssl'
 
 module Castle
   module SecureMode
-    def self.signature(user_id)
-      OpenSSL::HMAC.hexdigest('sha256', Castle.config.api_secret, user_id.to_s)
+    class << self
+      # @param user_id [String]
+      # @param config [Castle::Configuration, Castle::SingletonConfiguration, nil]
+      def signature(user_id, config = nil)
+        config ||= Castle.config
+        OpenSSL::HMAC.hexdigest('sha256', config.api_secret, user_id.to_s)
+      end
     end
   end
 end

data/lib/castle/session.rb

@@ -0,0 +1,18 @@
+# frozen_string_literal: true
+
+module Castle
+  # this module uses the Connection object
+  # and provides start method for persistent connection usage
+  # when there is a need of sending multiple requests at once
+  module Session
+    HTTPS_SCHEME = 'https'
+
+    class << self
+      def call(&block)
+        return unless block_given?
+
+        Castle::Core::GetConnection.call.start(&block)
+      end
+    end
+  end
+end

data/lib/castle/singleton_configuration.rb

@@ -0,0 +1,9 @@
+# frozen_string_literal: true
+
+require 'singleton'
+
+module Castle
+  class SingletonConfiguration < Configuration
+    include Singleton
+  end
+end

data/lib/castle/support/hanami.rb

@@ -4,16 +4,12 @@ module Castle
   module Hanami
     module Action
       def castle
-        @castle ||= ::Castle::Client.from_request(request, cookies: (cookies if defined? cookies))
+        @castle ||= ::Castle::Client.from_request(request, cookies: (cookies if defined?(cookies)))
       end
     end
 
     def self.included(base)
-      base.configure do
-        controller.prepare do
-          include Castle::Hanami::Action
-        end
-      end
+      base.configure { controller.prepare { include Castle::Hanami::Action } }
     end
   end
 end

data/lib/castle/support/rails.rb

@@ -7,7 +7,5 @@ module Castle
     end
   end
 
-  ActiveSupport.on_load(:action_controller) do
-    include CastleClient
-  end
+  ActiveSupport.on_load(:action_controller) { include CastleClient }
 end

data/lib/castle/utils/clean_invalid_chars.rb

@@ -0,0 +1,22 @@
+# frozen_string_literal: true
+
+module Castle
+  module Utils
+    module CleanInvalidChars
+      class << self
+        def call(arg)
+          case arg
+          when ::String
+            arg.encode('UTF-8', invalid: :replace, undef: :replace)
+          when ::Hash
+            arg.transform_values { |v| Castle::Utils::CleanInvalidChars.call(v) }
+          when ::Array
+            arg.map { |el| Castle::Utils::CleanInvalidChars.call(el) }
+          else
+            arg
+          end
+        end
+      end
+    end
+  end
+end

data/lib/castle/utils/clone.rb

@@ -0,0 +1,15 @@
+# frozen_string_literal: true
+
+module Castle
+  module Utils
+    # Clones any object
+    class Clone
+      class << self
+        # Returns a cloned object of any type
+        def call(object)
+          Marshal.load(Marshal.dump(object))
+        end
+      end
+    end
+  end
+end

data/lib/castle/utils/deep_symbolize_keys.rb

@@ -0,0 +1,45 @@
+# frozen_string_literal: true
+
+module Castle
+  module Utils
+    module DeepSymbolizeKeys
+      class << self
+        # Returns a new hash with all keys converted to symbols, as long as
+        # they respond to +to_sym+. This includes the keys from the root hash
+        # and from all nested hashes and arrays.
+        #
+        #   hash = { 'person' => { 'name' => 'Rob', 'age' => '28' } }
+        #
+        #   Castle::Hash.deep_symbolize_keys(hash)
+        #   # => {:person=>{:name=>"Rob", :age=>"28"}}
+        def call(object, &block)
+          case object
+          when Hash
+            object.each_with_object({}) do |(key, value), result|
+              result[key.to_sym] = Castle::Utils::DeepSymbolizeKeys.call(value, &block)
+            end
+          when Array
+            object.map { |e| Castle::Utils::DeepSymbolizeKeys.call(e, &block) }
+          else
+            object
+          end
+        end
+
+        def call!(object, &block)
+          case object
+          when Hash
+            object.each_key do |key|
+              value = object.delete(key)
+              object[key.to_sym] = Castle::Utils::DeepSymbolizeKeys.call!(value, &block)
+            end
+            object
+          when Array
+            object.map! { |e| Castle::Utils::DeepSymbolizeKeys.call!(e, &block) }
+          else
+            object
+          end
+        end
+      end
+    end
+  end
+end

data/lib/castle/utils/get_timestamp.rb

@@ -0,0 +1,15 @@
+# frozen_string_literal: true
+
+module Castle
+  module Utils
+    # Generates a timestamp
+    class GetTimestamp
+      class << self
+        # Returns current time as ISO8601 formatted string
+        def call
+          Time.now.utc.iso8601(3)
+        end
+      end
+    end
+  end
+end

data/lib/castle/utils/{merger.rb → merge.rb}

@@ -2,10 +2,10 @@
 
 module Castle
   module Utils
-    class Merger
+    class Merge
       def self.call(base, extra)
-        base_s = Castle::Utils.deep_symbolize_keys(base)
-        extra_s = Castle::Utils.deep_symbolize_keys(extra)
+        base_s = Castle::Utils::DeepSymbolizeKeys.call(base)
+        extra_s = Castle::Utils::DeepSymbolizeKeys.call(extra)
 
         extra_s.each do |name, value|
           if value.nil?

data/lib/castle/utils/secure_compare.rb

@@ -0,0 +1,22 @@
+# frozen_string_literal: true
+
+module Castle
+  module Utils
+    # Code borrowed from ActiveSupport
+    class SecureCompare
+      class << self
+        # @param str_a [String] first string to be compared
+        # @param str_b [String] second string to be compared
+        def call(str_a, str_b)
+          return false unless str_a.bytesize == str_b.bytesize
+
+          l = str_a.unpack "C#{str_a.bytesize}"
+
+          res = 0
+          str_b.each_byte { |byte| res |= byte ^ l.shift }
+          res.zero?
+        end
+      end
+    end
+  end
+end

data/lib/castle/validators/not_supported.rb

@@ -2,6 +2,7 @@
 
 module Castle
   module Validators
+    # Checks if required keys are supported
     class NotSupported
       class << self
         def call(options, keys)

data/lib/castle/validators/present.rb

@@ -2,6 +2,7 @@
 
 module Castle
   module Validators
+    # Checks if required keys are present
     class Present
       class << self
         def call(options, keys)

data/lib/castle/verdict.rb

@@ -0,0 +1,15 @@
+# frozen_string_literal: true
+
+module Castle
+  # handles verdict consts
+  module Verdict
+    # allow
+    ALLOW = 'allow'
+
+    # deny
+    DENY = 'deny'
+
+    # challenge
+    CHALLENGE = 'challenge'
+  end
+end

data/lib/castle/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module Castle
-  VERSION = '5.0.0'
+  VERSION = '7.1.1'
 end

data/lib/castle/webhooks/verify.rb

@@ -0,0 +1,45 @@
+# frozen_string_literal: true
+
+module Castle
+  module Webhooks
+    # Verify a webhook
+    class Verify
+      class << self
+        # Checks if webhook is valid
+        # @param webhook [Request]
+        # @param config [Castle::Configuration, Castle::SingletonConfiguration, nil]
+        def call(webhook, config = nil)
+          config ||= Castle.config
+          expected_signature = compute_signature(webhook, config)
+          signature = webhook.env['HTTP_X_CASTLE_SIGNATURE']
+          verify_signature(signature, expected_signature)
+        end
+
+        private
+
+        # Computes a webhook signature using provided user_id
+        # @param webhook [Request]
+        # @param config [Castle::Configuration, Castle::SingletonConfiguration]
+        # @return [String]
+        def compute_signature(webhook, config)
+          Base64.encode64(
+            OpenSSL::HMAC.digest(
+              OpenSSL::Digest.new('sha256'),
+              config.api_secret,
+              Castle::Core::ProcessWebhook.call(webhook, config)
+            )
+          ).strip
+        end
+
+        # Check if the signatures are matching
+        # @param signature [String] first signature to be compared
+        # @param expected_signature [String] second signature to be compared
+        def verify_signature(signature, expected_signature)
+          return if Castle::Utils::SecureCompare.call(signature, expected_signature)
+
+          raise Castle::WebhookVerificationError, 'Signature not matching the expected signature'
+        end
+      end
+    end
+  end
+end

data/spec/integration/rails/rails_spec.rb

@@ -4,21 +4,25 @@ require 'spec_helper'
 require_relative 'support/all'
 
 RSpec.describe HomeController, type: :request do
-  describe '#index' do
+  context 'with index pages' do
     let(:request) do
       {
         'event' => '$login.succeeded',
         'user_id' => '123',
-        'properties' => { 'key' => 'value' },
-        'user_traits' => { 'key' => 'value' },
+        'properties' => {
+          'key' => 'value'
+        },
+        'user_traits' => {
+          'key' => 'value'
+        },
         'timestamp' => now.utc.iso8601(3),
         'sent_at' => now.utc.iso8601(3),
         'context' => {
           'client_id' => '',
           'active' => true,
-          'origin' => 'web',
           'headers' => {
-            'Accept' => 'text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5',
+            'Accept' =>
+              'text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5',
             'Authorization' => true,
             'Content-Length' => '0',
             'Cookie' => true,
@@ -36,26 +40,50 @@ RSpec.describe HomeController, type: :request do
     end
     let(:now) { Time.now }
     let(:headers) do
-      {
-        'HTTP_AUTHORIZATION' => 'Basic 123',
-        'HTTP_X_FORWARDED_FOR' => '5.5.5.5, 1.2.3.4'
-      }
+      { 'HTTP_AUTHORIZATION' => 'Basic 123', 'HTTP_X_FORWARDED_FOR' => '5.5.5.5, 1.2.3.4' }
     end
 
     before do
       Timecop.freeze(now)
       stub_request(:post, 'https://api.castle.io/v1/track')
-      get '/', headers: headers
     end
 
     after { Timecop.return }
 
-    it do
-      assert_requested :post, 'https://api.castle.io/v1/track', times: 1 do |req|
-        JSON.parse(req.body) == request
+    describe '#index1' do
+      before { get '/index1', headers: headers }
+
+      it do
+        assert_requested :post, 'https://api.castle.io/v1/track', times: 1 do |req|
+          JSON.parse(req.body) == request
+        end
       end
+
+      it { expect(response).to be_successful }
     end
 
-    it { expect(response).to be_successful }
+    describe '#index2' do
+      before { get '/index2', headers: headers }
+
+      it do
+        assert_requested :post, 'https://api.castle.io/v1/track', times: 1 do |req|
+          JSON.parse(req.body) == request
+        end
+      end
+
+      it { expect(response).to be_successful }
+    end
+
+    describe '#index3' do
+      before { get '/index3', headers: headers }
+
+      it do
+        assert_requested :post, 'https://api.castle.io/v1/track', times: 1 do |req|
+          JSON.parse(req.body) == request
+        end
+      end
+
+      it { expect(response).to be_successful }
+    end
   end
 end

data/spec/integration/rails/support/application.rb

@@ -10,6 +10,8 @@ class TestApp < Rails::Application
   Rails.logger = config.logger
 
   routes.draw do
-    get '/' => 'home#index'
+    get '/index1' => 'home#index1'
+    get '/index2' => 'home#index2'
+    get '/index3' => 'home#index3'
   end
 end

data/spec/integration/rails/support/home_controller.rb

@@ -1,9 +1,10 @@
 # frozen_string_literal: true
 
 class HomeController < ActionController::Base
-  def index
-    request_context = ::Castle::Client.to_context(request)
-    track_options = ::Castle::Client.to_options(
+  # prepare context and calling track with client example
+  def index1
+    request_context = ::Castle::Context::Prepare.call(request)
+    payload = {
       event: '$login.succeeded',
       user_id: '123',
       properties: {
@@ -12,9 +13,52 @@ class HomeController < ActionController::Base
       user_traits: {
         key: 'value'
       }
-    )
-    client = ::Castle::Client.new(request_context)
-    client.track(track_options)
+    }
+    client = ::Castle::Client.new(context: request_context)
+    client.track(payload)
+
+    render inline: 'hello'
+  end
+
+  # prepare payload and calling track with client example
+  def index2
+    payload =
+      ::Castle::Payload::Prepare.call(
+        {
+          event: '$login.succeeded',
+          user_id: '123',
+          properties: {
+            key: 'value'
+          },
+          user_traits: {
+            key: 'value'
+          }
+        },
+        request
+      )
+    client = ::Castle::Client.new
+    client.track(payload)
+
+    render inline: 'hello'
+  end
+
+  # prepare payload and calling track with direct API::Track service
+  def index3
+    payload =
+      ::Castle::Payload::Prepare.call(
+        {
+          event: '$login.succeeded',
+          user_id: '123',
+          properties: {
+            key: 'value'
+          },
+          user_traits: {
+            key: 'value'
+          }
+        },
+        request
+      )
+    Castle::API::Track.call(payload)
 
     render inline: 'hello'
   end