chook 1.0.1.b2 → 1.1.0

data/lib/chook/event/handled_event_logger.rb

@@ -0,0 +1,86 @@
+### Copyright 2017 Pixar
+
+###
+###    Licensed under the Apache License, Version 2.0 (the "Apache License")
+###    with the following modification; you may not use this file except in
+###    compliance with the Apache License and the following modification to it:
+###    Section 6. Trademarks. is deleted and replaced with:
+###
+###    6. Trademarks. This License does not grant permission to use the trade
+###       names, trademarks, service marks, or product names of the Licensor
+###       and its affiliates, except as required to comply with Section 4(c) of
+###       the License and to reproduce the content of the NOTICE file.
+###
+###    You may obtain a copy of the Apache License at
+###
+###        http://www.apache.org/licenses/LICENSE-2.0
+###
+###    Unless required by applicable law or agreed to in writing, software
+###    distributed under the Apache License with the above modification is
+###    distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+###    KIND, either express or implied. See the Apache License for the specific
+###    language governing permissions and limitations under the Apache License.
+###
+###
+
+module Chook
+
+  # a simple object embedded in a Handled Event that
+  # allows a standardize way to note event-related log entries
+  # with the event object_id.
+  #
+  # Every Handled Event has one of these instances exposed in it's
+  # #logger attribute, and usable from within 'internal' handlers
+  #
+  # Here's an example.
+  #
+  # Say you have a ComputerSmartGroupMembershipChanged event
+  #
+  # calling `event.logger.info "foobar"` will generate the log message:
+  #
+  #    Event 1234567: foobar
+  #
+  class HandledEventLogger
+
+    def initialize(event)
+      @event = event
+    end
+
+    def event_message(msg)
+      "Event #{@event.object_id}: #{msg}"
+    end
+
+    def debug(msg)
+      Chook::Server::Log.logger.debug event_message(msg)
+    end
+
+    def info(msg)
+      Chook::Server::Log.logger.info event_message(msg)
+    end
+
+    def warn(msg)
+      Chook::Server::Log.logger.warn event_message(msg)
+    end
+
+    def error(msg)
+      Chook::Server::Log.logger.error event_message(msg)
+    end
+
+    def fatal(msg)
+      Chook::Server::Log.logger.fatal event_message(msg)
+    end
+
+    def unknown(msg)
+      Chook::Server::Log.logger.unknown event_message(msg)
+    end
+
+    # log an exception - multiple log lines
+    # the first being the error message the rest being indented backtrace
+    def log_exception(exception)
+      error "#{exception.class}: #{exception}"
+      exception.backtrace.each { |l| error "..#{l}" }
+    end
+
+  end # class HandledEventLogger
+
+end # module

data/lib/chook/event_handling.rb

@@ -37,4 +37,5 @@ Chook::HandledSubject.generate_classes
 # events
 require 'chook/event'
 require 'chook/event/handled_event'
+require 'chook/event/handled_event_logger'
 Chook::HandledEvent.generate_classes

data/lib/chook/foundation.rb

@@ -27,6 +27,8 @@
 require 'json'
 require 'open-uri'
 require 'pathname'
+require 'logger'
+require 'English'
 
 require 'chook/version'
 require 'chook/procs' # must load before configuration

data/lib/chook/procs.rb

@@ -30,12 +30,28 @@ module Chook
   module Procs
 
     TRUE_RE = /^\s*(true|yes)\s*$/i
+
     JSS_EPOCH_TO_TIME = proc { |val| Time.strptime val.to_s[0..-4], '%s' }
+
     STRING_TO_BOOLEAN = proc { |val| val =~ TRUE_RE ? true : false }
+
     STRING_TO_PATHNAME = proc { |val| Pathname.new val }
+
+    STRING_TO_LOG_LEVEL = proc do |level|
+      if (0..5).cover? level
+        level
+      else
+        lvl = Chook::Server::Log::LOG_LEVELS[level.to_sym]
+        lvl ? lvl : Logger::UNKNOWN
+      end # if..else
+    end
+
     MOBILE_USERID = proc { |_device| '-1' }
+
     PRODUCT = proc { |_device| nil }
-    ALWAYS_TRUE = proc { |_boolean| True }
+
+    ALWAYS_TRUE = proc { |_boolean| true }
+
     COMPUTER_USERID = proc do |comp|
       id = '-1' unless comp.groups_accounts[:local_accounts].find { |acct| acct[:name] == comp.username }
       id.is_a?(Hash) ? id[:uid] : '-1'

data/lib/chook/server.rb

@@ -22,9 +22,14 @@
 ###    language governing permissions and limitations under the Apache License.
 ###
 ###
-require 'chook/event_handling'
+
 require 'sinatra/base'
+require 'sinatra/custom_logger'
+# require 'haml'
 require 'openssl'
+require 'chook/event_handling'
+require 'chook/server/log'
+require 'chook/server/routes'
 
 module Chook
 
@@ -32,90 +37,82 @@ module Chook
   # the engine of your choice.
   class Server < Sinatra::Base
 
-    DEFAULT_SERVER_ENGINE = :webrick
-    DEFAULT_PORT = 8000
+    DEFAULT_PORT = 80
+    DEFAULT_SSL_PORT = 443
+    DEFAULT_CONCURRENCY = true
 
-    @server_engine = Chook::CONFIG.server_engine || DEFAULT_SERVER_ENGINE
-    require @server_engine.to_s
-    @server_port = Chook::CONFIG.server_port || DEFAULT_PORT
+    # set defaults in config
+    Chook.config.port ||= Chook.config.use_ssl ? DEFAULT_SSL_PORT : DEFAULT_PORT
 
-    def self.run!
-      # trap HUPs to reload handlers
-      Signal.trap('HUP') do
-        Chook::HandledEvent::Handlers.load_handlers reload: true
-      end
-      Chook::HandledEvent::Handlers.load_handlers
-      chook_configure
-      case @server_engine.to_sym
-      when :webrick
-        super
-      when :thin
-        if Chook::CONFIG.use_ssl
-          super do |server|
-            server.ssl = true
-            server.ssl_options = {
-              cert_chain_file: Chook::CONFIG.ssl_cert_path.to_s,
-              private_key_file: Chook::CONFIG.ssl_private_key_path.to_s,
-              verify_peer: false
-            }
-          end # super do
-        else
-          super
-        end # if use ssl
-      end # case
-    end # self.run
+    # can't use ||= here cuz nil and false have different meanings
+    Chook.config.concurrency = DEFAULT_CONCURRENCY if Chook.config.concurrency.nil?
+
+    # Run the server
+    ###################################
+    def self.run!(log_level: nil)
+      log_level ||= Chook.config.log_level
+      @log_level = Chook::Procs::STRING_TO_LOG_LEVEL.call log_level
 
-    # Sinatra Settings
-    def self.chook_configure
       configure do
-        set :environment, :production
-        enable :logging, :lock
+        set :logger, Log.startup(@log_level)
+        set :server, :thin
         set :bind, '0.0.0.0'
-        set :server, @server_engine
-        set :port, @server_port
-
-        if Chook::CONFIG.use_ssl
-          case @server_engine.to_sym
-          when :webrick
-            require 'webrick/https'
-            key = Chook::CONFIG.ssl_private_key_path.read
-            cert = Chook::CONFIG.ssl_cert_path.read
-            cert_name = Chook::CONFIG.ssl_cert_name
-            set :SSLEnable, true
-            set :SSLVerifyClient, OpenSSL::SSL::VERIFY_NONE
-            set :SSLPrivateKey, OpenSSL::PKey::RSA.new(key, ssl_key_password)
-            set :SSLCertificate, OpenSSL::X509::Certificate.new(cert)
-            set :SSLCertName, [['CN', cert_name]]
-          when :thin
-            true
-          end # case
-        end # if ssl
+        set :port, Chook.config.port
+        set :show_exceptions, :after_handler if development?
+        set :root, "#{File.dirname __FILE__}/server"
+        enable :static
+        enable :lock unless Chook.config.concurrency
       end # configure
-    end # chook_configure
 
-    def self.ssl_key_password
-      path = Chook::CONFIG.ssl_private_key_pw_path
-      raise 'No config setting for "ssl_private_key_pw_path"' unless path
-      file = Pathname.new path
+      Chook::HandledEvent::Handlers.load_handlers
 
-      # if the path ends with a pipe, its a command that will
-      # return the desired password, so remove the pipe,
-      # execute it, and return stdout from it.
-      if path.end_with? '|'
-        raise 'ssl_private_key_pw_path: #{path} is not an executable file.' unless file.executable?
-        return `#{path.chomp '|'}`.chomp
-      end
+      if Chook.config.use_ssl
+        super do |server|
+          server.ssl = true
+          server.ssl_options = {
+            cert_chain_file: Chook.config.ssl_cert_path.to_s,
+            private_key_file: Chook.config.ssl_private_key_path.to_s,
+            verify_peer: false
+          }
+        end # super do
+      else
+        super
+      end # if use ssl
+    end # self.run
+
+    # Learn the client password, if we're using basic auth
+    ###################################
+    def self.webhooks_user_pw
+      return @webhooks_user_pw if @webhooks_user_pw
+      return nil unless Chook.config.webhooks_user_pw
 
-      raise 'ssl_private_key_pw_path: #{path} is not a readable file.' unless file.readable?
-      stat = file.stat
-      raise "Password file for '#{pw}' has insecure permissions, must be 0600." unless ('%o' % stat.mode).end_with? '0600'
+      setting = Chook.config.webhooks_user_pw
 
-      # chomping an empty string removes all trailing \n's and \r\n's
-      file.read.chomp('')
-    end # ssl_key_password
+      @webhooks_user_pw =
+        if setting.end_with? '|'
+          # if the path ends with a pipe, its a command that will
+          # return the desired password, so remove the pipe,
+          # execute it, and return stdout from it.
+          cmd = setting.chomp '|'
+          output = `#{cmd} 2>&1`.chomp
+          raise "Can't get webhooks user password: #{output}" unless $CHILD_STATUS.exitstatus.zero?
+          output
+
+        else
+          # otherwise its a file path, and read the pw from the contents
+          file = Pathname.new setting
+          return nil unless file.file?
+          stat = file.stat
+          mode = format('%o', stat.mode)
+          raise 'Password file for webhooks user has insecure mode, must be 0600.' unless mode.end_with?('0600')
+          raise "Password file for webhooks user has insecure owner, must be owned by UID #{Process.euid}." unless stat.owned?
+
+          # chomping an empty string removes all trailing \n's and \r\n's
+          file.read.chomp('')
+
+        end # if else
+    end # self.webhooks_user_pw
 
   end # class server
 
 end # module
-
-require 'chook/server/routes'

data/lib/chook/server/log.rb

@@ -0,0 +1,215 @@
+### Copyright 2017 Pixar
+
+###
+###    Licensed under the Apache License, Version 2.0 (the "Apache License")
+###    with the following modification; you may not use this file except in
+###    compliance with the Apache License and the following modification to it:
+###    Section 6. Trademarks. is deleted and replaced with:
+###
+###    6. Trademarks. This License does not grant permission to use the trade
+###       names, trademarks, service marks, or product names of the Licensor
+###       and its affiliates, except as required to comply with Section 4(c) of
+###       the License and to reproduce the content of the NOTICE file.
+###
+###    You may obtain a copy of the Apache License at
+###
+###        http://www.apache.org/licenses/LICENSE-2.0
+###
+###    Unless required by applicable law or agreed to in writing, software
+###    distributed under the Apache License with the above modification is
+###    distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+###    KIND, either express or implied. See the Apache License for the specific
+###    language governing permissions and limitations under the Apache License.
+###
+###
+
+# the main module
+module Chook
+
+  # the server app
+  class Server < Sinatra::Base
+
+    # the CustomLogger helper allows us to
+    # use our own Logger instance as the
+    # Sinatra `logger` available in routes vis `set :logger...`
+    helpers Sinatra::CustomLogger
+
+    # This module defines our custom Logger instance from the config settings
+    # and makes it available in the .logger module method,
+    # which is used anywhere outside of a route
+    # (inside of a route, the #logger method is locally available)
+    #
+    # General access to the logger:
+    #   from anywhere in Chook, as long as a server is running, the Logger
+    #   instance is available at Chook.logger or Chook::Server::Log.logger
+    #
+    #
+    # Logging from inside a route:
+    #   inside a Sinatra route, the local `logger` method returnes the
+    #   Logger instance.
+    #
+    # Logging from an internal handler:
+    #  In an internal WebHook handler, starting with `Chook.event_handler do |event|`
+    #  the logger should be accesses via the event's own wrapper: event.logger
+    #  Each message will be prepended with the event'd ID
+    #
+    # Logging from an external handler:
+    #  from an external handler you can POST a JSON formatted log entry to
+    #  http(s)://chookserver/log. The body must be a JSON object with 2 keys:
+    #  'level' and 'message', with non-empty strings.
+    #  The level must be one of: fatal, error, warn, info, or debug. Any other
+    #  value as the level will always be logged regardless of current logging
+    #  level. NOTE: if your server requires authentication, you must provide it
+    #  when using this route.
+    #
+    # Here's an example with curl, split to multi-line for clarity:
+    #
+    # curl -H "Content-Type: application/json" \
+    #   -X POST \
+    #   --data '{"level":"debug", "message":"It Worked"}' \
+    #   https://user:passwd@chookserver.myorg.org:443/log
+    #
+    module Log
+
+      # Using an instance of this as the Logger target sends logfile writes
+      # to all registered streams as well as the file
+      class LogFileWithStream < File
+
+        # ServerSent Events data lines always start with this
+        LOGSTREAM_DATA_PFX = 'data:'.freeze
+
+        def write(str)
+          super # writes out to the file
+          flush
+          # send to any active streams
+          Chook::Server::Log.log_streams.keys.each do |active_stream|
+            # ignore streams closed at the client end,
+            # they get removed when a new stream starts
+            # see the route: get '/subscribe_to_log_stream'
+            next if active_stream.closed?
+
+            # send new data to the stream
+            active_stream << "#{LOGSTREAM_DATA_PFX}#{str}\n\n"
+          end
+        end
+      end # class
+
+      # mapping of integer levels to symbols
+      LOG_LEVELS = {
+        fatal: Logger::FATAL,
+        error: Logger::ERROR,
+        warn: Logger::WARN,
+        info: Logger::INFO,
+        debug: Logger::DEBUG
+      }.freeze
+
+      # log Streaming
+      # ServerSent Events data lines always start with this
+      LOGSTREAM_DATA_PFX = 'data:'.freeze
+
+      # Send this to the clients at least every LOGSTREAM_KEEPALIVE_MAX secs
+      # even if there's no data for the stream
+      LOGSTREAM_KEEPALIVE_MSG = "#{LOGSTREAM_DATA_PFX} I'm Here!\n\n".freeze
+      LOGSTREAM_KEEPALIVE_MAX = 10
+
+      # the clients will recognize M3_LOG_STREAM_CLOSED and stop trying
+      # to connect via ssh.
+      LOGSTREAM_CLOSED_PFX = "#{LOGSTREAM_DATA_PFX} M3_LOG_STREAM_CLOSED:".freeze
+
+      DEFAULT_FILE = Pathname.new '/var/log/chook-server.log'
+      DEFAULT_MAX_MEGS = 10
+      DEFAULT_TO_KEEP = 10
+      DEFAULT_LEVEL = Logger::INFO
+
+      # set defaults in config
+      Chook.config.log_file ||= DEFAULT_FILE
+      Chook.config.logs_to_keep ||= DEFAULT_TO_KEEP
+      Chook.config.log_max_megs ||= DEFAULT_MAX_MEGS
+      Chook.config.log_level ||= DEFAULT_LEVEL
+
+      # Create the logger,
+      # make the first log entry for this run,
+      # and return it so it can be used by the server
+      # when it does `set :logger, Log.startup(@log_level)`
+      def self.startup(level = Chook.config.log_level)
+        # create the logger using a LogFileWithStream instance
+        @logger =
+          if Chook.config.logs_to_keep && Chook.config.logs_to_keep > 0
+            Logger.new(
+              LogFileWithStream.new(Chook.config.log_file, 'a'),
+              Chook.config.logs_to_keep,
+              (Chook.config.log_max_megs * 1024 * 1024)
+            )
+          else
+            Logger.new(LogFileWithStream.new(Chook.config.log_file, 'a'))
+          end
+
+        # date and line format
+        @logger.datetime_format = '%Y-%m-%d %H:%M:%S'
+
+        @logger.formatter = proc do |severity, datetime, _progname, msg|
+          "#{datetime}: [#{severity}] #{msg}\n"
+        end
+
+        # level
+        level &&= Chook::Procs::STRING_TO_LOG_LEVEL.call level
+        level ||= Chook.config.log_level
+        level ||= DEFAULT_LEVEL
+        @logger.level = level
+
+        # first startup entry
+        @logger.unknown "Chook Server v#{Chook::VERSION} starting up. PID: #{$PROCESS_ID}, Port: #{Chook.config.port}, SSL: #{Chook.config.use_ssl}"
+
+        # if debug, log our config
+        if level == Logger::DEBUG
+          @logger.debug 'Config: '
+          Chook::Configuration::CONF_KEYS.keys.each do |key|
+            @logger.debug "  Chook.config.#{key} = #{Chook.config.send key}"
+          end
+        end
+
+        # return the logger, the server uses it as a helper
+        @logger
+      end # log
+
+      # general access to the logger as Chook::Server::Log.logger
+      def self.logger
+        @logger ||= startup
+      end
+
+      # a Hash  of registered log streams
+      # streams are keys, valus are their IP addrs
+      # see the `get '/subscribe_to_log_stream'` route
+      #
+      def self.log_streams
+        @log_streams ||= {}
+      end
+
+      def self.clean_log_streams
+        log_streams.delete_if do |stream, ip|
+          if stream.closed?
+            logger.debug "Removing closed log stream for #{ip}"
+            true
+          else
+            false
+          end # if
+        end # delete if
+      end # clean_log_streams
+
+    end # module
+
+  end # server
+
+  # access from everywhere as Chook.logger
+  def self.logger
+    Server::Log.logger
+  end
+
+  # log an exception - multiple log lines
+  # the first being the error message the rest being indented backtrace
+  def self.log_exception(exception)
+    logger.error exception.to_s
+    exception.backtrace.each { |l| logger.error "..#{l}" }
+  end
+
+end # Chook