clerk-sdk-ruby 4.0.0.beta2 → 4.0.0.beta4

data/lib/clerk/sdk.rb

@@ -1,35 +1,18 @@
-# frozen_string_literal: true
-
-require "faraday"
-require "logger"
-require "net/http"
-require "json"
+require "clerk-http-client"
+require "clerk/jwks_cache"
+require "clerk/version"
 require "jwt"
-require "concurrent-ruby"
-
-require_relative "resources/allowlist_identifiers"
-require_relative "resources/allowlist"
-require_relative "resources/clients"
-require_relative "resources/email_addresses"
-require_relative "resources/emails"
-require_relative "resources/organizations"
-require_relative "resources/phone_numbers"
-require_relative "resources/sessions"
-require_relative "resources/users"
-require_relative "resources/users"
-require_relative "resources/jwks"
-require_relative "errors"
-require_relative "jwks_cache"
 
 module Clerk
-  class SDK
+  class SDK < ClerkHttpClient::SDK
+    # TODO: Move to constants?
     DEFAULT_HEADERS = {
-      "User-Agent" => "Clerk/#{Clerk::VERSION}; Faraday/#{Faraday::VERSION}; Ruby/#{RUBY_VERSION}",
-      "X-Clerk-SDK" => "ruby/#{Clerk::VERSION}"
+      "User-Agent": "Clerk/#{Clerk::VERSION}; Faraday/#{Faraday::VERSION}; Ruby/#{RUBY_VERSION}",
+      "X-Clerk-SDK": "ruby/#{Clerk::VERSION}" # TODO: Add framework identifier
     }
 
     # How often (in seconds) should JWKs be refreshed
-    JWKS_CACHE_LIFETIME = 3600 # 1 hour
+    JWKS_CACHE_LIFETIME = 3600 # 1 hour / TODO: Move to constants?
 
     @@jwks_cache = JWKSCache.new(JWKS_CACHE_LIFETIME)
 
@@ -37,151 +20,57 @@ module Clerk
       @@jwks_cache
     end
 
-    def initialize(api_key: nil, base_url: nil, logger: nil, ssl_verify: true,
-                   connection: nil)
-      if connection
-        # Inject a Faraday::Connection for testing or full control over Faraday
-        @conn = connection
-        return
-      else
-        base_url = base_url || Clerk.configuration.base_url
-        base_uri = if !base_url.end_with?("/")
-                     URI("#{base_url}/")
-                   else
-                     URI(base_url)
-                   end
-
-        api_key ||= Clerk.configuration.api_key
-
-        if Faraday::VERSION.to_i >= 2 && api_key.nil?
-          api_key = -> { raise ArgumentError, "Clerk secret key is not set" }
-        end
-
-        logger = logger || Clerk.configuration.logger
-        @conn = Faraday.new(
-          url: base_uri, headers: DEFAULT_HEADERS, ssl: {verify: ssl_verify}
-        ) do |f|
-          f.request :url_encoded
-          f.request :authorization, "Bearer", api_key
-          if logger
-            f.response :logger, logger do |l|
-              l.filter(/(Authorization: "Bearer) (\w+)/, '\1 [SECRET]')
-            end
-          end
-        end
-      end
-    end
-
-    def request(method, path, query: [], body: nil, timeout: nil)
-      response = case method
-                 when :get
-                   @conn.get(path, query) do |req|
-                     req.options.timeout = timeout if timeout
-                   end
-                 when :post
-                   @conn.post(path, body) do |req|
-                     req.body = body.to_json
-                     req.headers[:content_type] = "application/json"
-                     req.options.timeout = timeout if timeout
-                   end
-                 when :patch
-                   @conn.patch(path, body) do |req|
-                     req.body = body.to_json
-                     req.headers[:content_type] = "application/json"
-                     req.options.timeout = timeout if timeout
-                   end
-                 when :delete
-                   @conn.delete(path) do |req|
-                     req.options.timeout = timeout if timeout
-                   end
-                 end
-
-      body = if response[CONTENT_TYPE_HEADER] == "application/json"
-               JSON.parse(response.body)
-             else
-               response.body
-             end
-
-      if response.success?
-        body
-      else
-        klass = case body.dig("errors", 0, "code")
-                when "cookie_invalid", "client_not_found", "resource_not_found"
-                  Errors::Authentication
-                else
-                  Errors::Fatal
-                end
-        raise klass.new(body, status: response.status)
-      end
-    end
-
-    def allowlist_identifiers
-      Resources::AllowlistIdentifiers.new(self)
-    end
-
-    def allowlist
-      Resources::Allowlist.new(self)
-    end
-
-    def clients
-      Resources::Clients.new(self)
-    end
-
-    def email_addresses
-      Resources::EmailAddresses.new(self)
-    end
-
-    def emails
-      Resources::Emails.new(self)
-    end
-
-    def organizations
-      Resources::Organizations.new(self)
-    end
-
-    def phone_numbers
-      Resources::PhoneNumbers.new(self)
-    end
-
-    def sessions
-      Resources::Sessions.new(self)
-    end
-
-    def users
-      Resources::Users.new(self)
-    end
-
-    def jwks
-      Resources::JWKS.new(self)
-    end
-
-    # Returns the decoded JWT payload without verifying if the signature is
-    # valid.
+    # Returns the decoded JWT payload without verifying if the signature is valid.
     #
-    # WARNING: This will not verify whether the signature is valid. You
-    # should not use this for untrusted messages! You most likely want to use
-    # verify_token.
+    # WARNING: This will not verify whether the signature is valid. You should not
+    # use this for untrusted messages! You most likely want to use `verify_token`.
     def decode_token(token)
       JWT.decode(token, nil, false).first
     end
 
-    # Decode the JWT and verify it's valid (verify claims, signature etc.) using
-    # the provided algorithms.
+    # Decode the JWT and verify it's valid (verify claims, signature etc.) using the provided algorithms.
     #
-    # JWKS are cached for JWKS_CACHE_LIFETIME seconds, in order to avoid
-    # unecessary roundtrips. In order to invalidate the cache, pass
-    # `force_refresh_jwks: true`.
+    # JWKS are cached for JWKS_CACHE_LIFETIME seconds, in order to avoid unecessary roundtrips.
+    # In order to invalidate the cache, pass `force_refresh_jwks: true`.
     #
-    # A timeout for the request to the JWKs endpoint can be set with the
-    # `timeout` argument.
-    def verify_token(token, force_refresh_jwks: false, algorithms: ['RS256'], timeout: 5)
+    # A timeout for the request to the JWKs endpoint can be set with the `timeout` argument.
+    def verify_token(token, force_refresh_jwks: false, algorithms: ["RS256"], timeout: 5)
       jwk_loader = ->(options) do
         # JWT.decode requires that the 'keys' key in the Hash is a symbol (as
         # opposed to a string which our SDK returns by default)
-        { keys: SDK.jwks_cache.fetch(self, kid_not_found: (options[:invalidate] || options[:kid_not_found]), force_refresh: force_refresh_jwks) }
+        {keys: SDK.jwks_cache.fetch(self, kid_not_found: options[:invalidate] || options[:kid_not_found], force_refresh: force_refresh_jwks)}
       end
 
       JWT.decode(token, nil, true, algorithms: algorithms, exp_leeway: timeout, jwks: jwk_loader).first
     end
+
+    private
+
+    # TODO: Temporary solution until generators are improved
+    HTTP_CLIENT_CUSTOM_MAPPING = {
+      allowlist: "AllowListBlockList",
+      blocklist: "AllowListBlockList",
+      email_sms_templates: "EmailSMSTemplates",
+      oauth_applications: "OAuthApplications",
+      jwt_templates: "JWTTemplates",
+      redirect_urls: "RedirectURLs",
+      saml_connections: "SAMLConnections"
+    }
+
+    def generate_const_name(method_name)
+      "#{HTTP_CLIENT_CUSTOM_MAPPING[method_name] || Utils.camel_case(method_name)}Api"
+    end
+
+    def respond_to_missing?(method_name, include_private = false)
+      ClerkHttpClient.const_get(generate_const_name(method_name)).respond_to?(:new)
+    rescue NameError
+      false
+    end
+
+    def method_missing(method_name, *arguments)
+      ClerkHttpClient.const_get(generate_const_name(method_name)).new
+    rescue NameError
+      raise NoMethodError, "undefined method `#{method_name}` for #{self.class.name}"
+    end
   end
 end

data/lib/clerk/sinatra.rb

@@ -0,0 +1,52 @@
+require "sinatra/base"
+require "clerk/rack"
+
+module Sinatra
+  module Clerk
+    module Helpers
+      def clerk
+        env["clerk"]
+      end
+
+      def require_reverification!(preset = ::Clerk::StepUp::Preset::STRICT, &block)
+        clerk.user_require_reverification!(preset) do
+          return yield(preset) if block_given?
+          render_reverification!(preset)
+        end
+      end
+
+      def render_reverification!(preset = nil)
+        halt 403, ::Clerk::StepUp::Reverification.error_payload(preset).to_json
+      end
+
+      def clerk_sdk
+        @@sdk ||= ::Clerk::SDK.new
+      end
+    end
+
+    def self.registered(app)
+      app.helpers Clerk::Helpers
+      app.use ::Clerk::Rack::Middleware
+
+      app.set(:auth) do |active|
+        condition do
+          redirect clerk.sign_in_url if active && !clerk.session
+        end
+      end
+
+      app.set(:reverify) do |preset|
+        condition do
+          if preset === true
+            preset = ::Clerk::StepUp::Preset::STRICT
+          end
+
+          if preset
+            require_reverification!(preset)
+          end
+        end
+      end
+    end
+  end
+
+  register Clerk
+end

data/lib/clerk/utils.rb

@@ -1,11 +1,57 @@
+# frozen_string_literal: true
+
+require "base64"
+
 module Clerk
   module Utils
-    module_function
-    def camelize(term)
-      string = term.to_s
-      string = string.sub(/^[a-z\d]*/) { match.capitalize }
-      string.gsub!(/(?:_|(\/))([a-z\d]*)/) { "#{$1}#{$2.capitalize}" }
-      string
+    class << self
+      def camel_case(str)
+        str = str.to_s
+        return str if str !~ /_/ && str =~ /[A-Z]+.*/
+        str.split("_").map { |s| s.capitalize }.join
+      end
+
+      def decode_publishable_key(publishable_key)
+        Base64.decode64(publishable_key.split("_")[2].to_s)
+      end
+
+      def filter_routes(routes)
+        filtered_routes = {}
+        filtered_wildcard_routes = []
+
+        routes.each do |route|
+          route = route.strip
+
+          if route.end_with?("/*")
+            filtered_wildcard_routes << route[0..-2]
+          else
+            filtered_routes[route] = true
+          end
+        end
+
+        filtered_wildcard_routes.uniq!
+
+        [filtered_routes, filtered_wildcard_routes]
+      end
+
+      def retrieve_from_query_string(url, key)
+        ::Rack::Utils.parse_query(url.query)[key]
+      end
+
+      def valid_publishable_key?(publishable_key)
+        raise ArgumentError, "publishable_key must be a string" unless publishable_key.is_a?(String)
+
+        key = publishable_key.to_s
+        valid_publishable_key_prefix?(key) && valid_publishable_key_postfix?(key)
+      end
+
+      def valid_publishable_key_postfix?(publishable_key)
+        decode_publishable_key(publishable_key).end_with?("$")
+      end
+
+      def valid_publishable_key_prefix?(publishable_key)
+        publishable_key.start_with?("pk_live_", "pk_test_")
+      end
     end
   end
 end

data/lib/clerk/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module Clerk
-  VERSION = "4.0.0.beta2"
+  VERSION = "4.0.0.beta4"
 end

data/lib/clerk.rb

@@ -1,63 +1,27 @@
 # frozen_string_literal: true
 
-require_relative "clerk/version"
-require_relative "clerk/constants"
-require_relative "clerk/sdk"
+require "clerk/configuration"
+require "clerk/constants"
+require "clerk/error"
+require "clerk/sdk"
+require "clerk/version"
+
+if defined?(::Rails)
+  require "clerk/rails"
+end
 
 module Clerk
   class << self
     def configure
-      yield(configuration)
+      if block_given?
+        yield(configuration)
+      else
+        configuration
+      end
     end
 
     def configuration
-      @configuration ||= Config.new
-    end
-  end
-
-  class Config
-    PRODUCTION_BASE_URL = "https://api.clerk.dev/v1/".freeze
-    attr_accessor :api_key, :base_url, :publishable_key, :logger, :middleware_cache_store
-
-    # An array of route paths on which the middleware will not execute.
-    #
-    # Only request paths that match _exactly_ one of the routes will be skipped.
-    # As a special case, if a route ends with '/*', then all request paths that
-    # match the route's prefix will be skipped.
-    #
-    # For example, given the following configuration:
-    #
-    #     excluded_routes = ["/foo", "/bar/*"]
-    #
-    # the following requests will be excluded:
-    #
-    # - /foo
-    # - /bar/baz
-    # - /bar/abc/xyz
-    #
-    # while the following requests will NOT be excluded:
-    #
-    # - /foo/bar
-    # - /bar
-    #
-    attr_accessor :excluded_routes
-
-    def initialize
-      @base_url = ENV.fetch("CLERK_API_BASE", PRODUCTION_BASE_URL)
-      @api_key = ENV["CLERK_API_KEY"]
-
-      secret_key = ENV["CLERK_SECRET_KEY"]
-      if secret_key && !secret_key.empty?
-        @api_key = secret_key
-      end
-
-      @publishable_key = ENV.fetch("CLERK_PUBLISHABLE_KEY")
-
-      @excluded_routes = []
+      @configuration ||= Clerk::Configuration.default
     end
   end
 end
-
-if defined?(::Rails)
-  require_relative "clerk/railtie"
-end