clerk_active_record 0.0.1

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: 00bb8417dbef561567b058c77406d1a57b16ee2a393834a581ea9c0b5d183cd4
+  data.tar.gz: e2adcb9efe8dd99245a682fd9d553fb654f6e7af53344d25091a2af59ffae65f
+SHA512:
+  metadata.gz: b24e85f835dd1d395621a697bfd485267fba0dfdd977a47e894ec6d8fbfb77bf96006ffd128fcad131aeceaac50aeb31b99e2c69d967076e516869d8bfaac938
+  data.tar.gz: b1afc6fdbd7e6b123081d21e7390e80ebc046edfbc575b12e3897d5a070952b65d30a9dcf9eed7c0255aeb37cd4c55be48bf49677bd7ef6f4567741e87ad6d1d

data/LICENSE.txt

@@ -0,0 +1,21 @@
+The MIT License (MIT)
+
+Copyright (c) 2019 Clerk.dev
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.

data/README.md

@@ -0,0 +1,43 @@
+# ClerkActiveRecord
+
+Welcome to your new gem! In this directory, you'll find the files you need to be able to package up your Ruby library into a gem. Put your Ruby code in the file `lib/clerk_active_record`. To experiment with that code, run `bin/console` for an interactive prompt.
+
+TODO: Delete this and the text above, and describe your gem
+
+## Installation
+
+Add this line to your application's Gemfile:
+
+```ruby
+gem 'clerk_active_record'
+```
+
+And then execute:
+
+    $ bundle
+
+Or install it yourself as:
+
+    $ gem install clerk_active_record
+
+## Usage
+
+TODO: Write usage instructions here
+
+## Development
+
+After checking out the repo, run `bin/setup` to install dependencies. Then, run `rake test` to run the tests. You can also run `bin/console` for an interactive prompt that will allow you to experiment.
+
+To install this gem onto your local machine, run `bundle exec rake install`. To release a new version, update the version number in `version.rb`, and then run `bundle exec rake release`, which will create a git tag for the version, push git commits and tags, and push the `.gem` file to [rubygems.org](https://rubygems.org).
+
+## Contributing
+
+Bug reports and pull requests are welcome on GitHub at https://github.com/[USERNAME]/clerk_active_record. This project is intended to be a safe, welcoming space for collaboration, and contributors are expected to adhere to the [Contributor Covenant](http://contributor-covenant.org) code of conduct.
+
+## License
+
+The gem is available as open source under the terms of the [MIT License](https://opensource.org/licenses/MIT).
+
+## Code of Conduct
+
+Everyone interacting in the ClerkActiveRecord project’s codebases, issue trackers, chat rooms and mailing lists is expected to follow the [code of conduct](https://github.com/[USERNAME]/clerk_active_record/blob/master/CODE_OF_CONDUCT.md).

data/lib/clerk.rb

@@ -0,0 +1,9 @@
+require "clerk/application_record"
+
+require "clerk/account"
+require "clerk/email"
+require "clerk/role"
+require "clerk/session_token"
+
+module Clerk
+end

data/lib/clerk/account.rb

@@ -0,0 +1,147 @@
+require 'jwt'
+module Clerk
+  class Account < Clerk::ApplicationRecord
+    self.table_name = self.clerk_table_name("accounts")
+    self.primary_key = 'id'
+
+    has_many :roles, class_name: "Clerk::Role"
+    has_many :emails, class_name: "Clerk::Email"
+
+    def email(
+      from_email_name:,
+      email_template_token: nil,
+      replacements: nil,
+      subject: nil,
+      body: nil
+    )
+      Clerk::Email.create(
+        account_id: self.id,
+        from_email_name: from_email_name,
+        email_template_token: email_template_token,
+        replacements: replacements,
+        subject: subject,
+        body: body
+      )
+    end
+
+    def self.from_session_token(session_token)
+      rsa_public = OpenSSL::PKey::RSA.new ENV["CLERK_SESSION_KEY"]
+      begin
+        decoded_token = ::JWT.decode (session_token), rsa_public, true, { algorithm: 'RS256' }
+        session_id = decoded_token[0]["id"]
+        session = clerk_persistence_api.get("/v1/sessions/#{session_id}").data
+        account = Clerk::Account.new(
+          id: session[:account][:id],
+          email_address: session[:account][:email_address],
+          verified_email_address: session[:account][:verified_email_address]
+        )
+        account.instance_variable_set(:@new_record, false)
+        account.clear_changes_information
+        account
+      rescue => e 
+        puts "Failed to find account from session token"
+        puts e
+        return nil
+      end
+    end
+
+    def add_clerk_role(role_type_symbol, instance = nil)
+      json = {}
+      json[:name] = role_type_symbol.to_s
+      json[:account_id] = self.id
+
+      if not instance.nil?
+        json[:scope_class] = instance.class.name
+        json[:scope_id] = instance.id
+      end
+
+      server_url = "#{Clerk.accounts_url}/roles"
+      HTTP.auth("Bearer #{Clerk.key}").post(server_url, :json => json)
+    end
+
+    def has_role?(role, scope)
+      roles.where(name: role, scope_class: scope.class.name, scope_id: scope.id).exists?
+    end
+
+    def roles_for(scope)
+      roles.where(scope_class: scope.class.name, scope_id: scope.id).pluck(:name).map(&:to_sym)
+    end
+
+    def has_permission?(permission, scope)
+      has_role?(scope.class.roles_with_permission(permission), scope)
+    end
+
+    def permissions_for(scope)
+      permissions = Set.new
+
+      roles = roles_for(scope)
+      roles.each do |role|
+        role_permissions = scope.class.clerk_permissions_map[role]
+
+        unless role_permissions.nil?
+          permissions.merge(role_permissions)
+        end
+      end
+
+      return permissions.to_a
+    end
+
+    private
+
+      def method_missing(method_name, *args, &block)
+        # Rails lazy loads modules.  If an object hasn't been loaded yet, any inverse association
+        # will not be here yet.  Just in case, load the constant here and re-call the method to
+        # before raising an error
+        @miss_test ||= {}
+        if @miss_test.has_key? method_name.to_sym
+          super
+        else
+          @miss_test[method_name.to_sym] = true
+          scope_class = method_name.to_s.classify.constantize
+          send(method_name, *args, &block)  
+        end
+      rescue => e
+        super
+      end
+
+      class RolesWrapper
+        def initialize(instance, target)
+          @instance = instance
+          @target_class = target.to_s.classify.constantize
+        end
+
+        def with(role: nil, permission: nil)
+          if (role.nil? and permission.nil?) or (not role.nil? and not permission.nil?)
+            raise ArgumentError.new("Invalid argument, must supply either a role or permission")
+          end
+
+          if not role.nil?
+            return @target_class.where( 
+              id: @instance.roles.where(scope_class: @target_class.name, name: role).pluck(:scope_id) 
+            )
+          end
+
+          if not permission.nil?
+            roles = @target_class.roles_with_permission(permission)
+            return @target_class.where(
+              id: @instance.roles.where(scope_class: @target_class.name, name: roles).pluck(:scope_id)
+            )            
+          end
+        end
+
+        def no_with
+          @target_class.where( 
+            id: @instance.roles.where(scope_class: @target_class.name).pluck(:scope_id) 
+          )
+        end
+
+        def method_missing(m, *args, &block)
+          no_with.send(m, *args, &block)
+        end
+
+        def inspect
+          no_with.inspect
+        end
+      end
+  end
+end

data/lib/clerk/application_record.rb

@@ -0,0 +1,31 @@
+module Clerk
+  class ApplicationRecord < ActiveRecord::Base
+    self.abstract_class = true
+    puts "ugh"
+    puts ENV["CLERK_DATABASE_URL"]
+    puts "go"
+    establish_connection ENV["CLERK_DATABASE_URL"]
+    def self.clerk_table_name(table_name)
+      "#{table_name}_01"
+    end
+
+    def self.clerk_persistence_path
+      "/v1/#{table_name[0...-3]}"
+    end
+ 
+    def self.clerk_persistence_api
+      @@clerk_persistence_api ||= ClerkActiveRecord::Api::Connection.new(
+        (ENV["CLERK_API_PATH"] || "https://api.clerk.dev"),
+        ENV["CLERK_KEY"]
+      )
+    end
+
+    def self.transaction(options = {}, &block)
+      # were overriding all the methods that need transactions
+      # these interfere with pgbouncer.  just yield the block
+      yield
+    rescue ActiveRecord::Rollback
+      # rollbacks are silently swallowed
+    end        
+  end
+end

data/lib/clerk/email.rb

@@ -0,0 +1,8 @@
+module Clerk
+  class Email < Clerk::ApplicationRecord
+    serialize :replacements
+
+    self.table_name = self.clerk_table_name("emails")
+    self.primary_key = 'id'
+  end
+end

data/lib/clerk/errors.rb

@@ -0,0 +1,18 @@
+module Clerk
+  module Errors
+    class ClerkError < StandardError; end
+
+    class ClerkServerError < ClerkError      
+      def initialize(message = nil, model = nil)
+        @model = model
+        super(message)
+      end      
+    end
+
+    class MethodDisabled < ClerkError
+      def initialize(message = nil)
+        super(message)
+      end
+    end
+  end
+end

data/lib/clerk/role.rb

@@ -0,0 +1,88 @@
+module Clerk
+  class Role < Clerk::ApplicationRecord
+    self.table_name = self.clerk_table_name("roles")
+    self.primary_key = 'id'
+  
+    belongs_to :account, class_name: "Clerk::Account"
+
+    # # We need to migrate roles over to the new persistence strategy
+    # def self.clerk_persistence_path
+    #   nil
+    # end
+ 
+    # def self.clerk_persistence_api
+    #   nil
+    # end    
+
+    # def self._insert_record(values)
+    #   begin 
+    #     response = Clerk::ApplicationRecord.clerk_persistence_api.post('/roles', values)
+    #     id = JSON.parse(response.body)["id"]
+    #   rescue
+    #     raise Clerk::Errors::ClerkServerError.new("Failed to save the role", self)
+    #   end        
+
+    #   if response.status != 200 or id.nil?
+    #     raise Clerk::Errors::ClerkServerError.new("Failed to save the role", self)
+    #   end
+      
+    #   return id
+    # end
+
+    # def self._update_record(values, constraints)
+    #   update_id = constraints["id"]
+    #   if update_id.nil?
+    #     raise ActiveRecord::RecordNotFound.new("Must pass an id to update a role", self)
+    #   end
+
+    #   begin
+    #     response = Clerk.api.patch("/roles/#{update_id}", values.merge!(constraints))
+    #   rescue
+    #     raise Clerk::Errors::ClerkServerError.new("Failed to update the role", self)
+    #   end
+
+    #   if response.status != 200
+    #     raise Clerk::Errors::ClerkServerError.new("Failed to update the role", self)
+    #   end
+
+    #   # overriden function returns the number of rows affected
+    #   return 1
+    # end
+
+    # def self._delete_record(constraints)
+    #   delete_id = constraints["id"]
+    #   if delete_id.nil?
+    #     raise ActiveRecord::RecordNotFound.new("Must pass an id to delete a role", self)
+    #   end
+
+    #   begin
+    #     response = Clerk.api.delete("/roles/#{delete_id}")
+    #   rescue
+    #     raise Clerk::Errors::ClerkServerError.new("Failed to delete the role", self)
+    #   end
+
+
+    #   if response.status != 200
+    #     raise Clerk::Errors::ClerkServerError.new("Failed to delete the role", self)
+    #   end
+
+    #   # overriden function returns the number of rows affected
+    #   return 1      
+    # end
+
+
+    # # disable bulk calls
+    # def self.update_all(updates)
+    #   raise Clerk::Errors::MethodDisabled.new("update_all is disabled for Clerk::Role")
+    # end
+
+    # def self.delete_all
+    #   raise Clerk::Errors::MethodDisabled.new("delete_all is disabled for Clerk::Role") 
+    # end    
+
+    # def self.destroy_all
+    #   raise Clerk::Errors::MethodDisabled.new("destroy_all is disabled for Clerk::Role")
+    # end
+  end
+end
+

data/lib/clerk/session_token.rb

@@ -0,0 +1,52 @@
+module Clerk
+  class SessionToken < Clerk::ApplicationRecord
+    self.table_name = self.clerk_table_name("session_tokens")
+    self.primary_key = 'id'
+
+    belongs_to :account, class_name: "Clerk::Account"
+
+    def self.find_account(cookie:)
+      require "bcrypt"
+      begin
+        id, token, token_hash = decrypt(cookie).split("--")
+        if BCrypt::Password.new(token_hash) == token
+          Account.joins(:session_token).where(token_hash: token_hash, )
+          SessionToken.eager_load(:account).find_by!(id: id, token_hash: token_hash)&.account
+        else 
+          nil
+        end
+      rescue => e
+        puts "Error finding acount #{e}"
+        puts "Cookie #{cookie}"
+        nil
+      end
+    end
+
+    private
+
+      def self.cipher_key
+        @@cipher_key ||= ::Base64.strict_decode64(ENV["CLERK_CIPHER_KEY"])
+      end
+
+      def self.decrypt(encrypted_message)
+        cipher = OpenSSL::Cipher.new("aes-256-gcm")
+
+        encrypted_data, iv, auth_tag = encrypted_message.split("--".freeze).map { |v| ::Base64.strict_decode64(v) }
+
+        # Currently the OpenSSL bindings do not raise an error if auth_tag is
+        # truncated, which would allow an attacker to easily forge it. See
+        # https://github.com/ruby/openssl/issues/63
+        raise InvalidMessage if (auth_tag.nil? || auth_tag.bytes.length != 16)
+
+        cipher.decrypt
+        cipher.key = cipher_key
+        cipher.iv  = iv
+        cipher.auth_tag = auth_tag
+        cipher.auth_data = ""
+
+        message = cipher.update(encrypted_data)
+        message << cipher.final
+        message
+      end
+  end
+end

data/lib/clerk_active_record.rb

@@ -0,0 +1,47 @@
+require "clerk_active_record/version"
+require "clerk_active_record/patch_persistence"
+require "clerk"
+
+module ClerkActiveRecord
+  module Api
+    class Connection
+      def initialize(url, auth_token)
+        @c = Faraday.new(:url => url) do |conn|
+          conn.request  :url_encoded
+          conn.authorization :Bearer, auth_token
+          conn.adapter Faraday.default_adapter
+        end
+      end
+
+      def post(path, fields, &block)
+        ClerkActiveRecord::Api::Response.new(@c.post(path, fields.as_json, &block))
+      end
+
+      def patch(path, fields, &block)
+        ClerkActiveRecord::Api::Response.new(@c.patch(path, fields.as_json, &block))
+      end
+
+      def delete(path, fields, &block)
+        ClerkActiveRecord::Api::Response.new(@c.delete(path, fields.as_json, &block))
+      end
+
+      def get(*args, &block)
+        ClerkActiveRecord::Api::Response.new(@c.get(*args, &block))
+      end
+    end
+
+    class Response
+      def initialize(faraday_response)
+        @res = faraday_response
+      end
+
+      def data
+        JSON.parse(@res.body, symbolize_names: true)
+      end
+
+      def method_missing(m, *args, &block)
+        @res.send(m, *args, &block)
+      end
+    end
+  end  
+end

data/lib/clerk_active_record/patch_persistence.rb

@@ -0,0 +1,74 @@
+::ActiveRecord::Persistence.module_eval do 
+  alias_method :_original_create_record, :_create_record
+
+  def _clerk_create_record(attribute_names = self.attribute_names)
+    # Send attributes on the database plus any custom attributes to the API
+    attribute_names = attributes_for_create(attribute_names)
+    attribute_names += (attributes.keys - self.class.columns_hash.keys)
+
+    values = attributes_with_values(attribute_names)
+
+    response = self.class.clerk_persistence_api.post(self.class.clerk_persistence_path, values)
+
+    if response.status == 200
+      new_id = JSON.parse(response.body)["id"]
+    elsif response.status == 422
+      response.data.each do |k, vs|
+        vs.each do |v|
+          self.errors.add(k, v)
+        end
+      end
+      raise ActiveRecord::RecordInvalid.new(self)
+    else
+      Rails.logger.fatal "Server Failed: #{response.data[:message]}"
+      raise ActiveRecord::RecordNotSaved.new("Failed to save the server record", self)
+    end
+    
+    self.id ||= new_id if self.class.primary_key
+
+    @new_record = false
+
+    yield(self) if block_given?
+
+    id
+  end
+
+  def _create_record(*args, &block)
+    if defined?(self.class.clerk_persistence_path) and !self.class.clerk_persistence_path.nil?
+      _clerk_create_record(*args, &block)
+    else
+      _original_create_record(*args, &block)
+    end
+  end
+
+  alias_method :_original_update_row, :_update_row
+
+  def _clerk_update_row(attribute_names, attempted_action = "update")
+    response = self.class.clerk_persistence_api.patch(
+      "#{self.class.clerk_persistence_path}/#{id_in_database}", 
+      attributes_with_values(attribute_names).except("updated_at")
+    )
+
+    if response.status == 200
+      1 # Affected rows
+    elsif response.status == 422
+      response.data.each do |k, vs|
+        vs.each do |v|
+          self.errors.add(k, v)
+        end
+      end
+      raise ActiveRecord::RecordInvalid.new(self)
+    else
+      Rails.logger.fatal "Server Failed: #{response.data[:message]}"
+      raise ActiveRecord::RecordNotSaved.new("Failed to save the server record", self)
+    end
+  end
+
+  def _update_row(*args, &block)
+    if defined?(self.class.clerk_persistence_path)
+      _clerk_update_row(*args, &block)
+    else
+      _original_update_row(*args, &block)
+    end
+  end
+end

data/lib/clerk_active_record/version.rb

@@ -0,0 +1,3 @@
+module ClerkActiveRecord
+  VERSION = "0.0.1"
+end

metadata

@@ -0,0 +1,113 @@
+--- !ruby/object:Gem::Specification
+name: clerk_active_record
+version: !ruby/object:Gem::Version
+  version: 0.0.1
+platform: ruby
+authors:
+- Colin Sidoti
+- Braden Sidoti
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2019-06-01 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: activerecord
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 5.2.0
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 5.2.0
+- !ruby/object:Gem::Dependency
+  name: pg
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: jwt
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: openssl
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+description: 
+email:
+- hello@clerk.dev
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- LICENSE.txt
+- README.md
+- lib/clerk.rb
+- lib/clerk/account.rb
+- lib/clerk/application_record.rb
+- lib/clerk/email.rb
+- lib/clerk/errors.rb
+- lib/clerk/role.rb
+- lib/clerk/session_token.rb
+- lib/clerk_active_record.rb
+- lib/clerk_active_record/patch_persistence.rb
+- lib/clerk_active_record/version.rb
+homepage: 
+licenses:
+- MIT
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.7.8
+signing_key: 
+specification_version: 4
+summary: Configures Clerk models for ActiveRecord
+test_files: []