RubyGems - cloudkit-jruby - Versions diffs - 0.11.2 - Mend

cloudkit-jruby 0.11.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (64) hide show

data/CHANGES +47 -0
data/COPYING +20 -0
data/README +84 -0
data/Rakefile +42 -0
data/TODO +21 -0
data/cloudkit.gemspec +89 -0
data/doc/curl.html +388 -0
data/doc/images/example-code.gif +0 -0
data/doc/images/json-title.gif +0 -0
data/doc/images/oauth-discovery-logo.gif +0 -0
data/doc/images/openid-logo.gif +0 -0
data/doc/index.html +90 -0
data/doc/main.css +151 -0
data/doc/rest-api.html +467 -0
data/examples/1.ru +3 -0
data/examples/2.ru +3 -0
data/examples/3.ru +6 -0
data/examples/4.ru +5 -0
data/examples/5.ru +9 -0
data/examples/6.ru +11 -0
data/examples/TOC +17 -0
data/lib/cloudkit.rb +92 -0
data/lib/cloudkit/constants.rb +34 -0
data/lib/cloudkit/exceptions.rb +10 -0
data/lib/cloudkit/flash_session.rb +20 -0
data/lib/cloudkit/oauth_filter.rb +266 -0
data/lib/cloudkit/oauth_store.rb +48 -0
data/lib/cloudkit/openid_filter.rb +236 -0
data/lib/cloudkit/openid_store.rb +100 -0
data/lib/cloudkit/rack/builder.rb +120 -0
data/lib/cloudkit/rack/router.rb +20 -0
data/lib/cloudkit/request.rb +177 -0
data/lib/cloudkit/service.rb +162 -0
data/lib/cloudkit/store.rb +349 -0
data/lib/cloudkit/store/memory_table.rb +99 -0
data/lib/cloudkit/store/resource.rb +269 -0
data/lib/cloudkit/store/response.rb +52 -0
data/lib/cloudkit/store/response_helpers.rb +84 -0
data/lib/cloudkit/templates/authorize_request_token.erb +19 -0
data/lib/cloudkit/templates/oauth_descriptor.erb +43 -0
data/lib/cloudkit/templates/oauth_meta.erb +8 -0
data/lib/cloudkit/templates/openid_login.erb +31 -0
data/lib/cloudkit/templates/request_authorization.erb +23 -0
data/lib/cloudkit/templates/request_token_denied.erb +18 -0
data/lib/cloudkit/uri.rb +88 -0
data/lib/cloudkit/user_store.rb +37 -0
data/lib/cloudkit/util.rb +25 -0
data/spec/ext_spec.rb +76 -0
data/spec/flash_session_spec.rb +20 -0
data/spec/memory_table_spec.rb +86 -0
data/spec/oauth_filter_spec.rb +326 -0
data/spec/oauth_store_spec.rb +10 -0
data/spec/openid_filter_spec.rb +81 -0
data/spec/openid_store_spec.rb +101 -0
data/spec/rack_builder_spec.rb +39 -0
data/spec/request_spec.rb +191 -0
data/spec/resource_spec.rb +310 -0
data/spec/service_spec.rb +1039 -0
data/spec/spec_helper.rb +32 -0
data/spec/store_spec.rb +10 -0
data/spec/uri_spec.rb +93 -0
data/spec/user_store_spec.rb +10 -0
data/spec/util_spec.rb +11 -0
metadata +180 -0

data/examples/1.ru ADDED

@@ -0,0 +1,3 @@
+$:.unshift File.expand_path(File.dirname(__FILE__)) + '/../lib'
+require 'cloudkit'
+expose :notes

data/examples/2.ru ADDED

@@ -0,0 +1,3 @@
+$:.unshift File.expand_path(File.dirname(__FILE__)) + '/../lib'
+require 'cloudkit'
+contain :notes

data/examples/3.ru ADDED

@@ -0,0 +1,6 @@
+$:.unshift File.expand_path(File.dirname(__FILE__)) + '/../lib'
+require 'cloudkit'
+use Rack::Session::Pool
+use CloudKit::OpenIDFilter
+use CloudKit::Service, :collections => [:notes]
+run lambda{|env| [200, {'Content-Type' => 'text/html', 'Content-Length' => '5'}, ['HELLO']]}

data/examples/4.ru ADDED

@@ -0,0 +1,5 @@
+$:.unshift File.expand_path(File.dirname(__FILE__)) + '/../lib'
+require 'cloudkit'
+use CloudKit::OAuthFilter
+use CloudKit::Service, :collections => [:notes]
+run lambda{|env| [200, {'Content-Type' => 'text/html', 'Content-Length' => '5'}, ['HELLO']]}

data/examples/5.ru ADDED

@@ -0,0 +1,9 @@
+$:.unshift File.expand_path(File.dirname(__FILE__)) + '/../lib'
+require 'cloudkit'
+require 'rufus/tokyo' # gem install rufus-tokyo
+CloudKit.setup_storage_adapter(Rufus::Tokyo::Table.new('cloudkit.tdb'))
+use Rack::Session::Pool
+use CloudKit::OAuthFilter
+use CloudKit::OpenIDFilter
+use CloudKit::Service, :collections => [:notes]
+run lambda{|env| [200, {'Content-Type' => 'text/html', 'Content-Length' => '5'}, ['HELLO']]}

data/examples/6.ru ADDED

@@ -0,0 +1,11 @@
+$:.unshift File.expand_path(File.dirname(__FILE__)) + '/../lib'
+require 'cloudkit'
+require 'rufus/tokyo/tyrant' # gem install rufus-tokyo
+# start Tokyo Tyrant with a table store...
+# ttserver data.tct
+CloudKit.setup_storage_adapter(Rufus::Tokyo::TyrantTable.new('127.0.0.1', 1978))
+use Rack::Session::Pool
+use CloudKit::OAuthFilter
+use CloudKit::OpenIDFilter
+use CloudKit::Service, :collections => [:notes]
+run lambda{|env| [200, {'Content-Type' => 'text/html', 'Content-Length' => '5'}, ['HELLO']]}

data/examples/TOC ADDED

@@ -0,0 +1,17 @@
+Index of Examples
+-----------------
+When using the gem version of CloudKit, the first line of each example can be
+removed.
+1. Expose Notes      - Mount a JSON "notes" API. Uses in-memory store.
+2. Contain Notes     - Same as #1, adding OpenID and OAuth.
+3. Notes with OpenID - Same as #1 using only OpenID.
+4. Notes with OAuth  - Same as #1 using only OAuth.
+5. Tokyo Notes       - Same as #2 with a Tokyo Cabinet Table store.
+6. Tyrant Notes      - Same as #2 with a Tokyo Tyrant Table store.

data/lib/cloudkit.rb ADDED

@@ -0,0 +1,92 @@
+require 'rubygems'
+require 'erb'
+require 'json'
+require 'digest/md5'
+require 'openid'
+require 'time'
+require 'uuid'
+require 'rack'
+require 'oauth'
+require 'oauth/consumer'
+require 'oauth/request_proxy/rack_request'
+require 'oauth/server'
+require 'oauth/signature'
+require 'cloudkit/constants'
+require 'cloudkit/exceptions'
+require 'cloudkit/util'
+require 'cloudkit/uri'
+require 'cloudkit/store/memory_table'
+require 'cloudkit/store/resource'
+require 'cloudkit/store/response'
+require 'cloudkit/store/response_helpers'
+require 'cloudkit/store'
+require 'cloudkit/flash_session'
+require 'cloudkit/oauth_filter'
+require 'cloudkit/oauth_store'
+require 'cloudkit/openid_filter'
+require 'cloudkit/openid_store'
+require 'cloudkit/rack/builder'
+require 'cloudkit/rack/router'
+require 'cloudkit/request'
+require 'cloudkit/service'
+require 'cloudkit/user_store'
+include CloudKit::Constants
+module CloudKit
+  VERSION = '0.11.2'
+  # Sets up the storage adapter. Defaults to development-time
+  # CloudKit::MemoryTable. Also supports Rufus Tokyo Table instances. See the
+  # examples directory for Cabinet and Tyrant Table examples.
+  def self.setup_storage_adapter(adapter_instance=nil)
+    @storage_adapter = adapter_instance || CloudKit::MemoryTable.new
+  end
+  # Return the shared storage adapter.
+  def self.storage_adapter
+    @storage_adapter
+  end
+end
+class Object
+  # Execute a method if it exists.
+  def try(method) # via defunkt
+    send method if respond_to? method
+  end
+end
+class Hash
+  # For each key in 'other' that has a non-nil value, merge it into the current
+  # Hash.
+  def filter_merge!(other={})
+    other.each_pair{|k,v| self.merge!(k => v) unless v.nil?}
+    self
+  end
+  # Change the key 'oldkey' to 'newkey'
+  def rekey!(oldkey, newkey)
+    if self.has_key? oldkey
+      self[newkey] = self.delete(oldkey)
+    end
+    nil
+  end
+  # Return a new Hash, excluding the specified list of keys.
+  def excluding(*keys)
+    trimmed = self.dup
+    keys.each{|k| trimmed.delete(k)}
+    trimmed
+  end
+end
+class Array
+  # Return a new Array, excluding the specified list of values.
+  def excluding(*keys)
+    trimmed = self.dup
+    trimmed - keys
+  end
+end

data/lib/cloudkit/constants.rb ADDED

@@ -0,0 +1,34 @@
+module CloudKit
+  module Constants
+    # The key used to store the authenticated user.
+    CLOUDKIT_AUTH_KEY = 'cloudkit.user'.freeze
+    # The key used to indicate the presence of auth in a stack.
+    CLOUDKIT_AUTH_PRESENCE = 'cloudkit.auth'.freeze
+    # The key used to store auth challenge headers shared between
+    # OpenID and OAuth middleware.
+    CLOUDKIT_AUTH_CHALLENGE = 'cloudkit.challenge'.freeze
+    # The 'via' key used to announce and track upstream middleware.
+    CLOUDKIT_VIA = 'cloudkit.via'.freeze
+    # The key used to store the 'flash' in the session.
+    CLOUDKIT_FLASH = 'cloudkit.flash'.freeze
+    # The 'via' key for the OAuth filter.
+    CLOUDKIT_OAUTH_FILTER_KEY = 'cloudkit.filter.oauth'.freeze
+    # The 'via' key for the OpenID filter.
+    CLOUDKIT_OPENID_FILTER_KEY = 'cloudkit.filter.openid'.freeze
+    # The key for the login URL used in OpenID and OAuth middleware
+    # components.
+    CLOUDKIT_LOGIN_URL = 'cloudkit.filter.openid.url.login'.freeze
+    # The key for the logout URL used in OpenID and OAuth middleware
+    # components.
+    CLOUDKIT_LOGOUT_URL = 'cloudkit.filter.openid.url.logout'.freeze
+  end
+end

data/lib/cloudkit/exceptions.rb ADDED

@@ -0,0 +1,10 @@
+module CloudKit
+  # HistoricalIntegrityViolation exceptions are raised when an attempt is made
+  # to modify an archived or deleted version of a resource.
+  class HistoricalIntegrityViolation < Exception; end
+  # InvalidURIFormat exceptions are raised during attempts to get or generate
+  # cannonical URIs from non-collection or non-resource URIs.
+  class InvalidURIFormat < Exception; end
+end

data/lib/cloudkit/flash_session.rb ADDED

@@ -0,0 +1,20 @@
+module CloudKit
+  # FlashSessions are hashes that forget their contents after the first access.
+  # Useful for session-based messaging.
+  class FlashSession
+    def initialize
+      @values = {}
+    end
+    # Set the value for a key.
+    def []=(k, v)
+      @values[k] = v
+    end
+    # Access a value, then forget it.
+    def [](k)
+      @values.delete(k)
+    end
+  end
+end

data/lib/cloudkit/oauth_filter.rb ADDED

@@ -0,0 +1,266 @@
+module CloudKit
+  # An OAuthFilter provides both OAuth 1.0 support, plus OAuth Discovery.
+  #
+  # Responds to the following URIs as part of the OAuth 1.0 "dance":
+  #
+  #   /oauth/request_tokens
+  #   /oauth/authorization
+  #   /oauth/authorized_request_tokens/{id}
+  #   /oauth/access_tokens
+  #
+  # Responds to the following URIs as part of OAuth Discovery:
+  #   /oauth
+  #   /oauth/meta
+  #
+  # See also:
+  # - {OAuth Core 1.0}[http://oauth.net/core/1.0]
+  # - {OAuth Discovery}[http://oauth.net/discovery]
+  # - Thread[http://groups.google.com/group/oauth/browse_thread/thread/29a1b550396f63cf] covering /oauth and /oauth/meta URIs.
+  #
+  class OAuthFilter
+    include Util
+    @@lock  = Mutex.new
+    @@store = nil
+    def initialize(app, options={})
+      @app     = app
+      @options = options
+    end
+    def call(env)
+      @@lock.synchronize do
+        @@store = OAuthStore.new
+      end unless @@store
+      request = Request.new(env)
+      request.announce_auth(CLOUDKIT_OAUTH_FILTER_KEY)
+      return xrds_location(request) if oauth_disco_draft2_xrds?(request)
+      return @app.call(env) if request.path_info == '/'
+      load_user_from_session(request)
+      begin
+        case request
+        when r(:get, '/oauth/meta')
+          get_meta(request)
+        when r(:post, '/oauth/request_tokens', ['oauth_consumer_key'])
+          create_request_token(request)
+        when r(:get, '/oauth/authorization', ['oauth_token'])
+          request_authorization(request)
+        when r(:put, '/oauth/authorized_request_tokens/:id', ['submit' => 'Approve'])
+          # Temporarily relying on a button value until pluggable templates are
+          # introduced in 1.0.
+          authorize_request_token(request)
+        when r(:put, '/oauth/authorized_request_tokens/:id', ['submit' => 'Deny'])
+          # See previous comment.
+          deny_request_token(request)
+        when r(:post, '/oauth/authorized_request_tokens/:id', [{'_method' => 'PUT'}])
+          authorize_request_token(request)
+        when r(:post, '/oauth/access_tokens')
+          create_access_token(request)
+        when r(:get, '/oauth')
+          get_descriptor(request)
+        else
+          inject_user_or_challenge(request)
+          @app.call(env)
+        end
+      rescue OAuth::Signature::UnknownSignatureMethod
+        # The OAuth spec suggests a 400 status, but serving a 401 with the
+        # meta/challenge info seems more appropriate as the OAuth metadata
+        # specifies the supported signature methods, giving the user agent an
+        # opportunity to fix the error.
+        return challenge(request, 'unknown signature method')
+      end
+    end
+    def store; @@store; end
+    protected
+    def create_request_token(request)
+      return challenge(request, 'invalid nonce') unless valid_nonce?(request)
+      consumer_result = @@store.get("/cloudkit_oauth_consumers/#{request[:oauth_consumer_key]}")
+      unless consumer_result.status == 200
+        return challenge(request, 'invalid consumer')
+      end
+      consumer  = consumer_result.parsed_content
+      signature = OAuth::Signature.build(request) { [nil, consumer['secret']] }
+      return challenge(request, 'invalid signature') unless signature.verify
+      token_id, secret = OAuth::Server.new(request.host).generate_credentials
+      request_token = JSON.generate(
+        :secret       => secret,
+        :consumer_key => request[:oauth_consumer_key])
+      @@store.put(
+        "/cloudkit_oauth_request_tokens/#{token_id}",
+        :json => request_token)
+      Rack::Response.new("oauth_token=#{token_id}&oauth_token_secret=#{secret}", 201).finish
+    end
+    def request_authorization(request)
+      return login_redirect(request) unless request.current_user
+      request_token_result = @@store.get("/cloudkit_oauth_request_tokens/#{request[:oauth_token]}")
+      unless request_token_result.status == 200
+        return challenge(request, 'invalid request token')
+      end
+      request_token = request_token_result.parsed_content
+      erb(request, :request_authorization)
+    end
+    def authorize_request_token(request)
+      return login_redirect(request) unless request.current_user
+      request_token_response = @@store.get("/cloudkit_oauth_request_tokens/#{request.last_path_element}")
+      request_token = request_token_response.parsed_content
+      if request_token['authorized_at']
+        return challenge(request, 'invalid request token')
+      end
+      request_token['user_id']       = request.current_user
+      request_token['authorized_at'] = Time.now.httpdate
+      json                           = JSON.generate(request_token)
+      @@store.put(
+        "/cloudkit_oauth_request_tokens/#{request.last_path_element}",
+        :etag => request_token_response.etag,
+        :json => json)
+      erb(request, :authorize_request_token)
+    end
+    def deny_request_token(request)
+      return login_redirect(request) unless request.current_user
+      request_token_response = @@store.get("/cloudkit_oauth_request_tokens/#{request.last_path_element}")
+      @@store.delete(
+        "/cloudkit_oauth_request_tokens/#{request.last_path_element}",
+        :etag => request_token_response.etag)
+      erb(request, :request_token_denied)
+    end
+    def create_access_token(request)
+      return challenge(request, 'invalid nonce') unless valid_nonce?(request)
+      consumer_response = @@store.get("/cloudkit_oauth_consumers/#{request[:oauth_consumer_key]}")
+      unless consumer_response.status == 200
+        return challenge(request, 'invalid consumer')
+      end
+      consumer = consumer_response.parsed_content
+      request_token_response = @@store.get("/cloudkit_oauth_request_tokens/#{request[:oauth_token]}")
+      unless request_token_response.status == 200
+        return challenge(request, 'invalid request token')
+      end
+      request_token = request_token_response.parsed_content
+      unless request_token['consumer_key'] == request[:oauth_consumer_key]
+        return challenge(request, 'invalid consumer')
+      end
+      signature = OAuth::Signature.build(request) do
+        [request_token['secret'], consumer['secret']]
+      end
+      unless signature.verify
+        return challenge(request, 'invalid signature')
+      end
+      token_id, secret = OAuth::Server.new(request.host).generate_credentials
+      token_data = JSON.generate(
+        :secret          => secret,
+        :consumer_key    => request[:oauth_consumer_key],
+        :consumer_secret => consumer['secret'],
+        :user_id         => request_token['user_id'])
+      @@store.put("/cloudkit_oauth_tokens/#{token_id}", :json => token_data)
+      @@store.delete(
+        "/cloudkit_oauth_request_tokens/#{request[:oauth_token]}",
+        :etag => request_token_response.etag)
+      Rack::Response.new("oauth_token=#{token_id}&oauth_token_secret=#{secret}", 201).finish
+    end
+    def inject_user_or_challenge(request)
+      unless valid_nonce?(request)
+        request.current_user = ''
+        inject_challenge(request)
+        return
+      end
+      result       = @@store.get("/cloudkit_oauth_tokens/#{request[:oauth_token]}")
+      access_token = result.parsed_content
+      signature    = OAuth::Signature.build(request) do
+        [access_token['secret'], access_token['consumer_secret']]
+      end
+      if signature.verify
+        request.current_user = access_token['user_id']
+      else
+        request.current_user = ''
+        inject_challenge(request)
+      end
+    end
+    def valid_nonce?(request)
+      timestamp = request[:oauth_timestamp]
+      nonce     = request[:oauth_nonce]
+      return false unless (timestamp && nonce)
+      uri    = "/cloudkit_oauth_nonces/#{timestamp},#{nonce}"
+      result = @@store.put(uri, :json => '{}')
+      return false unless result.status == 201
+      true
+    end
+    def inject_challenge(request)
+      request.env[CLOUDKIT_AUTH_CHALLENGE] = challenge_headers(request)
+    end
+    def challenge(request, message='')
+      Rack::Response.new(message, 401, challenge_headers(request)).finish
+    end
+    def challenge_headers(request)
+      {
+        'WWW-Authenticate' => "OAuth realm=\"http://#{request.env['HTTP_HOST']}\"",
+        'Link' => discovery_link(request),
+        'Content-Type' => 'application/json'
+      }
+    end
+    def discovery_link(request)
+      "<#{request.scheme}://#{request.env['HTTP_HOST']}/oauth/meta>; rel=\"http://oauth.net/discovery/1.0/rel/provider\""
+    end
+    def login_redirect(request)
+      request.session['return_to'] = request.url if request.session
+      Rack::Response.new([], 302, {'Location' => request.login_url}).finish
+    end
+    def load_user_from_session(request)
+      request.current_user = request.session['user_uri'] if request.session
+    end
+    def get_meta(request)
+      # Expected in next OAuth Discovery Draft
+      erb(request, :oauth_meta)
+    end
+    def oauth_disco_draft2_xrds?(request)
+      # Current OAuth Discovery Draft 2 / XRDS-Simple 1.0, Section 5.1.2
+      request.get? &&
+        request.env['HTTP_ACCEPT'] &&
+        request.env['HTTP_ACCEPT'].match(/application\/xrds\+xml/)
+    end
+    def xrds_location(request)
+      # Current OAuth Discovery Draft 2 / XRDS-Simple 1.0, Section 5.1.2
+      Rack::Response.new([], 200, {'X-XRDS-Location' => "#{request.scheme}://#{request.env['HTTP_HOST']}/oauth"}).finish
+    end
+    def get_descriptor(request)
+      erb(request, :oauth_descriptor, {'Content-Type' => 'application/xrds+xml'})
+    end
+  end
+end