cloudkit 0.9.0

data/examples/1.ru

@@ -0,0 +1,3 @@
+$:.unshift File.expand_path(File.dirname(__FILE__)) + '/../lib'
+require 'cloudkit'
+expose :notes

data/examples/2.ru

@@ -0,0 +1,3 @@
+$:.unshift File.expand_path(File.dirname(__FILE__)) + '/../lib'
+require 'cloudkit'
+contain :notes

data/examples/3.ru

@@ -0,0 +1,6 @@
+$:.unshift File.expand_path(File.dirname(__FILE__)) + '/../lib'
+require 'cloudkit'
+use Rack::Session::Pool
+use CloudKit::OpenIDFilter
+use CloudKit::Service, :collections => [:notes]
+run lambda{|env| [200, {}, ['HELLO']]}

data/examples/4.ru

@@ -0,0 +1,5 @@
+$:.unshift File.expand_path(File.dirname(__FILE__)) + '/../lib'
+require 'cloudkit'
+use CloudKit::OAuthFilter
+use CloudKit::Service, :collections => [:notes]
+run lambda{|env| [200, {}, ['HELLO']]}

data/examples/5.ru

@@ -0,0 +1,10 @@
+$:.unshift File.expand_path(File.dirname(__FILE__)) + '/../lib'
+require 'cloudkit'
+use Rack::Config do |env|
+  env['cloudkit.storage.uri'] = 'sqlite://example.db'
+end
+use Rack::Session::Pool
+use CloudKit::OAuthFilter
+use CloudKit::OpenIDFilter
+use CloudKit::Service, :collections => [:notes]
+run lambda{|env| [200, {}, ['HELLO']]}

data/examples/6.ru

@@ -0,0 +1,10 @@
+$:.unshift File.expand_path(File.dirname(__FILE__)) + '/../lib'
+require 'cloudkit'
+use Rack::Config do |env|
+  env['cloudkit.storage.uri'] = 'mysql://root:@localhost/cloudkit_example'
+end
+use Rack::Session::Pool
+use CloudKit::OAuthFilter
+use CloudKit::OpenIDFilter
+use CloudKit::Service, :collections => [:notes]
+run lambda{|env| [200, {}, ['HELLO']]}

data/examples/TOC

@@ -0,0 +1,17 @@
+Index of Examples
+-----------------
+
+When using the gem version of CloudKit, the first line of each example can be
+removed.
+
+1. Expose Notes      - Mount a JSON "notes" API. Uses in-memory SQLite.
+
+2. Contain Notes     - Same as #1, adding OpenID and OAuth.
+
+3. Notes with OpenID - Same as #1 using only OpenID.
+
+4. Notes with OAuth  - Same as #1 using only OAuth.
+
+5. SQLite Notes      - Same as #2 with a SQLite file store.
+
+6. MySQL Notes       - Same as #2 with MySQL store.

data/lib/cloudkit.rb

@@ -0,0 +1,74 @@
+require 'rubygems'
+require 'erb'
+require 'json'
+require 'md5'
+require 'openid'
+gem 'sequel', '=2.6.0'
+require 'sequel'
+require 'time'
+require 'uuid'
+require 'rack'
+require 'rack/config'
+require 'oauth'
+require 'oauth/consumer'
+require 'oauth/request_proxy/rack_request'
+require 'oauth/server'
+require 'oauth/signature'
+require 'cloudkit/util'
+require 'cloudkit/store/adapter'
+require 'cloudkit/store/extraction_view'
+require 'cloudkit/store/response'
+require 'cloudkit/store/response_helpers'
+require 'cloudkit/store/sql_adapter'
+require 'cloudkit/store'
+require 'cloudkit/flash_session'
+require 'cloudkit/oauth_filter'
+require 'cloudkit/oauth_store'
+require 'cloudkit/openid_filter'
+require 'cloudkit/openid_store'
+require 'cloudkit/rack/builder'
+require 'cloudkit/rack/router'
+require 'cloudkit/request'
+require 'cloudkit/service'
+require 'cloudkit/user_store'
+
+class Object
+
+  # Execute a method if it exists.
+  def try(method) # via defunkt
+    send method if respond_to? method
+  end
+end
+
+class Hash
+
+  # For each key in 'other' that has a non-nil value, merge it into the current
+  # Hash.
+  def filter_merge!(other={})
+    other.each_pair{|k,v| self.merge!(k => v) if v}
+    self
+  end
+
+  # Change the key 'oldkey' to 'newkey'
+  def rekey!(oldkey, newkey)
+    if self[oldkey]
+      self[newkey] = self.delete(oldkey)
+    end
+  end
+
+  # Return a new Hash, excluding the specified list of keys.
+  def excluding(*keys)
+    trimmed = self.dup
+    keys.each{|k| trimmed.delete(k)}
+    trimmed
+  end
+end
+
+class Array
+
+  # Return a new Array, excluding the specified list of values.
+  def excluding(*keys)
+    trimmed = self.dup
+    trimmed.reject{|v| keys.include?(v)}
+  end
+end

data/lib/cloudkit/flash_session.rb

@@ -0,0 +1,22 @@
+module CloudKit
+  
+  # FlashSessions are hashes that forget their contents after the first access.
+  # Useful for session-based messaging.
+  class FlashSession
+    def initialize
+      @values = {}
+    end
+
+    # Set the value for a key.
+    def []=(k, v)
+      @values[k] = v
+    end
+
+    # Access a value, then forget it.
+    def [](k)
+      v = @values[k]
+      @values[k] = nil
+      v
+    end
+  end
+end

data/lib/cloudkit/oauth_filter.rb

@@ -0,0 +1,273 @@
+module CloudKit
+  
+  # An OAuthFilter provides both OAuth 1.0 support, plus OAuth Discovery.
+  #
+  # Responds to the following URIs as part of the OAuth 1.0 "dance":
+  #
+  #   /oauth/request_tokens
+  #   /oauth/authorization
+  #   /oauth/authorized_request_tokens/{id}
+  #   /oauth/access_tokens
+  #
+  # Responds to the following URIs are part of OAuth Discovery:
+  #   /oauth
+  #   /oauth/meta
+  #
+  # See also:
+  # - {OAuth Core 1.0}[http://oauth.net/core/1.0]
+  # - {OAuth Discovery}[http://oauth.net/discovery]
+  # - Thread[http://groups.google.com/group/oauth/browse_thread/thread/29a1b550396f63cf] covering /oauth and /oauth/meta URIs.
+  #
+  class OAuthFilter
+    include Util
+
+    @@lock  = Mutex.new
+    @@store = nil
+
+    def initialize(app, options={})
+      @app     = app
+      @options = options
+    end
+
+    def call(env)
+      @@lock.synchronize do
+        @@store = OAuthStore.new(env[storage_uri_key])
+      end unless @@store
+
+      request = Request.new(env)
+      request.announce_auth(oauth_filter_key)
+      return xrds_location(request) if oauth_disco_draft2_xrds?(request)
+      return @app.call(env) if request.path_info == '/'
+
+      load_user_from_session(request)
+
+      begin
+        case request
+        when r(:get, '/oauth/meta')
+          get_meta(request)
+        when r(:post, '/oauth/request_tokens', ['oauth_consumer_key'])
+          create_request_token(request)
+        when r(:get, '/oauth/authorization', ['oauth_token'])
+          request_authorization(request)
+        when r(:put, '/oauth/authorized_request_tokens/:id', ['submit' => 'Approve'])
+          # Temporarily relying on a button value until pluggable templates are
+          # introduced in 1.0.
+          authorize_request_token(request)
+        when r(:put, '/oauth/authorized_request_tokens/:id', ['submit' => 'Deny'])
+          # See previous comment.
+          deny_request_token(request)
+        when r(:post, '/oauth/authorized_request_tokens/:id', [{'_method' => 'PUT'}])
+          authorize_request_token(request)
+        when r(:post, '/oauth/access_tokens')
+          create_access_token(request)
+        when r(:get, '/oauth')
+          get_descriptor(request)
+        else
+          inject_user_or_challenge(request)
+          @app.call(env)
+        end
+      rescue OAuth::Signature::UnknownSignatureMethod
+        # The OAuth spec suggests a 400 status, but serving a 401 with the
+        # meta/challenge info seems more appropriate as the OAuth metadata
+        # specifies the supported signature methods, giving the user agent an
+        # opportunity to fix the error.
+        return challenge(request, 'unknown signature method')
+      end
+    end
+
+    def store; @@store; end
+
+    protected
+
+    def create_request_token(request)
+      return challenge(request, 'invalid nonce') unless valid_nonce?(request)
+
+      consumer_result = @@store.get(
+        "/cloudkit_oauth_consumers/#{request[:oauth_consumer_key]}")
+      unless consumer_result.status == 200
+        return challenge(request, 'invalid consumer')
+      end
+
+      consumer  = consumer_result.parsed_content
+      signature = OAuth::Signature.build(request) { [nil, consumer['secret']] }
+      return challenge(request, 'invalid signature') unless signature.verify
+
+      token_id, secret = OAuth::Server.new(request.host).generate_credentials
+      request_token = JSON.generate(
+        :secret       => secret,
+        :consumer_key => request[:oauth_consumer_key])
+      @@store.put(
+        "/cloudkit_oauth_request_tokens/#{token_id}",
+        :json => request_token)
+      [201, {}, ["oauth_token=#{token_id}&oauth_token_secret=#{secret}"]]
+    end
+
+    def request_authorization(request)
+      return login_redirect(request) unless request.current_user
+
+      request_token_result = @@store.get(
+        "/cloudkit_oauth_request_tokens/#{request[:oauth_token]}")
+      unless request_token_result.status == 200
+        return challenge(request, 'invalid request token')
+      end
+
+      request_token = request_token_result.parsed_content
+      erb(request, :request_authorization)
+    end
+
+    def authorize_request_token(request)
+      return login_redirect(request) unless request.current_user
+
+      request_token_response = @@store.get(
+        "/cloudkit_oauth_request_tokens/#{request.last_path_element}")
+      request_token = request_token_response.parsed_content
+      if request_token['authorized_at']
+        return challenge(request, 'invalid request token')
+      end
+
+      request_token['user_id']       = request.current_user
+      request_token['authorized_at'] = Time.now.httpdate
+      json                           = JSON.generate(request_token)
+      @@store.put(
+        "/cloudkit_oauth_request_tokens/#{request.last_path_element}",
+        :etag => request_token_response.etag,
+        :json => json)
+      erb(request, :authorize_request_token)
+    end
+
+    def deny_request_token(request)
+      return login_redirect(request) unless request.current_user
+
+      request_token_response = @@store.get(
+        "/cloudkit_oauth_request_tokens/#{request.last_path_element}")
+      @@store.delete(
+        "/cloudkit_oauth_request_tokens/#{request.last_path_element}",
+        :etag => request_token_response.etag)
+      erb(request, :request_token_denied)
+    end
+
+    def create_access_token(request)
+      return challenge(request, 'invalid nonce') unless valid_nonce?(request)
+
+      consumer_response = @@store.get(
+        "/cloudkit_oauth_consumers/#{request[:oauth_consumer_key]}")
+      unless consumer_response.status == 200
+        return challenge(request, 'invalid consumer')
+      end
+
+      consumer = consumer_response.parsed_content
+      request_token_response = @@store.get(
+        "/cloudkit_oauth_request_tokens/#{request[:oauth_token]}")
+      unless request_token_response.status == 200
+        return challenge(request, 'invalid request token')
+      end
+
+      request_token = request_token_response.parsed_content
+      unless request_token['consumer_key'] == request[:oauth_consumer_key]
+        return challenge(request, 'invalid consumer')
+      end
+
+      signature = OAuth::Signature.build(request) do
+        [request_token['secret'], consumer['secret']]
+      end
+      unless signature.verify
+        return challenge(request, 'invalid signature')
+      end
+
+      token_id, secret = OAuth::Server.new(request.host).generate_credentials
+      token_data = JSON.generate(
+        :secret          => secret,
+        :consumer_key    => request[:oauth_consumer_key],
+        :consumer_secret => consumer['secret'],
+        :user_id         => request_token['user_id'])
+      @@store.put(
+        "/cloudkit_oauth_tokens/#{token_id}",
+        :json => token_data)
+      @@store.delete(
+        "/cloudkit_oauth_request_tokens/#{request[:oauth_token]}",
+        :etag => request_token_response.etag)
+      [201, {}, ["oauth_token=#{token_id}&oauth_token_secret=#{secret}"]]
+    end
+
+    def inject_user_or_challenge(request)
+      unless valid_nonce?(request)
+        request.current_user = ''
+        inject_challenge(request)
+        return
+      end
+
+      result       = @@store.get("/cloudkit_oauth_tokens/#{request[:oauth_token]}")
+      access_token = result.parsed_content
+      signature    = OAuth::Signature.build(request) do
+        [access_token['secret'], access_token['consumer_secret']]
+      end
+      if signature.verify
+        request.current_user = access_token['user_id']
+      else
+        request.current_user = ''
+        inject_challenge(request)
+      end
+    end
+
+    def valid_nonce?(request)
+      timestamp = request[:oauth_timestamp]
+      nonce     = request[:oauth_nonce]
+      return false unless (timestamp && nonce)
+
+      uri    = "/cloudkit_oauth_nonces/#{timestamp},#{nonce}"
+      result = @@store.put(uri, :json => '{}')
+      return false unless result.status == 201
+
+      true
+    end
+
+    def inject_challenge(request)
+      request.env[challenge_key] = challenge_headers(request)
+    end
+
+    def challenge(request, message)
+      [401, challenge_headers(request), [message || '']]
+    end
+
+    def challenge_headers(request)
+      {
+        'WWW-Authenticate' => "OAuth realm=\"http://#{request.env['HTTP_HOST']}\"",
+        'Link' => discovery_link(request)
+      }
+    end
+
+    def discovery_link(request)
+      "<#{request.scheme}://#{request.env['HTTP_HOST']}/oauth/meta>; rel=\"http://oauth.net/discovery/1.0/rel/provider\""
+    end
+
+    def login_redirect(request)
+      request.session['return_to'] = request.url if request.session
+      [302, {'Location' => request.login_url}, []]
+    end
+
+    def load_user_from_session(request)
+      request.current_user = request.session['user_uri'] if request.session
+    end
+
+    def get_meta(request)
+      # Expected in next OAuth Discovery Draft
+      erb(request, :oauth_meta)
+    end
+
+    def oauth_disco_draft2_xrds?(request)
+      # Current OAuth Discovery Draft 2 / XRDS-Simple 1.0, Section 5.1.2
+      request.get? &&
+        request.env['HTTP_ACCEPT'] &&
+        request.env['HTTP_ACCEPT'].match(/application\/xrds\+xml/)
+    end
+
+    def xrds_location(request)
+      # Current OAuth Discovery Draft 2 / XRDS-Simple 1.0, Section 5.1.2
+      [200, {'X-XRDS-Location' => "#{request.scheme}://#{request.env['HTTP_HOST']}/oauth"}, []]
+    end
+
+    def get_descriptor(request)
+      erb(request, :oauth_descriptor, {'Content-Type' => 'application/xrds+xml'})
+    end
+  end
+end

data/lib/cloudkit/oauth_store.rb

@@ -0,0 +1,56 @@
+module CloudKit
+  
+  # An OAuthStore is a thin abstraction around CloudKit::Store, providing
+  # consistent collection names, and allowing automatic migrations in later
+  # releases if needed.
+  class OAuthStore
+    @@store = nil
+
+    # Initialize a Store for use with OAuth middleware. Load the static consumer
+    # resource if it does not exist.
+    def initialize(uri=nil)
+      @@store = Store.new(
+        :collections => [
+          :cloudkit_oauth_nonces,
+          :cloudkit_oauth_tokens,
+          :cloudkit_oauth_request_tokens,
+          :cloudkit_oauth_consumers],
+        :adapter => SQLAdapter.new(uri)) unless @@store
+      load_static_consumer
+    end
+
+    def get(uri, options={}) #:nodoc:
+      @@store.get(uri, options)
+    end
+
+    def post(uri, options={}) #:nodoc:
+      @@store.post(uri, options)
+    end
+
+    def put(uri, options={}) #:nodoc:
+      @@store.put(uri, options)
+    end
+
+    def delete(uri, options={}) #:nodoc:
+      @@store.delete(uri, options)
+    end
+
+    def resolve_uris(uris) #:nodoc:
+      @@store.resolve_uris(uris)
+    end
+    
+    def reset! #:nodoc:
+      @@store.reset!
+    end
+
+    # Return the version number for this store.
+    def version; 1; end
+
+    # Load the static consumer entity if it does not already exist.
+    # See the OAuth Discovery spec for more info on static consumers.
+    def load_static_consumer
+      json = JSON.generate(:secret => '')
+      @@store.put('/cloudkit_oauth_consumers/cloudkitconsumer', :json => json)
+    end
+  end
+end