clowk 0.1.0

data/lib/clowk/current.rb

@@ -0,0 +1,47 @@
+# frozen_string_literal: true
+
+module Clowk
+  class Current
+    attr_reader :attributes
+
+    def initialize(attributes = {})
+      @attributes = attributes.to_h.deep_symbolize_keys
+    end
+
+    def id
+      attributes[:sub] || attributes[:id]
+    end
+
+    def email
+      attributes[:email]
+    end
+
+    def name
+      attributes[:name]
+    end
+
+    def avatar_url
+      attributes[:avatar_url]
+    end
+
+    def provider
+      attributes[:provider]
+    end
+
+    def instance_id
+      attributes[:instance_id]
+    end
+
+    def app_id
+      attributes[:app_id]
+    end
+
+    def [](key)
+      attributes[key.to_sym]
+    end
+
+    def to_h
+      attributes.merge(id: id)
+    end
+  end
+end

data/lib/clowk/engine.rb

@@ -0,0 +1,17 @@
+# frozen_string_literal: true
+
+module Clowk
+  class Engine < ::Rails::Engine
+    isolate_namespace Clowk
+
+    initializer 'clowk.helpers' do
+      ActiveSupport.on_load(:action_controller_base) do
+        include Clowk::Helpers::UrlHelpers
+      end
+
+      ActiveSupport.on_load(:action_view) do
+        include Clowk::Helpers::UrlHelpers
+      end
+    end
+  end
+end

data/lib/clowk/helpers/url_helpers.rb

@@ -0,0 +1,58 @@
+# frozen_string_literal: true
+
+require 'cgi'
+
+module Clowk
+  module Helpers
+    module UrlHelpers
+      def clowk_sign_in_path(return_to: nil)
+        append_query(clowk_local_path('/sign_in'), return_to:)
+      end
+
+      def clowk_sign_up_path(return_to: nil)
+        append_query(clowk_local_path('/sign_up'), return_to:)
+      end
+
+      def clowk_sign_out_path(return_to: nil)
+        append_query(clowk_local_path('/sign_out'), return_to:)
+      end
+
+      def clowk_callback_url(return_to: nil, state: nil)
+        append_query("#{request.base_url}#{Clowk.config.callback_path}", return_to:, state:)
+      end
+
+      def clowk_sign_in_url(redirect_to: nil, return_to: nil, state: nil)
+        clowk_remote_auth_url('sign-in', redirect_to:, return_to:, state:)
+      end
+
+      def clowk_sign_up_url(redirect_to: nil, return_to: nil, state: nil)
+        clowk_remote_auth_url('sign-up', redirect_to:, return_to:, state:)
+      end
+
+      private
+
+      def clowk_remote_auth_url(action, redirect_to:, return_to:, state:)
+        callback_url = clowk_callback_url(return_to: redirect_to || return_to, state:)
+        query = { redirect_uri: callback_url }
+
+        append_query("#{clowk_instance_base_url}/#{action}", query)
+      end
+
+      def clowk_instance_base_url
+        Clowk::Subdomain.resolve_url!
+      end
+
+      def clowk_local_path(path)
+        "#{Clowk.config.mount_path}#{path}"
+      end
+
+      def append_query(url, params = {})
+        filtered = params.compact.reject { |_key, value| value.respond_to?(:empty?) && value.empty? }
+        return url if filtered.empty?
+
+        separator = url.include?('?') ? '&' : '?'
+        "#{url}#{separator}#{Rack::Utils.build_query(filtered)}"
+      end
+    end
+  end
+end

data/lib/clowk/http/client.rb

@@ -0,0 +1,199 @@
+# frozen_string_literal: true
+
+require 'json'
+require 'net/http'
+require 'uri'
+
+module Clowk
+  class Http
+    MAX_BODY_SIZE = 1 * 1024 * 1024
+
+    HTTP_METHODS = {
+      get: Net::HTTP::Get,
+      post: Net::HTTP::Post,
+      put: Net::HTTP::Put,
+      patch: Net::HTTP::Patch,
+      delete: Net::HTTP::Delete,
+      head: Net::HTTP::Head,
+      options: Net::HTTP::Options
+    }.freeze
+
+    def self.get(base_url:, path:, headers: {}, logger: nil)
+      new(base_url:, headers:, logger:).get(path)
+    end
+
+    def self.post(base_url:, path:, body: nil, headers: {}, logger: nil)
+      new(base_url:, headers:, logger:).post(path, body)
+    end
+
+    def self.put(base_url:, path:, body: nil, headers: {}, logger: nil)
+      new(base_url:, headers:, logger:).put(path, body)
+    end
+
+    def self.patch(base_url:, path:, body: nil, headers: {}, logger: nil)
+      new(base_url:, headers:, logger:).patch(path, body)
+    end
+
+    def self.delete(base_url:, path:, body: nil, headers: {}, logger: nil)
+      new(base_url:, headers:, logger:).delete(path, body)
+    end
+
+    def self.head(base_url:, path:, headers: {}, logger: nil)
+      new(base_url:, headers:, logger:).head(path)
+    end
+
+    def self.options(base_url:, path:, headers: {}, logger: nil)
+      new(base_url:, headers:, logger:).options(path)
+    end
+
+    def initialize(base_url:, headers: {}, logger: nil, open_timeout: 5, read_timeout: 10, write_timeout: 10, retry_attempts: 2, retry_interval: 0.05, middlewares: nil)
+      @base_url = base_url
+      @headers = headers
+      @logger = logger
+      @open_timeout = open_timeout
+      @read_timeout = read_timeout
+      @write_timeout = write_timeout
+      @retry_attempts = retry_attempts
+      @retry_interval = retry_interval
+      @middlewares = middlewares || [TimeoutMiddleware, RetryMiddleware, LoggerMiddleware]
+    end
+
+    def get(path, headers: {})
+      request(:get, path, headers:)
+    end
+
+    def post(path, body = nil, headers: {})
+      request(:post, path, body:, headers:)
+    end
+
+    def put(path, body = nil, headers: {})
+      request(:put, path, body:, headers:)
+    end
+
+    def patch(path, body = nil, headers: {})
+      request(:patch, path, body:, headers:)
+    end
+
+    def delete(path, body = nil, headers: {})
+      request(:delete, path, body:, headers:)
+    end
+
+    def head(path, headers: {})
+      request(:head, path, headers:)
+    end
+
+    def options(path, headers: {})
+      request(:options, path, headers:)
+    end
+
+    def request(method, path, body: nil, headers: {})
+      env = {
+        method: method.to_sym,
+        uri: build_uri(path),
+        body: body,
+        headers: headers,
+        open_timeout: open_timeout,
+        read_timeout: read_timeout,
+        write_timeout: write_timeout,
+        retry_attempts: retry_attempts,
+        retry_interval: retry_interval
+      }
+
+      build_stack.call(env)
+    end
+
+    private
+
+    attr_reader :base_url, :headers, :logger, :middlewares, :open_timeout, :read_timeout, :write_timeout, :retry_attempts, :retry_interval
+
+    def build_stack
+      app = lambda { |env| perform_request(env) }
+
+      middlewares.reverse.inject(app) do |next_app, middleware|
+        middleware.new(next_app, logger:, open_timeout:, read_timeout:, write_timeout:)
+      end
+    end
+
+    def perform_request(env)
+      request = request_class_for(env[:method]).new(env[:uri])
+
+      apply_headers(request, env[:headers])
+
+      request.body = JSON.generate(env[:body]) unless env[:body].nil?
+
+      raw_response = Net::HTTP.start(env[:uri].host, env[:uri].port, use_ssl: env[:uri].scheme == 'https') do |http|
+        apply_timeouts(http, env[:timeouts])
+        http.request(request)
+      end
+
+      parse_response(raw_response)
+    end
+
+    def request_class_for(method)
+      HTTP_METHODS.fetch(method.to_sym) do
+        raise ArgumentError, "unsupported HTTP method: #{method}"
+      end
+    end
+
+    def build_uri(path)
+      base_uri = URI(base_url)
+      base_uri.path = join_paths(base_uri.path, normalize_path(path))
+      base_uri.query = nil
+      base_uri.fragment = nil
+      base_uri
+    end
+
+    def normalize_path(path)
+      path.to_s.start_with?('/') ? path : "/#{path}"
+    end
+
+    def join_paths(base_path, extra_path)
+      segments = [base_path.to_s, extra_path.to_s].map { |segment| segment.gsub(%r{^/+|/+$}, '') }.reject(&:empty?)
+      "/#{segments.join('/')}"
+    end
+
+    def apply_headers(request, request_headers)
+      merged_headers = default_headers.merge(headers).merge(request_headers)
+      merged_headers.each { |key, value| request[key] = value }
+    end
+
+    def apply_timeouts(http, timeouts)
+      return unless timeouts
+
+      http.open_timeout = timeouts[:open_timeout] if timeouts.key?(:open_timeout)
+      http.read_timeout = timeouts[:read_timeout] if timeouts.key?(:read_timeout)
+      http.write_timeout = timeouts[:write_timeout] if timeouts.key?(:write_timeout) && http.respond_to?(:write_timeout=)
+    end
+
+    def default_headers
+      {
+        'Accept' => 'application/json',
+        'Content-Type' => 'application/json'
+      }
+    end
+
+    def parse_response(response)
+      body = response.body.to_s
+
+      raise Error, "response body too large (#{body.bytesize} bytes, max #{MAX_BODY_SIZE})" if body.bytesize > MAX_BODY_SIZE
+
+      parsed = parse_body(body)
+
+      Response.new(
+        status: response.code.to_i,
+        body: body,
+        body_parsed: parsed,
+        headers: response.to_hash,
+        success: response.is_a?(Net::HTTPSuccess)
+      )
+    end
+
+    def parse_body(body)
+      return {} if body.empty?
+
+      JSON.parse(body)
+    rescue JSON::ParserError
+      nil
+    end
+  end
+end

data/lib/clowk/http/logger_middleware.rb

@@ -0,0 +1,29 @@
+# frozen_string_literal: true
+
+require 'logger'
+
+module Clowk
+  class Http
+    class LoggerMiddleware
+      def initialize(app, logger: nil, **)
+        @app = app
+        @logger = logger || NullLogger.new
+      end
+
+      def call(env)
+        logger.info("[Clowk::Http] #{env[:method].upcase} #{env[:uri]}")
+        response = app.call(env)
+        logger.info("[Clowk::Http] -> #{response[:status]}")
+        response
+      end
+
+      private
+
+      attr_reader :app, :logger
+
+      class NullLogger
+        def info(*); end
+      end
+    end
+  end
+end

data/lib/clowk/http/response.rb

@@ -0,0 +1,43 @@
+# frozen_string_literal: true
+
+module Clowk
+  class Http
+    class Response
+      attr_reader :body, :body_parsed, :headers, :status
+
+      def initialize(status:, body:, body_parsed:, headers:, success:)
+        @status = status
+        @body = body
+        @body_parsed = body_parsed
+        @headers = headers
+        @success = success
+      end
+
+      def success?
+        @success
+      end
+
+      def [](key)
+        to_h.fetch(key)
+      end
+
+      def to_h
+        {
+          status: status,
+          body: body,
+          body_parsed: body_parsed,
+          headers: headers,
+          success?: success?
+        }
+      end
+
+      def ==(other)
+        if other.respond_to?(:to_h)
+          to_h == other.to_h
+        else
+          to_h == other
+        end
+      end
+    end
+  end
+end

data/lib/clowk/http/retry_middleware.rb

@@ -0,0 +1,47 @@
+# frozen_string_literal: true
+
+require 'net/http'
+
+module Clowk
+  class Http
+    class RetryMiddleware
+      RETRYABLE_ERRORS = [
+        EOFError,
+        Errno::ECONNRESET,
+        Errno::ETIMEDOUT,
+        IOError,
+        Net::OpenTimeout,
+        Net::ReadTimeout,
+        Net::WriteTimeout,
+        SocketError
+      ].freeze
+
+      def initialize(app, logger: nil, **)
+        @app = app
+        @logger = logger || LoggerMiddleware::NullLogger.new
+      end
+
+      def call(env)
+        attempts = env.fetch(:retry_attempts, 0)
+        interval = env.fetch(:retry_interval, 0.0)
+        current_attempt = 0
+
+        begin
+          current_attempt += 1
+          env[:attempt] = current_attempt
+          app.call(env)
+        rescue *RETRYABLE_ERRORS => error
+          raise error if current_attempt > attempts
+
+          logger.info("[Clowk::Http] retry=#{current_attempt} error=#{error.class}")
+          sleep(interval) if interval.positive?
+          retry
+        end
+      end
+
+      private
+
+      attr_reader :app, :logger
+    end
+  end
+end

data/lib/clowk/http/timeout_middleware.rb

@@ -0,0 +1,30 @@
+# frozen_string_literal: true
+
+module Clowk
+  class Http
+    class TimeoutMiddleware
+      def initialize(app, logger: nil, open_timeout: nil, read_timeout: nil, write_timeout: nil, **)
+        @app = app
+        @logger = logger || LoggerMiddleware::NullLogger.new
+        @open_timeout = open_timeout
+        @read_timeout = read_timeout
+        @write_timeout = write_timeout
+      end
+
+      def call(env)
+        env[:timeouts] = {
+          open_timeout: env.fetch(:open_timeout, open_timeout),
+          read_timeout: env.fetch(:read_timeout, read_timeout),
+          write_timeout: env.fetch(:write_timeout, write_timeout)
+        }.compact
+
+        logger.info("[Clowk::Http] timeouts=#{env[:timeouts]}") unless env[:timeouts].empty?
+        app.call(env)
+      end
+
+      private
+
+      attr_reader :app, :logger, :open_timeout, :read_timeout, :write_timeout
+    end
+  end
+end

data/lib/clowk/jwt_verifier.rb

@@ -0,0 +1,27 @@
+# frozen_string_literal: true
+
+require 'jwt'
+
+module Clowk
+  class JwtVerifier
+    ALGORITHM = 'HS256'
+
+    def initialize(secret_key: Clowk.config.secret_key, issuer: Clowk.config.issuer)
+      @secret_key = secret_key
+      @issuer = issuer
+    end
+
+    def verify(token)
+      raise ConfigurationError, 'missing Clowk secret_key' if @secret_key.to_s.empty?
+
+      options = { algorithm: ALGORITHM }
+      options[:iss] = @issuer if @issuer
+      options[:verify_iss] = @issuer.present?
+
+      payload, = JWT.decode(token, @secret_key, true, options)
+      payload.deep_symbolize_keys
+    rescue JWT::DecodeError, JWT::VerificationError, JWT::ExpiredSignature, JWT::InvalidIssuerError => e
+      raise InvalidTokenError, e.message
+    end
+  end
+end

data/lib/clowk/middleware/token_extractor.rb

@@ -0,0 +1,42 @@
+# frozen_string_literal: true
+
+module Clowk
+  module Middleware
+    class TokenExtractor
+      def initialize(request, token_param: Clowk.config.token_param, cookie_key: Clowk.config.cookie_key)
+        @request = request
+        @token_param = token_param
+        @cookie_key = cookie_key
+      end
+
+      def call
+        token_from_params || token_from_bearer || token_from_cookies
+      end
+
+      private
+
+      attr_reader :request, :token_param, :cookie_key
+
+      def token_from_params
+        params = request.respond_to?(:params) && request.params ? request.params : {}
+        params[token_param.to_s].presence
+      end
+
+      def token_from_bearer
+        header = request.authorization.to_s
+        return if header.empty?
+
+        scheme, token = header.split(' ', 2)
+        return unless scheme.to_s.casecmp('Bearer').zero?
+
+        token.presence
+      end
+
+      def token_from_cookies
+        return unless request.respond_to?(:cookie_jar) && request.cookie_jar
+
+        request.cookie_jar[cookie_key].presence
+      end
+    end
+  end
+end

data/lib/clowk/sdk/client.rb

@@ -0,0 +1,89 @@
+# frozen_string_literal: true
+
+require 'active_support/inflector'
+
+module Clowk
+  module SDK
+    class Client
+      def initialize(options = {})
+        @api_base_url = options.fetch(:api_base_url, Clowk.config.api_base_url)
+        @secret_key = options.fetch(:secret_key, Clowk.config.secret_key)
+        @publishable_key = options.fetch(:publishable_key, Clowk.config.publishable_key)
+      end
+
+      def method_missing(method_name, *, **, &)
+        resource_class_name = ActiveSupport::Inflector.camelize(
+          ActiveSupport::Inflector.singularize(method_name.to_s)
+        )
+
+        return super unless Clowk::SDK.const_defined?(resource_class_name)
+
+        resource_ivar = "@#{method_name}"
+        return instance_variable_get(resource_ivar) if instance_variable_defined?(resource_ivar)
+
+        resource_class = Clowk::SDK.const_get(resource_class_name)
+        instance_variable_set(resource_ivar, resource_class.new(self))
+      end
+
+      def respond_to_missing?(method_name, include_private = false)
+        resource_class_name = ActiveSupport::Inflector.camelize(
+          ActiveSupport::Inflector.singularize(method_name.to_s)
+        )
+
+        Clowk::SDK.const_defined?(resource_class_name) || super
+      end
+
+      def delete(path, body = nil, headers: {})
+        http.delete(path, body, headers:)
+      end
+
+      def patch(path, body = {}, headers: {})
+        http.patch(path, body, headers:)
+      end
+
+      def get(path, headers: {})
+        http.get(path, headers:)
+      end
+
+      def post(path, body = {}, headers: {})
+        http.post(path, body, headers:)
+      end
+
+      def put(path, body = {}, headers: {})
+        http.put(path, body, headers:)
+      end
+
+      def head(path, headers: {})
+        http.head(path, headers:)
+      end
+
+      def options(path, headers: {})
+        http.options(path, headers:)
+      end
+
+      private
+
+      attr_reader :api_base_url, :publishable_key, :secret_key
+
+      def http
+        @http ||= Clowk::Http.new(
+          base_url: api_base_url,
+          headers: default_headers,
+          logger: Clowk.config.http_logger,
+          open_timeout: Clowk.config.http_open_timeout,
+          read_timeout: Clowk.config.http_read_timeout,
+          write_timeout: Clowk.config.http_write_timeout,
+          retry_attempts: Clowk.config.http_retry_attempts,
+          retry_interval: Clowk.config.http_retry_interval
+        )
+      end
+
+      def default_headers
+        {}.tap do |headers|
+          headers['X-Clowk-Secret-Key'] = secret_key if secret_key.present?
+          headers['X-Clowk-Publishable-Key'] = publishable_key if publishable_key.present?
+        end
+      end
+    end
+  end
+end

data/lib/clowk/sdk/resource.rb

@@ -0,0 +1,68 @@
+# frozen_string_literal: true
+
+require 'erb'
+
+module Clowk
+  module SDK
+    class Resource
+      def self.resource_path
+        raise NotImplementedError, 'resource_path must be implemented'
+      end
+
+      def initialize(client)
+        @client = client
+      end
+
+      # Usage
+      # client.list
+      # @return [Array<Hash>] list of all resources
+      def list
+        client.get(self.class.resource_path)
+      end
+
+      # @example keywords
+      #   client.users.search(email: "user@example.com", status: "active")
+      #   # GET /users/search?query=email%3Auser%40example.com+status%3Aactive
+      #
+      # @example raw string
+      #   client.users.search("email:user@example.com active:true created_at>2026-01-01")
+      #   # GET /users/search?query=email%3Auser%40example.com+active%3Atrue+created_at%3E2026-01-01
+      #
+      # @return [Clowk::Http::Response]
+      def search(raw_query = nil, **filters)
+        query = if raw_query.is_a?(String)
+                  raw_query
+                else
+                  filters.map { |k, v| "#{k}:#{v}" }.join(' ')
+                end
+
+        client.get("#{self.class.resource_path}/search?query=#{ERB::Util.url_encode(query)}")
+      end
+
+      # Usage
+      # client.find("123")
+      # @return [Hash] resource with the given id
+      def find(id)
+        client.get("#{self.class.resource_path}/#{id}")
+      end
+
+      # Usage
+      # client.show("123")
+      # @return [Hash] resource with the given id
+      def show(id)
+        client.get("#{self.class.resource_path}/#{id}")
+      end
+
+      # Usage
+      # client.destroy("123")
+      # @return [Hash] deleted resource
+      def destroy(id)
+        client.delete("#{self.class.resource_path}/#{id}")
+      end
+
+      private
+
+      attr_reader :client
+    end
+  end
+end