cyclid 0.2.0

data/app/cyclid/controllers/auth.rb

@@ -0,0 +1,34 @@
+# frozen_string_literal: true
+# Copyright 2016 Liqwyd Ltd.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+require_rel 'auth/*.rb'
+
+# Top level module for all of the core Cyclid code.
+module Cyclid
+  # Module for the Cyclid API
+  module API
+    # Controller for all Auth related API endpoints
+    class AuthController < ControllerBase
+      register Sinatra::Namespace
+
+      namespace '/token' do
+        register Auth::Token
+      end
+    end
+
+    # Register this controller
+    Cyclid.controllers << AuthController
+  end
+end

data/app/cyclid/controllers/auth/token.rb

@@ -0,0 +1,78 @@
+# frozen_string_literal: true
+# Copyright 2016 Liqwyd Ltd.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+require 'jwt'
+
+# Top level module for all of the core Cyclid code.
+module Cyclid
+  # Module for the Cyclid API
+  module API
+    # Module for all Auth related API endpoints
+    module Auth
+      # API endpoints for managing API tokens
+      # @api REST
+      module Token
+        # @!group Tokens
+
+        # @!method post_token_username
+        # @overload POST /token/:username
+        # @param [String] username Username of the user to generate a token for.
+        # @macro rest
+        # Generate a JSON Web Token for use with the Token authentication scheme.
+        # The user must authenticate using one of the other available methods
+        # (HTTP Basic or HMAC) to obtain a token.
+        # @return A JWT token.
+        # @return [404] The user does not exist
+
+        # @!endgroup
+
+        # Sinatra callback
+        # @private
+        def self.registered(app)
+          include Errors::HTTPErrors
+
+          app.post '/:username' do
+            authorized_as!(params[:username], Operations::READ)
+
+            payload = parse_request_body
+            Cyclid.logger.debug payload
+
+            user = User.find_by(username: params[:username])
+            halt_with_json_response(404, INVALID_USER, 'user does not exist') \
+              if user.nil?
+
+            # Create a JSON Web Token. Use the provided payload as the intial
+            # set of claims but remove some of the standard claims we don't
+            # want users to be able to set.
+            #
+            # Requests MAY set 'exp' and 'nbf' if they wish.
+            payload.delete_if{ |k, _v| %w(iss aud jti iat sub).include? k }
+
+            # If 'exp' was not set, set it now. Default is +6 hours.
+            payload['exp'] = Time.now.to_i + 21_600_000 unless payload.key? 'exp'
+            # Subject is this user
+            payload['sub'] = params[:username]
+
+            # Create the token; use the users HMAC key as the signing key
+            token = JWT.encode payload, user.secret, 'HS256'
+
+            token_hash = { token: token }
+            return token_hash.to_json
+          end
+        end
+      end
+    end
+  end
+end

data/app/cyclid/controllers/health.rb

@@ -0,0 +1,96 @@
+# frozen_string_literal: true
+# Copyright 2016 Liqwyd Ltd.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+require 'sinatra-health-check'
+
+# Top level module for all of the core Cyclid code.
+module Cyclid
+  # Module for the Cyclid API
+  module API
+    # Controller for all Health related API endpoints
+    # @api REST
+    class HealthController < ControllerBase
+      include Errors::HTTPErrors
+
+      def initialize(_app)
+        super
+        @checker = SinatraHealthCheck::Checker.new(logger: Cyclid.logger,
+                                                   timeout: 0)
+
+        # Add internal health checks
+        @checker.systems[:database] = Cyclid::API::Health::Database
+
+        # Add each plugin, which can choose to provide a healthcheck by
+        # implementing #status
+        Cyclid.plugins.all.each do |plugin|
+          name = "#{plugin.human_name}_#{plugin.name}".to_sym
+          @checker.systems[name] = plugin
+        end
+      end
+
+      # @!group Health
+
+      # @!method get_health_status
+      # @overload GET /health/status
+      # @macro rest
+      # Return either 200 (healthy) or 503 (unhealthy) based on the status of
+      # the healthchecks. This is intended to be used by things like load
+      # balancers and active monitors.
+      # @return [200] Application is healthy.
+      # @return [503] Application is unhealthy.
+      get '/health/status' do
+        @checker.healthy? ? 200 : 503
+      end
+
+      # @!method get_health_info
+      # @overload GET /health/info
+      # @macro rest
+      # Return verbose information on the status of the individual checks;
+      # note that this method always returns 200 with a message body, so it is
+      # not suitable for general health checks unless the caller intends to
+      # parse the message body for the health status.
+      # @return JSON description of the individual health check statuses.
+      get '/health/info' do
+        @checker.status.to_json
+      end
+
+      # @!endgroup
+    end
+
+    # Register this controller
+    Cyclid.controllers << HealthController
+
+    # Healthchecks
+    module Health
+      # Internal database connection health check
+      module Database
+        # Check that ActiveRecord can connect to the database
+        def self.status
+          connected = begin
+                        ActiveRecord::Base.connection_pool.with_connection(&:active?)
+                      rescue
+                        false
+                      end
+
+          if connected
+            SinatraHealthCheck::Status.new(:ok, 'database connection is okay')
+          else
+            SinatraHealthCheck::Status.new(:error, 'database is not connected')
+          end
+        end
+      end
+    end
+  end
+end

data/app/cyclid/controllers/organizations.rb

@@ -0,0 +1,104 @@
+# frozen_string_literal: true
+# Copyright 2016 Liqwyd Ltd.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+require_rel 'organizations/*.rb'
+
+# Top level module for all of the core Cyclid code.
+module Cyclid
+  # Module for the Cyclid API
+  module API
+    # Controller for all Organization related API endpoints
+    class OrganizationController < ControllerBase
+      helpers do
+        # Clean up stage data
+        def sanitize_stage(stage)
+          stage.delete_if do |key, _value|
+            key == 'organization_id' || key == 'id'
+          end
+        end
+
+        # Clean up step data
+        def sanitize_step(step)
+          Cyclid.logger.debug step.inspect
+
+          # Re-factor the step definition back into the original. The internal
+          # representation carries a lot of extra metadata that users don't
+          # need to worry about; the original definition is actually the
+          # 'action' object inside of the step. The original 'action' key can
+          # be reversed from the Action object name, without having to
+          # unserialize the object
+          #
+          # Note that we use JSON and not Oj; if we try to use Oj it will
+          # attempt to unserialise the object, which is not what we want.
+          action = JSON.parse(step['action'])
+
+          # Reverse the action name from the object name and remove the object
+          # name
+          action['action'] = action['^o'].split('::').last.downcase
+          action.delete('^o')
+
+          return action
+        end
+
+        # Remove sensitive data from the organization data
+        def sanitize_organization(org)
+          org.delete_if do |key, _value|
+            key == 'rsa_private_key' || key == 'rsa_public_key' || key == 'salt'
+          end
+        end
+      end
+
+      register Sinatra::Namespace
+
+      namespace '/organizations' do
+        register Organizations::Collection
+
+        namespace '/:name' do
+          register Organizations::Document
+
+          namespace '/members' do
+            register Organizations::Members
+          end
+
+          namespace '/stages' do
+            register Organizations::Stages
+          end
+
+          namespace '/jobs' do
+            register Organizations::Jobs
+          end
+
+          namespace '/configs/:type' do
+            register Organizations::Configs
+          end
+
+          namespace '/plugins' do
+            Cyclid.plugins.all(Cyclid::API::Plugins::Api).each do |plugin|
+              Cyclid.logger.debug "Registering API extension plugin #{plugin.name}"
+
+              # Create a namespace for this plugin and register it
+              namespace "/#{plugin.name}" do
+                ctrl = plugin.controller
+                register ctrl
+                helpers ctrl.plugin_methods
+              end
+            end
+          end
+        end
+      end
+    end
+    Cyclid.controllers << OrganizationController
+  end
+end

data/app/cyclid/controllers/organizations/collection.rb

@@ -0,0 +1,134 @@
+# frozen_string_literal: true
+# Copyright 2016 Liqwyd Ltd.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# Top level module for all of the core Cyclid code.
+module Cyclid
+  # Module for the Cyclid API
+  module API
+    # Module for all Organization related API endpoints
+    module Organizations
+      # API endpoints for the Organization collection
+      # @api REST
+      module Collection
+        # @!group Organizations
+
+        # @!method get_organizations
+        # @overload GET /organizations
+        # @macro rest
+        # Get all of the organizations.
+        # @return List of organizations
+        # @example Get a list of organizations
+        #   GET /organizations => [{"id": 1, "name": "example", "owner_email": "admin@example.com"}]
+        # @see get_organizations_organization
+
+        # @!method post_organizations(body)
+        # @overload POST /organizations
+        # @macro rest
+        # Create a new organization.
+        # @param [JSON] body New organization
+        # @option body [String] name Name of the new organization
+        # @option body [String] owner_email Email address of the organization owner
+        # @option body [Array<String>] users ([]) List of users to add to the organization
+        # @return [200] Organization was created successfully
+        # @return [404] A user in the list of members does not exist
+        # @return [409] An organization with that name already exists
+        # @example Create a new organization with user1 & user2 as members
+        #   POST /organizations <= {"name": "example",
+        #                           "owner_email": "admin@example.com",
+        #                           "users": ["user1", "user2"]}
+        #                           ***
+        # @example Create a new organization with no users as members
+        #   POST /organizations <= {"name": "example",
+        #                           "owner_email": "admin@example.com"}
+        #                           ***
+
+        # @!endgroup
+
+        # Sinatra callback
+        # @private
+        def self.registered(app)
+          include Errors::HTTPErrors
+          include Constants
+
+          # Get all of the organizations.
+          app.get do
+            authorized_admin!(Operations::READ)
+
+            # Retrieve the organization data in a form we can more easily
+            # manipulate so that we can sanitize it
+            orgs = Organization.all_as_hash
+
+            # Remove any sensitive data
+            orgs.map! do |org|
+              sanitize_organization(org)
+            end
+
+            return orgs.to_json
+          end
+
+          # Create a new organization.
+          app.post do
+            authorized_admin!(Operations::ADMIN)
+
+            payload = parse_request_body
+            Cyclid.logger.debug payload
+
+            begin
+              halt_with_json_response(409, \
+                                      DUPLICATE, \
+                                      'An organization with that name already exists') \
+              if Organization.exists?(name: payload['name'])
+
+              org = Organization.new
+              org['name'] = payload['name']
+              org['owner_email'] = payload['owner_email']
+
+              # Generate an RSA key-pair and a Salt
+              key = OpenSSL::PKey::RSA.new(RSA_KEY_LENGTH)
+
+              org['rsa_private_key'] = key.to_der
+              org['rsa_public_key'] = key.public_key.to_der
+
+              org['salt'] = SecureRandom.hex(32)
+
+              # Add each provided user to the Organization
+              users = payload['users'] || []
+
+              org.users = users.map do |username|
+                user = User.find_by(username: username)
+
+                halt_with_json_response(404, \
+                                        INVALID_USER, \
+                                        "user #{user} does not exist") \
+                if user.nil?
+
+                user
+              end
+
+              org.save!
+            rescue ActiveRecord::ActiveRecordError, \
+                   ActiveRecord::UnknownAttributeError => ex
+
+              Cyclid.logger.debug ex.message
+              halt_with_json_response(400, INVALID_JSON, ex.message)
+            end
+
+            return json_response(NO_ERROR, "organization #{payload['name']} created")
+          end
+        end
+      end
+    end
+  end
+end