RubyGems - distributed-press-api-client - Versions diffs - 0.2.4 → 0.3.0rc1 - Mend

distributed-press-api-client 0.2.4 → 0.3.0rc1

Files changed (5) hide show

checksums.yaml +4 -4
data/lib/distributed_press/v1/social/client.rb +181 -0
data/lib/distributed_press/v1/social.rb +11 -0
data/lib/distributed_press/version.rb +1 -1
metadata +6 -4

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 9655c1c4310b5c3d7b121b9984ba13eff6989deaf1056bfe3a0dd8b2c0ae493b
-  data.tar.gz: 4933a217789771803d88f9c6b92d09119846730ab61543e2789c9a1348796ef9
+  metadata.gz: 2552a7612cdbbf7fe48afacf1327764e8f3f25a888d7bfd9f852b54a3fb5fa67
+  data.tar.gz: 59b252609b9d442aee543d1e5eabb642a6321c749c4936d35ad5d5e40038df3e
 SHA512:
-  metadata.gz: 0a348613279cf9cd9753561136bcebaae7729ff112ad20be435e966b62336a899da72fcd5fd736318103174442b1e931ba7c566b01fdcea876954a6a2e922785
-  data.tar.gz: 9f2504559bf4c6b7542ec50f649dbeb290a8fe8aa2add595a26a84ef45015d38801526a9d765ba7269a26f2f68f00373346951cbd3b165b684431c39383989ad
+  metadata.gz: 7d81f9c8bbdfa947f9c08b20e9e6214c0b1852987384eb7b5d4c5c757d91914f83812b781bf567122ad7790403137c3c1a8459f19ef5331e1b90bf7910887cbd
+  data.tar.gz: 909d13d6fba811597be93e00aecd24cb6961b65baa7cd0b669e7029fbdb34b9dc7e899dee6dfc8b2ec4575c6a4599d746b9a3182aa6ac50ad509ed51d0dbb5f2

data/lib/distributed_press/v1/social/client.rb ADDED Viewed

@@ -0,0 +1,181 @@
+# frozen_string_literal: true
+require 'httparty'
+require 'openssl'
+require 'time'
+require 'digest/sha2'
+require 'uri'
+class DistributedPress
+  module V1
+    module Social
+      # Social Distributed Press APIv1 client
+      #
+      # Inspired by Mastodon's Request
+      #
+      # @todo It'd be nice to implement this on HTTParty itself
+      # @see {https://github.com/mastodon/mastodon/blob/main/app/lib/request.rb}
+      class Client
+        include ::HTTParty
+        # Signing algorithm
+        #
+        # @todo is it possible to use other algorithms?
+        ALGORITHM = 'rsa-sha256'
+        # Required by HTTP Signatures
+        REQUEST_TARGET = '(request-target)'
+        # Headers included in the signature
+        SIGNABLE_HEADERS = [REQUEST_TARGET, 'Host', 'Date', 'Digest']
+        # API URL
+        # @return [String]
+        attr_reader :url
+        # RSA key size
+        #
+        # @return [Integer]
+        attr_reader :key_size
+        # Public key URL
+        #
+        # @return [String]
+        attr_reader :public_key_url
+        # @param :url [String] Social Distributed Press URL
+        # @param :public_key [String] URL where public key is available
+        # @param :private_key_pem [String] RSA Private key, PEM encoded
+        # @param :key_size [Integer]
+        # @param :logger [Logger]
+        def initialize(url: 'https://social.distributed.press', public_key_url:, private_key_pem: nil, key_size: 2048, logger: nil)
+          self.class.default_options[:base_uri] = @url = HTTParty.normalize_base_uri(url)
+          self.class.default_options[:logger] = logger
+          self.class.default_options[:log_level] = :debug
+          @public_key_url = public_key_url
+          @key_size = key_size
+          @private_key_pem = private_key_pem
+        end
+        # POST request
+        #
+        # @todo Use DRY-schemas
+        # @param endpoint [String]
+        # @param body [Hash]
+        # @return [Hash]
+        def post(endpoint:, body:)
+          body = body.to_json
+          headers = default_headers
+          add_request_specific_headers! headers, 'post', endpoint
+          checksum_body! body, headers
+          sign_headers! headers
+          self.class.post(endpoint, body: body, headers: headers)
+        end
+        # Loads or generates a private key
+        #
+        # @return [OpenSSL::PKey::RSA]
+        def private_key
+          @private_key ||= OpenSSL::PKey::RSA.new(@private_key_pem || key_size)
+        end
+        # Public key
+        #
+        # @return [OpenSSL::PKey::RSA]
+        def public_key
+          private_key.public_key
+        end
+        # Host
+        #
+        # @return [String]
+        def host
+          @host ||= URI.parse(url).host
+        end
+        private
+        def default_headers
+          {
+            'User-Agent' => "DistributedPress/#{DistributedPress::VERSION}",
+            'Content-Type' => 'application/ld+json; profile="https://www.w3.org/ns/activitystreams"',
+            'Host' => host
+          }
+        end
+        # HTTP Signatures
+        #
+        # @see {https://docs.joinmastodon.org/spec/security/}
+        # @param :headers [Hash]
+        def sign_headers!(headers)
+          headers['Signature'] = {
+            'keyId' => public_key_url,
+            'algorithm' => ALGORITHM,
+            'headers' => signable_headers(headers),
+            'signature' => signed_headers(headers)
+          }.map do |key, value|
+            "#{key}=\"#{value}\""
+          end.join(',')
+          headers.delete REQUEST_TARGET
+          nil
+        end
+        # List of headers to be signed, removing headers that don't
+        # exist on the request.
+        #
+        # @return [String]
+        def signable_headers(headers)
+          (SIGNABLE_HEADERS & headers.keys).join(' ').downcase
+        end
+        # Sign headers
+        #
+        # @param :headers [Hash]
+        # @return [String]
+        def signed_headers(headers)
+          Base64.strict_encode64(
+            private_key.sign(
+              OpenSSL::Digest.new('SHA256'),
+              signature_content(headers)
+            )
+          )
+        end
+        # Generates a string to be signed
+        #
+        # @param :headers [Hash]
+        # @return [String]
+        def signature_content(headers)
+          headers.slice(*SIGNABLE_HEADERS).map do |key, value|
+            "#{key.downcase}: #{value}"
+          end.join("\n")
+        end
+        # Generate a checksum for the request body
+        #
+        # @param :body [String]
+        # @param :headers [Hash]
+        def checksum_body!(body, headers)
+          headers['Digest'] = "SHA-256=#{Digest::SHA256.base64digest body}"
+          nil
+        end
+        # Headers specific to a single request
+        #
+        # @param :headers [Hash] Headers
+        # @param :verb [String] HTTP verb
+        # @param :endpoint [String] Path
+        def add_request_specific_headers!(headers, verb, endpoint)
+          headers['Date'] = Time.now.utc.httpdate
+          headers[REQUEST_TARGET] = "#{verb} #{endpoint}"
+          nil
+        end
+      end
+    end
+  end
+end

data/lib/distributed_press/v1/social.rb ADDED Viewed

@@ -0,0 +1,11 @@
+# frozen_string_literal: true
+require_relative 'social/client'
+class DistributedPress
+  module V1
+    # Social Distributed Press APIv1
+    module Social
+    end
+  end
+end

data/lib/distributed_press/version.rb CHANGED Viewed

@@ -3,5 +3,5 @@
 # API client
 class DistributedPress
   # Version
-  VERSION = '0.2.4'
+  VERSION = '0.3.0rc1'
 end

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: distributed-press-api-client
 version: !ruby/object:Gem::Version
-  version: 0.2.4
+  version: 0.3.0rc1
 platform: ruby
 authors:
 - f
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2023-05-30 00:00:00.000000000 Z
+date: 2023-08-31 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: addressable
@@ -277,6 +277,8 @@ files:
 - lib/distributed_press/v1/schemas/token_header.rb
 - lib/distributed_press/v1/schemas/token_payload.rb
 - lib/distributed_press/v1/schemas/update_site.rb
+- lib/distributed_press/v1/social.rb
+- lib/distributed_press/v1/social/client.rb
 - lib/distributed_press/v1/token.rb
 - lib/distributed_press/version.rb
 - lib/jekyll-distributed-press-v0.rb
@@ -307,9 +309,9 @@ required_ruby_version: !ruby/object:Gem::Requirement
       version: '2.7'
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
-  - - ">="
+  - - ">"
     - !ruby/object:Gem::Version
-      version: '0'
+      version: 1.3.1
 requirements: []
 rubygems_version: 3.3.26
 signing_key: