djanowski-facebooker 1.0.1

data/lib/facebooker/rails/controller.rb

@@ -0,0 +1,246 @@
+require 'facebooker'
+require 'facebooker/rails/profile_publisher_extensions'
+module Facebooker
+  module Rails
+    module Controller
+      include Facebooker::Rails::ProfilePublisherExtensions
+      def self.included(controller)
+        controller.extend(ClassMethods)
+        controller.before_filter :set_adapter
+        controller.before_filter :set_fbml_format
+        controller.helper_attr :facebook_session_parameters
+        controller.helper_method :request_comes_from_facebook?
+      end
+
+    
+      def facebook_session
+        @facebook_session
+      end
+      
+      def facebook_session_parameters
+        {:fb_sig_session_key=>params[:fb_sig_session_key]}
+      end
+      
+      
+      def set_facebook_session
+        
+        returning session_set = session_already_secured? ||  secure_with_facebook_params! ||secure_with_token!  do
+          if session_set
+            capture_facebook_friends_if_available! 
+            Session.current = facebook_session
+          end
+        end
+      end
+      
+      def facebook_params
+        @facebook_params ||= verified_facebook_params
+      end      
+      
+      def redirect_to(*args)
+        if request_is_for_a_facebook_canvas? and !request_is_facebook_tab?
+          render :text => fbml_redirect_tag(*args)
+        else
+          super
+        end
+      end
+            
+      private
+      
+      def session_already_secured?
+        (@facebook_session = session[:facebook_session]) && session[:facebook_session].secured? if valid_session_key_in_session?
+      end
+      
+      def user_has_deauthorized_application?
+        # if we're inside the facebook session and there is no session key,
+        # that means the user revoked our access
+        # we don't want to keep using the old expired key from the cookie. 
+        request_comes_from_facebook? and params[:fb_sig_session_key].blank?
+      end
+      
+      def clear_facebook_session_information
+        session[:facebook_session] = nil
+        @facebook_session=nil        
+      end
+      
+      def valid_session_key_in_session?
+        #before we access the facebook_params, make sure we have the parameters
+        #otherwise we will blow up trying to access the secure parameters
+        if user_has_deauthorized_application?
+          clear_facebook_session_information
+          false
+        else
+          !session[:facebook_session].blank? &&  (params[:fb_sig_session_key].blank? || session[:facebook_session].session_key == facebook_params[:session_key])
+        end
+      end
+            
+      def secure_with_token!
+        if params['auth_token']
+          @facebook_session = new_facebook_session
+          @facebook_session.auth_token = params['auth_token']
+          @facebook_session.secure!
+          session[:facebook_session] = @facebook_session
+        end
+      end
+      
+      def secure_with_facebook_params!
+        return unless request_comes_from_facebook?
+        
+        if ['user', 'session_key'].all? {|element| facebook_params[element]}
+          @facebook_session = new_facebook_session
+          @facebook_session.secure_with!(facebook_params['session_key'], facebook_params['user'], facebook_params['expires'])
+          session[:facebook_session] = @facebook_session
+        end
+      end
+      
+      #override to specify where the user should be sent after logging in
+      def after_facebook_login_url
+        nil
+      end
+      
+      def create_new_facebook_session_and_redirect!
+        session[:facebook_session] = new_facebook_session
+        url_params = after_facebook_login_url.nil? ? {} : {:next=>after_facebook_login_url}
+        redirect_to session[:facebook_session].login_url(url_params) unless @installation_required
+        false
+      end
+      
+      def new_facebook_session
+        Facebooker::Session.create(Facebooker.api_key, Facebooker.secret_key)
+      end
+      
+      def capture_facebook_friends_if_available!
+        return unless request_comes_from_facebook?
+        if friends = facebook_params['friends']
+          facebook_session.user.friends = friends.map do |friend_uid|
+            User.new(friend_uid, facebook_session)
+          end
+        end
+      end
+            
+      def blank?(value)
+        (value == '0' || value.nil? || value == '')        
+      end
+
+      def verified_facebook_params
+        facebook_sig_params = params.inject({}) do |collection, pair|
+          collection[pair.first.sub(/^fb_sig_/, '')] = pair.last if pair.first[0,7] == 'fb_sig_'
+          collection
+        end
+        verify_signature(facebook_sig_params,params['fb_sig'])
+
+        facebook_sig_params.inject(HashWithIndifferentAccess.new) do |collection, pair| 
+          collection[pair.first] = facebook_parameter_conversions[pair.first].call(pair.last)
+          collection
+        end
+      end
+      
+      def earliest_valid_session
+        48.hours.ago
+      end
+      
+      def verify_signature(facebook_sig_params,expected_signature)
+        raw_string = facebook_sig_params.map{ |*args| args.join('=') }.sort.join
+        actual_sig = Digest::MD5.hexdigest([raw_string, Facebooker::Session.secret_key].join)
+        raise Facebooker::Session::IncorrectSignature if actual_sig != expected_signature
+        raise Facebooker::Session::SignatureTooOld if Time.at(facebook_sig_params['time'].to_f) < earliest_valid_session
+        true
+      end
+      
+      def facebook_parameter_conversions
+        @facebook_parameter_conversions ||= Hash.new do |hash, key| 
+          lambda{|value| value}
+        end.merge(
+          'time' => lambda{|value| Time.at(value.to_f)},
+          'in_canvas' => lambda{|value| !blank?(value)},
+          'added' => lambda{|value| !blank?(value)},
+          'expires' => lambda{|value| blank?(value) ? nil : Time.at(value.to_f)},
+          'friends' => lambda{|value| value.split(/,/)}
+        )
+      end
+      
+      def fbml_redirect_tag(url)
+        "<fb:redirect url=\"#{url_for(url)}\" />"
+      end
+      
+      def request_comes_from_facebook?
+        request_is_for_a_facebook_canvas? || request_is_facebook_ajax?
+      end
+      
+      def request_is_for_a_facebook_canvas?
+        !params['fb_sig_in_canvas'].blank?
+      end
+      
+      def request_is_facebook_tab?
+        !params["fb_sig_in_profile_tab"].blank?
+      end
+      
+      def request_is_facebook_ajax?
+        params["fb_sig_is_mockajax"]=="1" || params["fb_sig_is_ajax"]=="1"
+      end
+      def xml_http_request?
+        request_is_facebook_ajax? || super
+      end
+      
+      
+      
+      def application_is_installed?
+        facebook_params['added']
+      end
+      
+      def ensure_has_status_update
+        has_extended_permission?("status_update") || application_needs_permission("status_update")
+      end
+      def ensure_has_photo_upload
+        has_extended_permission?("photo_upload") || application_needs_permission("photo_upload")
+      end
+      def ensure_has_create_listing
+        has_extended_permission?("create_listing") || application_needs_permission("create_listing")
+      end
+      
+      def application_needs_permission(perm)
+        redirect_to(facebook_session.permission_url(perm))
+      end
+      
+      def has_extended_permission?(perm)
+        params["fb_sig_ext_perms"] and params["fb_sig_ext_perms"].include?(perm)
+      end
+      
+      def ensure_authenticated_to_facebook
+        set_facebook_session || create_new_facebook_session_and_redirect!
+      end
+      
+      def ensure_application_is_installed_by_facebook_user
+        @installation_required = true
+        returning ensure_authenticated_to_facebook && application_is_installed? do |authenticated_and_installed|
+           application_is_not_installed_by_facebook_user unless authenticated_and_installed
+        end
+      end
+      
+      def application_is_not_installed_by_facebook_user
+        redirect_to session[:facebook_session].install_url
+      end
+      
+      def set_fbml_format
+        params[:format]="fbml" if request_comes_from_facebook?
+      end
+      def set_adapter
+        Facebooker.load_adapter(params) if(params[:fb_sig_api_key])
+      end
+
+      
+      module ClassMethods
+        #
+        # Creates a filter which reqires a user to have already authenticated to
+        # Facebook before executing actions.  Accepts the same optional options hash which
+        # before_filter and after_filter accept.
+        def ensure_authenticated_to_facebook(options = {})
+          before_filter :ensure_authenticated_to_facebook, options
+        end
+        
+        def ensure_application_is_installed_by_facebook_user(options = {})
+          before_filter :ensure_application_is_installed_by_facebook_user, options
+        end
+      end
+    end
+  end
+end

data/lib/facebooker/rails/facebook_asset_path.rb

@@ -0,0 +1,18 @@
+# module ActionView
+#   module Helpers
+#     module AssetTagHelper
+#       def compute_public_path_with_facebooker(*args)
+#         public_path=compute_public_path_without_facebooker(*args)
+#         if public_path.starts_with?(ActionController::Base.asset_host)
+#           str=ActionController::Base.asset_host
+#           str += "/" unless str.ends_with?("/")
+#           public_path.gsub(/#{Regexp.escape(ActionController::Base.asset_host)}#{@controller.request.relative_url_root}\//,str)
+#         else
+#           public_path
+#         end
+#       end
+#       
+#       alias_method_chain :compute_public_path, :facebooker
+#     end
+#   end
+# end

data/lib/facebooker/rails/facebook_form_builder.rb

@@ -0,0 +1,112 @@
+module Facebooker
+  module Rails
+    class FacebookFormBuilder < ActionView::Helpers::FormBuilder
+      
+      
+      second_param = %w(password_field file_field check_box date_select datetime_select time_select)
+      third_param = %w(radio_button country_select select time_zone_select)
+      fifth_param = %w(collection_select)
+      
+      def self.create_with_offset(name,offset)
+        define_method name do |field,*args|
+          options = args[offset] || {}
+          build_shell(field,options) do
+            super
+          end
+        end    
+      end
+
+      second_param.each do |name|
+        create_with_offset(name,0)
+      end
+      third_param.each do |name|
+        create_with_offset(name,1)
+      end
+      fifth_param.each do |name|
+        create_with_offset(name,3)
+      end
+      
+      def build_shell(field,options)
+        @template.content_tag "fb:editor-custom", :label=>label_for(field,options) do
+          yield
+        end
+      end
+      
+      def label_for(field,options)
+        options[:label] || field.to_s.humanize
+      end
+      
+      def text(string,options={})
+        @template.content_tag "fb:editor-custom",string, :label=>label_for("",options)
+      end
+      
+      
+      def text_field(method, options = {})
+        options[:label] ||= label_for(method,options)
+        add_default_name_and_id(options,method)
+        options["value"] ||= value_before_type_cast(object,method)
+        @template.content_tag("fb:editor-text","",options)
+      end
+      
+      
+      def text_area(method, options = {})
+        options[:label] ||= label_for(method,options)
+        add_default_name_and_id(options,method)
+        @template.content_tag("fb:editor-textarea",value_before_type_cast(object,method),options)        
+      end
+      
+      #
+      # Build a text input area that uses typeahed
+      # options are like collection_select
+      def collection_typeahead(method,collection,value_method,text_method,options={})
+        build_shell(method,options) do
+          collection_typeahead_internal(method,collection,value_method,text_method,options)
+        end
+      end
+      
+      def collection_typeahead_internal(method,collection,value_method,text_method,options={})
+        option_values = collection.map do |item|
+          value=item.send(value_method)
+          text=item.send(text_method)
+          @template.content_tag "fb:typeahead-option",text,:value=>value
+        end.join
+        add_default_name_and_id(options,method)
+        options["value"] ||= value_before_type_cast(object,method)
+        @template.content_tag("fb:typeahead-input",option_values,options)        
+      end
+      
+      def value_before_type_cast(object,method)
+        unless object.nil?
+          method_name = method.to_s
+          object.respond_to?(method_name + "_before_type_cast") ?
+          object.send(method_name + "_before_type_cast") :
+          object.send(method_name)
+        end
+      end
+      
+      def multi_friend_input(options={})
+        build_shell(:friends,options) do
+          @template.content_tag("fb:multi-friend-input","",options)
+        end
+      end
+
+      def buttons(*names)
+        buttons=names.map do |name|
+          create_button(name)
+        end.join
+        
+        @template.content_tag "fb:editor-buttonset",buttons
+      end
+      
+      def create_button(name)
+        @template.content_tag("fb:editor-button","",:value=>name,:name=>"commit")
+      end
+      
+      def add_default_name_and_id(options,method)
+        options[:name] ||= "#{object.class.name.underscore}[#{method}]"
+        options[:id] ||= "#{object.class.name.underscore}_#{method}"
+      end
+
+    end
+  end
+end

data/lib/facebooker/rails/facebook_pretty_errors.rb

@@ -0,0 +1,14 @@
+if Facebooker.facebooker_config['pretty_errors'] || (Facebooker.facebooker_config['pretty_errors'].nil? && RAILS_ENV=="development")
+  class ActionController::Base
+    def rescues_path_with_facebooker(template_name)
+      t="#{RAILS_ROOT}/vendor/plugins/facebooker/templates/#{template_name}.erb"
+      File.exist?(t) ? t : rescues_path_without_facebooker(template_name)
+    end
+
+    alias_method_chain :rescues_path,:facebooker
+
+    def response_code_for_rescue(exception)
+      200
+    end
+  end
+end

data/lib/facebooker/rails/facebook_request_fix.rb

@@ -0,0 +1,24 @@
+module ::ActionController
+  class AbstractRequest
+    def request_method_with_facebooker
+      if parameters[:fb_sig_request_method]=="GET" and parameters[:_method].blank?
+        parameters[:_method]="GET"
+      end
+      request_method_without_facebooker
+    end
+    
+    if new.methods.include?("request_method")
+      alias_method_chain :request_method, :facebooker 
+    end
+    
+    def xml_http_request_with_facebooker?
+      parameters["fb_sig_is_mockajax"] == "1"  ||
+      parameters["fb_sig_is_ajax"] == "1" ||
+      xml_http_request_without_facebooker?
+    end
+    alias_method_chain :xml_http_request?, :facebooker
+    # we have to re-alias xhr? since it was pointing to the old method
+    alias xhr? :xml_http_request?
+    
+  end
+end

data/lib/facebooker/rails/facebook_session_handling.rb

@@ -0,0 +1,69 @@
+module ActionController
+  class CgiRequest
+    alias :initialize_aliased_by_facebooker :initialize
+
+    def initialize(cgi, session_options = {})
+      initialize_aliased_by_facebooker(cgi, session_options)
+      @cgi.instance_variable_set("@request_params", request_parameters.merge(query_parameters))
+    end
+    
+    DEFAULT_SESSION_OPTIONS[:cookie_only] = false
+  end 
+end
+
+module ActionController
+  class RackRequest < AbstractRequest #:nodoc:
+    alias :initialize_aliased_by_facebooker :initialize
+
+    def initialize(cgi, session_options = {})
+      initialize_aliased_by_facebooker(cgi, session_options)
+      @cgi.instance_variable_set("@request_params", request_parameters.merge(query_parameters))
+    end
+  end 
+end
+
+class CGI  
+  class Session
+    private
+      alias :initialize_aliased_by_facebooker :initialize
+      attr_reader :request, :initialization_options
+
+      def initialize(request, option={})
+        @request = request
+        @initialization_options = option
+        option['session_id'] = set_session_id
+        initialize_aliased_by_facebooker(request, option)
+      end
+      
+      def set_session_id
+        if session_key_should_be_set_with_facebook_session_key? 
+          request_parameters[facebook_session_key]
+        else 
+          request_parameters[session_key]
+        end
+      end
+
+      def request_parameters
+        request.instance_variable_get("@request_params")
+      end
+
+      def session_key_should_be_set_with_facebook_session_key?
+        request_parameters[session_key].blank? && !request_parameters[facebook_session_key].blank?
+      end
+
+      def session_key
+        initialization_options['session_key'] || '_session_id'
+      end
+
+      def facebook_session_key
+        'fb_sig_session_key'
+      end
+
+      alias :create_new_id_aliased_by_facebooker :create_new_id
+
+      def create_new_id
+        @new_session = true
+        @session_id || create_new_id_aliased_by_facebooker
+      end
+  end
+end

data/lib/facebooker/rails/facebook_url_rewriting.rb

@@ -0,0 +1,39 @@
+module ::ActionController
+  class AbstractRequest                         
+    def relative_url_root
+      Facebooker.path_prefix
+    end                                         
+  end
+  
+  class Base
+    def self.relative_url_root
+      Facebooker.path_prefix
+    end
+  end  
+  
+  class UrlRewriter
+    RESERVED_OPTIONS << :canvas
+    def link_to_new_canvas?
+      @request.parameters["fb_sig_in_new_facebook"] == "1" 
+    end
+    def link_to_canvas?(params, options)
+      option_override = options[:canvas]
+      return false if option_override == false # important to check for false. nil should use default behavior
+      option_override || @request.parameters["fb_sig_in_canvas"] == "1" ||  @request.parameters[:fb_sig_in_canvas] == "1" 
+    end
+  
+    def rewrite_url_with_facebooker(*args)
+      options = args.first.is_a?(Hash) ? args.first : args.last
+      is_link_to_canvas = link_to_canvas?(@request.request_parameters, options)
+      if is_link_to_canvas && !options.has_key?(:host)
+        options[:host] = Facebooker.canvas_server_base
+      end 
+      options.delete(:canvas)
+      Facebooker.request_for_canvas(is_link_to_canvas) do
+        rewrite_url_without_facebooker(*args)
+      end
+    end
+    
+    alias_method_chain :rewrite_url, :facebooker
+  end
+end