drillbit 0.0.1

data/lib/drillbit/serializers/json_api.rb

@@ -0,0 +1,10 @@
+# frozen_string_literal: true
+module  Drillbit
+module  Serializers
+module  JsonApi
+  def json_api_type
+    object.class.name.demodulize.tableize.dasherize
+  end
+end
+end
+end

data/lib/drillbit/tokens/base64.rb

@@ -0,0 +1,45 @@
+# frozen_string_literal: true
+require 'base64'
+require 'drillbit/tokens/base64s/null'
+require 'drillbit/tokens/base64s/invalid'
+
+module  Drillbit
+module  Tokens
+class   Base64
+  attr_accessor :token
+
+  def initialize(token:)
+    self.token = token
+  end
+
+  def valid?
+    true
+  end
+
+  def blank?
+    false
+  end
+
+  def to_h
+    [
+      {
+        'token' => token,
+      },
+      {
+        'typ' => 'base64',
+      },
+    ]
+  end
+
+  def self.convert(raw_token:)
+    return Base64s::Null.instance if raw_token.to_s == ''
+
+    ::Base64.strict_decode64(raw_token)
+
+    new(token: raw_token)
+  rescue ArgumentError
+    Base64s::Invalid.instance
+  end
+end
+end
+end

data/lib/drillbit/tokens/base64s/invalid.rb

@@ -0,0 +1,14 @@
+# frozen_string_literal: true
+require 'drillbit/tokens/invalid'
+
+module  Drillbit
+module  Tokens
+module  Base64s
+class   Invalid < Tokens::Invalid
+  def to_h
+    [{}, {}]
+  end
+end
+end
+end
+end

data/lib/drillbit/tokens/base64s/null.rb

@@ -0,0 +1,14 @@
+# frozen_string_literal: true
+require 'drillbit/tokens/null'
+
+module  Drillbit
+module  Tokens
+module  Base64s
+class   Null < Tokens::Null
+  def to_h
+    [{}, {}]
+  end
+end
+end
+end
+end

data/lib/drillbit/tokens/invalid.rb

@@ -0,0 +1,26 @@
+# frozen_string_literal: true
+require 'singleton'
+
+module  Drillbit
+module  Tokens
+class   Invalid
+  include Singleton
+
+  def valid?
+    false
+  end
+
+  def blank?
+    false
+  end
+
+  def to_h
+    {}
+  end
+
+  def to_s
+    ''
+  end
+end
+end
+end

data/lib/drillbit/tokens/json_web_token.rb

@@ -0,0 +1,112 @@
+# frozen_string_literal: true
+require 'jwt'
+require 'json/jwt'
+require 'drillbit/tokens/json_web_tokens/invalid'
+require 'drillbit/tokens/json_web_tokens/null'
+
+module  Drillbit
+module  Tokens
+class   JsonWebToken
+  TRANSFORMATION_EXCEPTIONS = [
+                                JSON::JWT::Exception,
+                                JSON::JWT::InvalidFormat,
+                                JSON::JWT::VerificationFailed,
+                                JSON::JWT::UnexpectedAlgorithm,
+                                JWT::DecodeError,
+                                JWT::VerificationError,
+                                JWT::ExpiredSignature,
+                                JWT::IncorrectAlgorithm,
+                                JWT::ImmatureSignature,
+                                JWT::InvalidIssuerError,
+                                JWT::InvalidIatError,
+                                JWT::InvalidAudError,
+                                JWT::InvalidSubError,
+                                JWT::InvalidJtiError,
+                                OpenSSL::PKey::RSAError,
+                                OpenSSL::Cipher::CipherError,
+                              ].freeze
+
+  attr_accessor :data,
+                :private_key
+
+  def initialize(data:,
+                 private_key: Drillbit.configuration.token_private_key)
+
+    self.data        = data
+    self.private_key = private_key
+  end
+
+  def valid?
+    true
+  end
+
+  def blank?
+    false
+  end
+
+  def to_h
+    data
+  end
+
+  def to_jwt
+    @jwt ||= JSON::JWT.new(data)
+  end
+
+  def to_jwt_s
+    @jwt_s ||= to_jwt.to_s
+  end
+
+  def to_jws
+    @jws ||= to_jwt.sign(private_key,    'RS256')
+  end
+
+  def to_jws_s
+    @jws_s ||= to_jws.to_s
+  end
+
+  def to_jwe
+    @jwe ||= to_jws.encrypt(private_key, 'RSA-OAEP', 'A256GCM')
+  end
+
+  def to_jwe_s
+    @jwe_s ||= to_jwe.to_s
+  end
+
+  def self.from_jwe(encrypted_token,
+                    private_key: Drillbit.configuration.token_private_key)
+
+    return JsonWebTokens::Null.instance if encrypted_token.to_s == ''
+
+    decrypted_token = JSON::JWT.
+                        decode(encrypted_token, private_key).
+                        plain_text
+
+    from_jws(decrypted_token, private_key: private_key)
+  rescue *TRANSFORMATION_EXCEPTIONS
+    JsonWebTokens::Invalid.instance
+  end
+
+  def self.from_jws(signed_token,
+                    private_key: Drillbit.configuration.token_private_key)
+
+    return JsonWebTokens::Null.instance if signed_token.to_s == ''
+
+    data = JWT.decode(
+                       signed_token,
+                       private_key,
+                       true,
+                       algorithm:         'RS256',
+                       verify_expiration: true,
+                       verify_not_before: true,
+                       verify_iat:        true,
+                       leeway:            5,
+    )
+
+    new(data:        data,
+        private_key: private_key)
+  rescue *TRANSFORMATION_EXCEPTIONS
+    JsonWebTokens::Invalid.instance
+  end
+end
+end
+end

data/lib/drillbit/tokens/json_web_tokens/invalid.rb

@@ -0,0 +1,14 @@
+# frozen_string_literal: true
+require 'drillbit/tokens/invalid'
+
+module  Drillbit
+module  Tokens
+module  JsonWebTokens
+class   Invalid < Tokens::Invalid
+  def to_h
+    [{}, {}]
+  end
+end
+end
+end
+end

data/lib/drillbit/tokens/json_web_tokens/null.rb

@@ -0,0 +1,14 @@
+# frozen_string_literal: true
+require 'drillbit/tokens/null'
+
+module  Drillbit
+module  Tokens
+module  JsonWebTokens
+class   Null < Tokens::Null
+  def to_h
+    [{}, {}]
+  end
+end
+end
+end
+end

data/lib/drillbit/tokens/null.rb

@@ -0,0 +1,26 @@
+# frozen_string_literal: true
+require 'singleton'
+
+module  Drillbit
+module  Tokens
+class   Null
+  include Singleton
+
+  def valid?
+    true
+  end
+
+  def blank?
+    true
+  end
+
+  def to_h
+    [{}, {}]
+  end
+
+  def to_s
+    ''
+  end
+end
+end
+end

data/lib/drillbit/version.rb

@@ -0,0 +1,4 @@
+# frozen_string_literal: true
+module Drillbit
+  VERSION = '0.0.1'
+end

data/spec/drillbit/accept_header_spec.rb

@@ -0,0 +1,112 @@
+# frozen_string_literal: true
+require 'spec_helper'
+require 'drillbit/accept_header'
+
+# rubocop:disable Metrics/LineLength
+module          Drillbit
+RSpec.describe  AcceptHeader do
+  it 'can validate an accept header with all the pieces of information' do
+    header = AcceptHeader.new(application: 'westeros',
+                              header:      'application/vnd.westeros+redkeep;version=1.0.0')
+
+    expect(header).to be_valid
+  end
+
+  it 'does not validate an accept header without passing an application' do
+    header = AcceptHeader.new(application: '',
+                              header:      'application/vnd.westeros+redkeep;version=1.0.0')
+
+    expect(header).not_to be_valid
+  end
+
+  it 'does not validate an accept header if it is not passed in' do
+    header = AcceptHeader.new(application: '',
+                              header:      '')
+
+    expect(header).not_to be_valid
+
+    header = AcceptHeader.new(application: '',
+                              header:      nil)
+
+    expect(header).not_to be_valid
+  end
+
+  it 'does not validate an accept header without an application in the header' do
+    header = AcceptHeader.new(application: 'westeros',
+                              header:      'application/vnd.+redkeep;version=1.0.0')
+
+    expect(header).not_to be_valid
+
+    header = AcceptHeader.new(application: 'westeros',
+                              header:      'application/+redkeep;version=1.0.0')
+
+    expect(header).not_to be_valid
+
+    header = AcceptHeader.new(application: 'westeros',
+                              header:      'application/westeros+redkeep;version=1.0.0')
+
+    expect(header).not_to be_valid
+  end
+
+  it 'does not validate an accept header with an invalid version' do
+    header = AcceptHeader.new(application: 'westeros',
+                              header:      'application/vnd.westeros+redkeep;version=10..0')
+
+    expect(header).not_to be_valid
+
+    header = AcceptHeader.new(application: 'westeros',
+                              header:      'application/vnd.westeros+redkeep;version=neo')
+
+    expect(header).not_to be_valid
+
+    header = AcceptHeader.new(application: 'westeros',
+                              header:      'application/vnd.westeros+redkeep;version=')
+
+    expect(header).not_to be_valid
+
+    header = AcceptHeader.new(application: 'westeros',
+                              header:      'application/vnd.westeros+redkeep;10.0')
+
+    expect(header).not_to be_valid
+  end
+
+  it 'does validate an accept header even with a missing content type' do
+    header = AcceptHeader.new(application: 'westeros',
+                              header:      'application/vnd.westeros;version=10.0')
+
+    expect(header).to be_valid
+  end
+
+  it 'does validate an accept header with only the minimal information' do
+    header = AcceptHeader.new(application: 'westeros',
+                              header:      'application/vnd.westeros')
+
+    expect(header).to be_valid
+  end
+
+  it 'does validate an accept header with only a content type but no version' do
+    header = AcceptHeader.new(application: 'westeros',
+                              header:      'application/vnd.westeros+redkeep')
+
+    expect(header).to be_valid
+  end
+
+  it 'can extract version information from an accept header' do
+    header = AcceptHeader.new(
+              application: 'westeros',
+              header:      'application/vnd.westeros+redkeep;version=10.0.0beta1',
+    )
+
+    expect(header.version).to eql '10.0.0beta1'
+  end
+
+  it 'can extract the content type from an accept header' do
+    header = AcceptHeader.new(
+              application: 'westeros',
+              header:      'application/vnd.westeros+redkeep;version=10.0.0beta1',
+    )
+
+    expect(header.content_type).to eql 'redkeep'
+  end
+end
+end

data/spec/drillbit/authorizers/parameters/filtering_spec.rb

@@ -0,0 +1,71 @@
+# frozen_string_literal: true
+require 'rspeckled'
+require 'drillbit/authorizers/parameters/filtering'
+
+module          Drillbit
+module          Authorizers
+class           Parameters
+RSpec.describe  Filtering do
+  let(:params) { { filter: { name: 'Bill', age: 26 } } }
+
+  it 'can authorize new filter parameters', verify: false do
+    filter_params = Filtering.new(token:  '1234',
+                                  user:   '1234',
+                                  params: params)
+
+    allow(params).to receive(:permit)
+
+    filter_params.send(:add_filterable_parameters, :name, :age)
+    filter_params.call
+
+    expect(params).to have_received(:permit).
+                      with(:sort, include(filter: include(:name, :age)))
+  end
+
+  it 'can authorize parameters if they come in as arrays', verify: false do
+    params = {
+      filter: {
+        name: 'Bill',
+        ary:  %w{hello},
+      },
+    }
+    filter_params = Filtering.new(token:  '1234',
+                                  user:   '1234',
+                                  params: params)
+
+    allow(params).to receive(:permit)
+
+    filter_params.send(:add_filterable_parameters, :name, :ary)
+    filter_params.call
+
+    expect(params).to have_received(:permit).
+                      with(:sort, include(filter: include(:name, ary: [])))
+  end
+
+  it 'has default authorized parameters', verify: false do
+    filter_params = Filtering.new(token:  '1234',
+                                  user:   '1234',
+                                  params: params)
+
+    allow(params).to receive(:permit)
+
+    filter_params.call
+
+    expect(params).to have_received(:permit).
+                      with(:sort,
+                           page:   %i{
+                                     number
+                                     size
+                                     offset
+                                     limit
+                                     cursor
+                                   },
+                           filter: [
+                                     :query,
+                                     {},
+                                   ])
+  end
+end
+end
+end
+end