drillbit 0.0.1

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: 7da2a5f4ccd53545dbaed3a47514e4412a03c8d5
+  data.tar.gz: fd209949f22667edd9463773350c5e10653c02ef
+SHA512:
+  metadata.gz: fe248f3809403c62785c45701359ae0646d8ae3ba70230ed02c7a00e126ea2c826c238c7150544faf4bacd918eddd86a88078b368dbf3aceaffccd9ffc5c1720
+  data.tar.gz: 16178d7d3d1a04f7917d5e980734deff2d05513e39d95138aa67c0a654be4e2ff09963ee0f54bab50a0f775952e7367c50d09903f321dfe7548d7152b15d7111

data/LICENSE.txt

@@ -0,0 +1,19 @@
+Copyright (c) 2016 The Grand Design
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.

data/README.md

@@ -0,0 +1,2 @@
+Drillbit
+================================================================================

data/Rakefile

@@ -0,0 +1,2 @@
+# frozen_string_literal: true
+require 'bundler/gem_tasks'

data/lib/drillbit.rb

@@ -0,0 +1,19 @@
+# frozen_string_literal: true
+require 'drillbit/version'
+
+require 'drillbit/authorizers/parameters'
+require 'drillbit/authorizers/parameters/filtering'
+require 'drillbit/authorizers/parameters/resource'
+require 'drillbit/authorizers/query'
+require 'drillbit/authorizers/scope'
+require 'drillbit/configuration'
+require 'drillbit/matchers/accept_header'
+require 'drillbit/matchers/subdomain'
+require 'drillbit/matchers/version'
+require 'drillbit/resource'
+require 'drillbit/serializers/json_api'
+
+require 'drillbit/middleware/api_request'
+
+require 'drillbit/responses/invalid_api_request'
+require 'drillbit/responses/invalid_subdomain'

data/lib/drillbit/accept_header.rb

@@ -0,0 +1,50 @@
+# frozen_string_literal: true
+module  Drillbit
+class   AcceptHeader
+  attr_accessor :application,
+                :raw_accept_header
+
+  def initialize(application:, header:)
+    self.application       = application
+    self.raw_accept_header = header || ''
+  end
+
+  def version
+    accept_header_data[2]
+  end
+
+  def content_type
+    accept_header_data[1]
+  end
+
+  def valid?
+    !invalid?
+  end
+
+  def invalid?
+    accept_header_data.nil?
+  end
+
+  def to_s
+    raw_accept_header
+  end
+
+  private
+
+  def accept_header_data
+    raw_accept_header.match(accept_header_format)
+  end
+
+  def accept_header_format
+    %r{\Aapplication/#{application_vendor}(?:\+(\w+))?(?:;version=(#{version_format}))?\z}
+  end
+
+  def application_vendor
+    "vnd\\.#{application}"
+  end
+
+  def version_format
+    '\\d+(?:\\.\\d+){0,2}(?:beta(?:\\d*))?'
+  end
+end
+end

data/lib/drillbit/authorizable_resource.rb

@@ -0,0 +1,160 @@
+# frozen_string_literal: true
+require 'drillbit/resource/naming'
+require 'drillbit/resource/model'
+
+module  Drillbit
+module  AuthorizableResource
+  RESOURCE_COLLECTION_ACTIONS = %w{index}.freeze
+
+  module ClassMethods
+    def authorizer_prefix
+      @authorizer_prefix ||= name[Resource::Naming::CONTROLLER_RESOURCE_NAME_PATTERN, 2]
+    end
+
+    def authorizer_class
+      @authorizer_class ||= "#{authorizer_prefix}" \
+                            "Authorizers::" \
+                            "#{resource_class_name}".
+                            constantize
+    rescue NameError
+      'Drillbit::Authorizers::Query'.constantize
+    end
+
+    def authorizer_scope_class
+      @authorizer_scope_class ||= "#{authorizer_prefix}" \
+                                  "Authorizers::" \
+                                  "#{resource_class_name}" \
+                                  "::Scope".
+                                  constantize
+    rescue NameError
+      'Drillbit::Authorizers::Scope'.constantize
+    end
+
+    def authorizer_resource_params_class
+      @authorizer_resource_params_class ||= "#{authorizer_prefix}" \
+                                            "Authorizers::" \
+                                            "#{resource_class_name}" \
+                                            "::ResourceParameters".
+                                            constantize
+    rescue NameError
+      'Drillbit::Authorizers::Parameters::Resource'.constantize
+    end
+
+    def authorizer_filtering_params_class
+      @authorizer_filtering_params_class ||= "#{authorizer_prefix}" \
+                                             "Authorizers::" \
+                                             "#{resource_class_name}::" \
+                                             "FilteringParameters".
+                                             constantize
+    rescue NameError
+      'Drillbit::Authorizers::Parameters::Filtering'.constantize
+    end
+  end
+
+  def self.included(base)
+    base.include Resource::Naming
+    base.extend  ClassMethods
+
+    base.before_action :authorize
+  end
+
+  private
+
+  def authorize
+    Erratum.raise(
+      'ForbiddenError',
+      resource_name: self.class.singular_resource_name,
+      resource_id:   [params[:id]],
+      action:        action_name,
+    ) unless authorizer.public_send(authorization_query)
+  end
+
+  def authorizer
+    @authorizer ||= self.
+                    class.
+                    authorizer_class.
+                    new(token:    token,
+                        user:     authorized_user,
+                        resource: authorized_resource)
+  end
+
+  def authorized_scope
+    @authorized_scope ||= self.
+                          class.
+                          authorizer_scope_class.
+                          new(token:          token,
+                              user:           authorized_user,
+                              scoped_user_id: scoped_user_id,
+                              params:         authorized_params,
+                              scope_root:     authorized_scope_root).
+                          call
+  end
+
+  def authorized_params
+    @authorized_params ||= authorizer_params_class.
+                           new(token:  token,
+                               user:   authorized_user,
+                               params: params).
+                           call
+  end
+
+  def authorized_resource
+    return nil if RESOURCE_COLLECTION_ACTIONS.include?(action_name)
+
+    @authorized_resource ||= public_send(self.class.singular_resource_name)
+  end
+
+  def authorized_collection
+    return nil unless RESOURCE_COLLECTION_ACTIONS.include?(action_name)
+
+    @authorized_collection ||= Resource::Model.
+      new(resource:   public_send(self.class.plural_resource_name),
+          parameters: authorized_params)
+  end
+
+  def authorizer_params_class
+    @authorizer_params_class ||= if RESOURCE_COLLECTION_ACTIONS.include?(action_name)
+                                   self.class.authorizer_filtering_params_class
+                                 else
+                                   self.class.authorizer_resource_params_class
+                                 end
+  end
+
+  def authorized_scope_root
+    @authorized_scope_root ||= "#{self.class.authorizer_prefix}" \
+                               "#{self.class.resource_class_name}".
+                               constantize
+  end
+
+  def scoped_user_id
+    @scoped_user_id ||= if requested_user_id.blank?
+                          nil
+                        else
+                          requested_user_id
+                        end
+  end
+
+  def requested_user_id
+    @requested_user_id ||= params.
+                           fetch(:filter, {}).
+                           fetch(authorized_user_underscored_class_name,
+                                 authorized_user.id)
+  end
+
+  def authorized_user
+    current_user
+  end
+
+  def authorized_user_underscored_class_name
+    @authorized_user_underscored_class_name ||= authorized_user.
+                                                class.
+                                                name[/([^:]+)\z/, 1].
+                                                underscore.
+                                                downcase
+  end
+
+  def authorization_query
+    @authorization_query ||= "able_to_#{action_name}?"
+  end
+end
+end

data/lib/drillbit/authorizers/parameters.rb

@@ -0,0 +1,24 @@
+# frozen_string_literal: true
+module  Drillbit
+module  Authorizers
+class   Parameters
+  attr_accessor :token,
+                :user,
+                :params
+
+  def initialize(token:, user:, params:, **other)
+    self.token  = token
+    self.user   = user
+    self.params = params
+
+    other.each do |name, value|
+      public_send("#{name}=", value)
+    end
+  end
+
+  def call
+    params
+  end
+end
+end
+end

data/lib/drillbit/authorizers/parameters/filtering.rb

@@ -0,0 +1,50 @@
+# frozen_string_literal: true
+require 'drillbit/authorizers/parameters'
+
+module  Drillbit
+module  Authorizers
+class   Parameters
+class   Filtering < Authorizers::Parameters
+  def call
+    params.permit(*authorized_params)
+  end
+
+  private
+
+  def authorized_params
+    @authorized_params ||= [
+                             :sort,
+                             page:   %i{
+                                       number
+                                       size
+                                       offset
+                                       limit
+                                       cursor
+                                     },
+                             filter: [
+                                       :query,
+                                       {},
+                                     ],
+                           ]
+  end
+
+  def add_filterable_parameter(name)
+    param = params.fetch(:filter, {}).
+                   fetch(name,    nil)
+
+    if param.class == Array
+      authorized_params[1][:filter][1][name] = []
+    else
+      authorized_params[1][:filter] << name
+    end
+  end
+
+  def add_filterable_parameters(*names)
+    names.each do |name|
+      add_filterable_parameter(name)
+    end
+  end
+end
+end
+end
+end

data/lib/drillbit/authorizers/parameters/resource.rb

@@ -0,0 +1,11 @@
+# frozen_string_literal: true
+require 'drillbit/authorizers/parameters'
+
+module  Drillbit
+module  Authorizers
+class   Parameters
+class   Resource < Authorizers::Parameters
+end
+end
+end
+end

data/lib/drillbit/authorizers/query.rb

@@ -0,0 +1,40 @@
+# frozen_string_literal: true
+module  Drillbit
+module  Authorizers
+class   Query
+  attr_accessor :token,
+                :user,
+                :resource
+
+  def initialize(token:, user:, resource:, **other)
+    self.token    = token
+    self.user     = user
+    self.resource = resource
+
+    other.each do |name, value|
+      public_send("#{name}=", value)
+    end
+  end
+
+  def able_to_index?
+    true
+  end
+
+  def able_to_show?
+    false
+  end
+
+  def able_to_create?
+    false
+  end
+
+  def able_to_update?
+    false
+  end
+
+  def able_to_destroy?
+    false
+  end
+end
+end
+end

data/lib/drillbit/authorizers/scope.rb

@@ -0,0 +1,30 @@
+# frozen_string_literal: true
+module  Drillbit
+module  Authorizers
+class   Scope
+  attr_accessor :token,
+                :user,
+                :scoped_user_id,
+                :params,
+                :scope_root
+
+  # rubocop:disable Metrics/ParameterLists
+  def initialize(token:, user:, params:, scoped_user_id:, scope_root:, **other)
+    self.token          = token
+    self.user           = user
+    self.params         = params
+    self.scoped_user_id = scoped_user_id
+    self.scope_root     = scope_root
+
+    other.each do |name, value|
+      public_send("#{name}=", value)
+    end
+  end
+  # rubocop:enable Metrics/ParameterLists
+
+  def call
+    scope_root.none
+  end
+end
+end
+end

data/lib/drillbit/configuration.rb

@@ -0,0 +1,36 @@
+# frozen_string_literal: true
+module  Drillbit
+  class Configuration
+    attr_accessor \
+      :allowed_subdomains,
+      :allowed_api_subdomains,
+      :application_name,
+      :default_api_version,
+      :token_private_key
+
+    def to_h
+      {
+        allowed_subdomains:     allowed_subdomains,
+        allowed_api_subdomains: allowed_api_subdomains,
+        application_name:       application_name,
+        default_api_version:    default_api_version,
+      }
+    end
+
+    def allowed_subdomains
+      @allowed_subdomains || ['api']
+    end
+
+    def allowed_api_subdomains
+      @allowed_api_subdomains || ['api']
+    end
+  end
+
+  def self.configure
+    yield configuration
+  end
+
+  def self.configuration
+    @configuration ||= Configuration.new
+  end
+end