drillbit 1.1.0 → 2.0.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- checksums.yaml.gz.sig +0 -0
- data.tar.gz.sig +0 -0
- data/lib/drillbit.rb +3 -1
- data/lib/drillbit/authorizable_resource.rb +6 -0
- data/lib/drillbit/authorizers/parameters/filtering.rb +1 -0
- data/lib/drillbit/authorizers/parameters/resource.rb +59 -0
- data/lib/drillbit/errors/invalid_request_body.rb +29 -0
- data/lib/drillbit/middleware/api_request_validator.rb +40 -0
- data/lib/drillbit/middleware/parameter_parser.rb +61 -0
- data/lib/drillbit/middleware/token_processor.rb +26 -0
- data/lib/drillbit/requests/base.rb +8 -5
- data/lib/drillbit/responses/invalid_request_body.rb +18 -0
- data/lib/drillbit/tokens/json_web_token.rb +9 -1
- data/lib/drillbit/version.rb +1 -1
- data/spec/drillbit/accept_header_spec.rb +2 -2
- data/spec/drillbit/authorizers/parameters/filtering_spec.rb +4 -4
- data/spec/drillbit/authorizers/parameters/resource_spec.rb +4 -4
- data/spec/drillbit/authorizers/parameters_spec.rb +3 -3
- data/spec/drillbit/authorizers/query_spec.rb +3 -3
- data/spec/drillbit/authorizers/scope_spec.rb +3 -3
- data/spec/drillbit/errors/invalid_api_request_spec.rb +3 -3
- data/spec/drillbit/errors/invalid_request_body_spec.rb +25 -0
- data/spec/drillbit/errors/invalid_subdomain_spec.rb +3 -3
- data/spec/drillbit/errors/invalid_token_spec.rb +3 -3
- data/spec/drillbit/invalid_subdomain_spec.rb +3 -3
- data/spec/drillbit/invalid_token_spec.rb +3 -3
- data/spec/drillbit/matchers/accept_header_spec.rb +3 -3
- data/spec/drillbit/matchers/subdomain_spec.rb +3 -3
- data/spec/drillbit/matchers/version_spec.rb +3 -3
- data/spec/drillbit/middleware/{api_request_spec.rb → api_request_validator_spec.rb} +11 -46
- data/spec/drillbit/middleware/parameter_parser_spec.rb +184 -0
- data/spec/drillbit/middleware/token_processor_spec.rb +27 -0
- data/spec/drillbit/requests/base_spec.rb +3 -3
- data/spec/drillbit/requests/rack_spec.rb +3 -3
- data/spec/drillbit/requests/rails_spec.rb +3 -3
- data/spec/drillbit/resource/model_spec.rb +3 -3
- data/spec/drillbit/resource/processors/filtering_spec.rb +4 -4
- data/spec/drillbit/resource/processors/indexing_spec.rb +4 -4
- data/spec/drillbit/resource/processors/paging_spec.rb +4 -4
- data/spec/drillbit/resource/processors/sorting_spec.rb +4 -4
- data/spec/drillbit/tokens/base64_spec.rb +3 -3
- data/spec/drillbit/tokens/json_web_token_spec.rb +11 -3
- data/spec/drillbit/tokens/json_web_tokens/password_reset_spec.rb +4 -4
- metadata +15 -8
- metadata.gz.sig +0 -0
- data/lib/drillbit/middleware/api_request.rb +0 -49
- data/lib/drillbit/parameters.rb +0 -22
- data/spec/drillbit/parameters_spec.rb +0 -49
|
@@ -3,9 +3,9 @@ require 'spec_helper'
|
|
|
3
3
|
require 'drillbit/requests/rack'
|
|
4
4
|
|
|
5
5
|
# rubocop:disable Metrics/LineLength
|
|
6
|
-
module
|
|
7
|
-
module
|
|
8
|
-
|
|
6
|
+
module Drillbit
|
|
7
|
+
module Requests
|
|
8
|
+
describe Rack do
|
|
9
9
|
it 'finds the accept header from the headers if it is valid' do
|
|
10
10
|
raw_request = {
|
|
11
11
|
'HTTP_ACCEPT' => 'application/vnd.westeros+redkeep;version=10.0',
|
|
@@ -4,9 +4,9 @@ require 'spec_helper'
|
|
|
4
4
|
require 'drillbit/requests/rails'
|
|
5
5
|
|
|
6
6
|
# rubocop:disable Metrics/LineLength
|
|
7
|
-
module
|
|
8
|
-
module
|
|
9
|
-
|
|
7
|
+
module Drillbit
|
|
8
|
+
module Requests
|
|
9
|
+
describe Rails do
|
|
10
10
|
it 'finds the accept header from the headers if it is valid' do
|
|
11
11
|
raw_request = OpenStruct.new(
|
|
12
12
|
headers: {
|
|
@@ -2,9 +2,9 @@
|
|
|
2
2
|
require 'spec_helper'
|
|
3
3
|
require 'drillbit/resource/model'
|
|
4
4
|
|
|
5
|
-
module
|
|
6
|
-
module
|
|
7
|
-
|
|
5
|
+
module Drillbit
|
|
6
|
+
module Resource
|
|
7
|
+
describe Model do
|
|
8
8
|
it 'can chain multiple processors together' do
|
|
9
9
|
resource = double
|
|
10
10
|
processed_resource = double
|
|
@@ -2,10 +2,10 @@
|
|
|
2
2
|
require 'spec_helper'
|
|
3
3
|
require 'drillbit/resource/processors/filtering'
|
|
4
4
|
|
|
5
|
-
module
|
|
6
|
-
module
|
|
7
|
-
module
|
|
8
|
-
|
|
5
|
+
module Drillbit
|
|
6
|
+
module Resource
|
|
7
|
+
module Processors
|
|
8
|
+
describe Filtering do
|
|
9
9
|
let(:filtering_resource) { double }
|
|
10
10
|
|
|
11
11
|
it 'can return the resource if not filtered parameters are passed in' do
|
|
@@ -9,10 +9,10 @@ class TestIndexClass
|
|
|
9
9
|
end
|
|
10
10
|
end
|
|
11
11
|
|
|
12
|
-
module
|
|
13
|
-
module
|
|
14
|
-
module
|
|
15
|
-
|
|
12
|
+
module Drillbit
|
|
13
|
+
module Resource
|
|
14
|
+
module Processors
|
|
15
|
+
describe Indexing do
|
|
16
16
|
let(:indexing_resource) { double }
|
|
17
17
|
|
|
18
18
|
it 'does not do anything if indexing params are not passed in' do
|
|
@@ -2,10 +2,10 @@
|
|
|
2
2
|
require 'spec_helper'
|
|
3
3
|
require 'drillbit/resource/processors/paging'
|
|
4
4
|
|
|
5
|
-
module
|
|
6
|
-
module
|
|
7
|
-
module
|
|
8
|
-
|
|
5
|
+
module Drillbit
|
|
6
|
+
module Resource
|
|
7
|
+
module Processors
|
|
8
|
+
describe Paging do
|
|
9
9
|
let(:paging_resource) { double }
|
|
10
10
|
let(:processed_resource) { double }
|
|
11
11
|
|
|
@@ -2,10 +2,10 @@
|
|
|
2
2
|
require 'spec_helper'
|
|
3
3
|
require 'drillbit/resource/processors/sorting'
|
|
4
4
|
|
|
5
|
-
module
|
|
6
|
-
module
|
|
7
|
-
module
|
|
8
|
-
|
|
5
|
+
module Drillbit
|
|
6
|
+
module Resource
|
|
7
|
+
module Processors
|
|
8
|
+
describe Sorting do
|
|
9
9
|
let(:sorting_resource) { double }
|
|
10
10
|
|
|
11
11
|
it 'can return an ascending sort' do
|
|
@@ -2,9 +2,9 @@
|
|
|
2
2
|
require 'spec_helper'
|
|
3
3
|
require 'drillbit/tokens/json_web_token'
|
|
4
4
|
|
|
5
|
-
module
|
|
6
|
-
module
|
|
7
|
-
|
|
5
|
+
module Drillbit
|
|
6
|
+
module Tokens
|
|
7
|
+
describe JsonWebToken do
|
|
8
8
|
it 'can convert an empty encrypted token' do
|
|
9
9
|
token = JsonWebToken.from_jwe(nil,
|
|
10
10
|
private_key: test_private_key)
|
|
@@ -61,6 +61,14 @@ RSpec.describe JsonWebToken do
|
|
|
61
61
|
expect(token).to be_a JsonWebTokens::Null
|
|
62
62
|
end
|
|
63
63
|
|
|
64
|
+
it 'can convert a token with no data' do
|
|
65
|
+
token = JsonWebToken.build_from_request([{}, {}])
|
|
66
|
+
|
|
67
|
+
expect(token).to be_empty
|
|
68
|
+
expect(token).not_to be_present
|
|
69
|
+
expect(token).to be_blank
|
|
70
|
+
end
|
|
71
|
+
|
|
64
72
|
it 'can verify an expired signed token' do
|
|
65
73
|
expired_jws = valid_jws_token('exp' => 1.day.ago.to_i,
|
|
66
74
|
'baz' => 'bar')
|
|
@@ -2,10 +2,10 @@
|
|
|
2
2
|
require 'spec_helper'
|
|
3
3
|
require 'drillbit/tokens/json_web_tokens/password_reset'
|
|
4
4
|
|
|
5
|
-
module
|
|
6
|
-
module
|
|
7
|
-
module
|
|
8
|
-
|
|
5
|
+
module Drillbit
|
|
6
|
+
module Tokens
|
|
7
|
+
module JsonWebTokens
|
|
8
|
+
describe PasswordReset do
|
|
9
9
|
it 'can build a token that expires during the password reset timeframe', :time_mock do
|
|
10
10
|
token = JsonWebToken.build(id: 'test_id',
|
|
11
11
|
subject_id: 'subject_id',
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: drillbit
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version:
|
|
4
|
+
version: 2.0.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- thegranddesign
|
|
@@ -31,7 +31,7 @@ cert_chain:
|
|
|
31
31
|
zRIv8lqQM8QFT76rzP5SBCERwN+ltKAFbQ5/FwmZNGWYnmCP3RZMQiRnbh+9H9lh
|
|
32
32
|
mlbwaYZTjgsXq6cy8N38EecewgBbZYS1IYJraE/M
|
|
33
33
|
-----END CERTIFICATE-----
|
|
34
|
-
date: 2016-05-
|
|
34
|
+
date: 2016-05-26 00:00:00.000000000 Z
|
|
35
35
|
dependencies:
|
|
36
36
|
- !ruby/object:Gem::Dependency
|
|
37
37
|
name: erratum
|
|
@@ -136,14 +136,16 @@ files:
|
|
|
136
136
|
- lib/drillbit/authorizers/scope.rb
|
|
137
137
|
- lib/drillbit/configuration.rb
|
|
138
138
|
- lib/drillbit/errors/invalid_api_request.rb
|
|
139
|
+
- lib/drillbit/errors/invalid_request_body.rb
|
|
139
140
|
- lib/drillbit/errors/invalid_subdomain.rb
|
|
140
141
|
- lib/drillbit/errors/invalid_token.rb
|
|
141
142
|
- lib/drillbit/matchers/accept_header.rb
|
|
142
143
|
- lib/drillbit/matchers/generic.rb
|
|
143
144
|
- lib/drillbit/matchers/subdomain.rb
|
|
144
145
|
- lib/drillbit/matchers/version.rb
|
|
145
|
-
- lib/drillbit/middleware/
|
|
146
|
-
- lib/drillbit/
|
|
146
|
+
- lib/drillbit/middleware/api_request_validator.rb
|
|
147
|
+
- lib/drillbit/middleware/parameter_parser.rb
|
|
148
|
+
- lib/drillbit/middleware/token_processor.rb
|
|
147
149
|
- lib/drillbit/parameters/filter.rb
|
|
148
150
|
- lib/drillbit/parameters/index.rb
|
|
149
151
|
- lib/drillbit/parameters/page.rb
|
|
@@ -159,6 +161,7 @@ files:
|
|
|
159
161
|
- lib/drillbit/resource/processors/paging.rb
|
|
160
162
|
- lib/drillbit/resource/processors/sorting.rb
|
|
161
163
|
- lib/drillbit/responses/invalid_api_request.rb
|
|
164
|
+
- lib/drillbit/responses/invalid_request_body.rb
|
|
162
165
|
- lib/drillbit/responses/invalid_subdomain.rb
|
|
163
166
|
- lib/drillbit/responses/invalid_token.rb
|
|
164
167
|
- lib/drillbit/serializers/json_api.rb
|
|
@@ -179,6 +182,7 @@ files:
|
|
|
179
182
|
- spec/drillbit/authorizers/query_spec.rb
|
|
180
183
|
- spec/drillbit/authorizers/scope_spec.rb
|
|
181
184
|
- spec/drillbit/errors/invalid_api_request_spec.rb
|
|
185
|
+
- spec/drillbit/errors/invalid_request_body_spec.rb
|
|
182
186
|
- spec/drillbit/errors/invalid_subdomain_spec.rb
|
|
183
187
|
- spec/drillbit/errors/invalid_token_spec.rb
|
|
184
188
|
- spec/drillbit/invalid_subdomain_spec.rb
|
|
@@ -186,8 +190,9 @@ files:
|
|
|
186
190
|
- spec/drillbit/matchers/accept_header_spec.rb
|
|
187
191
|
- spec/drillbit/matchers/subdomain_spec.rb
|
|
188
192
|
- spec/drillbit/matchers/version_spec.rb
|
|
189
|
-
- spec/drillbit/middleware/
|
|
190
|
-
- spec/drillbit/
|
|
193
|
+
- spec/drillbit/middleware/api_request_validator_spec.rb
|
|
194
|
+
- spec/drillbit/middleware/parameter_parser_spec.rb
|
|
195
|
+
- spec/drillbit/middleware/token_processor_spec.rb
|
|
191
196
|
- spec/drillbit/requests/base_spec.rb
|
|
192
197
|
- spec/drillbit/requests/rack_spec.rb
|
|
193
198
|
- spec/drillbit/requests/rails_spec.rb
|
|
@@ -235,6 +240,7 @@ test_files:
|
|
|
235
240
|
- spec/drillbit/authorizers/query_spec.rb
|
|
236
241
|
- spec/drillbit/authorizers/scope_spec.rb
|
|
237
242
|
- spec/drillbit/errors/invalid_api_request_spec.rb
|
|
243
|
+
- spec/drillbit/errors/invalid_request_body_spec.rb
|
|
238
244
|
- spec/drillbit/errors/invalid_subdomain_spec.rb
|
|
239
245
|
- spec/drillbit/errors/invalid_token_spec.rb
|
|
240
246
|
- spec/drillbit/invalid_subdomain_spec.rb
|
|
@@ -242,8 +248,9 @@ test_files:
|
|
|
242
248
|
- spec/drillbit/matchers/accept_header_spec.rb
|
|
243
249
|
- spec/drillbit/matchers/subdomain_spec.rb
|
|
244
250
|
- spec/drillbit/matchers/version_spec.rb
|
|
245
|
-
- spec/drillbit/middleware/
|
|
246
|
-
- spec/drillbit/
|
|
251
|
+
- spec/drillbit/middleware/api_request_validator_spec.rb
|
|
252
|
+
- spec/drillbit/middleware/parameter_parser_spec.rb
|
|
253
|
+
- spec/drillbit/middleware/token_processor_spec.rb
|
|
247
254
|
- spec/drillbit/requests/base_spec.rb
|
|
248
255
|
- spec/drillbit/requests/rack_spec.rb
|
|
249
256
|
- spec/drillbit/requests/rails_spec.rb
|
metadata.gz.sig
CHANGED
|
Binary file
|
|
@@ -1,49 +0,0 @@
|
|
|
1
|
-
# frozen_string_literal: true
|
|
2
|
-
require 'drillbit/configuration'
|
|
3
|
-
require 'drillbit/parameters'
|
|
4
|
-
require 'drillbit/matchers/subdomain'
|
|
5
|
-
require 'drillbit/matchers/accept_header'
|
|
6
|
-
require 'drillbit/requests/base'
|
|
7
|
-
require 'drillbit/responses/invalid_api_request'
|
|
8
|
-
require 'drillbit/responses/invalid_subdomain'
|
|
9
|
-
require 'drillbit/responses/invalid_token'
|
|
10
|
-
|
|
11
|
-
module Drillbit
|
|
12
|
-
module Middleware
|
|
13
|
-
class ApiRequest
|
|
14
|
-
JSON_API_MIME_TYPE_PATTERN = %r{application/vnd\.api\+json(?=\z|;)}
|
|
15
|
-
|
|
16
|
-
def initialize(app)
|
|
17
|
-
@app = app
|
|
18
|
-
end
|
|
19
|
-
|
|
20
|
-
# rubocop:disable Metrics/LineLength
|
|
21
|
-
# :reek:FeatureEnvy
|
|
22
|
-
def call(env)
|
|
23
|
-
env['HTTP_X_APPLICATION_NAME'] = Drillbit.configuration.application_name
|
|
24
|
-
|
|
25
|
-
request = Requests::Base.resolve(env)
|
|
26
|
-
subdomain_matcher = Matchers::Subdomain.new
|
|
27
|
-
accept_header_matcher = Matchers::AcceptHeader.new
|
|
28
|
-
token = request.authorization_token
|
|
29
|
-
|
|
30
|
-
return Responses::InvalidSubdomain.call(env) unless subdomain_matcher.matches?(request)
|
|
31
|
-
return Responses::InvalidApiRequest.call(env) unless !subdomain_matcher.matches_api_subdomain?(request) ||
|
|
32
|
-
accept_header_matcher.matches?(request)
|
|
33
|
-
return Responses::InvalidToken.call(env,
|
|
34
|
-
application_name: request.application_name) \
|
|
35
|
-
unless token.valid?
|
|
36
|
-
|
|
37
|
-
env['X_DECRYPTED_JSON_WEB_TOKEN'] = token.to_h
|
|
38
|
-
env['QUERY_STRING'] = Parameters.process(env['QUERY_STRING'])
|
|
39
|
-
env['CONTENT_TYPE'] = env['CONTENT_TYPE'].
|
|
40
|
-
to_s.
|
|
41
|
-
gsub JSON_API_MIME_TYPE_PATTERN,
|
|
42
|
-
'application/json'
|
|
43
|
-
|
|
44
|
-
@app.call(env)
|
|
45
|
-
end
|
|
46
|
-
# rubocop:enable Metrics/LineLength
|
|
47
|
-
end
|
|
48
|
-
end
|
|
49
|
-
end
|
data/lib/drillbit/parameters.rb
DELETED
|
@@ -1,22 +0,0 @@
|
|
|
1
|
-
# frozen_string_literal: true
|
|
2
|
-
module Drillbit
|
|
3
|
-
class Parameters
|
|
4
|
-
attr_accessor :query_string
|
|
5
|
-
|
|
6
|
-
def initialize(query_string)
|
|
7
|
-
self.query_string = query_string
|
|
8
|
-
end
|
|
9
|
-
|
|
10
|
-
def self.process(query_string)
|
|
11
|
-
new(query_string).process
|
|
12
|
-
end
|
|
13
|
-
|
|
14
|
-
def process
|
|
15
|
-
return query_string unless query_string.respond_to? :gsub
|
|
16
|
-
|
|
17
|
-
query_string.gsub(/(?<=\A|&|\?)[^=&]+/) do |match|
|
|
18
|
-
match.tr('-', '_')
|
|
19
|
-
end
|
|
20
|
-
end
|
|
21
|
-
end
|
|
22
|
-
end
|
|
@@ -1,49 +0,0 @@
|
|
|
1
|
-
# frozen_string_literal: true
|
|
2
|
-
require 'spec_helper'
|
|
3
|
-
require 'drillbit/parameters'
|
|
4
|
-
|
|
5
|
-
module Drillbit
|
|
6
|
-
RSpec.describe Parameters do
|
|
7
|
-
it 'can underscore the first parameter' do
|
|
8
|
-
query_params = 'hello-there=bob-jones'
|
|
9
|
-
|
|
10
|
-
expect(Parameters.process(query_params)).to eql 'hello_there=bob-jones'
|
|
11
|
-
end
|
|
12
|
-
|
|
13
|
-
it 'does not touch params with no dashes' do
|
|
14
|
-
query_params = 'hello_there=bob-jones'
|
|
15
|
-
|
|
16
|
-
expect(Parameters.process(query_params)).to eql 'hello_there=bob-jones'
|
|
17
|
-
end
|
|
18
|
-
|
|
19
|
-
it 'can underscore a middle parameter and a parameter at the end' do
|
|
20
|
-
query_params = 'hello-there=bob-jones&nice-to-meet=you-bob&hows-the-weather=today-bob'
|
|
21
|
-
|
|
22
|
-
expect(Parameters.process(query_params)).to eql 'hello_there=bob-jones&' \
|
|
23
|
-
'nice_to_meet=you-bob&' \
|
|
24
|
-
'hows_the_weather=today-bob'
|
|
25
|
-
end
|
|
26
|
-
|
|
27
|
-
it 'can handle weirdly formatted parameters' do
|
|
28
|
-
query_params = 'hello-there=bob-jones&nice-to-meet=you-bob&='
|
|
29
|
-
|
|
30
|
-
expect(Parameters.process(query_params)).to eql 'hello_there=bob-jones&' \
|
|
31
|
-
'nice_to_meet=you-bob&='
|
|
32
|
-
end
|
|
33
|
-
|
|
34
|
-
it 'can handle parameters with no values' do
|
|
35
|
-
query_params = 'hello-there&nice-to-meet=you-bob&='
|
|
36
|
-
|
|
37
|
-
expect(Parameters.process(query_params)).to eql 'hello_there&' \
|
|
38
|
-
'nice_to_meet=you-bob&='
|
|
39
|
-
end
|
|
40
|
-
|
|
41
|
-
it 'can handle values with no parameter name' do
|
|
42
|
-
query_params = 'hello-there=bob-jones&=you-bob&nice-to-meet=you-bob&='
|
|
43
|
-
|
|
44
|
-
expect(Parameters.process(query_params)).to eql 'hello_there=bob-jones&' \
|
|
45
|
-
'=you-bob&' \
|
|
46
|
-
'nice_to_meet=you-bob&='
|
|
47
|
-
end
|
|
48
|
-
end
|
|
49
|
-
end
|