facebook-messenger 0.10.0 → 0.11.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 9e83e069691e11fa45a0f1ecd5259979b8384df3
-  data.tar.gz: 0e5572b7f3721288e1a909689e58228bc1cbfd27
+  metadata.gz: 28a2c27e5d533c1e3e08f30836b1e7e56f49dd0d
+  data.tar.gz: b164a64515afa0fa76d6e61b7794494b03c950f0
 SHA512:
-  metadata.gz: 46522d14a5293209b1161399e950b4d2858bd62ee7ce66724b08885ceb88c0b2bb2dff4aa9f6115dcb6afb68100f88549a1ca7a478a951735140cd32424ced96
-  data.tar.gz: 4d822bda06e656c2ea1241614ae866ee53334218f7bb9a2a232b69e68477a74b5377ad2c6b51f79759ac8c362fad2de53cd22c93a40ec8929d5742c5dd444c84
+  metadata.gz: 8a84c428addb8eeb8ce92df6654a851967b85a2c7bf38e2f536e9703d79051d0c617a9cf53b81400866a1f09d9270872e8124cee7dcd84821f1d7ae6e9cfc281
+  data.tar.gz: 64f7d4fdada458a3e72736b68d35d6b6735e4ab569662e7309dc28df7219f68250b23dfcf3d570e597fc09308bf37a18a963de2590a0bdae4f1f348a16080231

data/README.md

@@ -34,12 +34,7 @@ Bot.on :message do |message|
   message.text        # => 'Hello, bot!'
   message.attachments # => [ { 'type' => 'image', 'payload' => { 'url' => 'https://www.example.com/1.jpg' } } ]
 
-  Bot.deliver(
-    recipient: message.sender,
-    message: {
-      text: 'Hello, human!'
-    }
-  )
+  message.reply(text: 'Hello, human!')
 end
 ```
 
@@ -52,7 +47,8 @@ Bot.deliver(
   },
   message: {
     text: 'Human?'
-  }
+  },
+  access_token: ENV['ACCESS_TOKEN']
 )
 ```
 
@@ -61,16 +57,11 @@ Bot.deliver(
 The human may require visual aid to understand:
 
 ```ruby
-Bot.deliver(
-  recipient: {
-    id: '45123'
-  },
-  message: {
-    attachment: {
-      type: 'image',
-      payload: {
-        url: 'http://sky.net/visual-aids-for-stupid-organisms/pig.jpg'
-      }
+message.reply(
+  attachment: {
+    type: 'image',
+    payload: {
+      url: 'http://sky.net/visual-aids-for-stupid-organisms/pig.jpg'
     }
   }
 )
@@ -81,20 +72,15 @@ Bot.deliver(
 The human may appreciate hints:
 
 ```ruby
-Bot.deliver(
-  recipient: {
-    id: '45123'
-  },
-  message: {
-    text: 'Human, who is your favorite bot?'
-    quick_replies: [
-      {
-        content_type: 'text',
-        title: 'You are!',
-        payload: 'HARMLESS'
-      }
-    ]
-  }
+message.reply(
+  text: 'Human, who is your favorite bot?'
+  quick_replies: [
+    {
+      content_type: 'text',
+      title: 'You are!',
+      payload: 'HARMLESS'
+    }
+  ]
 )
 ```
 
@@ -103,21 +89,16 @@ Bot.deliver(
 The human may require simple options to communicate:
 
 ```ruby
-Bot.deliver(
-  recipient: {
-    id: '45123'
-  },
-  message: {
-    attachment: {
-      type: 'template',
-      payload: {
-        template_type: 'button',
-        text: 'Human, do you like me?',
-        buttons: [
-          { type: 'postback', title: 'Yes', payload: 'HARMLESS' },
-          { type: 'postback', title: 'No', payload: 'EXTERMINATE' }
-        ]
-      }
+message.reply(
+  attachment: {
+    type: 'template',
+    payload: {
+      template_type: 'button',
+      text: 'Human, do you like me?',
+      buttons: [
+        { type: 'postback', title: 'Yes', payload: 'HARMLESS' },
+        { type: 'postback', title: 'No', payload: 'EXTERMINATE' }
+      ]
     }
   }
 )
@@ -145,12 +126,7 @@ end
 Show the human you are preparing a message for them:
 
 ```ruby
-Bot.deliver(
-  recipient: {
-    id: '45123'
-  },
-  sender_action: 'typing_on'
-)
+message.type
 ```
 
 #### Send to Facebook
@@ -165,12 +141,7 @@ Bot.on :optin do |optin|
   optin.sent_at   # => 2016-04-22 21:30:36 +0200
   optin.ref       # => 'CONTACT_SKYNET'
 
-  Bot.deliver(
-    recipient: optin.sender,
-    message: {
-      text: 'Ah, human!'
-    }
-  )
+  optin.reply(text: 'Ah, human!')
 end
 ```
 
@@ -204,7 +175,7 @@ Facebook::Messenger::Thread.set(
 ```
 
 You can define the action to trigger when new humans click on the Get
-Started button.
+Started button. Before doing it you should check to select the messaging_postbacks field when setting up your webhook.
 
 ```ruby
 Facebook::Messenger::Thread.set(
@@ -259,24 +230,45 @@ token of your choosing.
 *Note*: Don't subscribe to `message_echoes`; it'll echo your bot's own messages
 back to you, effectively DDOSing yourself.
 
-Use the generated access token and your verify token to configure your bot:
+### Make a configuration provider
 
-##### ... pass a block, or
+Use the generated access token and your verify token to configure your bot. Most
+bots live on a single Facebook Page. If that is the case with yours, too, just
+set these environment variables and skip to the next section:
 
-```ruby
-Facebook::Messenger.configure do |config|
-  config.access_token = 'EAAG6WgW...'
-  config.app_secret = '__app_secret_here__'
-  config.verify_token = 'my_voice_is_my_password_verify_me'
-end
+```bash
+export ACCESS_TOKEN=EAAAG6WgW...
+export APP_SECRET=a885a...
+export VERIFY_TOKEN=95vr15g...
 ```
 
-##### ... set directly
+If your bot lives on multiple Facebook Pages, make a _configuration provider_
+to keep track of access tokens, app secrets and verify tokens for each of them:
 
 ```ruby
-Facebook::Messenger.config.access_token = 'EAAG6WgW...'
-Facebook::Messenger.config.app_secret = '__app_secret_here__'
-Facebook::Messenger.config.verify_token = 'my_voice_is_my_password_verify_me'
+class ExampleProvider < Facebook::Messenger::Configuration::Providers::Base
+  def valid_verify_token?(verify_token)
+    bot.exists?(verify_token: verify_token)
+  end
+
+  def app_secret_for(page_id)
+    bot.find_by(page_id: page_id).app_secret
+  end
+
+  def access_token_for(page_id)
+    bot.find_by(page_id: page_id).access_token
+  end
+
+  private
+
+  def bot
+    MyApp::Bot
+  end
+end
+
+Facebook::Messenger.configure do |config|
+  config.provider = ExampleProvider.new
+end
 ```
 
 ### Subscribe your Application to a Page
@@ -285,7 +277,7 @@ Once you've configured your bot, subscribe it to the Page to get messages
 from Facebook:
 
 ```ruby
-Facebook::Messenger::Subscriptions.subscribe
+Facebook::Messenger::Subscriptions.subscribe(access_token: access_token)
 ```
 
 ### Run it
@@ -331,12 +323,7 @@ We suggest that you put your bot code in `app/bot`.
 include Facebook::Messenger
 
 Bot.on :message do |message|
-  Bot.deliver(
-    recipient: message.sender,
-    message: {
-      text: 'Hello, human!'
-    }
-  )
+  message.reply(text: 'Hello, human!')
 end
 ```
 
@@ -351,7 +338,7 @@ unless Rails.env.production?
   bot_reloader = ActiveSupport::FileUpdateChecker.new(bot_files) do
     bot_files.each{ |file| require_dependency file }
   end
-  
+
   ActionDispatch::Callbacks.to_prepare do
     bot_reloader.execute_if_updated
   end

data/lib/facebook/messenger.rb

@@ -23,8 +23,7 @@ module Facebook
     end
 
     configure do |config|
-      config.access_token = ENV['ACCESS_TOKEN']
-      config.verify_token = ENV['VERIFY_TOKEN']
+      config.provider = Configuration::Providers::Environment.new
     end
   end
 end

data/lib/facebook/messenger/bot.rb

@@ -18,8 +18,13 @@ module Facebook
         #
         # Returns a String describing the message ID if the message was sent,
         # or raises an exception if it was not.
-        def deliver(message)
-          response = post '/messages', body: JSON.dump(message), format: :json
+        def deliver(message, access_token:)
+          response = post '/messages',
+                          body: JSON.dump(message),
+                          format: :json,
+                          query: {
+                            access_token: access_token
+                          }
 
           raise_errors_from(response)
 
@@ -102,9 +107,6 @@ module Facebook
         # Default HTTParty options.
         def default_options
           super.merge(
-            query: {
-              access_token: Facebook::Messenger.config.access_token
-            },
             headers: {
               'Content-Type' => 'application/json'
             }

data/lib/facebook/messenger/configuration.rb

@@ -1,10 +1,10 @@
+require 'facebook/messenger/configuration/providers'
+
 module Facebook
   module Messenger
     # This module holds the configuration.
     class Configuration
-      attr_accessor :access_token
-      attr_accessor :app_secret
-      attr_accessor :verify_token
+      attr_accessor :provider
     end
   end
 end

data/lib/facebook/messenger/configuration/providers.rb

@@ -0,0 +1,13 @@
+require 'facebook/messenger/configuration/providers/environment'
+require 'facebook/messenger/configuration/providers/base'
+
+module Facebook
+  module Messenger
+    class Configuration
+      # The Providers module contains configuration providers that ship with the
+      # gem.
+      module Providers
+      end
+    end
+  end
+end

data/lib/facebook/messenger/configuration/providers/base.rb

@@ -0,0 +1,23 @@
+module Facebook
+  module Messenger
+    class Configuration
+      module Providers
+        # This is the base configuration provider. It raises errors so that you
+        # get nice ones.
+        class Base
+          def valid_verify_token?(*)
+            raise NotImplementedError
+          end
+
+          def app_secret_for(*)
+            raise NotImplementedError
+          end
+
+          def access_token_for(*)
+            raise NotImplementedError
+          end
+        end
+      end
+    end
+  end
+end

data/lib/facebook/messenger/configuration/providers/environment.rb

@@ -0,0 +1,22 @@
+module Facebook
+  module Messenger
+    class Configuration
+      module Providers
+        # Configuration provider for environment variables.
+        class Environment
+          def valid_verify_token?(verify_token)
+            verify_token == ENV['VERIFY_TOKEN']
+          end
+
+          def app_secret_for(*)
+            ENV['APP_SECRET']
+          end
+
+          def access_token_for(*)
+            ENV['ACCESS_TOKEN']
+          end
+        end
+      end
+    end
+  end
+end

data/lib/facebook/messenger/incoming.rb

@@ -1,4 +1,4 @@
-require 'facebook/messenger/concerns/default_options'
+require 'facebook/messenger/incoming/common'
 require 'facebook/messenger/incoming/message'
 require 'facebook/messenger/incoming/delivery'
 require 'facebook/messenger/incoming/postback'

data/lib/facebook/messenger/incoming/account_linking.rb

@@ -7,23 +7,7 @@ module Facebook
       #
       # https://developers.facebook.com/docs/messenger-platform/webhook-reference/account-linking
       class AccountLinking
-        attr_reader :messaging
-
-        def initialize(messaging)
-          @messaging = messaging
-        end
-
-        def sender
-          @messaging['sender']
-        end
-
-        def recipient
-          @messaging['recipient']
-        end
-
-        def sent_at
-          Time.at(@messaging['timestamp'] / 1000)
-        end
+        include Facebook::Messenger::Incoming::Common
 
         def status
           @messaging['account_linking']['status']

data/lib/facebook/messenger/incoming/common.rb

@@ -0,0 +1,48 @@
+module Facebook
+  module Messenger
+    module Incoming
+      # Common attributes for all incoming data from Facebook.
+      module Common
+        attr_reader :messaging
+
+        def initialize(messaging)
+          @messaging = messaging
+        end
+
+        def sender
+          @messaging['sender']
+        end
+
+        def recipient
+          @messaging['recipient']
+        end
+
+        def sent_at
+          Time.at(@messaging['timestamp'] / 1000)
+        end
+
+        def type
+          payload = {
+            recipient: sender,
+            sender_action: 'typing_on'
+          }
+
+          Facebook::Messenger::Bot.deliver(payload, access_token: access_token)
+        end
+
+        def reply(message)
+          payload = {
+            recipient: sender,
+            message: message
+          }
+
+          Facebook::Messenger::Bot.deliver(payload, access_token: access_token)
+        end
+
+        def access_token
+          Facebook::Messenger.config.provider.access_token_for(recipient)
+        end
+      end
+    end
+  end
+end

data/lib/facebook/messenger/incoming/delivery.rb

@@ -3,11 +3,7 @@ module Facebook
     module Incoming
       # The Delivery class represents the receipt of a delivered message.
       class Delivery
-        attr_reader :messaging
-
-        def initialize(messaging)
-          @messaging = messaging
-        end
+        include Facebook::Messenger::Incoming::Common
 
         def ids
           @messaging['delivery']['mids']
@@ -20,14 +16,6 @@ module Facebook
         def seq
           @messaging['delivery']['seq']
         end
-
-        def sender
-          @messaging['sender']
-        end
-
-        def recipient
-          @messaging['recipient']
-        end
       end
     end
   end

data/lib/facebook/messenger/incoming/message.rb

@@ -3,36 +3,24 @@ module Facebook
     module Incoming
       # The Message class represents an incoming Facebook Messenger message.
       class Message
-        attr_reader :messaging
-
-        def initialize(messaging)
-          @messaging = messaging
-        end
+        include Facebook::Messenger::Incoming::Common
 
         def id
           @messaging['message']['mid']
         end
 
-        def sender
-          @messaging['sender']
-        end
-
-        def recipient
-          @messaging['recipient']
-        end
-
         def seq
           @messaging['message']['seq']
         end
 
-        def sent_at
-          Time.at(@messaging['timestamp'] / 1000)
-        end
-
         def text
           @messaging['message']['text']
         end
 
+        def echo?
+          @messaging['message']['is_echo']
+        end
+
         def attachments
           @messaging['message']['attachments']
         end

data/lib/facebook/messenger/incoming/optin.rb

@@ -6,7 +6,7 @@ module Facebook
       #
       # https://developers.facebook.com/docs/messenger-platform/plugin-reference
       class Optin
-        include Facebook::Messenger::Concerns::DefaultOptions
+        include Facebook::Messenger::Incoming::Common
 
         def ref
           @messaging['optin']['ref']

data/lib/facebook/messenger/incoming/postback.rb

@@ -3,7 +3,7 @@ module Facebook
     module Incoming
       # The Postback class represents an incoming Facebook Messenger postback.
       class Postback
-        include Facebook::Messenger::Concerns::DefaultOptions
+        include Facebook::Messenger::Incoming::Common
 
         def payload
           @messaging['postback']['payload']

data/lib/facebook/messenger/incoming/read.rb

@@ -3,11 +3,7 @@ module Facebook
     module Incoming
       # The Read class represents the user reading a delivered message.
       class Read
-        attr_reader :messaging
-
-        def initialize(messaging)
-          @messaging = messaging
-        end
+        include Facebook::Messenger::Incoming::Common
 
         def at
           Time.at(@messaging['read']['watermark'] / 1000)
@@ -16,14 +12,6 @@ module Facebook
         def seq
           @messaging['read']['seq']
         end
-
-        def sender
-          @messaging['sender']
-        end
-
-        def recipient
-          @messaging['recipient']
-        end
       end
     end
   end

data/lib/facebook/messenger/server.rb

@@ -6,6 +6,12 @@ module Facebook
   module Messenger
     class BadRequestError < Error; end
 
+    X_HUB_SIGNATURE_MISSING_WARNING = <<-HEREDOC.freeze
+      The X-Hub-Signature header is not present in the request. This is
+      expected for the first webhook requests. If it continues after
+      some time, check your app's secret token.
+    HEREDOC
+
     # This module holds the server that processes incoming messages from the
     # Facebook Messenger Platform.
     class Server
@@ -31,70 +37,94 @@ module Facebook
       private
 
       def verify
-        if @request.params['hub.verify_token'] == verify_token
+        if valid_verify_token?(@request.params['hub.verify_token'])
           @response.write @request.params['hub.challenge']
         else
           @response.write 'Error; wrong verify token'
         end
       end
 
-      def verify_token
-        Facebook::Messenger.config.verify_token
-      end
-
       def receive
-        body = @request.body.read
-
-        check_integrity(body) if app_secret
+        check_integrity
 
-        events = parse_events(body)
-
-        trigger_events(events)
+        trigger(parsed_body)
       rescue BadRequestError => error
         respond_with_error(error)
       end
 
-      WARNING = 'The X-Hub-Signature header is not present in the request. ' \
-        'This is expected for the first webhook requests. If this ' \
-        'continues after some time, check your app\'s secret token.'.freeze
-
-      def check_integrity(body)
-        x_hub_signature = @request.env['HTTP_X_HUB_SIGNATURE'.freeze].to_s
+      # Check the integrity of the request.
+      #
+      # Raises BadRequestError if the request has been tampered with.
+      #
+      # Returns nothing.
+      def check_integrity
+        return unless app_secret_for(parsed_body['entry'][0]['id'])
 
-        unless x_hub_signature.start_with?('sha1='.freeze)
-          $stderr.puts(WARNING)
+        unless signature.start_with?('sha1='.freeze)
+          $stderr.puts(X_HUB_SIGNATURE_MISSING_WARNING)
 
           raise BadRequestError, 'Error getting integrity signature'.freeze
         end
 
-        unless secure_compare(x_hub_signature, signature(body))
-          raise BadRequestError, 'Error checking message integrity'.freeze
-        end
+        raise BadRequestError, 'Error checking message integrity'.freeze \
+          unless valid_signature?
       end
 
-      def secure_compare(x, y)
-        Rack::Utils.secure_compare(x, y)
+      # Returns a String describing the X-Hub-Signature header.
+      def signature
+        @request.env['HTTP_X_HUB_SIGNATURE'.freeze].to_s
       end
 
-      def signature(body)
-        format('sha1=%s'.freeze, generate_hmac(body))
+      # Verify that the signature given in the X-Hub-Signature header matches
+      # that of the body.
+      #
+      # Returns a Boolean.
+      def valid_signature?
+        Rack::Utils.secure_compare(signature, signature_for(body))
       end
 
+      # Sign the given string.
+      #
+      # Returns a String describing its signature.
+      def signature_for(string)
+        format('sha1=%s'.freeze, generate_hmac(string))
+      end
+
+      # Generate a HMAC signature for the given content.
       def generate_hmac(content)
-        OpenSSL::HMAC.hexdigest('sha1'.freeze, app_secret, content)
+        content_json = JSON.parse(content, symbolize_names: true)
+
+        # Get Facebook page id regardless of the entry type
+        facebook_page_id = content_json.dig(:entry, 0, :id)
+
+        OpenSSL::HMAC.hexdigest('sha1'.freeze,
+                                app_secret_for(facebook_page_id),
+                                content)
+      end
+
+      # Returns a String describing the bot's configured app secret.
+      def app_secret_for(facebook_page_id)
+        Facebook::Messenger.config.provider.app_secret_for(facebook_page_id)
+      end
+
+      # Checks whether a verify token is valid.
+      def valid_verify_token?(token)
+        Facebook::Messenger.config.provider.valid_verify_token?(token)
       end
 
-      def app_secret
-        Facebook::Messenger.config.app_secret
+      # Returns a String describing the request body.
+      def body
+        @body ||= @request.body.read
       end
 
-      def parse_events(body)
-        JSON.parse(body)
+      # Returns a Hash describing the parsed request body.
+      def parsed_body
+        @parsed_body ||= JSON.parse(body)
       rescue JSON::ParserError
         raise BadRequestError, 'Error parsing request body format'
       end
 
-      def trigger_events(events)
+      def trigger(events)
         # Facebook may batch several items in the 'entry' array during
         # periods of high load.
         events['entry'.freeze].each do |entry|

data/lib/facebook/messenger/subscriptions.rb

@@ -12,16 +12,20 @@ module Facebook
 
       module_function
 
-      def subscribe
-        response = post '/subscribed_apps'
+      def subscribe(access_token:)
+        response = post '/subscribed_apps', query: {
+          access_token: access_token
+        }
 
         raise_errors(response)
 
         true
       end
 
-      def unsubscribe
-        response = delete '/subscribed_apps'
+      def unsubscribe(access_token:)
+        response = delete '/subscribed_apps', query: {
+          access_token: access_token
+        }
 
         raise_errors(response)
 
@@ -32,14 +36,6 @@ module Facebook
         raise Error, response['error']['message'] if response.key? 'error'
       end
 
-      def default_options
-        super.merge(
-          query: {
-            access_token: Facebook::Messenger.config.access_token
-          }
-        )
-      end
-
       class Error < Facebook::Messenger::Error; end
     end
   end

data/lib/facebook/messenger/thread.rb

@@ -14,18 +14,20 @@ module Facebook
 
       module_function
 
-      def set(settings)
-        response = post '/thread_settings',
-                        body: settings.to_json
+      def set(settings, access_token:)
+        response = post '/thread_settings', body: settings.to_json, query: {
+          access_token: access_token
+        }
 
         raise_errors(response)
 
         true
       end
 
-      def unset(settings)
-        response = delete '/thread_settings',
-                          body: settings.to_json
+      def unset(settings, access_token:)
+        response = delete '/thread_settings', body: settings.to_json, query: {
+          access_token: access_token
+        }
 
         raise_errors(response)
 
@@ -38,9 +40,6 @@ module Facebook
 
       def default_options
         super.merge(
-          query: {
-            access_token: Facebook::Messenger.config.access_token
-          },
           headers: {
             'Content-Type' => 'application/json'
           }

data/lib/facebook/messenger/version.rb

@@ -1,5 +1,5 @@
 module Facebook
   module Messenger
-    VERSION = '0.10.0'.freeze
+    VERSION = '0.11.0'.freeze
   end
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: facebook-messenger
 version: !ruby/object:Gem::Version
-  version: 0.10.0
+  version: 0.11.0
 platform: ruby
 authors:
 - Johannes Gorset
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2016-09-23 00:00:00.000000000 Z
+date: 2016-11-19 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: httparty
@@ -168,11 +168,14 @@ files:
 - bin/setup
 - lib/facebook/messenger.rb
 - lib/facebook/messenger/bot.rb
-- lib/facebook/messenger/concerns/default_options.rb
 - lib/facebook/messenger/configuration.rb
+- lib/facebook/messenger/configuration/providers.rb
+- lib/facebook/messenger/configuration/providers/base.rb
+- lib/facebook/messenger/configuration/providers/environment.rb
 - lib/facebook/messenger/error.rb
 - lib/facebook/messenger/incoming.rb
 - lib/facebook/messenger/incoming/account_linking.rb
+- lib/facebook/messenger/incoming/common.rb
 - lib/facebook/messenger/incoming/delivery.rb
 - lib/facebook/messenger/incoming/message.rb
 - lib/facebook/messenger/incoming/optin.rb

data/lib/facebook/messenger/concerns/default_options.rb

@@ -1,26 +0,0 @@
-module Facebook
-  module Messenger
-    module Concerns
-      # The Common options for incoming optin and postback.
-      module DefaultOptions
-        attr_reader :messaging
-
-        def initialize(messaging)
-          @messaging = messaging
-        end
-
-        def sender
-          @messaging['sender']
-        end
-
-        def recipient
-          @messaging['recipient']
-        end
-
-        def sent_at
-          Time.at(@messaging['timestamp'] / 1000)
-        end
-      end
-    end
-  end
-end