fidor_starter_kits 0.3.3 → 0.3.5

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 455dac3a1472751eff2af9a065ace07903a0a774
-  data.tar.gz: 8f704e362c9743db66a256a81cff4038d948e60b
+  metadata.gz: 0d9257e8f3fd57a085a5bfad18e7d08e17f0410d
+  data.tar.gz: 6cc26babb8d847a711d48556b3285b3a3543cb70
 SHA512:
-  metadata.gz: 36551a95617bf621d341c7c12c99e04e4f82eca851f440867579aa600e97aea8a4a8ba9ce22af19e7b8c87b3cab4245493b23d5a6038de83cfc5c79815f73683
-  data.tar.gz: c6c1ed02a764094ee1c559aae45923dcf05a713696c412f7afa10fedb9c9258b30d54ee9100d55ac52c0703b9f5f50441c2a347ff90ba828b457b075516c0a79
+  metadata.gz: 475514d665725df63f3c2047df7b0dd7878f0c8b838045f80603829a938d0e1f4f3dc4e32a05e04e1edee4c9c9d24b5684a323e5c035b8c7fa7a30d9e6e1e101
+  data.tar.gz: effb9982ec4dea6dab0b50460f6c527b72686259dad4ff31d71d63a8a48a178ccf3e802d36bc8034142174ddf44b3052c22a33085d6bbd0efb4d24d80ff5d30a

data/CHANGELOG.md

@@ -1,8 +1,13 @@
 # Changelog Fidor Admin API Schema
 See [commit messages](https://github.com/fidor/fidor_starter_kits/commits/) for details.
 
-##2015-01 v.0.3.2
-*bugfix: proper TLS handling for node example
+##2015-06
+
+* fix usage of access_token in api URLs, now set in Authorization Header
+
+##2015-01
+
+*fix proper TLS handling for node example
 
 ##2014-12
 

data/README.md

@@ -11,7 +11,6 @@ information into the source files and delivers the example as zipped download.
 If you choose the manual way to explore our example apps, simply checkout this
 repo, register and app and add the required credentials, URL's to the sources.
 
-
 For Ruby Heros, this repo is also available as ruby gem and provides a tiny
 helper for app creation, see Install & Usage.
 
@@ -57,18 +56,18 @@ application manager. Before the following placeholders inside in your main
 example.xy file are substituted with the according values from the app
 (client_id/secret) and the values in .fidor_meta.json:
 
-    <APP_URL>                   # default http://localhost:8000/example.php
+    <APP_URL>          # default http://localhost:8000/example.php
     <CLIENT_ID>
     <CLIENT_SECRET>
-    <FIDOR_OAUTH_URL>           # e.g https://fidor.com/oauth
-    <FIDOR_API_URL>
+    <FIDOR_OAUTH_URL>  # e.g Sandbox: https://aps.fidor.de/oauth / Live: https://apm.fidor.de/oauth
+    <FIDOR_API_URL>    # e.g Sandbox: https://aps.fidor.de / Live: https://api.fidor.de
 
 So just add those to example.[rb, php, ..] and see existing examples and specs
 for a reference.
 
 ## Contributing
 
-1. Fork it ( http://github.com/schorsch/fidor_starter_kits/fork )
+1. Fork it (https://github.com/fidor/fidor_starter_kits/fork )
 2. Create your feature branch (`git checkout -b my-new-feature`)
 3. Commit your changes (`git commit -am 'Add some feature'`)
 4. Push to the branch (`git push origin my-new-feature`)

data/lib/fidor_starter_kits/version.rb

@@ -1,3 +1,3 @@
 module FidorStarterKits
-  VERSION = '0.3.3'
-end
+  VERSION = '0.3.5'
+end

data/lib/fidor_starter_kits.rb

@@ -6,7 +6,7 @@ require 'json'
 
 module FidorStarterKits
 
-  STARTER_KITS = %w{ node_tx golang_plain php_plain sinatra_plain java_servlet }
+  STARTER_KITS = %w{ node_tx golang_plain php_oauth_plain ruby_oauth_plain java_servlet }
 
   class << self
 
@@ -70,7 +70,7 @@ module FidorStarterKits
         if File.exists? meta
           File.open(meta) {|f| @conf[kit] = JSON.parse(f.read)}
         else
-          @conf[kit] = "meh"   
+          @conf[kit] = {"error" => ".fidor_meta.json not found"}
         end
       end
       return @conf
@@ -80,8 +80,8 @@ module FidorStarterKits
       all[app_name]
     end
 
-    def each 
-      all.each_value { |conf| yield conf } 
+    def each
+      all.each_value { |conf| yield conf }
     end
 
   end

data/spec/fidor_starter_kits_spec.rb

@@ -4,10 +4,10 @@ describe FidorStarterKits do
 
   describe '.exists?' do
     it 'is true' do
-      expect( FidorStarterKits.exists?('sinatra_plain') ).to be
+      expect( FidorStarterKits.exists?('ruby_oauth_plain') ).to be
     end
     it 'is false' do
-      expect( FidorStarterKits.exists?('sinatra_plain') ).to be
+      expect( FidorStarterKits.exists?('ruby_oauth_plain') ).to be
     end
   end
 
@@ -21,7 +21,7 @@ describe FidorStarterKits do
 
     it 'creates zip file' do
       opts = {
-        app_name: 'sinatra_plain',
+        app_name: 'ruby_oauth_plain',
         client_id: '123',
         client_secret: '12345',
         app_url: 'localhost'
@@ -32,7 +32,7 @@ describe FidorStarterKits do
 
     it 'replaces placeholders in example.rb' do
       opts = {
-        app_name: 'sinatra_plain',
+        app_name: 'ruby_oauth_plain',
         client_id: 'my-client-id',
         client_secret: 'my-client-secret',
         app_url: 'my-app-url',
@@ -49,7 +49,7 @@ describe FidorStarterKits do
     end
   end
 
-  describe '.all' do 
+  describe '.all' do
     it 'lists all starter kits' do
       expect(FidorStarterKits.all.count).to eq(FidorStarterKits::STARTER_KITS.size)
     end
@@ -58,8 +58,8 @@ describe FidorStarterKits do
       conf = FidorStarterKits.all
       expect(conf["golang_plain"]["display_name"]).to eq("Go Plain")
       expect(conf["node_tx"]["description"]).to eq("A simple nodejs based app, showing how to get user transactions")
-      expect(conf["php_plain"]["app_name"]).to eq("php_plain")
-      expect(conf["sinatra_plain"]["app_url"]).to eq("http://localhost:4567")
+      expect(conf["php_oauth_plain"]["app_name"]).to eq("php_oauth_plain")
+      expect(conf["ruby_oauth_plain"]["app_url"]).to eq("http://localhost:4567")
       expect(conf["java_servlet"]["callback_urls"]).to eq("http://localhost:8080/JavaServlet/Example")
     end
   end

data/starter_kits/golang_plain/example.go

@@ -12,78 +12,189 @@ package main
 //     $ http://localhost:8080
 
 import (
+	"crypto/rand"
+	"encoding/hex"
 	"encoding/json"
+	"errors"
 	"fmt"
+	"io"
 	"net/http"
 	"net/url"
-	"errors"
+	"strings"
 )
 
 // The following sections define the settings you require for the
 // app to be able to connect to and authorize itself against the api.
 
-// app ID and secret, can be found in this apps "Details" page in the
-// AppManager.
-var client_id     = "<CLIENT_ID>"
-var client_secret = "<CLIENT_SECRET>"
-
-// Fidor's OAuth Endpoint (this changes between Sandbox and Production)
-var fidor_oauth_url = "<FIDOR_OAUTH_URL>" // e.g https://fidor.com/api_sandbox/oauth
-// The OAuth Endpoint this App provides
-var oauth_cb_url    = "<APP_URL>"
-
-// The URL of the Fidor API (this changes between Sandbox and
-// Production)
-var fidor_api_url   = "<FIDOR_API_URL>" // e.g https://fidor.com/api_sandbox vs /api
-
-
+type Config struct {
+	AppUrl        string // where to reach this application
+	ClientId      string // OAuth Client_id parameter
+	ClientSecret  string // OAuth Client_secret parameter
+	FidorApiUrl   string // API endpoint (this changes between Sandbox and Production)
+	FidorOauthUrl string // OAuth endpoint (this changes between Sandbox and Production)
+}
 
+var fidorConfig = Config{
+	AppUrl:        "<APP_URL>",
+	ClientId:      "<CLIENT_ID>",
+	ClientSecret:  "<CLIENT_SECRET>",
+	FidorApiUrl:   "<FIDOR_API_URL>",
+	FidorOauthUrl: "<FIDOR_OAUTH_URL>",
+}
 
 func main() {
 	// register a handler function (see next function) to service
 	// requests ...
 	http.HandleFunc("/", indexHandler)
-	fmt.Printf("Now open http://localhost:8080")
+	fmt.Printf("Now open %s\n", fidorConfig.AppUrl)
 	// ... and start listening.
-	http.ListenAndServe(":8080", nil)
+	if u, err := url.Parse(fidorConfig.AppUrl); err != nil {
+		fmt.Printf("Can't make sense of configured url: %s\nBye.\n", fidorConfig.AppUrl)
+	} else {
+		var hostPort = strings.Split(u.Host, ":")
+		var port = ":8080"
+		if len(hostPort) == 2 {
+			port = ":" + hostPort[1]
+		}
+		http.ListenAndServe(port, nil)
+	}
 }
 
 func indexHandler(w http.ResponseWriter, r *http.Request) {
+	if r.Method != "GET" {
+		w.WriteHeader(403)
+		return
+	}
 
-	// ignore any favicon requests, etc.
-	if r.URL.Path != "/" {
+	switch r.URL.Path {
+	case "/":
+		renderWelcome(w)
+	case "/transactions":
+		render("/transactions", w, r)
+	case "/accounts":
+		render("/accounts", w, r)
+	case "/oauth":
+		handleOAuthCallback(w, r)
+	case "/logout":
+		handleLogout(w, r, "/")
+	default:
 		w.WriteHeader(404)
-		return
 	}
+}
+
+const COOKIE_NAME = "GO_SESSION"
+
+// session database, available access_tokens are mapped to their cookie-session keys
+var sessions = make(map[string]string)
+
+// stores a retireved access_token both on the server and the reference in a client-side cookie.
+func createSession(w http.ResponseWriter, accessToken string) {
+	println(accessToken)
+	rnd := make([]byte, 20, 20)
+	rand.Read(rnd)
+	session := hex.EncodeToString(rnd)
+	sessions[session] = accessToken
+	cookie := http.Cookie{
+		Name:  COOKIE_NAME,
+		Value: session,
+	}
+	http.SetCookie(w, &cookie)
+}
+
+// proxies an API endpoint. In case the client is not logged in (i.e. no
+// session cookie is set), the OAuth procedure is initiated. Once the
+// client is logged, a call the the `endpoint` API endpoint is made and
+// the results (including errors) are piped to the client.
+func render(endpoint string, w http.ResponseWriter, r *http.Request) {
+	// check if request has cookie set
+	if cookie, err := r.Cookie(COOKIE_NAME); err != nil {
+		// else redirect to OAuth Authorization EP
+		redirectToOAuth(w, r, endpoint)
+	} else {
+		session := cookie.Value
+		accessToken := sessions[session]
 
-	// check whether we have a GET parameter named `code`, if so,
-	// this is a redirect back from the Fidor OAuth server.
-	values := r.URL.Query()
-	if values["code"] != nil {
-		// retrieve the actual OAuth access token ....
-		code := values.Get("code")
-		if token, err := retrieveTokenFromCode(code); err != nil {
-			fmt.Printf("err: %v\n", err)
+		// pipe api endpoint
+		ep := fmt.Sprintf("%s/%s", fidorConfig.FidorApiUrl, endpoint)
+		if api_req, err := http.NewRequest("GET", ep, nil); err != nil {
 			w.WriteHeader(500)
-			fmt.Fprintf(w, "Unfortunately, an error occurred retrieving oauth token")
+			w.Write([]byte(err.Error()))
 		} else {
-			// ... and finally, greet the user and assemble links
-			renderWelcome(w, token)
+			api_req.Header.Set("Authorization", fmt.Sprintf("Bearer %s", accessToken))
+
+			client := &http.Client{}
+			if api_resp, err := client.Do(api_req); err != nil {
+				w.WriteHeader(500)
+				w.Write([]byte(err.Error()))
+			} else {
+				if api_resp.StatusCode == 401 { // token probably expired
+					handleLogout(w, r, endpoint)
+					return
+				}
+				contentType := http.CanonicalHeaderKey("content-type")
+				w.Header().Set(contentType, api_resp.Header.Get(contentType))
+				w.WriteHeader(api_resp.StatusCode)
+				io.Copy(w, api_resp.Body)
+			}
 		}
+	}
+}
+
+// client browser is redirected to `authorize` oauth endpoints. The
+// `target_endpoint` parameter indicates which application endpoint to
+// redirect the client to once the access_token has been retrieved.
+func redirectToOAuth(w http.ResponseWriter, r *http.Request, target_endpoint string) {
+	_redirectURI := fmt.Sprintf("%s/oauth?ep=%s", fidorConfig.AppUrl, target_endpoint)
+	redirectURI := url.QueryEscape(_redirectURI)
+
+	oauthRedirectURL := fmt.Sprintf("%s/authorize?client_id=%s&state=321&response_type=code&redirect_uri=%s", fidorConfig.FidorOauthUrl, fidorConfig.ClientId, redirectURI)
+	http.Redirect(w, r, oauthRedirectURL, 307)
+}
+
+// handles the oauth callback (i.e. the redirect that the oauth
+// authorize call "returns" to the client)
+func handleOAuthCallback(w http.ResponseWriter, r *http.Request) {
+	code := r.FormValue("code")
+	target := r.FormValue("ep")
+
+	if code == "" || target == "" {
+		w.WriteHeader(500)
+		w.Write([]byte("missing code or target ep"))
+		return
+	}
+
+	if token, err := retrieveTokenFromCode(code, target); err != nil {
+		w.WriteHeader(500)
+		w.Write([]byte(err.Error()))
+		return
 	} else {
-		// we don't have an oauth `code` yet, so we need to
-		// redirect the user to the OAuth provider to get one ...
-		oauth_url := fmt.Sprintf("%s/authorize?client_id=%s&state=123&response_type=code&redirect_uri=%s",
-			fidor_oauth_url,
-			client_id,
-			url.QueryEscape(oauth_cb_url))
-
-		header := w.Header()
-		header.Add("location", oauth_url)
-		w.WriteHeader(307)
+		createSession(w, token)
+		http.Redirect(w, r, target, 307)
 	}
 }
 
+// clear our application's session, forces user to call the oauth
+// authorize endpoint again. This may or may not force the user to have
+// to reenter credentials, depending on whether the user's Fidor session
+// has expired.
+func handleLogout(w http.ResponseWriter, r *http.Request, endpoint string) {
+	if cookie, err := r.Cookie(COOKIE_NAME); err == nil {
+		// we have a cookie
+
+		// remove it from our stored sessions
+		session := cookie.Value
+		delete(sessions, session)
+
+		// kill the cookie on the client
+		cookie := http.Cookie{
+			Name:   COOKIE_NAME,
+			Value:  "",
+			MaxAge: -1,
+		}
+		http.SetCookie(w, &cookie)
+	}
+	http.Redirect(w, r, endpoint, 307)
+}
 
 // Our TokenResponse representation used to pick it out from the JSON
 // returned by the OAuth server.
@@ -92,18 +203,22 @@ type TokenResponse struct {
 }
 
 // Use the OAuth code that the user's browser picked up from the OAuth
-// server to request an OAuth access_token to use in API requests.
-func retrieveTokenFromCode(code string) (token string, err error) {
+// server to request an OAuth access_token to use in API requests. The
+// `target_endpoint` parameter indicates which of this app's endpoints
+// to redirect the client to once we have the access_token and stored a
+// reference in the client's cookie.
+func retrieveTokenFromCode(code string, target_endpoint string) (token string, err error) {
 	// assemble the API endpoint URL and request payload
-	tokenUrl := fmt.Sprintf("%s/token", fidor_oauth_url)
+	redirect_uri := fmt.Sprintf("%s/oauth?ep=%s", fidorConfig.AppUrl, target_endpoint)
 	tokenPayload := url.Values{
-		"client_id":     {client_id},
-		"client_secret": {client_secret},
+		"client_id":     {fidorConfig.ClientId},
+		"client_secret": {fidorConfig.ClientSecret},
 		"code":          {code},
-		"redirect_uri":  {url.QueryEscape(oauth_cb_url)},
+		"redirect_uri":  {url.QueryEscape(redirect_uri)},
 		"grant_type":    {"authorization_code"},
 	}
-	// Call API
+	// Call the Oauth `token` endpoint
+	tokenUrl := fmt.Sprintf("%s/token", fidorConfig.FidorOauthUrl)
 	if resp, err := http.PostForm(tokenUrl, tokenPayload); err != nil {
 		println(err)
 		return "", err
@@ -122,44 +237,8 @@ func retrieveTokenFromCode(code string) (token string, err error) {
 	}
 }
 
-
-// Our server code only makes a single call to the API to retrieve user
-// information. This is our internal representation of the returned JSON
-// used to pick out the user's email.
-type UserResponse struct {
-	Email string `json:"email"`
-}
-
-// function to retrieve user information from the API
-func getUser(token string) (u UserResponse, err error) {
-	// Assemble endpoint URL...
-	url := fmt.Sprintf("%s/users/current?access_token=%s", fidor_api_url, token)
-	if resp, err := http.Get(url); err != nil {
-		return u, err
-	} else {
-		decoder := json.NewDecoder(resp.Body)
-		if err = decoder.Decode(&u); err != nil {
-			return u, err
-		} else {
-			return u, nil
-		}
-	}
-}
-
-
-// once all the OAuth calls have been taken care of, this function is
-// called from the http handler. It retrieves the user's email address
-// and inserts links to `transaction` and `accounts` endpoints.
-
-func renderWelcome(w http.ResponseWriter, token string) {
-	if user, err := getUser(token); err != nil {
-		fmt.Printf("err: %v\n", err)
-		w.WriteHeader(500)
-	} else {
-		txLink := fmt.Sprintf("%s/transactions?access_token=%s", fidor_api_url, token)
-		acctsLink := fmt.Sprintf("%s/accounts?access_token=%s", fidor_api_url, token)
-		fmt.Fprintf(w, indexTemplate, user.Email, token, txLink, acctsLink)
-	}
+func renderWelcome(w http.ResponseWriter) {
+	w.Write([]byte(indexTemplate))
 }
 
 var indexTemplate = `
@@ -167,10 +246,10 @@ var indexTemplate = `
 <head>
 </head>
 <body>
-	<h1>Welcome %s!</h1>
-	<i>retrieved <tt>access_token</tt>: %s</i>
-	<p><a href="%s">Transactions</a></p>
-	<p><a href="%s">Accounts</a></p>
+	<h1>Welcome!</h1>
+	<p><a href="/transactions">Transactions</a></p>
+	<p><a href="/accounts">Accounts</a></p>
+	<p><a href="/logout">Log Out</a></p>
 </body>
 </html>
 `

data/starter_kits/node_tx/example.js

@@ -4,35 +4,49 @@
 //
 // This sample intentionally does not require any further dependencies.
 // We tried to keep things as simple as possible in order to illustrate the
-// underlying mechanisms of the API.
+// underlying mechanisms of the API. This comes at the expense of having
+// to handled cookies and session in the sample...
 //
 // Using this code
 // ---------------
 //
+// The provided source code is divided into three sections:
+// 1.) Handling OAuth calls
+// 2.) Cookie and Session Handling
+// 3.) Handling Browser Requests
+//
 // In order to use this code, a sample app needs to be installed in the
 // Fidor App Manager. Settings for this app are displayed in the app
-// manager an need to be transfered into the config below:
+// manager an need to be transfered into the config below, if you
+// downloaded the code directly from the Fidor App Manager, these
+// settings should be filled in for you:
 
 var fidor_config = {
   app_url        : "<APP_URL>",
   client_id      : "<CLIENT_ID>",
   client_secret  : "<CLIENT_SECRET>",
-  fidor_api_url  : "<FIDOR_API_URL>"
+  fidor_api_url  : "<FIDOR_API_URL>",
+  fidor_oauth_url: "<FIDOR_OAUTH_URL>"
 }
 
 
+/************************************************************************
+/* BEGIN: OAuth Calls
+************************************************************************/
 
-
+//
 // redirect the user to the OAuth authorization endpoint with the
 // following params:
 //   - client_id
 //   - state
 //   - response_type
 //   - redirect_uri
-function redirect_to_oauth(response){
-  var redirect_uri = encodeURIComponent(fidor_config.app_url)
-  var oauth_url = fidor_config.fidor_api_url+
-                  "/oauth/authorize?client_id="+fidor_config.client_id+
+//
+function redirect_to_oauth(response, target_endpoint){
+  var _redirect_uri = fidor_config.app_url+"/oauth?ep="+target_endpoint
+  var redirect_uri = encodeURIComponent(_redirect_uri)
+  var oauth_url = fidor_config.fidor_oauth_url+
+                  "/authorize?client_id="+fidor_config.client_id+
                   "&state=123&response_type=code&"+
                   "redirect_uri="+redirect_uri
   response.writeHead(307, {"location" : oauth_url})
@@ -40,30 +54,45 @@ function redirect_to_oauth(response){
   return
 }
 
+//
 // Execute a POST request against the OAUTH token endpoint
 // in order to exchange: code, client_id, client_secret, 
-// rerdirect_uri and grant_type for an auth_token.
-function retrieve_access_token_from_code( code, cb ) {
-  var oauth_url = url.parse(fidor_config.fidor_api_url)
+// redirect_uri and grant_type for an auth_token.
+//
+// This corresponds to OAuth 3.2 Token Endpoint / 4.1.3 Access Token
+// Request.
+//
+// Parameter:
+// - the code that was returned from the Authorization Endpoint
+// - the target endpoint (transactions/ or accounts/) that was requested
+//   in order to reconstruct the 'redirect-uri' parameter of the
+//   Authorization call.
+// - callback(error, access_token)
+//
+function retrieve_access_token_from_code( code, target_endpoint, cb ) {
+  var oauth_url = url.parse(fidor_config.fidor_oauth_url)
+  
   // where to send the data ...
   var postOptions = {
     method: "POST",
-    path  : oauth_url.path+"/oauth/token",
+    path  : oauth_url.path+"/token",
     port  : oauth_url.port,
     host  : oauth_url.hostname
   }
 
   // ... what to send
+  var redirect_uri = fidor_config.app_url+"/oauth?ep="+target_endpoint
   var postData = {
     code          : code,
     client_id     : fidor_config.client_id,
     client_secret : fidor_config.client_secret,
-    redirect_uri  : encodeURIComponent(fidor_config.app_url),
+    redirect_uri  : encodeURIComponent(redirect_uri),
     grant_type    : "authorization_code"
   }
   postData = querystring.stringify(postData)
 
 	var http_module   = oauth_url.protocol == "https:" ? https : http
+
   var token_request = http_module.request(postOptions, function (res) {
     // collect the data chunks we received and reassemble them
     // on request end ...
@@ -74,7 +103,6 @@ function retrieve_access_token_from_code( code, cb ) {
 
     res.on('end', function() {
       var oauth_response = JSON.parse(data)
-      console.log(oauth_response)
       cb(oauth_response.error, oauth_response.access_token)
     })
   })
@@ -87,39 +115,217 @@ function retrieve_access_token_from_code( code, cb ) {
   token_request.end()
 }
 
+/************************************************************************
+/* END: OAuth Calls
+************************************************************************/
+
+
+/************************************************************************
+/* BEGIN: Cookie & Session Handling
+************************************************************************/
+var COOKIE_NAME="NODE_SESSION"
+var sessions = {}
+
+// retrieve the random session_id from the cookie.
+function getSession(req) {
+  var cookies = req.headers.cookie
+  var session = null
+  if (cookies) {
+    var cookieArr = cookies.split(";")
+    for (var i = 0 ; i != cookieArr.length ; ++i) {
+      var keyValue = cookieArr[i].split("=")
+      if (keyValue && keyValue.length == 2 && keyValue[0].trim() == COOKIE_NAME) {
+        session = keyValue[1]
+        break
+      } 
+    }
+  }
+  return session
+}
+function getAccessTokenFromSession(req) {
+  var session = getSession(req)
+  var access_token = null
+  if (session) {
+    access_token = sessions[session]
+  }
+  return access_token
+}
+function createSession(resp, access_token) {
+  function randomString(len) {
+    var hex = "0123456789abcdef"
+    var rnd = ""
+    for (var i = 0; i!= len; ++i) {
+      rnd += hex[Math.floor(Math.random()*hex.length)]
+    }
+    return rnd
+  }
+  var rnd = randomString(20)
+  sessions[rnd] = access_token
+  resp.setHeader("Set-Cookie", COOKIE_NAME+"="+rnd)
+}
+function removeSession(req, resp) {
+  // find cookie
+  var session = getSession(req)
+  // delete from sessions
+  delete sessions[session]
+  // set expired
+  resp.setHeader("Set-Cookie", COOKIE_NAME+"=nothing; expires=Thu, 01 Jan 1970 00:00:00 GMT")
+}
+
+/************************************************************************
+/* END: Cookie & Session Handling
+************************************************************************/
+
+/************************************************************************
+/* BEGIN: HTTP Handling
+************************************************************************/
 
+//
 // Display a friendly message and links to the API Endpoints.
-function renderWelcome(request, response, token) {
+//
+function renderWelcome(request, response) {
   response.writeHead(200, {"Content-Type" : "text/html"})
-  var content = hello_template.replace(/{token}/g, token)
-  console.log(content)
-  console.log(token)
-  content = content.replace(/{api_uri}/g, fidor_config.fidor_api_url)
-  response.end(content)
+  response.end(hello_template)
 }
 
-// main http functionality
-function listener (request, response) {
 
-  var u    = url.parse(request.url)
-  // reject everything but GET.
-  if (request.method !== "GET" || u.pathname !== "/") {
-    response.writeHead(403, "Forbidden")
-    response.end()
-    return
+
+
+function render (endpoint, req, res) {
+  //
+  // call the api endpoint and pipe the response from the API back to
+  // the caller
+  //
+  function pipeApi(endpoint, access_token, res) {
+    var api_endpoint = url.parse(fidor_config.fidor_api_url+endpoint)
+    var http_module   = api_endpoint.protocol == "https:" ? https : http
+    var http_options = {
+      hostname: api_endpoint.hostname,
+      path: api_endpoint.path,
+      port: api_endpoint.port,
+      method: "GET",
+      headers: {
+        "Authorization": "Bearer "+access_token
+      }
+    }
+
+    var api_request = http_module.request(http_options, function(api_response) {
+      res.setHeader('Content-Type', api_response.headers['content-type'])
+      if (api_response.statusCode == 401) { // access_token has expired.
+        handleLogout(req, res, endpoint)
+        return
+      }
+      res.writeHead(api_response.statusCode, api_response.statusMessage)
+      api_response.on('data', function(chunk) {
+        res.write(chunk)
+      })
+      api_response.on('end', function(){
+        res.end()
+      })
+    })
+
+    api_request.on('error', function (err) {
+      res.writeHead(500, {'Content-Type': 'text/plain'})
+      res.end(err.toString())
+    })
+    api_request.end()
+  }
+
+  //
+  // utility to check whether access token is via session cookie, if not
+  // redirects account holder to OAuth Authorization Endpoint.
+  //
+  function getAccessToken(redirect, req, res, cb) {
+    var accesstoken = getAccessTokenFromSession(req)
+    if (!accesstoken) {
+      // start OAuth 
+      redirect_to_oauth(res, redirect)
+    } else {
+      cb(null, accesstoken)
+    }
+
   }
-  var code = querystring.parse(u.query)["code"]
-  if (code) {
-    retrieve_access_token_from_code( code, function (err, token) {
-      if (err) {}
-      renderWelcome(request, response, token)
+
+  getAccessToken(endpoint, req, res, function (err, accesstoken) {
+    if (err) {
+        res.writeHead(500, {'Content-Type': 'text/plain'})
+        res.end(err.toString())
+        return
+    }
+    pipeApi(endpoint, accesstoken, res)
+  })
+}
+
+function renderTransactions (req, res){
+  render("/transactions", req, res)
+}
+function renderAccounts (req, res){
+  render("/accounts", req, res)
+}
+
+//
+// retrieve the 'code' parameter from the redirect url the
+// OAuth Authorization returns to the user's browser
+//
+function handleOAuthCallback(req, res) {
+  var u      = url.parse(req.url)
+  var query  = querystring.parse(u.query)
+  var code   = query["code"]
+  var target = query["ep"]
+
+  if (code && target) {
+    retrieve_access_token_from_code( code, target, function (err, token) {
+      if (err) {
+        res.writeHead(500, {'Content-Type': 'text/plain'})
+        res.end(err.toString())
+        return
+      }
+      createSession(res, token)
+      res.writeHead(307, {"location" : target})
+      res.end()
     }) 
   } else {
-    // we don't have an oauth `code` yet, so we need to
-		// redirect the user to the OAuth provider to get one ...
-    redirect_to_oauth(response)
+    res.writeHead(500, {'Content-Type': 'text/plain'})
+    res.end("missing code or target")
+  } 
+}
+
+function handleLogout(req, res, endpoint) {
+  // clear session locally and in browser
+  removeSession(req, res)
+  res.writeHead(307, {"location" : endpoint})
+  res.end()
+}
+
+function listener (request, response) {
+  var u = url.parse(request.url)
+  
+  if (request.method !== "GET") {
+    response.writeHead(403, "Forbidden")
+    response.end()
     return
   }
+
+  switch(u.pathname) {
+    case "/":
+      renderWelcome(request, response)
+    break
+    case "/transactions":
+      renderTransactions(request, response)
+    break
+    case "/accounts":
+      renderAccounts(request, response)
+      break
+    case "/oauth":
+      handleOAuthCallback(request, response)
+    break
+    case "/logout":
+      handleLogout(request, response, "/")
+    break
+    default:
+      response.writeHead(404, "Not Found")
+  }
+
 }
 
 // Execution starts here...
@@ -127,7 +333,7 @@ function listener (request, response) {
 var url           = require("url")
 var querystring   = require("querystring")
 var http          = require("http")
-var https         = require("http")
+var https         = require("https")
 
 var _url = url.parse(fidor_config.app_url)
 fidor_config.app_port = _url.port
@@ -145,8 +351,8 @@ var hello_template = ""+
 "</head>"+
 "<body>"+
 "	<h1>Welcome!</h1>"+
-"	<i>retrieved <tt>access_token</tt>: {token} </i>"+
-"	<p><a href='{api_uri}/transactions?access_token={token}'>Transactions</a></p>"+
-"	<p><a href='{api_uri}/accounts?access_token={token}'>Accounts</a></p>"+
+"	<p><a href='/transactions'>Transactions</a></p>"+
+"	<p><a href='/accounts'>Accounts</a></p>"+
+"	<p><a href='/logout'>Log Out</a></p>"+
 "</body>"+
 "</html>"

data/starter_kits/{php_plain → php_oauth_plain}/.fidor_meta.json

@@ -1,7 +1,7 @@
 {
-  "display_name" : "PHP Plain",
+  "display_name" : "PHP oAuth Plain",
   "description"  : "A simple php script, showing how to get the access token",
-  "app_name":"php_plain",
+  "app_name":"php_oauth_plain",
   "app_url":"http://localhost:8000/example.php",
   "callback_urls":"http://localhost:8000/example.php"
 }

data/starter_kits/{php_plain → php_oauth_plain}/README.md

@@ -1,4 +1,4 @@
-# Plain PHP Login - Example
+# Plain PHP oAuth Example
 
 A single view that demonstrates the Fidor API OAuth login flow and how to get 
 an access token.

data/starter_kits/{php_plain → php_oauth_plain}/example.php

@@ -1,12 +1,13 @@
 <?php
 
-  $app_url = "<APP_URL>";                   # default http://localhost:8000/example.php
-  $app_id = "<CLIENT_ID>";
-  $app_secret = "<CLIENT_SECRET>";
-  $fidor_oauth_url = "<FIDOR_OAUTH_URL>";   # e.g https://fidor.com/api_sandbox/oauth
-  $fidor_api_url = "<FIDOR_API_URL>";       # e.g https://fidor.com/api_sandbox vs /api
+$app_url        = "<APP_URL>";           # default http://localhost:8000/example.php
+$app_id         = "<CLIENT_ID>";
+$app_secret     = "<CLIENT_SECRET>";
+$fidor_oauth_url= "<FIDOR_OAUTH_URL>";   # e.g Sandbox: https://aps.fidor.de/oauth / Live: https://apm.fidor.de/oauth
+$fidor_api_url  = "<FIDOR_API_URL>";     # e.g Sandbox: https://aps.fidor.de / Live: https://api.fidor.de
 
-  $code = $_REQUEST["code"];
+
+$code = $_REQUEST["code"];
 
   # 1. redirect to authorize url
   if(empty($code)) {
@@ -38,15 +39,13 @@
   $context  = stream_context_create($options);
   $resp = json_decode(file_get_contents($token_url, false, $context));
 
-  # 3. GET Data e.g.info about current user
-  $usr_url = $fidor_api_url . "/users/current?access_token=" . $resp->access_token;
-  $user = json_decode(file_get_contents($usr_url));
-  $transactions_url = $fidor_api_url . "/transactions?access_token=" . $resp->access_token;
-  echo( "<h2>Hello " . $user->email . "</h2>
+  echo( "<h2>Hello</h2>
          <i>May I present the access token response:</i>
          <blockquote>");
    print_r($resp);
    echo("</blockquote>
-        <p>Now use the access token here: <br> <a href='" . $transactions_url . "'>".$transactions_url."</a></p>");
+        <p>Now use the access token in the request header in your favorite PHP HTTP method or via CURL: </p>
+        <blockquote>curl -v -H \"Authorization: Bearer ".$resp->access_token."\" ".$fidor_api_url."/transactions
+        </blockquote>");
 
-?>
+?>

data/starter_kits/ruby_oauth_plain/.fidor_meta.json

@@ -0,0 +1,7 @@
+{
+  "display_name" : "Ruby oAuth Plain",
+  "description"  : "A simple Ruby app showing the oAuth dance to get and use the access token. Uses Sinatra as server.",
+  "app_name":"ruby_oauth_plain",
+  "app_url":"http://localhost:4567",
+  "callback_urls":"http://localhost:4567"
+}

data/starter_kits/{sinatra_plain → ruby_oauth_plain}/Gemfile

@@ -1,4 +1,3 @@
 source 'https://rubygems.org'
-gem 'activesupport'
 gem 'sinatra'
-gem 'curb'
+gem 'httparty'

data/starter_kits/{sinatra_plain → ruby_oauth_plain}/README.md

@@ -1,13 +1,13 @@
 # Ruby Plain oAuth Login - Example
 
 A single view that demonstrates the Fidor API OAuth login flow and how to get 
-an access token.
+an access token. Uses Sinatra on its server side.
 
 ## Usage
 
 This uses bundler to install the required gems:
 
-  cd sinatra_plain
+  cd ruby_oauth_plain
   bundle install
   ruby example.rb
   

data/starter_kits/ruby_oauth_plain/example.rb

@@ -0,0 +1,39 @@
+require 'rubygems'
+require 'sinatra'
+require 'httparty'
+
+get '/' do
+  # settings
+  @app_url         = '<APP_URL>'          # default for local installs: http://localhost:4567
+  @client_id       = '<CLIENT_ID>'
+  @client_secret   = '<CLIENT_SECRET>'
+  @fidor_oauth_url = '<FIDOR_OAUTH_URL>'  # e.g Sandbox: https://aps.fidor.de/oauth / Live: https://apm.fidor.de/oauth
+  @fidor_api_url   = '<FIDOR_API_URL>'    # e.g Sandbox: https://aps.fidor.de / Live: https://api.fidor.de
+
+  # 1. redirect to authorize url
+  unless code = params["code"]
+    dialog_url = "#{@fidor_oauth_url}/authorize?client_id=#{@client_id}&redirect_uri=#{CGI::escape(@app_url)}&state=1234&response_type=code"
+    redirect dialog_url
+  end
+
+  # 2. get the access token, with code returned from auth dialog above
+  token_url = URI("#{@fidor_oauth_url}/token")
+  post_params = { client_id: @client_id,
+                  redirect_uri: CGI::escape(@app_url),
+                  code: code,
+                  client_secret: @client_secret,
+                  grant_type: 'authorization_code' }
+  resp = HTTParty.post(token_url, body: post_params )
+
+  # GET current user setting the access-token in the request header
+  user = HTTParty.get( "#{@fidor_api_url}/users/current",
+                       headers: { 'Authorization' => "Bearer #{resp['access_token']}"} )
+
+  "<h2>Hello #{user['email']}</h2>
+   <i>May i present the access token response:</i>
+   <blockquote>#{resp.body}</blockquote>
+   <p>Now use the access token in the Header of your Requests, e.g. using CURL</p>
+   <blockquote>
+   curl -v -H \"Authorization: Bearer #{resp['access_token']}\" #{@fidor_api_url}/accounts
+   </blockquote>"
+end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: fidor_starter_kits
 version: !ruby/object:Gem::Version
-  version: 0.3.3
+  version: 0.3.5
 platform: ruby
 authors:
 - Georg Leciejewski
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2015-02-05 00:00:00.000000000 Z
+date: 2015-06-05 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rubyzip
@@ -109,13 +109,13 @@ files:
 - starter_kits/java_servlet/src/de/fidor/api/example/Example.java
 - starter_kits/node_tx/.fidor_meta.json
 - starter_kits/node_tx/example.js
-- starter_kits/php_plain/.fidor_meta.json
-- starter_kits/php_plain/README.md
-- starter_kits/php_plain/example.php
-- starter_kits/sinatra_plain/.fidor_meta.json
-- starter_kits/sinatra_plain/Gemfile
-- starter_kits/sinatra_plain/README.md
-- starter_kits/sinatra_plain/example.rb
+- starter_kits/php_oauth_plain/.fidor_meta.json
+- starter_kits/php_oauth_plain/README.md
+- starter_kits/php_oauth_plain/example.php
+- starter_kits/ruby_oauth_plain/.fidor_meta.json
+- starter_kits/ruby_oauth_plain/Gemfile
+- starter_kits/ruby_oauth_plain/README.md
+- starter_kits/ruby_oauth_plain/example.rb
 homepage: ''
 licenses:
 - MIT

data/starter_kits/sinatra_plain/.fidor_meta.json

@@ -1,7 +0,0 @@
-{
-  "display_name" : "Ruby Sinatra Plain",
-  "description"  : "A simple Sinatra based app, showing how to get an access token.",
-  "app_name":"sinatra_plain",
-  "app_url":"http://localhost:4567",
-  "callback_urls":"http://localhost:4567"
-}

data/starter_kits/sinatra_plain/example.rb

@@ -1,40 +0,0 @@
-require 'rubygems'
-require 'sinatra'
-require 'active_support/json'
-require 'net/http'
-
-get '/' do
-  # settings
-  @app_url         = '<APP_URL>'          # default for local installs: http://localhost:4567
-  @client_id       = '<CLIENT_ID>'
-  @client_secret   = '<CLIENT_SECRET>'
-  @fidor_oauth_url = '<FIDOR_OAUTH_URL>'  # e.g https://fidor.com/oauth
-  @fidor_api_url   = '<FIDOR_API_URL>'    # e.g https://fidor.com/api_sandbox, https://fidor.com/api
-
-  # 1. redirect to authorize url
-  unless code = params["code"]
-    dialog_url = "#{@fidor_oauth_url}/authorize?client_id=#{@client_id}&redirect_uri=#{CGI::escape(@app_url)}&state=1234&response_type=code"
-    redirect dialog_url
-  end
-
-  # 2. get the access token, with code returned from auth dialog above
-  token_url = URI("#{@fidor_oauth_url}/token")
-  # GET and parse access_token response json
-  res = Net::HTTP.post_form(token_url, 'client_id' => @client_id,
-                                       'redirect_uri' => CGI::escape(@app_url),
-                                       'code' =>code,
-                                       'client_secret'=>@client_secret,
-                                       'grant_type'=>'authorization_code')
-
-  resp = ActiveSupport::JSON.decode(res.body)
-
-  # GET current user
-  usr_url = "#{@fidor_api_url}/users/current?access_token=#{resp['access_token']}"
-  user = ActiveSupport::JSON.decode( Net::HTTP.get URI(usr_url) )
-  account_url = "#{@fidor_api_url}/accounts?access_token=#{resp['access_token']}"
-  "<h2>Hello #{user['email']}</h2>
-   <i>May i present the access token response:</i>
-   <blockquote>#{resp.inspect}</blockquote>
-   <p>Now use the access token in <br> <a href='#{account_url}'>#{account_url}</a></p>
-   "
-end