flipper 0.28.3 → 1.0.0

data/Gemfile

@@ -7,15 +7,16 @@ Dir['flipper-*.gemspec'].each do |gemspec|
 end
 
 gem 'debug'
-gem 'rake', '~> 12.3.3'
+gem 'rake'
 gem 'statsd-ruby', '~> 1.2.1'
 gem 'rspec', '~> 3.0'
 gem 'rack-test'
+gem 'rackup'
 gem 'sqlite3', "~> #{ENV['SQLITE3_VERSION'] || '1.4.1'}"
-gem 'rails', "~> #{ENV['RAILS_VERSION'] || '7.0.0'}"
+gem 'rails', "~> #{ENV['RAILS_VERSION'] || '7.0.4'}"
 gem 'minitest', '~> 5.18'
 gem 'minitest-documentation'
-gem 'webmock', '~> 3.0'
+gem 'webmock'
 gem 'ice_age'
 gem 'redis-namespace'
 gem 'webrick'
@@ -23,6 +24,7 @@ gem 'stackprof'
 gem 'benchmark-ips'
 gem 'stackprof-webnav'
 gem 'flamegraph'
+gem 'climate_control'
 
 group(:guard) do
   gem 'guard', '~> 2.15'

data/examples/cloud/app.ru

@@ -0,0 +1,12 @@
+# Usage (from the repo root):
+#   env FLIPPER_CLOUD_TOKEN=<token> FLIPPER_CLOUD_SYNC_SECRET=<secret> bundle exec rackup examples/cloud/app.ru -p 9999
+#   http://localhost:9999/
+
+require 'bundler/setup'
+require 'flipper/cloud'
+
+Flipper.configure do |config|
+  config.default { Flipper::Cloud.new }
+end
+
+run Flipper::Cloud.app

data/examples/cloud/basic.rb

@@ -0,0 +1,22 @@
+# Usage (from the repo root):
+# env FLIPPER_CLOUD_TOKEN=<token> bundle exec ruby examples/cloud/basic.rb
+
+require_relative "./cloud_setup"
+require 'bundler/setup'
+require 'flipper/cloud'
+
+Flipper[:stats].enable
+
+if Flipper[:stats].enabled?
+  puts 'Enabled!'
+else
+  puts 'Disabled!'
+end
+
+Flipper[:stats].disable
+
+if Flipper[:stats].enabled?
+  puts 'Enabled!'
+else
+  puts 'Disabled!'
+end

data/examples/cloud/cloud_setup.rb

@@ -0,0 +1,4 @@
+if ENV["FLIPPER_CLOUD_TOKEN"].nil? || ENV["FLIPPER_CLOUD_TOKEN"].empty?
+  warn "FLIPPER_CLOUD_TOKEN missing so skipping cloud example."
+  exit
+end

data/examples/cloud/forked.rb

@@ -0,0 +1,31 @@
+# Usage (from the repo root):
+# env FLIPPER_CLOUD_TOKEN=<token> bundle exec ruby examples/cloud/threaded.rb
+
+require_relative "./cloud_setup"
+require 'bundler/setup'
+require 'flipper/cloud'
+
+pids = 5.times.map do |n|
+  fork {
+    # Check every second to see if the feature is enabled
+    threads = []
+    5.times do
+      threads << Thread.new do
+        loop do
+          sleep rand
+
+          if Flipper[:stats].enabled?
+            puts "#{Process.pid} #{Time.now.to_i} Enabled!"
+          else
+            puts "#{Process.pid} #{Time.now.to_i} Disabled!"
+          end
+        end
+      end
+    end
+    threads.map(&:join)
+  }
+end
+
+pids.each do |pid|
+  Process.waitpid pid, 0
+end

data/examples/cloud/import.rb

@@ -0,0 +1,17 @@
+# Usage (from the repo root):
+#   env FLIPPER_CLOUD_TOKEN=<token> bundle exec ruby examples/cloud/import.rb
+
+require_relative "./cloud_setup"
+require 'bundler/setup'
+require 'flipper'
+require 'flipper/cloud'
+
+Flipper.enable(:test)
+Flipper.enable(:search)
+Flipper.enable_actor(:stats, Flipper::Actor.new("jnunemaker"))
+Flipper.enable_percentage_of_time(:logging, 5)
+
+cloud = Flipper::Cloud.new
+
+# makes cloud identical to memory flipper
+cloud.import(Flipper)

data/examples/cloud/threaded.rb

@@ -0,0 +1,36 @@
+# Usage (from the repo root):
+# env FLIPPER_CLOUD_TOKEN=<token> bundle exec ruby examples/cloud/threaded.rb
+
+require_relative "./cloud_setup"
+require 'bundler/setup'
+require 'flipper/cloud'
+require "active_support/notifications"
+require "active_support/isolated_execution_state"
+
+ActiveSupport::Notifications.subscribe(/poller\.flipper/) do |*args|
+  p args: args
+end
+
+Flipper.configure do |config|
+  config.default {
+    Flipper::Cloud.new(local_adapter: config.adapter, instrumenter: ActiveSupport::Notifications)
+  }
+end
+
+# Check every second to see if the feature is enabled
+threads = []
+10.times do
+  threads << Thread.new do
+    loop do
+      sleep rand
+
+      if Flipper[:stats].enabled?
+        puts "#{Time.now.to_i} Enabled!"
+      else
+        puts "#{Time.now.to_i} Disabled!"
+      end
+    end
+  end
+end
+
+threads.map(&:join)

data/examples/dsl.rb

@@ -47,20 +47,6 @@ puts "stats.enabled?: #{stats.enabled?}"
 puts "stats.enabled? person: #{stats.enabled? person}"
 puts
 
-# get an instance of the percentage of time type set to 5
-puts Flipper.time(5).inspect
-
-# get an instance of the percentage of actors type set to 15
-puts Flipper.actors(15).inspect
-
-# get an instance of an actor using an object that responds to flipper_id
-responds_to_flipper_id = Struct.new(:flipper_id).new(10)
-puts Flipper.actor(responds_to_flipper_id).inspect
-
-# get an instance of an actor using an object
-actor = Struct.new(:flipper_id).new(22)
-puts Flipper.actor(actor).inspect
-
 # register a top level group
 admins = Flipper.register(:admins) { |actor|
   actor.respond_to?(:admin?) && actor.admin?

data/flipper-cloud.gemspec

@@ -0,0 +1,19 @@
+# -*- encoding: utf-8 -*-
+require File.expand_path('../lib/flipper/version', __FILE__)
+require File.expand_path('../lib/flipper/metadata', __FILE__)
+
+Gem::Specification.new do |gem|
+  gem.authors       = ['John Nunemaker']
+  gem.email         = 'support@flippercloud.io'
+  gem.summary       = '[DEPRECATED] This gem has been merged into the `flipper` gem'
+  gem.license       = 'MIT'
+  gem.homepage      = 'https://www.flippercloud.io'
+
+  gem.files         = [ 'lib/flipper-cloud.rb', 'lib/flipper/version.rb' ]
+  gem.name          = 'flipper-cloud'
+  gem.require_paths = ['lib']
+  gem.version       = Flipper::VERSION
+  gem.metadata      = Flipper::METADATA
+
+  gem.add_dependency 'flipper', "~> #{Flipper::VERSION}"
+end

data/flipper.gemspec

@@ -22,9 +22,9 @@ ignored_test_files.flatten!.uniq!
 
 Gem::Specification.new do |gem|
   gem.authors       = ['John Nunemaker']
-  gem.email         = ['nunemaker@gmail.com']
+  gem.email         = 'support@flippercloud.io'
   gem.summary       = 'Feature flipper for ANYTHING'
-  gem.homepage      = 'https://github.com/jnunemaker/flipper'
+  gem.homepage      = 'https://www.flippercloud.io/docs'
   gem.license       = 'MIT'
 
   gem.files         = `git ls-files`.split("\n") - ignored_files + ['lib/flipper/version.rb']
@@ -35,4 +35,5 @@ Gem::Specification.new do |gem|
   gem.metadata      = Flipper::METADATA
 
   gem.add_dependency 'concurrent-ruby', '< 2'
+  gem.add_dependency 'brow', '~> 0.4.1'
 end

data/lib/flipper/cloud/configuration.rb

@@ -0,0 +1,189 @@
+require "socket"
+require "flipper/adapters/http"
+require "flipper/adapters/poll"
+require "flipper/poller"
+require "flipper/adapters/memory"
+require "flipper/adapters/dual_write"
+require "flipper/adapters/sync/synchronizer"
+require "flipper/cloud/instrumenter"
+require "brow"
+
+module Flipper
+  module Cloud
+    class Configuration
+      # The set of valid ways that syncing can happpen.
+      VALID_SYNC_METHODS = Set[
+        :poll,
+        :webhook,
+      ].freeze
+
+      DEFAULT_URL = "https://www.flippercloud.io/adapter".freeze
+
+      # Private: Keeps track of brow instances so they can be shared across
+      # threads.
+      def self.brow_instances
+        @brow_instances ||= Concurrent::Map.new
+      end
+
+      # Public: The token corresponding to an environment on flippercloud.io.
+      attr_accessor :token
+
+      # Public: The url for http adapter. Really should only be customized for
+       #        development work. Feel free to forget you ever saw this.
+      attr_reader :url
+
+      # Public: net/http read timeout for all http requests (default: 5).
+      attr_accessor :read_timeout
+
+      # Public: net/http open timeout for all http requests (default: 5).
+      attr_accessor :open_timeout
+
+      # Public: net/http write timeout for all http requests (default: 5).
+      attr_accessor :write_timeout
+
+      # Public: IO stream to send debug output too. Off by default.
+      #
+      #  # for example, this would send all http request information to STDOUT
+      #  configuration = Flipper::Cloud::Configuration.new
+      #  configuration.debug_output = STDOUT
+      attr_accessor :debug_output
+
+      # Public: Instrumenter to use for the Flipper instance returned by
+      #         Flipper::Cloud.new (default: Flipper::Instrumenters::Noop).
+      #
+      #  # for example, to use active support notifications you could do:
+      #  configuration = Flipper::Cloud::Configuration.new
+      #  configuration.instrumenter = ActiveSupport::Notifications
+      attr_accessor :instrumenter
+
+      # Public: Local adapter that all reads should go to in order to ensure
+      # latency is low and resiliency is high. This adapter is automatically
+      # kept in sync with cloud.
+      #
+      #  # for example, to use active record you could do:
+      #  configuration = Flipper::Cloud::Configuration.new
+      #  configuration.local_adapter = Flipper::Adapters::ActiveRecord.new
+      attr_accessor :local_adapter
+
+      # Public: The Integer or Float number of seconds between attempts to bring
+      # the local in sync with cloud (default: 10).
+      attr_accessor :sync_interval
+
+      # Public: The secret used to verify if syncs in the middleware should
+      # occur or not.
+      attr_accessor :sync_secret
+
+      def initialize(options = {})
+        @token = options.fetch(:token) { ENV["FLIPPER_CLOUD_TOKEN"] }
+
+        if @token.nil?
+          raise ArgumentError, "Flipper::Cloud token is missing. Please set FLIPPER_CLOUD_TOKEN or provide the token (e.g. Flipper::Cloud.new(token: 'token'))."
+        end
+
+        @read_timeout = options.fetch(:read_timeout) { ENV.fetch("FLIPPER_CLOUD_READ_TIMEOUT", 5).to_f }
+        @open_timeout = options.fetch(:open_timeout) { ENV.fetch("FLIPPER_CLOUD_OPEN_TIMEOUT", 5).to_f }
+        @write_timeout = options.fetch(:write_timeout) { ENV.fetch("FLIPPER_CLOUD_WRITE_TIMEOUT", 5).to_f }
+        @sync_interval = options.fetch(:sync_interval) { ENV.fetch("FLIPPER_CLOUD_SYNC_INTERVAL", 10).to_f }
+        @sync_secret = options.fetch(:sync_secret) { ENV["FLIPPER_CLOUD_SYNC_SECRET"] }
+        @local_adapter = options.fetch(:local_adapter) { Adapters::Memory.new }
+        @debug_output = options[:debug_output]
+        @adapter_block = ->(adapter) { adapter }
+        self.url = options.fetch(:url) { ENV.fetch("FLIPPER_CLOUD_URL", DEFAULT_URL) }
+
+        instrumenter = options.fetch(:instrumenter, Instrumenters::Noop)
+
+        # This is alpha. Don't use this unless you are me. And you are not me.
+        cloud_instrument = options.fetch(:cloud_instrument) { ENV["FLIPPER_CLOUD_INSTRUMENT"] == "1" }
+        @instrumenter = if cloud_instrument
+          Instrumenter.new(brow: brow, instrumenter: instrumenter)
+        else
+          instrumenter
+        end
+      end
+
+      # Public: Read or customize the http adapter. Calling without a block will
+      # perform a read. Calling with a block yields the cloud adapter
+      # for customization.
+      #
+      #   # for example, to instrument the http calls, you can wrap the http
+      #   # adapter with the intsrumented adapter
+      #   configuration = Flipper::Cloud::Configuration.new
+      #   configuration.adapter do |adapter|
+      #     Flipper::Adapters::Instrumented.new(adapter)
+      #   end
+      #
+      def adapter(&block)
+        if block_given?
+          @adapter_block = block
+        else
+          @adapter_block.call app_adapter
+        end
+      end
+
+      # Public: Set url for the http adapter.
+      attr_writer :url
+
+      def sync
+        Flipper::Adapters::Sync::Synchronizer.new(local_adapter, http_adapter, {
+          instrumenter: instrumenter,
+        }).call
+      end
+
+      def brow
+        self.class.brow_instances.compute_if_absent(url + token) do
+          uri = URI.parse(url)
+          uri.path = "#{uri.path}/events".squeeze("/")
+
+          Brow::Client.new({
+            url: uri.to_s,
+            headers: {
+              "Accept" => "application/json",
+              "Content-Type" => "application/json",
+              "User-Agent" => "Flipper v#{VERSION} via Brow v#{Brow::VERSION}",
+              "Flipper-Cloud-Token" => @token,
+            }
+          })
+        end
+      end
+
+      # Public: The method that will be used to synchronize local adapter with
+      # cloud. (default: :poll, will be :webhook if sync_secret is set).
+      def sync_method
+        sync_secret ? :webhook : :poll
+      end
+
+      private
+
+      def app_adapter
+        read_adapter = sync_method == :webhook ? local_adapter : poll_adapter
+        Flipper::Adapters::DualWrite.new(read_adapter, http_adapter)
+      end
+
+      def poller
+        Flipper::Poller.get(@url + @token, {
+          interval: sync_interval,
+          remote_adapter: http_adapter,
+          instrumenter: instrumenter,
+        }).tap(&:start)
+      end
+
+      def poll_adapter
+        Flipper::Adapters::Poll.new(poller, local_adapter)
+      end
+
+      def http_adapter
+        Flipper::Adapters::Http.new({
+          url: @url,
+          read_timeout: @read_timeout,
+          open_timeout: @open_timeout,
+          write_timeout: @write_timeout,
+          max_retries: 0, # we'll handle retries ourselves
+          debug_output: @debug_output,
+          headers: {
+            "Flipper-Cloud-Token" => @token,
+          },
+        })
+      end
+    end
+  end
+end

data/lib/flipper/cloud/dsl.rb

@@ -0,0 +1,27 @@
+require 'forwardable'
+
+module Flipper
+  module Cloud
+    class DSL < SimpleDelegator
+      attr_reader :cloud_configuration
+
+      def initialize(cloud_configuration)
+        @cloud_configuration = cloud_configuration
+        super Flipper.new(@cloud_configuration.adapter, instrumenter: @cloud_configuration.instrumenter)
+      end
+
+      def sync
+        @cloud_configuration.sync
+      end
+
+      def sync_secret
+        @cloud_configuration.sync_secret
+      end
+
+      def inspect
+        inspect_id = ::Kernel::format "%x", (object_id * 2)
+        %(#<#{self.class}:0x#{inspect_id} @cloud_configuration=#{cloud_configuration.inspect}, flipper=#{__getobj__.inspect}>)
+      end
+    end
+  end
+end

data/lib/flipper/cloud/instrumenter.rb

@@ -0,0 +1,48 @@
+require "delegate"
+require "flipper/instrumenters/noop"
+
+module Flipper
+  module Cloud
+    class Instrumenter < SimpleDelegator
+      def initialize(options = {})
+        @brow = options.fetch(:brow)
+        @instrumenter = options.fetch(:instrumenter, Instrumenters::Noop)
+        super @instrumenter
+      end
+
+      def instrument(name, payload = {}, &block)
+        result = @instrumenter.instrument(name, payload, &block)
+        push name, payload
+        result
+      end
+
+      private
+
+      def push(name, payload)
+        return unless name == Flipper::Feature::InstrumentationName
+        return unless :enabled? == payload[:operation]
+
+        dimensions = {
+          "feature" => payload[:feature_name].to_s,
+          "result" => payload[:result].to_s,
+        }
+
+        if (thing = payload[:thing])
+          dimensions["flipper_id"] = thing.value.to_s
+        end
+
+        if (actors = payload[:actors])
+          dimensions["flipper_ids"] = actors.map { |actor| actor.value.to_s }
+        end
+
+        event = {
+          type: "enabled",
+          dimensions: dimensions,
+          measures: {},
+          ts: Time.now.utc,
+        }
+        @brow.push event
+      end
+    end
+  end
+end

data/lib/flipper/cloud/message_verifier.rb

@@ -0,0 +1,95 @@
+require "openssl"
+require "digest/sha2"
+
+module Flipper
+  module Cloud
+    class MessageVerifier
+      class InvalidSignature < StandardError; end
+
+      DEFAULT_VERSION = "v1"
+
+      def self.header(signature, timestamp, version = DEFAULT_VERSION)
+        raise ArgumentError, "timestamp should be an instance of Time" unless timestamp.is_a?(Time)
+        raise ArgumentError, "signature should be a string" unless signature.is_a?(String)
+        "t=#{timestamp.to_i},#{version}=#{signature}"
+      end
+
+      def initialize(secret:, version: DEFAULT_VERSION)
+        @secret = secret
+        @version = version || DEFAULT_VERSION
+
+        raise ArgumentError, "secret should be a string" unless @secret.is_a?(String)
+        raise ArgumentError, "version should be a string" unless @version.is_a?(String)
+      end
+
+      def generate(payload, timestamp)
+        raise ArgumentError, "timestamp should be an instance of Time" unless timestamp.is_a?(Time)
+        raise ArgumentError, "payload should be a string" unless payload.is_a?(String)
+
+        OpenSSL::HMAC.hexdigest(OpenSSL::Digest.new("sha256"), @secret, "#{timestamp.to_i}.#{payload}")
+      end
+
+      def header(signature, timestamp)
+        self.class.header(signature, timestamp, @version)
+      end
+
+      # Public: Verifies the signature header for a given payload.
+      #
+      # Raises a InvalidSignature in the following cases:
+      # - the header does not match the expected format
+      # - no signatures found with the expected scheme
+      # - no signatures matching the expected signature
+      # - a tolerance is provided and the timestamp is not within the
+      #   tolerance
+      #
+      # Returns true otherwise.
+      def verify(payload, header, tolerance: nil)
+        begin
+          timestamp, signatures = get_timestamp_and_signatures(header)
+        rescue StandardError
+          raise InvalidSignature, "Unable to extract timestamp and signatures from header"
+        end
+
+        if signatures.empty?
+          raise InvalidSignature, "No signatures found with expected version #{@version}"
+        end
+
+        expected_sig = generate(payload, timestamp)
+        unless signatures.any? { |s| secure_compare(expected_sig, s) }
+          raise InvalidSignature, "No signatures found matching the expected signature for payload"
+        end
+
+        if tolerance && timestamp < Time.now - tolerance
+          raise InvalidSignature, "Timestamp outside the tolerance zone (#{Time.at(timestamp)})"
+        end
+
+        true
+      end
+
+      private
+
+      # Extracts the timestamp and the signature(s) with the desired version
+      # from the header
+      def get_timestamp_and_signatures(header)
+        list_items = header.split(/,\s*/).map { |i| i.split("=", 2) }
+        timestamp = Integer(list_items.select { |i| i[0] == "t" }[0][1])
+        signatures = list_items.select { |i| i[0] == @version }.map { |i| i[1] }
+        [Time.at(timestamp), signatures]
+      end
+
+      # Private
+      def fixed_length_secure_compare(a, b)
+        raise ArgumentError, "string length mismatch." unless a.bytesize == b.bytesize
+        l = a.unpack "C#{a.bytesize}"
+        res = 0
+        b.each_byte { |byte| res |= byte ^ l.shift }
+        res == 0
+      end
+
+      # Private
+      def secure_compare(a, b)
+        fixed_length_secure_compare(::Digest::SHA256.digest(a), ::Digest::SHA256.digest(b)) && a == b
+      end
+    end
+  end
+end

data/lib/flipper/cloud/middleware.rb

@@ -0,0 +1,63 @@
+# frozen_string_literal: true
+
+require "flipper/cloud/message_verifier"
+
+module Flipper
+  module Cloud
+    class Middleware
+      # Internal: The path to match for webhook requests.
+      WEBHOOK_PATH = %r{\A/webhooks\/?\Z}
+      # Internal: The root path to match for requests.
+      ROOT_PATH = %r{\A/\Z}
+
+      def initialize(app, options = {})
+        @app = app
+        @env_key = options.fetch(:env_key, 'flipper')
+      end
+
+      def call(env)
+        dup.call!(env)
+      end
+
+      def call!(env)
+        request = Rack::Request.new(env)
+        if request.post? && (request.path_info.match(ROOT_PATH) || request.path_info.match(WEBHOOK_PATH))
+          status = 200
+          headers = {
+            "content-type" => "application/json",
+          }
+          body = "{}"
+          payload = request.body.read
+          signature = request.env["HTTP_FLIPPER_CLOUD_SIGNATURE"]
+          flipper = env.fetch(@env_key)
+
+          begin
+            message_verifier = MessageVerifier.new(secret: flipper.sync_secret)
+            if message_verifier.verify(payload, signature)
+              begin
+                flipper.sync
+                body = JSON.generate({
+                  groups: Flipper.group_names.map { |name| {name: name}}
+                })
+              rescue Flipper::Adapters::Http::Error => error
+                status = error.response.code.to_i == 402 ? 402 : 500
+                headers["Flipper-Cloud-Response-Error-Class"] = error.class.name
+                headers["Flipper-Cloud-Response-Error-Message"] = error.message
+              rescue => error
+                status = 500
+                headers["Flipper-Cloud-Response-Error-Class"] = error.class.name
+                headers["Flipper-Cloud-Response-Error-Message"] = error.message
+              end
+            end
+          rescue MessageVerifier::InvalidSignature
+            status = 400
+          end
+
+          [status, headers, [body]]
+        else
+          @app.call(env)
+        end
+      end
+    end
+  end
+end

data/lib/flipper/cloud/routes.rb

@@ -0,0 +1,14 @@
+# Default routes loaded by Flipper::Cloud::Engine
+Rails.application.routes.draw do
+  if ENV["FLIPPER_CLOUD_TOKEN"] && ENV["FLIPPER_CLOUD_SYNC_SECRET"]
+    require 'flipper/cloud'
+    config = Rails.application.config.flipper
+
+    cloud_app = Flipper::Cloud.app(nil,
+      env_key: config.env_key,
+      memoizer_options: { preload: config.preload }
+    )
+
+    mount cloud_app, at: config.cloud_path
+  end
+end