forest_admin_agent 1.0.0.pre.beta.21

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: a86f151f54daa3a9a8f46251c380448eed7c0fdf90ff82818a37fa213a868557
+  data.tar.gz: 2af48bff7f6a6691f2fe495509dba2669ec64d9197886167a1de316c24846263
+SHA512:
+  metadata.gz: 006cdc9ffa0c0afcb5ae7efb9a401b5964d379834bbf416d9f5cd7400de8425c83867ae2e0a83cd5a6f7d9de4043c018c3f2a650cab00383a576baf364ebaf22
+  data.tar.gz: 3d04663fff62e53935d54c3a9312d5c575ff5b78ce7bd5fc2be1e73021f7dbda7ac43fe5f30dc141f07f6d9fb98cb23f54c093be65b2c8cb866daabfd8f97fcf

data/.rspec

@@ -0,0 +1,3 @@
+--format documentation
+--color
+--require spec_helper

data/CHANGELOG.md

@@ -0,0 +1,5 @@
+## [Unreleased]
+
+## [0.1.0] - 2023-08-28
+
+- Initial release

data/README.md

@@ -0,0 +1,35 @@
+# Agent
+
+TODO: Delete this and the text below, and describe your gem
+
+Welcome to your new gem! In this directory, you'll find the files you need to be able to package up your Ruby library into a gem. Put your Ruby code in the file `lib/agent_ruby`. To experiment with that code, run `bin/console` for an interactive prompt.
+
+## Installation
+
+TODO: Replace `UPDATE_WITH_YOUR_GEM_NAME_PRIOR_TO_RELEASE_TO_RUBYGEMS_ORG` with your gem name right after releasing it to RubyGems.org. Please do not do it earlier due to security reasons. Alternatively, replace this section with instructions to install your gem from git if you don't plan to release to RubyGems.org.
+
+Install the gem and add to the application's Gemfile by executing:
+
+    $ bundle add UPDATE_WITH_YOUR_GEM_NAME_PRIOR_TO_RELEASE_TO_RUBYGEMS_ORG
+
+If bundler is not being used to manage dependencies, install the gem by executing:
+
+    $ gem install UPDATE_WITH_YOUR_GEM_NAME_PRIOR_TO_RELEASE_TO_RUBYGEMS_ORG
+
+## Usage
+
+TODO: Write usage instructions here
+
+## Development
+
+After checking out the repo, run `bin/setup` to install dependencies. Then, run `rake spec` to run the tests. You can also run `bin/console` for an interactive prompt that will allow you to experiment.
+
+To install this gem onto your local machine, run `bundle exec rake install`. To release a new version, update the version number in `version.rb`, and then run `bundle exec rake release`, which will create a git tag for the version, push git commits and the created tag, and push the `.gem` file to [rubygems.org](https://rubygems.org).
+
+## Contributing
+
+Bug reports and pull requests are welcome on GitHub at https://github.com/[USERNAME]/agent_ruby.
+
+## License
+
+The gem is available as open source under the terms of the [MIT License](https://opensource.org/licenses/MIT).

data/Rakefile

@@ -0,0 +1,10 @@
+require "bundler/gem_tasks"
+require "rspec/core/rake_task"
+
+RSpec::Core::RakeTask.new(:spec)
+
+require "rubocop/rake_task"
+
+RuboCop::RakeTask.new
+
+task default: %i[spec rubocop]

data/forest_admin

@@ -0,0 +1 @@
+# Logfile created on 2023-09-27 15:44:52 +0200 by logger.rb/v1.5.3

data/forest_admin_agent.gemspec

@@ -0,0 +1,48 @@
+lib = File.expand_path('lib', __dir__)
+$LOAD_PATH.unshift lib unless $LOAD_PATH.include?(lib)
+
+require_relative "lib/forest_admin_agent/version"
+
+Gem::Specification.new do |spec|
+  spec.name         = "forest_admin_agent"
+  spec.version      = ForestAdminAgent::VERSION
+  spec.authors      = ["Matthieu", "Nicolas"]
+  spec.email        = ["matthv@gmail.com", "nicolasalexandre9@gmail.com"]
+  spec.homepage     = "https://www.forestadmin.com"
+  spec.summary      = "Ruby agent for Forest Admin."
+  spec.description  = "Forest is a modern admin interface that works on all major web frameworks. This gem makes Forest
+admin work on any Ruby application."
+  spec.license = "MIT"
+  spec.required_ruby_version = ">= 3.0.0"
+
+  spec.metadata["homepage_uri"] = spec.homepage
+  spec.metadata["source_code_uri"] = "https://github.com/ForestAdmin/agent-ruby"
+  spec.metadata["changelog_uri"] = "https://github.com/ForestAdmin/agent-ruby/CHANGELOG.md"
+  spec.metadata["rubygems_mfa_required"] = "false"
+
+  # Specify which files should be added to the gem when it is released.
+  # The `git ls-files -z` loads the files in the RubyGem that have been added into git.
+  spec.files = Dir.chdir(__dir__) do
+    `git ls-files -z`.split("\x0").reject do |f|
+      (File.expand_path(f) == __FILE__) ||
+        f.start_with?(*%w[bin/ test/ spec/ .git Gemfile LICENSE])
+    end
+  end
+
+  spec.bindir = "exe"
+  spec.executables = spec.files.grep(%r{\Aexe/}) { |f| File.basename(f) }
+  spec.require_paths = ["lib"]
+
+  spec.add_dependency "activesupport", ">= 6.1"
+  spec.add_dependency "dry-container", "~> 0.11"
+  spec.add_dependency "faraday", "~> 2.7"
+  spec.add_dependency "ipaddress", "~> 0.8.3"
+  spec.add_dependency "jsonapi-serializers", "~> 1.0"
+  spec.add_dependency "jwt", "~> 2.7"
+  spec.add_dependency "lightly", "~> 0.4.0"
+  spec.add_dependency "mono_logger", "~> 1.1"
+  spec.add_dependency "openid_connect", "~> 2.2"
+  spec.add_dependency "rake", "~> 13.0"
+  spec.add_dependency "rack-cors", "~> 2.0"
+  spec.add_dependency "zeitwerk", "~> 2.3"
+end

data/lib/forest_admin_agent/auth/auth_manager.rb

@@ -0,0 +1,50 @@
+require 'json'
+
+module ForestAdminAgent
+  module Auth
+    class AuthManager
+      def initialize
+        @oidc = ForestAdminAgent::Auth::OidcClientManager.new
+      end
+
+      def start(rendering_id)
+        client = @oidc.make_forest_provider rendering_id
+        client.authorization_uri({ state: JSON.generate({ renderingId: rendering_id }) })
+      end
+
+      def verify_code_and_generate_token(params)
+        raise Error, ForestAdminAgent::Utils::ErrorMessages::INVALID_STATE_MISSING unless params['state']
+
+        if Facades::Container.cache(:debug)
+          OpenIDConnect.http_config do |options|
+            options.ssl.verify = false
+          end
+        end
+
+        rendering_id = get_rendering_id_from_state(params['state'])
+
+        forest_provider = @oidc.make_forest_provider rendering_id
+        forest_provider.authorization_code = params['code']
+        access_token = forest_provider.access_token! 'none'
+        resource_owner = forest_provider.get_resource_owner access_token
+
+        resource_owner.make_jwt
+      end
+
+      private
+
+      def get_rendering_id_from_state(state)
+        state = JSON.parse(state.tr("'", '"').gsub('=>', ':'))
+        raise Error, ForestAdminAgent::Utils::ErrorMessages::INVALID_STATE_RENDERING_ID unless state.key? 'renderingId'
+
+        begin
+          Integer(state['renderingId'])
+        rescue ArgumentError
+          raise Error, ForestAdminAgent::Utils::ErrorMessages::INVALID_RENDERING_ID
+        end
+
+        state['renderingId'].to_i
+      end
+    end
+  end
+end

data/lib/forest_admin_agent/auth/oauth2/forest_provider.rb

@@ -0,0 +1,62 @@
+require 'openid_connect'
+require_relative 'forest_resource_owner'
+
+module ForestAdminAgent
+  module Auth
+    module OAuth2
+      class ForestProvider < OpenIDConnect::Client
+        attr_reader :rendering_id
+
+        def initialize(rendering_id, attributes = {})
+          super attributes
+          @rendering_id = rendering_id
+          @authorization_endpoint = '/oidc/auth'
+          @token_endpoint = '/oidc/token'
+          self.userinfo_endpoint = "/liana/v2/renderings/#{rendering_id}/authorization"
+        end
+
+        def get_resource_owner(access_token)
+          headers = { 'forest-token': access_token.access_token, 'forest-secret-key': secret }
+          hash = check_response do
+            OpenIDConnect.http_client.get access_token.client.userinfo_uri, {}, headers
+          end
+
+          response = OpenIDConnect::ResponseObject::UserInfo.new hash
+
+          create_resource_owner response.raw_attributes[:data]
+        end
+
+        private
+
+        def create_resource_owner(data)
+          ForestResourceOwner.new data, rendering_id
+        end
+
+        def check_response
+          response = yield
+          case response.status
+          when 200
+            server_error = response.body.key?('errors') ? response.body['errors'][0] : nil
+            if server_error &&
+               server_error['name'] == Utils::ErrorMessages::TWO_FACTOR_AUTHENTICATION_REQUIRED
+              raise Error, Utils::ErrorMessages::TWO_FACTOR_AUTHENTICATION_REQUIRED
+            end
+
+            response.body.with_indifferent_access
+          when 400
+            raise OpenIDConnect::BadRequest.new('API Access Failed', response)
+          when 401
+            raise OpenIDConnect::Unauthorized.new(Utils::ErrorMessages::AUTHORIZATION_FAILED, response)
+          when 404
+            raise OpenIDConnect::HttpError.new(response.status, Utils::ErrorMessages::SECRET_NOT_FOUND, response)
+          when 422
+            raise OpenIDConnect::HttpError.new(response.status,
+                                               Utils::ErrorMessages::SECRET_AND_RENDERINGID_INCONSISTENT, response)
+          else
+            raise OpenIDConnect::HttpError.new(response.status, 'Unknown HttpError', response)
+          end
+        end
+      end
+    end
+  end
+end

data/lib/forest_admin_agent/auth/oauth2/forest_resource_owner.rb

@@ -0,0 +1,42 @@
+require 'date'
+require 'jwt'
+
+module ForestAdminAgent
+  module Auth
+    module OAuth2
+      class ForestResourceOwner
+        def initialize(data, rendering_id)
+          @data = data
+          @rendering_id = rendering_id
+        end
+
+        def id
+          @data['id']
+        end
+
+        def expiration_in_seconds
+          (DateTime.now + (1 / 24.0)).to_time.to_i
+        end
+
+        def make_jwt
+          attributes = @data['attributes']
+          user = {
+            id: id,
+            email: attributes['email'],
+            first_name: attributes['first_name'],
+            last_name: attributes['last_name'],
+            team: attributes['teams'][0],
+            tags: attributes['tags'],
+            rendering_id: @rendering_id,
+            exp: expiration_in_seconds,
+            permission_level: attributes['permission_level']
+          }
+
+          JWT.encode user,
+                     Facades::Container.cache(:auth_secret),
+                     'HS256'
+        end
+      end
+    end
+  end
+end

data/lib/forest_admin_agent/auth/oauth2/oidc_config.rb

@@ -0,0 +1,29 @@
+require 'openid_connect'
+
+module ForestAdminAgent
+  module Auth
+    module OAuth2
+      class OidcConfig
+        def self.discover!(identifier, cache_options = {})
+          uri = URI.parse(identifier)
+          Resource.new(uri).discover!(cache_options).tap do |response|
+            response.expected_issuer = identifier
+            response.validate!
+          end
+        rescue SWD::Exception, OpenIDConnect::ValidationFailed => e
+          raise OpenIDConnect::Discovery::DiscoveryFailed, e.message
+        end
+
+        class Resource < OpenIDConnect::Discovery::Provider::Config::Resource
+          def initialize(uri)
+            super
+            @host = uri.host
+            @port = uri.port unless [80, 443].include?(uri.port)
+            @path = File.join uri.path, 'oidc/.well-known/openid-configuration'
+            attr_missing!
+          end
+        end
+      end
+    end
+  end
+end

data/lib/forest_admin_agent/auth/oidc_client_manager.rb

@@ -0,0 +1,71 @@
+require 'openid_connect'
+require_relative 'oauth2/oidc_config'
+require_relative 'oauth2/forest_provider'
+
+module ForestAdminAgent
+  module Auth
+    class OidcClientManager
+      TTL = 60 * 60 * 24
+
+      def make_forest_provider(rendering_id)
+        config_agent = Facades::Container.config_from_cache
+        cache_key = "#{config_agent[:env_secret]}-client-data"
+        cache = setup_cache(cache_key, config_agent)
+
+        render_provider(cache, rendering_id, config_agent[:env_secret])
+      end
+
+      private
+
+      def setup_cache(env_secret, config_agent)
+        lightly = Lightly.new(life: TTL, dir: "#{config_agent[:cache_dir]}/issuer")
+        lightly.get env_secret do
+          oidc_config = retrieve_config(config_agent[:forest_server_url])
+          credentials = register(
+            config_agent[:env_secret],
+            oidc_config.raw['registration_endpoint'],
+            {
+              token_endpoint_auth_method: 'none',
+              registration_endpoint: oidc_config.raw['registration_endpoint'],
+              application_type: 'web'
+            }
+          )
+
+          {
+            client_id: credentials['client_id'],
+            issuer: oidc_config.raw['issuer'],
+            redirect_uri: credentials['redirect_uris'].first
+          }
+        end
+      end
+
+      def register(env_secret, registration_endpoint, data)
+        response = OpenIDConnect.http_client.post(
+          registration_endpoint,
+          data,
+          { 'Authorization' => "Bearer #{env_secret}" }
+        )
+
+        response.body
+      end
+
+      def render_provider(cache, rendering_id, secret)
+        OAuth2::ForestProvider.new(
+          rendering_id,
+          {
+            identifier: cache[:client_id],
+            redirect_uri: cache[:redirect_uri],
+            host: cache[:issuer].to_s.sub(%r{^https?://(www.)?}, ''),
+            secret: secret
+          }
+        )
+      end
+
+      def retrieve_config(uri)
+        OAuth2::OidcConfig.discover! uri
+      rescue OpenIDConnect::Discovery::DiscoveryFailed
+        raise Error, ForestAdminAgent::Utils::ErrorMessages::SERVER_DOWN
+      end
+    end
+  end
+end

data/lib/forest_admin_agent/builder/agent_factory.rb

@@ -0,0 +1,77 @@
+require 'dry-container'
+require 'lightly'
+
+module ForestAdminAgent
+  module Builder
+    class AgentFactory
+      include Singleton
+
+      TTL_CONFIG = 3600
+      TTL_SCHEMA = 7200
+
+      attr_reader :customizer, :container, :has_env_secret
+
+      def setup(options)
+        @options = options
+        @has_env_secret = options.to_h.key?(:env_secret)
+        @customizer = ForestAdminDatasourceToolkit::Datasource.new
+        build_container
+        build_cache
+        build_logger
+      end
+
+      def add_datasource(datasource)
+        datasource.collections.each { |_name, collection| @customizer.add_collection(collection) }
+        self
+      end
+
+      def build
+        @container.register(:datasource, @customizer)
+        send_schema
+      end
+
+      def send_schema(force: false)
+        return unless @has_env_secret
+
+        schema = ForestAdminAgent::Utils::Schema::SchemaEmitter.get_serialized_schema(@customizer)
+        schema_is_know = @container.key?(:schema_file_hash) &&
+                         @container.resolve(:schema_file_hash).get('value') == schema[:meta][:schemaFileHash]
+
+        if !schema_is_know || force
+          #   Logger::log('Info', 'schema was updated, sending new version');
+          client = ForestAdminAgent::Http::ForestAdminApiRequester.new
+          client.post('/forest/apimaps', schema)
+          schema_file_hash_cache = Lightly.new(life: TTL_SCHEMA, dir: @options[:cache_dir].to_s)
+          schema_file_hash_cache.get 'value' do
+            schema[:meta][:schemaFileHash]
+          end
+          @container.register(:schema_file_hash, schema_file_hash_cache)
+        else
+          @container.resolve(:logger)
+          # TODO:  Logger::log('Info', 'Schema was not updated since last run');
+        end
+      end
+
+      private
+
+      def build_container
+        @container = Dry::Container.new
+      end
+
+      def build_cache
+        @container.register(:cache, Lightly.new(life: TTL_CONFIG, dir: @options[:cache_dir].to_s))
+        return unless @has_env_secret
+
+        cache = @container.resolve(:cache)
+        cache.get 'config' do
+          @options.to_h
+        end
+      end
+
+      def build_logger
+        logger = Services::LoggerService.new(@options[:loggerLevel], @options[:logger])
+        @container.register(:logger, logger)
+      end
+    end
+  end
+end

data/lib/forest_admin_agent/facades/container.rb

@@ -0,0 +1,23 @@
+module ForestAdminAgent
+  module Facades
+    class Container
+      def self.instance
+        ForestAdminAgent::Builder::AgentFactory.instance.container
+      end
+
+      def self.datasource
+        instance.resolve(:datasource)
+      end
+
+      def self.config_from_cache
+        instance.resolve(:cache).get('config')
+      end
+
+      def self.cache(key)
+        raise "Key #{key} not found in container" unless config_from_cache.key?(key)
+
+        config_from_cache[key]
+      end
+    end
+  end
+end

data/lib/forest_admin_agent/facades/whitelist.rb

@@ -0,0 +1,13 @@
+module ForestAdminAgent
+  module Facades
+    class Whitelist
+      def self.check_ip(request_ip)
+        ip_whitelist = ForestAdminAgent::Services::IpWhitelist.new
+        return unless ip_whitelist.enabled?
+        return if ip_whitelist.ip_matches_any_rule?(request_ip)
+
+        raise Net::HTTPExceptions, "IP address rejected (#{request_ip})"
+      end
+    end
+  end
+end

data/lib/forest_admin_agent/http/Exceptions/authentication_open_id_client.rb

@@ -0,0 +1,16 @@
+module ForestAdminAgent
+  module Http
+    module Exceptions
+      class AuthenticationOpenIdClient < HttpException
+        attr_reader :error, :error_description, :state
+
+        def initialize(error, error_description, state)
+          super error, 401, error_description
+          @error = error
+          @error_description = error_description
+          @state = state
+        end
+      end
+    end
+  end
+end

data/lib/forest_admin_agent/http/Exceptions/http_exception.rb

@@ -0,0 +1,17 @@
+module ForestAdminAgent
+  module Http
+    module Exceptions
+      class HttpException < StandardError
+        attr_reader :code, :status, :message, :name
+
+        def initialize(code, status, message, name = nil)
+          super(message)
+          @code = code
+          @status = status
+          @message = message
+          @name = name
+        end
+      end
+    end
+  end
+end

data/lib/forest_admin_agent/http/Exceptions/not_found_error.rb

@@ -0,0 +1,15 @@
+module ForestAdminAgent
+  module Http
+    module Exceptions
+      class NotFoundError < StandardError
+        attr_reader :name, :status
+
+        def initialize(msg, name = 'NotFoundError')
+          super msg
+          @name = name
+          @status = 404
+        end
+      end
+    end
+  end
+end

data/lib/forest_admin_agent/http/forest_admin_api_requester.rb

@@ -0,0 +1,28 @@
+require 'faraday'
+
+module ForestAdminAgent
+  module Http
+    class ForestAdminApiRequester
+      def initialize
+        @headers = {
+          'Content-Type' => 'application/json',
+          'forest-secret-key' => Facades::Container.cache(:env_secret)
+        }
+        @client = Faraday.new(
+          Facades::Container.cache(:forest_server_url),
+          {
+            headers: @headers
+          }
+        )
+      end
+
+      def get(url, params)
+        @client.get(url, params.to_json)
+      end
+
+      def post(url, params)
+        @client.post(url, params.to_json)
+      end
+    end
+  end
+end

data/lib/forest_admin_agent/http/router.rb

@@ -0,0 +1,52 @@
+module ForestAdminAgent
+  module Http
+    class Router
+      include ForestAdminAgent::Routes
+
+      def self.routes
+        [
+          # actions_routes,
+          # api_charts_routes,
+          System::HealthCheck.new.routes,
+          Security::Authentication.new.routes,
+          Resources::Count.new.routes,
+          Resources::Delete.new.routes,
+          Resources::List.new.routes,
+          Resources::Show.new.routes,
+          Resources::Store.new.routes,
+          Resources::Update.new.routes,
+          Resources::Related::ListRelated.new.routes,
+          Resources::Related::CountRelated.new.routes,
+          Resources::Related::AssociateRelated.new.routes,
+          Resources::Related::DissociateRelated.new.routes,
+          Resources::Related::UpdateRelated.new.routes
+        ].inject(&:merge)
+      end
+
+      def self.actions_routes
+        routes = []
+        # TODO
+        # AgentFactory.get('datasource').collections.each do |collection|
+        #   collection.get_actions.each do |action_name, action|
+        #     routes << Actions.new(collection, action_name).routes
+        #   end
+        # end
+        routes.flatten
+      end
+
+      def self.api_charts_routes
+        routes = []
+        # TODO
+        # AgentFactory.get('datasource').charts.each do |chart|
+        #   routes << ApiChartDatasource.new(chart).routes
+        # end
+        # AgentFactory.get('datasource').collections.each do |collection|
+        #   collection.charts.each do |chart|
+        #     routes << ApiChartCollection.new(collection, chart).routes
+        #   end
+        # end
+        routes.flatten
+      end
+    end
+  end
+end

data/lib/forest_admin_agent/routes/abstract_authenticated_route.rb

@@ -0,0 +1,25 @@
+module ForestAdminAgent
+  module Routes
+    class AbstractAuthenticatedRoute < AbstractRoute
+      def build(args = {})
+        if args.dig(:headers, 'action_dispatch.remote_ip')
+          Facades::Whitelist.check_ip(args[:headers]['action_dispatch.remote_ip'].to_s)
+        end
+        @caller = Utils::QueryStringParser.parse_caller(args)
+        super
+      end
+
+      def format_attributes(args)
+        record = args[:params][:data][:attributes]
+
+        args[:params][:data][:relationships]&.map do |field, value|
+          schema = @collection.fields[field]
+
+          record[schema.foreign_key] = value['data'][schema.foreign_key_target] if schema.type == 'ManyToOne'
+        end
+
+        record
+      end
+    end
+  end
+end

data/lib/forest_admin_agent/routes/abstract_related_route.rb

@@ -0,0 +1,12 @@
+module ForestAdminAgent
+  module Routes
+    class AbstractRelatedRoute < AbstractAuthenticatedRoute
+      def build(args = {})
+        super
+
+        relation = @collection.fields[args[:params]['relation_name']]
+        @child_collection = @datasource.collection(relation.foreign_collection)
+      end
+    end
+  end
+end