forest_liana 1.1.35 → 1.2.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 3f2d2369547c1d1b72d396fbea0f5d06a872c948
-  data.tar.gz: df3a3148c1c6dc1202cf6910d9b8636297b2aa81
+  metadata.gz: b1ac7636dfc1feb757f7c5c1632617b8526c55d8
+  data.tar.gz: cdbec10534de350dfe9ab812a2895d637fc089aa
 SHA512:
-  metadata.gz: 93172e33ebe7538208e944f6eec7c0c19c024d81a0a5c5ca68956029e3458bca2182d7b57a086d65344615c3c9d0bc2729227279d9f2e33170d13711ea35610f
-  data.tar.gz: 2b33c39a8b1965709d958f7cc0e88b2aa15bb67f4956c8d7f2215586e06ed17d4b4c7df39433d5f09e4d6e561a1e3f1462c21fbea8d0ca21df4bf7fa6a2aeff4
+  metadata.gz: 956f4acbc70dac684dadb23eb47db50e0304fe2846f9b6691c3d1b7e32f708102a3ec226db8b4215756fdaa29a8be4116cbc5a543f8c4aed17620c00787a2a5b
+  data.tar.gz: dcb47a3daa227866faa6b6fd2529952c0974f8bd916a03ffe44cc45a5dcb5d67a55108589ec06aa18add6504a51291fe8b5b24e4a4ce8f185ae75e179e4a0fef

data/app/controllers/forest_liana/application_controller.rb

@@ -32,9 +32,15 @@ module ForestLiana
 
     def authenticate_user_from_jwt
       if request.headers['Authorization']
-        @jwt_decoded_token = JWT.decode(
-          request.headers['Authorization'].split[1],
-          ForestLiana.jwt_signing_key).try(:first)
+        begin
+          token = request.headers['Authorization'].split.second
+          @jwt_decoded_token = JWT.decode(token, ForestLiana.auth_key, true, {
+            algorithm: 'HS256',
+            leeway: 30
+          }).try(:first)
+        rescue JWT::ExpiredSignature, JWT::VerificationError
+          render json: { error: 'expired_token' }, status: 401
+        end
       else
         render nothing: true, status: 401
       end

data/app/controllers/forest_liana/sessions_controller.rb

@@ -0,0 +1,37 @@
+module ForestLiana
+  class SessionsController < ActionController::Base
+
+    def create
+      user = ForestLiana.allowed_users.find do |allowed_user|
+        allowed_user['email'] == params['email'] &&
+          BCrypt::Password.new(allowed_user['password']) == params['password']
+      end
+
+      if user
+        token = JWT.encode({
+          exp: Time.now.to_i + 2.weeks.to_i,
+          data: serialized_user(user)
+        } , ForestLiana.auth_key, 'HS256')
+
+        render json: { token: token }
+      else
+        render nothing: true, status: 401
+      end
+    end
+
+    private
+
+    def serialized_user(user)
+      {
+        type: 'users',
+        id: user[:id],
+        data: {
+          email: user[:email],
+          first_name: user[:'first-name'] ,
+          last_name: user[:'last-name']
+        }
+      }
+    end
+
+  end
+end

data/app/controllers/forest_liana/stats_controller.rb

@@ -3,13 +3,13 @@ module ForestLiana
     before_filter :find_resource
 
     def show
-      case stat_params[:type].try(:downcase)
+      case params[:type].try(:downcase)
       when 'value'
-        stat = ValueStatGetter.new(@resource, stat_params)
+        stat = ValueStatGetter.new(@resource, params)
       when 'pie'
-        stat = PieStatGetter.new(@resource, stat_params)
+        stat = PieStatGetter.new(@resource, params)
       when 'line'
-        stat = LineStatGetter.new(@resource, stat_params)
+        stat = LineStatGetter.new(@resource, params)
       end
 
       stat.perform
@@ -29,18 +29,6 @@ module ForestLiana
         render json: {status: 404}, status: :not_found
       end
     end
-
-    def stat_params
-      # Avoid to warn/crash if there's no filters.
-      params[:stat].delete(:filters) if params[:stat][:filters].blank?
-
-      params.require(:stat).permit(:type, :collection, :aggregate, :time_range,
-                                   :aggregate_field, :group_by_field,
-                                   :group_by_date_field, :filters => [
-                                     :field, :value
-                                   ])
-    end
-
   end
 end
 

data/app/serializers/forest_liana/session_serializer.rb

@@ -0,0 +1,33 @@
+module ForestLiana
+  class SessionSerializer
+    include JSONAPI::Serializer
+
+    attribute :first_name
+    attribute :last_name
+    attribute :email
+
+    def type
+      'users'
+    end
+
+    def format_name(attribute_name)
+      attribute_name.to_s
+    end
+
+    def unformat_name(attribute_name)
+      attribute_name.to_s.underscore
+    end
+
+    def self_link
+      nil
+    end
+
+    def relationship_self_link(attribute_name)
+      nil
+    end
+
+    def relationship_related_link(attribute_name)
+      nil
+    end
+  end
+end

data/app/services/forest_liana/activity_logger.rb

@@ -2,21 +2,20 @@ require 'jwt'
 
 class ForestLiana::ActivityLogger
 
-  def perform(user, action, collection_name, resource_id)
-    token = JWT.encode({}, ForestLiana.jwt_signing_key, 'HS256')
-    uri = URI.parse("#{forest_url}/api/projects/#{project_id(user)}/activity-logs")
+  def perform(session, action, collection_name, resource_id)
+    uri = URI.parse("#{forest_url}/api/activity-logs")
     http = Net::HTTP.new(uri.host, uri.port)
     http.use_ssl = true if forest_url.start_with?('https')
 
     http.start do |client|
       request = Net::HTTP::Post.new(uri.path)
-      request['Content-Type'] = 'application/json'
-      request['Authorization'] = "Bearer #{token}"
+      request['Content-Type'] = 'application/vnd.api+json'
+      request['forest-secret-key'] = ForestLiana.secret_key
       request.body = {
-        session: user['session'],
         action: action,
         collection: collection_name,
-        resource: resource_id
+        resource: resource_id,
+        user: session['data']['id']
       }.to_json
 
       client.request(request)
@@ -25,10 +24,6 @@ class ForestLiana::ActivityLogger
 
   private
 
-  def project_id(user)
-    user['session']['data']['relationships']['project']['data']['id'];
-  end
-
   def forest_url
     ENV['FOREST_URL'] || 'https://forestadmin-server.herokuapp.com';
   end

data/app/services/forest_liana/resources_getter.rb

@@ -17,7 +17,7 @@ module ForestLiana
     end
 
     def count
-      @records.to_a.count
+      search_query.count
     end
 
     private

data/config/routes.rb

@@ -1,4 +1,7 @@
 ForestLiana::Engine.routes.draw do
+  # Login
+  post 'sessions' => 'sessions#create'
+
   # Stripe Integration
   get 'stripe_payments' => 'stripe#payments'
   get ':collection/:id/stripe_payments' => 'stripe#payments'

data/lib/forest_liana.rb

@@ -4,8 +4,15 @@ module ForestLiana
   module UserSpace
   end
 
-  mattr_accessor :jwt_signing_key
+  mattr_accessor :secret_key
+  mattr_accessor :auth_key
   mattr_accessor :integrations
   mattr_accessor :apimap
+  mattr_accessor :allowed_users
+
+  # Legacy.
+  mattr_accessor :jwt_signing_key
+
   self.apimap = []
+  self.allowed_users = []
 end

data/lib/forest_liana/bootstraper.rb

@@ -4,12 +4,21 @@ module ForestLiana
     def initialize(app)
       @app = app
       @logger = Logger.new(STDOUT)
+
+      if ForestLiana.jwt_signing_key
+         warn "DEPRECATION WARNING: the use of ForestLiana.jwt_signing_key \
+(config/initializers/forest_liana.rb) is deprecated. Use \
+ForestLiana.secret_key and ForestLiana.auth_key instead. \
+More info at: https://github.com/ForestAdmin/forest-rails/releases/tag/1.2.0"
+        ForestLiana.secret_key = ForestLiana.jwt_signing_key
+        ForestLiana.auth_key = ForestLiana.jwt_signing_key
+      end
     end
 
     def perform
       create_serializers
 
-      if ForestLiana.jwt_signing_key
+      if ForestLiana.secret_key
         create_apimap
         send_apimap
       end
@@ -61,12 +70,18 @@ module ForestLiana
         request = Net::HTTP::Post.new(uri.path)
         request.body = json.to_json
         request['Content-Type'] = 'application/json'
-        request['forest-secret-key'] = ForestLiana.jwt_signing_key
+        request['forest-secret-key'] = ForestLiana.secret_key
         response = client.request(request)
 
         if response.is_a?(Net::HTTPNotFound)
           @logger.warn "Forest cannot find your project secret key. " \
             "Please, run `rails g forest_liana:install`."
+        else
+          ForestLiana.allowed_users = JSON.parse(response.body)['data'].map do |d|
+            user = d['attributes']
+            user['id'] = d['id']
+            user
+          end
         end
       end
     end

data/lib/forest_liana/engine.rb

@@ -5,6 +5,8 @@ require 'groupdate'
 require 'net/http'
 require 'intercom'
 require 'useragent'
+require 'jwt'
+require 'bcrypt'
 require_relative 'bootstraper'
 
 module ForestLiana

data/lib/forest_liana/version.rb

@@ -1,3 +1,3 @@
 module ForestLiana
-  VERSION = "1.1.35"
+  VERSION = "1.2.1"
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: forest_liana
 version: !ruby/object:Gem::Version
-  version: 1.1.35
+  version: 1.2.1
 platform: ruby
 authors:
 - Sandro Munda
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2016-02-16 00:00:00.000000000 Z
+date: 2016-03-01 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rails
@@ -136,6 +136,20 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: '0'
+- !ruby/object:Gem::Dependency
+  name: bcrypt
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
 description: Forest Rails Liana
 email:
 - sandro@munda.me
@@ -154,6 +168,7 @@ files:
 - app/controllers/forest_liana/associations_controller.rb
 - app/controllers/forest_liana/intercom_controller.rb
 - app/controllers/forest_liana/resources_controller.rb
+- app/controllers/forest_liana/sessions_controller.rb
 - app/controllers/forest_liana/stats_controller.rb
 - app/controllers/forest_liana/stripe_controller.rb
 - app/deserializers/forest_liana/resource_deserializer.rb
@@ -166,6 +181,7 @@ files:
 - app/serializers/forest_liana/intercom_attribute_serializer.rb
 - app/serializers/forest_liana/intercom_conversation_serializer.rb
 - app/serializers/forest_liana/serializer_factory.rb
+- app/serializers/forest_liana/session_serializer.rb
 - app/serializers/forest_liana/stat_serializer.rb
 - app/serializers/forest_liana/stripe_card_serializer.rb
 - app/serializers/forest_liana/stripe_invoice_serializer.rb