gemstash 1.0.4 → 1.1.0

data/lib/gemstash/gem_source/private_source.rb

@@ -6,6 +6,7 @@ module Gemstash
     class PrivateSource < Gemstash::GemSource::Base
       include Gemstash::GemSource::DependencyCaching
       include Gemstash::Env::Helper
+      attr_accessor :auth
 
       def self.rack_env_rewriter
         @rack_env_rewriter ||= Gemstash::RackEnvRewriter.new(%r{\A/private})
@@ -23,27 +24,15 @@ module Gemstash
       end
 
       def serve_add_gem
-        authenticated("Gemstash Private Gems") do
-          auth = request.env["HTTP_AUTHORIZATION"]
-          gem = request.body.read
-          Gemstash::GemPusher.new(auth, gem).push
-        end
+        protected(Gemstash::GemPusher)
       end
 
       def serve_yank
-        authenticated("Gemstash Private Gems") do
-          auth = request.env["HTTP_AUTHORIZATION"]
-          gem_name = params[:gem_name]
-          Gemstash::GemYanker.new(auth, gem_name, slug_param).yank
-        end
+        protected(Gemstash::GemYanker)
       end
 
       def serve_unyank
-        authenticated("Gemstash Private Gems") do
-          auth = request.env["HTTP_AUTHORIZATION"]
-          gem_name = params[:gem_name]
-          Gemstash::GemUnyanker.new(auth, gem_name, slug_param).unyank
-        end
+        protected(Gemstash::GemUnyanker)
       end
 
       def serve_add_spec_json
@@ -67,11 +56,14 @@ module Gemstash
       end
 
       def serve_marshal(id)
-        gem_full_name = id.sub(/\.gemspec\.rz\z/, "")
-        gem = fetch_gem(gem_full_name)
-        halt 404 unless gem.exist?(:spec)
-        content_type "application/octet-stream"
-        gem.content(:spec)
+        authorization.protect(self) do
+          auth.check("fetch") if gemstash_env.config[:protected_fetch]
+          gem_full_name = id.sub(/\.gemspec\.rz\z/, "")
+          gem = fetch_gem(gem_full_name)
+          halt 404 unless gem.exist?(:spec)
+          content_type "application/octet-stream"
+          gem.content(:spec)
+        end
       end
 
       def serve_actual_gem(id)
@@ -79,45 +71,38 @@ module Gemstash
       end
 
       def serve_gem(id)
-        gem_full_name = id.sub(/\.gem\z/, "")
-        gem = fetch_gem(gem_full_name)
-        content_type "application/octet-stream"
-        gem.content(:gem)
+        authorization.protect(self) do
+          auth.check("fetch") if gemstash_env.config[:protected_fetch]
+          gem_full_name = id.sub(/\.gem\z/, "")
+          gem = fetch_gem(gem_full_name)
+          content_type "application/octet-stream"
+          gem.content(:gem)
+        end
       end
 
       def serve_specs
-        content_type "application/octet-stream"
-        Gemstash::SpecsBuilder.all
+        params[:prerelease] = false
+        protected(Gemstash::SpecsBuilder)
       end
 
       def serve_latest_specs
-        content_type "application/octet-stream"
-        Gemstash::SpecsBuilder.latest
+        params[:latest] = true
+        protected(Gemstash::SpecsBuilder)
       end
 
       def serve_prerelease_specs
-        content_type "application/octet-stream"
-        Gemstash::SpecsBuilder.prerelease
+        params[:prerelease] = true
+        protected(Gemstash::SpecsBuilder)
       end
 
     private
 
-      def slug_param
-        version = params[:version]
-        platform = params[:platform]
-
-        if platform.to_s.empty?
-          version
-        else
-          "#{version}-#{platform}"
-        end
+      def protected(servable)
+        authorization.protect(self) { servable.serve(self) }
       end
 
-      def authenticated(realm)
-        yield
-      rescue Gemstash::NotAuthorizedError => e
-        headers["WWW-Authenticate"] = "Basic realm=\"#{realm}\""
-        halt 401, e.message
+      def authorization
+        Gemstash::ApiKeyAuthorization
       end
 
       def dependencies

data/lib/gemstash/gem_source/upstream_source.rb

@@ -196,13 +196,13 @@ module Gemstash
     # default upstream).
     class RubygemsSource < Gemstash::GemSource::UpstreamSource
       def self.matches?(env)
-        if env["HTTP_X_GEMFILE_SOURCE"].to_s.empty?
-          env["gemstash.upstream"] = env["gemstash.env"].config[:rubygems_url]
+        env["gemstash.upstream"] = if env["HTTP_X_GEMFILE_SOURCE"].to_s.empty?
+          env["gemstash.env"].config[:rubygems_url]
         else
-          env["gemstash.upstream"] = env["HTTP_X_GEMFILE_SOURCE"]
+          env["HTTP_X_GEMFILE_SOURCE"]
         end
-        capture_user_agent(env)
 
+        capture_user_agent(env)
         true
       end
     end

data/lib/gemstash/gem_unyanker.rb

@@ -17,13 +17,19 @@ module Gemstash
     class NotYankedVersionError < StandardError
     end
 
-    def initialize(auth_key, gem_name, slug)
-      @auth_key = auth_key
+    def self.serve(app)
+      gem_name = app.params[:gem_name]
+      slug = Gemstash::DB::Version.slug(app.params)
+      new(app.auth, gem_name, slug).serve
+    end
+
+    def initialize(auth, gem_name, slug)
+      @auth = auth
       @gem_name = gem_name
       @slug = slug
     end
 
-    def unyank
+    def serve
       check_auth
       update_database
       invalidate_cache
@@ -40,7 +46,7 @@ module Gemstash
     end
 
     def check_auth
-      Gemstash::Authorization.check(@auth_key, "unyank")
+      @auth.check("unyank")
     end
 
     def update_database

data/lib/gemstash/gem_yanker.rb

@@ -17,13 +17,19 @@ module Gemstash
     class YankedVersionError < StandardError
     end
 
-    def initialize(auth_key, gem_name, slug)
-      @auth_key = auth_key
+    def self.serve(app)
+      gem_name = app.params[:gem_name]
+      slug = Gemstash::DB::Version.slug(app.params)
+      new(app.auth, gem_name, slug).serve
+    end
+
+    def initialize(auth, gem_name, slug)
+      @auth = auth
       @gem_name = gem_name
       @slug = slug
     end
 
-    def yank
+    def serve
       check_auth
       update_database
       invalidate_cache
@@ -40,7 +46,7 @@ module Gemstash
     end
 
     def check_auth
-      Gemstash::Authorization.check(@auth_key, "yank")
+      @auth.check("yank")
     end
 
     def update_database

data/lib/gemstash/health.rb

@@ -0,0 +1,53 @@
+require "gemstash"
+require "date"
+require "server_health_check_rack"
+require "sequel"
+
+module Gemstash
+  # This module contains the logic used to supply a health monitor for
+  # Gemstash. You can access the health monitor at the /health endpoint.
+  module Health
+    # This check can be used if you don't want to read or write content during a
+    # health check.
+    def self.heartbeat
+      true
+    end
+
+    def self.check_storage_read
+      if check_storage_write
+        content = Gemstash::Storage.for("health").resource("test").content(:example)
+        content =~ /\Acontent-\d+\z/
+      end
+    end
+
+    def self.check_storage_write
+      resource = Gemstash::Storage.for("health").resource("test")
+      resource.save(example: "content-#{Time.now.to_i}")
+      true
+    end
+
+    def self.check_db_read
+      result = Gemstash::Env.current.db[:rubygems].where(name: "testing_db_read").count
+      result.is_a?(Numeric)
+    end
+
+    def self.check_db_write
+      Gemstash::Env.current.db.transaction do
+        Gemstash::Env.current.db[:rubygems].insert(name: "health_check:fake_gem_name",
+                                                   created_at: DateTime.now,
+                                                   updated_at: DateTime.now)
+        # We don't want to actually write to the database
+        raise Sequel::Rollback
+      end
+
+      true
+    end
+
+    ServerHealthCheckRack::Checks.check("heartbeat") { Gemstash::Health.heartbeat }
+    ServerHealthCheckRack::Checks.check("storage_read") { Gemstash::Health.check_storage_read }
+    ServerHealthCheckRack::Checks.check("storage_write") { Gemstash::Health.check_storage_write }
+    ServerHealthCheckRack::Checks.check("db_read") { Gemstash::Health.check_db_read }
+    ServerHealthCheckRack::Checks.check("db_write") { Gemstash::Health.check_db_write }
+    RackMiddleware = ServerHealthCheckRack::Middleware
+  end
+end

data/lib/gemstash/http_client.rb

@@ -22,14 +22,16 @@ module Gemstash
 
   #:nodoc:
   class HTTPClient
+    extend Gemstash::Env::Helper
     include Gemstash::Logging
 
-    DEFAULT_USER_AGENT = "Gemstash/#{Gemstash::VERSION}"
+    DEFAULT_USER_AGENT = "Gemstash/#{Gemstash::VERSION}".freeze
 
     def self.for(upstream)
       client = Faraday.new(upstream.to_s) do |config|
         config.use FaradayMiddleware::FollowRedirects
         config.adapter :net_http
+        config.options.timeout = gemstash_env.config[:fetch_timeout]
       end
       user_agent = "#{upstream.user_agent} " unless upstream.user_agent.to_s.empty?
       user_agent = user_agent.to_s + DEFAULT_USER_AGENT
@@ -61,11 +63,11 @@ module Gemstash
 
   private
 
-    def with_retries(times: 3, &block)
+    def with_retries(times: 3)
       loop do
         times -= 1
         begin
-          return block.call
+          return yield
         rescue Faraday::ConnectionFailed => e
           log_error("Connection failure", e)
           raise(ConnectionError, e.message) unless times > 0

data/lib/gemstash/logging.rb

@@ -10,7 +10,7 @@ module Gemstash
       warn: Logger::WARN,
       error: Logger::ERROR,
       fatal: Logger::FATAL
-    }
+    }.freeze
 
     def log
       Gemstash::Logging.logger

data/lib/gemstash/man/gemstash-authorize.1

@@ -1,4 +1,4 @@
-.\" Automatically generated by Pandoc 1.16.0.2
+.\" Automatically generated by Pandoc 1.19.2.1
 .\"
 .TH "gemstash\-authorize" "1" "October 9, 2015" "" ""
 .hy
@@ -14,8 +14,8 @@ privately stored gems
 Adds or removes authorization to interact with privately stored gems.
 .PP
 Any arguments will be used as specific permissions.
-Valid permissions include \f[C]push\f[], \f[C]yank\f[], and
-\f[C]unyank\f[].
+Valid permissions include \f[C]push\f[], \f[C]yank\f[], \f[C]unyank\f[],
+and \f[C]fetch\f[].
 If no permissions are provided, then all permissions will be granted
 (including any that may be added in future versions of Gemstash).
 .SS USAGE
@@ -32,8 +32,9 @@ gemstash\ authorize\ \-\-remove\ \-\-key\ <secure\-key>
 .IP \[bu] 2
 \f[C]\-\-config\-file\ FILE\f[]: Specify the config file to use.
 If you aren\[aq]t using the default config file at
-\f[C]~/.gemstash/config.yml\f[], then you must specify the config file
-via this option.
+\f[C]~/.gemstash/config.yml\f[] or
+\f[C]~/.gemstash/config.yml.erb\f[] (gemstash help customize.7), then
+you must specify the config file via this option.
 .IP \[bu] 2
 \f[C]\-\-key\ SECURE_KEY\f[]: Specify the API key to affect.
 This should be the actual key value, not a name.

data/lib/gemstash/man/gemstash-authorize.1.txt

@@ -14,9 +14,9 @@ DESCRIPTION
        Adds or removes authorization to interact with privately stored gems.
 
        Any  arguments will be used as specific permissions.  Valid permissions
-       include push, yank, and unyank.	If no permissions are  provided,  then
-       all permissions will be granted (including any that may be added in fu-
-       ture versions of Gemstash).
+       include push, yank, unyank, and fetch.  If no permissions are provided,
+       then  all  permissions will be granted (including any that may be added
+       in future versions of Gemstash).
 
    USAGE
 	      gemstash authorize
@@ -26,18 +26,19 @@ DESCRIPTION
 
 OPTIONS
        o --config-file FILE: Specify the config file to use.   If  you	aren't
-	 using	the  default  config  file at ~/.gemstash/config.yml, then you
-	 must specify the config file via this option.
-
-       o --key SECURE_KEY: Specify the API key to affect.  This should be  the
-	 actual  key  value,  not  a name.  This option is required when using
-	 --remove but is optional otherwise.  If adding an authorization,  us-
-	 ing  this will either create or update the permissions for the speci-
-	 fied API key.	If missing, a new API key will	always	be  generated.
+	 using	the  default  config file at ~/.gemstash/config.yml or ~/.gem-
+	 stash/config.yml.erb (gemstash help customize.7), then you must spec-
+	 ify the config file via this option.
+
+       o --key SECURE_KEY:  Specify the API key to affect.  This should be the
+	 actual key value, not a name.	This option  is  required  when  using
+	 --remove  but is optional otherwise.  If adding an authorization, us-
+	 ing this will either create or update the permissions for the	speci-
+	 fied  API  key.   If missing, a new API key will always be generated.
 	 Note that a key can only have a maximum length of 255 chars.
 
-       o --remove:  Remove  an	authorization  rather  than add or update one.
-	 When removing, permission values are  not  allowed.   The  --key <se-
+       o --remove: Remove an authorization rather  than  add  or  update  one.
+	 When  removing,  permission  values  are not allowed.	The --key <se-
 	 cure-key> option is required.
 
 

data/lib/gemstash/man/gemstash-configuration.5

@@ -1,4 +1,4 @@
-.\" Automatically generated by Pandoc 1.16.0.2
+.\" Automatically generated by Pandoc 1.19.2.1
 .\"
 .TH "gemstash\-configuration" "5" "October 13, 2015" "" ""
 .hy
@@ -16,8 +16,15 @@ gemstash\-configuration
 :memcached_servers:\ localhost:11211
 :db_adapter:\ postgres
 :db_url:\ postgres:///gemstash
+:db_connection_options:
+\ \ :test:\ true
+\ \ :pool_timeout:\ 2
 :rubygems_url:\ https://my.gem\-source.local
+:puma_threads:\ 32
 :bind:\ tcp://0.0.0.0:4242
+:protected_fetch:\ true
+:fetch_timeout:\ 10
+:log_file:\ gemstash.log
 \f[]
 .fi
 .SH BASE PATH
@@ -77,28 +84,48 @@ When \f[C]sqlite3\f[] is used, the database will be located at
 \f[C]gemstash.db\f[] within the directory specified by
 \f[C]:base_path\f[].
 The database will automatically be created when using \f[C]sqlite3\f[].
-When \f[C]postgres\f[] is used, the database to connect to must be
-specified in the \f[C]:db_url\f[] configuration key.
-The database must already be created when using \f[C]postgres\f[].
+When \f[C]postgres\f[], \f[C]mysql\f[], or \f[C]mysql2\f[] is used, the
+database to connect to must be specified in the \f[C]:db_url\f[]
+configuration key.
+The database must already be created when using anything other than
+\f[C]sqlite3\f[].
 .SS DEFAULT VALUE
 .PP
 \f[C]sqlite3\f[]
 .SS VALID VALUES
 .PP
-\f[C]sqlite3\f[], \f[C]postgres\f[]
+\f[C]sqlite3\f[], \f[C]postgres\f[], \f[C]mysql\f[], \f[C]mysql2\f[]
 .SH DB URL
 .PP
 \f[C]:db_url\f[]
 .PP
-Specifies the database to connect to when using \f[C]postgres\f[] for
-the \f[C]:db_adapter\f[].
-Only used when \f[C]postgres\f[] is used for \f[C]:db_adapter\f[].
+Specifies the database to connect to when using \f[C]postgres\f[],
+\f[C]mysql\f[], or \f[C]mysql2\f[] for the \f[C]:db_adapter\f[].
+Only used when the \f[C]:db_adapter\f[] is not \f[C]sqlite3\f[].
 .SS DEFAULT VALUE
 .PP
 None
 .SS VALID VALUES
 .PP
 A valid database URL for the Sequel gem (http://sequel.jeremyevans.net/)
+.SH DB CONNECTION OPTIONS
+.PP
+\f[C]:db_connection_options\f[]
+.PP
+Specifies additional \f[C]Sequel.connect\f[] options to use.
+Note that any options here are merged in with the default options, so
+you need not specify the \f[C]max_connections\f[] if you customize this
+option.
+.SS DEFAULT VALUE
+.PP
+\f[C]{\ max_connections:\ 1\ }\f[] for \f[C]sqlite3\f[] adapter,
+\f[C]{\ max_connections:\ config[:puma_threads]\ +\ 1\ }\f[] for any
+other adapter.
+.SS VALID VALUES
+.PP
+A valid connection options Hash for the
+Sequel.connect (http://sequel.jeremyevans.net/rdoc/files/doc/opening_databases_rdoc.html#label-General+connection+options)
+method.
 .SH RUBYGEMS URL
 .PP
 \f[C]:rubygems_url\f[]
@@ -115,6 +142,17 @@ for the previous value.
 .SS VALID VALUES
 .PP
 A valid gem source URL
+.SH PUMA THREADS
+.PP
+\f[C]:puma_threads\f[]
+.PP
+Specifies the number of threads used for the Gemstash server.
+.SS DEFAULT VALUE
+.PP
+\f[C]16\f[]
+.SS VALID VALUES
+.PP
+Integer value with a minimum of \f[C]1\f[]
 .SH BIND ADDRESS
 .PP
 \f[C]:bind\f[]
@@ -131,3 +169,47 @@ as the root user.
 .PP
 Any valid binding that is supported by
 Puma (https://github.com/puma/puma#binding-tcp--sockets)
+.SH PROTECTED FETCH
+.PP
+\f[C]:protected_fetch\f[]
+.PP
+Tells Gemstash to authenticate via an API key before allowing the
+fetching of private gems and specs.
+The default behavior is to allow unauthenticated download of private
+gems and specs.
+.SS DEFAULT VALUE
+.PP
+\f[C]false\f[]
+.SS VALID VALUES
+.PP
+Boolean values \f[C]true\f[] or \f[C]false\f[]
+.SH FETCH TIMEOUT
+.PP
+\f[C]:fetch_timeout\f[]
+.PP
+The timeout setting for fetching gems.
+Fetching gems over a slow connection may cause timeout errors.
+If you experience timeout errors, you may want to increase this value.
+The default is \f[C]20\f[] seconds.
+.SS DEFAULT VALUE
+.PP
+\f[C]20\f[]
+.SS VALID VALUES
+.PP
+Integer value with a minimum of \f[C]1\f[]
+.SH LOG FILE
+.PP
+\f[C]:log_file\f[]
+.PP
+Indicates the name of the file to use for logging.
+The file will be placed in the base
+path (gemstash help configuration.5).
+.SS DEFAULT VALUE
+.PP
+\f[C]server.log\f[]
+.SS VALID VALUES
+.PP
+Any valid file name, or \f[C]:stdout\f[] to log to \f[C]$stdout\f[]
+.PP
+\f[I]Note: Using \f[C]:stdout\f[] for the \f[C]:log_file\f[] requires
+running with \f[C]\-\-no\-daemonize\f[] (gemstash help start.1).\f[]