globalid 0.3.6 → 0.4.2

checksums.yaml

@@ -1,7 +1,7 @@
 ---
-SHA1:
-  metadata.gz: 14fc719e31ef97f014044c96e42be88e4b563a63
-  data.tar.gz: ab0206d64fb1aa095311f86e4be0636d447c28d7
+SHA256:
+  metadata.gz: 1c51189af124bc8712e1242070c33fa3bfd26c900003699a2b21328e8d197e55
+  data.tar.gz: b00783d7b5fd8b7def68e925d6f70e3ddfb70ad82c3603061c0d29e736dfa9f4
 SHA512:
-  metadata.gz: fcfdb39821eb767d1b1f8d86b60813ab4c6a85f71956e294852f279252b7cb5952c5776cceaa23d578f7163ce7431e97fbc18b272254eb15a5cfd2679efc625d
-  data.tar.gz: 2d7ac23c3a6eaf8036d2f42b12299b037438be020316622318f69c9a0df580dc87511610c55b316ba3fd0848e9f479912654979939077fb9f5aa28c712467b0d
+  metadata.gz: 5f5b1a859baae95d9efb693f8d9a0cfb008c82cedfbc3cc994b51cdf46d7191725317e31f8eee824ade1c04a9924d661ca1b9c04e7032ab9250aa20bf8e73614
+  data.tar.gz: c0ac25a21157363a3274e4e58ba99146fa2ce90e0860bbe7c21356a9af9d8013c0404bef2d6f4c793ca20aae287c26fa9625e4c74170574a1f4b048dd961fe0e

data/MIT-LICENSE

@@ -1,4 +1,4 @@
-Copyright (c) 2014 David Heinemeier Hansson
+Copyright (c) 2014-2016 David Heinemeier Hansson
 
 Permission is hereby granted, free of charge, to any person obtaining
 a copy of this software and associated documentation files (the

data/README.md

@@ -0,0 +1,174 @@
+# Global ID - Reference models by URI
+
+A Global ID is an app wide URI that uniquely identifies a model instance:
+
+  gid://YourApp/Some::Model/id
+
+This is helpful when you need a single identifier to reference different
+classes of objects.
+
+One example is job scheduling. We need to reference a model object rather than
+serialize the object itself. We can pass a Global ID that can be used to locate
+the model when it's time to perform the job. The job scheduler doesn't need to know
+the details of model naming and IDs, just that it has a global identifier that
+references a model.
+
+Another example is a drop-down list of options, consisting of both Users and Groups.
+Normally we'd need to come up with our own ad hoc scheme to reference them. With Global
+IDs, we have a universal identifier that works for objects of both classes.
+
+
+## Usage
+
+Mix `GlobalID::Identification` into any model with a `#find(id)` class method.
+Support is automatically included in Active Record.
+
+```ruby
+person_gid = Person.find(1).to_global_id
+# => #<GlobalID ...
+
+person_gid.uri
+# => #<URI ...
+
+person_gid.to_s
+# => "gid://app/Person/1"
+
+GlobalID::Locator.locate person_gid
+# => #<Person:0x007fae94bf6298 @id="1">
+```
+
+### Signed Global IDs
+
+For added security GlobalIDs can also be signed to ensure that the data hasn't been tampered with.
+
+```ruby
+person_sgid = Person.find(1).to_signed_global_id
+# => #<SignedGlobalID:0x007fea1944b410>
+
+person_sgid = Person.find(1).to_sgid
+# => #<SignedGlobalID:0x007fea1944b410>
+
+person_sgid.to_s
+# => "BAhJIh5naWQ6Ly9pZGluYWlkaS9Vc2VyLzM5NTk5BjoGRVQ=--81d7358dd5ee2ca33189bb404592df5e8d11420e"
+
+GlobalID::Locator.locate_signed person_sgid
+# => #<Person:0x007fae94bf6298 @id="1">
+```
+
+**Expiration**
+
+Signed Global IDs can expire some time in the future. This is useful if there's a resource
+people shouldn't have indefinite access to, like a share link.
+
+```ruby
+expiring_sgid = Document.find(5).to_sgid(expires_in: 2.hours, for: 'sharing')
+# => #<SignedGlobalID:0x008fde45df8937 ...>
+
+# Within 2 hours...
+GlobalID::Locator.locate_signed(expiring_sgid.to_s, for: 'sharing')
+# => #<Document:0x007fae94bf6298 @id="5">
+
+# More than 2 hours later...
+GlobalID::Locator.locate_signed(expiring_sgid.to_s, for: 'sharing')
+# => nil
+```
+
+**In Rails, an auto-expiry of 1 month is set by default.** You can alter that deal
+in an initializer with:
+
+```ruby
+# config/initializers/global_id.rb
+Rails.application.config.global_id.expires_in = 3.months
+```
+
+You can assign a default SGID lifetime like so:
+
+```ruby
+SignedGlobalID.expires_in = 1.month
+```
+
+This way any generated SGID will use that relative expiry.
+
+It's worth noting that _expiring SGIDs are not idempotent_ because they encode the current timestamp; repeated calls to `to_sgid` will produce different results. For example, in Rails
+
+```ruby
+Document.find(5).to_sgid.to_s == Document.find(5).to_sgid.to_s
+# => false
+```
+
+You need to explicitly pass `expires_in: nil` to generate a permanent SGID that will not expire,
+
+```ruby
+# Passing a false value to either expiry option turns off expiration entirely.
+never_expiring_sgid = Document.find(5).to_sgid(expires_in: nil)
+# => #<SignedGlobalID:0x008fde45df8937 ...>
+
+# Any time later...
+GlobalID::Locator.locate_signed never_expiring_sgid
+# => #<Document:0x007fae94bf6298 @id="5">
+```
+
+It's also possible to pass a specific expiry time
+
+```ruby
+explicit_expiring_sgid = SecretAgentMessage.find(5).to_sgid(expires_at: Time.now.advance(hours: 1))
+# => #<SignedGlobalID:0x008fde45df8937 ...>
+
+# 1 hour later...
+GlobalID::Locator.locate_signed explicit_expiring_sgid.to_s
+# => nil
+```
+Note that an explicit `:expires_at` takes precedence over a relative `:expires_in`.
+
+**Purpose**
+
+You can even bump the security up some more by explaining what purpose a Signed Global ID is for.
+In this way evildoers can't reuse a sign-up form's SGID on the login page. For example.
+
+```ruby
+signup_person_sgid = Person.find(1).to_sgid(for: 'signup_form')
+# => #<SignedGlobalID:0x007fea1984b520
+
+GlobalID::Locator.locate_signed(signup_person_sgid.to_s, for: 'signup_form')
+# => #<Person:0x007fae94bf6298 @id="1">
+```
+
+### Custom App Locator
+
+A custom locator can be set for an app by calling `GlobalID::Locator.use` and providing an app locator to use for that app.
+A custom app locator is useful when different apps collaborate and reference each others' Global IDs.
+When finding a Global ID's model, the locator to use is based on the app name provided in the Global ID url.
+
+A custom locator can either be a block or a class.
+
+Using a block:
+
+```ruby
+GlobalID::Locator.use :foo do |gid|
+  FooRemote.const_get(gid.model_name).find(gid.model_id)
+end
+```
+
+Using a class:
+
+```ruby
+GlobalID::Locator.use :bar, BarLocator.new
+class BarLocator
+  def locate(gid)
+    @search_client.search name: gid.model_name, id: gid.model_id
+  end
+end
+```
+
+After defining locators as above, URIs like "gid://foo/Person/1" and "gid://bar/Person/1" will now use the foo block locator and `BarLocator` respectively.
+Other apps will still keep using the default locator.
+
+## Contributing to GlobalID
+
+GlobalID is work of many contributors. You're encouraged to submit pull requests, propose
+features and discuss issues.
+
+See [CONTRIBUTING](CONTRIBUTING.md).
+
+## License
+GlobalID is released under the [MIT License](http://www.opensource.org/licenses/MIT).

data/lib/global_id.rb

@@ -1,8 +1,19 @@
 require 'global_id/global_id'
+require 'active_support'
 
 autoload :SignedGlobalID, 'global_id/signed_global_id'
 
 class GlobalID
-  autoload :Locator, 'global_id/locator'
-  autoload :Identification, 'global_id/identification'
+  extend ActiveSupport::Autoload
+
+  eager_autoload do
+    autoload :Locator
+    autoload :Identification
+    autoload :Verifier
+  end
+
+  def self.eager_load!
+    super
+    require 'global_id/signed_global_id'
+  end
 end

data/lib/global_id/global_id.rb

@@ -63,6 +63,11 @@ class GlobalID
   def ==(other)
     other.is_a?(GlobalID) && @uri == other.uri
   end
+  alias_method :eql?, :==
+
+  def hash
+    self.class.hash | @uri.hash
+  end
 
   def to_param
     # remove the = padding character for a prettier param -- it'll be added back in parse_encoded_gid

data/lib/global_id/identification.rb

@@ -5,7 +5,7 @@ class GlobalID
     extend ActiveSupport::Concern
 
     def to_global_id(options = {})
-      @global_id ||= GlobalID.create(self, options)
+      GlobalID.create(self, options)
     end
     alias to_gid to_global_id
 

data/lib/global_id/locator.rb

@@ -106,9 +106,7 @@ class GlobalID
 
       private
         def locator_for(gid)
-          @locators.fetch(normalize_app(gid.app)) do
-            gid.model_class.respond_to?(:unscoped) ? UNSCOPED_LOCATOR : DEFAULT_LOCATOR
-          end
+          @locators.fetch(normalize_app(gid.app)) { DEFAULT_LOCATOR }
         end
 
         def find_allowed?(model_class, only = nil)
@@ -127,7 +125,7 @@ class GlobalID
     private
       @locators = {}
 
-      class DefaultLocator
+      class BaseLocator
         def locate(gid)
           gid.model_class.find gid.model_id
         end
@@ -151,19 +149,26 @@ class GlobalID
             end
           end
       end
-      DEFAULT_LOCATOR = DefaultLocator.new
 
-      class UnscopedLocator < DefaultLocator
+      class UnscopedLocator < BaseLocator
         def locate(gid)
-          gid.model_class.unscoped { super }
+          unscoped(gid.model_class) { super }
         end
 
         private
           def find_records(model_class, ids, options)
-            model_class.unscoped { super }
+            unscoped(model_class) { super }
+          end
+
+          def unscoped(model_class)
+            if model_class.respond_to?(:unscoped)
+              model_class.unscoped { yield }
+            else
+              yield
+            end
           end
       end
-      UNSCOPED_LOCATOR = UnscopedLocator.new
+      DEFAULT_LOCATOR = UnscopedLocator.new
 
       class BlockLocator
         def initialize(block)

data/lib/global_id/railtie.rb

@@ -11,18 +11,21 @@ class GlobalID
   # Set up the signed GlobalID verifier and include Active Record support.
   class Railtie < Rails::Railtie # :nodoc:
     config.global_id = ActiveSupport::OrderedOptions.new
+    config.eager_load_namespaces << GlobalID
 
     initializer 'global_id' do |app|
+      default_expires_in = 1.month
+      default_app_name = app.railtie_name.remove('_application').dasherize
 
-      app.config.global_id.app ||= app.railtie_name.remove('_application').dasherize
-      GlobalID.app = app.config.global_id.app
-
-      app.config.global_id.expires_in ||= 1.month
-      SignedGlobalID.expires_in = app.config.global_id.expires_in
+      GlobalID.app = app.config.global_id.app ||= default_app_name
+      SignedGlobalID.expires_in = app.config.global_id.expires_in ||= default_expires_in
 
       config.after_initialize do
+        GlobalID.app = app.config.global_id.app ||= default_app_name
+        SignedGlobalID.expires_in = app.config.global_id.expires_in ||= default_expires_in
+
         app.config.global_id.verifier ||= begin
-          app.message_verifier(:signed_global_ids)
+          GlobalID::Verifier.new(app.key_generator.generate_key('signed_global_ids'))
         rescue ArgumentError
           nil
         end

data/lib/global_id/signed_global_id.rb

@@ -9,11 +9,7 @@ class SignedGlobalID < GlobalID
     attr_accessor :verifier
 
     def parse(sgid, options = {})
-      if sgid.is_a? self
-        sgid
-      else
-        super verify(sgid, options), options
-      end
+      super verify(sgid.to_s, options), options
     end
 
     # Grab the verifier from options and fall back to SignedGlobalID.verifier.

data/lib/global_id/verifier.rb

@@ -0,0 +1,15 @@
+require 'active_support'
+require 'active_support/message_verifier'
+
+class GlobalID
+  class Verifier < ActiveSupport::MessageVerifier
+    private
+      def encode(data)
+        ::Base64.urlsafe_encode64(data)
+      end
+
+      def decode(data)
+        ::Base64.urlsafe_decode64(data)
+      end
+  end
+end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: globalid
 version: !ruby/object:Gem::Version
-  version: 0.3.6
+  version: 0.4.2
 platform: ruby
 authors:
 - David Heinemeier Hansson
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2015-08-04 00:00:00.000000000 Z
+date: 2019-01-11 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: activesupport
@@ -16,14 +16,14 @@ dependencies:
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: 4.1.0
+        version: 4.2.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: 4.1.0
+        version: 4.2.0
 - !ruby/object:Gem::Dependency
   name: rake
   requirement: !ruby/object:Gem::Requirement
@@ -45,6 +45,7 @@ extensions: []
 extra_rdoc_files: []
 files:
 - MIT-LICENSE
+- README.md
 - lib/global_id.rb
 - lib/global_id/global_id.rb
 - lib/global_id/identification.rb
@@ -52,6 +53,7 @@ files:
 - lib/global_id/railtie.rb
 - lib/global_id/signed_global_id.rb
 - lib/global_id/uri/gid.rb
+- lib/global_id/verifier.rb
 - lib/globalid.rb
 homepage: http://www.rubyonrails.org
 licenses:
@@ -72,10 +74,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubyforge_project: 
-rubygems_version: 2.4.7
+rubygems_version: 3.0.2
 signing_key: 
 specification_version: 4
 summary: 'Refer to any model with a URI: gid://app/class/id'
 test_files: []
-has_rdoc: