gorilla_proxy 0.0.12

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: 86f374477f98ffc938956f4bf21a673296373ab6
+  data.tar.gz: b40b64d0abdf5dc8e3026cedd797c7126e2af301
+SHA512:
+  metadata.gz: 0ec890c924924ae90731b547e0efd79523aae5e374adcde9689b62ced96e37ca4577eba57e9f1d6e32c31b0d4529aa1314bea52a07aa81ee90bce444ccf68194
+  data.tar.gz: 61e5958816caefbc7519e1d2fe666f79d90266a08b876217858db1239de977a92a217267925820646782f0c18f2f94d3d4f738f6be031aa9adc1bb3284620e21

data/MIT-LICENSE

@@ -0,0 +1,20 @@
+Copyright 2015 Braden Schaeffer
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.md

@@ -0,0 +1,123 @@
+# GorillaProxy
+
+Configurable Rails Engine for proxying API requests to the Gorilla API.
+
+- [Installation](#installation)
+- [Configuration](#configuration)
+- [CSRF Protection](#csrf-protection)
+- [Routes and Proxying](#routes-and-proxying)
+  * [List of Routes](#list-of-routes)
+
+## Installation
+
+Add it to the Gemfile using Gorilla's private gem source:
+
+```ruby
+source 'https://TdrhpteD4VdUEx8DzQgt@gem.fury.io/gorilla/' do
+  gem 'gorilla_proxy'
+end
+```
+
+Then mount it in the client Rails application:
+
+```ruby
+Rails.application.routes.draw do
+  mount GorillaProxy::Engine => '/'
+end
+```
+
+## Configuration
+
+### Setup Application Keys
+
+By default, the proxy will look for the following environment variables:
+
+- `GORILLA_APP_KEY` - The application's key
+- `GORILLA_APP_SECRET` - The application's secret
+
+You should probably just put those values in the `ENV`, but, if you have to do
+it manually, you can do so in an initializer:
+
+```ruby
+GorillaProxy.configure do |c|
+  c.app_key = 'app-key-which-not-stored-in-the-repo'
+  c.app_secret = 'app-secret-which-not-stored-in-the-repo'
+end
+```
+
+## CSRF Protection
+
+One of the benefits of proxying the API is the added advantage of CSRF
+protection natively with Rails. Mainting CSRF protected connections is really
+easy, and there are only a few steps you need to follow.
+
+1. **Initialization** - When the user visits the page and we load the client
+    layout, make sure the CSRF token is stored in the typical `meta` tag
+    attribute in the `head`.
+
+    ```
+    <%= csrf_meta_tags %>
+    ```
+
+2. **AJAX Requests and `X-CSRF-Token`** - Take the value of that tag and
+    send it along with any AJAX requests in the `X-CSRF-Token` header. Rails
+    will handle validating the token.
+
+3. **Caching the new token** - Your AJAX request handler should also look for
+    a `X-CSRF-Token` in the response. Store that new token so it can be re-used
+    in step #2.
+
+Here's an example:
+
+```javascript
+// On Application load
+window.csrfToken = $('meta[name="csrf-token"]').attr('content');
+
+// Set an ajax prefilter for the CSRF Token
+$.ajaxPrefilter(function(options, originalOptions, xhr) {
+  xhr.setRequestHeader('X-CSRF-Token', window.csrfToken);
+});
+
+// Set an ajax completion handler on the document
+$(document).ajaxComplete(function(event, xhr, settings) {
+  var newToken = xhr.getResponseHeader('X-CSRF-Token');
+  if (newToken) { window.csrfToken = newToken; }
+});
+```
+
+
+## Routes and Proxying
+
+Proxying is handled by directly processing relative endpoints. For example, a
+call to the app's backend like so:
+
+```
+PUT /api/forms/1
+Host: app.gorilla.io
+
+{"name": 'New form name'}
+```
+
+Get's translated into:
+
+```
+PUT /forms/1
+Content-Type: application/json
+Accept: application/vnd.gorilla.v1+json
+Host: api.gorilla.io
+
+{"name": 'New form name'}
+```
+
+The response from the call to the app's backend will mirror the response from
+Gorilla API **exactly**.
+
+### List of Routes
+
+Proxy Route | App Route | Authentication
+------------|-----------|----------------
+`/api/apps/:path` | `api.gorilla.io/apps/:path` | Application Signature
+`/api/:path` | `api.gorilla.io/:path` | Bearer Token
+`/auth/login` | `api.gorilla.io/apps/tokens/authorize` | Application Signature
+`/auth/logout` | `api.gorilla.io/apps/tokens/revoke` | Application Signature
+`/auth/refresh` | `api.gorilla.io/apps/tokens/refresh` | Application Signature

data/Rakefile

@@ -0,0 +1,36 @@
+begin
+  require 'bundler/setup'
+rescue LoadError
+  puts 'You must `gem install bundler` and `bundle install` to run rake tasks'
+end
+
+APP_RAKEFILE = File.expand_path("../spec/dummy/Rakefile", __FILE__)
+load 'rails/tasks/engine.rake'
+
+Bundler::GemHelper.install_tasks
+
+Dir[File.join(File.dirname(__FILE__), 'tasks/**/*.rake')].each {|f| load f }
+
+require 'rspec/core'
+require 'rspec/core/rake_task'
+
+desc "Run all specs in spec directory (excluding plugin specs)"
+RSpec::Core::RakeTask.new(:spec => 'app:db:test:prepare')
+
+task :default => :spec
+
+desc 'Build a package, create a release commit, tag it and push to fury'
+task fury: :build do
+  `fury push pkg/gorilla_proxy-#{GorillaProxy::VERSION}.gem --as gorilla`
+  Rake::Task[:github_release].execute
+end
+
+desc 'Tag and push the gem to github'
+task :github_release do
+  `bundle install`
+  `git add Gemfile.lock lib/gorilla_proxy/version.rb`
+  `git commit --message "Release v#{GorillaProxy::VERSION}"`
+  `git tag v#{GorillaProxy::VERSION}`
+  `git push`
+  `git push --tags`
+end

data/app/assets/stylesheets/gorilla_proxy/application.css

@@ -0,0 +1,15 @@
+/*
+ * This is a manifest file that'll be compiled into application.css, which will include all the files
+ * listed below.
+ *
+ * Any CSS and SCSS file within this directory, lib/assets/stylesheets, vendor/assets/stylesheets,
+ * or any plugin's vendor/assets/stylesheets directory can be referenced here using a relative path.
+ *
+ * You're free to add application-wide styles to this file and they'll appear at the bottom of the
+ * compiled file so the styles you add here take precedence over styles defined in any styles
+ * defined in the other CSS/SCSS files in this directory. It is generally better to create a new
+ * file per style scope.
+ *
+ *= require_tree .
+ *= require_self
+ */

data/app/controllers/gorilla_proxy/api_controller.rb

@@ -0,0 +1,16 @@
+module GorillaProxy
+  class ApiController < ::GorillaProxy::ApplicationController
+
+    before_filter :require_token!, only: [:user_proxy]
+
+    def app_proxy
+      res = app_client.send(proxy_method, "/apps#{proxy_path}", proxy_params)
+      render_api_response(res)
+    end
+
+    def user_proxy
+      res = user_client.send(proxy_method, proxy_path, proxy_params)
+      render_api_response(res)
+    end
+  end
+end

data/app/controllers/gorilla_proxy/application_controller.rb

@@ -0,0 +1,27 @@
+module GorillaProxy
+  class ApplicationController < ActionController::Base
+    include GorillaProxy::ParamsHelper,
+            GorillaProxy::CurrentTokenHelper,
+            GorillaProxy::ClientHelper,
+            GorillaProxy::ResponseHelper
+
+    protect_from_forgery with: :exception
+
+    rescue_from Gorilla::Error, with: :gorilla_error
+
+    def gorilla_error(error)
+      render_api_response(error.response)
+    end
+
+    def require_token!
+      unless current_token.token?
+        render json: {
+          error: {
+            code: 'token_missing',
+            message: 'You are not currently signed in.'
+          }
+        }, status: :unauthorized
+      end
+    end
+  end
+end

data/app/controllers/gorilla_proxy/auth_controller.rb

@@ -0,0 +1,38 @@
+module GorillaProxy
+  class AuthController < ::GorillaProxy::ApplicationController
+
+    before_filter :require_token!, only: [:logout, :refresh_token]
+
+    def login
+      res = app_client.post('/apps/tokens/authorize', login_params)
+      remember_token!(res.body['token'])
+      render json: res.body.except('token'), status: res.status
+    end
+
+    def logout
+      res = app_client.delete('/apps/tokens/revoke', logout_params)
+      forget_token!
+      render_api_response(res)
+    end
+
+    def refresh
+      res = app_client.post('/apps/tokens/refresh', refresh_params)
+      remember_token!(res.body['token'])
+      render json: res.body.except('token'), status: res.status
+    end
+
+    private
+
+    def login_params
+      params.permit(:email, :password)
+    end
+
+    def logout_params
+      {token: current_token.token}
+    end
+
+    def refresh_params
+      {refresh_token: current_token.refresh_token}
+    end
+  end
+end

data/app/helpers/gorilla_proxy/client_helper.rb

@@ -0,0 +1,34 @@
+module GorillaProxy
+  module ClientHelper
+
+    def app_client
+      @app_client ||= begin
+        Gorilla::Client.new(application_config) do |conn|
+          conn.response :http_exceptions
+        end
+      end
+    end
+
+    def user_client
+      @user_client ||= begin
+        Gorilla::VanillaClient.new(application_config) do |conn, options|
+          conn.request :bearer_token, bearer_token
+          conn.response :http_exceptions
+        end
+      end
+    end
+
+    private
+
+    def application_config
+      {
+        key: GorillaProxy.configuration.app_key,
+        secret: GorillaProxy.configuration.app_secret
+      }
+    end
+
+    def bearer_token
+      current_token.token
+    end
+  end
+end

data/app/helpers/gorilla_proxy/current_token_helper.rb

@@ -0,0 +1,31 @@
+module GorillaProxy
+  module CurrentTokenHelper
+
+    def gorilla_token
+      cookies.signed[token_session_key]
+    end
+
+    def remember_token!(token)
+      @current_token = nil
+      cookies.signed[token_session_key] = {
+        value: token,
+        expires: 1.year.from_now
+      }
+    end
+
+    def forget_token!
+      cookies.delete(token_session_key)
+      @current_token = nil
+    end
+
+    def current_token
+      @current_token ||= GorillaProxy::Token.new(gorilla_token)
+    end
+
+    private
+
+    def token_session_key
+      GorillaProxy.configuration.token_session_key
+    end
+  end
+end

data/app/helpers/gorilla_proxy/params_helper.rb

@@ -0,0 +1,26 @@
+module GorillaProxy
+  module ParamsHelper
+
+    EXCEPT_PARAMS = %i{proxy_path controller action}
+
+    def proxy_path
+      '/' + params[:proxy_path].to_s.gsub(/^\//, '')
+    end
+
+    def proxy_method
+      request.request_method.downcase
+    end
+
+    def proxy_params
+      params.except(*EXCEPT_PARAMS).tap do |prepped|
+        prepped.delete(controller_param_namespace)
+      end
+    end
+
+    private
+
+    def controller_param_namespace
+      params[:controller].split('/').last
+    end
+  end
+end

data/app/helpers/gorilla_proxy/response_helper.rb

@@ -0,0 +1,9 @@
+module GorillaProxy
+  module ResponseHelper
+
+    def render_api_response(api_response)
+      response.headers['X-CSRF-Token'] = form_authenticity_token
+      render json: api_response.body, status: api_response.status
+    end
+  end
+end

data/config/initializers/faraday_action_dispatch.rb

@@ -0,0 +1,13 @@
+module ActionDispatch
+  module Http
+    class UploadedFile
+      def length
+        @tempfile.size
+      end
+
+      def local_path
+        @tempfile.path
+      end
+    end
+  end
+end

data/config/routes.rb

@@ -0,0 +1,15 @@
+GorillaProxy::Engine.routes.draw do
+
+  constraints format: :json do
+    scope path: 'auth' do
+      post :login, to: 'auth#login'
+      delete :logout, to: 'auth#logout'
+      post :refresh, to: 'auth#refresh'
+    end
+
+    with_options via: [:get, :put, :post, :delete] do |proxy|
+      proxy.match '/api/apps/*proxy_path', to: 'api#app_proxy'
+      proxy.match '/api/*proxy_path', to: 'api#user_proxy'
+    end
+  end
+end

data/lib/gorilla_proxy.rb

@@ -0,0 +1,25 @@
+require 'configurations'
+require 'gorilla-io'
+require 'active_model'
+
+require 'gorilla_proxy/faraday/bearer_token_middleware'
+require 'gorilla_proxy/token'
+
+require 'gorilla_proxy/engine'
+
+module GorillaProxy
+  include Configurations
+
+  configurable :app_key
+  configurable :app_secret
+  configurable :token_session_key
+
+  configuration_defaults do |c|
+    c.app_key = ENV['GORILLA_APP_KEY']
+    c.app_secret = ENV['GORILLA_APP_SECRET']
+    c.token_session_key = 'gorilla_proxy_token'
+  end
+
+  ::Faraday::Request.register_middleware \
+    bearer_token: GorillaProxy::Faraday::BearerTokenMiddleware
+end

data/lib/gorilla_proxy/engine.rb

@@ -0,0 +1,9 @@
+module GorillaProxy
+  class Engine < ::Rails::Engine
+    isolate_namespace GorillaProxy
+
+    config.generators do |g|
+      g.test_framework :rspec
+    end
+  end
+end

data/lib/gorilla_proxy/faraday/bearer_token_middleware.rb

@@ -0,0 +1,16 @@
+module GorillaProxy
+  module Faraday
+    class BearerTokenMiddleware < ::Faraday::Middleware
+
+      def initialize(app, token)
+        super(app)
+        @token = token
+      end
+
+      def call(env)
+        env[:request_headers]['Authorization'] = "Bearer #{@token}"
+        @app.call(env)
+      end
+    end
+  end
+end

data/lib/gorilla_proxy/token.rb

@@ -0,0 +1,16 @@
+module GorillaProxy
+  class Token
+    include ::ActiveModel::Model
+
+    attr_accessor :token, :refresh_token
+    attr_reader :expires_at
+
+    def expires_at=(time_string)
+      @expires_at = Time.parse(time_string)
+    end
+
+    def token?
+      token.present?
+    end
+  end
+end

data/lib/gorilla_proxy/version.rb

@@ -0,0 +1,3 @@
+module GorillaProxy
+  VERSION = "0.0.12"
+end

data/lib/tasks/gorilla_proxy_tasks.rake

@@ -0,0 +1,4 @@
+# desc "Explaining what the task does"
+# task :gorilla_proxy do
+#   # Task goes here
+# end

metadata

@@ -0,0 +1,133 @@
+--- !ruby/object:Gem::Specification
+name: gorilla_proxy
+version: !ruby/object:Gem::Version
+  version: 0.0.12
+platform: ruby
+authors:
+- Braden Schaeffer
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2015-05-29 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: rails
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 4.2.0
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 4.2.0
+- !ruby/object:Gem::Dependency
+  name: gorilla-io
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.0.7
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.0.7
+- !ruby/object:Gem::Dependency
+  name: configurations
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: rspec-rails
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.0'
+- !ruby/object:Gem::Dependency
+  name: gemfury
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+description: Proxies requests to the Gorilla.io API using the Gorilla Ruby Client.
+email:
+- braden.schaeffer@gmail.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- MIT-LICENSE
+- README.md
+- Rakefile
+- app/assets/stylesheets/gorilla_proxy/application.css
+- app/controllers/gorilla_proxy/api_controller.rb
+- app/controllers/gorilla_proxy/application_controller.rb
+- app/controllers/gorilla_proxy/auth_controller.rb
+- app/helpers/gorilla_proxy/client_helper.rb
+- app/helpers/gorilla_proxy/current_token_helper.rb
+- app/helpers/gorilla_proxy/params_helper.rb
+- app/helpers/gorilla_proxy/response_helper.rb
+- config/initializers/faraday_action_dispatch.rb
+- config/routes.rb
+- lib/gorilla_proxy.rb
+- lib/gorilla_proxy/engine.rb
+- lib/gorilla_proxy/faraday/bearer_token_middleware.rb
+- lib/gorilla_proxy/token.rb
+- lib/gorilla_proxy/version.rb
+- lib/tasks/gorilla_proxy_tasks.rake
+homepage: https://github.com/thinkmechanic/gorilla_proxy
+licenses:
+- MIT
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.4.3
+signing_key: 
+specification_version: 4
+summary: Proxies requests to the Gorilla.io API.
+test_files: []