graphql_authorizer 0.2.3 → 1.0.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: a79727d7ea8ff49e3eb31fbbcc541bb8fd2164de161567795228c27dcaf87927
-  data.tar.gz: bc5eb0b7d34ca471d701bd3478859768119ff356c82ffb4b82db3235f2e133c6
+  metadata.gz: 686bf1bf26471f700bc0cbf1187529aec7909a35d47cfe6e008e35202f343c8d
+  data.tar.gz: eaaecb01b4df704600d16d4cac6fd52c125a474ddfb1d7922dc8b608b552318c
 SHA512:
-  metadata.gz: 573aed5515a38966eb96dc340b234d11655f5bada949609b6b19b72dbef41a15d6da8623cbac7e8d259302c71d56cf01838d4baa82990d35cd9fb024837212a9
-  data.tar.gz: a636bf02ba9120683d6c514cc44c400c491ab68c709b3383ad8fbc05ba3998bf680ec8d3d936183d6702ca34f8369a685681300f6807edb4c539ce5b29d3330a
+  metadata.gz: 10a5b233aa63bb16208a2b28f833aee425a42169dd58b2ba4ff0029b21883b7025fb3ccc3e99945bad173a7c9da450b98643276e393f5f6259f53f135adc3b9f
+  data.tar.gz: 63d7763556382ce209de0f33a9d606201a6c546dcdda3370a1aeb691a5dbeea2de01c27db4cb1fa0ee64889425888b0fdafaae027b6e7072606c2d8b1e0727dd

data/Gemfile.lock

@@ -1,10 +1,9 @@
 PATH
   remote: .
   specs:
-    graphql_authorizer (0.2.2)
+    graphql_authorizer (0.2.5)
       activesupport (~> 5.1.3, >= 5.1.3)
       openssl (~> 2.1.1, >= 2.1.1)
-      rack-attack (~> 5.4)
 
 GEM
   remote: https://rubygems.org/
@@ -25,9 +24,6 @@ GEM
     pry (0.11.3)
       coderay (~> 1.1.0)
       method_source (~> 0.9.0)
-    rack (2.0.5)
-    rack-attack (5.4.0)
-      rack (>= 1.0, < 3)
     rake (10.5.0)
     thread_safe (0.3.6)
     tzinfo (1.2.5)

data/README.md

@@ -1,15 +1,18 @@
 # GraphQLAuthorizer
 
-Welcome to your new gem! In this directory, you'll find the files you need to be able to package up your Ruby library into a gem. Put your Ruby code in the file `lib/GraphQL_Authorizer`. To experiment with that code, run `bin/console` for an interactive prompt.
-
-TODO: Delete this and the text above, and describe your gem
+GraphqlAuthorizer is built to provide simple access authorization in Graphql
+Endpoints by encrypting `Access Key` and request `Timestamp`.
 
 ## Installation
 
 Add this line to your application's Gemfile:
 
 ```ruby
-gem 'GraphQL_Authorizer'
+gem 'graphql_authorizer'
+
+# or with git source
+
+gem "graphql_authorizer", git: "git@bitbucket.org:gorated/graphql-authorizer.git"
 ```
 
 And then execute:
@@ -18,11 +21,84 @@ And then execute:
 
 Or install it yourself as:
 
-    $ gem install GraphQL_Authorizer
+    $ gem install graphql_authorizer
 
 ## Usage
 
-TODO: Write usage instructions here
+run generator:
+
+    $ rails g graphql_authorizer:install
+
+This will generate initializer configuration files for:
+
+ - [GraphQLAuthorizer](https://bitbucket.org/gorated/graphql-authorizer/src/master/lib/generators/graphql_authorizer/templates/graphql_authorizer.rb)
+
+ - [Rack-Attack](https://bitbucket.org/gorated/graphql-authorizer/src/master/lib/generators/graphql_authorizer/templates/rack_attack.rb).
+
+ note: `Rack Attack` initializer file contains basic configurations to `allow`,
+ `block` and `throttle` client's access based on defined conditions.
+
+ For more configuration options please check [rack-attack](https://github.com/kickstarter/rack-attack)
+
+note: you need to supply shared access key for `client` and `application` in
+`initializers/graphql_authorizer.rb`
+
+GraphQLAuthorizer provides helper methods for validating if the request is
+valid, by initializing the `GraphQLAuthorization::Request` class and providing
+`timestamp` and `signature` as arguments.
+
+```
+  timestamp = Time.zone.now.to_i.to_s
+  sig       = SecureRandom.hex(8)
+  request_validator = GraphQLAuthorizer::Request.new(timestamp: timestamp, sig: sig)
+
+  request_validator.valid? # returns boolean `true` or `false`
+  request_validator.erros # returns array of error messages if request validator
+  returns `false` otherwise returns `nil`
+```
+
+note: 
+
+ - GraphQLAuthorizer use `OpenSSL::Digest` and `OpenSSL::HMAC` to validate
+request by encrypting `timestamp` and `access_key`.
+
+ - Client's must provide encrypted signature by encrypting `access_key` and
+   `timestamp` upon request.
+
+Sample Client Request Configuration with [graphql-client](https://github.com/github/graphql-client)
+
+```
+require "graphql/client"
+require "graphql/client/http"
+
+class Queries::SWAPI
+  # Configure GraphQL endpoint using the basic HTTP network adapter.
+  endpoint = ENV.fetch("APP_ENDPOINT")
+  HTTP = GraphQL::Client::HTTP.new(endpoint) do
+    def headers(context)
+      # Optionally set any HTTP headers
+      timestamp = Time.now.to_i.to_s
+      token = generate_token(timestamp: timestamp)
+      {
+        "Request-Signature" => token, # Required for signature validation
+        "Request-Timestamp" => timestamp, # Required for request timestamp
+        validation
+        "Authorization" => context
+      }
+    end
+
+    def generate_token(timestamp:)
+      access_key    = ENV.fetch("GRAPHQL_ACCESS_KEY")
+      digest        = OpenSSL::Digest.new("sha256")
+      OpenSSL::HMAC.hexdigest(digest, access_key, timestamp)
+    end
+  end
+
+  Schema = GraphQL::Client.load_schema("schema.json")
+
+  Client = GraphQL::Client.new(schema: Schema, execute: HTTP)
+end
+```
 
 ## Development
 

data/graphql_authorizer.gemspec

@@ -8,10 +8,10 @@ Gem::Specification.new do |spec|
   spec.authors       = ["Peter John Alvarado"]
   spec.email         = ["redjoker011@gmail.com"]
 
-  spec.summary       = "GraphQL_Authorizer provides simple authorization for"\
+  spec.summary       = "GraphQL Authorizer provides simple authorization for"\
                        "GraphQL endpoints."
-  spec.description   = "GraphQL_Authorizer is built on top of Rack-Attack Gem to provide"\
-                       " simple authorization when accessing a grpahql endpoint."
+  spec.description   = "GraphQL Authorizer is built to provide request signature, timestamp validation, endpoint blocking and throttling using `rack-attack` gem."\
+                       ""
   spec.homepage      = "https://www.gorated.ph"
   spec.license       = "MIT"
 
@@ -24,7 +24,6 @@ Gem::Specification.new do |spec|
   spec.executables   = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
   spec.require_paths = ["lib"]
 
-  spec.add_dependency "rack-attack", "~> 5.4"
   spec.add_dependency "openssl", "~> 2.1.1", ">= 2.1.1"
   spec.add_dependency "activesupport", "~> 5.1.3", ">= 5.1.3"
 

data/lib/generators/graphql_authorizer/install_generator.rb

@@ -1,8 +1,7 @@
-require "rails/generators/base"
-require_relative "core"
+require "rails/generators"
 
-module Generators
-  module GraphQLAuthorizer
+module GraphqlAuthorizer
+  module Generators
     # Add GraphQLAuthorizer to a Rails app with `rails g graphql_authorizer:install`.
     #
     # Setup a initializer file Rack Attack and GraphQLAuhtorizer
@@ -16,17 +15,29 @@ module Generators
     # ```
     class InstallGenerator < Rails::Generators::Base
       desc "Copy Rack Attack Template into App's Initializer"
-      source_root File.expand_path('/templates', __FILE__)
+      source_root File.expand_path('templates', __dir__)
 
-      def copy_rack_attack_template
-        file = "rack_attack.rb"
+      def copy_graphql_authorizer
+        file = "graphql_authorizer.rb"
         template(file, "config/initializers/#{file}")
       end
 
-      def copy_graphql_authorizer_template
-        file = "graphql_authorizer.rb"
+      def inject_rack_attack_in_gemfile
+        gem("rack-attack")
+        print "\nGemfile has been modified, make sure you `bundle install\n`"
+      end
+
+      def copy_rack_attack
+        file = "rack_attack.rb"
         template(file, "config/initializers/#{file}")
       end
+
+      private
+
+      def gem(*args)
+        print "\nAdding Gem into Gemfile\n"
+        super(*args)
+      end
     end
   end
 end

data/lib/generators/graphql_authorizer/templates/graphql_authorizer.rb

@@ -0,0 +1,4 @@
+GraphQLAuthorizer.configure do |config|
+  # Uncomment This line and supply Access key
+  # config.access_key = "TODO: Supply Shared Access Key"
+end

data/lib/generators/graphql_authorizer/templates/rack_attack.rb

@@ -1,4 +1,5 @@
 class Rack::Attack
+  bindin.pry
   ### Allow Localhost ###
   # Always allow requests from localhost
   # (blocklist & throttles are skipped)

data/lib/graphql_authorizer/version.rb

@@ -1,3 +1,3 @@
 module GraphQLAuthorizer
-  VERSION = "0.2.3".freeze
+  VERSION = "1.0.0".freeze
 end

data/lib/graphql_authorizer.rb

@@ -1,6 +1,6 @@
-require_relative "graphql_authorizer/version"
-require_relative "graphql_authorizer/configuration"
-require_relative "graphql_authorizer/request"
+require "graphql_authorizer/version"
+require "graphql_authorizer/configuration"
+require "graphql_authorizer/request"
 
 # Main Module
 module GraphQLAuthorizer

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: graphql_authorizer
 version: !ruby/object:Gem::Version
-  version: 0.2.3
+  version: 1.0.0
 platform: ruby
 authors:
 - Peter John Alvarado
@@ -10,20 +10,6 @@ bindir: exe
 cert_chain: []
 date: 2018-09-03 00:00:00.000000000 Z
 dependencies:
-- !ruby/object:Gem::Dependency
-  name: rack-attack
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '5.4'
-  type: :runtime
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '5.4'
 - !ruby/object:Gem::Dependency
   name: openssl
   requirement: !ruby/object:Gem::Requirement
@@ -146,8 +132,8 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: 0.11.3
-description: GraphQL_Authorizer is built on top of Rack-Attack Gem to provide simple
-  authorization when accessing a grpahql endpoint.
+description: GraphQL Authorizer is built to provide request signature, timestamp validation,
+  endpoint blocking and throttling using `rack-attack` gem.
 email:
 - redjoker011@gmail.com
 executables: []
@@ -167,7 +153,7 @@ files:
 - graphql_authorizer.gemspec
 - lib/errors/configuration.rb
 - lib/generators/graphql_authorizer/install_generator.rb
-- lib/generators/graphql_authorizer/templates/graphql_authorization.rb
+- lib/generators/graphql_authorizer/templates/graphql_authorizer.rb
 - lib/generators/graphql_authorizer/templates/rack_attack.rb
 - lib/graphql_authorizer.rb
 - lib/graphql_authorizer/configuration.rb
@@ -198,5 +184,5 @@ rubyforge_project:
 rubygems_version: 2.7.3
 signing_key: 
 specification_version: 4
-summary: GraphQL_Authorizer provides simple authorization forGraphQL endpoints.
+summary: GraphQL Authorizer provides simple authorization forGraphQL endpoints.
 test_files: []

data/lib/generators/graphql_authorizer/templates/graphql_authorization.rb

@@ -1,3 +0,0 @@
-GraphQLAuhtorizer.configure do |config|
-  config.access_key = "TODO: Supply Shared Access Key"
-end