gsk_cache 0.1.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: 4e4eaba75a4c51cec1231c1e554101679c450c1736e9fd1d6849ff3d3d92b0ec
+  data.tar.gz: 48019eda48fb59c0efbef7f71b6e06e74c1ee7312e9e129386249222ba5d8ac9
+SHA512:
+  metadata.gz: 9d15feb37ef8bdfc36f4f4bd2c157af70214bfdc33c195726c7804f00c935a7bfc2b1354d973ec4ed745ee02611d486107f9999e5116f34363d51162647a23ef
+  data.tar.gz: 117c8510dd5978cce0ba8c00559a5d8b97348d761e6736875a0baf2c9e0f7bdf36649bc21edac574128ee4ce8941ac285ff959a619988a5eb3c4b4a4d959383e

data/lib/gsk_cache.rb

@@ -0,0 +1,175 @@
+require 'excon'
+require 'json'
+
+module GSKCache
+  @@key_updater_semaphore = Mutex.new
+  @@key_updater_thread = nil
+
+  ##
+  # Keys used for signing in production
+  SIGNING_KEY_URL = 'https://payments.developers.google.com/paymentmethodtoken/keys.json'.freeze
+
+  ##
+  # Keys used for signing in a testing environment
+  TEST_SIGNING_KEY_URL = 'https://payments.developers.google.com/paymentmethodtoken/test/keys.json'.freeze
+
+  MAX_CACHE_TIMEOUT = 31 * 24 * 3600 # One month
+  MIN_CACHE_TIMEOUT = 600 # 10 minutes
+
+  BOOT_WAIT_TIME_MAX = 8
+
+  HEADER_KEY = 'Cache-Control'.freeze
+
+  READ_TIMEOUT = 10
+  CONNECT_TIMEOUT = 10
+
+  UPDATER_BLOCK = proc do
+    loop do
+      begin
+        timeout = 0
+
+        conn = Excon.new(@@source, connect_timeout: @@connect_timeout, read_timeout: @@read_timeout)
+        resp = conn.get
+
+        raise 'Unable to update keys: ' + resp.data[:status_line] unless resp.status == 200
+
+        if resp.headers.key?(HEADER_KEY) && resp.headers[HEADER_KEY].is_a?(String)
+          cache_control = resp.headers[HEADER_KEY].split(/,\s*/)
+          h = cache_control.map { |x| /\Amax-age=(?<timeout>\d+)\z/ =~ x; timeout }.compact
+          timeout = h.first.to_i if h.length == 1
+        else
+          log(:warning, "Missing/malformed #{HEADER_KEY} header")
+        end
+
+        if timeout.nil? || !timeout.positive?
+          log(:warning, 'Cache timeout was not parsed, falling back to 1 day')
+          timeout = 86400
+        end
+
+        # Fallback to longer cache if less than 10 minutes
+        if timeout < MIN_CACHE_TIMEOUT
+          log(:warning, "Cache timeout less than 10 minutes (#{timeout}s), defaulting to #{MIN_CACHE_TIMEOUT / 60} minutes")
+          timeout = MIN_CACHE_TIMEOUT
+        end
+
+        # Fallback to shorter cache if longer than 30 days
+        if timeout > MAX_CACHE_TIMEOUT
+          log(:warning, "Cache timeout more than a month (#{timeout}s), defaulting to #{MAX_CACHE_TIMEOUT / (24 * 3600)} days")
+          timeout = MAX_CACHE_TIMEOUT
+        end
+
+        Thread.current.thread_variable_set('keys', resp.body)
+
+        # Supposedly recommended by Tink library
+        sleep_time = timeout / 2
+
+        log(:info, "Updated Google signing keys. Sleeping for #{seconds_to_time(sleep_time)}")
+
+        sleep sleep_time
+      rescue Interrupt => e
+        # When interrupted
+        log(:fatal, 'Quitting: ' + e.message)
+        return
+      rescue => e
+        log(:error, "Exception updating Google signing keys: '#{e.message}' at #{e.backtrace}")
+
+        # Don't retry excessively.
+        sleep 1
+      end
+    end
+  end
+
+  ##
+  # Start a thread that keeps the Google signing keys updated.
+  def self.start(logger: nil, source: nil, waittime: BOOT_WAIT_TIME_MAX)
+    @@key_updater_semaphore.synchronize do
+      # Another thread might have been waiting for on the mutex
+      break unless @@key_updater_thread.nil?
+
+      @@logger = logger
+      @@source = if source
+                   source
+                 elsif ENV['ENVIRONMENT'] == 'production'
+                   SIGNING_KEY_URL
+                 else
+                   TEST_SIGNING_KEY_URL
+                 end
+      @@read_timeout    = READ_TIMEOUT
+      @@connect_timeout = CONNECT_TIMEOUT
+
+      new_thread = Thread.new(&UPDATER_BLOCK)
+
+      start_time = Time.now.to_i
+
+      while new_thread.thread_variable_get('keys').nil? && Time.now.to_i - start_time < waittime
+        sleep 0.2
+      end
+      # Body has now been set.
+      # Let other clients through.
+      @@key_updater_thread = new_thread
+
+      nil
+    end
+  end
+
+  def self.set_timeout(read_timeout: nil, connect_timeout: nil)
+    @@read_timeout    = read_timeout    if read_timeout
+    @@connect_timeout = connect_timeout if connect_timeout
+  end
+
+  def self.signing_keys
+    start if @@key_updater_thread.nil?
+
+    @@key_updater_thread.thread_variable_get('keys')
+  end
+
+  # Required for specs
+  def self.terminate
+    @@key_updater_thread&.terminate
+    @@key_updater_thread = nil
+  end
+
+  class << self
+    private
+
+    def log(level, message)
+      return if @@logger.nil?
+
+      case level
+      when :info
+        @@logger.info(message)
+      when :warning
+        if @@logger.respond_to?(:warning)
+          @@logger.warning(message)
+        elsif @@logger.respond_to?(:warn)
+          @@logger.warn(message)
+        end
+      when :error
+        @@logger.error(message)
+      when :fatal
+        @@logger.fatal(message)
+      else
+        throw RuntimeError.new('Invalid log level')
+      end
+    end
+
+    def seconds_to_time(s)
+      days = (s / 86400).floor
+      s %= 86400
+
+      hours = (s / 3600).floor
+      s %= 3600
+
+      minutes = (s / 60).floor
+      s %= 60
+
+      out = ''
+      out += "#{days} days "       if days.positive?
+      out += "#{hours} hours "     if hours.positive?
+      out += "#{minutes} minutes " if minutes.positive?
+      out += "#{s} seconds"        if s.positive?
+
+      out.rstrip
+    end
+  end
+end

metadata

@@ -0,0 +1,72 @@
+--- !ruby/object:Gem::Specification
+name: gsk_cache
+version: !ruby/object:Gem::Version
+  version: 0.1.0
+platform: ruby
+authors:
+- Clearhaus
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2019-01-04 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: excon
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: rspec
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3'
+description: 
+email: hello@clearhaus.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- lib/gsk_cache.rb
+homepage: https://github.com/clearhaus/gsk_cache
+licenses:
+- MIT
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.7.7
+signing_key: 
+specification_version: 4
+summary: Fetches and caches Google Pay signing keys
+test_files: []