hadley 0.0.1

data/.gitignore

@@ -0,0 +1,4 @@
+*.gem
+.bundle
+Gemfile.lock
+pkg/*

data/Gemfile

@@ -0,0 +1,4 @@
+source "http://rubygems.org"
+
+# Specify your gem's dependencies in hadley.gemspec
+gemspec

data/Rakefile

@@ -0,0 +1 @@
+require 'bundler/gem_tasks'

data/config.ru

@@ -0,0 +1,52 @@
+# This file is used by Rack-based servers to start the application.
+require 'rubygems'
+require 'hadley'
+require 'dalli'
+require 'sinatra/base'
+require 'json'
+
+class ExampleResourceServer < Sinatra::Base
+  include Hadley::Authz
+
+  get '/' do
+    body 'afid-resource-server'
+  end
+
+  get '/v1/current_time' do
+    warden.authenticate!(:afid_user)
+    body({current_time: Time.now.strftime('%Y-%m-%dT%H:%M:%SZ')}.to_json)
+  end
+
+  get '/v1/anonymous_time' do
+    warden.authenticate!(:afid_client)
+    body({current_time: Time.now.strftime('%s')}.to_json)
+  end
+
+  token_store = Hadley::TokenAccess.new(Dalli::Client.new)
+
+  use Rack::Session::Cookie, :secret => 'a8ab10237100f16d12b6c8e574e84b92cc15aecaced04d47251a5f34ffaa0e60'
+
+  use Warden::Manager do |manager|
+    manager.basic(:server) do |basic|
+      basic.hash_credentials = true
+      basic.lookup do |id, secret|
+        [ id, secret] == [
+          'a8ab10237100f16d12b6c8e574e84b92cc15aecaced04d47251a5f34ffaa0e60',
+          '29cd5d3e8f481821422f886055d536c8e395a8aa123700eec74f045b0144e986'
+        ] ? id : nil
+      end
+    end
+    manager.bearer(:client) do |bearer|
+      bearer.token_store = token_store
+      bearer.anonymous_allowed = true
+    end
+    manager.bearer(:user) do |bearer|
+      bearer.token_store = token_store
+      bearer.anonymous_allowed = false
+    end
+  end
+
+  use Hadley::Middleware, token_store: token_store
+end
+
+run ExampleResourceServer

data/hadley.gemspec

@@ -0,0 +1,24 @@
+# -*- encoding: utf-8 -*-
+$:.push File.expand_path('../lib', __FILE__)
+require 'hadley'
+
+Gem::Specification.new do |s|
+  s.name        = 'hadley'
+  s.version     = Hadley::VERSION
+  s.authors     = ['Sean M. Duncan']
+  s.email       = ['bitbutcher@gmail.com']
+  s.homepage    = 'https://github.com/bitbutcher/hadley'
+  s.summary     = 'Rack middleware for AFID(bby-id) resource server implementations'
+
+  s.rubyforge_project = 'hadley'
+
+  s.files         = `git ls-files`.split("\n")
+  s.test_files    = `git ls-files -- {test,spec,features}/*`.split("\n")
+  s.executables   = `git ls-files -- bin/*`.split("\n").map{ |f| File.basename(f) }
+  s.require_paths = [ 'lib' ]
+
+  s.add_development_dependency 'rspec'
+  s.add_development_dependency 'dalli'
+  s.add_runtime_dependency 'sinatra'
+  s.add_runtime_dependency 'warden'
+end

data/lib/hadley.rb

@@ -0,0 +1,17 @@
+autoload :Rack, 'rack'
+autoload :Sinatra, 'sinatra/base'
+autoload :Warden, 'warden'
+
+module Hadley
+
+  autoload :Authz, 'hadley/authz'
+  autoload :Config, 'hadley/config'
+  autoload :Middleware, 'hadley/middleware'
+  autoload :TokenAccess, 'hadley/token_access'
+  autoload :Utils, 'hadley/utils'
+
+  VERSION = '0.0.1'
+
+  ANONYMOUS_IDENTITY = '0' * 66
+
+end

data/lib/hadley/authz.rb

@@ -0,0 +1,53 @@
+module Hadley::Authz
+
+  autoload :Basic, 'hadley/authz/basic'
+  autoload :Bearer, 'hadley/authz/bearer'
+
+  def warden
+    env['warden']
+  end
+
+  module StrategyBuilder
+
+    def build(name, config)
+      strategy = self.create_strategy(name)
+      self.register_strategy(name, strategy)
+      self.set_config(strategy, config)
+    end
+
+    protected
+
+    def create_strategy(name)
+      class_name = Hadley::Utils.camelize(name.to_s)
+      if self.const_defined?(class_name)
+        self.const_get(class_name) 
+      else
+        self.const_set(class_name, Class.new(self))
+      end
+    end
+
+    def register_strategy(name, strategy)
+      full_name = "afid_#{name}".to_sym
+      if Warden::Strategies[full_name].nil?
+        Warden::Strategies.add(full_name, strategy) 
+      end
+    end
+
+    def set_config(strategy, config)
+      strategy.const_set("CONFIG", config) unless strategy.const_defined?("CONFIG")
+    end
+
+  end
+
+  class Strategy < Warden::Strategies::Base
+    extend StrategyBuilder
+
+    def config
+      self.class.const_get("CONFIG")
+    end
+  end
+
+  Warden::Config.send(:include, Hadley::Authz::Basic::ConfigExtension)
+  Warden::Config.send(:include, Hadley::Authz::Bearer::ConfigExtension)
+
+end

data/lib/hadley/authz/basic.rb

@@ -0,0 +1,56 @@
+module Hadley
+    
+  module Authz
+
+    module Basic
+
+      class Strategy < Hadley::Authz::Strategy
+
+        def auth
+          @auth ||= Rack::Auth::Basic::Request.new(env)
+        end
+
+        def store?
+          false
+        end
+
+        def authenticate!
+          return unauthorized unless auth.provided? and auth.basic? and auth.credentials
+          credentials = auth.credentials.map do |credential|
+            config.hash_credentials ? Digest::SHA2.new(256).update(credential).to_s : credential
+          end
+          user = config.lookup.call(credentials.first, credentials.last)
+          return user ? success!(auth.credentials.first) : unauthorized
+        end
+
+        def unauthorized
+          custom!(Rack::Response.new([config.fail_message], 401, { 'WWW-Authenticate' => %Q{Basic realm="#{config.realm}"} }))
+        end
+
+      end
+
+      module ConfigExtension
+
+        def basic(name, &block)
+          config = Hadley::Config.new(
+            realm: 'Access Tokens',
+            fail_message: 'Authorization Failed',
+            hash_credentials: false
+          )
+          if block_given?
+            if block.arity == 1 
+              yield config
+            else
+              config.instance_eval(&block)
+            end
+          end
+          Hadley::Authz::Basic::Strategy.build(name, config) unless config.lookup.nil?
+        end
+      
+      end
+
+    end
+
+  end
+
+end

data/lib/hadley/authz/bearer.rb

@@ -0,0 +1,72 @@
+module Rack::Auth::Bearer
+
+  class Request < Rack::Auth::AbstractRequest
+
+    def bearer?
+      :bearer == scheme
+    end
+
+    def token
+      @token ||= params.split(' ', 2).first
+    end
+
+  end
+
+end
+
+module Hadley
+    
+  module Authz
+
+    module Bearer
+
+      class Strategy < Hadley::Authz::Strategy
+
+        def auth
+          @auth ||= Rack::Auth::Bearer::Request.new(env)
+        end
+
+        def store?
+          false
+        end
+
+        def authenticate!(anonymous_allowed=false)
+          return unauthorized unless auth.provided? and auth.bearer? and auth.token
+          user = config.token_store.get(auth.token)
+          return unauthorized unless user and (!user[:anonymous] or config.anonymous_allowed)
+          success!(user)
+        end
+
+        private
+
+        def unauthorized
+          custom!(Rack::Response.new([config.fail_message], 401, { 'WWW-Authenticate' => %Q{Bearer realm="#{config.realm}"} }))
+        end
+
+      end
+
+      module ConfigExtension
+
+        def bearer(name, &block)
+          config = Hadley::Config.new(
+            realm: 'Access Tokens',
+            fail_message: 'Authorization Failed',
+            anonymous_allowed: false
+          )
+          if block_given?
+            if block.arity == 1 
+              yield config
+            else
+              config.instance_eval(&block)
+            end
+          end
+          Hadley::Authz::Bearer::Strategy.build(name, config) unless config.token_store.nil?
+        end
+      
+      end
+
+    end
+
+  end
+
+end

data/lib/hadley/config.rb

@@ -0,0 +1,29 @@
+class Hadley::Config
+
+  def initialize(config={})
+    @config = config
+  end
+
+  def method_missing(name, *args, &block)
+    if block_given?
+      proc(name, &block)
+    elsif name =~ /(.+)=$/
+      set($1, *args, &block)
+    else
+      get(name, &block)
+    end
+  end
+
+  def proc(name, &block)
+    @config[name.to_sym] = block
+  end
+
+  def set(name, *args)
+    @config[name.to_sym] = args.size == 1 ? args.first : args
+  end
+
+  def get(name, &block)
+    @config[name.to_sym]
+  end
+
+end

data/lib/hadley/middleware.rb

@@ -0,0 +1,52 @@
+class Hadley::Middleware < Sinatra::Base
+
+  include Hadley::Authz
+
+  attr_reader :confg
+
+  def initialize(app=nil, options={})
+    super(app)
+    @config ||= Hadley::Config.new(options)
+    yield @config if block_given?
+    @tokens = @config.token_store
+    self
+  end
+
+  # ------------------------------------------
+  # Routes
+  # ------------------------------------------
+
+  put '/access/tokens/:token' do |token|
+    warden.authenticate!(:afid_server)
+    begin
+      @tokens.put(token, Integer(params.fetch('expires_in')), 
+        identity: params.fetch('identity'), 
+        client: params.fetch('client')
+      )
+      body 'Token Accepted'
+    rescue => e
+      status 400
+      body e.to_s
+    end
+  end
+
+  delete '/access/tokens/:token' do |token|
+    warden.authenticate!(:afid_server)
+    begin
+      @tokens.delete(token)
+      body 'Token Deleted'
+    rescue => e
+      status 400
+      body e.to_s
+    end
+  end
+
+  # ------------------------------------------
+  # Config
+  # ------------------------------------------
+
+  disable :show_exceptions
+  enable :raise_errors
+  enable :logging
+
+end

data/lib/hadley/token_access.rb

@@ -0,0 +1,27 @@
+class Hadley::TokenAccess
+
+  def initialize(store)
+    @store = store
+  end
+
+  def key_for(token)
+    "afid-access-token:#{token}"
+  end
+
+  def get(token)
+    access = @store.get(key_for(token))
+    if access
+      access[:anonymous] = access[:identity] == Hadley::ANONYMOUS_IDENTITY
+    end
+    access
+  end
+
+  def put(token, expires_in, data={})
+    @store.set(key_for(token), data, expires_in)
+  end
+
+  def delete(token)
+    @store.delete(key_for(token))
+  end
+
+end

data/lib/hadley/utils.rb

@@ -0,0 +1,10 @@
+module Hadley::Utils
+  extend self
+
+  def camelize(word, uc_first=true)
+    parts = word.split('_')
+    assemble = lambda { |head, tail| head + tail.capitalize }
+    uc_first ? parts.inject('', &assemble) : parts.inject(&assemble)
+  end
+
+end

metadata

@@ -0,0 +1,102 @@
+--- !ruby/object:Gem::Specification
+name: hadley
+version: !ruby/object:Gem::Version
+  version: 0.0.1
+  prerelease: 
+platform: ruby
+authors:
+- Sean M. Duncan
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2012-02-12 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: rspec
+  requirement: &70184778050660 !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: *70184778050660
+- !ruby/object:Gem::Dependency
+  name: dalli
+  requirement: &70184778049880 !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: *70184778049880
+- !ruby/object:Gem::Dependency
+  name: sinatra
+  requirement: &70184778065160 !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: *70184778065160
+- !ruby/object:Gem::Dependency
+  name: warden
+  requirement: &70184778064540 !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: *70184778064540
+description: 
+email:
+- bitbutcher@gmail.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- .gitignore
+- Gemfile
+- Rakefile
+- config.ru
+- hadley.gemspec
+- lib/hadley.rb
+- lib/hadley/authz.rb
+- lib/hadley/authz/basic.rb
+- lib/hadley/authz/bearer.rb
+- lib/hadley/config.rb
+- lib/hadley/middleware.rb
+- lib/hadley/token_access.rb
+- lib/hadley/utils.rb
+homepage: https://github.com/bitbutcher/hadley
+licenses: []
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  none: false
+  requirements:
+  - - ! '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  none: false
+  requirements:
+  - - ! '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: hadley
+rubygems_version: 1.8.15
+signing_key: 
+specification_version: 3
+summary: Rack middleware for AFID(bby-id) resource server implementations
+test_files: []