hephaestus 0.7.1 → 0.7.2.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 0ddb2acb833029f86546e1ba193985470e19f06b8b1914876372ce16c0b08a4e
-  data.tar.gz: 413397588e5473881666644b45bfcf090bc63adab199a77e51e0a3cec1226ef1
+  metadata.gz: d7c2f9d61793dbe5625865f819df27d6c9d63af6a8b62d24baad0179cb18292a
+  data.tar.gz: 2b3b19c2cf731b161b8d669e82613ef734b3724580ffaed458912e16ea2dee4e
 SHA512:
-  metadata.gz: 13ca6d123fde10d85b3a9f90d64f12c75d395667df8a35fbd27b37e07fd952cd8497049f4ce753afe2a27b217cfc49e2fb3e57964cf2e27688f24dfb3d1beaf2
-  data.tar.gz: 981ff3a8586e4445bc8ad96cd90554887b0c90e476a223f68c70bf78f57c9233ad972d3d44a78248c8352287f1be0e84ca0ce8c0d7ff202282f38d49a70d79a9
+  metadata.gz: 0dab68747b8859e1f6d0b24bb2d5d3243f4bb0278602d132eaa4a822d18b7ffaf69b9f683edf1fe1af807bfced0e009010433095725c083582decf8b0a4116f8
+  data.tar.gz: aaf595de123fbb62eb0582e05d94f3f437c2e0eca9564c563ec6485ba65aede1f690c8d91b266be5235c5755770136b7c46a7646c0b49006131dff1978b78c13

data/CHANGELOG.md

@@ -1,3 +1,22 @@
+# [v0.7.2.1] - 16-11-2024
+## What's Changed
+* include all files in the gem by @gjtorikian in https://github.com/yettoapp/hephaestus/pull/31
+
+
+**Full Changelog**: https://github.com/yettoapp/hephaestus/compare/v0.7.2...v0.7.2.1
+# [v0.7.2] - 16-11-2024
+## What's Changed
+* [skip test] Release v0.7.1 by @github-actions in https://github.com/yettoapp/hephaestus/pull/28
+* Move secrets into Hephaestus by @gjtorikian in https://github.com/yettoapp/hephaestus/pull/29
+
+
+**Full Changelog**: https://github.com/yettoapp/hephaestus/compare/v0.7.1...v0.7.2
+# [v0.7.1] - 16-11-2024
+## What's Changed
+* Run as an engine by @gjtorikian in https://github.com/yettoapp/hephaestus/pull/27
+
+
+**Full Changelog**: https://github.com/yettoapp/hephaestus/compare/v0.7.0...v0.7.1
 # [v0.7.0] - 15-11-2024
 ## What's Changed
 * Run as an engine by @gjtorikian in https://github.com/yettoapp/hephaestus/pull/25

data/app/controllers/concerns/hephaestus/responses.rb

@@ -0,0 +1,107 @@
+# typed: false
+# frozen_string_literal: true
+
+module Hephaestus
+  module Responses
+    def no_content
+      head(:no_content)
+    end
+
+    def okay
+      render(
+        json: {
+          message: "OK",
+        }.to_json,
+        status: :ok,
+      )
+    end
+
+    def created
+      render(
+        json: {
+          message: "Created",
+        }.to_json,
+        status: :created,
+      )
+    end
+
+    def bad_request
+      render(
+        json: {
+          errors: [
+            {
+              message: "Bad Request",
+            },
+          ],
+        }.to_json,
+        status: :bad_request,
+      )
+    end
+
+    def forbidden
+      render(
+        json: {
+          errors: [
+            {
+              message: "Forbidden",
+            },
+          ],
+        }.to_json,
+        status: :forbidden,
+      )
+    end
+
+    def not_acceptable
+      render(
+        json: ::Hephaestus::ErrorSerializer.format("Not Acceptable").to_json,
+        status: :not_acceptable,
+      )
+    end
+
+    def not_found
+      render(
+        json: ::Hephaestus::ErrorSerializer.format("Not Found").to_json,
+        status: :not_found,
+      )
+    end
+
+    def service_unavailable(msg)
+      render(
+        json: {
+          errors: [
+            {
+              message: "Service Unavailable: #{msg}",
+            },
+          ],
+        }.to_json,
+        status: :service_unavailable,
+      )
+    end
+
+    def bad_gateway
+      render(
+        json: {
+          errors: [
+            {
+              message: "Bad Gateway",
+            },
+          ],
+        }.to_json,
+        status: :bad_gateway,
+      )
+    end
+
+    def internal_server_error
+      render(
+        json: {
+          errors: [
+            {
+              message: "Internal Server Error",
+            },
+          ],
+        }.to_json,
+        status: :internal_server_error,
+      )
+    end
+  end
+end

data/app/controllers/concerns/hephaestus/validates_from_yetto.rb

@@ -0,0 +1,51 @@
+# typed: false
+# frozen_string_literal: true
+
+module Hephaestus
+  module ValidatesFromYetto
+    SHA256_DIGEST = OpenSSL::Digest.new("sha256")
+
+    extend ActiveSupport::Concern
+
+    include Hephaestus::Responses
+
+    included do
+      before_action :from_yetto?
+    end
+
+    def from_yetto?
+      return bad_request if request.headers.blank?
+
+      yetto_signature = request.headers.fetch(Hephaestus::Headers::HEADER_SIGNATURE, "")
+
+      return bad_request unless yetto_signature.start_with?("sha256=")
+
+      hmac_header = yetto_signature.split("sha256=").last
+      body = request.env.fetch("RAW_POST_DATA", "")
+
+      calculated_hmac = OpenSSL::HMAC.hexdigest(SHA256_DIGEST, Hephaestus::YETTO_SIGNING_SECRET, body)
+
+      return true if ActiveSupport::SecurityUtils.secure_compare(calculated_hmac, hmac_header)
+
+      bad_request
+    end
+
+    def from_yetto_inline?
+      return bad_request if request.headers.blank?
+
+      yetto_signature = request.headers.fetch(Hephaestus::Headers::HEADER_SIGNATURE, "")
+
+      return bad_request unless yetto_signature.start_with?("sha256=")
+
+      hmac_header = yetto_signature.split("sha256=").last
+      body = params["encrypted_payload"]
+
+      @payload = T.let(ActiveSupport::MessageEncryptor.new(Hephaestus::YETTO_SIGNING_SECRET, url_safe: true, serializer: :json).decrypt_and_verify(body), T.nilable(String))
+      calculated_hmac = OpenSSL::HMAC.hexdigest(OpenSSL::Digest.new("sha256"), Hephaestus::YETTO_SIGNING_SECRET, @payload)
+
+      return true if ActiveSupport::SecurityUtils.secure_compare(calculated_hmac, hmac_header)
+
+      bad_request
+    end
+  end
+end

data/app/controllers/hephaestus/application_controller.rb

@@ -0,0 +1,42 @@
+# typed: false
+# frozen_string_literal: true
+
+require "opentelemetry-semantic_conventions"
+
+module Hephaestus
+  class ApplicationController < ActionController::Base
+    include ActionController::MimeResponds
+
+    include Hephaestus::Headers
+    include Hephaestus::Responses
+
+    rescue_from ActionController::UnknownFormat, with: :not_acceptable
+    protect_from_forgery with: :null_session
+
+    def ensure_json_request
+      return if request.format.json?
+
+      not_acceptable
+    end
+
+    # Yetto sends a unique state parameter as part of the OAuth installation process.
+    # This decodes that into something the plug can use.
+    def parse_state(state)
+      decoded_state = Base64.urlsafe_decode64(state)
+      state = JSON.parse(decoded_state)
+
+      {
+        version: state["version"],
+        salt: state["salt"],
+        nonce: state["nonce"] || "",
+        plug_installation_id: state["plug_installation_id"],
+        membership_id: state["membership_id"], # optional, used for conversation.viewed events
+        redirect_to: state["redirect_to"],
+      }
+    rescue ArgumentError # invalid base64
+      {}
+    rescue JSON::ParserError # invalid JSON
+      {}
+    end
+  end
+end

data/app/controllers/hephaestus/root_controller.rb

@@ -0,0 +1,10 @@
+# typed: strict
+# frozen_string_literal: true
+
+module Hephaestus
+  class RootController < ApplicationController
+    def index
+      okay
+    end
+  end
+end

data/app/controllers/hephaestus/settings_controller.rb

@@ -0,0 +1,20 @@
+# typed: false
+# frozen_string_literal: true
+
+module Hephaestus
+  class SettingsController < ApplicationController
+    before_action :ensure_json_request
+
+    def new
+      set_step
+      render("settings/new")
+    end
+
+    def edit
+    end
+
+    def set_step
+      @step = params.fetch(:step, 1).to_i || 1
+    end
+  end
+end

data/app/controllers/hephaestus/staff_controller.rb

@@ -0,0 +1,20 @@
+# typed: false
+# frozen_string_literal: true
+
+module Hephaestus
+  class StaffController < ApplicationController
+    layout "staff"
+
+    class << self
+      def staff_request?(request)
+        return true if Rails.env.development?
+
+        true
+      end
+    end
+
+    def index
+      render404 unless StaffController.staff_request?(request)
+    end
+  end
+end

data/app/jobs/hephaestus/application_job.rb

@@ -0,0 +1,12 @@
+# typed: false
+# frozen_string_literal: true
+
+module Hephaestus
+  class ApplicationJob < ActiveJob::Base
+    # Automatically retry jobs that encountered a deadlock
+    # retry_on ActiveRecord::Deadlocked
+
+    # Most jobs are safe to ignore if the underlying records are no longer available
+    # discard_on ActiveJob::DeserializationError
+  end
+end

data/app/jobs/hephaestus/update_yetto_job.rb

@@ -0,0 +1,39 @@
+# typed: false
+# frozen_string_literal: true
+
+# Send updated data to Yetto to store in the database
+# This can be used to update installation data or message data
+module Hephaestus
+  class UpdateYettoJob < ApplicationJob
+    queue_as :high_priority_update_yetto
+
+    def perform(params)
+      type = params.delete(:type)
+      params.deep_symbolize_keys!
+
+      inbox_id = params.fetch(:inbox, {}).fetch(:id, nil)
+      plug_installation_id = params.fetch(:plug_installation, {}).fetch(:id, nil)
+      conversation_id = params.fetch(:conversation, {}).fetch(:id, nil)
+      message_id = params.fetch(:message, {}).fetch(:id, nil)
+
+      response = case type
+      when "update_plug_installation"
+        YettoService.update_plug_installation(plug_installation_id, params[:payload])
+      when "create_conversation"
+        YettoService.create_conversation(plug_installation_id, inbox_id, params[:payload])
+      when "add_message_to_conversation"
+        YettoService.add_message_to_conversation(plug_installation_id, conversation_id, params[:payload])
+      when "create_message_reply"
+        YettoService.create_message_reply(plug_installation_id, message_id, params[:payload])
+      when "update_message"
+        YettoService.update_message(plug_installation_id, message_id, params[:payload])
+      end
+
+      response, type = Rails.configuration.enhance_update_yetto_job.call(params, type, response) if Rails.configuration.respond_to?(:enhance_update_yetto_job)
+
+      if response.present? && response.unavailable?
+        logger.error("Could not #{type} for #{plug_installation_id}: #{response.parsed_json_body}")
+      end
+    end
+  end
+end

data/app/models/hephaestus/application_record.rb

@@ -0,0 +1,8 @@
+# typed: false
+# frozen_string_literal: true
+
+module Hephaestus
+  class ApplicationRecord # < ActiveRecord::Base
+    # self.abstract_class = true
+  end
+end

data/app/serializers/hephaestus/error_serializer.rb

@@ -0,0 +1,18 @@
+# typed: false
+# frozen_string_literal: true
+
+module Hephaestus
+  class ErrorSerializer
+    class << self
+      def format(message)
+        {
+          errors: [
+            {
+              message: message,
+            },
+          ],
+        }.to_json
+      end
+    end
+  end
+end

data/app/serializers/hephaestus/headers.rb

@@ -0,0 +1,27 @@
+# typed: false
+# frozen_string_literal: true
+
+module Hephaestus
+  module Headers
+    YETTO_DELIVERY_ID = "HTTP_X_YETTO_DELIVERY_ID"
+
+    HEADER_EVENT = "HTTP_X_YETTO_EVENT"
+    EVENT_AFTER_CREATE = "created"
+    EVENT_AFTER_UPDATE = "updated"
+    EVENT_AFTER_RENAME = "renamed"
+    EVENT_AFTER_DESTROY = "destroyed"
+
+    # for conversations
+    EVENT_AFTER_VIEW = "viewed"
+
+    HEADER_RECORD_TYPE = "HTTP_X_YETTO_RECORD_TYPE"
+    RECORD_TYPE_PLUG_INSTALLATION = "plug_installation"
+    RECORD_TYPE_MESSAGE = "message"
+    RECORD_TYPE_INBOX = "inbox"
+    RECORD_TYPE_ORGANIZATION = "organization"
+
+    RECORD_TYPE_CONVERSATION = "conversation"
+
+    HEADER_SIGNATURE = "HTTP_X_YETTO_SIGNATURE"
+  end
+end

data/app/services/hephaestus/yetto_service.rb

@@ -0,0 +1,99 @@
+# typed: false
+# frozen_string_literal: true
+
+require "jwt"
+require "openssl"
+require "httpsensible"
+
+class Object
+  # Relies on the fix implemented in https://github.com/rails/rails/pull/39966 to ensure
+  # that blank values don't result in queries with empty values, eg. `?filter[metadata]=`, when
+  # we prefer (and accept!) `?filter[metadata]`.
+  def to_query(key)
+    blank? ? CGI.escape(key.to_param).to_s : "#{CGI.escape(key.to_param)}=#{CGI.escape(to_param.to_s)}"
+  end
+end
+
+module Hephaestus
+  class YettoService
+    # Version is set by the consuming plug
+    YETTO_API_VERSION_TLD = "#{Hephaestus::PROTOCOL}#{Hephaestus::YETTO_API_URL}/#{Rails.configuration.yetto_api_version}"
+
+    class << self
+      def yetto_client
+        @yetto_client ||= Httpsensible::Client.new(user_agent: "#{Rails.application.class.module_parent.name}/#{Hephaestus::Engine::GIT_SHA}")
+      end
+
+      def encoded_jwt
+        Httpsensible::JWT.encode_jwt(Hephaestus::YETTO_PLUG_PEM, Hephaestus::YETTO_PLUG_ID)
+      end
+
+      def perform_token_exchange(plug_installation_id)
+        response = yetto_client.with_headers({ "Authorization" => "Bearer #{encoded_jwt}" }).post("#{YETTO_API_VERSION_TLD}/plug/installations/#{plug_installation_id}/access_tokens")
+        body = response.parsed_json_body
+        body["token"]
+      end
+
+      def get_plug_installation(plug_installation_id)
+        token = perform_token_exchange(plug_installation_id)
+        yetto_client.with_headers({ "Authorization" => "Bearer #{token}" }).get("#{YETTO_API_VERSION_TLD}/installations/#{plug_installation_id}")
+      end
+
+      def update_plug_installation(plug_installation_id, params)
+        plug_installation = {}
+
+        plug_installation[:settings] = params.fetch(:settings, {})
+        plug_installation[:credentials] = params.fetch(:credentials, {})
+
+        token = perform_token_exchange(plug_installation_id)
+        yetto_client.with_headers({ "Authorization" => "Bearer #{token}" }).patch("#{YETTO_API_VERSION_TLD}/installations/#{plug_installation_id}", json: plug_installation)
+      end
+
+      def get_messages_in_inbox(plug_installation_id, inbox_id, filter: {})
+        token = perform_token_exchange(plug_installation_id)
+
+        yetto_client.with_headers({ "Authorization" => "Bearer #{token}" }).get("#{YETTO_API_VERSION_TLD}/inboxes/#{inbox_id}/messages#{to_filter_query(filter)}")
+      end
+
+      def get_messages_in_conversation(plug_installation_id, conversation_id, filter: {})
+        token = perform_token_exchange(plug_installation_id)
+
+        yetto_client.with_headers("Authorization" => "Bearer #{token}").get("#{YETTO_API_VERSION_TLD}/conversations/#{conversation_id}/messages#{to_filter_query(filter)}")
+      end
+
+      def update_message(plug_installation_id, message_id, params)
+        token = perform_token_exchange(plug_installation_id)
+
+        yetto_client.with_headers("Authorization" => "Bearer #{token}").patch("#{YETTO_API_VERSION_TLD}/messages/#{message_id}", json: params)
+      end
+
+      def create_conversation(plug_installation_id, inbox_id, params)
+        token = perform_token_exchange(plug_installation_id)
+
+        yetto_client.with_headers({ "Authorization" => "Bearer #{token}" }).post("#{YETTO_API_VERSION_TLD}/inboxes/#{inbox_id}/conversations", json: params)
+      end
+
+      def create_message_reply(plug_installation_id, message_id, params)
+        token = perform_token_exchange(plug_installation_id)
+
+        yetto_client.with_headers("Authorization" => "Bearer #{token}").post("#{YETTO_API_VERSION_TLD}/messages/#{message_id}/replies", json: params)
+      end
+
+      def add_message_to_conversation(plug_installation_id, conversation_id, params)
+        token = perform_token_exchange(plug_installation_id)
+
+        yetto_client.with_headers({ "Authorization" => "Bearer #{token}" }).post("#{YETTO_API_VERSION_TLD}/conversations/#{conversation_id}/messages", json: params)
+      end
+
+      def get_plug_installations(filter: {})
+        yetto_client.with_headers({ "Authorization" => "Bearer #{encoded_jwt}" }).get("#{YETTO_API_VERSION_TLD}/plug/installations#{to_filter_query(filter)}")
+      end
+
+      private def to_filter_query(hash)
+        return "" if hash.nil?
+
+        "?#{hash.to_query("filter")}"
+      end
+    end
+  end
+end

data/app/views/layouts/staff.html.erb

@@ -0,0 +1,7 @@
+<div class="container">
+  <h1>Staff page</h1>
+  <div class="row">
+    <div class="col-md-12">
+      <%= yield %>
+    </div>
+  </div>

data/app/views/staff/index.html.erb

@@ -0,0 +1 @@
+Hello, staff!

data/config/database.yml

@@ -0,0 +1,49 @@
+# SQLite. Versions 3.8.0 and up are supported.
+#   gem install sqlite3
+#
+#   Ensure the SQLite 3 gem is defined in your Gemfile
+#   gem "sqlite3"
+#
+default: &default
+  adapter: sqlite3
+  pool: <%= ENV.fetch("RAILS_MAX_THREADS") { 5 } %>
+  timeout: 5000
+
+development:
+  primary:
+    <<: *default
+    database: storage/development.sqlite3
+  queue:
+    <<: *default
+    database: storage/development_queue.sqlite3
+    migrations_paths: db/queue_migrate
+
+
+# Warning: The database defined as "test" will be erased and
+# re-generated from your development database when you run "rake".
+# Do not set this db to the same as development or production.
+test:
+  primary:
+    <<: *default
+    database: storage/test.sqlite3
+  queue:
+    <<: *default
+    database: storage/test_queue.sqlite3
+    migrations_paths: db/queue_migrate
+
+
+
+# SQLite3 write its data on the local filesystem, as such it requires
+# persistent disks. If you are deploying to a managed service, you should
+# make sure it provides disk persistence, as many don't.
+#
+# Similarly, if you deploy your application as a Docker container, you must
+# ensure the database is located in a persisted volume.
+production:
+  primary:
+    <<: *default
+    database: /mnt/data/production.sqlite3
+  queue:
+    <<: *default
+    database: /mnt/data/production_queue.sqlite3
+    migrations_paths: db/queue_migrate

data/config/environments/development.rb

@@ -0,0 +1,89 @@
+# typed: false
+# frozen_string_literal: true
+
+require "active_support/core_ext/integer/time"
+
+Rails.application.configure do
+  # Settings specified here will take precedence over those in config/application.rb.
+
+  # In the development environment your application's code is reloaded any time
+  # it changes. This slows down response time but is perfect for development
+  # since you don't have to restart the web server when you make code changes.
+  config.enable_reloading = true
+
+  # Do not eager load code on boot.
+  config.eager_load = false
+
+  # Show full error reports.
+  config.consider_all_requests_local = true
+
+  # Enable server timing.
+  config.server_timing = true
+
+  # Enable/disable caching. By default caching is disabled.
+  # Run rails dev:cache to toggle caching.
+  if Rails.root.join("tmp/caching-dev.txt").exist?
+    config.action_controller.perform_caching = true
+    config.action_controller.enable_fragment_cache_logging = true
+
+    config.cache_store = :memory_store
+    config.public_file_server.headers = { "Cache-Control" => "public, max-age=#{2.days.to_i}" }
+  else
+    config.action_controller.perform_caching = false
+
+    config.cache_store = :null_store
+  end
+
+  if defined?(ActionMailer)
+    # Don't care if the mailer can't send.
+    config.action_mailer.raise_delivery_errors = false
+
+    # Disable caching for Action Mailer templates even if Action Controller
+    # caching is enabled.
+    config.action_mailer.perform_caching = false
+
+    config.action_mailer.default_url_options = { host: "localhost", port: 3000 }
+  end
+
+  # Print deprecation notices to the Rails logger.
+  config.active_support.deprecation = :log
+
+  # Raise exceptions for disallowed deprecations.
+  config.active_support.disallowed_deprecation = :raise
+
+  # Tell Active Support which deprecation messages to disallow.
+  config.active_support.disallowed_deprecation_warnings = []
+
+  # Highlight code that enqueued background job in logs.
+  config.active_job.verbose_enqueue_logs = true
+
+  # Raises error for missing translations.
+  # config.i18n.raise_on_missing_translations = true
+
+  # Annotate rendered view with file names.
+  config.action_view.annotate_rendered_view_with_filenames = true
+
+  # Raise error when a before_action's only/except options reference missing actions.
+  config.action_controller.raise_on_missing_callback_actions = true
+
+  config.active_job.queue_adapter = :solid_queue
+  config.solid_queue.silence_polling = true
+  config.solid_queue.connects_to = { database: { writing: :queue } }
+
+  # Apply autocorrection by RuboCop to files generated by `bin/rails generate`.
+  # config.generators.apply_rubocop_autocorrect_after_generate!
+
+  # establish a DEBUG environment
+  if ENV.fetch("DEBUG", false) && defined?(Rails::Server)
+    require "debug/open_nonstop"
+  end
+
+  # Load dotenv only in development environment
+  Dotenv::Rails.overwrite = true
+
+  # Let dev server run on GitHub Codespaces
+  config.hosts << /[a-z0-9\-]+\.githubpreview\.dev/
+
+  # Let dev server run on ngrok domains
+  config.hosts << /[a-z0-9\-]+\.ngrok\.io/
+end