jsonrpc2 0.0.2 → 0.0.3

Sign up to get free protection for your applications and to get access to all the features.
@@ -5,9 +5,40 @@ class Auth
5
5
  # Validate an API request
6
6
  #
7
7
  #
8
- def check(env, rpc)
8
+ def client_check(env, rpc)
9
9
  true
10
10
  end
11
+
12
+ # Check authorisation for customers accessing API
13
+ def browser_check(env)
14
+ true
15
+ end
16
+
17
+ # Never show internal details of an API object
18
+ def inspect
19
+ "#<#{self.class.name}:#{object_id.to_s(16)}>"
20
+ end
21
+ protected
22
+ # Parse Authorization: header
23
+ #
24
+ # @param [String] auth Header value
25
+ # @return [Array, false] [username, password] or false
26
+ def parse_basic_auth(auth)
27
+ return false unless auth
28
+
29
+ m = /Basic\s+([A-Za-z0-9+\/]+=*)/.match(auth)
30
+ user, pass = Base64.decode64(m[1]).split(/:/, 2)
31
+
32
+ [user, pass]
33
+ end
34
+
35
+ # Throw a 401 Rack response
36
+ def throw_401
37
+ throw(:rack_response, [401, {
38
+ 'Content-Type' => 'text/html',
39
+ 'WWW-Authenticate' => 'Basic realm="API"'
40
+ }, ["<html><head/><body>Authentication Required</body></html>"]])
41
+ end
11
42
  end
12
43
 
13
44
  # @abstract Base class for http-based authentication methods, e.g.
@@ -31,21 +62,28 @@ class BasicAuth < HttpAuth
31
62
  # @param [Hash,Rack::Request] env Rack environment hash
32
63
  # @param [Hash] rpc JSON-RPC2 call content
33
64
  # @return [true] Returns true or throws :rack_response, [ 401, ... ]
34
- def check(env, rpc)
35
- valid?(env) or
36
- throw(:rack_response, [401, {
37
- 'Content-Type' => 'text/html',
38
- 'WWW-Authenticate' => 'Basic realm="API"'
39
- }, ["<html><head/><body>Authentication Required</body></html>"]])
65
+ def client_check(env, rpc)
66
+ browser_check(env)
40
67
  end
41
68
 
69
+ # Checks that the browser is authorised to access the API (used by HTML API introspection)
70
+ #
71
+ # @param [Hash,Rack::Request] env Rack environment hash
72
+ # @return [true] Returns true or throws :rack_response, [ 401, ... ]
73
+ def browser_check(env)
74
+ valid?(env) or throw_401
75
+ end
76
+
77
+ protected
78
+ # Checks that http auth info is supplied and the username/password combo is valid
79
+ #
80
+ # @param [Hash] env Rack environment
81
+ # @return [Boolean] True if authentication details are ok
42
82
  def valid?(env)
43
- auth = env['HTTP_AUTHORIZATION']
83
+ user, pass = parse_basic_auth(env['HTTP_AUTHORIZATION'])
44
84
 
45
- return false unless auth
85
+ return false unless user && pass
46
86
 
47
- m = /Basic\s+([A-Za-z0-9+\/]+=*)/.match(auth)
48
- user, pass = Base64.decode64(m[1]).split(/:/, 2)
49
87
  user_valid?(user, pass)
50
88
  end
51
89
 
@@ -53,9 +53,9 @@ HTML5
53
53
  def call(interface, request)
54
54
  #require 'pp'; pp interface.about
55
55
 
56
- if interface.auth_with.kind_of?(JSONRPC2::HttpAuth)
56
+ if interface.auth_with
57
57
  response = catch(:rack_response) do
58
- interface.auth_with.check(request.env, {}); nil
58
+ interface.auth_with.browser_check(request.env); nil
59
59
  end
60
60
  return response if response
61
61
  end
@@ -111,7 +111,14 @@ HTML5
111
111
 
112
112
  <hr>
113
113
 
114
+ <div class="row">
115
+ <div class="span6">
114
116
  <h2>Test method</h2>
117
+ </div>
118
+ <div class="span6">
119
+ <h3>Result</h3>
120
+ </div>
121
+ </div>
115
122
  <div class="row">
116
123
  <div class="span6">
117
124
  <form method="POST" action="#{request.script_name}/#{info[:name]}">
@@ -124,10 +131,7 @@ HTML5
124
131
  </form>
125
132
  </div>
126
133
  <div class="span6">
127
- <h3>Result</h3>
128
- <xmp>
129
- #{options[:result]}
130
- </xmp>
134
+ <pre style="white-space: prewrap">#{CGI.escapeHTML(JSON.pretty_unparse(JSON.parse(options[:result])))}</pre>
131
135
  </div>
132
136
  </div>
133
137
 
@@ -45,9 +45,9 @@ class Interface
45
45
  request = Rack::Request.new(environment)
46
46
  catch :rack_response do
47
47
  case JSONRPC2::HTTPUtils.which(environment['HTTP_ACCEPT'], %w[text/html application/json-rpc application/json])
48
- when 'text/html', nil
48
+ when 'text/html'
49
49
  JSONRPC2::HTML.call(self, request)
50
- when 'application/json-rpc', 'application/json'
50
+ when 'application/json-rpc', 'application/json', nil # Assume correct by default
51
51
  environment['rack.input'].rewind
52
52
  data = JSON.parse(environment['rack.input'].read)
53
53
  self.new(environment).rack_dispatch(data)
@@ -76,7 +76,6 @@ class Interface
76
76
  end
77
77
  end
78
78
 
79
- protected
80
79
  # Dispatch call to api method(s)
81
80
  #
82
81
  # @param [Hash,Array] rpc_data Array of calls or Hash containing one call
@@ -89,6 +88,8 @@ class Interface
89
88
  dispatch_single(rpc_data).to_json
90
89
  end
91
90
  end
91
+
92
+ protected
92
93
  # JSON result helper
93
94
  def response_ok(id, result)
94
95
  { 'jsonrpc' => '2.0', 'result' => result, 'id' => id }
@@ -111,7 +112,7 @@ class Interface
111
112
 
112
113
  begin
113
114
  if self.class.auth_with
114
- self.class.auth_with.check(@env, rpc) or raise AuthFail, "Invalid credentials"
115
+ self.class.auth_with.client_check(@env, rpc) or raise AuthFail, "Invalid credentials"
115
116
  end
116
117
 
117
118
  call(rpc['method'], rpc['id'], rpc['params'])
@@ -127,7 +128,7 @@ class Interface
127
128
  #
128
129
  # @return [Array] List of api method names
129
130
  def api_methods
130
- public_methods(false).map(&:to_s) - ['rack_dispatch']
131
+ public_methods(false).map(&:to_s) - ['rack_dispatch', 'dispatch']
131
132
  end
132
133
 
133
134
  # Call method, checking param and return types
@@ -1,5 +1,5 @@
1
1
  # JSONRPC2 namespace module
2
2
  module JSONRPC2
3
3
  # Version
4
- VERSION = "0.0.2"
4
+ VERSION = "0.0.3"
5
5
  end
metadata CHANGED
@@ -1,13 +1,13 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: jsonrpc2
3
3
  version: !ruby/object:Gem::Version
4
- hash: 27
4
+ hash: 25
5
5
  prerelease:
6
6
  segments:
7
7
  - 0
8
8
  - 0
9
- - 2
10
- version: 0.0.2
9
+ - 3
10
+ version: 0.0.3
11
11
  platform: ruby
12
12
  authors:
13
13
  - Geoff Youngs