jungle_path 0.0.0

data/lib/jungle_path/api/helpers/defaults.rb

@@ -0,0 +1,83 @@
+require 'rack'
+require 'rack/mobile-detect'
+
+module JunglePath
+	require 'jungle_path/rack/json_body_parser'
+	require 'jungle_path/rack/basic_credentials'
+
+	module API
+		module Helpers
+			module Defaults
+				# default mixin that may be included in your Sinatra application class.
+
+				def set_default_rack_middleware issue_challenge=true
+					use Rack::MobileDetect
+					use Rack::CommonLogger, configatron.application.logger
+					use JunglePath::Rack::JsonBodyParser, true
+					# This is rack middleware that adds 'REMOTE_USER' and 'REMOTE_PASSWORD'
+					# keys with their associated basic auth values to request.env (if present in the HTTP header).
+					# The "Authorization: Basic ..."" header must be present. Looks like this:
+					#     Authorization: Basic QWxhZGRpbjpvcGVuIHNlc2FtZQ==
+					# If this header is missing or incorrect. Error codes are returned.
+					# See basic_credentials.rb for details.
+					use JunglePath::Rack::BasicCredentials::Basic, "Basic Authentication Required.", issue_challenge
+				end
+
+				def set_default_error_handling
+					# These must be disabled to allow error methods to fire.
+					disable :raise_errors
+					disable :show_exceptions
+
+					error JunglePath::Exceptions::MissingRequiredFields do
+						e = env['sinatra.error']
+						trace = e.backtrace.join("\n")
+						logger.error "#{e.message}\n#{trace}."
+						halt 400, e.message
+					end
+
+					error JunglePath::Exceptions::NotFoundException do
+						e = env['sinatra.error']
+						trace = e.backtrace.join("\n")
+						logger.error "#{e.message}\n#{trace}."
+						halt 404, e.message
+					end
+
+					error do
+						e = env['sinatra.error']
+						trace = e.backtrace.join("\n")
+						logger.error "#{e.message}\n#{trace}."
+						halt 500, e.message
+					end
+				end
+
+				def set_default_helpers
+					# standard helpers:
+					helpers JunglePath::API::Helpers::DataCache
+					helpers JunglePath::API::Helpers::Logging
+					helpers JunglePath::API::Helpers::Result
+					helpers JunglePath::API::Helpers::Auth
+					helpers JunglePath::API::Helpers::QueryFilters
+				end
+
+				def set_default_authentication_check
+					before do
+						puts ""
+						puts "::::[request_start: #{Time.now.utc}]::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::"
+						puts "::::[#{request.env['REMOTE_USER']}: #{request.request_method} #{request.url}"
+						puts "(api_helpsers - before do - default authentication check)"
+						puts "[params] #{params.to_h}" if configatron.debug.show_params
+						puts "authenticate..."
+						# These three request paths return user info, so force no_cache = true so that stale user data is not returned!
+						no_cache = request.path_info == '/authenticate' or request.path_info == '/current/user' or request.path_info == '/current/user/auth'
+						puts "authenticate no_cache: #{no_cache}."
+						authenticate no_cache
+					end
+
+					after do
+						puts "[request end]"
+					end
+				end
+			end
+		end
+	end
+end

data/lib/jungle_path/api/helpers/logging.rb

@@ -0,0 +1,36 @@
+require 'zlib'
+require 'logger'
+
+module JunglePath
+	module API
+		module Helpers
+			module Logging
+				def log(info)
+					logger.info info
+					puts info
+				end
+
+				def logger
+					#API.logger
+					Logger.new(configatron.application.logger)
+				end
+
+				def get_log_file_list
+					Dir.entries('logs').map {|n| "#{n.split('.')[0]}.log.gz"}
+				end
+
+				def gzip_log_file filename
+					filename = "#{filename.split('.')[0]}.log"
+					Dir.mkdir('temp') unless File.exists? 'temp'
+					data = File.read(File.join('logs', filename))
+					zfilename = File.join('temp', "#{filename}.gz")
+					Zlib::GzipWriter.open(zfilename) do |gzip|
+						gzip << data
+						gzip.close
+					end
+					zfilename
+				end
+			end
+		end
+	end
+end

data/lib/jungle_path/api/helpers/query_filters.rb

@@ -0,0 +1,15 @@
+module JunglePath
+	module API
+		module Helpers
+			module QueryFilters
+				def app_defined_query_filters
+					# override (redefine) or replace this as needed to define your own query filters.
+					# make sure your redefine happens after this code runs and before
+					# the authentication check (the call to "authenticate" (APIHelpers::Auth.authenticate)).
+					#puts "default query_filters..."
+					[]
+				end
+			end
+		end
+	end
+end

data/lib/jungle_path/api/helpers/rescues.rb

@@ -0,0 +1,15 @@
+require 'rack'
+
+module JunglePath
+	module API
+		module Helpers
+			module Rescues
+				def self.handle_not_found(e)
+					response = {error_code: 404, error_message: e.message}.to_json
+					log response
+					Rack::Response.new(response, 404).finish
+				end
+			end
+		end
+	end
+end

data/lib/jungle_path/api/helpers/result.rb

@@ -0,0 +1,16 @@
+require 'jungle_path/json'
+
+module JunglePath
+	module API
+		module Helpers
+			module Result
+				def handle_result(item)
+					# handles the api result (converts to json).
+					halt 404 unless item
+					return JunglePath::Json.dump item if item.class == Array or item.class == Hash
+					return item.to_json if item
+				end
+			end
+		end
+	end
+end

data/lib/jungle_path/api/helpers/standard_apis.rb

@@ -0,0 +1,280 @@
+module JunglePath
+	module API
+		module Helpers
+			module StandardAPIs
+				def set_standard_api_default_html_page
+					get '/' do
+						send_file './public/index.html'
+					end
+				end
+
+				def set_standard_api_query
+					post '/query' do
+						result = {}
+
+						query = params[:query]
+
+						#default to true:
+						temp = params[:apply_limit_offset_to_sql]
+						if temp == nil
+							apply_limit_offset_to_sql = true
+						else
+							apply_limit_offset_to_sql = JunglePath::DBModel::Params.to_bool(temp)
+						end
+
+						##default to false: (will be false if nil).
+						#apply_limit_offset_to_sql = DBModel::Params.to_bool(params[:apply_limit_offset_to_sql])
+
+						result[:query] = query
+						log "\napply_limit_offset_to_sql: #{apply_limit_offset_to_sql}."
+						log "\nuql query:\n\n#{query}."
+						log ""
+						# todo: pass generated node tree instead of models:
+						#engine = Query::Engine.new(Schema::Base.models, current_user, apply_limit_offset_to_sql)
+						node_tree = current_auth.schema_node_tree
+						puts "node_tree: #{node_tree.to_str}."
+						engine = Query::Engine.new(node_tree, current_user, apply_limit_offset_to_sql)
+						puts "zzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzz"
+						q = engine.get_query_from_string(query)
+						result[:sql] = q.sql
+						result[:sql_parameter_values] = q.values
+
+						log "sql query:\n\n#{q.sql}."
+						log ""
+						#log "sql parameter values: #{q.values}."
+						#log ""
+
+						data = Query::Engine.run(q, db.base)
+						result[:data] = data
+						#puts data
+
+						result[:count] = data.length
+						#log "results count: #{data.length}."
+						#log ""
+
+						handle_result(result)
+					end
+				end
+
+				def set_standard_forward_api
+					get '/forward/:target/*' do
+						#log "forward get"
+						target = params[:target]
+						splat = params[:splat].join('/')
+						host = nil
+						#log "forward target: #{target}."
+						#log "forward splat: #{splat}."
+						user_name = request.env['REMOTE_USER']
+						#log "forward user_name: #{user_name}"
+						host, port, user_name, password = APIHelpers::StandardAPIs.get_forward_host target
+						if host
+							response = Remote.get user_name, password, host, port, "/#{splat}"
+							#log "response: #{response}."
+							if response.code == 200
+								response = JsonWrap.load(response.to_s)
+							else
+								halt response.to_a
+							end
+						else
+							raise ArgumentError.new("Invalid forward GET target: \"#{target}\".")
+						end
+						handle_result(response)
+					end
+
+					post '/forward/:target/*' do
+						#log "forward post"
+						target = params[:target]
+						splat = params[:splat].join('/')
+						host = nil
+						#log "forward target: #{target}."
+						#log "forward splat: #{splat}."
+						user_name = request.env['REMOTE_USER']
+						#log "forward user_name: #{user_name}"
+						host, port, user_name, password = APIHelpers::StandardAPIs.get_forward_host target
+						if host
+							response = Remote.post user_name, password, host, port, "/#{splat}", params
+							#log "response: #{response}."
+							if response.code == 200
+								response = JsonWrap.load(response.to_s)
+							else
+								halt response.to_a
+							end
+						else
+							raise ArgumentError.new("Invalid forward POST target: \"#{target}\".")
+						end
+						handle_result(response)
+					end
+
+					put '/forward/:target/*' do
+						#log "forward post"
+						target = params[:target]
+						splat = params[:splat].join('/')
+						host = nil
+						#log "forward target: #{target}."
+						#log "forward splat: #{splat}."
+						user_name = request.env['REMOTE_USER']
+						#log "forward user_name: #{user_name}"
+						host, port, user_name, password = APIHelpers::StandardAPIs.get_forward_host target
+						if host
+							response = Remote.put user_name, password, host, port, "/#{splat}", params
+							#log "response: #{response}."
+							response = JsonWrap.load(response.to_s) if response.code == 200
+						else
+							raise ArgumentError.new("Invalid forward POST target: \"#{target}\".")
+						end
+						handle_result(response)
+					end
+
+					delete '/forward/:target/*' do
+						#log "forward post"
+						target = params[:target]
+						splat = params[:splat].join('/')
+						host = nil
+						#log "forward target: #{target}."
+						#log "forward splat: #{splat}."
+						user_name = request.env['REMOTE_USER']
+						#log "forward user_name: #{user_name}"
+						host, port, user_name, password = APIHelpers::StandardAPIs.get_forward_host target
+						if host
+							response = Remote.delete user_name, password, host, port, "/#{splat}"
+							#log "response: #{response}."
+							response = JsonWrap.load(response.to_s) if response.code == 200
+						else
+							raise ArgumentError.new("Invalid forward POST target: \"#{target}\".")
+						end
+						handle_result(response)
+					end
+				end
+
+				def self.get_forward_host target
+					if target == 'gbwho'
+						host = configatron.who.host
+						port = configatron.who.port
+						user_name = configatron.who.user_name
+						password = configatron.who.password
+					elsif target == 'gbwhat'
+						host = configatron.what.host
+						port = configatron.what.port
+						user_name = request.env['REMOTE_USER']
+						password = request.env['REMOTE_PASSWORD']
+					end
+					return host, port, user_name, password
+				end
+
+				def set_standard_api_sample_queries_list
+					get '/v1/sample/queries' do
+						files = Dir["./public/query/queries/*.uql"]
+						files = files.map {|n| n.split('/').pop().split('.')[0] }
+						files.sort!
+						handle_result(files)
+					end
+				end
+
+				def set_standard_api_get_log_file_list
+					get '/logs' do
+						handle_result get_log_file_list
+					end
+				end
+
+				def set_standard_api_get_log_file
+					get '/logs/:filename' do
+						send_file(gzip_log_file(params[:filename]))
+					end
+				end
+
+				def set_standard_users_api
+					get '/users/:user_name/:password' do
+						#puts "get '/users/:user_name/:password'"
+						user = get_any_user(params[:user_name], params[:password])
+						puts "user.is_valid: #{(user and user.is_valid)}"
+						return handle_result(user) if (user and user.is_valid)
+						handle_result(nil)
+					end
+
+					delete '/users/:id' do
+						user_id = params[:id].to_i
+						puts "delete: /users/#{user_id}"
+						if user_id == current_user.id
+							halt 403, "Self deletion not allowed."
+						end
+						handle_result(Controller::User.new(current_user, current_key, params, db).delete)
+					end
+				end
+
+				def set_standard_keys_api
+					get '/test' do
+						puts "valid_user: #{valid_user}"
+					end
+
+					delete '/keys/:id' do
+						key_id = params[:id]
+						#puts "delete /keys/#{key_id}"
+						if key_id == current_key.id
+							halt 403, "Self deletion of key not allowed."
+						end
+						handle_result(Controller::Key.new(current_user, current_key, params, db).delete)
+					end
+
+					begin # authorization
+						get '/current/user' do
+							result = {user: current_user, key: current_key, roles: current_roles}
+							puts "current/user: #{result}."
+							puts "current_key.key: #{current_key.key}."
+							handle_result(result)
+						end
+
+						get '/current/user/auth' do
+							message = {
+								user_id: current_user.id,
+								user_name: current_user.user_name,
+								key_id: current_key.id,
+								key_name: current_key.name,
+								key_value: current_key.key,
+								roles: current_auth.roles,
+								permissions: current_auth.permissions,
+								restrictions: current_auth.restrictions,
+								query_filters: current_user.query_filters
+							}
+							handle_result message
+						end
+
+						get '/roles/key/:id' do
+							key = Schema::Key.new(params, false, true)
+							roles = SQL::Role.by_key(db, key)
+							handle_result(roles)
+						end
+					end
+
+					begin # api_keys gets
+						get '/keys/:key' do
+							pass if params['key'].match(/^\d+$/) # if key is an integer goto route /api_keys/:id
+							handle_result(Controller::Key.new(current_user, current_key, params, db).select_by_key)
+						end
+
+						get '/keys/user/:user_id' do
+							# get the api keys for this user.
+							handle_result(Controller::Key.new(current_user, current_key, params, db).select_by_user)
+						end
+
+						get '/keys/user/:user_id/default' do
+							# get the default api keys for this user.
+							handle_result(Controller::Key.new(current_user, current_key, params, db).select_default_by_user)
+						end
+
+						get '/keys/user/:user_id/application/:application_id' do
+							# get the api keys for this user for this application.
+							handle_result(Controller::Key.new(current_user, current_key, params, db).select_by_user)
+						end
+
+						get '/keys/user/:user_id/application/:application_id/default' do
+							# get the default api keys for this user for this application.
+							result = Controller::Key.new(current_user, current_key, params, db).select_default_by_user
+							#puts "result: #{result}."
+							handle_result(result)
+						end
+					end
+				end
+			end
+		end
+	end
+end

data/lib/jungle_path/api/helpers.rb

@@ -0,0 +1,16 @@
+module JunglePath
+	module API
+		module Helpers
+			require 'jungle_path/api/helpers/logging'
+			require 'jungle_path/api/helpers/rescues'
+			require 'jungle_path/api/helpers/auth'
+			require 'jungle_path/api/helpers/auth_local_user'
+			require 'jungle_path/api/helpers/auth_old'
+			require 'jungle_path/api/helpers/result'
+			require 'jungle_path/api/helpers/query_filters'
+			require 'jungle_path/api/helpers/standard_apis'
+			require 'jungle_path/api/helpers/defaults'
+			require 'jungle_path/api/helpers/data_cache'
+		end
+	end
+end

data/lib/jungle_path/api/template.erb

@@ -0,0 +1,35 @@
+<% # api_template.erb %>
+<%= "#This file was generated using the ../lib/api_template.erb. Do not modify directly." %>
+require 'sinatra/base'
+require_relative '../db/db'
+require_relative '../schemas/schema'
+require_relative 'server_base'
+require_relative '../controllers/controller'
+
+module <%= name_space %>
+  class API < <%= name_space %>::BaseAPI
+    <% for table in tables %>
+    begin # <%= table.plural_table_name %>
+      get '/<%= table.plural_table_name %>' do
+        handle_result(<%= controller_name_space %>::<%= table.name.split('::').last %>.new(current_user, current_key, params, db).select)
+      end
+
+      get '/<%= table.plural_table_name %><%= table.template_pk_url %>' do
+        handle_result(<%= controller_name_space %>::<%= table.name.split('::').last %>.new(current_user, current_key, params, db).select)
+      end
+
+      post '/<%= table.plural_table_name %>' do
+        handle_result(<%= controller_name_space %>::<%= table.name.split('::').last %>.new(current_user, current_key, params, db).insert)
+      end
+
+      put '/<%= table.plural_table_name %><%= table.template_pk_url %>' do
+        handle_result(<%= controller_name_space %>::<%= table.name.split('::').last %>.new(current_user, current_key, params, db).update)
+      end
+
+      delete '/<%= table.plural_table_name %><%= table.template_pk_url %>' do
+        handle_result(<%= controller_name_space %>::<%= table.name.split('::').last %>.new(current_user, current_key, params, db).delete)
+      end
+    end
+    <% end %>
+  end
+end

data/lib/jungle_path/api.rb

@@ -0,0 +1,5 @@
+module JunglePath
+	module API
+		require 'jungle_path/api/helpers'
+	end
+end

data/lib/jungle_path/app/a.gitignore

@@ -0,0 +1 @@
+logs/

data/lib/jungle_path/app/api/server_base.rb

@@ -0,0 +1,95 @@
+require 'rack'
+require 'sinatra/base'
+require 'jungle_path/json'
+require 'jungle_path/api/helpers'
+require 'jungle_path/authentication/auth_provider'
+require 'jungle_path/authentication/data_provider'
+require 'jungle_path/query/filter'
+
+
+#require_relative '../config/base_config'
+#require_relative '../../lib/basic_credentials'
+#require_relative '../../lib/sql'
+#require_relative '../../lib/api_helpers'
+#require_relative '../../lib/authorization'
+#require_relative '../db/db'
+#require_relative '../schemas/schema'
+#require_relative '../auth/authorization'
+
+module Server
+  #class BaseAPI < Sinatra::Application
+  class BaseAPI < Sinatra::Base
+    configure do
+      set :public_folder, configatron.application.public_dir
+      set :root, configatron.application.root_dir
+      set :dump_errors, true
+      set :sessions, false
+      set :logging, true
+      mime_type :uql, 'text' #for sample queries.
+      set :static, true
+      puts "settings.root: #{settings.root}"
+      puts "settings.public_folder: #{settings.public_folder}"
+    end
+
+    # Turns off "X-Frame-Options: SAMEORIGIN" http response header:
+    #set :protection, :except => :frame_options
+
+    extend JunglePath::API::Helpers::Defaults
+    extend JunglePath::API::Helpers::StandardAPIs
+
+		# Your own:
+    #extend ServerAPI::Authorization
+
+    def self.inherited(subclass)
+      super
+      subclass.instance_eval do
+        set_default_rack_middleware false
+        set_default_error_handling
+
+        helpers JunglePath::API::Helpers::DataCache
+        helpers JunglePath::API::Helpers::Logging
+        helpers JunglePath::API::Helpers::Result
+        helpers JunglePath::API::Helpers::Auth
+        helpers Server::Base::Database
+
+				# Your own:
+        #set_authorization
+
+        set_standard_api_get_log_file_list
+        set_standard_api_get_log_file
+        set_standard_api_query
+      end
+    end
+
+    after do
+      GC.start
+    end
+
+    before do
+      puts ""
+      puts "[request_start: #{Time.now.utc}]::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::"
+      puts "[#{request.env['REMOTE_USER']}: #{request.request_method} #{request.url}"
+      puts "(base_api - before do - authentication check)"
+      puts "[params] #{params.to_h}" if configatron.debug.show_params
+      if ServerAPI::Authorization.is_open_path?(request, configatron)
+        puts "is open path: #{request.path_info}"
+      else
+        puts "is secured path: #{request.path_info}"
+        # These three request paths return user info, so force no_cache = true so that stale user data is not returned!
+        no_cache = (request.path_info == '/authenticate' or request.path_info == '/current/user' or request.path_info == '/current/user/auth')
+        puts "authenticate no_cache: #{no_cache}."
+        auth_provider = JunglePath::Authentication::AuthProvider::Default.new
+        data_provider = JunglePath::Authentication::DataProvider::Default.new
+        JunglePath::API::Helpers::Auth.authenticate auth_provider, data_provider, no_cache
+      end
+    end
+
+    module Database
+      def db
+        ServerAPI::DB.instance
+      end
+    end
+
+    end
+  end
+end