leash-sdk 0.2.0 → 0.3.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: c1c51a2f51cd93a5950ac251adab5eeb1b1787175732dd4e4804574175cf699e
-  data.tar.gz: 9fc45a6f2808e76f84b1f82c38891c1085865cdd97f6ad31663d8ef9683f923a
+  metadata.gz: 43e34f3d6e756f73f7612d2386e8e8db0b8db9ebcd02497e840617d5136ee83c
+  data.tar.gz: b8065f2e37c1218b01c0dd88ef363694762359338167d9e2defa232976efe2d9
 SHA512:
-  metadata.gz: 972c62c6db4c16b31b64fcfe7b8e2d60e27fb708e306801f3d895351c5f7f75c09a83c6a2a5b7a89bbe886cf41c5136b031a8b27f2509287198c004d572d6d95
-  data.tar.gz: 9802de6dea20a65d7cd196fc50b4ebc67ebbd489fa57c53ae19a0cc6d4ffb928faa62e34c2560403f7f0746aba24f68747111d6afa24aad0887b1601b95d26ea
+  metadata.gz: cfedee526258e982cf6220618965ac55d7adfcb054ea325510ef74d174765eb956cb8e2eeefcb031ce02af5d8645cf239b9de61f23995cad5ae60139d97b74b3
+  data.tar.gz: a6693f07510e34bd6f39fe4c0d3815a0266088b8cc7c8609d6075f4624be27f0d989384274efb2bf658ac60b3f42b33d2b5962f0550f6599f1787c40169e1e47

data/README.md

@@ -1,18 +1,18 @@
 # Leash SDK for Ruby
 
-Ruby SDK for the [Leash](https://leash.build) platform integrations API. Access Gmail, Google Calendar, Google Drive, and more through the Leash platform proxy.
+Ruby SDK for Leash-hosted integrations.
 
-## Installation
+Use it to call Gmail, Google Calendar, Google Drive, and custom provider actions through the Leash platform proxy.
 
-Add to your Gemfile:
+## Installation
 
 ```ruby
 gem "leash-sdk"
 ```
 
-Or install directly:
+or:
 
-```
+```bash
 gem install leash-sdk
 ```
 
@@ -21,120 +21,40 @@ gem install leash-sdk
 ```ruby
 require "leash"
 
-client = Leash::Integrations.new(auth_token: ENV["LEASH_AUTH_TOKEN"])
-
-# Gmail
-messages = client.gmail.list_messages(query: "is:unread", max_results: 10)
-message  = client.gmail.get_message("msg_id_123")
-client.gmail.send_message(to: "friend@example.com", subject: "Hello", body: "Hi there!")
-labels = client.gmail.list_labels
-
-# Google Calendar
-calendars = client.calendar.list_calendars
-events    = client.calendar.list_events(
-  time_min: "2026-04-10T00:00:00Z",
-  time_max: "2026-04-17T00:00:00Z",
-  single_events: true,
-  order_by: "startTime"
-)
-client.calendar.create_event(
-  summary: "Team standup",
-  start: { "dateTime" => "2026-04-11T09:00:00-04:00" },
-  end_time: { "dateTime" => "2026-04-11T09:30:00-04:00" }
+client = Leash::Integrations.new(
+  auth_token: ENV["LEASH_AUTH_TOKEN"],
+  api_key: ENV["LEASH_API_KEY"]
 )
 
-# Google Drive
-files = client.drive.list_files
-file  = client.drive.get_file("file_id_123")
-results = client.drive.search_files("quarterly report", max_results: 5)
-```
-
-## Connection Management
-
-```ruby
-# Check if a provider is connected
-client.connected?("gmail")  # => true/false
-
-# Get all connections
-client.connections  # => [{ "providerId" => "gmail", "status" => "active", ... }]
-
-# Get OAuth connect URL (for UI buttons)
-url = client.connect_url("gmail", return_url: "https://myapp.com/settings")
-```
-
-## Error Handling
-
-```ruby
-begin
-  client.gmail.list_messages
-rescue Leash::NotConnectedError => e
-  # Redirect user to connect: e.connect_url
-  puts "Please connect Gmail: #{e.connect_url}"
-rescue Leash::TokenExpiredError => e
-  # Token needs refresh: e.connect_url
-  puts "Token expired, reconnect: #{e.connect_url}"
-rescue Leash::Error => e
-  # General API error
-  puts "Error (#{e.code}): #{e.message}"
+if client.connected?("gmail")
+  messages = client.gmail.list_messages(max_results: 5)
+  puts messages
+else
+  puts client.connect_url("gmail", return_url: "https://myapp.example.com/settings")
 end
 ```
 
-## Configuration
-
-```ruby
-# Custom platform URL
-client = Leash::Integrations.new(
-  auth_token: "your-token",
-  platform_url: "https://your-instance.leash.build"
-)
-```
-
-## API Reference
-
-### `Leash::Integrations.new(auth_token:, platform_url: "https://leash.build")`
-
-Creates a new client instance.
-
-### Gmail (`client.gmail`)
-
-| Method | Description |
-|--------|-------------|
-| `list_messages(query:, max_results:, label_ids:, page_token:)` | List messages |
-| `get_message(message_id, format:)` | Get a message by ID |
-| `send_message(to:, subject:, body:, cc:, bcc:)` | Send an email |
-| `search_messages(query, max_results:)` | Search messages |
-| `list_labels` | List all labels |
-
-### Calendar (`client.calendar`)
-
-| Method | Description |
-|--------|-------------|
-| `list_calendars` | List all calendars |
-| `list_events(calendar_id:, time_min:, time_max:, max_results:, single_events:, order_by:)` | List events |
-| `create_event(summary:, start:, end_time:, calendar_id:, description:, location:, attendees:)` | Create an event |
-| `get_event(event_id, calendar_id:)` | Get an event by ID |
-
-### Drive (`client.drive`)
+## Default Platform URL
 
-| Method | Description |
-|--------|-------------|
-| `list_files(query:, max_results:, folder_id:)` | List files |
-| `get_file(file_id)` | Get file metadata |
-| `search_files(query, max_results:)` | Search files |
+- `https://leash.build`
 
-### Connections
+## Features
 
-| Method | Description |
-|--------|-------------|
-| `connected?(provider_id)` | Check if provider is connected |
-| `connections` | Get all connection statuses |
-| `connect_url(provider_id, return_url:)` | Get OAuth connect URL |
+- Gmail
+- Google Calendar
+- Google Drive
+- connection status lookup
+- connect URL generation
+- generic provider calls
+- custom integration calls
+- app env fetch and caching
 
-## Requirements
+## Notes
 
-- Ruby >= 3.0
-- No external dependencies (uses stdlib `net/http`, `json`, `uri`)
+- `auth_token` should be a valid Leash platform JWT
+- `api_key` is optional, but useful for app-scoped access
+- OAuth token handling remains a platform concern
 
 ## License
 
-MIT
+Apache-2.0

data/leash-sdk.gemspec

@@ -21,5 +21,5 @@ Gem::Specification.new do |spec|
   spec.files = Dir["lib/**/*.rb"] + ["leash-sdk.gemspec", "Gemfile", "README.md", "LICENSE"]
   spec.require_paths = ["lib"]
 
-  # No runtime dependencies -- stdlib only (net/http, json, uri).
+  spec.add_dependency "jwt", ">= 2.7"
 end

data/lib/leash/auth.rb

@@ -0,0 +1,141 @@
+# frozen_string_literal: true
+
+require "jwt"
+require_relative "errors"
+
+module Leash
+  # Raised when authentication fails (missing cookie, invalid/expired token, etc.)
+  class AuthError < Error
+    def initialize(message = "Authentication failed")
+      super(message, code: "auth_error")
+    end
+  end
+
+  # Simple value object representing an authenticated Leash user.
+  class User
+    attr_reader :id, :email, :name, :picture
+
+    # @param id [String]
+    # @param email [String]
+    # @param name [String, nil]
+    # @param picture [String, nil]
+    def initialize(id:, email:, name: nil, picture: nil)
+      @id = id
+      @email = email
+      @name = name
+      @picture = picture
+    end
+
+    def ==(other)
+      other.is_a?(User) &&
+        id == other.id &&
+        email == other.email &&
+        name == other.name &&
+        picture == other.picture
+    end
+  end
+
+  # Framework-agnostic server auth helper.
+  #
+  # Works with any request object that exposes either:
+  #   - request.cookies (Hash) — Rack / Rails / Sinatra
+  #   - request.env['HTTP_COOKIE'] or request.get_header('HTTP_COOKIE') — raw Rack env
+  #
+  # Does NOT require rails, sinatra, or rack.
+  module Auth
+    COOKIE_NAME = "leash-auth"
+
+    module_function
+
+    # Read the leash-auth JWT from the request, decode it, and return a {Leash::User}.
+    #
+    # @param request [#cookies, #env, #get_header] any Rack-like request object
+    # @return [Leash::User]
+    # @raise [Leash::AuthError] when the cookie is missing or the token is invalid/expired
+    def get_user(request)
+      token = extract_token(request)
+      raise AuthError, "Missing leash-auth cookie" if token.nil? || token.empty?
+
+      payload = decode_token(token)
+      build_user(payload)
+    end
+
+    # Check whether the request carries a valid leash-auth cookie.
+    #
+    # @param request [#cookies, #env, #get_header]
+    # @return [Boolean]
+    def authenticated?(request)
+      get_user(request)
+      true
+    rescue AuthError
+      false
+    end
+
+    # @api private
+    def extract_token(request)
+      # Strategy 1: request.cookies hash (Rack / Rails / Sinatra)
+      if request.respond_to?(:cookies)
+        cookies = request.cookies
+        if cookies.is_a?(Hash)
+          value = cookies[COOKIE_NAME] || cookies[COOKIE_NAME.to_sym]
+          return value if value
+        end
+      end
+
+      # Strategy 2: raw Cookie header from env or get_header
+      raw = nil
+      if request.respond_to?(:env) && request.env.is_a?(Hash)
+        raw = request.env["HTTP_COOKIE"]
+      end
+      if raw.nil? && request.respond_to?(:get_header)
+        begin
+          raw = request.get_header("HTTP_COOKIE")
+        rescue StandardError
+          nil
+        end
+      end
+
+      parse_cookie_header(raw) if raw
+    end
+
+    # @api private
+    def parse_cookie_header(header)
+      return nil if header.nil?
+
+      header.split(";").each do |pair|
+        key, value = pair.strip.split("=", 2)
+        return value if key == COOKIE_NAME
+      end
+      nil
+    end
+
+    # @api private
+    def decode_token(token)
+      secret = ENV["LEASH_JWT_SECRET"]
+      if secret && !secret.empty?
+        decoded = JWT.decode(token, secret, true, algorithms: ["HS256"])
+      else
+        decoded = JWT.decode(token, nil, false)
+      end
+      decoded.first
+    rescue JWT::ExpiredSignature
+      raise AuthError, "Token has expired"
+    rescue JWT::DecodeError => e
+      raise AuthError, "Invalid token: #{e.message}"
+    end
+
+    # @api private
+    def build_user(payload)
+      id = payload["id"] || payload["sub"]
+      email = payload["email"]
+      raise AuthError, "Token payload missing required fields (id/sub, email)" unless id && email
+
+      User.new(
+        id: id,
+        email: email,
+        name: payload["name"],
+        picture: payload["picture"]
+      )
+    end
+  end
+end

data/lib/leash.rb

@@ -1,7 +1,8 @@
 # frozen_string_literal: true
 
 require_relative "leash/integrations"
+require_relative "leash/auth"
 
 module Leash
-  VERSION = "0.2.0"
+  VERSION = "0.3.0"
 end

metadata

@@ -1,15 +1,29 @@
 --- !ruby/object:Gem::Specification
 name: leash-sdk
 version: !ruby/object:Gem::Version
-  version: 0.2.0
+  version: 0.3.0
 platform: ruby
 authors:
 - Leash
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2026-04-14 00:00:00.000000000 Z
-dependencies: []
+date: 2026-04-19 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: jwt
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '2.7'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '2.7'
 description: Access Gmail, Google Calendar, Google Drive, and more through the Leash
   platform proxy. No API keys needed -- uses your Leash auth token.
 email:
@@ -23,6 +37,7 @@ files:
 - README.md
 - leash-sdk.gemspec
 - lib/leash.rb
+- lib/leash/auth.rb
 - lib/leash/calendar.rb
 - lib/leash/custom_integration.rb
 - lib/leash/drive.rb