locked-rb 0.0.1

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: 948c461ae63f6cbe1340d7f915b33a8bc335c9dd422134c4796204b1c433c677
+  data.tar.gz: 653750e9995e9532a458092143792d0cf020b6c898928b18adff742d6d80c2d6
+SHA512:
+  metadata.gz: b3a60f269cd41482a7509805a6d5317371bb8fd89b9bb2c98daef432c2726e7fc3c474f95e34e21b125ad489a496108cef14f7af747623c9a299107f841930ea
+  data.tar.gz: 9c6640642b6742a18a3347463490b47d8d458fded13d9ef0f2df9963da56ffb43e43315b584a4d233d7a8f25f54aad4ce7343f61a966f867cbd3153363ae5219

data/README.md

@@ -0,0 +1,127 @@
+# locked-ruby
+
+[Locked](https://locked.jp) analyzes device, location, and interaction patterns in your web and mobile apps and lets you stop account takeover attacks in real-time..
+
+### Installation
+
+Add the `locked-rb` gem to your `Gemfile`
+
+```
+gem 'locked-rb'
+```
+
+### Configuration
+
+**Framework configuration**
+
+Load and configure the library with your Locked API key in an initializer or similar.
+
+```
+Locked.api_key = 'YOUR_API_KEY'
+```
+
+A Locked client instance will be made available as `locked` in your
+
+* Rails controllers when you add require 'locked/support/rails'
+
+* Padrino controllers when you add require 'locked/support/padrino'
+
+* Sinatra app when you add `require 'locked/support/sinatra'` (and additionally explicitly add register `Sinatra::Locked` to your `Sinatra::Base` class if you have a modular application)
+
+```
+require 'locked/support/sinatra'
+
+class ApplicationController < Sinatra::Base
+  register Sinatra::Locked
+end
+```
+
+* Hanami when you add require 'locked/support/hanami' and include Locked::Hanami to your Hanami application
+require 'locked/support/hanami'
+
+```
+module Web
+  class Application < Hanami::Application
+    include Locked::Hanami
+  end
+end
+```
+
+### Client configuration
+Configure the library in an initializer or similar.
+```
+Locked.configure do |config|
+  # Same as setting it through Locked.api_key
+  config.api_key = 'key'
+
+  # For authenticate method you can set failover strategies: deny (default), allow, verify, throw
+  config.failover_strategy = :deny
+
+  # Locked::RequestError is raised when timing out in milliseconds (default: 1000 milliseconds)
+  config.request_timeout = 2000
+
+  # Whitelisted and Blacklisted headers are case insensitive and allow to use _ and - as a separator, http prefixes are removed
+  # Whitelisted headers
+  config.whitelisted = ['X_HEADER']
+  # or append to default
+  config.whitelisted += ['http-x-header']
+
+  # Blacklisted headers take advantage over whitelisted elements
+  config.blacklisted = ['HTTP-X-header']
+  # or append to default
+  config.blacklisted += ['X_HEADER']
+end
+```
+
+### Authenticating login request
+
+Here is a simple example of authenticating request. The method `locked` is already included in Rails controllers.
+```
+begin
+  locked.authenticate(
+    event: '$login.success',
+    user_id: 1234,
+    user_ip: '1.1.1.1',
+    user_agent: 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063',
+    email: 'example@locked.jp',
+    callback_url: 'https://locked.jp/login/result'
+  )
+rescue Locked::Error => e
+  puts e.message
+end
+```
+
+When using plain Ruby, configure the `Locked` module and initiate a `Locked::Client` instance to use `authenticate` method
+```
+require 'locked-rb'
+Locked.configure do |config|
+  config.api_key = 'key'
+end
+client = Locked::Client.new({})
+client.authenticate(
+  event: '$login.success',
+  user_id: 1234,
+  user_ip: '1.1.1.1',
+  user_agent: 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063',
+  email: 'example@locked.jp',
+  callback_url: 'https://locked.jp/login/result'
+)
+```
+
+And a possible response
+```
+{
+  success: true,
+  status: 200,
+  data: {
+    action: verify,
+    verify_token: 'f7e11d023c78'
+  }
+}
+```
+
+When a user is required to verify his/her login, a `verify_token` is return so that later on your system can identify that user's login session.
+
+### Exceptions
+
+`Locked::Error` will be thrown if the Locked API returns a 400 or a 500 level HTTP response.

data/lib/locked-rb.rb

@@ -0,0 +1,3 @@
+# frozen_string_literal: true
+
+require 'locked'

data/lib/locked.rb

@@ -0,0 +1,60 @@
+# frozen_string_literal: true
+
+%w[
+  openssl
+  net/http
+  json
+  time
+].each(&method(:require))
+
+%w[
+  locked/version
+  locked/errors
+  locked/command
+  locked/utils
+  locked/utils/merger
+  locked/utils/cloner
+  locked/utils/timestamp
+  locked/validators/present
+  locked/validators/not_supported
+  locked/context/merger
+  locked/context/sanitizer
+  locked/context/default
+  locked/commands/identify
+  locked/commands/authenticate
+  locked/commands/review
+  locked/configuration
+  locked/failover_auth_response
+  locked/client
+  locked/header_formatter
+  locked/secure_mode
+  locked/extractors/client_id
+  locked/extractors/headers
+  locked/extractors/ip
+  locked/api/response
+  locked/api/request
+  locked/api/request/build
+  locked/review
+  locked/api
+].each(&method(:require))
+
+# main sdk module
+module Locked
+  class << self
+    def configure(config_hash = nil)
+      (config_hash || {}).each do |config_name, config_value|
+        config.send("#{config_name}=", config_value)
+      end
+
+      yield(config) if block_given?
+    end
+
+    def config
+      @configuration ||= Locked::Configuration.new
+    end
+
+    def api_key=(api_key)
+      config.api_key = api_key
+    end
+  end
+end

data/lib/locked/api.rb

@@ -0,0 +1,40 @@
+# frozen_string_literal: true
+
+module Locked
+  # this class is responsible for making requests to api
+  module API
+    # Errors we handle internally
+    HANDLED_ERRORS = [
+      Timeout::Error,
+      Errno::EINVAL,
+      Errno::ECONNRESET,
+      EOFError,
+      Net::HTTPBadResponse,
+      Net::HTTPHeaderSyntaxError,
+      Net::ProtocolError
+    ].freeze
+
+    private_constant :HANDLED_ERRORS
+
+    class << self
+      def request(command, headers = {})
+        raise Locked::ConfigurationError, 'configuration is not valid' unless Locked.config.valid?
+
+        begin
+          Locked::API::Response.call(
+            Locked::API::Request.call(
+              command,
+              Locked.config.api_key,
+              headers
+            )
+          )
+        rescue *HANDLED_ERRORS => error
+          # @note We need to initialize the error, as the original error is a cause for this
+          # custom exception. If we would do it the default Ruby way, the original error
+          # would get converted into a string
+          raise Locked::RequestError.new(error) # rubocop:disable Style/RaiseArgs
+        end
+      end
+    end
+  end
+end

data/lib/locked/api/request.rb

@@ -0,0 +1,37 @@
+# frozen_string_literal: true
+
+module Locked
+  # this class is responsible for making requests to api
+  module API
+    module Request
+      # Default headers that we add to passed ones
+      DEFAULT_HEADERS = {
+        'Content-Type' => 'application/json'
+      }.freeze
+
+      private_constant :DEFAULT_HEADERS
+
+      class << self
+        def call(command, api_key, headers)
+          http.request(
+            Locked::API::Request::Build.call(
+              command,
+              headers.merge(DEFAULT_HEADERS),
+              api_key
+            )
+          )
+        end
+
+        def http
+          http = Net::HTTP.new(Locked.config.host, Locked.config.port)
+          http.read_timeout = Locked.config.request_timeout / 1000.0
+          if Locked.config.port == 443
+            http.use_ssl = true
+            http.verify_mode = OpenSSL::SSL::VERIFY_PEER
+          end
+          http
+        end
+      end
+    end
+  end
+end

data/lib/locked/api/request/build.rb

@@ -0,0 +1,29 @@
+# frozen_string_literal: true
+
+module Locked
+  module API
+    # generate api request
+    module Request
+      module Build
+        class << self
+          API_KEY_HEADER = 'X-LOCKED-API-KEY'
+          def call(command, headers, api_key)
+            headers[API_KEY_HEADER] = api_key
+            request = Net::HTTP.const_get(
+              command.method.to_s.capitalize
+            ).new("/#{Locked.config.url_prefix}/#{command.path}", headers)
+
+            command.data.delete(:context) # TODO: use context in request
+            unless command.method == :get
+              request.body = ::Locked::Utils.replace_invalid_characters(
+                command.data
+              ).to_json
+            end
+
+            request
+          end
+        end
+      end
+    end
+  end
+end

data/lib/locked/api/response.rb

@@ -0,0 +1,40 @@
+# frozen_string_literal: true
+
+module Locked
+  module API
+    # parses api response
+    module Response
+      RESPONSE_ERRORS = {
+        400 => Locked::BadRequestError,
+        401 => Locked::UnauthorizedError,
+        403 => Locked::ForbiddenError,
+        404 => Locked::NotFoundError,
+        419 => Locked::UserUnauthorizedError,
+        422 => Locked::InvalidParametersError
+      }.freeze
+
+      class << self
+        def call(response)
+          verify!(response)
+
+          return {} if response.body.nil? || response.body.empty?
+
+          begin
+            JSON.parse(response.body, symbolize_names: true)
+          rescue JSON::ParserError
+            raise Locked::ApiError, 'Invalid response from Locked API'
+          end
+        end
+
+        def verify!(response)
+          return if response.code.to_i.between?(200, 299)
+
+          raise Locked::InternalServerError if response.code.to_i.between?(500, 599)
+
+          error = RESPONSE_ERRORS.fetch(response.code.to_i, Locked::ApiError)
+          raise error, response[:message]
+        end
+      end
+    end
+  end
+end

data/lib/locked/client.rb

@@ -0,0 +1,66 @@
+# frozen_string_literal: true
+
+module Locked
+  class Client
+    class << self
+      def from_request(request, options = {})
+        new(
+          to_context(request, options),
+          to_options(options)
+        )
+      end
+
+      def to_context(request, options = {})
+        default_context = Locked::Context::Default.new(request, options[:cookies]).call
+        Locked::Context::Merger.call(default_context, options[:context])
+      end
+
+      def to_options(options = {})
+        options[:timestamp] ||= Locked::Utils::Timestamp.call
+        warn '[DEPRECATION] use user_traits instead of traits key' if options.key?(:traits)
+        options
+      end
+
+      def failover_response_or_raise(failover_response, error)
+        return failover_response.generate unless Locked.config.failover_strategy == :throw
+        raise error
+      end
+    end
+
+    attr_accessor :context
+
+    def initialize(context, options = {})
+      @timestamp = options[:timestamp]
+      @context = context
+    end
+
+    def authenticate(options = {})
+      options = Locked::Utils.deep_symbolize_keys(options || {})
+
+      add_timestamp_if_necessary(options)
+      command = Locked::Commands::Authenticate.new(@context).build(options)
+      begin
+        Locked::API.request(command).merge(failover: false, failover_reason: nil)
+      rescue Locked::RequestError, Locked::InternalServerError => error
+        self.class.failover_response_or_raise(
+          FailoverAuthResponse.new(options[:user_id], reason: error.to_s), error
+        )
+      end
+    end
+
+    def identify(options = {})
+      options = Locked::Utils.deep_symbolize_keys(options || {})
+
+      add_timestamp_if_necessary(options)
+
+      command = Locked::Commands::Identify.new(@context).build(options)
+      Locked::API.request(command)
+    end
+
+    private
+
+    def add_timestamp_if_necessary(options)
+      options[:timestamp] ||= @timestamp if @timestamp
+    end
+  end
+end

data/lib/locked/command.rb

@@ -0,0 +1,5 @@
+# frozen_string_literal: true
+
+module Locked
+  Command = Struct.new(:path, :data, :method)
+end

data/lib/locked/commands/authenticate.rb

@@ -0,0 +1,23 @@
+# frozen_string_literal: true
+
+module Locked
+  module Commands
+    class Authenticate
+      def initialize(context)
+        @context = context
+      end
+
+      def build(options = {})
+        Locked::Validators::Present.call(options, %i[event])
+        context = Locked::Context::Merger.call(@context, options[:context])
+        context = Locked::Context::Sanitizer.call(context)
+
+        Locked::Command.new(
+          'authenticate',
+          options.merge(context: context),
+          :post
+        )
+      end
+    end
+  end
+end