magic-admin 0.0.0 → 0.1.0

data/lib/magic-admin/http/request.rb

@@ -0,0 +1,89 @@
+# frozen_string_literal: true
+
+module MagicAdmin
+
+  module Http
+
+    # Http Request and its methods are accessible
+    # on the Magic instance by the http_client.http_request attribute.
+    # It provides methods to interact with the http_request.
+    class Request
+
+      class << self
+        # Description:
+        #   Method configure request object and provides request object
+        #   based on method argument.
+        #
+        # Arguments:
+        #   method: http method
+        #   url: get request url
+        #   options: a hash contains params and headers for request
+        #
+        # Returns:
+        #   A request object.
+        def request(method, url, options)
+          case method
+          when :get, "get" then new.get(url, options)
+          when :post, "post" then new.post(url, options)
+          else
+            raise APIError.new("Request method not supported.", { http_method: method })
+          end
+        end
+      end
+
+      # Description:
+      #   Method configure request object and provides you get request object.
+      #
+      # Arguments:
+      #   url: get request url
+      #   options: a hash contains params and headers for request
+      #
+      # Returns:
+      #   A get request object.
+      def get(url, options)
+        headers = options[:headers] || {}
+        params = options[:params] || {}
+        url = url_with_params(url, params)
+        req = Net::HTTP::Get.new(url)
+        request_with_headers(req, headers)
+      end
+
+      # Description:
+      #   Method configure request object and provides you post request object.
+      #
+      # Arguments:
+      #   url: post request url
+      #   options: a hash contains params and headers for request
+      #
+      # Returns:
+      #   A post request object.
+      def post(url, options)
+        headers = options[:headers] || {}
+        params = options[:params] || {}
+        req = Net::HTTP::Post.new(url)
+        req = request_with_headers(req, headers)
+        request_with_params(req, params)
+      end
+
+      private
+
+      def request_with_headers(req, headers)
+        headers.each do |key, val|
+          req[key.to_s] = val
+        end
+        req
+      end
+
+      def url_with_params(url, params)
+        url.query = URI.encode_www_form(params)
+        url
+      end
+
+      def request_with_params(req, params)
+        req.body = params.to_json
+        req
+      end
+
+    end
+  end
+end

data/lib/magic-admin/http/response.rb

@@ -0,0 +1,95 @@
+# frozen_string_literal: true
+
+module MagicAdmin
+
+  module Http
+
+    # Http Request and its methods are accessible
+    # on the Magic instance by the http_client.http_request attribute.
+    # It provides methods to interact with the http_request.
+    class Response
+
+      # attribute reader for response data
+      attr_reader :data
+
+      # attribute reader for response body
+      attr_reader :content
+
+      # attribute reader for response status_code
+      attr_reader :status_code
+
+      # Description:
+      #   Method parse Magic API response
+      #
+      # Arguments:
+      #   http_resp: Magic API response.
+      #   request: request object.
+      #
+      # Returns:
+      #   A HTTP Response object or raise an error
+      def self.from_net_http(http_resp, request)
+        resp = Response.new(http_resp)
+        error = case http_resp
+                when Net::HTTPUnauthorized then AuthenticationError
+                when Net::HTTPBadRequest then BadRequestError
+                when Net::HTTPForbidden then ForbiddenError
+                when Net::HTTPTooManyRequests then RateLimitingError
+                when Net::HTTPServerError then APIError
+                when Net::HTTPGatewayTimeout then APIError
+                when Net::HTTPServiceUnavailable then APIError
+                when Net::HTTPBadGateway then APIError
+                end
+        return resp unless error
+
+        raise error.new(resp.data[:message], resp.error_opt(request))
+      end
+
+      # The constructor allows you to create HTTP Response Object
+      # when your application interacting with the Magic API
+      #
+      # Arguments:
+      #   http_resp: Magic API response.
+      #
+      # Returns:
+      #   A HTTP Response object that provides access to
+      #   all the supported resources.
+      #
+      # Examples:
+      #   Response.new(<http_resp>)
+      def initialize(http_resp)
+        @content = http_resp.body
+        @data = JSON.parse(http_resp.body, symbolize_names: true)
+        @status_code = http_resp.code.to_i
+      end
+
+      # Description:
+      #   Method provides you error info hash
+      #
+      # Arguments:
+      #   request: request object.
+      #
+      # Returns:
+      #   hash with following keys.
+      #   http_status:
+      #   status_code:
+      #   http_response:
+      #   http_message:
+      #   http_error_code:
+      #   http_request_params:
+      #   http_request_header:
+      #   http_method:
+      def error_opt(request)
+        {
+          http_status: data[:status],
+          http_code: status_code,
+          http_response: content,
+          http_message: data[:message],
+          http_error_code: data[:error_code],
+          http_request_params: request.body,
+          http_method: request.method
+        }
+      end
+
+    end
+  end
+end

data/lib/magic-admin/resource/token.rb

@@ -0,0 +1,146 @@
+# frozen_string_literal: true
+
+module MagicAdmin
+
+  module Resource
+
+    # The token resource and its methods are accessible
+    # on the Magic instance by the Token attribute.
+    # It provides methods to interact with the DID Token.
+    class Token
+
+      # Description:
+      #   Method validate did_token
+      #
+      # Arguments:
+      #   did_token: A DID Token generated by a Magic user on the client-side.
+      #
+      # Returns:
+      #   true or raise an error
+      def validate(did_token)
+        time = Time.now.to_i
+        proof, claim = decode(did_token)
+        rec_address = rec_pub_address(claim, proof)
+
+        validate_public_address!(rec_address, did_token)
+        validate_claim_fields!(claim)
+        validate_claim_ext!(time, claim["ext"])
+        validate_claim_nbf!(time, claim["nbf"])
+      end
+
+      # Description:
+      #   Method Decodes a DID Token from a Base64 string into
+      #   a tuple of its individual components: proof and claim.
+      #   This method allows you decode the DID Token
+      #   and inspect the token
+      #
+      # Arguments:
+      #   did_token: A DID Token generated by a Magic user on the client-side.
+      #
+      # Returns:
+      #   An array containing proof and claim or raise an error
+      def decode(did_token)
+        proof = nil
+        claim = nil
+        begin
+          token_array = JSON.parse(base64_decode(did_token))
+          proof = token_array[0]
+          claim = JSON.parse(token_array[1])
+          validate_claim_fields!(claim)
+        rescue JSON::ParserError, ArgumentError
+          raise DIDTokenError, "DID Token is malformed"
+        end
+        [proof, claim]
+      end
+
+      # Description:
+      #   Method parse public_address and extract issuer
+      #
+      # Arguments:
+      #   public_address: Cryptographic public address of the Magic User.
+      #
+      # Returns:
+      #   issuer info
+      def construct_issuer_with_public_address(public_address)
+        "did:ethr:#{public_address}"
+      end
+
+      # Description:
+      #   Method parse did_token and extract issuer
+      #
+      # Arguments:
+      #   did_token: A DID Token generated by a Magic user on the client-side.
+      #
+      # Returns:
+      #   issuer info
+      def get_issuer(did_token)
+        decode(did_token).last["iss"]
+      end
+
+      # Description:
+      #   Method parse did_token and extract  cryptographic public_address
+      #
+      # Arguments:
+      #   did_token: A DID Token generated by a Magic user on the client-side.
+      #
+      # Returns:
+      #   cryptographic public address of the Magic User
+      #   who generated the supplied DID Token.
+      def get_public_address(did_token)
+        get_issuer(did_token).split(":").last
+      end
+
+      private
+
+      def base64_decode(did_token)
+        Base64.urlsafe_decode64(did_token)
+      end
+
+      def personal_recover(claim, proof)
+        Eth::Key.personal_recover(JSON.dump(claim), proof)
+      end
+
+      def rec_pub_address(claim, proof)
+        Eth::Utils.public_key_to_address personal_recover(claim, proof)
+      end
+
+      def claim_fields
+        %w[iat ext iss sub aud nbf tid]
+      end
+
+      def validate_claim_fields!(claim)
+        missing_fields = claim_fields - claim.keys
+        return true unless missing_fields.any?
+
+        message = "DID Token missing required fields: %s"
+        raise DIDTokenError, message % missing_fields.join(", ")
+      end
+
+      def validate_public_address!(rec_address, did_token)
+        return true if rec_address.eql? get_public_address(did_token)
+
+        message = "Signature mismatch between 'proof' and 'claim'."
+        raise DIDTokenError, message
+      end
+
+      def validate_claim_ext!(time, claim_ext)
+        return true unless time > claim_ext
+
+        message = "Given DID token has expired. Please generate a new one."
+        raise DIDTokenError, message
+      end
+
+      def apply_nbf_grace_period(claim_nbf)
+        claim_nbf - MagicAdmin::Config.nbf_grace_period
+      end
+
+      def validate_claim_nbf!(time, claim_nbf)
+        return true unless time < apply_nbf_grace_period(claim_nbf)
+
+        message = "Given DID token cannot be used at this time."
+        raise DIDTokenError, message
+      end
+
+    end
+  end
+end

data/lib/magic-admin/resource/user.rb

@@ -0,0 +1,130 @@
+# frozen_string_literal: true
+
+module MagicAdmin
+
+  module Resource
+
+    # The user resource and its methods are accessible
+    # on the Magic instance by the User attribute.
+    # It provides methods to interact with the User.
+    class User
+
+      # attribute reader for magic client object
+      attr_reader :magic
+
+      # The constructor allows you to create user object
+      # when your application interacting with the Magic API
+      #
+      # Arguments:
+      #   magic: A Magic object.
+      #
+      # Returns:
+      #   A user object that provides access to all the supported resources.
+      #
+      # Examples:
+      #   User.new(<magic>)
+      def initialize(magic)
+        @magic = magic
+      end
+
+      # Description:
+      #   Method Retrieves information about the user by
+      #   the supplied issuer
+      #
+      # Arguments:
+      #   issuer: Extracted iss component of DID Token generated by a Magic user
+      #     on the client-side.
+      #
+      # Returns:
+      #   Metadata information about the user
+      def get_metadata_by_issuer(issuer)
+        headers = MagicAdmin::Util.headers(magic.secret_key)
+        options = { params: { issuer: issuer }, headers: headers }
+        magic.http_client
+             .call(:get, "/v1/admin/auth/user/get", options)
+      end
+
+      # Description:
+      #   Method Retrieves information about the user by
+      #   the supplied public_address
+      #
+      # Arguments:
+      #   public_address: Extracted The user's Ethereum public address component
+      #     of DID Token generated by a Magic user on the client-side.
+      #
+      # Returns:
+      #   Metadata information about the user
+      def get_metadata_by_public_address(public_address)
+        issuer = token.construct_issuer_with_public_address(public_address)
+        get_metadata_by_issuer(issuer)
+      end
+
+      # Description:
+      #   Method Retrieves information about the user by
+      #   the supplied DID Token
+      #
+      # Arguments:
+      #   did_token: A DID Token generated by a Magic user on the client-side.
+      #
+      # Returns:
+      #   Metadata information about the user
+      def get_metadata_by_token(did_token)
+        issuer = token.get_issuer(did_token)
+        get_metadata_by_issuer(issuer)
+      end
+
+      # Description:
+      #   Method logs a user out of all Magic SDK sessions by
+      #   the supplied issuer
+      #
+      # Arguments:
+      #   issuer: Extracted iss component of DID Token generated by a Magic user
+      #     on the client-side.
+      #
+      # Returns:
+      #   Magic Response
+      def logout_by_issuer(issuer)
+        headers = MagicAdmin::Util.headers(magic.secret_key)
+        options = { params: { issuer: issuer }, headers: headers }
+        magic.http_client
+             .call(:post, "/v2/admin/auth/user/logout", options)
+      end
+
+      # Description:
+      #   Method logs a user out of all Magic SDK sessions by
+      #   the supplied public_address
+      #
+      # Arguments:
+      #   public_address: Extracted the user's Ethereum public address component
+      #   of DID Token generated by a Magic user on the client-side.
+      #
+      # Returns:
+      #   Magic Response
+      def logout_by_public_address(public_address)
+        issuer = token.construct_issuer_with_public_address(public_address)
+        logout_by_issuer(issuer)
+      end
+
+      # Description:
+      #   Method logs a user out of all Magic SDK sessions by
+      #   the supplied DID Token
+      #
+      # Arguments:
+      #   did_token: A DID Token generated by a Magic user on the client-side.
+      #
+      # Returns:
+      #   Magic Response
+      def logout_by_token(did_token)
+        issuer = token.get_issuer(did_token)
+        logout_by_issuer(issuer)
+      end
+
+      private
+
+      def token
+        magic.token
+      end
+
+    end
+  end
+end