ocean-rails 1.14.0

data/lib/generators/ocean_setup/templates/errors_controller.rb

@@ -0,0 +1,14 @@
+class ErrorsController < ApplicationController
+  
+  skip_before_action :require_x_api_token
+  skip_before_action :authorize_action
+  
+  
+  def show
+    @exception       = env['action_dispatch.exception']
+    @status_code     = ActionDispatch::ExceptionWrapper.new(env, @exception).status_code
+    #@rescue_response = ActionDispatch::ExceptionWrapper.rescue_responses[@exception.class.name]
+    render_api_error @status_code, @exception.message
+  end  
+  
+end

data/lib/generators/ocean_setup/templates/gitignore

@@ -0,0 +1,37 @@
+# See http://help.github.com/ignore-files/ for more about ignoring files.
+#
+# If you find yourself ignoring temporary files generated by your text editor
+# or operating system, you probably want to add a global ignore instead:
+#   git config --global core.excludesfile ~/.gitignore_global
+
+# Ignore bundler config
+/.bundle
+
+# Ignore the default SQLite database.
+/db/*.sqlite3
+
+# Ignore all logfiles and tempfiles.
+/log/*.log
+/tmp
+*.log
+
+# Mac OS X
+.DS_Store
+
+# Ignore backup files
+*~
+
+# Ignore RubyMine local workspace settings
+/.idea/workspace.xml
+
+# Ignore any SQLite files
+/db/*.sqlite3
+
+# Ignore coverage artefacts
+/coverage
+
+# Ignore the tailored config.yml file
+config/config.yml
+
+# Ignore the Tork config dir
+/.tork

data/lib/generators/ocean_setup/templates/hyperlinks.rb

@@ -0,0 +1,22 @@
+RSpec::Matchers.define :be_hyperlinked do |link, regex, type="application/json"|
+
+  match do |hyperlinks|
+    (@h = hyperlinks[link]) && 
+    (@h['href'] =~ regex) &&
+    (@h['type'] == type)
+  end
+
+
+  failure_message_for_should do |actual|
+    "expected the resource representation to " + description
+  end
+
+  description do
+    result = "have a '#{link}' hyperlink"
+    result += " containing '#{regex.source}' in the URI" unless @h['href'] =~ regex
+    result += " leading to a resource of type '#{type}' (was '#{@h['type']}')" unless @h['type'] == type
+    result
+  end
+
+
+end

data/lib/generators/ocean_setup/templates/ocean_constants.rb

@@ -0,0 +1,36 @@
+#
+# This file will be replaced by an auto-generated one in deployment.
+# YOU SHOULD NEVER CHANGE THE CONTENTS OF THIS FILE.
+#
+# Backend developers should never need to override the value here.
+# The reason for this is that when  developing services locally, 
+# their tests run in isolation with all external calls mocked away, 
+# and thus it doesn't matter what URLs a service generates when 
+# running tests locally on a developer's machine.
+#
+# If you're a frontend developer, however, the point of your testing
+# is to exercise the entire SOA and thus you need access to a
+# complete and fully functional system (which might or might not
+# make calls to partners' systems, such as for hotel bookings).
+# 
+# Thus, if you are a frontend developer, you override the string
+# constant here to reflect the Chef environment (master, staging)
+# you wish to run your local tests against by defining the environment
+# variable OVERRIDE_OCEAN_API_HOST.
+#
+# When TeamCity runs its tests, it will set these constants to values
+# appropriate for the Chef environment for which the tests are run.
+# Thus, TeamCity will always run master branch frontend tests against
+# the master Chef environment. However, you can run a personal build
+# and specify the OCEAN_API_HOST value as an environment param in the
+# build dialog.
+#
+
+OCEAN_API_HOST = (Rails.env == 'test' && "forbidden.#{BASE_DOMAIN}") ||
+                 (ENV['OVERRIDE_OCEAN_API_HOST'] || 
+                  ENV['OCEAN_API_HOST'] || 
+                  "master-api.#{BASE_DOMAIN}").sub("<default>", "master")
+                
+OCEAN_API_URL = "https://#{OCEAN_API_HOST}"
+
+INTERNAL_OCEAN_API_URL = OCEAN_API_URL.sub("https", "http").sub("api.", "lb.")

data/lib/generators/ocean_setup/templates/routes.rb

@@ -0,0 +1,8 @@
+<%= class_name %>::Application.routes.draw do
+
+  scope "v1" do
+  	# Put resource routes here
+
+  end
+
+end

data/lib/generators/ocean_setup/templates/spec_helper.rb

@@ -0,0 +1,47 @@
+require 'simplecov'
+SimpleCov.start do
+  add_filter "/vendor/"
+end
+
+# This file is copied to spec/ when you run 'rails generate rspec:install'
+ENV["RAILS_ENV"] ||= 'test'
+require File.expand_path("../../config/environment", __FILE__)
+require 'rspec/rails'
+require 'rspec/autorun'
+
+# Requires supporting ruby files with custom matchers and macros, etc,
+# in spec/support/ and its subdirectories.
+Dir[Rails.root.join("spec/support/**/*.rb")].each {|f| require f}
+
+RSpec.configure do |config|
+  # ## Mock Framework
+  #
+  # If you prefer to use mocha, flexmock or RR, uncomment the appropriate line:
+  #
+  # config.mock_with :mocha
+  # config.mock_with :flexmock
+  # config.mock_with :rr
+
+  # Remove this line if you're not using ActiveRecord or ActiveRecord fixtures
+  #config.fixture_path = "#{::Rails.root}/spec/fixtures"
+
+  # If you're not using ActiveRecord, or you'd prefer not to run each of your
+  # examples within a transaction, remove the following line or assign false
+  # instead of true.
+  config.use_transactional_fixtures = true
+
+  # If true, the base class of anonymous controllers will be inferred
+  # automatically. This will be the default behavior in future versions of
+  # rspec-rails.
+  config.infer_base_class_for_anonymous_controllers = false
+
+  # Run specs in random order to surface order dependencies. If you find an
+  # order dependency and want to debug it, you can fix the order by providing
+  # the seed, which is printed after each run.
+  #     --seed 1234
+  config.order = "random"
+  
+  # Make "FactoryGirl" superfluous
+  config.include FactoryGirl::Syntax::Methods
+end
+

data/lib/generators/ocean_setup/templates/zeromq_logger.rb

@@ -0,0 +1,15 @@
+
+if Rails.env == 'production'
+
+  # Use a different logger for distributed setups
+  Rails.logger = ActiveSupport::TaggedLogging.new(ZeromqLogger.new)
+  Rails.logger.level = Logger::INFO
+  Rails.logger.log_tags = []
+
+  # Announce us
+  Rails.logger.info "Initialising"
+
+  # Make sure we log our exit
+  at_exit { Rails.logger.info "Exiting" }
+
+end

data/lib/ocean-rails.rb

@@ -0,0 +1,38 @@
+require "ocean/api"
+require "ocean/api_resource"
+require "ocean/ocean_resource_model" if defined? ActiveRecord
+require "ocean/ocean_resource_controller" if defined? ActionController
+require "ocean/ocean_application_controller"
+require "ocean/zero_log"
+require "ocean/zeromq_logger"
+require "ocean/selective_rack_logger"
+require "ocean/flooding"
+
+INVALIDATE_MEMBER_DEFAULT =     ["($|/|\\?)"]
+INVALIDATE_COLLECTION_DEFAULT = ["($|\\?)"]
+
+module Ocean
+  class Railtie < Rails::Railtie
+    # Silence the /alive action
+    initializer "ocean.swap_logging_middleware" do |app|
+      app.middleware.swap Rails::Rack::Logger, SelectiveRackLogger
+    end
+    # Make sure the generators use the gem's templates first
+    config.app_generators do |g|
+      g.templates.unshift File::expand_path('../templates', __FILE__)
+    end 
+  end
+end
+
+
+#
+# For stubbing authorisation calls in RSpec
+#
+def permit_with(status, user_id: 123, creator_uri: "https://api.example.com/v1/api_users/#{user_id}")
+  Api.stub(:permitted?).
+    and_return(double(:status => status, 
+                      :body => {'authentication' => 
+                                 {'user_id' => user_id,
+                                  '_links' => { 'creator' => {'href' => creator_uri,
+                                                              'type' => 'application/json'}}}}))
+end

data/lib/ocean/api.rb

@@ -0,0 +1,263 @@
+#
+# We need to monkey-patch Faraday to pull off PURGE and BAN
+#
+require 'faraday'
+require 'faraday_middleware'
+
+module Faraday #:nodoc: all
+  class Connection
+
+    METHODS << :purge
+    METHODS << :ban
+
+    # purge/ban(url, params, headers)
+    %w[purge ban].each do |method|
+      class_eval <<-RUBY, __FILE__, __LINE__ + 1
+        def #{method}(url = nil, params = nil, headers = nil)
+          run_request(:#{method}, url, nil, headers) { |request|
+            request.params.update(params) if params
+            yield request if block_given?
+          }
+        end
+      RUBY
+    end
+
+  end
+end
+
+
+#
+# This class encapsulates all logic for calling other API services.
+#
+class Api
+  
+  #
+  # When given a symbol or string naming a resource, returns a string 
+  # such as +v1+ naming the latest version for the resource.
+  #
+  def self.version_for(resource_name)
+    API_VERSIONS[resource_name.to_s] || API_VERSIONS['_default']
+  end
+  
+  #
+  # Given that this service has authenticated successfully with the Auth service,
+  # returns the token returned as part of the authentication response.
+  #
+  def self.token
+    @token
+  end
+      
+  
+  #
+  # Makes a HTTP request to +host_url+ using the HTTP method +method+. The +resource_name+
+  # is used to obtain the latest version string of the resource. The arg +path+ is the
+  # local path, +args+ is a hash of query args, and +headers+ a hash of extra HTTP headers.
+  #
+  # Returns the response in its entirety so that the caller can examine its status and body.
+  #
+  def self.call(host_url, http_method, resource_name, path, args={}, headers={})
+    # Set up the connection parameters
+    conn = Faraday.new(host_url) do |c|
+      c.response :json, :content_type => /\bjson$/    # Convert the response body to JSON
+      c.adapter Faraday.default_adapter               # Use net-http
+    end
+    api_version = version_for resource_name
+    path = "/#{api_version}#{path}"
+    # Make the call. TODO: retries?
+    response = conn.send(http_method, path, args, headers) do |request|
+      request.headers['Accept'] = 'application/json'
+      request.headers['Content-Type'] = 'application/json'
+    end
+    response
+  end
+  
+  #
+  # Convenience method to make an internal GET request to the Ocean Api. The +resource_name+
+  # is used to obtain the latest version string of the resource. The arg +path+ is the
+  # local path, +args+ is a hash of query args, and +headers+ a hash of extra HTTP headers.
+  #
+  # Returns the response in its entirety so that the caller can examine its status and body.
+  #
+  #
+  def self.get(*args)    call(INTERNAL_OCEAN_API_URL, :get, *args);    end
+
+  #
+  # Convenience method to make an internal POST request to the Ocean Api. The +resource_name+
+  # is used to obtain the latest version string of the resource. The arg +path+ is the
+  # local path, +args+ is a hash of query args, and +headers+ a hash of extra HTTP headers.
+  #
+  # Returns the response in its entirety so that the caller can examine its status and body.
+  #
+  #
+  def self.post(*args)   call(INTERNAL_OCEAN_API_URL, :post, *args);   end
+
+  #
+  # Convenience method to make an internal PUT request to the Ocean Api. The +resource_name+
+  # is used to obtain the latest version string of the resource. The arg +path+ is the
+  # local path, +args+ is a hash of query args, and +headers+ a hash of extra HTTP headers.
+  #
+  # Returns the response in its entirety so that the caller can examine its status and body.
+  #
+  #
+  def self.put(*args)    call(INTERNAL_OCEAN_API_URL, :put, *args);    end
+
+  #
+  # Convenience method to make an internal DELETE request to the Ocean Api. The +resource_name+
+  # is used to obtain the latest version string of the resource. The arg +path+ is the
+  # local path, +args+ is a hash of query args, and +headers+ a hash of extra HTTP headers.
+  #
+  # Returns the response in its entirety so that the caller can examine its status and body.
+  #
+  #
+  def self.delete(*args) call(INTERNAL_OCEAN_API_URL, :delete, *args); end
+
+
+  #
+  # Like Api.call, but makes the requests in parallel. (Parallel calls not implemented yet.)
+  #
+  def self.call_p(url, http_method, path, args={}, headers={})
+    conn = Faraday.new(url) do |c|
+      c.adapter Faraday.default_adapter               # Use net-http
+    end
+    conn.send(http_method, path, args, headers)
+  end
+
+  #
+  # Makes an internal PURGE call to all Varnish instances. The call is made in parallel.
+  # Varnish will only accept PURGE requests coming from the local network.
+  #
+  def self.purge(*args)  
+    LOAD_BALANCERS.each do |host| 
+      call_p("http://#{host}", :purge, *args)
+    end
+  end
+
+  #
+  # Makes an internal BAN call to all Varnish instances. The call is made in parallel.
+  # Varnish will only accept PURGE requests coming from the local network.
+  #
+  def self.ban(path)     
+    LOAD_BALANCERS.each do |host| 
+      call_p("http://#{host}", :ban, path)
+    end
+  end
+
+  
+  #
+  # Authenticates against the Auth service (which must be deployed and running) with
+  # a given +username+ and +password+. If successful, the authentication token is returned. The
+  # token is also assigned to the instance variable @token. If not successful, +nil+ is returned.
+  #
+  def self.authenticate(username=API_USER, password=API_PASSWORD)
+    response = Api.post(:auth, "/authentications", nil, 
+                               {'X-API-Authenticate' => encode_credentials(username, password)})
+    case response.status
+    when 201
+      @token = response.body['authentication']['token']
+    when 400
+      # Malformed credentials. Don't repeat the request.
+      nil
+    when 403
+      # Does not authenticate. Don't repeat the request.
+      nil 
+    when 500
+      # Error. Don't repeat. 
+      nil   
+    else
+      # Should never end up here.
+      raise "Authentication weirdness"
+    end
+  end
+  
+
+  #
+  # Encodes a username and password for authentication in the format used for standard HTTP 
+  # authentication. The encoding can be reversed and is intended only to lightly mask the
+  # credentials so that they're not immediately apparent when reading logs.
+  #
+  def self.encode_credentials(username, password)
+    ::Base64.strict_encode64 "#{username}:#{password}"
+  end
+  
+  #
+  # Takes encoded credentials (e.g. by Api.encode_credentials) and returns a two-element array
+  # where the first element is the username and the second is the password. If the encoded
+  # credentials are missing or can't be decoded properly, ["", ""] is returned. This allows
+  # you to write:
+  #   
+  #   un, pw = Api.decode_credentials(creds)
+  #   raise "Please supply your username and password" if un.blank? || pw.blank?
+  #
+  def self.decode_credentials(encoded)
+    return ["", ""] unless encoded
+    username, password = ::Base64.decode64(encoded).split(':', 2)
+    [username || "", password || ""]
+  end
+  
+  #
+  # Performs authorisation against the Auth service. The +token+ must be a token received as a 
+  # result of a prior authentication operation. The args should be in the form
+  #
+  #   query: "service:controller:hyperlink:verb:app:context"
+  #
+  # e.g.
+  #
+  #   Api.permitted?(@token, query: "cms:texts:self:GET:*:*")
+  #
+  # Api.authorization_string can be used to produce the query string.
+  # 
+  # Returns the HTTP response as-is, allowing the caller to examine the status code and
+  # messages, and also the body.
+  #
+  def self.permitted?(token, args={})
+    raise unless token
+    response = Api.get(:auth, "/authentications/#{token}", args)
+    response
+  end  
+
+
+  #
+  # Returns an authorisation string suitable for use in calls to Api.permitted?. 
+  # The +extra_actions+ arg holds the extra actions as defined in the Ocean controller; it must
+  # be included here so that actions can be mapped to the proper hyperlink and verb.
+  # The +controller+ and +action+ args are mandatory. The +app+ and +context+ args are optional and will
+  # default to "*". The last arg, +service+, defaults to the name of the service itself.
+  #
+  def self.authorization_string(extra_actions, controller, action, app="*", context="*", service=APP_NAME)
+    app = '*' if app.blank?
+    context = '*' if context.blank?
+    hyperlink, verb = Api.map_authorization(extra_actions, controller, action)
+    "#{service}:#{controller}:#{hyperlink}:#{verb}:#{app}:#{context}"
+  end
+
+
+  #
+  # These are the default controller actions. The purpose of this constant is to map action
+  # names to hyperlink and HTTP method (for authorisation purposes). Don't be alarmed by the
+  # non-standard GET* - it's purely symbolic and is never used as an actual HTTP method. 
+  # We need it to differentiate between a GET of a member and a GET of a collection of members. 
+  # The +extra_actions+ keyword in +ocean_resource_controller+ follows the same format.
+  #
+  DEFAULT_ACTIONS = {
+    'show' =>    ['self', 'GET'],
+    'index' =>   ['self', 'GET*'],
+    'create' =>  ['self', 'POST'],
+    'update' =>  ['self', 'PUT'],
+    'destroy' => ['self', 'DELETE'],
+    'connect' =>    ['connect', 'PUT'],
+    'disconnect' => ['connect', 'DELETE']
+  }
+
+  #
+  # Returns the hyperlink and HTTP method to use for an +action+ in a certain +controller+.
+  # First, the +DEFAULT_ACTIONS+ are searched, then any extra actions defined for the
+  # controller. Raises an exception if the action can't be found.
+  #
+  def self.map_authorization(extra_actions, controller, action)
+    DEFAULT_ACTIONS[action] ||
+    extra_actions[controller][action] ||
+    raise #"The #{controller} lacks an extra_action declaration for #{action}"
+  end
+
+
+end