private_pub 0.1.0 → 0.2.0

data/CHANGELOG.rdoc

@@ -1,3 +1,12 @@
+0.2.0 (April 7, 2011)
+
+* switched to YAML file for config. BACKWARDS INCOMPATIBLE: you will need to remove config/initializers/private_pub.rb
+
+* moved view helpers into Railtie so helper file is no longer generated
+
+* error out when signature has expired
+
+
 0.1.0 (April 4, 2011)
 
 * initial release

data/LICENSE

@@ -0,0 +1,20 @@
+Copyright (c) 2011 Ryan Bates
+ 
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+ 
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+ 
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.rdoc

@@ -1,6 +1,8 @@
 = Private Pub
 
-This is a Ruby gem for use with Rails to publish and subscribe to messages through a separate server such as {Faye}[http://faye.jcoglan.com/]. All channels are automatically made private.
+This is a Ruby gem for use with Rails to publish and subscribe to messages through {Faye}[http://faye.jcoglan.com/]. All channels are automatically made private.
+
+This project was motivated by {Railscasts episode #260}[http://railscasts.com/episodes/260-messaging-with-faye].
 
 
 == Setup
@@ -22,7 +24,7 @@ Next, install and start up Faye using the rackup file that was generated.
   gem install faye
   rackup faye.ru -s thin -E production
 
-It's not necessary to add the faye.js since that will be handled automatically.
+It's not necessary to include faye.js since that will be handled automatically.
 
 
 == Usage
@@ -31,13 +33,13 @@ Use the +subscribe_to+ helper method on any page to subscribe to a channel.
 
   <%= subscribe_to "/messages/new" %>
 
-Use the +publish_to+ helper method to publish messages to that channel. If a block of JavaScript is passed it will be evaluated automatically. This is usually done through a JavaScript AJAX response.
+Use the +publish_to+ helper method to publish messages to that channel. If a block of JavaScript is passed it will be evaluated automatically. This is usually done in a JavaScript AJAX response (such as a <tt>create.js.erb</tt> file).
 
   <% publish_to "/messages/new" do %>
     $("#chat").append("<%= escape_javascript render(@messages) %>");
   <% end %>
 
-There will be alternative ways to publish/subscribe to messages in the future.
+There will be alternative ways to publish/subscribe to channels in the future.
 
 
 == Security
@@ -48,8 +50,17 @@ Here's how it works. The +subscribe_to+ helper will output an element containing
 
   <span class="private_pub_subscription" data-channel="/messages/new" data-signature="2aae6c35c94fcfb415dbe95f408b9ce91ee846ed" data-timestamp="13019431281234"></span>
 
-The data-signature is a combination of the channel, timestamp, and secret token set in the Rails app. This is checked by the Faye extension when subscribing to a channel to ensure the signature is correct. The signature is automatically expired after 1 hour but this can be configured.
+The data-signature is a combination of the channel, timestamp, and secret token set in the Rails app. This is checked by the Faye extension when subscribing to a channel to ensure the signature is correct. The signature is automatically expired after 1 hour but this can be configured in the generated YAML file.
+
+  signature_expiration: 600 # 10 minutes, expressed in seconds
+
+Or use a blank value for no expiration.
+
+  signature_expiration:
+
+Note: if Faye is on a separate server from the Rails app it's important that the system clocks be in sync.
+
 
-  PrivatePub.signature_expiration = 10.minutes
+== Development & Feedback
 
-Or +nil+ for no expiration. Note: if Faye is on a separate server from the Rails app it's important that the time is in sync.
+Questions or comments? Please use the {issue tracker}[https://github.com/ryanb/private_pub/issues]. If you would like to contribue to this project, clone this repository and run +bundle+ and +rake+ to run the tests.

data/lib/generators/private_pub/install_generator.rb

@@ -1,4 +1,4 @@
-class PrivatePub
+module PrivatePub
   module Generators
     class InstallGenerator < Rails::Generators::Base
       def self.source_root
@@ -6,8 +6,9 @@ class PrivatePub
       end
 
       def copy_files
-        template "private_pub_initializer.rb", "config/initializers/private_pub.rb"
-        copy_file "private_pub_helper.rb", "app/helpers/private_pub_helper.rb"
+        remove_file "config/initializers/private_pub.rb"
+        remove_file "app/helpers/private_pub_helper.rb"
+        template "private_pub.yml", "config/private_pub.yml"
         copy_file "private_pub.js", "public/javascripts/private_pub.js"
         copy_file "faye.ru", "faye.ru"
       end

data/lib/generators/private_pub/templates/faye.ru

@@ -1,7 +1,12 @@
+# Run with: rackup faye.ru -s thin -E production
+require "yaml"
 require "faye"
-require "private_pub"
-require File.expand_path("../config/initializers/private_pub.rb", __FILE__)
+begin
+  require "private_pub"
+rescue LoadError
+  require "bundler/setup"
+  require "private_pub"
+end
 
-faye_server = Faye::RackAdapter.new(:mount => '/faye', :timeout => 45)
-faye_server.add_extension(PrivatePub.faye_extension)
-run faye_server
+PrivatePub.load_config(File.expand_path("../config/private_pub.yml", __FILE__), ENV["RAILS_ENV"] || "development")
+run Faye::RackAdapter.new(:mount => "/faye", :timeout => 45, :extensions => [PrivatePub.faye_extension])

data/lib/generators/private_pub/templates/private_pub.yml

@@ -0,0 +1,9 @@
+development:
+  server: "http://localhost:9292/faye"
+  secret_token: "secret"
+test:
+  server: "http://localhost:9292/faye"
+  secret_token: "secret"
+production:
+  server: "http://example.com/faye"
+  secret_token: "<%= ActiveSupport::SecureRandom.hex(32) %>"

data/lib/private_pub/faye_extension.rb

@@ -1,4 +1,4 @@
-class PrivatePub
+module PrivatePub
   class FayeExtension
     def incoming(message, callback)
       if message["channel"] == "/meta/subscribe"
@@ -15,13 +15,15 @@ class PrivatePub
       subscription = PrivatePub.subscription(:channel => message["subscription"], :timestamp => message["ext"]["private_pub_timestamp"])
       if message["ext"]["private_pub_signature"] != subscription[:signature]
         message["error"] = "Incorrect signature."
+      elsif PrivatePub.signature_expired? message["ext"]["private_pub_timestamp"].to_i
+        message["error"] = "Signature has expired."
       end
     end
 
     def authenticate_publish(message)
-      if PrivatePub.secret_token.nil?
-        raise Error, "No token set in PrivatePub.secret_token, set this to match the token used in the web app."
-      elsif message["ext"]["private_pub_token"] != PrivatePub.secret_token
+      if PrivatePub.config[:secret_token].nil?
+        raise Error, "No secret_token config set, ensure private_pub.yml is loaded properly."
+      elsif message["ext"]["private_pub_token"] != PrivatePub.config[:secret_token]
         message["error"] = "Incorrect token."
       end
     end

data/lib/private_pub/railtie.rb

@@ -0,0 +1,14 @@
+require "private_pub/view_helpers"
+
+module PrivatePub
+  class Railtie < Rails::Railtie
+    initializer "private_pub.config" do
+      path = Rails.root.join("config/private_pub.yml")
+      PrivatePub.load_config(path, Rails.env) if path.exist?
+    end
+
+    initializer "private_pub.view_helpers" do
+      ActionView::Base.send :include, ViewHelpers
+    end
+  end
+end

data/lib/private_pub/view_helpers.rb

@@ -0,0 +1,17 @@
+module PrivatePub
+  module ViewHelpers
+    def publish_to(channel, &block)
+      message = {:channel => channel, :data => {:_eval => capture(&block)}, :ext => {:private_pub_token => PrivatePub.config[:secret_token]}}
+      PrivatePub.publish(:message => message.to_json)
+    end
+
+    def subscribe_to(channel)
+      subscription = PrivatePub.subscription(:channel => channel)
+      content_tag :span, "", :class => "private_pub_subscription",
+        "data-server" => PrivatePub.config[:server],
+        "data-channel" => subscription[:channel],
+        "data-signature" => subscription[:signature],
+        "data-timestamp" => subscription[:timestamp]
+    end
+  end
+end

data/lib/private_pub.rb

@@ -2,34 +2,13 @@ require "digest/sha1"
 require "net/http"
 
 require "private_pub/faye_extension"
+require "private_pub/railtie" if defined? Rails
 
-class PrivatePub
+module PrivatePub
   class Error < StandardError; end
 
   class << self
-    def server=(server)
-      @config[:server] = server
-    end
-
-    def server
-      @config[:server]
-    end
-
-    def signature_expiration=(signature_expiration)
-      @config[:signature_expiration] = signature_expiration
-    end
-
-    def signature_expiration
-      @config[:signature_expiration]
-    end
-
-    def secret_token=(secret_token)
-      @config[:secret_token] = secret_token
-    end
-
-    def secret_token
-      @config[:secret_token]
-    end
+    attr_reader :config
 
     def reset_config
       @config = {
@@ -38,19 +17,29 @@ class PrivatePub
       }
     end
 
+    def load_config(filename, environment)
+      yaml = YAML.load_file(filename)[environment.to_s]
+      raise ArgumentError, "The #{environment} environment does not exist in #{filename}" if yaml.nil?
+      yaml.each { |k, v| config[k.to_sym] = v }
+    end
+
     def subscription(options = {})
       sub = {:timestamp => (Time.now.to_f * 1000).round}.merge(options)
-      sub[:signature] = Digest::SHA1.hexdigest([secret_token, sub[:channel], sub[:timestamp]].join)
+      sub[:signature] = Digest::SHA1.hexdigest([config[:secret_token], sub[:channel], sub[:timestamp]].join)
       sub
     end
 
     def publish(data)
-      Net::HTTP.post_form(URI.parse(PrivatePub.server), data)
+      Net::HTTP.post_form(URI.parse(config[:server]), data)
     end
 
     def faye_extension
       FayeExtension.new
     end
+
+    def signature_expired?(timestamp)
+      timestamp < ((Time.now.to_f - config[:signature_expiration])*1000).round if config[:signature_expiration]
+    end
   end
 
   reset_config

data/spec/fixtures/private_pub.yml

@@ -0,0 +1,10 @@
+development:
+  server: http://dev.local:9292/faye
+  secret_token: DEVELOPMENT_SECRET_TOKEN
+  signature_expiration: 600
+production:
+  server: http://example.com/faye
+  secret_token: PRODUCTION_SECRET_TOKEN
+  signature_expiration: 600
+no_signature_expiration:
+  signature_expiration:

data/spec/private_pub/faye_extension_spec.rb

@@ -16,7 +16,7 @@ describe PrivatePub::FayeExtension do
   end
 
   it "has no error when the signature matches the subscription" do
-    sub = PrivatePub.subscription(:timestamp => 123, :channel => "hello")
+    sub = PrivatePub.subscription(:channel => "hello")
     @message["subscription"] = sub[:channel]
     @message["ext"]["private_pub_signature"] = sub[:signature]
     @message["ext"]["private_pub_timestamp"] = sub[:timestamp]
@@ -24,8 +24,17 @@ describe PrivatePub::FayeExtension do
     message["error"].should be_nil
   end
 
+  it "has an error when signature is just expired" do
+    sub = PrivatePub.subscription(:timestamp => 123, :channel => "hello")
+    @message["subscription"] = sub[:channel]
+    @message["ext"]["private_pub_signature"] = sub[:signature]
+    @message["ext"]["private_pub_timestamp"] = sub[:timestamp]
+    message = @faye.incoming(@message, lambda { |m| m })
+    message["error"].should == "Signature has expired."
+  end
+
   it "has an error when trying to publish to a custom channel with a bad token" do
-    PrivatePub.secret_token = "good"
+    PrivatePub.config[:secret_token] = "good"
     @message["channel"] = "/custom/channel"
     @message["ext"]["private_pub_token"] = "bad"
     message = @faye.incoming(@message, lambda { |m| m })
@@ -37,7 +46,7 @@ describe PrivatePub::FayeExtension do
     @message["ext"]["private_pub_token"] = "bad"
     lambda {
       message = @faye.incoming(@message, lambda { |m| m })
-    }.should raise_error("No token set in PrivatePub.secret_token, set this to match the token used in the web app.")
+    }.should raise_error("No secret_token config set, ensure private_pub.yml is loaded properly.")
   end
 
   it "has no error on other meta calls" do

data/spec/private_pub_spec.rb

@@ -5,21 +5,12 @@ describe PrivatePub do
     PrivatePub.reset_config
   end
 
-  it "has secret token, server, and signature expiration settings" do
-    PrivatePub.secret_token = "secret token"
-    PrivatePub.secret_token.should == "secret token"
-    PrivatePub.server = "http://localhost/"
-    PrivatePub.server.should == "http://localhost/"
-    PrivatePub.signature_expiration = 1000
-    PrivatePub.signature_expiration.should == 1000
-  end
-
   it "defaults server to localhost:9292/faye" do
-    PrivatePub.server.should == "http://localhost:9292/faye"
+    PrivatePub.config[:server].should == "http://localhost:9292/faye"
   end
 
   it "defaults signature_expiration to 1 hour" do
-    PrivatePub.signature_expiration.should == 60 * 60
+    PrivatePub.config[:signature_expiration].should == 60 * 60
   end
 
   it "defaults subscription timestamp to current time in milliseconds" do
@@ -28,6 +19,24 @@ describe PrivatePub do
     PrivatePub.subscription[:timestamp].should == (time.to_f * 1000).round
   end
 
+  it "loads a simple configuration file via load_config" do
+    PrivatePub.load_config("spec/fixtures/private_pub.yml", "production")
+    PrivatePub.config[:server].should == "http://example.com/faye"
+    PrivatePub.config[:secret_token].should == "PRODUCTION_SECRET_TOKEN"
+    PrivatePub.config[:signature_expiration].should == 600
+  end
+
+  it "supports a nil signature_expiration via a blank value in the configuration file" do
+    PrivatePub.load_config("spec/fixtures/private_pub.yml", :no_signature_expiration)
+    PrivatePub.config[:signature_expiration].should be_nil
+  end
+
+  it "raises an exception if an invalid environment is passed to load_config" do
+    lambda {
+      PrivatePub.load_config("spec/fixtures/private_pub.yml", :test)
+    }.should raise_error ArgumentError
+  end
+
   it "includes channel and custom time in subscription" do
     subscription = PrivatePub.subscription(:timestamp => 123, :channel => "hello")
     subscription[:timestamp].should == 123
@@ -35,17 +44,34 @@ describe PrivatePub do
   end
 
   it "does a sha1 digest of channel, timestamp, and secret token" do
-    PrivatePub.secret_token = "token"
+    PrivatePub.config[:secret_token] = "token"
     subscription = PrivatePub.subscription(:timestamp => 123, :channel => "channel")
     subscription[:signature].should == Digest::SHA1.hexdigest("tokenchannel123")
   end
 
   it "publishes to server using Net::HTTP" do
-    Net::HTTP.should_receive(:post_form).with(URI.parse(PrivatePub.server), "hello world").and_return(:result)
+    Net::HTTP.should_receive(:post_form).with(URI.parse(PrivatePub.config[:server]), "hello world").and_return(:result)
     PrivatePub.publish("hello world").should == :result
   end
 
   it "has a FayeExtension instance" do
     PrivatePub.faye_extension.should be_kind_of(PrivatePub::FayeExtension)
   end
+
+  it "says signature has expired when time passed in is greater than expiration" do
+    PrivatePub.config[:signature_expiration] = 30*60
+    time = PrivatePub.subscription[:timestamp] - 31*60*1000
+    PrivatePub.signature_expired?(time).should be_true
+  end
+
+  it "says signature has not expired when time passed in is less than expiration" do
+    PrivatePub.config[:signature_expiration] = 30*60
+    time = PrivatePub.subscription[:timestamp] - 29*60*1000
+    PrivatePub.signature_expired?(time).should be_false
+  end
+
+  it "says signature has not expired when expiration is nil" do
+    PrivatePub.config[:signature_expiration] = nil
+    PrivatePub.signature_expired?(0).should be_false
+  end
 end

metadata

@@ -2,7 +2,7 @@
 name: private_pub
 version: !ruby/object:Gem::Version 
   prerelease: 
-  version: 0.1.0
+  version: 0.2.0
 platform: ruby
 authors: 
 - Ryan Bates
@@ -10,7 +10,7 @@ autorequire:
 bindir: bin
 cert_chain: []
 
-date: 2011-04-04 00:00:00 -07:00
+date: 2011-04-07 00:00:00 -07:00
 default_executable: 
 dependencies: 
 - !ruby/object:Gem::Dependency 
@@ -36,15 +36,18 @@ files:
 - lib/generators/private_pub/install_generator.rb
 - lib/generators/private_pub/templates/faye.ru
 - lib/generators/private_pub/templates/private_pub.js
-- lib/generators/private_pub/templates/private_pub_helper.rb
-- lib/generators/private_pub/templates/private_pub_initializer.rb
+- lib/generators/private_pub/templates/private_pub.yml
 - lib/private_pub/faye_extension.rb
+- lib/private_pub/railtie.rb
+- lib/private_pub/view_helpers.rb
 - lib/private_pub.rb
+- spec/fixtures/private_pub.yml
 - spec/private_pub/faye_extension_spec.rb
 - spec/private_pub_spec.rb
 - spec/spec_helper.rb
 - CHANGELOG.rdoc
 - Gemfile
+- LICENSE
 - Rakefile
 - README.rdoc
 has_rdoc: true

data/lib/generators/private_pub/templates/private_pub_helper.rb

@@ -1,15 +0,0 @@
-module PrivatePubHelper
-  def publish_to(channel, &block)
-    message = {:channel => channel, :data => {:_eval => capture(&block)}, :ext => {:private_pub_token => PrivatePub.secret_token}}
-    PrivatePub.publish(:message => message.to_json)
-  end
-
-  def subscribe_to(channel)
-    subscription = PrivatePub.subscription(:channel => channel)
-    content_tag :span, "", :class => "private_pub_subscription",
-      "data-server" => PrivatePub.server,
-      "data-channel" => subscription[:channel],
-      "data-signature" => subscription[:signature],
-      "data-timestamp" => subscription[:timestamp]
-  end
-end

data/lib/generators/private_pub/templates/private_pub_initializer.rb

@@ -1,2 +0,0 @@
-PrivatePub.server = "http://localhost:9292/faye"
-PrivatePub.secret_token = "<%= ActiveSupport::SecureRandom.hex(32) %>"