RubyGems - prove_keybase - Versions diffs - 0.1.0 - Mend

prove_keybase 0.1.0

Files changed (30) hide show

checksums.yaml +7 -0
data/LICENSE +27 -0
data/README.md +67 -0
data/Rakefile +28 -0
data/app/controllers/prove_keybase/api_v1_proofs_controller.rb +9 -0
data/app/controllers/prove_keybase/config_controller.rb +5 -0
data/app/controllers/prove_keybase/keybase_base_controller.rb +36 -0
data/app/controllers/prove_keybase/proofs_controller.rb +45 -0
data/app/jobs/prove_keybase/base_job.rb +2 -0
data/app/jobs/prove_keybase/update_from_keybase_job.rb +11 -0
data/app/models/prove_keybase/base_record.rb +3 -0
data/app/models/prove_keybase/keybase_proof.rb +22 -0
data/app/models/prove_keybase/serializable_user.rb +9 -0
data/app/serializers/prove_keybase/config_serializer.rb +55 -0
data/app/serializers/prove_keybase/user_serializer.rb +12 -0
data/app/views/prove_keybase/proofs/new.html.erb +18 -0
data/config/routes.rb +5 -0
data/lib/generators/prove_keybase/USAGE +9 -0
data/lib/generators/prove_keybase/prove_keybase_generator.rb +13 -0
data/lib/generators/prove_keybase/templates/initializer.rb +54 -0
data/lib/generators/prove_keybase/templates/migration.rb +19 -0
data/lib/prove_keybase.rb +15 -0
data/lib/prove_keybase/configuration.rb +29 -0
data/lib/prove_keybase/engine.rb +9 -0
data/lib/prove_keybase/is_keybase_provable.rb +14 -0
data/lib/prove_keybase/keybase_adapter.rb +78 -0
data/lib/prove_keybase/keybase_client.rb +38 -0
data/lib/prove_keybase/version.rb +5 -0
data/lib/tasks/prove_keybase_tasks.rake +7 -0
metadata +183 -0

checksums.yaml ADDED

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: 98de567e2e93c7858d52f3ddc970d034353a0222666537e2148403d9929a2d23
+  data.tar.gz: b19bb531849068ecc423ea074c5b6c35957551133dafa147a5a034779830a978
+SHA512:
+  metadata.gz: 7504350b2e10e01a0136c765a34e32b01e51d3aeef0b51a5fd42bccdab0dbc519aa596a3f832a01df5207732904e1a728c1398a0a5cc7be9336a73f4cfba37cf
+  data.tar.gz: 00db06417b4fb949fce1d6a0324c0882190f132aa2697b8c41d9b2524c3ffd195bfc52d149a2fe8f34045cf5c7329fdf5e844314149941f10cb1f6807a6e1645

data/LICENSE ADDED

@@ -0,0 +1,27 @@
+Copyright (c) 2019, Keybase
+All rights reserved.
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions are met:
+* Redistributions of source code must retain the above copyright notice, this
+  list of conditions and the following disclaimer.
+* Redistributions in binary form must reproduce the above copyright notice,
+  this list of conditions and the following disclaimer in the documentation
+  and/or other materials provided with the distribution.
+* Neither the name of Keybase nor the names of its
+  contributors may be used to endorse or promote products derived from
+  this software without specific prior written permission.
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
+FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

data/README.md ADDED

@@ -0,0 +1,67 @@
+# ProveKeybase
+[![Travis CI](https://travis-ci.org/keybase/prove_keybase.svg?branch=master)](https://travis-ci.org/keybase/prove_keybase)
+This is a drop-in implementation of Keybase's open proof protocol for Ruby on Rails. Here is a generic [implementation guide](https://keybase.io/docs/proof_integration_guide) and [announcement](https://keybase.io/blog/keybase-proofs-for-mastodon-and-everyone) for the protocol.
+## Installation
+This documentation assumes that `User` is the model and table off of which `keybase_proofs` will hang. If this is not the case for your app, just replace accordingly.
+1. Add the gem and `bundle install`
+```ruby
+gem 'prove_keybase'
+```
+2. Run the generator to create the migration for a new table and an initializer file.
+```bash
+bundle exec rails generate prove_keybase install
+```
+3. Edit those two files for your site details. The comments in those files will guide you through it.
+4. Add `is_keybase_provable` to your User model like this:
+```ruby
+class User < ApplicationRecord
+  is_keybase_provable
+end
+```
+5. Add the engine to your routes file like this:
+```ruby
+mount ProveKeybase::Engine => "/prove_keybase"
+```
+6. Override some of the behavior to customize. This step is not optional. See below.
+7. Validate your hosted config against Keybase to see if everything is pulling through correctly:
+```bash
+curl https://keybase.io/_/api/1.0/validate_proof_config.json\?config_url\=https://#{YOUR-SITE.COM}/prove_keybase/config.json
+> {"status":{"code":0,"name":"OK"}}
+```
+8. Add keybase proofs to your users' profiles. [Here](spec/dummy/app/views/users/show.html.erb) is an ugly example of this in the dummy app. You can also check out how this looks on other sites that have implemented the protocol.
+9. Send a keybase chat message to `@xgess` or `@mlsteele` to validate and flip on the integration from the Keybase side. If you message before this point, one of them can also help you test the whole thing end-to-end.
+## Overrides
+### Definitely do this
+First and foremost, the view template to create a new proof is ugly as sin. This is intentional. Please make it look and feel like it's part of your site, which it is. For an example of how to do this, [here](app/views/prove_keybase/proofs/new.html.erb) is the view you need to override, and [here](spec/dummy/app/views/prove_keybase/proofs/new.html.erb) it is being overridden in the dummy app.
+### Consider doing this
+A lot of the controller behavior, especially around handling authentication, is constructed in this gem with subclassing / method-overriding in mind. Take a look at the [KeybaseBaseController](app/controllers/prove_keybase/keybase_base_controller.rb). All of these methods _can_ (and some _should_) be overridden. The dummy app has an example of this [here](spec/dummy/app/controllers/keybase_base_controller.rb).
+## Keeping data up-to-date
+It's always possible for a user to revoke their proof in Keybase. To ensure that your site is not linking to a broken proof, we have a couple of suggestions. The behavior that checks Keybase for a proof and updates your `keybase_proofs` table is accessible through an async job called `UpdateFromKeybaseJob`. Keybase would prefer if you did not call this every time every user sees another user's proofs. A nice compromise is to fire this off whenever a user looks at their own proofs. We do this in the dummy app [here](spec/dummy/app/controllers/users_controller.rb).
+There is also a rake task in the gem that explains how you might consider updating all of the proofs at the same time.
+```
+bundle exec rake prove_keybase:update_proofs
+```
+## Contributing
+Normal stuff. Run the tests:
+```bash
+bundle exec rake
+```
+And if you have access to a locally running set of Keybase servers, I recommend setting up a proxy for the dummy app e.g. `ngrok http 3001` and running it like this
+```
+PORT=3001 KEYBASE_BASE_URL=http://localhost:3000 KEYBASE_MY_DOMAIN=8f9e4887.ngrok.io be rails s
+```
+## License
+The gem is available as open source under the terms of this [license](./LICENSE).

data/Rakefile ADDED

@@ -0,0 +1,28 @@
+begin
+  require 'bundler/setup'
+rescue LoadError
+  puts 'You must `gem install bundler` and `bundle install` to run rake tasks'
+end
+require 'rdoc/task'
+RDoc::Task.new(:rdoc) do |rdoc|
+  rdoc.rdoc_dir = 'rdoc'
+  rdoc.title    = 'ProveKeybase'
+  rdoc.options << '--line-numbers'
+  rdoc.rdoc_files.include('README.md')
+  rdoc.rdoc_files.include('lib/**/*.rb')
+end
+APP_RAKEFILE = File.expand_path('spec/dummy/Rakefile', __dir__)
+load 'rails/tasks/engine.rake'
+load 'rails/tasks/statistics.rake'
+require 'bundler/gem_tasks'
+require 'rspec/core/rake_task'
+RSpec::Core::RakeTask.new(:spec)
+task :default => :spec

data/app/controllers/prove_keybase/api_v1_proofs_controller.rb ADDED

@@ -0,0 +1,9 @@
+class ProveKeybase::ApiV1ProofsController < ProveKeybase::KeybaseBaseController
+  def show
+    proofs = ProveKeybase::KeybaseProof.where(username: params[:username])
+    serializable_user = ProveKeybase::SerializableUser.new(proofs, avatar_url_from_username(params[:username]))
+    render json: serializable_user, serializer: ProveKeybase::UserSerializer
+  rescue ActiveRecord::RecordNotFound
+    render json: {}, status: 404
+  end
+end

data/app/controllers/prove_keybase/config_controller.rb ADDED

@@ -0,0 +1,5 @@
+class ProveKeybase::ConfigController < ProveKeybase::KeybaseBaseController
+  def show
+    render json: ProveKeybase.configuration, serializer: ProveKeybase::ConfigSerializer
+  end
+end

data/app/controllers/prove_keybase/keybase_base_controller.rb ADDED

@@ -0,0 +1,36 @@
+# frozen_string_literal: true
+class ProveKeybase::KeybaseBaseController < ::ApplicationController
+  protect_from_forgery with: :exception
+  def user_is_logged_in!
+    handle_login_redirect unless current_user
+  end
+  def user_proving_own_account!
+    unless current_user.username.casecmp(@proving_username).zero?
+      handle_wrong_logged_in_user(current_user.username, @proving_username)
+    end
+  end
+  def handle_proof_failed
+    flash[:alert] = 'proof failed. please start again from keybase.'
+    redirect_to new_proof_url(params: proof_params)
+  end
+  def handle_wrong_logged_in_user(logged_in_as, proving)
+    flash[:alert] = "you're logged in as #{logged_in_as} but trying to prove #{proving}"
+    handle_login_redirect
+  end
+  def avatar_url_from_username(username)
+    # if you override this method, please keep the behavior
+    # of raising an exception when a user does not exist.
+    User.find_by!(username: username).avatar_url || 'https://example.com/default_avatar.jpg'
+  end
+  def handle_login_redirect
+    redirect_to Rails.application.routes.url_helpers.send(ProveKeybase.configuration.login_redirection)
+  end
+end

data/app/controllers/prove_keybase/proofs_controller.rb ADDED

@@ -0,0 +1,45 @@
+# frozen_string_literal: true
+class ProveKeybase::ProofsController < ProveKeybase::KeybaseBaseController
+  before_action :user_is_logged_in!
+  before_action :set_proving_username
+  before_action :user_proving_own_account!
+  def new
+    @proof = current_user.keybase_proofs.new(
+      username: params[:username],
+      kb_username: params[:kb_username],
+      token: params[:token]
+    )
+  end
+  def create
+    @proof = current_user.keybase_proofs.where(
+      username: proof_params[:username],
+      kb_username: proof_params[:kb_username]
+    ).first_or_initialize
+    @proof.token = proof_params[:token]
+    if @proof.save
+      @proof.refresh
+      redirect_to @proof.on_success_path(proof_params[:kb_ua])
+    else
+      handle_proof_failed
+    end
+  end
+  private
+  def set_proving_username
+    case params[:action]
+    when 'create'
+      @proving_username = proof_params[:username]
+    when 'new'
+      @proving_username = params[:username]
+    end
+  end
+  def proof_params
+    params.require(:proof).permit(:username, :kb_username, :token, :kb_ua)
+  end
+end

data/app/jobs/prove_keybase/base_job.rb ADDED

	@@ -0,0 +1,2 @@
1	+ class ProveKeybase::BaseJob < ActiveJob::Base
2	+ end

data/app/jobs/prove_keybase/update_from_keybase_job.rb ADDED

@@ -0,0 +1,11 @@
+class ProveKeybase::UpdateFromKeybaseJob < ProveKeybase::BaseJob
+  queue_as ProveKeybase.configuration.job_queue
+  retry_on KeyError
+  retry_on Faraday::Error
+  retry_on ProveKeybase::ExpectedProofLiveError, wait: 1.second, attempts: 10
+  def perform(proof_id)
+    ProveKeybase::KeybaseProof.find(proof_id).refresh!
+  end
+end

data/app/models/prove_keybase/base_record.rb ADDED

@@ -0,0 +1,3 @@
+class ProveKeybase::BaseRecord < ActiveRecord::Base
+  self.abstract_class = true
+end

data/app/models/prove_keybase/keybase_proof.rb ADDED

@@ -0,0 +1,22 @@
+# frozen_string_literal: true
+class ProveKeybase::KeybaseProof < ProveKeybase::BaseRecord
+  self.table_name = 'keybase_proofs'
+  validates :token, format: { with: /\A[a-f0-9]+\z/ }, length: { is: 66 }
+  validate :validate_with_keybase, if: :token_changed?
+  scope :active, -> { where(proof_valid: true, proof_live: true) }
+  delegate :on_success_path, :keybase_avatar_url, :profile_url,
+           :proof_url, :badge_url, :refresh, :refresh!,
+           to: :remote_adapter
+  def remote_adapter
+    @remote_adapter ||= ::ProveKeybase::KeybaseAdapter.new(self)
+  end
+  def validate_with_keybase
+    remote_adapter.validate!
+  end
+end

data/app/models/prove_keybase/serializable_user.rb ADDED

@@ -0,0 +1,9 @@
+class ProveKeybase::SerializableUser
+  include ActiveModel::Serialization
+  attr_accessor :keybase_proofs, :avatar_url
+  def initialize(keybase_proofs, avatar_url)
+    @keybase_proofs = keybase_proofs
+    @avatar_url = avatar_url
+  end
+end

data/app/serializers/prove_keybase/config_serializer.rb ADDED

@@ -0,0 +1,55 @@
+# frozen_string_literal: true
+class ProveKeybase::ConfigSerializer < ActiveModel::Serializer
+  attributes :version, :domain, :display_name, :username,
+             :brand_color, :logo, :description, :prefill_url,
+             :profile_url, :check_url, :check_path, :avatar_path,
+             :contact
+  def version
+    1
+  end
+  def logo
+    { svg_black: object.logo_svg_black,
+      svg_full: object.logo_svg_full }
+  end
+  def username
+    { min: object.user_min_length,
+      max: object.user_max_length,
+      re: object.user_re }
+  end
+  def prefill_url
+    params = {
+      kb_username: '%{kb_username}',
+      username: '%{username}',
+      token: '%{sig_hash}',
+      kb_ua: '%{kb_ua}'
+    }
+    generate_url(:new_proof_url, params)
+  end
+  def check_url
+    params = { username: '%{username}' }
+    generate_url(:check_proof_url, params)
+  end
+  def check_path
+    ['signatures']
+  end
+  def avatar_path
+    ['avatar']
+  end
+  private
+  def generate_url(route, params)
+    opts = params.merge(host: ProveKeybase.configuration.domain_for_urls, protocol: 'https')
+    CGI.unescape(
+      ProveKeybase::Engine.routes.url_helpers.send(route, opts)
+    )
+  end
+end

data/app/serializers/prove_keybase/user_serializer.rb ADDED

@@ -0,0 +1,12 @@
+class ProveKeybase::UserSerializer < ActiveModel::Serializer
+  attributes :avatar_url
+  has_many :keybase_proofs, key: :signatures
+  class KeybaseProofSerializer < ActiveModel::Serializer
+    attributes :sig_hash, :kb_username
+    def sig_hash
+      object.token
+    end
+  end
+end

data/app/views/prove_keybase/proofs/new.html.erb ADDED

@@ -0,0 +1,18 @@
+<p id='alert'><%= alert %></p>
+<h2>Override This View Please</h2>
+<p>this is you here:</p>
+<p><%= image_tag current_user.avatar_url, width: 200 %></p>
+<p>is this you on keybase?</p>
+<p><%= image_tag @proof.keybase_avatar_url, width: 200 %></p>
+<%= form_with scope: :proof, url: proofs_path, local: true do |f| %>
+  <%= f.hidden_field :token, value: @proof.token %>
+  <%= f.hidden_field :username, value: @proof.username %>
+  <%= f.hidden_field :kb_username, value: @proof.kb_username %>
+  <%= f.hidden_field :kb_ua, value: params[:kb_ua] %>
+  <%= submit_tag 'yes' %>
+<% end %>

data/config/routes.rb ADDED

@@ -0,0 +1,5 @@
+ProveKeybase::Engine.routes.draw do
+  get 'config', to: 'config#show'
+  resources :proofs, only: [:new, :create]
+  get 'api/v1/proofs/:username', to: 'api_v1_proofs#show', as: :check_proof
+end

data/lib/generators/prove_keybase/USAGE ADDED

@@ -0,0 +1,9 @@
+Description:
+    create initializer and db migration for keybase proof integration
+Example:
+    bin/rails g prove_keybase install
+    This will create:
+        config/initializers/prove_keybase.rb
+        db/migrate/{X}_create_keybase_proofs.rb

data/lib/generators/prove_keybase/prove_keybase_generator.rb ADDED

@@ -0,0 +1,13 @@
+class ProveKeybaseGenerator < Rails::Generators::NamedBase
+  include Rails::Generators::Migration
+  source_root File.expand_path('templates', __dir__)
+  def install
+    copy_file "initializer.rb", "config/initializers/prove_keybase.rb"
+    migration_template "migration.rb", "db/migrate/create_keybase_proofs.rb"
+  end
+  def self.next_migration_number(dir)
+    Time.now.utc.strftime("%Y%m%d%H%M%S")
+  end
+end

data/lib/generators/prove_keybase/templates/initializer.rb ADDED

@@ -0,0 +1,54 @@
+# frozen_string_literal: true
+# See https://keybase.io/docs/proof_integration_guide for more details on
+# how this integration works.
+ProveKeybase.setup do |config|
+  # These two values are how users will lookup your site on Keybase
+  config.domain = 'yoursite.com'
+  config.display_name = 'Bee Activists'
+  # In the unlikely event that your site is actually running on a different
+  # domain (perhaps a subdomain, or for testing/staging purposes) you might
+  # want to specify that the URLs are actually on a different domain. This
+  # will default to `config.domain` above, so you can safely ignore this.
+  # config.domain_for_urls = 'yoursite.com'
+  # This is the URL to which a Keybase user will be linked when they click
+  # on a proof of one of your users. Please leave `%{username}` for interpolation
+  # by Keybase. This page should link back to Keybase when a user has active
+  # proofs.
+  config.profile_url = "https://yoursite.com/users/%{username}"
+  config.description = 'Next gen social network using big data & AI in the cloud 🤖☁️.'
+  config.brand_color = '#282c37'
+  # Keybase will use these as an early pre-check before creating the proof and signature
+  config.user_min_length = 2
+  config.user_max_length = 30
+  config.user_re = '^[a-zA-Z0-9_]{2,30}$'
+  # A full color SVG. Should look good at 32px square. Expand all texts and strokes to shapes.
+  # Here's an example of a good one.
+  config.logo_svg_full = 'https://keybase.io/images/paramproofs/services/gubble.cloud/logo_full.svg'
+  # A full-black monochrome SVG. Should look good at 16px square. Expand all texts and strokes to shapes.
+  # Here's an example of a good one.
+  config.logo_svg_black = 'https://keybase.io/images/paramproofs/services/gubble.cloud/logo_black.svg'
+  # So Keybase has someone to reach out to if there are any issues
+  config.contact = ['dummy@yoursite.com', 'beezkneez@keybase']
+  # After creating a proof locally, there is an async task to check that Keybase has seen it and updated
+  # accordingly. The queue on which this is running can be configured here.
+  # config.job_queue = :default
+  # This is the route_helper method to which a user will be redirected who is
+  # trying to create a proof without being logged in, or if they're logged in
+  # as the wrong user. See the readme for details on overriding this behavior
+  # if you'd like more control over the experience. Ideally, if a user is
+  # redirected, they will be sent back to the correct page after logging in.
+  config.login_redirection = :new_signin_path
+  # recommend putting this image (or similar) in your asset pipeline and updating this
+  config.default_keybase_avatar_url = 'https://keybase.io/images/icons/icon-keybase-logo-64@2x.png'
+end

data/lib/generators/prove_keybase/templates/migration.rb ADDED

@@ -0,0 +1,19 @@
+class CreateKeybaseProofs < ActiveRecord::Migration[5.2]
+  def change
+    create_table :keybase_proofs do |t|
+      # If `User` is not the correct model, update this line
+      t.belongs_to :user, foreign_key: { on_delete: :cascade }
+      t.string :username, null: false, default: ''
+      t.string :kb_username, null: false, default: ''
+      t.text :token, null: false, default: ''
+      t.boolean :proof_valid
+      t.boolean :proof_live
+      t.timestamps null: false
+    end
+    add_index :keybase_proofs, [:username, :kb_username], unique: true, name: :index_kb_proofs_on_local_user
+  end
+end

data/lib/prove_keybase.rb ADDED

@@ -0,0 +1,15 @@
+require 'active_support/all'
+require 'active_record'
+require 'active_model_serializers'
+require 'faraday'
+require 'faraday_middleware'
+require 'prove_keybase/engine'
+require 'prove_keybase/is_keybase_provable'
+require 'prove_keybase/keybase_adapter'
+require 'prove_keybase/keybase_client'
+require 'prove_keybase/configuration'
+ActiveSupport.on_load(:active_record) do
+  include ProveKeybase::Model
+end

data/lib/prove_keybase/configuration.rb ADDED

@@ -0,0 +1,29 @@
+module ProveKeybase
+  class << self
+    attr_accessor :configuration
+  end
+  def self.setup
+    self.configuration ||= Configuration.new
+    yield(configuration)
+  end
+  class Configuration
+    include ActiveModel::Serialization
+    attr_accessor :domain, :display_name, :description, :brand_color,
+                  :user_min_length, :user_max_length, :user_re, :logo_svg_full,
+                  :logo_svg_black, :profile_url, :contact, :keybase_base_url,
+                  :default_keybase_avatar_url, :job_queue, :login_redirection,
+                  :domain_for_urls
+    def initialize
+      # defaults
+      @job_queue = :default
+      @login_redirection = :root_path
+      @default_keybase_avatar_url = 'https://keybase.io/images/icons/icon-keybase-logo-64@2x.png'
+      @keybase_base_url = ENV.fetch('KEYBASE_BASE_URL') { 'https://keybase.io' }
+      @domain_for_urls = @domain
+    end
+  end
+end

data/lib/prove_keybase/engine.rb ADDED

@@ -0,0 +1,9 @@
+module ProveKeybase
+  class Engine < ::Rails::Engine
+    isolate_namespace ProveKeybase
+    config.generators do |g|
+      g.test_framework :rspec
+    end
+  end
+end

data/lib/prove_keybase/is_keybase_provable.rb ADDED

@@ -0,0 +1,14 @@
+module ProveKeybase
+  module Model
+    def self.included(base)
+      base.send :extend, ClassMethods
+    end
+    module ClassMethods
+      def is_keybase_provable
+        model_class = self
+        model_class.has_many :keybase_proofs, class_name: 'ProveKeybase::KeybaseProof'
+      end
+    end
+  end
+end

data/lib/prove_keybase/keybase_adapter.rb ADDED

@@ -0,0 +1,78 @@
+class ProveKeybase::ExpectedProofLiveError < StandardError; end
+class ProveKeybase::KeybaseAdapter
+  def initialize(proof)
+    @proof = proof
+    @domain = ProveKeybase.configuration.domain
+    @base_url = ProveKeybase.configuration.keybase_base_url
+  end
+  def validate!
+    if keybase_valid?
+      @proof.proof_valid = true
+    else
+      @proof.errors.add(:base, 'token not valid for user combo in keybase')
+    end
+  end
+  def refresh
+    ProveKeybase::UpdateFromKeybaseJob.perform_later(@proof.id)
+  end
+  def refresh!
+    status = client.remote_status
+    # if Keybase thinks the proof is valid but not live, yet the proof exists locally,
+    # then this is very likely during the creation flow, and Keybase just hasn't
+    # fetched the proof through the API yet. Throw this specific error so we know to
+    # retry.
+    raise ProveKeybase::ExpectedProofLiveError if status[:proof_valid] && !status[:proof_live]
+    @proof.update!(status.slice(:proof_valid, :proof_live))
+  end
+  def keybase_valid?
+    client.proof_valid?
+  end
+  def keybase_live?
+    client.proof_live?
+  end
+  def on_success_path(kb_ua)
+    uri = URI.parse(File.join(@base_url, '/_/proof_creation_success'))
+    uri.query = URI.encode_www_form(proof_params.merge(kb_ua: kb_ua || 'unknown'))
+    uri.to_s
+  end
+  def keybase_avatar_url
+    client.pic_url
+  end
+  def proof_url
+    File.join(@base_url, "#{@proof.kb_username}/sigchain\##{@proof.token}")
+  end
+  def profile_url
+    File.join(@base_url, @proof.kb_username)
+  end
+  def badge_url
+    File.join(@base_url, "#{@proof.kb_username}/proof_badge/#{@proof.token}?username=#{@proof.username}&domain=#{@domain}")
+  end
+  private
+  def proof_params
+    {
+      domain: @domain,
+      username: @proof.username,
+      kb_username: @proof.kb_username,
+      sig_hash: @proof.token
+    }
+  end
+  def client
+    @client ||= ProveKeybase::KeybaseClient.new(proof_params, @base_url)
+  end
+end

data/lib/prove_keybase/keybase_client.rb ADDED

@@ -0,0 +1,38 @@
+class ProveKeybase::KeybaseClient
+  def initialize(proof_params, base_url)
+    @proof_params = proof_params
+    api_url = File.join(base_url, '/_/api/1.0/')
+    @api_conn = Faraday::Connection.new(url: api_url) do |faraday|
+      faraday.response :json
+      faraday.adapter :net_http
+    end
+  end
+  def pic_url
+    res = @api_conn.get('user/pic_url.json', username: @proof_params[:kb_username]).body
+    res.fetch('pic_url')
+  rescue NoMethodError, KeyError, Faraday::Error
+    ProveKeybase.configuration.default_keybase_avatar_url
+  end
+  def proof_valid?
+    res = @api_conn.get('sig/proof_valid.json', @proof_params).body
+    res.fetch('proof_valid', false)
+  rescue Faraday::Error
+    false
+  end
+  def proof_live?
+    res = @api_conn.get('sig/proof_live.json', @proof_params).body
+    res.fetch('proof_live', false)
+  rescue Faraday::Error
+    false
+  end
+  def remote_status
+    # allow network and unexpected response errors to bubble up
+    res = @api_conn.get('sig/proof_live.json', @proof_params).body
+    { proof_valid: res.fetch('proof_valid'),
+      proof_live: res.fetch('proof_live') }
+  end
+end

data/lib/prove_keybase/version.rb ADDED

@@ -0,0 +1,5 @@
+# frozen_string_literal: true
+module ProveKeybase
+  VERSION = '0.1.0'.freeze
+end

data/lib/tasks/prove_keybase_tasks.rake ADDED

@@ -0,0 +1,7 @@
+namespace :prove_keybase do
+  desc 'Queue a job to update from Keybase for every keybase proof'
+  task :update_proofs do
+    puts 'We recommend implementing this especially for your site and running it from time to time.'
+    puts 'It might be as easy as `ProveKeybase::KeybaseProof.all.find_each(&:refresh)` though.'
+  end
+end

metadata ADDED

@@ -0,0 +1,183 @@
+--- !ruby/object:Gem::Specification
+name: prove_keybase
+version: !ruby/object:Gem::Version
+  version: 0.1.0
+platform: ruby
+authors:
+- Alex Gessner
+autorequire:
+bindir: bin
+cert_chain: []
+date: 2019-05-10 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: active_model_serializers
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: faraday
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: faraday_middleware
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: bcrypt
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: rspec-rails
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: sqlite3
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: travis
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: webmock
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+description: Add the Keybase open protocol for identity proofs to your Rails app
+email:
+- alex@keyba.se
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- LICENSE
+- README.md
+- Rakefile
+- app/controllers/prove_keybase/api_v1_proofs_controller.rb
+- app/controllers/prove_keybase/config_controller.rb
+- app/controllers/prove_keybase/keybase_base_controller.rb
+- app/controllers/prove_keybase/proofs_controller.rb
+- app/jobs/prove_keybase/base_job.rb
+- app/jobs/prove_keybase/update_from_keybase_job.rb
+- app/models/prove_keybase/base_record.rb
+- app/models/prove_keybase/keybase_proof.rb
+- app/models/prove_keybase/serializable_user.rb
+- app/serializers/prove_keybase/config_serializer.rb
+- app/serializers/prove_keybase/user_serializer.rb
+- app/views/prove_keybase/proofs/new.html.erb
+- config/routes.rb
+- lib/generators/prove_keybase/USAGE
+- lib/generators/prove_keybase/prove_keybase_generator.rb
+- lib/generators/prove_keybase/templates/initializer.rb
+- lib/generators/prove_keybase/templates/migration.rb
+- lib/prove_keybase.rb
+- lib/prove_keybase/configuration.rb
+- lib/prove_keybase/engine.rb
+- lib/prove_keybase/is_keybase_provable.rb
+- lib/prove_keybase/keybase_adapter.rb
+- lib/prove_keybase/keybase_client.rb
+- lib/prove_keybase/version.rb
+- lib/tasks/prove_keybase_tasks.rake
+homepage: https://keybase.io
+licenses:
+- BSD-3-Clause
+metadata: {}
+post_install_message:
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: 2.3.0
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubygems_version: 3.0.1
+signing_key:
+specification_version: 4
+summary: Add the Keybase open protocol for identity proofs to your Rails app
+test_files: []