RubyGems - punk - Versions diffs - 0.0.3 → 0.2.0 - Mend

punk 0.0.3 → 0.2.0

Files changed (150) hide show

checksums.yaml +4 -4
data/.editorconfig +9 -0
data/.github/workflows/ship.yml +28 -0
data/.github/workflows/test.yml +45 -0
data/.rdoc_options +23 -0
data/.rgignore +1 -0
data/.rspec +2 -0
data/.rubocop.yml +243 -0
data/Gemfile +6 -6
data/Gemfile.lock +18 -30
data/README.md +8 -0
data/Rakefile +7 -9
data/VERSION +1 -1
data/app/migrations/001_lets_punk.rb +3 -0
data/app/routes/hello.rb +4 -0
data/bin/punk +0 -1
data/env/.gitignore +3 -0
data/env/spec/test.sh +3 -0
data/env/test.sh +5 -0
data/lib/punk/actions/.keep +0 -0
data/lib/punk/actions/groups/list.rb +24 -0
data/lib/punk/actions/sessions/clear.rb +21 -0
data/lib/punk/actions/sessions/create.rb +64 -0
data/lib/punk/actions/sessions/list.rb +18 -0
data/lib/punk/actions/sessions/verify.rb +24 -0
data/lib/punk/actions/tenants/list.rb +18 -0
data/lib/punk/actions/users/list_group.rb +18 -0
data/lib/punk/actions/users/list_tenant.rb +18 -0
data/lib/punk/actions/users/show.rb +18 -0
data/lib/punk/commands/http.rb +3 -3
data/lib/punk/commands/list.rb +12 -6
data/lib/punk/config/defaults.json +3 -0
data/lib/punk/config/schema.json +3 -0
data/lib/punk/core/app.rb +6 -8
data/lib/punk/core/commander.rb +9 -6
data/lib/punk/core/exec.rb +2 -0
data/lib/punk/core/load.rb +0 -1
data/lib/punk/framework/command.rb +5 -1
data/lib/punk/framework/plugins/validation.rb +0 -14
data/lib/punk/framework/runnable.rb +1 -1
data/lib/punk/helpers/loggable.rb +1 -1
data/lib/punk/migrations/001_punk.rb +103 -0
data/lib/punk/models/.keep +0 -0
data/lib/punk/models/group.rb +20 -0
data/lib/punk/models/group_user_metadata.rb +17 -0
data/lib/punk/models/identity.rb +29 -0
data/lib/punk/models/session.rb +89 -0
data/lib/punk/models/tenant.rb +19 -0
data/lib/punk/models/tenant_user_metadata.rb +17 -0
data/lib/punk/models/user.rb +31 -0
data/lib/punk/routes/groups.rb +31 -0
data/lib/punk/routes/plivo.rb +4 -0
data/lib/punk/routes/sessions.rb +108 -0
data/lib/punk/routes/swagger.rb +9 -0
data/lib/punk/routes/tenants.rb +29 -0
data/lib/punk/routes/users.rb +36 -0
data/lib/punk/services/.keep +0 -0
data/lib/punk/services/challenge_claim.rb +46 -0
data/lib/punk/services/create_identities.rb +25 -0
data/lib/punk/services/generate_swagger.rb +25 -0
data/lib/punk/services/prove_claim.rb +29 -0
data/lib/punk/services/secret.rb +9 -0
data/lib/punk/templates/groups/list.jbuilder +7 -0
data/lib/punk/templates/plivo.slim +16 -0
data/lib/punk/templates/sessions/list.jbuilder +6 -0
data/lib/punk/templates/sessions/pending.jbuilder +4 -0
data/lib/punk/templates/tenants/list.jbuilder +7 -0
data/lib/punk/templates/tenants/list.slim +8 -0
data/lib/punk/templates/users/list.jbuilder +7 -0
data/lib/punk/templates/users/list.rcsv +4 -0
data/lib/punk/templates/users/show.jbuilder +5 -0
data/lib/punk/views/groups/list.rb +22 -0
data/lib/punk/views/plivo_store.rb +15 -0
data/lib/punk/views/sessions/list.rb +22 -0
data/lib/punk/views/sessions/pending.rb +28 -0
data/lib/punk/views/tenants/list.rb +22 -0
data/lib/punk/views/users/list.rb +22 -0
data/lib/punk/views/users/show.rb +22 -0
data/lib/punk/workers/.keep +0 -0
data/lib/punk/workers/expire_sessions.rb +9 -0
data/lib/punk/workers/geocode_session_worker.rb +48 -0
data/lib/punk/workers/identify_session_worker.rb +45 -0
data/lib/punk/workers/secret.rb +18 -0
data/lib/punk/workers/send_email_worker.rb +51 -0
data/lib/punk/workers/send_sms_worker.rb +40 -0
data/punk.gemspec +149 -16
data/schema.psql +345 -0
data/spec/actions/groups/punk/list_groups_action_spec.rb +36 -0
data/spec/actions/sessions/punk/clear_session_action_spec.rb +29 -0
data/spec/actions/sessions/punk/create_session_action_spec.rb +33 -0
data/spec/actions/sessions/punk/list_sessions_action_spec.rb +26 -0
data/spec/actions/sessions/punk/verify_session_action_spec.rb +59 -0
data/spec/actions/tenants/punk/list_tenants_action_spec.rb +25 -0
data/spec/actions/users/punk/list_group_users_action_spec.rb +26 -0
data/spec/actions/users/punk/list_tenant_users_action_spec.rb +26 -0
data/spec/factories/group.rb +12 -0
data/spec/factories/group_user_metadata.rb +10 -0
data/spec/factories/identity.rb +19 -0
data/spec/factories/session.rb +12 -0
data/spec/factories/tenant.rb +10 -0
data/spec/factories/tenant_user_metadata.rb +10 -0
data/spec/factories/user.rb +12 -0
data/spec/lib/commands/auth_spec.rb +11 -0
data/spec/lib/commands/generate_spec.rb +7 -0
data/spec/lib/commands/http_spec.rb +23 -0
data/spec/lib/commands/list_spec.rb +7 -0
data/spec/lib/commands/swagger_spec.rb +7 -0
data/spec/lib/engine/punk_env_spec.rb +13 -0
data/spec/lib/engine/punk_exec_spec.rb +9 -0
data/spec/lib/engine/punk_init_spec.rb +9 -0
data/spec/lib/engine/punk_store_spec.rb +10 -0
data/spec/lib/punk.env +7 -0
data/spec/models/punk/group_spec.rb +50 -0
data/spec/models/punk/group_user_metadata_spec.rb +61 -0
data/spec/models/punk/identity_spec.rb +61 -0
data/spec/models/punk/session_spec.rb +156 -0
data/spec/models/punk/tenant_spec.rb +51 -0
data/spec/models/punk/tenant_user_metadata_spec.rb +61 -0
data/spec/models/punk/user_spec.rb +115 -0
data/spec/routes/groups/get_groups_spec.rb +33 -0
data/spec/routes/plivo/get_plivo_spec.rb +11 -0
data/spec/routes/sessions/delete_session_spec.rb +11 -0
data/spec/routes/sessions/get_sessions_spec.rb +30 -0
data/spec/routes/sessions/patch_session_spec.rb +11 -0
data/spec/routes/sessions/post_session_spec.rb +11 -0
data/spec/routes/swagger/get_swagger_spec.rb +12 -0
data/spec/routes/tenants/get_tenants_spec.rb +31 -0
data/spec/routes/users/get_users_spec.rb +60 -0
data/spec/services/punk/challenge_claim_service_spec.rb +7 -0
data/spec/services/punk/create_identities_service_spec.rb +14 -0
data/spec/services/punk/generate_swagger_service_spec.rb +7 -0
data/spec/services/punk/prove_claim_service_spec.rb +7 -0
data/spec/services/punk/secret_service_spec.rb +7 -0
data/spec/spec_helper.rb +122 -0
data/spec/vcr_cassettes/PUNK_GeocodeSessionWorker/updates_the_session_data.yml +57 -0
data/spec/vcr_cassettes/PUNK_IdentifySessionWorker/updates_the_session_data.yml +112 -0
data/spec/views/punk/plivo_store_spec.rb +7 -0
data/spec/views/sessions/punk/list_sessions_view_spec.rb +7 -0
data/spec/views/sessions/punk/pending_session_view_spec.rb +7 -0
data/spec/views/tenants/punk/list_tenants_view_spec.rb +7 -0
data/spec/views/users/punk/list_groups_view_spec.rb +7 -0
data/spec/views/users/punk/list_users_view_spec.rb +7 -0
data/spec/workers/punk/expire_sessions_worker_spec.rb +31 -0
data/spec/workers/punk/geocode_session_worker_spec.rb +14 -0
data/spec/workers/punk/identify_session_worker_spec.rb +15 -0
data/spec/workers/punk/secret_worker_spec.rb +20 -0
data/spec/workers/punk/send_email_worker_spec.rb +46 -0
data/spec/workers/punk/send_sms_worker_spec.rb +33 -0
metadata +169 -13
data/lib/punk/views/all.rb +0 -4

@@ -0,0 +1,31 @@
+# frozen_string_literal: true
+# @resource Groups
+#
+# Each tenant can have many groups.
+PUNK.route('groups') do
+  require_session!
+  require_tenant!
+  # Retrieve the list of groups visible to the authenticated user for a specific tenant.
+  # @path [GET] /groups
+  # @parameter tenant_id(required) [string] An email address or mobile phone number.
+  # @response [Array<Group>] 200 List of groups
+  # @method get
+  # @example 200
+  #   [{
+  #     "id": "deadbeef-1234-5678-abcd-000000000000",
+  #     "name": "Cool Group",
+  #     "icon": "https://some.image/url"
+  #   }]
+  # @example 401
+  #   {
+  #     "message": "You must specify a tenant.",
+  #     "errors": ["Cannot find tenant"]
+  #   }
+  #
+  # route: GET /groups
+  get do
+    perform PUNK::ListGroupsAction, user: current_user, tenant: current_tenant
+  end
+end

data/lib/punk/routes/plivo.rb ADDED

@@ -0,0 +1,4 @@
+# frozen_string_literal: true
+# route: GET /plivo
+PUNK.route('plivo') { present PUNK::PlivoStore }

data/lib/punk/routes/sessions.rb ADDED

@@ -0,0 +1,108 @@
+# frozen_string_literal: true
+# @resource Sessions
+#
+# Handle the authentication flow.
+PUNK.route('sessions') do
+  # Challenge the claim of someone having a particular email address or phone number.
+  # @path [POST] /sessions
+  # @parameter claim(required) [string] An email address or mobile phone number.
+  # @response [Session] 201 Pending session created
+  # @response [Error] 400 Invalid claim, or the user is already authenticated
+  # @method post
+  # @example 201
+  #   {
+  #     "slug": "deadbeef-1234-5678-abcd-000000000000",
+  #     "message": "A code has been sent to your email address."
+  #   }
+  # @example 400
+  #   {
+  #     "message": "Validation failed",
+  #     "errors": ["Claim is not an email or phone."]
+  #   }
+  #
+  # route: POST /sessions
+  post do
+    require_anonymous!
+    perform PUNK::CreateSessionAction, args.merge(remote_addr: request.ip || PUNK::Session.default_values[:remote_addr].to_s, user_agent: request.env['HTTP_USER_AGENT'] || PUNK::Session.default_values[:user_agent])
+  end
+  # route: GET /sessions/current
+  on "current" do
+    require_session!
+    get do
+      perform PUNK::ShowUserAction, user: current_user
+    end
+  end
+  # route: PATCH /sessions/:slug
+  on :id do |slug|
+    require_anonymous!
+    user_session = PUNK::Session.find(slug: slug)
+    # Verify a pending session by providing proof of access to the email address or phone number.
+    # @path [PATCH] /sessions/{slug}
+    # @parameter secret(required) [string] The verification code sent by email or sms.
+    # @response [Info] 200 Session verified and cookie created
+    # @response [Error] 400 Invalid secret
+    # @method patch
+    # @example 200
+    #   {
+    #     "message": "You are now logged in."
+    #   }
+    # @example 400
+    #   {
+    #     "message": "Validation failed",
+    #     "errors": ["Secret does not match."]
+    #   }
+    patch do
+      view = perform PUNK::VerifySessionAction, args.merge(session: user_session)
+      request.session[:session_id] = user_session.id if user_session&.active?
+      view
+    end
+  end
+  # Allow the current user to access their active sessions.
+  # @path [GET] /sessions
+  # @response [Array<Session>] 200 List of sessions
+  # @response [Error] 401 The user was not authenticated
+  # @method get
+  # @example 200
+  #   [{
+  #     "id": "deadbeef-1234-5678-abcd-000000000000",
+  #     "client": {...}
+  #   }]
+  # @example 401
+  #   {
+  #     "message": "you are not authenticated.",
+  #     "errors": ["cannot find session"]
+  #   }
+  #
+  # route: GET /tenants
+  get do
+    require_session!
+    perform PUNK::ListSessionsAction, user: current_user
+  end
+  # Allow the current user to logout.
+  # @path [DELETE] /sessions
+  # @response [Info] 200 Session destroyed and cookie cleared
+  # @response [Error] 401 The user was not authenticated
+  # @method destroy
+  # @example 200
+  #   {
+  #     "message": "You have logged out."
+  #   }
+  # @example 401
+  #   {
+  #     "message": "You are not authenticated.",
+  #     "errors": ["No session exists"]
+  #   }
+  #
+  # route: DELETE /sessions
+  delete do
+    require_session!
+    view = perform PUNK::ClearSessionAction, session: current_session
+    clear_session if current_session&.deleted?
+    view
+  end
+end

data/lib/punk/routes/swagger.rb ADDED

@@ -0,0 +1,9 @@
+# frozen_string_literal: true
+# route: GET /swagger.json
+PUNK.route('swagger') do
+  result = PUNK::GenerateSwaggerService.run.result
+  response.status = 200
+  response['Content-Type'] = 'application/json'
+  result
+end

data/lib/punk/routes/tenants.rb ADDED

@@ -0,0 +1,29 @@
+# frozen_string_literal: true
+# @resource Tenants
+#
+# All resources in the system are relative to a particular tenant application.
+PUNK.route('tenants') do
+  require_session!
+  # Retrieve the list of tenants visible to the authenticated user.
+  # @path [GET] /tenants
+  # @response [Array<Tenant>] 200 List of tenants
+  # @method get
+  # @example 200
+  #   [{
+  #     "id": "deadbeef-1234-5678-abcd-000000000000",
+  #     "name": "Cool Tenant",
+  #     "icon": "https://some.image/url"
+  #   }]
+  # @example 401
+  #   {
+  #     "message": "You are not authenticated.",
+  #     "errors": ["Cannot find session"]
+  #   }
+  #
+  # route: GET /tenants
+  get do
+    perform PUNK::ListTenantsAction, user: current_user
+  end
+end

data/lib/punk/routes/users.rb ADDED

@@ -0,0 +1,36 @@
+# frozen_string_literal: true
+# @resource Users
+#
+# Users can belong to many tenants and many groups.
+PUNK.route('users') do
+  require_session!
+  require_tenant!
+  # Retrieve the list of users visible to the authenticated user for a specific tenant or group.
+  # @path [GET] /users
+  # @parameter tenant_id(required) [string] The ID of a tenant visible to the authenticated user.
+  # @parameter group_id [string] The ID of a group that belongs to the tenant.
+  # @response [Array<User>] 200 List of users
+  # @method get
+  # @example 200
+  #   [{
+  #     "id": "deadbeef-1234-5678-abcd-000000000000",
+  #     "name": "John Smith",
+  #     "icon": "https://some.image/url"
+  #   }]
+  # @example 401
+  #   {
+  #     "message": "You must specify a tenant.",
+  #     "errors": ["Cannot find tenant"]
+  #   }
+  #
+  # route: GET /users
+  get do
+    if args[:group_id]
+      perform PUNK::ListGroupUsersAction, group: current_user.groups_dataset[tenant: current_tenant, id: args[:group_id]]
+    else
+      perform PUNK::ListTenantUsersAction, tenant: current_tenant
+    end
+  end
+end

data/lib/punk/services/.keep ADDED

File without changes

data/lib/punk/services/challenge_claim.rb ADDED

@@ -0,0 +1,46 @@
+# frozen_string_literal: true
+require 'rbnacl'
+module PUNK
+  class ChallengeClaimService < Service
+    args :session
+    def validate
+      validates_not_null :session
+      validates_not_empty :session
+      return if session.blank?
+      validates_type Session, :session
+      validates_state :session, :created
+      validates_event :session, :challenge
+    end
+    def process
+      secret = SecretService.run.result
+      salt = RbNaCl::Random.random_bytes(RbNaCl::PasswordHash::SCrypt::SALTBYTES)
+      hash = RbNaCl::PasswordHash.scrypt(secret, salt, 1_048_576, 16_777_216)
+      session.update(salt: salt, hash: hash)
+      session.challenge!
+      identity = session.identity
+      case identity.claim_type
+      when :email
+        SendEmailWorker.perform_async(
+          from: 'GroupFire Accounts <noreply@groupfire.com>',
+          to: identity.claim,
+          subject: '[GroupFire] Verification Code',
+          template: 'verify',
+          tags: [:auth],
+          variables: {
+            name: identity.user&.name || 'New User',
+            secret: secret
+          }
+        )
+      when :phone
+        SendSmsWorker.perform_async(
+          to: identity.claim,
+          body: "Your GroupFire verification code is: #{secret}."
+        )
+      end
+    end
+  end
+end

data/lib/punk/services/create_identities.rb ADDED

@@ -0,0 +1,25 @@
+# frozen_string_literal: true
+module PUNK
+  class CreateIdentitiesService < Service
+    def process
+      User.each do |user|
+        if user.email.present?
+          Identity.find_or_create(claim: user.email) do |i|
+            i.claim_type = :email
+            i.user = user
+          end
+        end
+        if user.phone.present?
+          Identity.find_or_create(claim: user.phone) do |i|
+            i.claim_type = :phone
+            i.user = user
+          end
+        end
+      rescue Sequel::ValidationFailed => e
+        logger.warn e.message
+      end
+      nil
+    end
+  end
+end

data/lib/punk/services/generate_swagger.rb ADDED

@@ -0,0 +1,25 @@
+# frozen_string_literal: true
+module PUNK
+  class GenerateSwaggerService < Service
+    def process
+      path = File.join(PUNK.get.app.path, '..', 'www', 'swagger.json')
+      raise InternalServerError, 'swagger.json already exists' if File.exist?(path) && !PUNK.env.test?
+      require 'swagger_yard'
+      require_relative '../helpers/swagger'
+      SwaggerYard.register_custom_yard_tags!
+      SwaggerYard.configure do |config|
+        config.api_version = PUNK.version
+        config.title = PUNK.get.app.name
+        config.description = PUNK.get.app.description
+        config.api_base_path = PUNK.get.app.url
+        config.controller_path = [File.join(PUNK.get.app.path, 'routes', '**', '*'), File.join(__dir__, '..', 'routes', '**', '*')]
+        config.model_path = [File.join(__dir__, '..', 'models', '**', '*'), File.join(__dir__, '..', 'views', '**', '*'), File.join(PUNK.get.app.path, 'models', '**', '*')]
+      end
+      spec = SwaggerYard::OpenAPI.new
+      blob = JSON.pretty_generate(spec.to_h)
+      File.open(path, "w") { |f| f << blob } unless PUNK.env.test?
+      blob
+    end
+  end
+end

data/lib/punk/services/prove_claim.rb ADDED

@@ -0,0 +1,29 @@
+# frozen_string_literal: true
+require 'rbnacl'
+module PUNK
+  class ProveClaimService < Service
+    args :session, :secret
+    def validate
+      validates_not_null :session
+      validates_not_empty :session
+      return if session.blank?
+      session.timeout?
+      validates_type Session, :session
+      validates_state :session, :pending
+      validates_event :session, :verify
+    end
+    def process
+      session.increment_attempts
+      session.reload
+      raise BadRequest, "Too many attempts" if session.attempt_count >= 3
+      hash = RbNaCl::PasswordHash.scrypt(secret, session.salt, 1_048_576, 16_777_216)
+      proven = (session[:hash] == hash)
+      session.verify! if proven
+      proven
+    end
+  end
+end

data/lib/punk/services/secret.rb ADDED

@@ -0,0 +1,9 @@
+# frozen_string_literal: true
+module PUNK
+  class SecretService < Service
+    def process
+      (SecureRandom.random_number(900_000) + 100_000).to_s
+    end
+  end
+end

data/lib/punk/templates/groups/list.jbuilder ADDED

@@ -0,0 +1,7 @@
+# frozen_string_literal: true
+json.array!(groups) do |group|
+  json.id group.id
+  json.name group.name
+  json.icon group.icon
+end

data/lib/punk/templates/plivo.slim ADDED

@@ -0,0 +1,16 @@
+doctype html
+html
+  head
+    title Plivo
+  body
+    h2 Plivo
+    - plivo = PUNK.cache.get(:plivo) || []
+    - plivo.each do |message|
+      h4= message[:sent]
+      dl
+        dt from
+        dd= message[:from]
+        dt to
+        dd= message[:to]
+        dt body
+        dd= message[:body]

data/lib/punk/templates/sessions/list.jbuilder ADDED

@@ -0,0 +1,6 @@
+# frozen_string_literal: true
+json.array!(sessions) do |session|
+  json.id session.id
+  json.data session.data
+end

data/lib/punk/templates/sessions/pending.jbuilder ADDED

@@ -0,0 +1,4 @@
+# frozen_string_literal: true
+json.slug session.slug
+json.message message

data/lib/punk/templates/tenants/list.jbuilder ADDED

@@ -0,0 +1,7 @@
+# frozen_string_literal: true
+json.array!(tenants) do |tenant|
+  json.id tenant.id
+  json.name tenant.name
+  json.icon tenant.icon
+end

data/lib/punk/templates/tenants/list.slim ADDED

@@ -0,0 +1,8 @@
+doctype html
+html
+  head
+    title Tenants
+  body
+    - tenants.each do |tenant|
+      h1= tenant.name
+      img src= tenant.icon

data/lib/punk/templates/users/list.jbuilder ADDED

@@ -0,0 +1,7 @@
+# frozen_string_literal: true
+json.array!(users) do |user|
+  json.id user.id
+  json.name user.name
+  json.icon user.icon
+end

data/lib/punk/templates/users/list.rcsv ADDED

@@ -0,0 +1,4 @@
+csv << ['ID','NAME','ICON','EMAIL','PHONE','TITLE','COMPANY','WEBSITE','LOCATION']
+users.each do |user|
+  csv << [user.id, user.name, user.icon, user.email, user.phone, user.profile[:professional][:title], user.profile[:professional][:company], user.profile[:professional][:website], user.profile[:professional][:location]]
+end

data/lib/punk/templates/users/show.jbuilder ADDED

@@ -0,0 +1,5 @@
+# frozen_string_literal: true
+json.id user.id
+json.name user.name
+json.icon user.icon