RubyGems - punk - Versions diffs - 0.0.3 → 0.2.0 - Mend

punk 0.0.3 → 0.2.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (150) hide show

checksums.yaml +4 -4
data/.editorconfig +9 -0
data/.github/workflows/ship.yml +28 -0
data/.github/workflows/test.yml +45 -0
data/.rdoc_options +23 -0
data/.rgignore +1 -0
data/.rspec +2 -0
data/.rubocop.yml +243 -0
data/Gemfile +6 -6
data/Gemfile.lock +18 -30
data/README.md +8 -0
data/Rakefile +7 -9
data/VERSION +1 -1
data/app/migrations/001_lets_punk.rb +3 -0
data/app/routes/hello.rb +4 -0
data/bin/punk +0 -1
data/env/.gitignore +3 -0
data/env/spec/test.sh +3 -0
data/env/test.sh +5 -0
data/lib/punk/actions/.keep +0 -0
data/lib/punk/actions/groups/list.rb +24 -0
data/lib/punk/actions/sessions/clear.rb +21 -0
data/lib/punk/actions/sessions/create.rb +64 -0
data/lib/punk/actions/sessions/list.rb +18 -0
data/lib/punk/actions/sessions/verify.rb +24 -0
data/lib/punk/actions/tenants/list.rb +18 -0
data/lib/punk/actions/users/list_group.rb +18 -0
data/lib/punk/actions/users/list_tenant.rb +18 -0
data/lib/punk/actions/users/show.rb +18 -0
data/lib/punk/commands/http.rb +3 -3
data/lib/punk/commands/list.rb +12 -6
data/lib/punk/config/defaults.json +3 -0
data/lib/punk/config/schema.json +3 -0
data/lib/punk/core/app.rb +6 -8
data/lib/punk/core/commander.rb +9 -6
data/lib/punk/core/exec.rb +2 -0
data/lib/punk/core/load.rb +0 -1
data/lib/punk/framework/command.rb +5 -1
data/lib/punk/framework/plugins/validation.rb +0 -14
data/lib/punk/framework/runnable.rb +1 -1
data/lib/punk/helpers/loggable.rb +1 -1
data/lib/punk/migrations/001_punk.rb +103 -0
data/lib/punk/models/.keep +0 -0
data/lib/punk/models/group.rb +20 -0
data/lib/punk/models/group_user_metadata.rb +17 -0
data/lib/punk/models/identity.rb +29 -0
data/lib/punk/models/session.rb +89 -0
data/lib/punk/models/tenant.rb +19 -0
data/lib/punk/models/tenant_user_metadata.rb +17 -0
data/lib/punk/models/user.rb +31 -0
data/lib/punk/routes/groups.rb +31 -0
data/lib/punk/routes/plivo.rb +4 -0
data/lib/punk/routes/sessions.rb +108 -0
data/lib/punk/routes/swagger.rb +9 -0
data/lib/punk/routes/tenants.rb +29 -0
data/lib/punk/routes/users.rb +36 -0
data/lib/punk/services/.keep +0 -0
data/lib/punk/services/challenge_claim.rb +46 -0
data/lib/punk/services/create_identities.rb +25 -0
data/lib/punk/services/generate_swagger.rb +25 -0
data/lib/punk/services/prove_claim.rb +29 -0
data/lib/punk/services/secret.rb +9 -0
data/lib/punk/templates/groups/list.jbuilder +7 -0
data/lib/punk/templates/plivo.slim +16 -0
data/lib/punk/templates/sessions/list.jbuilder +6 -0
data/lib/punk/templates/sessions/pending.jbuilder +4 -0
data/lib/punk/templates/tenants/list.jbuilder +7 -0
data/lib/punk/templates/tenants/list.slim +8 -0
data/lib/punk/templates/users/list.jbuilder +7 -0
data/lib/punk/templates/users/list.rcsv +4 -0
data/lib/punk/templates/users/show.jbuilder +5 -0
data/lib/punk/views/groups/list.rb +22 -0
data/lib/punk/views/plivo_store.rb +15 -0
data/lib/punk/views/sessions/list.rb +22 -0
data/lib/punk/views/sessions/pending.rb +28 -0
data/lib/punk/views/tenants/list.rb +22 -0
data/lib/punk/views/users/list.rb +22 -0
data/lib/punk/views/users/show.rb +22 -0
data/lib/punk/workers/.keep +0 -0
data/lib/punk/workers/expire_sessions.rb +9 -0
data/lib/punk/workers/geocode_session_worker.rb +48 -0
data/lib/punk/workers/identify_session_worker.rb +45 -0
data/lib/punk/workers/secret.rb +18 -0
data/lib/punk/workers/send_email_worker.rb +51 -0
data/lib/punk/workers/send_sms_worker.rb +40 -0
data/punk.gemspec +149 -16
data/schema.psql +345 -0
data/spec/actions/groups/punk/list_groups_action_spec.rb +36 -0
data/spec/actions/sessions/punk/clear_session_action_spec.rb +29 -0
data/spec/actions/sessions/punk/create_session_action_spec.rb +33 -0
data/spec/actions/sessions/punk/list_sessions_action_spec.rb +26 -0
data/spec/actions/sessions/punk/verify_session_action_spec.rb +59 -0
data/spec/actions/tenants/punk/list_tenants_action_spec.rb +25 -0
data/spec/actions/users/punk/list_group_users_action_spec.rb +26 -0
data/spec/actions/users/punk/list_tenant_users_action_spec.rb +26 -0
data/spec/factories/group.rb +12 -0
data/spec/factories/group_user_metadata.rb +10 -0
data/spec/factories/identity.rb +19 -0
data/spec/factories/session.rb +12 -0
data/spec/factories/tenant.rb +10 -0
data/spec/factories/tenant_user_metadata.rb +10 -0
data/spec/factories/user.rb +12 -0
data/spec/lib/commands/auth_spec.rb +11 -0
data/spec/lib/commands/generate_spec.rb +7 -0
data/spec/lib/commands/http_spec.rb +23 -0
data/spec/lib/commands/list_spec.rb +7 -0
data/spec/lib/commands/swagger_spec.rb +7 -0
data/spec/lib/engine/punk_env_spec.rb +13 -0
data/spec/lib/engine/punk_exec_spec.rb +9 -0
data/spec/lib/engine/punk_init_spec.rb +9 -0
data/spec/lib/engine/punk_store_spec.rb +10 -0
data/spec/lib/punk.env +7 -0
data/spec/models/punk/group_spec.rb +50 -0
data/spec/models/punk/group_user_metadata_spec.rb +61 -0
data/spec/models/punk/identity_spec.rb +61 -0
data/spec/models/punk/session_spec.rb +156 -0
data/spec/models/punk/tenant_spec.rb +51 -0
data/spec/models/punk/tenant_user_metadata_spec.rb +61 -0
data/spec/models/punk/user_spec.rb +115 -0
data/spec/routes/groups/get_groups_spec.rb +33 -0
data/spec/routes/plivo/get_plivo_spec.rb +11 -0
data/spec/routes/sessions/delete_session_spec.rb +11 -0
data/spec/routes/sessions/get_sessions_spec.rb +30 -0
data/spec/routes/sessions/patch_session_spec.rb +11 -0
data/spec/routes/sessions/post_session_spec.rb +11 -0
data/spec/routes/swagger/get_swagger_spec.rb +12 -0
data/spec/routes/tenants/get_tenants_spec.rb +31 -0
data/spec/routes/users/get_users_spec.rb +60 -0
data/spec/services/punk/challenge_claim_service_spec.rb +7 -0
data/spec/services/punk/create_identities_service_spec.rb +14 -0
data/spec/services/punk/generate_swagger_service_spec.rb +7 -0
data/spec/services/punk/prove_claim_service_spec.rb +7 -0
data/spec/services/punk/secret_service_spec.rb +7 -0
data/spec/spec_helper.rb +122 -0
data/spec/vcr_cassettes/PUNK_GeocodeSessionWorker/updates_the_session_data.yml +57 -0
data/spec/vcr_cassettes/PUNK_IdentifySessionWorker/updates_the_session_data.yml +112 -0
data/spec/views/punk/plivo_store_spec.rb +7 -0
data/spec/views/sessions/punk/list_sessions_view_spec.rb +7 -0
data/spec/views/sessions/punk/pending_session_view_spec.rb +7 -0
data/spec/views/tenants/punk/list_tenants_view_spec.rb +7 -0
data/spec/views/users/punk/list_groups_view_spec.rb +7 -0
data/spec/views/users/punk/list_users_view_spec.rb +7 -0
data/spec/workers/punk/expire_sessions_worker_spec.rb +31 -0
data/spec/workers/punk/geocode_session_worker_spec.rb +14 -0
data/spec/workers/punk/identify_session_worker_spec.rb +15 -0
data/spec/workers/punk/secret_worker_spec.rb +20 -0
data/spec/workers/punk/send_email_worker_spec.rb +46 -0
data/spec/workers/punk/send_sms_worker_spec.rb +33 -0
metadata +169 -13
data/lib/punk/views/all.rb +0 -4

data/lib/punk/routes/groups.rb ADDED

@@ -0,0 +1,31 @@
+# frozen_string_literal: true
+# @resource Groups
+#
+# Each tenant can have many groups.
+PUNK.route('groups') do
+  require_session!
+  require_tenant!
+  # Retrieve the list of groups visible to the authenticated user for a specific tenant.
+  # @path [GET] /groups
+  # @parameter tenant_id(required) [string] An email address or mobile phone number.
+  # @response [Array<Group>] 200 List of groups
+  # @method get
+  # @example 200
+  #   [{
+  #     "id": "deadbeef-1234-5678-abcd-000000000000",
+  #     "name": "Cool Group",
+  #     "icon": "https://some.image/url"
+  #   }]
+  # @example 401
+  #   {
+  #     "message": "You must specify a tenant.",
+  #     "errors": ["Cannot find tenant"]
+  #   }
+  #
+  # route: GET /groups
+  get do
+    perform PUNK::ListGroupsAction, user: current_user, tenant: current_tenant
+  end
+end

data/lib/punk/routes/plivo.rb ADDED

@@ -0,0 +1,4 @@
+# frozen_string_literal: true
+# route: GET /plivo
+PUNK.route('plivo') { present PUNK::PlivoStore }

data/lib/punk/routes/sessions.rb ADDED

@@ -0,0 +1,108 @@
+# frozen_string_literal: true
+# @resource Sessions
+#
+# Handle the authentication flow.
+PUNK.route('sessions') do
+  # Challenge the claim of someone having a particular email address or phone number.
+  # @path [POST] /sessions
+  # @parameter claim(required) [string] An email address or mobile phone number.
+  # @response [Session] 201 Pending session created
+  # @response [Error] 400 Invalid claim, or the user is already authenticated
+  # @method post
+  # @example 201
+  #   {
+  #     "slug": "deadbeef-1234-5678-abcd-000000000000",
+  #     "message": "A code has been sent to your email address."
+  #   }
+  # @example 400
+  #   {
+  #     "message": "Validation failed",
+  #     "errors": ["Claim is not an email or phone."]
+  #   }
+  #
+  # route: POST /sessions
+  post do
+    require_anonymous!
+    perform PUNK::CreateSessionAction, args.merge(remote_addr: request.ip || PUNK::Session.default_values[:remote_addr].to_s, user_agent: request.env['HTTP_USER_AGENT'] || PUNK::Session.default_values[:user_agent])
+  end
+  # route: GET /sessions/current
+  on "current" do
+    require_session!
+    get do
+      perform PUNK::ShowUserAction, user: current_user
+    end
+  end
+  # route: PATCH /sessions/:slug
+  on :id do |slug|
+    require_anonymous!
+    user_session = PUNK::Session.find(slug: slug)
+    # Verify a pending session by providing proof of access to the email address or phone number.
+    # @path [PATCH] /sessions/{slug}
+    # @parameter secret(required) [string] The verification code sent by email or sms.
+    # @response [Info] 200 Session verified and cookie created
+    # @response [Error] 400 Invalid secret
+    # @method patch
+    # @example 200
+    #   {
+    #     "message": "You are now logged in."
+    #   }
+    # @example 400
+    #   {
+    #     "message": "Validation failed",
+    #     "errors": ["Secret does not match."]
+    #   }
+    patch do
+      view = perform PUNK::VerifySessionAction, args.merge(session: user_session)
+      request.session[:session_id] = user_session.id if user_session&.active?
+      view
+    end
+  end
+  # Allow the current user to access their active sessions.
+  # @path [GET] /sessions
+  # @response [Array<Session>] 200 List of sessions
+  # @response [Error] 401 The user was not authenticated
+  # @method get
+  # @example 200
+  #   [{
+  #     "id": "deadbeef-1234-5678-abcd-000000000000",
+  #     "client": {...}
+  #   }]
+  # @example 401
+  #   {
+  #     "message": "you are not authenticated.",
+  #     "errors": ["cannot find session"]
+  #   }
+  #
+  # route: GET /tenants
+  get do
+    require_session!
+    perform PUNK::ListSessionsAction, user: current_user
+  end
+  # Allow the current user to logout.
+  # @path [DELETE] /sessions
+  # @response [Info] 200 Session destroyed and cookie cleared
+  # @response [Error] 401 The user was not authenticated
+  # @method destroy
+  # @example 200
+  #   {
+  #     "message": "You have logged out."
+  #   }
+  # @example 401
+  #   {
+  #     "message": "You are not authenticated.",
+  #     "errors": ["No session exists"]
+  #   }
+  #
+  # route: DELETE /sessions
+  delete do
+    require_session!
+    view = perform PUNK::ClearSessionAction, session: current_session
+    clear_session if current_session&.deleted?
+    view
+  end
+end

data/lib/punk/routes/swagger.rb ADDED

@@ -0,0 +1,9 @@
+# frozen_string_literal: true
+# route: GET /swagger.json
+PUNK.route('swagger') do
+  result = PUNK::GenerateSwaggerService.run.result
+  response.status = 200
+  response['Content-Type'] = 'application/json'
+  result
+end

data/lib/punk/routes/tenants.rb ADDED

@@ -0,0 +1,29 @@
+# frozen_string_literal: true
+# @resource Tenants
+#
+# All resources in the system are relative to a particular tenant application.
+PUNK.route('tenants') do
+  require_session!
+  # Retrieve the list of tenants visible to the authenticated user.
+  # @path [GET] /tenants
+  # @response [Array<Tenant>] 200 List of tenants
+  # @method get
+  # @example 200
+  #   [{
+  #     "id": "deadbeef-1234-5678-abcd-000000000000",
+  #     "name": "Cool Tenant",
+  #     "icon": "https://some.image/url"
+  #   }]
+  # @example 401
+  #   {
+  #     "message": "You are not authenticated.",
+  #     "errors": ["Cannot find session"]
+  #   }
+  #
+  # route: GET /tenants
+  get do
+    perform PUNK::ListTenantsAction, user: current_user
+  end
+end

data/lib/punk/routes/users.rb ADDED

@@ -0,0 +1,36 @@
+# frozen_string_literal: true
+# @resource Users
+#
+# Users can belong to many tenants and many groups.
+PUNK.route('users') do
+  require_session!
+  require_tenant!
+  # Retrieve the list of users visible to the authenticated user for a specific tenant or group.
+  # @path [GET] /users
+  # @parameter tenant_id(required) [string] The ID of a tenant visible to the authenticated user.
+  # @parameter group_id [string] The ID of a group that belongs to the tenant.
+  # @response [Array<User>] 200 List of users
+  # @method get
+  # @example 200
+  #   [{
+  #     "id": "deadbeef-1234-5678-abcd-000000000000",
+  #     "name": "John Smith",
+  #     "icon": "https://some.image/url"
+  #   }]
+  # @example 401
+  #   {
+  #     "message": "You must specify a tenant.",
+  #     "errors": ["Cannot find tenant"]
+  #   }
+  #
+  # route: GET /users
+  get do
+    if args[:group_id]
+      perform PUNK::ListGroupUsersAction, group: current_user.groups_dataset[tenant: current_tenant, id: args[:group_id]]
+    else
+      perform PUNK::ListTenantUsersAction, tenant: current_tenant
+    end
+  end
+end

data/lib/punk/services/.keep ADDED

File without changes

data/lib/punk/services/challenge_claim.rb ADDED

@@ -0,0 +1,46 @@
+# frozen_string_literal: true
+require 'rbnacl'
+module PUNK
+  class ChallengeClaimService < Service
+    args :session
+    def validate
+      validates_not_null :session
+      validates_not_empty :session
+      return if session.blank?
+      validates_type Session, :session
+      validates_state :session, :created
+      validates_event :session, :challenge
+    end
+    def process
+      secret = SecretService.run.result
+      salt = RbNaCl::Random.random_bytes(RbNaCl::PasswordHash::SCrypt::SALTBYTES)
+      hash = RbNaCl::PasswordHash.scrypt(secret, salt, 1_048_576, 16_777_216)
+      session.update(salt: salt, hash: hash)
+      session.challenge!
+      identity = session.identity
+      case identity.claim_type
+      when :email
+        SendEmailWorker.perform_async(
+          from: 'GroupFire Accounts <noreply@groupfire.com>',
+          to: identity.claim,
+          subject: '[GroupFire] Verification Code',
+          template: 'verify',
+          tags: [:auth],
+          variables: {
+            name: identity.user&.name || 'New User',
+            secret: secret
+          }
+        )
+      when :phone
+        SendSmsWorker.perform_async(
+          to: identity.claim,
+          body: "Your GroupFire verification code is: #{secret}."
+        )
+      end
+    end
+  end
+end

data/lib/punk/services/create_identities.rb ADDED

@@ -0,0 +1,25 @@
+# frozen_string_literal: true
+module PUNK
+  class CreateIdentitiesService < Service
+    def process
+      User.each do |user|
+        if user.email.present?
+          Identity.find_or_create(claim: user.email) do |i|
+            i.claim_type = :email
+            i.user = user
+          end
+        end
+        if user.phone.present?
+          Identity.find_or_create(claim: user.phone) do |i|
+            i.claim_type = :phone
+            i.user = user
+          end
+        end
+      rescue Sequel::ValidationFailed => e
+        logger.warn e.message
+      end
+      nil
+    end
+  end
+end

data/lib/punk/services/generate_swagger.rb ADDED

@@ -0,0 +1,25 @@
+# frozen_string_literal: true
+module PUNK
+  class GenerateSwaggerService < Service
+    def process
+      path = File.join(PUNK.get.app.path, '..', 'www', 'swagger.json')
+      raise InternalServerError, 'swagger.json already exists' if File.exist?(path) && !PUNK.env.test?
+      require 'swagger_yard'
+      require_relative '../helpers/swagger'
+      SwaggerYard.register_custom_yard_tags!
+      SwaggerYard.configure do |config|
+        config.api_version = PUNK.version
+        config.title = PUNK.get.app.name
+        config.description = PUNK.get.app.description
+        config.api_base_path = PUNK.get.app.url
+        config.controller_path = [File.join(PUNK.get.app.path, 'routes', '**', '*'), File.join(__dir__, '..', 'routes', '**', '*')]
+        config.model_path = [File.join(__dir__, '..', 'models', '**', '*'), File.join(__dir__, '..', 'views', '**', '*'), File.join(PUNK.get.app.path, 'models', '**', '*')]
+      end
+      spec = SwaggerYard::OpenAPI.new
+      blob = JSON.pretty_generate(spec.to_h)
+      File.open(path, "w") { |f| f << blob } unless PUNK.env.test?
+      blob
+    end
+  end
+end

data/lib/punk/services/prove_claim.rb ADDED

@@ -0,0 +1,29 @@
+# frozen_string_literal: true
+require 'rbnacl'
+module PUNK
+  class ProveClaimService < Service
+    args :session, :secret
+    def validate
+      validates_not_null :session
+      validates_not_empty :session
+      return if session.blank?
+      session.timeout?
+      validates_type Session, :session
+      validates_state :session, :pending
+      validates_event :session, :verify
+    end
+    def process
+      session.increment_attempts
+      session.reload
+      raise BadRequest, "Too many attempts" if session.attempt_count >= 3
+      hash = RbNaCl::PasswordHash.scrypt(secret, session.salt, 1_048_576, 16_777_216)
+      proven = (session[:hash] == hash)
+      session.verify! if proven
+      proven
+    end
+  end
+end

data/lib/punk/services/secret.rb ADDED

@@ -0,0 +1,9 @@
+# frozen_string_literal: true
+module PUNK
+  class SecretService < Service
+    def process
+      (SecureRandom.random_number(900_000) + 100_000).to_s
+    end
+  end
+end

data/lib/punk/templates/groups/list.jbuilder ADDED

@@ -0,0 +1,7 @@
+# frozen_string_literal: true
+json.array!(groups) do |group|
+  json.id group.id
+  json.name group.name
+  json.icon group.icon
+end

data/lib/punk/templates/plivo.slim ADDED

@@ -0,0 +1,16 @@
+doctype html
+html
+  head
+    title Plivo
+  body
+    h2 Plivo
+    - plivo = PUNK.cache.get(:plivo) || []
+    - plivo.each do |message|
+      h4= message[:sent]
+      dl
+        dt from
+        dd= message[:from]
+        dt to
+        dd= message[:to]
+        dt body
+        dd= message[:body]

data/lib/punk/templates/sessions/list.jbuilder ADDED

@@ -0,0 +1,6 @@
+# frozen_string_literal: true
+json.array!(sessions) do |session|
+  json.id session.id
+  json.data session.data
+end

data/lib/punk/templates/sessions/pending.jbuilder ADDED

@@ -0,0 +1,4 @@
+# frozen_string_literal: true
+json.slug session.slug
+json.message message

data/lib/punk/templates/tenants/list.jbuilder ADDED

@@ -0,0 +1,7 @@
+# frozen_string_literal: true
+json.array!(tenants) do |tenant|
+  json.id tenant.id
+  json.name tenant.name
+  json.icon tenant.icon
+end

data/lib/punk/templates/tenants/list.slim ADDED

@@ -0,0 +1,8 @@
+doctype html
+html
+  head
+    title Tenants
+  body
+    - tenants.each do |tenant|
+      h1= tenant.name
+      img src= tenant.icon

data/lib/punk/templates/users/list.jbuilder ADDED

@@ -0,0 +1,7 @@
+# frozen_string_literal: true
+json.array!(users) do |user|
+  json.id user.id
+  json.name user.name
+  json.icon user.icon
+end

data/lib/punk/templates/users/list.rcsv ADDED

@@ -0,0 +1,4 @@
+csv << ['ID','NAME','ICON','EMAIL','PHONE','TITLE','COMPANY','WEBSITE','LOCATION']
+users.each do |user|
+  csv << [user.id, user.name, user.icon, user.email, user.phone, user.profile[:professional][:title], user.profile[:professional][:company], user.profile[:professional][:website], user.profile[:professional][:location]]
+end

data/lib/punk/templates/users/show.jbuilder ADDED

@@ -0,0 +1,5 @@
+# frozen_string_literal: true
+json.id user.id
+json.name user.name
+json.icon user.icon