pushcart 0.0.1.proto1

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: 2621b1fb0b34606a1385ef7d7e4e3f6d4d78033e
+  data.tar.gz: 2ee9ce5b166dd3a51443798d01dfa263ba7b655c
+SHA512:
+  metadata.gz: fc21913f640a1ee3ec05252a765774398b5f7a6ad07bf1cb2fab09beeb4d6264396cf6a864d82f835f972965396b197fb8b5ff22dfdb17a3b9bb68833c583876
+  data.tar.gz: 260ee10070e9d7da4fd1391ae4bb349ec96b9d33baa2782d596175b51934e8be27575045f29ab915ce21cc3bec17e1aabfab718ed50fa99e3b1d48de3e80c03b

data/LICENSE

@@ -0,0 +1,20 @@
+Copyright 2015 Chris Kalafarski
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.md

@@ -0,0 +1,7 @@
+# Pushcart
+
+[![Gem Version](http://img.shields.io/gem/v/pushcart.svg)](https://rubygems.org/gems/pushcart)
+[![Dependency Status](https://gemnasium.com/scour/pushcart.svg)](https://gemnasium.com/scour/pushcart)
+[![Build Status](https://travis-ci.org/scour/pushcart.svg)](https://travis-ci.org/scour/pushcart)
+[![Code Climate](https://codeclimate.com/github/scour/pushcart/badges/gpa.svg)](https://codeclimate.com/github/scour/pushcart)
+[![Coverage Status](https://coveralls.io/repos/scour/pushcart/badge.svg?branch=master&service=github)](https://coveralls.io/github/scour/pushcart?branch=master)

data/Rakefile

@@ -0,0 +1,40 @@
+begin
+  require "bundler/setup"
+rescue LoadError
+  puts "You must `gem install bundler` and `bundle install` to run rake tasks"
+end
+
+require "rdoc/task"
+
+RDoc::Task.new(:rdoc) do |rdoc|
+  rdoc.rdoc_dir = "rdoc"
+  rdoc.title    = "Pushcart"
+  rdoc.options << "--line-numbers"
+  rdoc.rdoc_files.include("README.rdoc")
+  rdoc.rdoc_files.include("lib/**/*.rb")
+end
+
+APP_RAKEFILE = File.expand_path("../test/dummy/Rakefile", __FILE__)
+load "rails/tasks/engine.rake"
+
+load "rails/tasks/statistics.rake"
+
+Bundler::GemHelper.install_tasks
+
+require "rake/testtask"
+
+Rake::TestTask.new(:test) do |t|
+  t.libs << "lib"
+  t.libs << "test"
+  t.pattern = "test/**/*_test.rb"
+  t.verbose = false
+end
+
+task :console do
+  require "pry"
+  require "pushcart"
+  ARGV.clear
+  Pry.start
+end
+
+task default: :test

data/app/assets/javascripts/pushcart/application.js

@@ -0,0 +1,13 @@
+// This is a manifest file that'll be compiled into application.js, which will include all the files
+// listed below.
+//
+// Any JavaScript/Coffee file within this directory, lib/assets/javascripts, vendor/assets/javascripts,
+// or any plugin's vendor/assets/javascripts directory can be referenced here using a relative path.
+//
+// It's not advisable to add code directly here, but if you do, it'll appear at the bottom of the
+// compiled file.
+//
+// Read Sprockets README (https://github.com/rails/sprockets#sprockets-directives) for details
+// about supported directives.
+//
+//= require_tree .

data/app/assets/stylesheets/pushcart/application.css

@@ -0,0 +1,15 @@
+/*
+ * This is a manifest file that'll be compiled into application.css, which will include all the files
+ * listed below.
+ *
+ * Any CSS and SCSS file within this directory, lib/assets/stylesheets, vendor/assets/stylesheets,
+ * or any plugin's vendor/assets/stylesheets directory can be referenced here using a relative path.
+ *
+ * You're free to add application-wide styles to this file and they'll appear at the bottom of the
+ * compiled file so the styles you add here take precedence over styles defined in any styles
+ * defined in the other CSS/SCSS files in this directory. It is generally better to create a new
+ * file per style scope.
+ *
+ *= require_tree .
+ *= require_self
+ */

data/app/controllers/concerns/pushcart/getable.rb

@@ -0,0 +1,127 @@
+module Pushcart
+  # Hubs send GET requests to a subscription's callback URL in several
+  # cases:
+
+  # * To indicate that a publisher determined the a subscription
+  #   request should not accepted and the subscription is being denied
+  # * To notify the subscriber that a previously accepted subscription is now
+  #   being denied
+  # * To verify that the subscriber sent a previously received request to
+  #   subscribe or unsubscribe to a given topic
+  #
+  # Hubs do not expect a response in the case of denials. Intent verification
+  # responses MUST be 2xx with a body equal to the `hub.challenge` parameter
+  # if the subscriber is verifying the intent, otherwise a 404 response MUST
+  # be sent.
+  module Getable
+    extend ActiveSupport::Concern
+
+    included do
+      before_action :expecting_callback, only: :get
+      before_action :validate_callback_params, only: :get
+    end
+
+    def get
+      subscription_denied? ? subscription_denied_get : intent_verification_get
+    end
+
+    private
+
+    def subscription_denied_get
+      # TODO add support for Location Header?
+
+      # @subscription.deny!(reason: params['hub.reason'])
+      render status: 200, nothing: true
+    end
+
+    def intent_verification_get
+      if subscribe_intent_verification?
+        subscribe_intent_verification_get
+      elsif unsubscribe_intent_verification?
+        unsubscribe_intent_verification_get
+      end
+    end
+
+    def subscribe_intent_verification_get
+      # TODO
+    end
+
+    def unsubscribe_intent_verification_get
+      # TODO
+    end
+
+    def expecting_callback
+      # TODO
+      # unless expecting_any_callback
+      #   render status: 404, nothing: true
+      # end
+    end
+
+    def expecting_any_callback
+      expecting_subscribe_callback ||
+        expecting_unsubscribe_callback ||
+        expecting_denied_callback
+    end
+
+    def expecting_subscribe_callback
+      # TODO
+    end
+
+    def expecting_unsubscribe_callback
+      # TODO
+    end
+
+    def expecting_denied_callback
+      # TODO
+    end
+
+    # `The hub.mode` and `hub.topic` parameters are required for all GET
+    # requests made to a subscription's callback URL. The `hub.topic` value
+    # must match the topic of the subscription that originally registered the
+    # subscription, and the only valid `hub.mode` values are "subscribe",
+    # "unsubscribe", and "denied".
+    def validate_callback_params
+      unless validate_callback_params_topic && validate_callback_params_mode
+        render status: 404, nothing: true
+      end
+    end
+
+    def validate_callback_params_topic
+      params["hob.topic"] && params["hob.topic"] == @subscription.topic
+    end
+
+    def validate_callback_params_mode
+      validate_denied_callback_params_mode ||
+        validate_subscribe_callback_params_mode ||
+        validate_unsubscribe_callback_params_mode
+    end
+
+    def validate_denied_callback_params_mode
+      params["hub.mode"] == "denied"
+    end
+    alias_method :subscription_denied?, :validate_denied_callback_params_mode
+
+    def validate_subscribe_callback_params_mode
+      params["hub.mode"] == "subscribe" &&
+        !params["hub.challenge"].blank? &&
+        !params["hub.lease_seconds"].blank?
+    end
+
+    def validate_unsubscribe_callback_params_mode
+      params["hub.mode"] == "unsubscribe" &&
+        !params["hub.challenge"].blank?
+    end
+
+    def intent_verification?
+      subscribe_intent_verification? || unsubscribe_intent_verification?
+    end
+
+    def subscribe_intent_verification?
+      params["hub.mode"] == "subscribe"
+    end
+
+    def unsubscribe_intent_verification?
+      params["hub.mode"] == "unsubscribe"
+    end
+  end
+end

data/app/controllers/concerns/pushcart/postable.rb

@@ -0,0 +1,113 @@
+require "link_header"
+
+module Pushcart
+  # The only case where a POST request is sent to a subscription's callback
+  # URL is when the hub is attempting to deliver new content. The hub MAY
+  # distribute content as a diff between two consecutive versions of the
+  # content being delivered. The request MUST have a `Content-Type`
+  # corresponding to the type of the topic, and MUST include a Link Header
+  # with `rel=hub` pointing to the hub and `rel=self` set to the topic that's
+  # being updated.
+  #
+  # Any response other than 2xx, including redirects, could be considered by
+  # the hub to be a failure, and deliveries could be retried. The body of
+  # this response will be ignored by the hub. A 2xx response should be sent as
+  # soon as the payload arrives, even if it has not been processed yet, or
+  # processing fails.
+  module Postable
+    extend ActiveSupport::Concern
+
+    included do
+      before_action :expecting_content_distribution, only: :post
+      before_action :verify_content_type, only: :post
+      before_action :verify_link_headers, only: :post
+      before_action :authenticate_content_distribution, only: :post
+    end
+
+    def post
+      # TODO
+      # @subscription.process_content_distribution_payload()
+      render status: 202, nothing: true
+    end
+
+    private
+
+    # Ensure that the given subscription is in a state where it is expecting to
+    # receive content from a hub
+    def expecting_content_distribution
+      # unless request.content_type == @subscription.active?
+      #   render status: 400, nothing: true
+      # end
+    end
+
+    # https://pubsubhubbub.github.io/PubSubHubbub/pubsubhubbub-core-0.4.html#contentdistribution
+    # This request MUST have a Content-Type corresponding to the type of the
+    # topic.
+    def verify_content_type
+      # unless request.content_type == @subscription.topic_content_type
+      #   render status: 400, nothing: true
+      # end
+    end
+
+    # https://pubsubhubbub.github.io/PubSubHubbub/pubsubhubbub-core-0.4.html#contentdistribution
+    # The request MUST include a Link Header [RFC5988] with rel=hub pointing to
+    # the Hub as well as a Link Header [RFC5988] with rel=self set to the topic
+    # that's being updated. The Hub SHOULD combine both headers into a single
+    # Link Header [RFC5988].
+    def verify_link_headers
+      # unless verify_link_header(:hub, @subscription.hub) &&
+      #   verify_link_header(:self, @subscription.topic)
+      #   render status: 400, nothing: true
+      # end
+    end
+
+    def verify_link_header(rel, value)
+      links = LinkHeader.parse(request.headers["Link"]).to_a
+      !links.detect { |l| l[1][0][1] == rel.to_s && l[0] == value }.empty?
+    end
+
+    # https://pubsubhubbub.github.io/PubSubHubbub/pubsubhubbub-core-0.4.html#authednotify
+    # If the subscriber supplied a value for hub.secret in their subscription
+    # request, the hub MUST generate an HMAC signature of the payload and
+    # include that signature in the request headers of the content distribution
+    # request. The X-Hub-Signature header's value MUST be in the form
+    # sha1=signature where signature is a 40-byte, hexadecimal representation of
+    # a SHA1 signature [RFC3174]. The signature MUST be computed using the HMAC
+    # algorithm [RFC2104] with the request body as the data and the hub.secret
+    # as the key.
+    #
+    # When subscribers receive a content distribution request with the
+    # X-Hub-Signature header specified, they SHOULD recompute the SHA1 signature
+    # with the shared secret using the same method as the hub. If the signature
+    # does not match, subscribers MUST still return a 2xx success response to
+    # acknowledge receipt, but locally ignore the message as invalid. Using this
+    # technique along with HTTPS [RFC2818] for subscription requests enables
+    # simple subscribers to receive authenticated notifications from hubs
+    # without the need for subscribers to run an HTTPS [RFC2818] server.
+    def authenticate_content_distribution
+      # The PuSH 0.4 spec does not explicitly say what to do when a hub is
+      # required to send a signature and it does not.
+      unless request.headers["X-Hub-Signature"] =~ /sha1=./
+        render status: 403, nothing: true
+        return
+      end
+
+      hub_signature = request.headers["X-Hub-Signature"].split("=")[1]
+      body = request.body.read
+
+      # TODO Do this check on the model
+      digest = OpenSSL::Digest::SHA1.new
+      key = @subscription.hmac_secret_key # TODO
+      data = body
+      hmac = OpenSSL::HMAC.hexdigest(digest, key, data)
+
+      unless hmac == hub_signature
+        # If the signature does not match, subscribers MUST still return a 2xx
+        # success response to acknowledge receipt...
+        # (but exit, because we don't want to process the data)
+        # render status: 202, nothing: true
+        return
+      end
+    end
+  end
+end

data/app/controllers/pushcart/application_controller.rb

@@ -0,0 +1,4 @@
+module Pushcart
+  class ApplicationController < ActionController::Base
+  end
+end

data/app/controllers/pushcart/pub_sub/base_controller.rb

@@ -0,0 +1,4 @@
+module Pushcart
+  class PubSub::BaseController < ApplicationController
+  end
+end

data/app/controllers/pushcart/pub_sub/subscriptions_controller.rb

@@ -0,0 +1,8 @@
+module Pushcart
+  class PubSub::SubscriptionsController < PubSub::BaseController
+    include Postable
+    include Getable
+
+    skip_before_action :verify_authenticity_token
+  end
+end

data/app/helpers/pushcart/application_helper.rb

@@ -0,0 +1,4 @@
+module Pushcart
+  module ApplicationHelper
+  end
+end

data/app/jobs/pushcart/subscription_renewal_job.rb

@@ -0,0 +1,9 @@
+module Pushcart
+  class SubscriptionRenewalJob < ActiveJob::Base
+    queue_as "pushcart_pubsub"
+
+    def perform(subscription)
+      # TODO
+    end
+  end
+end

data/app/views/layouts/pushcart/application.html.erb

@@ -0,0 +1,14 @@
+<!DOCTYPE html>
+<html>
+<head>
+  <title>Pushcart</title>
+  <%= stylesheet_link_tag    "pushcart/application", media: "all" %>
+  <%= javascript_include_tag "pushcart/application" %>
+  <%= csrf_meta_tags %>
+</head>
+<body>
+
+<%= yield %>
+
+</body>
+</html>

data/config/routes.rb

@@ -0,0 +1,6 @@
+Pushcart::Engine.routes.draw do
+  namespace :pub_sub, path: "" do
+    get "subscriptions/:id/callback" => "subscriptions#get"
+    post "subscriptions/:id/callback" => "subscriptions#post"
+  end
+end

data/lib/pushcart.rb

@@ -0,0 +1,16 @@
+require "aasm"
+require "excon"
+require "faraday"
+require "link_header"
+require "validate_url"
+require "pushcart/engine"
+require "pushcart/errors"
+require "pushcart/connectable"
+require "pushcart/deliverable"
+require "pushcart/requestable"
+require "pushcart/stateable"
+require "pushcart/composable"
+require "pushcart/subscribable"
+
+module Pushcart
+end

data/lib/pushcart/composable.rb

@@ -0,0 +1,10 @@
+module Pushcart
+  module Composable
+    extend ActiveSupport::Concern
+
+    include Connectable
+    include Requestable
+    include Deliverable
+    include Stateable
+  end
+end

data/lib/pushcart/connectable.rb

@@ -0,0 +1,34 @@
+module Pushcart
+  module Connectable
+    extend ActiveSupport::Concern
+
+    def callback_uri
+      raise ConfigurationError, "Incomplete callback URI configuration" if !ENV["PUSH_CALLBACK_SCHEME"] || !ENV["PUSH_CALLBACK_HOST"] || !ENV["PUSH_CALLBACK_PORT"]
+      raise ArgumentError, "ID required for callback URI" if !id
+
+      scheme = ENV["PUSH_CALLBACK_SCHEME"]
+      host = ENV["PUSH_CALLBACK_HOST"]
+      port = ENV["PUSH_CALLBACK_PORT"].to_i
+      path = "/subscriptions/#{id}/callback"
+
+      components = { host: host, port: port, path: path }
+      (scheme == "https" ? URI::HTTPS : URI::HTTP).build(components)
+    end
+
+    def connection(mode:)
+      # TODO Better error
+      raise "Missing" if !callback_uri || !mode || !topic || !hmac_secret_key
+
+      Faraday.new do |conn|
+        conn.adapter Faraday.default_adapter
+        conn.request :url_encoded
+        conn.params = {
+          "hub.callback": callback_uri.to_s,
+          "hub.mode": mode,
+          "hub.topic": topic,
+          "hub.secret": hmac_secret_key
+        }
+      end
+    end
+  end
+end