pusher-platform-tmp 0.6.1

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: 9d3bddf26ceca3fe9dfbe5a75173d0fc98e4ede0
+  data.tar.gz: a7f8bfc36444f85e4656e628ed41adbf45b59860
+SHA512:
+  metadata.gz: 66e44e532c9ad2c6eceb4125f935f5b32b7654b985310a66834d82f4687d3353e68c3eb7a18042581768c787c5e6e2c19a08f8c5d57865018a421b1b3c401f5e
+  data.tar.gz: d3e4403be970c9c721c07eeebe0c117a641a61d6396fbab703ef89b738028d45e0596aabdb6be5f984455a53c8220ab6ec8251ce801ddcba8b5ff5b90cce6395

data/lib/pusher-platform.rb

@@ -0,0 +1 @@
+require 'pusher-platform/instance'

data/lib/pusher-platform/authenticator.rb

@@ -0,0 +1,139 @@
+require 'jwt'
+require 'rack'
+
+module PusherPlatform
+  TOKEN_EXPIRY = 24*60*60
+
+  class Authenticator
+    def initialize(instance_id, key_id, key_secret)
+      @instance_id = instance_id
+      @key_id = key_id
+      @key_secret = key_secret
+    end
+
+    # Takes a Rack request to the authorization endpoint and and handles it
+    # either returning a new access/refresh token pair, or an error.
+    #
+    # @param request [Rack::Request] the request to authenticate
+    # @return the response object
+    def authenticate(request, options)
+      form_data = Rack::Utils.parse_nested_query request.body.read
+      grant_type = form_data['grant_type']
+
+      if grant_type == "client_credentials"
+        return authenticate_with_client_credentials(options)
+      elsif grant_type == "refresh_token"
+        old_refresh_jwt = form_data['refresh_token']
+        return authenticate_with_refresh_token(old_refresh_jwt, options)
+      else
+        return response(401, {
+          error: "unsupported_grant_type"
+        })
+      end
+    end
+
+    def generate_access_token(options)
+      now = Time.now.utc.to_i
+
+      claims = {
+        instance: @instance_id,
+        iss: "api_keys/#{@key_id}",
+        iat: now,
+        exp: now + TOKEN_EXPIRY
+      }
+
+      claims.merge!({ sub: options[:user_id] }) unless options[:user_id].nil?
+      claims.merge!({ su: true }) if options[:su]
+
+      {
+        token: JWT.encode(claims, @key_secret, 'HS256'),
+        expires_in: TOKEN_EXPIRY
+      }
+    end
+
+    private
+
+    def authenticate_with_client_credentials(options)
+      return respond_with_new_token_pair(options)
+    end
+
+    def authenticate_with_refresh_token(old_refresh_jwt, options)
+      old_refresh_token = begin
+        JWT.decode(old_refresh_jwt, @key_secret, true, {
+          iss: "api_keys/#{@key_id}",
+          verify_iss: true,
+        }).first
+      rescue => e
+        error_description = if e.is_a?(JWT::InvalidIssuerError)
+          "refresh token issuer is invalid"
+        elsif e.is_a?(JWT::ImmatureSignature)
+          "refresh token is not valid yet"
+        elsif e.is_a?(JWT::ExpiredSignature)
+          "refresh tokan has expired"
+        else
+          "refresh token is invalid"
+        end
+
+        return response(401, {
+          error: "invalid_grant",
+          error_description: error_description,
+          # TODO error_uri
+        })
+      end
+
+      if old_refresh_token["refresh"] != true
+        return response(401, {
+          error: "invalid_grant",
+          error_description: "refresh token does not have a refresh claim",
+          # TODO error_uri
+        })
+      end
+
+      if options[:user_id] != old_refresh_token["sub"]
+        return response(401, {
+          error: "invalid_grant",
+          error_description: "refresh token has an invalid user id",
+          # TODO error_uri
+        })
+      end
+
+      return respond_with_new_token_pair(options)
+    end
+
+    # Creates a payload dictionary made out of access and refresh token pair and TTL for the access token.
+    #
+    # @param user_id [String] optional id of the user, ignore for anonymous users
+    # @return [Hash] Payload as a hash
+    def respond_with_new_token_pair(options)
+      access_token = generate_access_token(options)[:token]
+      refresh_token = generate_refresh_token(options)[:token]
+      return response(200, {
+        access_token: access_token,
+        token_type: "bearer",
+        expires_in: TOKEN_EXPIRY,
+        refresh_token: refresh_token,
+      })
+    end
+
+    def generate_refresh_token(options)
+      now = Time.now.utc.to_i
+
+      claims = {
+        instance: @instance_id,
+        iss: "api_keys/#{@key_id}",
+        iat: now,
+        refresh: true,
+        sub: options[:user_id],
+      }
+
+      { token: JWT.encode(claims, @key_secret, 'HS256') }
+    end
+
+    def response(status, body)
+      return {
+        status: status,
+        json: body,
+      }
+    end
+  end
+end

data/lib/pusher-platform/base_client.rb

@@ -0,0 +1,66 @@
+require 'excon'
+require 'json'
+
+module PusherPlatform
+  class BaseClient
+    def initialize(options)
+      raise "Unspecified host" if options[:host].nil?
+      port_string = options[:port] || ''
+      host_string = "https://#{options[:host]}#{port_string}"
+      @connection = Excon.new(host_string)
+
+      @instance_id = options[:instance_id]
+      @service_name = options[:service_name]
+      @service_version = options[:service_version]
+    end
+
+    def request(options)
+      raise "Unspecified request method" if options[:method].nil?
+      raise "Unspecified request path" if options[:path].nil?
+
+      headers = if options[:headers]
+        options[:headers].dup
+      else
+        {}
+      end
+
+      if options[:jwt]
+        headers["Authorization"] = "Bearer #{options[:jwt]}"
+      end
+
+      path = "services/#{@service_name}/#{@service_version}/#{@instance_id}/#{options[:path]}"
+      body = unless options[:body].nil?
+        options[:body].to_json
+      end
+
+      response = @connection.request(
+        method: options[:method],
+        path: sanitise_path(path),
+        headers: headers,
+        body: body,
+        query: options[:query]
+      )
+
+      if response.status >= 200 && response.status <= 299
+        return response
+      elsif response.status >= 300 && response.status <= 399
+        raise "unsupported redirect response: #{response.status}"
+      elsif response.status >= 400 && response.status <= 599
+        error_description = begin
+          JSON.parse(response.body)
+        rescue
+          response.body
+        end
+        raise ErrorResponse.new(response.status, response.headers, error_description)
+      else
+        raise "unsupported response code: #{response.status}"
+      end
+    end
+
+    private
+
+    def sanitise_path(path)
+      path.gsub(/\/+/, "/").gsub(/\/+$/, "")
+    end
+  end
+end

data/lib/pusher-platform/common.rb

@@ -0,0 +1,4 @@
+module PusherPlatform
+  class Error < ::StandardError
+  end
+end

data/lib/pusher-platform/error_response.rb

@@ -0,0 +1,15 @@
+module PusherPlatform
+  class ErrorResponse < Error
+    attr_accessor :status, :headers, :description
+
+    def initialize(status, headers, description)
+      @status = status
+      @headers = headers
+      @description = description
+    end
+
+    def to_s
+      "Pusher::ErrorResponse: #{status} #{description}"
+    end
+  end
+end

data/lib/pusher-platform/instance.rb

@@ -0,0 +1,63 @@
+require_relative './authenticator'
+require_relative './base_client'
+require_relative './common'
+require_relative './error_response'
+
+module PusherPlatform
+
+  HOST_BASE = 'pusherplatform.io'
+
+  class Instance
+    def initialize(options)
+      raise "No instance locator provided" if options[:locator].nil?
+      raise "No service name provided" if options[:service_name].nil?
+      raise "No service version provided" if options[:service_version].nil?
+      locator = options[:locator]
+      @service_name = options[:service_name]
+      @service_version = options[:service_version]
+
+      key_parts = options[:key].match(/^([^:]+):(.+)$/)
+      raise "Invalid key" if key_parts.nil?
+
+      @key_id = key_parts[1]
+      @key_secret = key_parts[2]
+
+      split_locator = locator.split(':')
+
+      @platform_version = split_locator[0]
+      @cluster = split_locator[1]
+      @instance_id = split_locator[2]
+
+      @client = if options[:client]
+        options[:client]
+      else
+        BaseClient.new(
+          host: options[:host] || "#{@cluster}.#{HOST_BASE}",
+          port: options[:port],
+          instance_id: @instance_id,
+          service_name: @service_name,
+          service_version: @service_version
+        )
+      end
+
+      @authenticator = Authenticator.new(@instance_id, @key_id, @key_secret)
+    end
+
+    def request(options)
+      if options[:jwt].nil?
+        options = options.merge(
+          { jwt: @authenticator.generate_access_token({ su: true })[:token] }
+        )
+      end
+      @client.request(options)
+    end
+
+    def authenticate(request, options)
+      @authenticator.authenticate(request, options)
+    end
+
+    def generate_access_token(options)
+      @authenticator.generate_access_token(options)
+    end
+  end
+end

metadata

@@ -0,0 +1,97 @@
+--- !ruby/object:Gem::Specification
+name: pusher-platform-tmp
+version: !ruby/object:Gem::Version
+  version: 0.6.1
+platform: ruby
+authors:
+- Pusher
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2018-03-15 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: excon
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.54.0
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.54.0
+- !ruby/object:Gem::Dependency
+  name: jwt
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.5'
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 1.5.6
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.5'
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 1.5.6
+- !ruby/object:Gem::Dependency
+  name: rack
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '1.0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '1.0'
+description: 
+email: dev@playbycourt.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- lib/pusher-platform.rb
+- lib/pusher-platform/authenticator.rb
+- lib/pusher-platform/base_client.rb
+- lib/pusher-platform/common.rb
+- lib/pusher-platform/error_response.rb
+- lib/pusher-platform/instance.rb
+homepage: 
+licenses:
+- MIT
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.5.1
+signing_key: 
+specification_version: 4
+summary: Pusher Platform Ruby SDK
+test_files: []