pusher 1.3.1 → 1.4.2

data/examples/presence_channels/presence_channels.rb

@@ -0,0 +1,56 @@
+require 'sinatra'
+require 'sinatra/cookies'
+require 'sinatra/json'
+require 'pusher'
+
+# You can get these variables from http://dashboard.pusher.com
+pusher = Pusher::Client.new(
+  app_id: 'your-app-id',
+  key: 'your-app-key',
+  secret: 'your-app-secret',
+  cluster: 'your-app-cluster'
+)
+
+set :public_folder, 'public'
+
+get "/" do
+  redirect '/presence_channels.html'
+end
+
+# Emulate rails behaviour where this information would be stored in session
+get '/signin' do
+  cookies[:user_id] = 'example_cookie'
+  'Ok'
+end
+
+# Auth endpoint: https://pusher.com/docs/channels/server_api/authenticating-users
+post '/pusher/auth' do
+  channel_data = {
+      user_id: 'example_user',
+      user_info: {
+        name: 'example_name',
+        email: 'example_email'
+      }
+    }
+
+  if cookies[:user_id] == 'example_cookie'
+    response = pusher.authenticate(params[:channel_name], params[:socket_id], channel_data)
+    json response
+  else
+    status 403
+  end
+end
+
+get '/pusher_trigger' do
+  channels = ['presence-channel-test'];
+
+  begin
+    pusher.trigger(channels, 'test-event', {
+      message: 'hello world'
+    })
+  rescue Pusher::Error => e
+  # (Pusher::AuthenticationError, Pusher::HTTPError, or Pusher::Error)
+  end
+
+  'Triggered!'
+end

data/examples/presence_channels/public/presence_channels.html

@@ -0,0 +1,28 @@
+<!DOCTYPE html>
+<head>
+  <title>Pusher Test</title>
+  <script src="https://js.pusher.com/5.0/pusher.min.js"></script>
+  <script>
+
+    // Enable pusher logging - don't include this in production
+    Pusher.logToConsole = true;
+
+    var pusher = new Pusher('your-app-key', {
+      cluster: 'your-app-cluster',
+      forceTLS: true,
+      authEndpoint: '/pusher/auth'
+    });
+
+    var channel = pusher.subscribe('presence-channel-test');
+    channel.bind('test-event', function(data) {
+      alert(JSON.stringify(data));
+    });
+  </script>
+</head>
+<body>
+  <h1>Pusher Test</h1>
+  <p>
+    Try publishing an event to channel <code>presence-channel-test</code>
+    with event name <code>test-event</code>.
+  </p>
+</body>

data/lib/pusher.rb

@@ -32,7 +32,7 @@ module Pusher
     def_delegators :default_client, :scheme=, :host=, :port=, :app_id=, :key=, :secret=, :http_proxy=
     def_delegators :default_client, :notification_host=, :notification_scheme=
 
-    def_delegators :default_client, :authentication_token, :url
+    def_delegators :default_client, :authentication_token, :url, :cluster
     def_delegators :default_client, :encrypted=, :url=, :cluster=
     def_delegators :default_client, :timeout=, :connect_timeout=, :send_timeout=, :receive_timeout=, :keep_alive_timeout=
 

data/lib/pusher/channel.rb

@@ -86,6 +86,9 @@ module Pusher
 
     # Request info for a channel
     #
+    # @example Response
+    #   [{:occupied=>true, :subscription_count => 12}]
+    #
     # @param info [Array] Array of attributes required (as lowercase strings)
     # @return [Hash] Hash of requested attributes for this channel
     # @raise [Pusher::Error] on invalid Pusher response - see the error message for more details
@@ -99,7 +102,7 @@ module Pusher
     # Only works on presence channels (see: http://pusher.com/docs/client_api_guide/client_presence_channels and https://pusher.com/docs/rest_api)
     #
     # @example Response
-    #   [{"id"=>"4"}]
+    #   [{:id=>"4"}]
     #
     # @param params [Hash] Hash of parameters for the API - see REST API docs
     # @return [Hash] Array of user hashes for this channel
@@ -146,7 +149,7 @@ module Pusher
     #   render :json => Pusher['private-my_channel'].authenticate(params[:socket_id])
     #
     # @example Presence channels
-    #   render :json => Pusher['private-my_channel'].authenticate(params[:socket_id], {
+    #   render :json => Pusher['presence-my_channel'].authenticate(params[:socket_id], {
     #     :user_id => current_user.id, # => required
     #     :user_info => { # => optional - for example
     #       :name => current_user.name,
@@ -171,6 +174,15 @@ module Pusher
       r
     end
 
+    def shared_secret(encryption_master_key)
+      return unless encryption_master_key
+
+      secret_string = @name + encryption_master_key
+      digest = OpenSSL::Digest::SHA256.new
+      digest << secret_string
+      digest.digest
+    end
+
     private
 
     def validate_socket_id(socket_id)

data/lib/pusher/client.rb

@@ -1,8 +1,10 @@
+require 'base64'
+
 require 'pusher-signature'
 
 module Pusher
   class Client
-    attr_accessor :scheme, :host, :port, :app_id, :key, :secret, :notification_host, :notification_scheme
+    attr_accessor :scheme, :host, :port, :app_id, :key, :secret, :notification_host, :notification_scheme, :encryption_master_key
     attr_reader :http_proxy, :proxy
     attr_writer :connect_timeout, :send_timeout, :receive_timeout,
                 :keep_alive_timeout
@@ -12,6 +14,11 @@ module Pusher
     # Loads the configuration from an url in the environment
     def self.from_env(key = 'PUSHER_URL')
       url = ENV[key] || raise(ConfigurationError, key)
+      from_url(url)
+    end
+
+    # Loads the configuration from a url
+    def self.from_url(url)
       client = new
       client.url = url
       client
@@ -22,6 +29,12 @@ module Pusher
         :scheme => 'http',
         :port => 80,
       }
+
+      if options[:use_tls] || options[:encrypted]
+        default_options[:scheme] = "https"
+        default_options[:port] = 443
+      end
+
       merged_options = default_options.merge(options)
 
       if options.has_key?(:host)
@@ -44,6 +57,11 @@ module Pusher
           :scheme, :host, :port, :app_id, :key, :secret, :notification_host, :notification_scheme
         )
 
+      if options.has_key?(:encryption_master_key_base64)
+        @encryption_master_key =
+          Base64.decode64(options[:encryption_master_key_base64])
+      end
+
       @http_proxy = nil
       self.http_proxy = options[:http_proxy] if options[:http_proxy]
 
@@ -127,7 +145,13 @@ module Pusher
       @connect_timeout, @send_timeout, @receive_timeout = value, value, value
     end
 
-    ## INTERACE WITH THE API ##
+    # Set an encryption_master_key to use with private-encrypted channels from
+    # a base64 encoded string.
+    def encryption_master_key_base64=(s)
+      @encryption_master_key = s ? Base64.decode64(s) : nil
+    end
+
+    ## INTERACT WITH THE API ##
 
     def resource(path)
       Resource.new(self, path)
@@ -351,7 +375,13 @@ module Pusher
     #
     def authenticate(channel_name, socket_id, custom_data = nil)
       channel_instance = channel(channel_name)
-      channel_instance.authenticate(socket_id, custom_data)
+      r = channel_instance.authenticate(socket_id, custom_data)
+      if channel_name.match(/^private-encrypted-/)
+        r[:shared_secret] = Base64.strict_encode64(
+          channel_instance.shared_secret(encryption_master_key)
+        )
+      end
+      r
     end
 
     # @private Construct a net/http http client
@@ -402,10 +432,17 @@ module Pusher
       channels = Array(channels).map(&:to_s)
       raise Pusher::Error, "Too many channels (#{channels.length}), max 10" if channels.length > 10
 
+      encoded_data = if channels.any?{ |c| c.match(/^private-encrypted-/) } then
+        raise Pusher::Error, "Cannot trigger to multiple channels if any are encrypted" if channels.length > 1
+        encrypt(channels[0], encode_data(data))
+      else
+        encode_data(data)
+      end
+
       params.merge({
         name: event_name,
         channels: channels,
-        data: encode_data(data),
+        data: encoded_data,
       })
     end
 
@@ -413,7 +450,11 @@ module Pusher
       {
         batch: events.map do |event|
           event.dup.tap do |e|
-            e[:data] = encode_data(e[:data])
+            e[:data] = if e[:channel].match(/^private-encrypted-/) then
+              encrypt(e[:channel], encode_data(e[:data]))
+            else
+              encode_data(e[:data])
+            end
           end
         end
       }
@@ -425,8 +466,37 @@ module Pusher
       MultiJson.encode(data)
     end
 
+    # Encrypts a message with a key derived from the master key and channel
+    # name
+    def encrypt(channel_name, encoded_data)
+      raise ConfigurationError, :encryption_master_key unless @encryption_master_key
+
+      # Only now load rbnacl, so that people that aren't using it don't need to
+      # install libsodium
+      require_rbnacl
+
+      secret_box = RbNaCl::SecretBox.new(
+        channel(channel_name).shared_secret(@encryption_master_key)
+      )
+
+      nonce = RbNaCl::Random.random_bytes(secret_box.nonce_bytes)
+      ciphertext = secret_box.encrypt(nonce, encoded_data)
+
+      MultiJson.encode({
+        "nonce" => Base64::encode64(nonce),
+        "ciphertext" => Base64::encode64(ciphertext),
+      })
+    end
+
     def configured?
       host && scheme && key && secret && app_id
     end
+
+    def require_rbnacl
+      require 'rbnacl'
+    rescue LoadError => e
+      $stderr.puts "You don't have rbnacl installed in your application. Please add it to your Gemfile and run bundle install"
+      raise e
+    end
   end
 end

data/lib/pusher/request.rb

@@ -94,6 +94,8 @@ module Pusher
         raise Error, "404 Not found (#{@uri.path})"
       when 407
         raise Error, "Proxy Authentication Required"
+      when 413
+        raise Error, "Payload Too Large > 10KB"
       else
         raise Error, "Unknown error (status code #{status_code}): #{body}"
       end

data/lib/pusher/version.rb

@@ -1,3 +1,3 @@
 module Pusher
-  VERSION = '1.3.1'
+  VERSION = '1.4.2'
 end

data/pusher.gemspec

@@ -9,22 +9,23 @@ Gem::Specification.new do |s|
   s.authors     = ["Pusher"]
   s.email       = ["support@pusher.com"]
   s.homepage    = "http://github.com/pusher/pusher-http-ruby"
-  s.summary     = %q{Pusher API client}
-  s.description = %q{Wrapper for pusher.com REST api}
+  s.summary     = %q{Pusher Channels API client}
+  s.description = %q{Wrapper for Pusher Channels REST api: : https://pusher.com/channels}
   s.license     = "MIT"
 
-  s.add_dependency "multi_json", "~> 1.0"
+  s.add_dependency "multi_json", "~> 1.15"
   s.add_dependency 'pusher-signature', "~> 0.1.8"
-  s.add_dependency "httpclient", "~> 2.7"
+  s.add_dependency "httpclient", "~> 2.8"
   s.add_dependency "jruby-openssl" if defined?(JRUBY_VERSION)
 
-  s.add_development_dependency "rspec", "~> 3.0"
-  s.add_development_dependency "webmock"
-  s.add_development_dependency "em-http-request", "~> 1.1.0"
-  s.add_development_dependency "addressable", "=2.4.0"
-  s.add_development_dependency "rake", "~> 10.4.2"
-  s.add_development_dependency "rack", "~> 1.6.4"
-  s.add_development_dependency "json", "~> 1.8.3"
+  s.add_development_dependency "rspec", "~> 3.9"
+  s.add_development_dependency "webmock", "~> 3.9"
+  s.add_development_dependency "em-http-request", "~> 1.1"
+  s.add_development_dependency "addressable", "~> 2.7"
+  s.add_development_dependency "rake", "~> 13.0"
+  s.add_development_dependency "rack", "~> 2.2"
+  s.add_development_dependency "json", "~> 2.3"
+  s.add_development_dependency "rbnacl", "~> 7.1"
 
   s.files         = `git ls-files`.split("\n")
   s.test_files    = `git ls-files -- {test,spec,features}/*`.split("\n")

data/spec/channel_spec.rb

@@ -71,15 +71,17 @@ describe Pusher::Channel do
 
   describe '#info' do
     it "should call the Client#channel_info" do
-      expect(@client).to receive(:get).with("/channels/mychannel", anything)
+      expect(@client).to receive(:get)
+                           .with("/channels/mychannel", anything)
+                           .and_return({:occupied => true, :subscription_count => 12})
       @channel = @client['mychannel']
       @channel.info
     end
 
     it "should assemble the requested attributes into the info option" do
-      expect(@client).to receive(:get).with(anything, {
-        :info => "user_count,connection_count"
-      })
+      expect(@client).to receive(:get)
+                           .with(anything, {:info => "user_count,connection_count"})
+                           .and_return({:occupied => true, :subscription_count => 12, :user_count => 12})
       @channel = @client['presence-foo']
       @channel.info(%w{user_count connection_count})
     end
@@ -165,4 +167,23 @@ describe Pusher::Channel do
       }.to raise_error Pusher::Error
     end
   end
+
+  describe `#shared_secret` do
+    before(:each) do
+      @channel.instance_variable_set(:@name, 'private-encrypted-1')
+    end
+
+    it 'should return a shared_secret based on the channel name and encryption master key' do
+      key = '3W1pfB/Etr+ZIlfMWwZP3gz8jEeCt4s2pe6Vpr+2c3M='
+      shared_secret = @channel.shared_secret(key)
+      expect(Base64.strict_encode64(shared_secret)).to eq(
+        "6zeEp/chneRPS1cbK/hGeG860UhHomxSN6hTgzwT20I="
+      )
+    end
+
+    it 'should return nil if missing encryption master key' do
+      shared_secret = @channel.shared_secret(nil)
+      expect(shared_secret).to be_nil
+    end
+  end
 end

data/spec/client_spec.rb

@@ -1,7 +1,12 @@
-require 'spec_helper'
+require 'base64'
 
+require 'rbnacl'
 require 'em-http'
 
+require 'spec_helper'
+
+encryption_master_key = RbNaCl::Random.random_bytes(32)
+
 describe Pusher do
   # The behaviour should be the same when using the Client object, or the
   # 'global' client delegated through the Pusher class
@@ -87,19 +92,53 @@ describe Pusher do
         expect(@client.host).to eq('api.staging.pusherapp.com')
       end
 
-      it 'should get override the url configuration if it comes after' do
+      it 'should override the url configuration if it comes after' do
         @client.url = "http://somekey:somesecret@api.staging.pusherapp.com:8080/apps/87"
         @client.cluster = 'eu'
         expect(@client.host).to eq('api-eu.pusher.com')
       end
 
-      it 'should overrie by the host configuration if it comes after' do
+      it 'should override the host configuration if it comes after' do
         @client.host = 'api.staging.pusher.com'
         @client.cluster = 'eu'
         expect(@client.host).to eq('api-eu.pusher.com')
       end
     end
 
+    describe 'configuring TLS' do
+      it 'should set port and scheme if "use_tls" enabled' do
+        client = Pusher::Client.new({
+          :use_tls => true,
+        })
+        expect(client.scheme).to eq('https')
+        expect(client.port).to eq(443)
+      end
+
+      it 'should set port and scheme if "encrypted" enabled' do
+        client = Pusher::Client.new({
+          :encrypted => true,
+        })
+        expect(client.scheme).to eq('https')
+        expect(client.port).to eq(443)
+      end
+
+      it 'should use non-TLS port and scheme if "encrypted" or "use_tls" are not set' do
+        client = Pusher::Client.new
+        expect(client.scheme).to eq('http')
+        expect(client.port).to eq(80)
+      end
+
+      it 'should override port if "use_tls" option set but a different port is specified' do
+        client = Pusher::Client.new({
+          :use_tls => true,
+          :port => 8443
+        })
+        expect(client.scheme).to eq('https')
+        expect(client.port).to eq(8443)
+      end
+
+    end
+
     describe 'configuring a http proxy' do
       it "should be possible to configure everything by setting the http_proxy" do
         @client.http_proxy = 'http://someuser:somepassword@proxy.host.com:8080'
@@ -109,6 +148,10 @@ describe Pusher do
     end
 
     describe 'configuring from env' do
+      after do
+        ENV['PUSHER_URL'] = nil
+      end
+
       it "works" do
         url = "http://somekey:somesecret@api.staging.pusherapp.com:8080/apps/87"
         ENV['PUSHER_URL'] = url
@@ -118,7 +161,27 @@ describe Pusher do
         expect(client.secret).to eq("somesecret")
         expect(client.app_id).to eq("87")
         expect(client.url.to_s).to eq("http://api.staging.pusherapp.com:8080/apps/87")
-        ENV['PUSHER_URL'] = nil
+      end
+    end
+
+    describe 'configuring from url' do
+      it "works" do
+        url = "http://somekey:somesecret@api.staging.pusherapp.com:8080/apps/87"
+
+        client = Pusher::Client.from_url(url)
+        expect(client.key).to eq("somekey")
+        expect(client.secret).to eq("somesecret")
+        expect(client.app_id).to eq("87")
+        expect(client.url.to_s).to eq("http://api.staging.pusherapp.com:8080/apps/87")
+      end
+    end
+
+    describe 'can set encryption_master_key_base64' do
+      it "sets encryption_master_key" do
+        @client.encryption_master_key_base64 =
+          Base64.strict_encode64(encryption_master_key)
+
+        expect(@client.encryption_master_key).to eq(encryption_master_key)
       end
     end
 
@@ -127,6 +190,8 @@ describe Pusher do
         @client.app_id = '20'
         @client.key    = '12345678900000001'
         @client.secret = '12345678900000001'
+        @client.encryption_master_key_base64 =
+          Base64.strict_encode64(encryption_master_key)
       end
 
       describe '#[]' do
@@ -211,6 +276,19 @@ describe Pusher do
           })
         end
 
+        it 'should include a shared_secret if the private-encrypted channel' do
+          allow(MultiJson).to receive(:encode).with(@custom_data).and_return 'a json string'
+          @client.instance_variable_set(:@encryption_master_key, '3W1pfB/Etr+ZIlfMWwZP3gz8jEeCt4s2pe6Vpr+2c3M=')
+
+          response = @client.authenticate('private-encrypted-test_channel', '1.1', @custom_data)
+
+          expect(response).to eq({
+            :auth => "12345678900000001:#{hmac(@client.secret, "1.1:private-encrypted-test_channel:a json string")}",
+            :shared_secret => "o0L3QnIovCeRC8KTD8KBRlmi31dGzHVS2M93uryqDdw=",
+            :channel_data => 'a json string'
+          })
+        end
+
       end
 
       describe '#trigger' do
@@ -272,6 +350,46 @@ describe Pusher do
             }
           end
         end
+
+        it "should fail to publish to encrypted channels when missing key" do
+          @client.encryption_master_key_base64 = nil
+          expect {
+            @client.trigger('private-encrypted-channel', 'event', {'some' => 'data'})
+          }.to raise_error(Pusher::ConfigurationError)
+          expect(WebMock).not_to have_requested(:post, @api_path)
+        end
+
+        it "should fail to publish to multiple channels if one is encrypted" do
+          expect {
+            @client.trigger(
+              ['private-encrypted-channel', 'some-other-channel'],
+              'event',
+              {'some' => 'data'},
+            )
+          }.to raise_error(Pusher::Error)
+          expect(WebMock).not_to have_requested(:post, @api_path)
+        end
+
+        it "should encrypt publishes to encrypted channels" do
+          @client.trigger(
+            'private-encrypted-channel',
+            'event',
+            {'some' => 'data'},
+          )
+
+          expect(WebMock).to have_requested(:post, @api_path).with { |req|
+            data = MultiJson.decode(MultiJson.decode(req.body)["data"])
+
+            key = RbNaCl::Hash.sha256(
+              'private-encrypted-channel' + encryption_master_key
+            )
+
+            expect(MultiJson.decode(RbNaCl::SecretBox.new(key).decrypt(
+              Base64.decode64(data["nonce"]),
+              Base64.decode64(data["ciphertext"]),
+            ))).to eq({ 'some' => 'data' })
+          }
+        end
       end
 
       describe '#trigger_batch' do
@@ -303,6 +421,55 @@ describe Pusher do
             )
           }
         end
+
+        it "should fail to publish to encrypted channels when missing key" do
+          @client.encryption_master_key_base64 = nil
+          expect {
+            @client.trigger_batch(
+              {
+                channel: 'private-encrypted-channel',
+                name: 'event',
+                data: {'some' => 'data'},
+              },
+              {channel: 'mychannel', name: 'event', data: 'already encoded'},
+            )
+          }.to raise_error(Pusher::ConfigurationError)
+          expect(WebMock).not_to have_requested(:post, @api_path)
+        end
+
+        it "should encrypt publishes to encrypted channels" do
+          @client.trigger_batch(
+            {
+              channel: 'private-encrypted-channel',
+              name: 'event',
+              data: {'some' => 'data'},
+            },
+            {channel: 'mychannel', name: 'event', data: 'already encoded'},
+          )
+
+          expect(WebMock).to have_requested(:post, @api_path).with { |req|
+            batch = MultiJson.decode(req.body)["batch"]
+            expect(batch.length).to eq(2)
+
+            expect(batch[0]["channel"]).to eq("private-encrypted-channel")
+            expect(batch[0]["name"]).to eq("event")
+
+            data = MultiJson.decode(batch[0]["data"])
+
+            key = RbNaCl::Hash.sha256(
+              'private-encrypted-channel' + encryption_master_key
+            )
+
+            expect(MultiJson.decode(RbNaCl::SecretBox.new(key).decrypt(
+              Base64.decode64(data["nonce"]),
+              Base64.decode64(data["ciphertext"]),
+            ))).to eq({ 'some' => 'data' })
+
+            expect(batch[1]["channel"]).to eq("mychannel")
+            expect(batch[1]["name"]).to eq("event")
+            expect(batch[1]["data"]).to eq("already encoded")
+          }
+        end
       end
 
       describe '#trigger_async' do
@@ -415,6 +582,11 @@ describe Pusher do
             expect { call_api }.to raise_error(Pusher::Error, 'Proxy Authentication Required')
           end
 
+          it "should raise Pusher::Error if pusher returns 413" do
+            stub_request(verb, @url_regexp).to_return({:status => 413})
+            expect { call_api }.to raise_error(Pusher::Error, 'Payload Too Large > 10KB')
+          end
+
           it "should raise Pusher::Error if pusher returns 500" do
             stub_request(verb, @url_regexp).to_return({:status => 500, :body => "some error"})
             expect { call_api }.to raise_error(Pusher::Error, 'Unknown error (status code 500): some error')
@@ -612,4 +784,3 @@ describe Pusher do
     end
   end
 end
-