pusher 1.4.0 → 2.0.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: d9eaaf4fa5fbc3d5223411cb0e1375ccee4f93275f27c20cb7bdd8f31e371fa1
-  data.tar.gz: be5be46dc24a06be058606742ee56497a6128e39af6cf7f03ddaadc86ac95f12
+  metadata.gz: 1ec4402d063ad4e8193f92bee0a9116987cd1388e3f21be49b7bfbe62ad4dbab
+  data.tar.gz: 0f974393c92fba1afbae6b85faf96d6950932cc0b24b538d1493300ec1e51e0d
 SHA512:
-  metadata.gz: bd778cf80415b3d2af763583ebf41a4b1164339d0a458203cb55225aab078bdcfe4bf8801a824eeb6802a2f2b12db49df00569ceb631eb3ca20251ead29d3987
-  data.tar.gz: 187c968e1d1afef5a572bfe4bc22929843ef2843969fef9ac89862ff77b0d415b50cae82daa1b0d992374be2749053c0d8d52c1f1efa22ce7412e3c727c3edee
+  metadata.gz: d4f6e5cc6dc5a02db77200c18244e07dee27bc52abd3e4c376642b56e330d5d4bf86494c393ddeb340a38054c45ab3358eafc5a3d2dd0b8f17f471a8b6ba283d
+  data.tar.gz: ad18ed1ce95a46e383b9af71b38b528cae273083deafca6f3d187f4586a27d8a900c719be612a76822ef30b58b8e41ce15fac540f15f0f7904ce9276dd138b2c

data/CHANGELOG.md

@@ -1,121 +1,125 @@
-1.4.0  / 2020-09-29
-==================
+# Changelog
 
-  * Support for end-to-end encryption.
+## 2.0.1
 
-1.3.3 / 2019-07-02
-==================
+* [CHANGED] Only include lib and essential docs in gem.
 
-  * Rewording to clarify "Pusher Channels" or simply "Channels" product name.
+## 2.0.0
 
-1.3.2 / 2018-10-17
-==================
+* [CHANGED] Use TLS by default.
+* [REMOVED] Support for Ruby 2.4 and 2.5.
+* [FIXED] Handle empty or nil  configuration.
+* [REMOVED] Legacy Push Notification integration.
+* [ADDED] Stalebot and Github actions. 
 
-  * Return a specific error for "Request Entity Too Large" (body over 10KB).
-  * Add a `use_tls` option for SSL (defaults to false).
-  * Add a `from_url` client method (in addition to existing `from_env` option).
-  * Improved documentation and fixed typos.
-  * Add Ruby 2.4 to test matrix.
+## 1.4.3
 
-1.3.1 / 2017-03-15
+  * [FIXED] Remove newline from end of base64 encoded strings, some decoders don't like
+    them.
+
+## 1.4.2
 ==================
 
-  * Added missing client batch methods to default client delegations
-  * Document raised exception in the `authenticate` method
-  * Fixes em-http-request from using v2.5.0 of `addressable` breaking builds.
+  * [FIXED] Return `shared_secret` to support authenticating encrypted channels. Thanks
+    @Benjaminpjacobs
 
-1.3.0 / 2016-08-23
-==================
+## 1.4.1
 
-  * Add support for sending push notifications on up to 10 interests.
+  * [CHANGED] Remove rbnacl from dependencies so we don't get errors when it isn't
+    required. Thanks @y-yagi!
 
-1.2.1 / 2016-08-22
-==================
+## 1.4.0
 
-  * Fixes Rails 5 compatibility. Use duck-typing to detect request object
+  * [ADDED] Support for end-to-end encryption.
 
-1.2.0 / 2016-08-15
-==================
+## 1.3.3
 
-  * Minor release for Native notifications
+  * [CHANGED] Rewording to clarify "Pusher Channels" or simply "Channels" product name.
 
-1.2.0.rc1 / 2016-07-18
-==================
+## 1.3.2
 
-  * Add support for Native notifications
+  * [FIXED] Return a specific error for "Request Entity Too Large" (body over 10KB).
+  * [ADDED] Add a `use_tls` option for SSL (defaults to false).
+  * [ADDED] Add a `from_url` client method (in addition to existing `from_env` option).
+  * [CHANGED] Improved documentation and fixed typos.
+  * [ADDED] Add Ruby 2.4 to test matrix.
 
-1.1.0 / 2016-05-20
-==================
+## 1.3.1
 
-  * Add support for batch events
+  * [FIXED] Added missing client batch methods to default client delegations
+  * [CHANGED] Document raised exception in the `authenticate` method
+  * [FIXED] Fixes em-http-request from using v2.5.0 of `addressable` breaking builds.
 
-1.0.0 / 2016-05-19
-==================
+## 1.3.0
 
-No breaking changes, this release is just to follow semver and show that we
-are stable.
+  * [ADDED] Add support for sending push notifications on up to 10 interests.
 
-0.18.0 / 2016-05-15
-==================
+## 1.2.1
 
-  * Introduce `Pusher::Client.from_env`
-  * Improve error handling on missing config
+  * [FIXED] Fixes Rails 5 compatibility. Use duck-typing to detect request object
 
-0.17.0 / 2016-02-22
-==================
+## 1.2.0
 
-  * Introduce the `cluster` option.
+  * [CHANGED] Minor release for Native notifications
 
-0.16.0 / 2016-01-21
-==================
+## 1.2.0.rc1
 
-  * Bump httpclient version to 2.7
-  * Ruby 1.8.7 is not supported anymore.
+  * [ADDED] Add support for Native notifications
 
-0.15.2 / 2015-12-03
-==================
+## 1.1.0
 
-  * Documented `Pusher.channel_info`, `Pusher.channels`
-  * Added `Pusher.channel_users`
+  * [ADDED] Add support for batch events
 
-0.15.1 / 2015-11-03
-==================
+## 1.0.0
 
-  * Fixed a bug where the `authenticate` method added in 0.15.0 wasn't exposed on the Pusher class.
+ * [CHANGED] No breaking changes, this release is just to follow semver and show that we
+are stable.
 
-0.15.0 / 2015-11-02
-==================
+## 0.18.0
 
-  * Added `Pusher.authenticate` method for authenticating private and presence channels.
-    This is prefered over the older `Pusher['a_channel'].authenticate(...)` style.
+  * [ADDED] Introduce `Pusher::Client.from_env`
+  * [FIXED] Improve error handling on missing config
 
-0.14.6 / 2015-09-29
-==================
-  * Updated to use the `pusher-signature` gem instead of `signature`.
-    This resolves namespace related issues.
+## 0.17.0
 
-0.14.5 / 2015-05-11
-==================
+  * [ADDED] Introduce the `cluster` option.
 
-  * SECURITY: Prevent auth delegation trough crafted socket IDs
+## 0.16.0
 
-0.14.4 / 2015-01-20
-==================
+  * [CHANGED] Bump httpclient version to 2.7
+  * [REMOVED] Ruby 1.8.7 is not supported anymore.
 
-  * SECURITY: Prevent timing attack, update signature to v0.1.8
-  * SECURITY: Prevent POODLE. Disable SSLv3, update httpclient to v2.5
-  * Fix channel name character limit.
-  * Adds support for listing users on a presence channel
+## 0.15.2
 
-0.14.3 / 2015-01-20
-==================
+  * [CHANGED] Documented `Pusher.channel_info`, `Pusher.channels`
+  * [ADDED] Added `Pusher.channel_users`
 
-Yanked, bad release
+## 0.15.1
 
-0.14.2 / 2014-10-16
-==================
+  * [FIXED] Fixed a bug where the `authenticate` method added in 0.15.0 wasn't exposed on the Pusher class.
+
+## 0.15.0
+
+  * [ADDED] Added `Pusher.authenticate` method for authenticating private and presence channels.
+    This is prefered over the older `Pusher['a_channel'].authenticate(...)` style.
+
+## 0.14.6
+
+  * [CHANGED] Updated to use the `pusher-signature` gem instead of `signature`.
+    This resolves namespace related issues.
+
+## 0.14.5
+
+  * [SECURITY] Prevent auth delegation trough crafted socket IDs
+
+## 0.14.4
+
+  * [SECURITY] Prevent timing attack, update signature to v0.1.8
+  * [SECURITY] Prevent POODLE. Disable SSLv3, update httpclient to v2.5
+  * [FIXED] Fix channel name character limit.
+  * [ADDED] Adds support for listing users on a presence channel
 
-First release with a changelog !
+## 0.14.2
 
-  * Bump httpclient to v2.4. See #62 (POODLE SSL)
-  * Fix limited channel count at README.md. Thanks @tricknotes
+  * [CHANGED] Bump httpclient to v2.4. See #62 (POODLE SSL)
+  * [CHANGED] Fix limited channel count at README.md. Thanks @tricknotes

data/README.md

@@ -2,7 +2,11 @@
 
 This Gem provides a Ruby interface to [the Pusher HTTP API for Pusher Channels](https://pusher.com/docs/channels/library_auth_reference/rest-api).
 
-[![Build Status](https://secure.travis-ci.org/pusher/pusher-http-ruby.svg?branch=master)](http://travis-ci.org/pusher/pusher-http-ruby) [![Gem Version](https://badge.fury.io/rb/pusher.svg)](https://badge.fury.io/rb/pusher)
+[![Build Status](https://github.com/pusher/pusher-http-ruby/workflows/Tests/badge.svg)](https://github.com/pusher/pusher-http-ruby/actions?query=workflow%3ATests+branch%3Amaster) [![Gem](https://img.shields.io/gem/v/pusher)](https://rubygems.org/gems/pusher) [![Gem](https://img.shields.io/gem/dt/pusher)](https://rubygems.org/gems/pusher)
+
+## Supported Platforms
+
+* Ruby - supports **Ruby 2.6 or greater**.
 
 ## Installation and Configuration
 
@@ -36,7 +40,7 @@ pusher = Pusher::Client.new(
 )
 ```
 
-The `cluster` value will set the `host` to `api-<cluster>.pusher.com`. The `use_tls` value is optional and defaults to `false`. It will set the `scheme` and `port`. Custom `scheme` and `port` values take precendence over `use_tls`.
+The `cluster` value will set the `host` to `api-<cluster>.pusher.com`. The `use_tls` value is optional and defaults to `true`. It will set the `scheme` and `port`. A custom `port` value takes precendence over `use_tls`.
 
 If you want to set a custom `host` value for your client then you can do so when instantiating a Pusher Channels client like so:
 
@@ -79,11 +83,11 @@ If you need to make requests via a HTTP proxy then it can be configured
 Pusher.http_proxy = 'http://(user):(password)@(host):(port)'
 ```
 
-By default API requests are made over HTTP. HTTPS can be used by setting `encrypted` to `true`.
+By default API requests are made over HTTPS. HTTP can be used by setting `use_tls` to `false`.
 Issuing this command is going to reset `port` value if it was previously specified.
 
 ``` ruby
-Pusher.encrypted = true
+Pusher.use_tls = false
 ```
 
 As of version 0.12, SSL certificates are verified when using the synchronous http client. If you need to disable this behaviour for any reason use:
@@ -252,11 +256,13 @@ end
 
 This library supports [end-to-end encrypted channels](https://pusher.com/docs/channels/using_channels/encrypted-channels). This means that only you and your connected clients will be able to read your messages. Pusher cannot decrypt them. You can enable this feature by following these steps:
 
-1. Install [Libsodium](https://github.com/jedisct1/libsodium), which we rely on to do the heavy lifting. [Follow the installation instructions for your platform.](https://github.com/RubyCrypto/rbnacl/wiki/Installing-libsodium)
+1. Add the `rbnacl` gem to your Gemfile (it's not a gem dependency).
 
-2. Encrypted channel subscriptions must be authenticated in the exact same way as private channels. You should therefore [create an authentication endpoint on your server](https://pusher.com/docs/authenticating_users).
+2. Install [Libsodium](https://github.com/jedisct1/libsodium), which we rely on to do the heavy lifting. [Follow the installation instructions for your platform.](https://github.com/RubyCrypto/rbnacl/wiki/Installing-libsodium)
 
-3. Next, generate your 32 byte master encryption key, encode it as base64 and pass it to the Pusher constructor.
+3. Encrypted channel subscriptions must be authenticated in the exact same way as private channels. You should therefore [create an authentication endpoint on your server](https://pusher.com/docs/authenticating_users).
+
+4. Next, generate your 32 byte master encryption key, encode it as base64 and pass it to the Pusher constructor.
 
    This is secret and you should never share this with anyone.
    Not even Pusher.
@@ -276,9 +282,9 @@ This library supports [end-to-end encrypted channels](https://pusher.com/docs/ch
    });
    ```
 
-4. Channels where you wish to use end-to-end encryption should be prefixed with `private-encrypted-`.
+5. Channels where you wish to use end-to-end encryption should be prefixed with `private-encrypted-`.
 
-5. Subscribe to these channels in your client, and you're done! You can verify it is working by checking out the debug console on the [https://dashboard.pusher.com/](dashboard) and seeing the scrambled ciphertext.
+6. Subscribe to these channels in your client, and you're done! You can verify it is working by checking out the debug console on the [https://dashboard.pusher.com/](dashboard) and seeing the scrambled ciphertext.
 
 **Important note: This will __not__ encrypt messages on channels that are not prefixed by `private-encrypted-`.**
 
@@ -293,6 +299,3 @@ pusher.trigger(
 ```
 
 Rationale: the methods in this library map directly to individual Channels HTTP API requests. If we allowed triggering a single event on multiple channels (some encrypted, some unencrypted), then it would require two API requests: one where the event is encrypted to the encrypted channels, and one where the event is unencrypted for unencrypted channels.
-
-## Supported Ruby versions
-2.4+

data/lib/pusher.rb

@@ -28,9 +28,7 @@ module Pusher
     extend Forwardable
 
     def_delegators :default_client, :scheme, :host, :port, :app_id, :key, :secret, :http_proxy
-    def_delegators :default_client, :notification_host, :notification_scheme
     def_delegators :default_client, :scheme=, :host=, :port=, :app_id=, :key=, :secret=, :http_proxy=
-    def_delegators :default_client, :notification_host=, :notification_scheme=
 
     def_delegators :default_client, :authentication_token, :url, :cluster
     def_delegators :default_client, :encrypted=, :url=, :cluster=
@@ -66,4 +64,3 @@ require 'pusher/channel'
 require 'pusher/request'
 require 'pusher/resource'
 require 'pusher/webhook'
-require 'pusher/native_notification/client'

data/lib/pusher/channel.rb

@@ -174,6 +174,15 @@ module Pusher
       r
     end
 
+    def shared_secret(encryption_master_key)
+      return unless encryption_master_key
+
+      secret_string = @name + encryption_master_key
+      digest = OpenSSL::Digest::SHA256.new
+      digest << secret_string
+      digest.digest
+    end
+
     private
 
     def validate_socket_id(socket_id)

data/lib/pusher/client.rb

@@ -1,15 +1,19 @@
 require 'base64'
-
 require 'pusher-signature'
 
 module Pusher
   class Client
-    attr_accessor :scheme, :host, :port, :app_id, :key, :secret, :notification_host, :notification_scheme, :encryption_master_key
+    attr_accessor :scheme, :host, :port, :app_id, :key, :secret, :encryption_master_key
     attr_reader :http_proxy, :proxy
     attr_writer :connect_timeout, :send_timeout, :receive_timeout,
                 :keep_alive_timeout
 
     ## CONFIGURATION ##
+    DEFAULT_CONNECT_TIMEOUT = 5
+    DEFAULT_SEND_TIMEOUT = 5
+    DEFAULT_RECEIVE_TIMEOUT = 5
+    DEFAULT_KEEP_ALIVE_TIMEOUT = 30
+    DEFAULT_CLUSTER = "mt1"
 
     # Loads the configuration from an url in the environment
     def self.from_env(key = 'PUSHER_URL')
@@ -25,51 +29,35 @@ module Pusher
     end
 
     def initialize(options = {})
-      default_options = {
-        :scheme => 'http',
-        :port => 80,
-      }
+      @scheme = "https"
+      @port = options[:port] || 443
 
-      if options[:use_tls] || options[:encrypted]
-        default_options[:scheme] = "https"
-        default_options[:port] = 443
+      if options.key?(:encrypted)
+        warn "[DEPRECATION] `encrypted` is deprecated and will be removed in the next major version. Use `use_tls` instead."
       end
 
-      merged_options = default_options.merge(options)
-
-      if options.has_key?(:host)
-        merged_options[:host] = options[:host]
-      elsif options.has_key?(:cluster)
-        merged_options[:host] = "api-#{options[:cluster]}.pusher.com"
-      else
-        merged_options[:host] = "api.pusherapp.com"
+      if options[:use_tls] == false || options[:encrypted] == false
+        @scheme = "http"
+        @port = options[:port] || 80
       end
 
-      # TODO: Change host name when finalized
-      merged_options[:notification_host] =
-        options.fetch(:notification_host, "nativepush-cluster1.pusher.com")
-
-      merged_options[:notification_scheme] =
-        options.fetch(:notification_scheme, "https")
+      @app_id = options[:app_id]
+      @key = options[:key]
+      @secret = options[:secret]
 
-      @scheme, @host, @port, @app_id, @key, @secret, @notification_host, @notification_scheme =
-        merged_options.values_at(
-          :scheme, :host, :port, :app_id, :key, :secret, :notification_host, :notification_scheme
-        )
+      @host = options[:host]
+      @host ||= "api-#{options[:cluster]}.pusher.com" unless options[:cluster].nil? || options[:cluster].empty?
+      @host ||= "api-#{DEFAULT_CLUSTER}.pusher.com"
 
-      if options.has_key?(:encryption_master_key_base64)
-        @encryption_master_key =
-          Base64.decode64(options[:encryption_master_key_base64])
-      end
+      @encryption_master_key = Base64.strict_decode64(options[:encryption_master_key_base64]) if options[:encryption_master_key_base64]
 
-      @http_proxy = nil
-      self.http_proxy = options[:http_proxy] if options[:http_proxy]
+      @http_proxy = options[:http_proxy]
 
       # Default timeouts
-      @connect_timeout = 5
-      @send_timeout = 5
-      @receive_timeout = 5
-      @keep_alive_timeout = 30
+      @connect_timeout = DEFAULT_CONNECT_TIMEOUT
+      @send_timeout = DEFAULT_SEND_TIMEOUT
+      @receive_timeout = DEFAULT_RECEIVE_TIMEOUT
+      @keep_alive_timeout = DEFAULT_KEEP_ALIVE_TIMEOUT
     end
 
     # @private Returns the authentication token for the client
@@ -83,10 +71,10 @@ module Pusher
     def url(path = nil)
       raise ConfigurationError, :app_id unless @app_id
       URI::Generic.build({
-        :scheme => @scheme,
-        :host => @host,
-        :port => @port,
-        :path => "/apps/#{@app_id}#{path}"
+        scheme: @scheme,
+        host: @host,
+        port: @port,
+        path: "/apps/#{@app_id}#{path}"
       })
     end
 
@@ -110,13 +98,12 @@ module Pusher
       @http_proxy = http_proxy
       uri = URI.parse(http_proxy)
       @proxy = {
-        :scheme => uri.scheme,
-        :host => uri.host,
-        :port => uri.port,
-        :user => uri.user,
-        :password => uri.password
+        scheme: uri.scheme,
+        host: uri.host,
+        port: uri.port,
+        user: uri.user,
+        password: uri.password
       }
-      @http_proxy
     end
 
     # Configure whether Pusher API calls should be made over SSL
@@ -136,6 +123,8 @@ module Pusher
     end
 
     def cluster=(cluster)
+      cluster = DEFAULT_CLUSTER if cluster.nil? || cluster.empty?
+
       @host = "api-#{cluster}.pusher.com"
     end
 
@@ -148,7 +137,7 @@ module Pusher
     # Set an encryption_master_key to use with private-encrypted channels from
     # a base64 encoded string.
     def encryption_master_key_base64=(s)
-      @encryption_master_key = s ? Base64.decode64(s) : nil
+      @encryption_master_key = s ? Base64.strict_decode64(s) : nil
     end
 
     ## INTERACT WITH THE API ##
@@ -330,24 +319,6 @@ module Pusher
       post_async('/batch_events', trigger_batch_params(events.flatten))
     end
 
-    def notification_client
-      @notification_client ||=
-        NativeNotification::Client.new(@app_id, @notification_host, @notification_scheme, self)
-    end
-
-
-    # Send a push notification
-    #
-    # POST /apps/[app_id]/notifications
-    #
-    # @param interests [Array] An array of interests
-    # @param message [String] Message to send
-    # @param options [Hash] Additional platform specific options
-    #
-    # @return [Hash]
-    def notify(interests, data = {})
-      notification_client.notify(interests, data)
-    end
 
     # Generate the expected response for an authentication endpoint.
     # See http://pusher.com/docs/authenticating_users for details.
@@ -375,14 +346,20 @@ module Pusher
     #
     def authenticate(channel_name, socket_id, custom_data = nil)
       channel_instance = channel(channel_name)
-      channel_instance.authenticate(socket_id, custom_data)
+      r = channel_instance.authenticate(socket_id, custom_data)
+      if channel_name.match(/^private-encrypted-/)
+        r[:shared_secret] = Base64.strict_encode64(
+          channel_instance.shared_secret(encryption_master_key)
+        )
+      end
+      r
     end
 
     # @private Construct a net/http http client
     def sync_http_client
-      @client ||= begin
-        require 'httpclient'
+      require 'httpclient'
 
+      @client ||= begin
         HTTPClient.new(@http_proxy).tap do |c|
           c.connect_timeout = @connect_timeout
           c.send_timeout = @send_timeout
@@ -401,14 +378,14 @@ module Pusher
         require 'em-http' unless defined?(EventMachine::HttpRequest)
 
         connection_opts = {
-          :connect_timeout => @connect_timeout,
-          :inactivity_timeout => @receive_timeout,
+          connect_timeout: @connect_timeout,
+          inactivity_timeout: @receive_timeout,
         }
 
         if defined?(@proxy)
           proxy_opts = {
-            :host => @proxy[:host],
-            :port => @proxy[:port]
+            host: @proxy[:host],
+            port: @proxy[:port]
           }
           if @proxy[:user]
             proxy_opts[:authorization] = [@proxy[:user], @proxy[:password]]
@@ -462,28 +439,35 @@ module Pusher
 
     # Encrypts a message with a key derived from the master key and channel
     # name
-    def encrypt(channel, encoded_data)
+    def encrypt(channel_name, encoded_data)
       raise ConfigurationError, :encryption_master_key unless @encryption_master_key
 
       # Only now load rbnacl, so that people that aren't using it don't need to
       # install libsodium
-      require 'rbnacl'
+      require_rbnacl
 
       secret_box = RbNaCl::SecretBox.new(
-        RbNaCl::Hash.sha256(channel + @encryption_master_key)
+        channel(channel_name).shared_secret(@encryption_master_key)
       )
 
       nonce = RbNaCl::Random.random_bytes(secret_box.nonce_bytes)
       ciphertext = secret_box.encrypt(nonce, encoded_data)
 
       MultiJson.encode({
-        "nonce" => Base64::encode64(nonce),
-        "ciphertext" => Base64::encode64(ciphertext),
+        "nonce" => Base64::strict_encode64(nonce),
+        "ciphertext" => Base64::strict_encode64(ciphertext),
       })
     end
 
     def configured?
       host && scheme && key && secret && app_id
     end
+
+    def require_rbnacl
+      require 'rbnacl'
+    rescue LoadError => e
+      $stderr.puts "You don't have rbnacl installed in your application. Please add it to your Gemfile and run bundle install"
+      raise e
+    end
   end
 end