rack-api-key 0.0.1

data/.gitignore

@@ -0,0 +1,17 @@
+*.gem
+*.rbc
+.bundle
+.config
+.yardoc
+Gemfile.lock
+InstalledFiles
+_yardoc
+coverage
+doc/
+lib/bundler/man
+pkg
+rdoc
+spec/reports
+test/tmp
+test/version_tmp
+tmp

data/.rvmrc

@@ -0,0 +1,48 @@
+#!/usr/bin/env bash
+
+# This is an RVM Project .rvmrc file, used to automatically load the ruby
+# development environment upon cd'ing into the directory
+
+# First we specify our desired <ruby>[@<gemset>], the @gemset name is optional,
+# Only full ruby name is supported here, for short names use:
+#     echo "rvm use 1.9.3" > .rvmrc
+environment_id="ruby-1.9.3-p374@rack-api-key"
+
+# Uncomment the following lines if you want to verify rvm version per project
+# rvmrc_rvm_version="1.18.5 (stable)" # 1.10.1 seams as a safe start
+# eval "$(echo ${rvm_version}.${rvmrc_rvm_version} | awk -F. '{print "[[ "$1*65536+$2*256+$3" -ge "$4*65536+$5*256+$6" ]]"}' )" || {
+#   echo "This .rvmrc file requires at least RVM ${rvmrc_rvm_version}, aborting loading."
+#   return 1
+# }
+
+# First we attempt to load the desired environment directly from the environment
+# file. This is very fast and efficient compared to running through the entire
+# CLI and selector. If you want feedback on which environment was used then
+# insert the word 'use' after --create as this triggers verbose mode.
+if [[ -d "${rvm_path:-$HOME/.rvm}/environments"
+  && -s "${rvm_path:-$HOME/.rvm}/environments/$environment_id" ]]
+then
+  \. "${rvm_path:-$HOME/.rvm}/environments/$environment_id"
+  [[ -s "${rvm_path:-$HOME/.rvm}/hooks/after_use" ]] &&
+    \. "${rvm_path:-$HOME/.rvm}/hooks/after_use" || true
+else
+  # If the environment file has not yet been created, use the RVM CLI to select.
+  rvm --create  "$environment_id" || {
+    echo "Failed to create RVM environment '${environment_id}'."
+    return 1
+  }
+fi
+
+# If you use bundler, this might be useful to you:
+# if [[ -s Gemfile ]] && {
+#   ! builtin command -v bundle >/dev/null ||
+#   builtin command -v bundle | GREP_OPTIONS= \grep $rvm_path/bin/bundle >/dev/null
+# }
+# then
+#   printf "%b" "The rubygem 'bundler' is not installed. Installing it now.\n"
+#   gem install bundler
+# fi
+# if [[ -s Gemfile ]] && builtin command -v bundle >/dev/null
+# then
+#   bundle install | GREP_OPTIONS= \grep -vE '^Using|Your bundle is complete'
+# fi

data/Gemfile

@@ -0,0 +1,4 @@
+source 'https://rubygems.org'
+
+# Specify your gem's dependencies in rack-api-key.gemspec
+gemspec

data/LICENSE

@@ -0,0 +1,22 @@
+Copyright (c) 2013 Nick Zalabak
+
+MIT License
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.md

@@ -0,0 +1,45 @@
+# RackApiKey
+
+RackApiKey is a middleware that relies on the client submitting requests
+with a header named "X-API-KEY" storing their private API key as the value. 
+The middleware will then intercept the request, read the value from the named 
+header and call the given "proc" used for API key lookup. The API key lookup 
+should only return a value if there is an exact match for the value stored in 
+the named API key header. 
+If such a API key exists, the middleware will pass the request onward and also 
+set a new value in the request representing the authenticated API key. Otherwise
+the middleware will return a HTTP status of 401, and a plain text message
+notifying the calling requestor that they are not authorized.
+
+## Installation
+
+Add this line to your application's Gemfile:
+
+    gem 'rack-api-key'
+
+And then execute:
+
+    $ bundle
+
+Or install it yourself as:
+
+    $ gem install rack-api-key
+
+## Usage
+
+```ruby
+		Rack::Builder.new do
+		  map '/' do 
+				use RackApiKey, :api_key_proc => Proc.new { |val| ApiKey.find(val) }
+		    run lambda { |env| [200, {"Content-Type" => "text/html"}, "Testing Middleware"] }
+		  end
+
+		  map "/all-options" do
+		  	use RackApiKey, 
+		  		:api_key_proc => Proc.new { |val| ApiKey.find(val) },
+		  		:rack_api_key => "account.api.key",
+		  		:header_key => "HTTP_X_CUSTOM_API_HEADER"
+		    run lambda { |env| [200, {"Content-Type" => "text/html"}, "Testing Middleware"] }
+		  end
+		end
+```

data/Rakefile

@@ -0,0 +1,7 @@
+#!/usr/bin/env rake
+require "bundler/gem_tasks"
+require 'rspec/core/rake_task'
+
+RSpec::Core::RakeTask.new(:spec)
+
+task :default => :spec

data/lib/rack-api-key.rb

@@ -0,0 +1,83 @@
+require "rack-api-key/version"
+
+##
+# RackApiKey is a middleware that relies on the client submitting requests
+# with a header named "X-API-KEY" storing their private API key as the value. 
+# The middleware will then intercept the request, read the value from the named 
+# header and call the given "proc" used for API key lookup. The API key lookup 
+# should only return a value if there is an exact match for the value stored in 
+# the named API key header. 
+# If such a API key exists, the middleware will pass the request onward and also 
+# set a new value in the request representing the authenticated API key. Otherwise
+# the middleware will return a HTTP status of 401, and a plain text message
+# notifying the calling requestor that they are not authorized.
+class RackApiKey
+
+	##
+	# ==== Options
+	# * +:api_key_proc+ - **REQUIRED** A proc that is intended to lookup the API key in your datastore.
+	# 										The given proc should take an argument, namely the value of the API key header.
+	# 										There is no default value for this option and will raise a 
+	# 										NotImplementedError if left unspecified.
+	# * +:rack_api_key+ - A way to override the key's name set in the request
+	#											on successful authentication. The default value is
+	# 										"rack_api_key".
+	# * +:header_key+ - A way to override the header's name used to store the API key.
+	# 									The default value is "HTTP_X_API_KEY".
+	#
+	# ==== Example
+	#		use RackApiKey, 
+	# 			:api_key_proc => Proc.new { |key| ApiKey.where(:key => key).first },
+	# 			:rack_api_key => "authenticated.api.key",
+	# 			:header_key => "HTTP_X_SECRET_API_KEY"
+	def initialize(app, options = {})
+		@app = app
+		default_options = { 
+												:header_key => "HTTP_X_API_KEY", 
+											  :rack_api_key => "rack_api_key",
+											  :api_key_proc => Proc.new { raise NotImplementedError.new("Caller must implement a way to lookup an API key.") }
+											}
+		@options = default_options.merge(options)
+	end
+
+	def call(env)
+    api_header_val = env[@options[:header_key]]
+    api_key_lookup_val = @options[:api_key_proc].call(api_header_val)
+
+    if valid_api_key?(api_header_val, api_key_lookup_val)
+      rack_api_key_request_setter(env, api_key_lookup_val)
+      @app.call(env)
+    else
+      unauthorized_api_key
+    end
+  end
+
+  ##
+  # Sets the API key lookup value in the request. Intentionally left here
+  # if anyone wants to change or override what does or does not get set 
+  # in the request.
+  def rack_api_key_request_setter(env, api_key_lookup_val)
+  	env[@options[:rack_api_key]] = api_key_lookup_val
+  end
+
+  ##
+  # Returns a 401 HTTP status code when an API key is not found or is not
+  # authorized. Intentionally left here if anyone wants to override this
+  # functionality, specifically change the format of the message or the 
+  # media type.
+	def unauthorized_api_key
+    body_text = "The API key provided is not authorized."
+    [401, {'Content-Type' => 'text/plain; charset=utf-8',
+					 'Content-Length' => body_text.size.to_s}, [body_text]]
+  end
+
+  ##
+  # Checks if the API key header value is present and the API key
+  # that was returned from the API key proc is present.
+  # Intentionally left here is anyone wants to override this functionality.
+	def valid_api_key?(api_header_val, api_key_lookup_val)
+    !api_header_val.nil? && api_header_val != "" && 
+    !api_key_lookup_val.nil? && api_key_lookup_val != ""
+  end
+
+end

data/lib/rack-api-key/version.rb

@@ -0,0 +1,3 @@
+class RackApiKey
+	VERSION = "0.0.1"
+end

data/rack-api-key.gemspec

@@ -0,0 +1,21 @@
+# -*- encoding: utf-8 -*-
+require File.expand_path('../lib/rack-api-key/version', __FILE__)
+
+Gem::Specification.new do |gem|
+  gem.authors       = ["Nick Zalabak"]
+  gem.email         = ["techwhizbang@gmail.com"]
+  gem.description   = %q{RackApiKey is a middleware that enables simple API key authentication}
+  gem.summary       = %q{RackApiKey is a middleware that enables simple API key authentication}
+  gem.homepage      = "https://github.com/techwhizbang/rack-api-key"
+
+  gem.files         = `git ls-files`.split($\)
+  gem.executables   = gem.files.grep(%r{^bin/}).map{ |f| File.basename(f) }
+  gem.test_files    = gem.files.grep(%r{^(test|spec|features)/})
+  gem.name          = "rack-api-key"
+  gem.require_paths = ["lib"]
+  gem.version       = RackApiKey::VERSION
+  gem.add_dependency %q<rack>, [">= 1.0"]
+  gem.add_development_dependency %q<rake>, ["0.9.2.2"]
+  gem.add_development_dependency %q<rspec>, ["~> 2.12.0"]
+  gem.add_development_dependency %q<rack-test>, ["~> 0.6.2"]
+end

data/spec/rack_api_key_spec.rb

@@ -0,0 +1,117 @@
+require 'spec_helper'
+
+describe RackApiKey do
+	include Rack::Test::Methods
+
+	class Account; end
+
+	class ApiKey
+
+		attr_reader :value
+
+		def initialize(value)
+			@value = value
+		end
+
+		def self.find(value)
+			nil
+		end
+
+		def account
+			Account.new
+		end
+
+	end
+
+	# simple test app for the middleware test
+	def app
+		Rack::Builder.new do
+      map '/' do 
+				use RackApiKey, :api_key_proc => Proc.new { |val| ApiKey.find(val) }
+	      run lambda { |env| [200, {"Content-Type" => "text/html"}, "Testing Middleware"] }
+	    end
+
+	    map "/no-api-proc" do
+	    	use RackApiKey
+	      run lambda { |env| [200, {"Content-Type" => "text/html"}, "Testing Middleware"] }
+	    end
+
+	    map "/all-options" do
+	    	use RackApiKey, 
+	    		:api_key_proc => Proc.new { |val| ApiKey.find(val) },
+	    		:rack_api_key => "account.api.key",
+	    		:header_key => "HTTP_X_CUSTOM_API_HEADER"
+	      run lambda { |env| [200, {"Content-Type" => "text/html"}, "Testing Middleware"] }
+	    end
+	    
+    end  	
+	end
+
+	context "when using the predefined default middleware options" do
+
+		it 'attempts to find the ApiKey with the header value' do
+			ApiKey.should_receive(:find).with("SECRET API KEY")
+			get "/", {}, "HTTP_X_API_KEY" => "SECRET API KEY"
+		end
+
+		it 'responds with a 200 upon successful authorization' do
+			ApiKey.stub(:find).and_return(ApiKey.new("SECRET API KEY"))
+			get "/", {}, "HTTP_X_API_KEY" => "SECRET API KEY"
+			last_response.ok?.should be_true
+		end
+
+		it 'responds with a 401 when the ApiKey is not found' do
+			ApiKey.stub(:find).and_return(nil)
+			get "/", {}, "HTTP_X_API_KEY" => "SECRET API KEY"
+			last_response.status.should == 401
+		end
+
+		it 'responds with a 401 when the header is not set' do
+			header("HTTP_X_API_KEY", nil)
+			get "/"
+			last_response.status.should == 401
+		end
+
+		it 'responds with a JSON formatted error message' do
+			header("HTTP_X_API_KEY", nil)
+			get "/"
+			last_response.body.should == "The API key provided is not authorized."
+	  end
+
+	  it 'sets the api key in the env' do
+	    ApiKey.stub(:find).and_return(api_key = ApiKey.new("SECRET API KEY"))
+	    get "/", {}, "HTTP_X_API_KEY" => "SECRET API KEY"
+	    last_request.env['rack_api_key'].should == api_key
+	  end
+
+	end
+
+	context "when the API key lookup proc is not provided" do
+
+		it 'raises an error' do
+			expect { get "/no-api-proc", {}, {} }.to raise_error(NotImplementedError, "Caller must implement a way to lookup an API key.")
+		end
+
+	end
+
+	context "when all the options are specified" do
+
+		it 'attempts to find the ApiKey with the header value' do
+			ApiKey.should_receive(:find).with("SECRET API KEY")
+			get "/all-options", {}, "HTTP_X_CUSTOM_API_HEADER" => "SECRET API KEY"
+		end
+
+		it 'responds with a 200 upon successful authorization' do
+			ApiKey.stub(:find).and_return(ApiKey.new("SECRET API KEY"))
+			get "/all-options", {}, "HTTP_X_CUSTOM_API_HEADER" => "SECRET API KEY"
+			last_response.ok?.should be_true
+		end
+
+		it 'sets the api key in the env' do
+	    ApiKey.stub(:find).and_return(api_key = ApiKey.new("SECRET API KEY"))
+	    get "/all-options", {}, "HTTP_X_CUSTOM_API_HEADER" => "SECRET API KEY"
+	    last_request.env['account.api.key'].should == api_key
+	  end
+
+	end
+end

data/spec/spec_helper.rb

@@ -0,0 +1,6 @@
+require 'rubygems'
+require 'rspec'
+require 'rake'
+require "rack/test"
+
+require File.expand_path(File.dirname(__FILE__) + "/../lib/rack-api-key")

metadata

@@ -0,0 +1,128 @@
+--- !ruby/object:Gem::Specification
+name: rack-api-key
+version: !ruby/object:Gem::Version
+  version: 0.0.1
+  prerelease: 
+platform: ruby
+authors:
+- Nick Zalabak
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2013-04-04 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: rack
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '1.0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '1.0'
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - '='
+      - !ruby/object:Gem::Version
+        version: 0.9.2.2
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - '='
+      - !ruby/object:Gem::Version
+        version: 0.9.2.2
+- !ruby/object:Gem::Dependency
+  name: rspec
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: 2.12.0
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: 2.12.0
+- !ruby/object:Gem::Dependency
+  name: rack-test
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: 0.6.2
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: 0.6.2
+description: RackApiKey is a middleware that enables simple API key authentication
+email:
+- techwhizbang@gmail.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- .gitignore
+- .rvmrc
+- Gemfile
+- LICENSE
+- README.md
+- Rakefile
+- lib/rack-api-key.rb
+- lib/rack-api-key/version.rb
+- rack-api-key.gemspec
+- spec/rack_api_key_spec.rb
+- spec/spec_helper.rb
+homepage: https://github.com/techwhizbang/rack-api-key
+licenses: []
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  none: false
+  requirements:
+  - - ! '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+      segments:
+      - 0
+      hash: 3957032321281409751
+required_rubygems_version: !ruby/object:Gem::Requirement
+  none: false
+  requirements:
+  - - ! '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+      segments:
+      - 0
+      hash: 3957032321281409751
+requirements: []
+rubyforge_project: 
+rubygems_version: 1.8.25
+signing_key: 
+specification_version: 3
+summary: RackApiKey is a middleware that enables simple API key authentication
+test_files:
+- spec/rack_api_key_spec.rb
+- spec/spec_helper.rb