rack-fb 0.0.1

data/README.markdown

@@ -0,0 +1,75 @@
+= rack-fb 
+
+Rack-fb is currently a work in progress.  It aims to be a lightweight client for the [Facebook API](http://wiki.developers.facebook.com/index.php/API).
+
+Installation
+-------------
+
+    gem install rack-fb
+
+General Usage
+-------------
+
+The most general case is to use MiniFB.call method:
+
+    user_hash = MiniFB.call(FB_API_KEY, FB_SECRET, "Users.getInfo", "session_key"=>@session_key, "uids"=>@uid, "fields"=>User.all_fields)
+
+Which simply returns the parsed json response from Facebook.
+
+Some Higher Level Objects for Common Uses
+----------------------
+
+Get a MiniFB::Session:
+
+    @fb = MiniFB::Session.new(FB_API_KEY, FB_SECRET, @fb_session, @fb_uid)
+
+With the session, you can then get the user information for the session/uid.
+
+    user = @fb.user
+
+Then get info from the user:
+
+    first_name = user["first_name"]
+
+Or profile photos:
+
+    photos = user.profile_photos
+
+Or if you want other photos, try:
+
+    photos = @fb.photos("pids"=>[12343243,920382343,9208348])
+
+Support
+--------
+
+Join our Discussion Group at: http://groups.google.com/group/mini_fb
+
+=======
+This Rack middleware checks the signature of Facebook params, and
+converts them to Ruby objects when appropiate. Also, it converts
+the request method from the Facebook POST to the original HTTP
+method used by the client.
+
+If the signature is wrong, it returns a "400 Invalid Facebook Signature".
+
+Optionally, it can take a block that receives the Rack environment
+and returns a value that evaluates to true when we want the middleware to
+be executed for the specific request.
+
+# Usage
+
+In your config.ru:
+
+    require 'rack/facebook'
+    use Rack::Facebook, "my_facebook_secret_key"
+
+Using a block condition:
+
+    use Rack::Facebook, "my_facebook_secret_key" do |env|
+      env['REQUEST_URI'] =~ /^\/facebook_only/
+    end
+
+# Credits
+
+Carlos Paramio
+

data/Rakefile

@@ -0,0 +1,74 @@
+
+
+require "rubygems"
+require "rake/gempackagetask"
+require "rake/rdoctask"
+
+require "spec"
+require "spec/rake/spectask"
+Spec::Rake::SpecTask.new do |t|
+  t.spec_opts = %w(--format specdoc --colour)
+  t.libs = ["spec"]
+end
+
+
+task :default => ["spec"]
+
+# This builds the actual gem. For details of what all these options
+# mean, and other ones you can add, check the documentation here:
+#
+#   http://rubygems.org/read/chapter/20
+#
+spec = Gem::Specification.new do |s|
+
+  # Change these as appropriate
+  s.name              = "rack-fb"
+  s.version           = "0.0.1"
+  s.summary           = "Facebook middleware and API client"
+  s.author            = "John Mendonca"
+  s.email             = "joaosinho@gmail.com"
+  s.homepage          = "http://github.com/johnmendonca/rack-fb"
+
+  s.has_rdoc          = true
+  s.extra_rdoc_files  = %w(README.markdown)
+  s.rdoc_options      = %w(--main README.markdown)
+
+  # Add any extra files to include in the gem
+  s.files             = %w(README.markdown Rakefile) + Dir.glob("{spec,lib/**/*}")
+  s.require_paths     = ["lib"]
+
+  # If you want to depend on other gems, add them here, along with any
+  # relevant versions
+  s.add_dependency("rack", "~> 1.0.1")
+
+  # If your tests use any gems, include them here
+  s.add_development_dependency("rspec")
+
+  # If you want to publish automatically to rubyforge, you'll may need
+  # to tweak this, and the publishing task below too.
+  s.rubyforge_project = "rack-fb"
+end
+
+# This task actually builds the gem. We also regenerate a static
+# .gemspec file, which is useful if something (i.e. GitHub) will
+# be automatically building a gem for this project. If you're not
+# using GitHub, edit as appropriate.
+Rake::GemPackageTask.new(spec) do |pkg|
+  pkg.gem_spec = spec
+
+  # Generate the gemspec file for github.
+  file = File.dirname(__FILE__) + "/#{spec.name}.gemspec"
+  File.open(file, "w") {|f| f << spec.to_ruby }
+end
+
+# Generate documentation
+Rake::RDocTask.new do |rd|
+  rd.main = "README.markdown"
+  rd.rdoc_files.include("README.markdown", "lib/**/*.rb")
+  rd.rdoc_dir = "rdoc"
+end
+
+desc 'Clear out RDoc and generated packages'
+task :clean => [:clobber_rdoc, :clobber_package] do
+  rm "#{spec.name}.gemspec"
+end

data/lib/mini_fb.rb

@@ -0,0 +1,279 @@
+require 'digest/md5'
+require 'erb'
+require 'json' unless defined? JSON
+
+module MiniFB
+
+    # Global constants
+    FB_URL = "http://api.facebook.com/restserver.php"
+    FB_API_VERSION = "1.0"
+
+    @@logging = false
+
+    def enable_logging
+        @@logging = true
+    end
+
+    def disable_logging
+        @@logging = false
+    end
+
+    class FaceBookError < StandardError
+        # Error that happens during a facebook call.
+        def initialize( error_code, error_msg )
+            super("Facebook error #{error_code}: #{error_msg}" )
+        end
+    end
+
+    class Session
+        attr_accessor :api_key, :secret_key, :session_key, :uid
+
+
+        def initialize(api_key, secret_key, session_key, uid)
+            @api_key = api_key
+            @secret_key = FaceBookSecret.new secret_key
+            @session_key = session_key
+            @uid = uid
+        end
+
+        # returns current user
+        def user
+            return @user unless @user.nil?
+            @user = User.new(MiniFB.call(@api_key, @secret_key, "Users.getInfo", "session_key"=>@session_key, "uids"=>@uid, "fields"=>User.all_fields)[0], self)
+            @user
+        end
+
+        def photos
+            Photos.new(self)
+        end
+
+
+        def call(method, params={})
+            return MiniFB.call(api_key, secret_key, method, params.update("session_key"=>session_key))
+        end
+
+
+    end
+    class User
+        FIELDS = [:uid, :status, :political, :pic_small, :name, :quotes, :is_app_user, :tv, :profile_update_time, :meeting_sex, :hs_info, :timezone, :relationship_status, :hometown_location, :about_me, :wall_count, :significant_other_id, :pic_big, :music, :work_history, :sex, :religion, :notes_count, :activities, :pic_square, :movies, :has_added_app, :education_history, :birthday, :birthday_date, :first_name, :meeting_for, :last_name, :interests, :current_location, :pic, :books, :affiliations, :locale, :profile_url, :proxied_email, :email_hashes, :allowed_restrictions, :pic_with_logo, :pic_big_with_logo, :pic_small_with_logo, :pic_square_with_logo]
+        STANDARD_FIELDS = [:uid, :first_name, :last_name, :name, :timezone, :birthday, :sex, :affiliations, :locale, :profile_url, :proxied_email]
+
+        def self.all_fields
+            FIELDS.join(",")
+        end
+
+        def self.standard_fields
+            STANDARD_FIELDS.join(",")
+        end
+
+        def initialize(fb_hash, session)
+            @fb_hash = fb_hash
+            @session = session
+        end
+
+        def [](key)
+            @fb_hash[key]
+        end
+
+        def uid
+            return self["uid"]
+        end
+
+        def profile_photos
+            @session.photos.get("uid"=>uid, "aid"=>profile_pic_album_id)
+        end
+
+        def profile_pic_album_id
+            merge_aid(-3, uid)
+        end
+
+        def merge_aid(aid, uid)
+            uid = uid.to_i
+            ret = (uid << 32) + (aid & 0xFFFFFFFF)
+#            puts 'merge_aid=' + ret.inspect
+            return ret
+        end
+    end
+
+    class Photos
+
+        def initialize(session)
+            @session = session
+        end
+
+        def get(params)
+            pids = params["pids"]
+            if !pids.nil? && pids.is_a?(Array)
+                pids = pids.join(",")
+                params["pids"] = pids
+            end
+            @session.call("photos.get", params)
+        end
+    end
+
+    BAD_JSON_METHODS = ["users.getLoggedInUser","auth.promoteSession"]
+
+    # Call facebook server with a method request. Most keyword arguments
+    # are passed directly to the server with a few exceptions.
+    # The 'sig' value will always be computed automatically.
+    # The 'v' version will be supplied automatically if needed.
+    # The 'call_id' defaults to True, which will generate a valid
+    # number. Otherwise it should be a valid number or False to disable.
+
+    # The default return is a parsed json object.
+    # Unless the 'format' and/or 'callback' arguments are given,
+    # in which case the raw text of the reply is returned. The string
+    # will always be returned, even during errors.
+
+    # If an error occurs, a FacebookError exception will be raised
+    # with the proper code and message.
+
+    # The secret argument should be an instance of FacebookSecret
+    # to hide value from simple introspection.
+    def MiniFB.call( api_key, secret, method, kwargs )
+
+        puts 'kwargs=' + kwargs.inspect
+
+        if secret.is_a? String
+            secret = FaceBookSecret.new(secret)
+        end
+
+        # Prepare arguments for call
+        call_id = kwargs.fetch("call_id", true)
+        if call_id == true then
+            kwargs["call_id"] = Time.now.tv_sec.to_s
+        else
+            kwargs.delete("call_id")
+        end
+
+        custom_format = kwargs.include?("format") or kwargs.include?("callback")
+        kwargs["format"] ||= "JSON"
+        kwargs["v"] ||= FB_API_VERSION
+        kwargs["api_key"]||= api_key
+        kwargs["method"] ||= method
+
+        # Hash with secret
+        arg_string = String.new
+        # todo: convert symbols to strings, symbols break the next line
+        kwargs.sort.each { |kv| arg_string << kv[0] << "=" << kv[1].to_s }
+        kwargs["sig"] = Digest::MD5.hexdigest( arg_string + secret.value.call )
+
+        # Call website with POST request
+        begin
+            response = Net::HTTP.post_form( URI.parse(FB_URL), kwargs )
+        rescue SocketError => err
+            raise IOError.new( "Cannot connect to the facebook server: " + err )
+        end
+
+        # Handle response
+        return response.body if custom_format
+
+        fb_method = kwargs["method"]
+        body = response.body
+
+        begin
+            data = JSON.parse( body )
+            puts 'response=' + data.inspect if @@logging
+            if data.include?( "error_msg" ) then
+                raise FaceBookError.new( data["error_code"] || 1, data["error_msg"] )
+            end
+
+        rescue JSON::ParserError => ex
+            if BAD_JSON_METHODS.include?(fb_method) # Little hack because this response isn't valid JSON
+                return body
+            else
+                raise ex
+            end
+        end
+        return data
+    end
+
+    # Returns true is signature is valid, false otherwise.
+    def MiniFB.verify_signature( secret, arguments )
+        signature = arguments.delete( "fb_sig" )
+        return false if signature.nil?
+
+        unsigned = Hash.new
+        signed = Hash.new
+
+        arguments.each do |k, v|
+            if k =~ /^fb_sig_(.*)/ then
+                signed[$1] = v
+            else
+                unsigned[k] = v
+            end
+        end
+
+        arg_string = String.new
+        signed.sort.each { |kv| arg_string << kv[0] << "=" << kv[1] }
+        if Digest::MD5.hexdigest( arg_string + secret ) == signature
+            return true
+        end
+        return false
+    end
+
+    # Returns the login/add app url for your application.
+    #
+    # options:
+    #    - :next => a relative next page to go to. relative to your facebook connect url or if :canvas is true, then relative to facebook app url
+    #    - :canvas => true/false - to say whether this is a canvas app or not
+    def self.login_url(api_key, options={})
+        login_url = "http://api.facebook.com/login.php?api_key=#{api_key}"
+        login_url << "&next=#{options[:next]}" if options[:next]
+        login_url << "&canvas" if options[:canvas]
+        login_url
+    end
+
+    # This function expects arguments as a hash, so
+    # it is agnostic to different POST handling variants in ruby.
+    #
+    # Validate the arguments received from facebook. This is usually
+    # sent for the iframe in Facebook's canvas. It is not necessary
+    # to use this on the auth_token and uid passed to callbacks like
+    # post-add and post-remove.
+#
+    # The arguments must be a mapping of to string keys and values
+    # or a string of http request data.
+#
+    # If the data is invalid or not signed properly, an empty
+    # dictionary is returned.
+#
+    # The secret argument should be an instance of FacebookSecret
+    # to hide value from simple introspection.
+#
+    # DEPRECATED, use verify_signature instead
+    def MiniFB.validate( secret, arguments )
+
+        signature = arguments.delete( "fb_sig" )
+        return arguments if signature.nil?
+
+        unsigned = Hash.new
+        signed = Hash.new
+
+        arguments.each do |k, v|
+            if k =~ /^fb_sig_(.*)/ then
+                signed[$1] = v
+            else
+                unsigned[k] = v
+            end
+        end
+
+        arg_string = String.new
+        signed.sort.each { |kv| arg_string << kv[0] << "=" << kv[1] }
+        if Digest::MD5.hexdigest( arg_string + secret ) != signature
+            unsigned # Hash is incorrect, return only unsigned fields.
+        else
+            unsigned.merge signed
+        end
+    end
+
+    class FaceBookSecret
+        # Simple container that stores a secret value.
+        # Proc cannot be dumped or introspected by normal tools.
+        attr_reader :value
+
+        def initialize( value )
+            @value = Proc.new { value }
+        end
+    end
+end

data/lib/rack/facebook.rb

@@ -0,0 +1,154 @@
+require 'digest'
+require 'rack/request'
+
+module Rack
+  # This Rack middleware checks the signature of Facebook params and
+  # converts them to Ruby objects when appropiate. Also, it converts
+  # the request method from the Facebook POST to the original HTTP
+  # method used by the client.
+  #
+  # If the signature is wrong, it returns a "400 Invalid Facebook Signature".
+  # 
+  # Optionally, it can take a block that receives the Rack environment
+  # and returns a value that evaluates to true when we want the middleware to
+  # be executed for the specific request.
+  #
+  # == Usage
+  #
+  # In your rack builder:
+  #
+  #   use Rack::Facebook, :application_secret => "SECRET", :api_key => "APIKEY"
+  #
+  # Using a block condition:
+  #
+  #   use Rack::Facebook, options do |env|
+  #     env['REQUEST_URI'] =~ /^\/facebook_only/
+  #   end
+  #
+  # == References
+  # * http://wiki.developers.facebook.com/index.php/Authorizing_Applications
+  # * http://wiki.developers.facebook.com/index.php/Verifying_The_Signature
+  #
+  class Facebook    
+    def initialize(app, options, &condition)
+      @app = app
+      @options = options
+      @condition = condition
+    end
+    
+    def app_name
+      @options[:application_name]
+    end
+    
+    def secret
+      @options[:application_secret]
+    end
+    
+    def api_key
+      @options[:api_key]
+    end
+    
+    def call(env)
+      request = Request.new(env)
+      request.api_key = api_key      
+      
+      if passes_condition?(request) and request.facebook?
+        valid = true
+        
+        if request.params_signature
+          fb_params = request.extract_facebook_params(:post)
+        
+          if valid = valid_signature?(fb_params, request.params_signature)
+            env["facebook.original_method"] = env["REQUEST_METHOD"]
+            env["REQUEST_METHOD"] = fb_params.delete("request_method")
+            save_facebook_params(fb_params, env)
+          end
+        elsif request.cookies_signature
+          cookie_params = request.extract_facebook_params(:cookies)
+          valid = valid_signature?(cookie_params, request.cookies_signature)
+        end
+        
+        unless valid
+          return [400, {"Content-Type" => "text/html"}, ["Invalid Facebook signature"]]
+        end
+      end
+      return @app.call(env)
+    end
+    
+    private
+    
+    def passes_condition?(request)
+      @condition.nil? or @condition.call(request.env)
+    end
+    
+    def valid_signature?(fb_params, actual_sig)
+      actual_sig == calculate_signature(fb_params)
+    end
+    
+    def calculate_signature(hash)
+      raw_string = hash.map{ |*pair| pair.join('=') }.sort.join
+      Digest::MD5.hexdigest([raw_string, secret].join)
+    end
+    
+    def save_facebook_params(params, env)
+      params.each do |key, value|
+        ruby_value = case key
+        when 'added', 'page_added', 'in_canvas', 'in_profile_tab', 'in_new_facebook', 'position_fix', 'logged_out_facebook'
+          value == '1'
+        when 'expires', 'profile_update_time', 'time'
+          Time.at(value.to_f) rescue TypeError
+        when 'friends'
+          value.split(',')
+        else
+          value
+        end
+            
+        env["facebook.#{key}"] = ruby_value
+      end
+      
+      env["facebook.app_name"] = app_name
+      env["facebook.api_key"] = api_key
+      env["facebook.secret"] = secret
+    end
+    
+    class Request < ::Rack::Request
+      FB_PREFIX = "fb_sig".freeze
+      attr_accessor :api_key
+      
+      def facebook?
+        params_signature or cookies_signature
+      end
+      
+      def params_signature
+        return @params_signature if @params_signature or @params_signature == false
+        @params_signature = self.POST.delete(FB_PREFIX) || false
+      end
+
+      def cookies_signature
+        cookies[@api_key]
+      end
+      
+      def extract_facebook_params(where)
+        
+        case where
+        when :post
+          source = self.POST
+          prefix = FB_PREFIX
+        when :cookies
+          source = cookies
+          prefix = @api_key
+        end
+        
+        prefix = "#{prefix}_"
+        
+        source.inject({}) do |extracted, (key, value)|
+          if key.index(prefix) == 0
+            extracted[key.sub(prefix, '')] = value
+            source.delete(key) if :post == where
+          end
+          extracted
+        end
+      end
+    end
+  end
+end

metadata

@@ -0,0 +1,78 @@
+--- !ruby/object:Gem::Specification 
+name: rack-fb
+version: !ruby/object:Gem::Version 
+  version: 0.0.1
+platform: ruby
+authors: 
+- John Mendonca
+autorequire: 
+bindir: bin
+cert_chain: []
+
+date: 2010-01-16 00:00:00 -08:00
+default_executable: 
+dependencies: 
+- !ruby/object:Gem::Dependency 
+  name: rack
+  type: :runtime
+  version_requirement: 
+  version_requirements: !ruby/object:Gem::Requirement 
+    requirements: 
+    - - ~>
+      - !ruby/object:Gem::Version 
+        version: 1.0.1
+    version: 
+- !ruby/object:Gem::Dependency 
+  name: rspec
+  type: :development
+  version_requirement: 
+  version_requirements: !ruby/object:Gem::Requirement 
+    requirements: 
+    - - ">="
+      - !ruby/object:Gem::Version 
+        version: "0"
+    version: 
+description: 
+email: joaosinho@gmail.com
+executables: []
+
+extensions: []
+
+extra_rdoc_files: 
+- README.markdown
+files: 
+- README.markdown
+- Rakefile
+- lib/rack/facebook.rb
+- lib/mini_fb.rb
+has_rdoc: true
+homepage: http://github.com/johnmendonca/rack-fb
+licenses: []
+
+post_install_message: 
+rdoc_options: 
+- --main
+- README.markdown
+require_paths: 
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement 
+  requirements: 
+  - - ">="
+    - !ruby/object:Gem::Version 
+      version: "0"
+  version: 
+required_rubygems_version: !ruby/object:Gem::Requirement 
+  requirements: 
+  - - ">="
+    - !ruby/object:Gem::Version 
+      version: "0"
+  version: 
+requirements: []
+
+rubyforge_project: rack-fb
+rubygems_version: 1.3.5
+signing_key: 
+specification_version: 3
+summary: Facebook middleware and API client
+test_files: []
+