rest-graph 0.8.1 → 0.9.0

data/CHANGES

@@ -1,5 +1,12 @@
 = rest-graph changes history
 
+== rest-graph 0.9.0 -- 2010-05-04
+* renamed :server option to :graph_server
+* added :fql_server option and fql support.
+* cookies related parsing utility is now instance methods.
+  you'll need to pass app_id and secret when initializing
+* if sig in cookies is bad, then it won't extract the access_token
+
 == rest-graph 0.8.1 -- 2010-05-03
 * added access_token parsing utility
 

data/README

@@ -1,4 +1,4 @@
-= rest-graph 0.8.0
+= rest-graph 0.9.0
 by Lin Jen-Shin (aka godfat-真常[http://godfat.org])
   godfat (XD) godfat.org
 
@@ -15,30 +15,37 @@ by Lin Jen-Shin (aka godfat-真常[http://godfat.org])
 == SYNOPSIS:
 
  require 'rest-graph'
+
+ # every option is optional!!
  rg = RestGraph.new(:access_token => '...',
-                    :server       => 'https://graph.facebook.com/,
+                    :graph_server => 'https://graph.facebook.com/',
+                    :fql_server   => 'https://api.facebook.com/',
                     :accept       => 'text/javascript',
                     :lang         => 'en-us', # this affect search
-                    :auto_decode  => true)    # decode by json
+                    :auto_decode  => true,    # decode by json
+                    :app_id       => '123',
+                    :secret       => '1829')
  rg.get('me')
  rg.post('feed/me', :message => 'bread!')
 
  # for rack
- app_id = '\d+'
  lambda{ |env|
-   rg = RestGraph.new(:access_token =>
-          RestGraph.parse_token_in_rack_env(env, app_id))
+   rg = RestGraph.new(:app_id => '123', :secret => '1829')
+   rg.parse_token_in_rack_env!(env)  # auto save access_token if sig checked
+   rg.access_token # => ...
  }
 
  # for fully blown cookies hash
- app_id = '123'
- rg = RestGraph.new(:access_token =>
-        RestGraph.parse_token_in_cookies(cookies, app_id))
+ rg = RestGraph.new(:app_id => '123', :secret => '1829')
+ rg.parse_token_in_cookies!(cookies) # auto save access_token if sig checked
+ rg.access_token # => ...
 
- # for fully blown cookies hash
+ # for fbs in cookies
  app_id = '456'
- rg = RestGraph.new(:access_token =>
-        RestGraph.parse_token_in_fb_cookie(cookies["fbs_#{app_id}"]))
+ rg = RestGraph.new(:app_id => '123', :secret => '1829')
+ fbs = cookies["fbs_#{rg.app_id}"]
+ rg.parse_token_in_fbs!(fbs)         # auto save access_token if sig checked
+ rg.access_token # => ...
 
 == REQUIREMENTS:
 

data/TODO

@@ -1,3 +1,4 @@
 = rest-graph todo list
 
-= ?
+= 1.0
+* oauth support?

data/lib/rest-graph/version.rb

@@ -1,4 +1,4 @@
 
 class RestGraph
-  VERSION = '0.8.1'
+  VERSION = '0.9.0'
 end

data/lib/rest-graph.rb

@@ -3,63 +3,82 @@ require 'rest_client'
 
 require 'cgi'
 
-class RestGraph
-  autoload :Rack, 'rack'
-  def self.parse_token_in_rack_env env, app_id = '\d+'
-    env['HTTP_COOKIE'] =~ /fbs_#{app_id}="(.+?)"/ &&
-      Rack::Utils.parse_query($1)['access_token']
-  end
-
-  def self.parse_token_in_cookies cookies, app_id
-    parse_token_in_fb_cookie(cookies["fbs_#{app_id}"])
-  end
-
-  def self.parse_token_in_fb_cookie fb_cookie
-    fb_cookie && Rack::Utils.parse_query(fb_cookie[1..-2])['access_token']
-  end
-
-  attr_accessor :access_token, :server, :accept, :lang, :auto_decode
+class RestGraph < Struct.new(:access_token, :graph_server, :fql_server,
+                             :accept, :lang, :auto_decode, :app_id, :secret)
   def initialize o = {}
     self.access_token = o[:access_token]
-    self.server       = o[:server] || 'https://graph.facebook.com/'
+    self.graph_server = o[:graph_server] || 'https://graph.facebook.com/'
+    self.fql_server   = o[:fql_server]   || 'https://api.facebook.com/'
     self.accept       = o[:accept] || 'text/javascript'
     self.lang         = o[:lang]   || 'en-us'
     self.auto_decode  = o.key?(:auto_decode) ? o[:auto_decode] : true
+    self.app_id       = o[:app_id]
+    self.secret       = o[:secret]
 
-    if auto_decode
-      begin
-        require 'json'
-      rescue LoadError
-        require 'json_pure'
-      end
-    end
+    check_arguments!
+  end
+
+  def get    path, opts = {}
+    request(graph_server, path, opts, :get)
+  end
+
+  def delete path, opts = {}
+    request(graph_server, path, opts, :delete)
+  end
+
+  def post   path, payload, opts = {}
+    request(graph_server, path, opts, :post, payload)
   end
 
-  def client
-    @client ||= RestClient::Resource.new(server)
+  def put    path, payload, opts = {}
+    request(graph_server, path, opts, :put,  payload)
   end
 
-  def get    path, query = {}
-    request(path, query, :get)
+  def fql query, opts = {}
+    request(fql_server, 'method/fql.query',
+      {:query  => query, :format => 'json'}.merge(opts), :get)
   end
 
-  def delete path, query = {}
-    request(path, query, :delete)
+  # cookies, app_id, secrect related below
+
+  def parse_token_in_rack_env! env
+    self.access_token = env['HTTP_COOKIE'] =~ /fbs_#{app_id}="(.+?)"/ &&
+      extract_token_if_sig_ok(Rack::Utils.parse_query($1))
   end
 
-  def post   path, payload, query = {}
-    request(path, query, :post, payload)
+  def parse_token_in_cookies! cookies
+    self.access_token = parse_token_in_fbs!(cookies["fbs_#{app_id}"])
   end
 
-  def put    path, payload, query = {}
-    request(path, query, :put,  payload)
+  def parse_token_in_fbs! fbs
+    self.access_token = fbs &&
+      extract_token_if_sig_ok(Rack::Utils.parse_query(fbs[1..-2]))
   end
 
   private
-  def request path, query, method, payload = nil
+  def check_arguments!
+    if auto_decode
+      begin
+        require 'json'
+      rescue LoadError
+        require 'json_pure'
+      end
+    end
+
+    if app_id && secret # want to parse access_token in cookies
+      require 'digest/md5'
+      require 'rack'
+    elsif app_id || secret
+      raise ArgumentError.new("You may want pass both"         \
+                              " app_id(#{app_id.inspect}) and" \
+                              " secret(#{secret.inspect})")
+    end
+  end
+
+  def request server, path, opts, method, payload = nil
     post_request(
-      client[path + build_query_string(query)].
-        send(method, *[payload, build_headers].compact))
+      RestClient::Resource.new(server)[path + build_query_string(opts)].
+      send(method, *[payload, build_headers].compact))
   rescue RestClient::InternalServerError => e
     post_request(e.http_body)
   end
@@ -80,4 +99,15 @@ class RestGraph
   def post_request result
     auto_decode ? JSON.parse(result) : result
   end
+
+  def extract_token_if_sig_ok cookies
+    cookies['access_token'] if calculate_sig(cookies) == cookies['sig']
+  end
+
+  def calculate_sig cookies
+    payload = cookies.reject{ |(k, v)| k == 'sig' }.sort.
+      map{ |a| a.join('=') }.join
+
+    Digest::MD5.hexdigest(payload + secret)
+  end
 end

data/test/test_rest-graph.rb

@@ -59,7 +59,7 @@ describe RestGraph do
                   {'User-Agent'      => 'Ruby'})).       # this is by ruby
       to_return(:body => '{"data": []}')
 
-    RestGraph.new(:server => 'http://nothing.godfat.org',
+    RestGraph.new(:graph_server => 'http://nothing.godfat.org/',
                   :lang   => 'zh-tw',
                   :accept => 'text/plain').get('me').should == {'data' => []}
   end
@@ -104,22 +104,51 @@ describe RestGraph do
     RestGraph.new.delete('123').should == []
   end
 
-  it 'would extract correct access_token' do
+  it 'would extract correct access_token or fail checking sig' do
     access_token = '1|2-5|f.'
     app_id       = '1829'
+    secret       = app_id.reverse
+    sig          = '398262caea8442bd8801e8fba7c55c8a'
     fbs          = "\"access_token=#{CGI.escape(access_token)}&expires=0&" \
-                   "secret=abc&session_key=def-456&sig=zzz&uid=3\""
-    http_cookie  =
-      "__utma=123; __utmz=456.utmcsr=(d)|utmccn=(d)|utmcmd=(n); " \
-      "fbs_#{app_id}=#{fbs}"
+                   "secret=abc&session_key=def-456&sig=#{sig}&uid=3\""
+
+    check = lambda{ |token|
+      http_cookie =
+        "__utma=123; __utmz=456.utmcsr=(d)|utmccn=(d)|utmcmd=(n); " \
+        "fbs_#{app_id}=#{fbs}"
+
+      rg  = RestGraph.new(:app_id => app_id, :secret => secret)
+      rg.parse_token_in_rack_env!('HTTP_COOKIE' => http_cookie).
+                      should == token
+      rg.access_token.should == token
+
+      rg.parse_token_in_cookies!({"fbs_#{app_id}" => fbs}).
+                      should == token
+      rg.access_token.should == token
+
+      rg.parse_token_in_fbs!(fbs).
+                      should == token
+      rg.access_token.should == token
+    }
+    check.call(access_token)
+    fbs.chop!
+    fbs += '&inject=evil"'
+    check.call(nil)
+  end
+
+  it 'would do fql query with/without access_token' do
+    fql = 'SELECT name FROM likes where id="123"'
+    query = "query=#{fql}&format=json"
+    stub_request(:get, "https://api.facebook.com/method/fql.query?#{query}").
+      to_return(:body => '[]')
 
-    RestGraph.parse_token_in_rack_env('HTTP_COOKIE' => http_cookie).
-      should == access_token
+    RestGraph.new.fql(fql).should == []
 
-    RestGraph.parse_token_in_cookies({"fbs_#{app_id}" => fbs}, app_id).
-      should == access_token
+    token = 'token'.reverse
+    stub_request(:get, "https://api.facebook.com/method/fql.query?#{query}" \
+      "&access_token=#{token}").
+      to_return(:body => '[]')
 
-    RestGraph.parse_token_in_fb_cookie(fbs).
-      should == access_token
+    RestGraph.new(:access_token => token).fql(fql).should == []
   end
 end

metadata

@@ -4,9 +4,9 @@ version: !ruby/object:Gem::Version
   prerelease: false
   segments: 
   - 0
-  - 8
-  - 1
-  version: 0.8.1
+  - 9
+  - 0
+  version: 0.9.0
 platform: ruby
 authors: 
 - "Lin Jen-Shin (aka godfat \xE7\x9C\x9F\xE5\xB8\xB8)"
@@ -14,7 +14,7 @@ autorequire:
 bindir: bin
 cert_chain: []
 
-date: 2010-05-03 00:00:00 +08:00
+date: 2010-05-04 00:00:00 +08:00
 default_executable: 
 dependencies: 
 - !ruby/object:Gem::Dependency