rest-graph 1.1.1 → 1.2.0

data/example/rails/config/initializers/cookie_verification_secret.rb

@@ -0,0 +1,7 @@
+# Be sure to restart your server when you modify this file.
+
+# Your secret key for verifying the integrity of signed cookies.
+# If you change this key, all old signed cookies will become invalid!
+# Make sure the secret is at least 30 characters and all random, 
+# no regular words or you'll be exposed to dictionary attacks.
+ActionController::Base.cookie_verifier_secret = '095e8e5c0b6b901901efb23fab50005b68d9d6a9d41f4ec780946cff34b26603762bc0ea1baf204613b252e5ae499d38b232d5b75edac513a723e450e76548a3';

data/example/rails/config/initializers/new_rails_defaults.rb

@@ -0,0 +1,21 @@
+# Be sure to restart your server when you modify this file.
+
+# These settings change the behavior of Rails 2 apps and will be defaults
+# for Rails 3. You can remove this initializer when Rails 3 is released.
+
+if defined?(ActiveRecord)
+  # Include Active Record class name as root for JSON serialized output.
+  ActiveRecord::Base.include_root_in_json = true
+
+  # Store the full class name (including module namespace) in STI type column.
+  ActiveRecord::Base.store_full_sti_class = true
+end
+
+ActionController::Routing.generate_best_match = false
+
+# Use ISO 8601 format for JSON serialized times and dates.
+ActiveSupport.use_standard_json_time_format = true
+
+# Don't escape HTML entities in JSON, leave that for the #json_escape helper.
+# if you're including raw json in an HTML page.
+ActiveSupport.escape_html_entities_in_json = false

data/example/rails/config/initializers/session_store.rb

@@ -0,0 +1,15 @@
+# Be sure to restart your server when you modify this file.
+
+# Your secret key for verifying cookie session data integrity.
+# If you change this key, all old sessions will become invalid!
+# Make sure the secret is at least 30 characters and all random, 
+# no regular words or you'll be exposed to dictionary attacks.
+ActionController::Base.session = {
+  :key         => '_rails_session',
+  :secret      => 'c99a19ce0dc4ed1809e32b6b43bd9229c3a504c456230119dd445fdcb63c0ce06b436f1bf1eace27ebbe0da6041ff2b65cbb4ae4beadc3077e3e6ae07ea75118'
+}
+
+# Use the database for sessions instead of the cookie-based default,
+# which shouldn't be used to store highly confidential information
+# (create the session table with "rake db:sessions:create")
+# ActionController::Base.session_store = :active_record_store

data/example/rails/config/rest-graph.yaml

@@ -0,0 +1,5 @@
+
+development:
+  app_id: ''
+  secret: ''
+  canvas: ''

data/example/rails/config/routes.rb

@@ -0,0 +1,43 @@
+ActionController::Routing::Routes.draw do |map|
+  # The priority is based upon order of creation: first created -> highest priority.
+
+  # Sample of regular route:
+  #   map.connect 'products/:id', :controller => 'catalog', :action => 'view'
+  # Keep in mind you can assign values other than :controller and :action
+
+  # Sample of named route:
+  #   map.purchase 'products/:id/purchase', :controller => 'catalog', :action => 'purchase'
+  # This route can be invoked with purchase_url(:id => product.id)
+
+  # Sample resource route (maps HTTP verbs to controller actions automatically):
+  #   map.resources :products
+
+  # Sample resource route with options:
+  #   map.resources :products, :member => { :short => :get, :toggle => :post }, :collection => { :sold => :get }
+
+  # Sample resource route with sub-resources:
+  #   map.resources :products, :has_many => [ :comments, :sales ], :has_one => :seller
+  
+  # Sample resource route with more complex sub-resources
+  #   map.resources :products do |products|
+  #     products.resources :comments
+  #     products.resources :sales, :collection => { :recent => :get }
+  #   end
+
+  # Sample resource route within a namespace:
+  #   map.namespace :admin do |admin|
+  #     # Directs /admin/products/* to Admin::ProductsController (app/controllers/admin/products_controller.rb)
+  #     admin.resources :products
+  #   end
+
+  # You can have the root of your site routed with map.root -- just remember to delete public/index.html.
+  map.root :controller => 'application'
+
+  # See how all your routes lay out with "rake routes"
+
+  # Install the default routes as the lowest priority.
+  # Note: These default routes make all actions in every controller accessible via GET requests. You should
+  # consider removing or commenting them out if you're using named routes and resources.
+  # map.connect ':controller/:action/:id'
+  # map.connect ':controller/:action/:id.:format'
+end

data/example/rails/script/console

@@ -0,0 +1,3 @@
+#!/usr/bin/env ruby
+require File.expand_path('../../config/boot',  __FILE__)
+require 'commands/console'

data/example/rails/script/server

@@ -0,0 +1,3 @@
+#!/usr/bin/env ruby
+require File.expand_path('../../config/boot',  __FILE__)
+require 'commands/server'

data/init.rb

@@ -1,2 +1,3 @@
+
 require 'rest-graph'
 require 'rest-graph/auto_load'

data/lib/rest-graph.rb

@@ -1,15 +1,35 @@
 
+# gem
 require 'rest_client'
 
+# stdlib
+require 'digest/md5'
 require 'cgi'
 
+# optional gem
+begin
+  require 'rack'
+rescue LoadError; end
+
+begin
+  require 'json'
+rescue LoadError
+  begin
+    require 'json_pure'
+  rescue LoadError; end
+end
+
 # the data structure used in RestGraph
 RestGraphStruct = Struct.new(:data, :auto_decode,
                              :graph_server, :fql_server,
                              :accept, :lang,
-                             :app_id, :secret)
+                             :app_id, :secret,
+                             :error_handler,
+                             :log_handler) unless defined?(RestGraphStruct)
 
 class RestGraph < RestGraphStruct
+  class Error < RuntimeError; end
+
   Attributes = RestGraphStruct.members.map(&:to_sym)
 
   # honor default attributes
@@ -32,14 +52,19 @@ class RestGraph < RestGraphStruct
     def default_lang        ; 'en-us'                      ; end
     def default_app_id      ; nil                          ; end
     def default_secret      ; nil                          ; end
+    def default_error_handler
+      lambda{ |error| raise ::RestGraph::Error.new(error) }
+    end
+    def default_log_handler
+      lambda{ |duration, url| }
+    end
   end
   extend DefaultAttributes
 
-  def initialize o = {}
+  def initialize o={}
     (Attributes + [:access_token]).each{ |name|
       send("#{name}=", o[name]) if o.key?(name)
     }
-    check_arguments!
   end
 
   def access_token
@@ -54,27 +79,40 @@ class RestGraph < RestGraphStruct
     !!access_token
   end
 
-  def get    path, opts = {}
+  def get    path, opts={}
     request(graph_server, path, opts, :get)
   end
 
-  def delete path, opts = {}
+  def delete path, opts={}
     request(graph_server, path, opts, :delete)
   end
 
-  def post   path, payload, opts = {}
+  def post   path, payload, opts={}
     request(graph_server, path, opts, :post, payload)
   end
 
-  def put    path, payload, opts = {}
+  def put    path, payload, opts={}
     request(graph_server, path, opts, :put,  payload)
   end
 
-  def fql query, opts = {}
+  def fql query, opts={}
     request(fql_server, 'method/fql.query',
       {:query  => query, :format => 'json'}.merge(opts), :get)
   end
 
+  def fql_multi queries, opts={}
+    q = if queries.respond_to?(:to_json)
+           queries.to_json
+        else
+          middle = queries.inject([]){ |r, (k, v)|
+                     r << "\"#{k}\":\"#{v.gsub('"','\\"')}\""
+                   }.join(',')
+          "{#{middle}}"
+        end
+    request(fql_server, 'method/fql.multiquery',
+      {:queries => q, :format => 'json'}.merge(opts), :get)
+  end
+
   # cookies, app_id, secrect related below
 
   if RUBY_VERSION >= '1.9.1'
@@ -98,6 +136,12 @@ class RestGraph < RestGraphStruct
       check_sig_and_return_data(Rack::Utils.parse_query(fbs[1..-2]))
   end
 
+  def parse_json! json
+    self.data = json &&
+      check_sig_and_return_data(JSON.load(json))
+  rescue JSON::ParserError
+  end
+
   # oauth related
 
   def authorize_url opts={}
@@ -112,37 +156,21 @@ class RestGraph < RestGraphStruct
   end
 
   private
-  def check_arguments!
-    if auto_decode
-      begin
-        require 'json'
-      rescue LoadError
-        require 'json_pure'
-      end
-    end
-
-    if app_id && secret # want to parse access_token in cookies
-      require 'digest/md5'
-      require 'rack'
-    elsif app_id || secret
-      raise ArgumentError.new("You may want to pass both"      \
-                              " app_id(#{app_id.inspect}) and" \
-                              " secret(#{secret.inspect})")
-    end
-  end
-
   def request server, path, opts, method, payload=nil, suppress_decode=false
+    start_time = Time.now
+    res = RestClient::Resource.new(server)[path + build_query_string(opts)]
     post_request(
-      RestClient::Resource.new(server)[path + build_query_string(opts)].
-      send(method, *[payload, build_headers].compact), suppress_decode)
+      res.send(method, *[payload, build_headers].compact), suppress_decode)
   rescue RestClient::InternalServerError => e
     post_request(e.http_body, suppress_decode)
+  ensure
+    log_handler.call(Time.now - start_time, res.url)
   end
 
-  def build_query_string q={}
-    query = q.merge(access_token ? {:access_token => access_token} : {})
-    return '' if query.empty?
-    return '?' + query.map{ |(k, v)| "#{k}=#{CGI.escape(v.to_s)}" }.join('&')
+  def build_query_string query={}
+    q = query.merge(access_token ? {:access_token => access_token} : {})
+    return '' if q.empty?
+    return '?' + q.map{ |(k, v)| "#{k}=#{CGI.escape(v.to_s)}" }.join('&')
   end
 
   def build_headers
@@ -153,11 +181,23 @@ class RestGraph < RestGraphStruct
   end
 
   def post_request result, suppress_decode=false
-    (auto_decode && !suppress_decode) ? JSON.parse(result) : result
+    if auto_decode && !suppress_decode
+      check_error(JSON.parse(result))
+    else
+      result
+    end
   end
 
   def check_sig_and_return_data cookies
-    cookies if calculate_sig(cookies) == cookies['sig']
+    cookies if secret && calculate_sig(cookies) == cookies['sig']
+  end
+
+  def check_error hash
+    if error_handler && hash.kind_of?(Hash) && hash['error']
+      error_handler.call(hash)
+    else
+      hash
+    end
   end
 
   def calculate_sig cookies

data/lib/rest-graph/load_config.rb

@@ -3,40 +3,39 @@ require 'erb'
 require 'yaml'
 
 require 'rest-graph'
+require 'rest-graph/rails_controller' if Object.const_defined?(:Rails)
 
-class RestGraph < RestGraphStruct
-  module LoadConfig
-    module_function
-    def auto_load!
-      LoadConfig.load_if_rails!
-    end
-
-    def load_if_rails!
-      return unless Object.const_defined?(:Rails)
-      root = Rails.root
-      file = ["#{root}/config/rest-graph.yaml", # YAML should use .yaml
-              "#{root}/config/rest-graph.yml"].find{|path| File.exist?(path)}
-      return unless file
-
-      LoadConfig.load_config!(file, Rails.env)
-    end
-
-    def load_config! file, env
-      config   = YAML.load(ERB.new(File.read(file)).result(binding))
-      defaults = config[env]
-      return unless defaults
-
-      mod = Module.new
-      mod.module_eval(defaults.inject([]){ |r, (k, v)|
-        r << <<-RUBY
-               def default_#{k}
-                 # quote strings, leave others free (e.g. false, numbers, etc)
-                 #{v.kind_of?(String) ? "'#{v}'" : v}
-               end
-               RUBY
-      }.join)
-
-      RestGraph.send(:extend, mod)
-    end
+module RestGraph::LoadConfig
+  module_function
+  def auto_load!
+    RestGraph::LoadConfig.load_if_rails!
+  end
+
+  def load_if_rails!
+    return unless Object.const_defined?(:Rails)
+    root = Rails.root
+    file = ["#{root}/config/rest-graph.yaml", # YAML should use .yaml
+            "#{root}/config/rest-graph.yml"].find{|path| File.exist?(path)}
+    return unless file
+
+    RestGraph::LoadConfig.load_config!(file, Rails.env)
+  end
+
+  def load_config! file, env
+    config   = YAML.load(ERB.new(File.read(file)).result(binding))
+    defaults = config[env]
+    return unless defaults
+
+    mod = Module.new
+    mod.module_eval(defaults.inject([]){ |r, (k, v)|
+      r << <<-RUBY
+             def default_#{k}
+               # quote strings, leave others free (e.g. false, numbers, etc)
+               #{v.kind_of?(String) ? "'#{v}'" : v}
+             end
+             RUBY
+    }.join)
+
+    RestGraph.send(:extend, mod)
   end
 end

data/lib/rest-graph/rails_controller.rb

@@ -0,0 +1,100 @@
+
+require 'rest-graph'
+
+module RestGraph::RailsController
+  module_function
+  # filters for you
+  def setup_iframe
+    @fb_sig_in_iframe = true
+  end
+
+  def setup_rest_graph
+    rest_graph_create
+
+    # exchange the code with access_token
+    if params[:code]
+      @rg.authorize!(:code => params[:code],
+                     :redirect_uri => normalized_request_uri)
+      logger.debug(
+        "DEBUG: RestGraph: detected code with #{normalized_request_uri}, " \
+        "parsed: #{@rg.data.inspect}")
+    end
+
+    # if the code is bad or not existed,
+    # check if there's one in session,
+    # meanwhile, there the sig and access_token is correct,
+    # that means we're in the context of iframe
+    if !@rg.authorized? && params[:session]
+      @rg.parse_json!(params[:session])
+      logger.debug(
+        "DEBUG: RestGraph: detected session, parsed: #{@rg.data.inspect}")
+
+      if @rg.authorized?
+        @fb_sig_in_iframe = true
+      else
+        logger.warn("WARN: RestGraph: bad session: #{params[:session]}")
+      end
+    end
+
+    # if we're not in iframe nor code passed,
+    # we could check out cookies as well.
+    if !@rg.authorized?
+      @rg.parse_cookies!(cookies)
+      logger.debug(
+        "DEBUG: RestGraph: detected cookies, parsed: #{@rg.data.inspect}")
+    end
+
+    # there are above 3 ways to check the user identity!
+    # if nor of them passed, then we can suppose the user
+    # didn't authorize for us
+  end
+
+  # override this if you need different app_id and secret
+  def rest_graph_create
+    @rg ||= RestGraph.new(:error_handler => method(:rest_graph_authorize),
+                            :log_handler => method(:rest_graph_log))
+  end
+
+  def rest_graph_authorize error=nil
+    logger.warn("WARN: RestGraph: #{error.inspect}") if error
+
+    @authorize_url = @rg.authorize_url(
+      {:redirect_uri => normalized_request_uri,
+       :scope        => rest_graph_authorize_scope}.
+      merge(rest_graph_authorize_options))
+
+    logger.debug("DEBUG: RestGraph: redirect to #{@authorize_url}")
+
+    rest_graph_authorize_redirect
+    return false
+  end
+
+  # override this if you need different access scope
+  def rest_graph_authorize_scope
+    @rest_graph_authorize_scope ||=
+      'offline_access,publish_stream,read_friendlists'
+  end
+
+  # override this if you want the simple redirect_to
+  def rest_graph_authorize_redirect
+    render :template => 'rest-graph/authorization'
+  end
+
+  def rest_graph_authorize_options
+    @rest_graph_authorize_options ||= {}
+  end
+
+  def rest_graph_log duration, url
+    logger.debug("DEBUG: RestGraph: spent #{duration} requesting #{url}")
+  end
+
+  def normalized_request_uri
+    if @fb_sig_in_iframe
+      "http://apps.facebook.com/" \
+      "#{RestGraph.default_canvas}#{request.request_uri}"
+    else
+      request.url
+    end.sub(/[\&\?]session=[^\&]+/, '').
+        sub(/[\&\?]code=[^\&]+/, '')
+  end
+end