ribbon-intercom 0.2.3 → 0.3.0

data/lib/ribbon/intercom/service.rb

@@ -6,31 +6,21 @@ module Ribbon::Intercom
   class Service
     autoload(:Channel, 'ribbon/intercom/service/channel')
 
-    module ChannelStores
-      autoload(:Base, 'ribbon/intercom/service/channel_stores/base')
-      autoload(:RedisStore, 'ribbon/intercom/service/channel_stores/redis_store')
-    end
+    # Used to signify an empty body
+    class EmptyResponse; end
 
     class << self
       def instance
         @instance ||= new(store: _load_store)
       end
 
-      def default_store(store_name, params={})
-        @_store_name = store_name
-        @_store_params = params
-      end
-
-      def permissions(*perms)
-        @_next_permissions = perms.map(&:to_sym).to_set
+      def mock
+        Client::MockSDK.new(self)
       end
 
-      def method_permissions
-        if (ancestor = ancestors.find { |a| a <= Service && a != self })
-          ancestor.method_permissions
-        else
-          {}
-        end.merge(@_method_permissions).dup
+      def store(store_name, params={})
+        @_store_name = store_name
+        @_store_params = params
       end
 
       # The call method is needed here because Rails checks to see if a mounted
@@ -40,19 +30,20 @@ module Ribbon::Intercom
       end
 
       def method_missing(meth, *args, &block)
-        instance.send(meth, *args, &block)
+        instance.public_send(meth, *args, &block)
       end
 
       def _load_store
         raise "Store name missing" unless (store_name = @_store_name.to_s)
 
         store = Utils.classify(store_name) + "Store"
-        Intercom::Service::ChannelStores.const_get(store).new(@_store_params)
+        Intercom::Service::Channel::Stores.const_get(store).new(@_store_params)
       end
     end # Class methods
 
     attr_reader :request
     attr_reader :channel
+    attr_reader :subject
     attr_reader :env
 
     def initialize(opts={})
@@ -65,36 +56,17 @@ module Ribbon::Intercom
 
     def open_channel(params={})
       # Accept either an array of permissions or a string
-      store.open_channel(params)
+      store.open_channel(params).tap { |channel|
+        channel.may(Utils.method_identifier(self, :rotate_secret))
+      }
     end
 
     def lookup_channel(token)
       store.lookup_channel(token)
     end
 
-    def method_permissions(method_name)
-      self.class.method_permissions[method_name.to_sym]
-    end
-
-    def method_permissions!(method_name)
-      method_permissions(method_name) or
-        _respond!(404, {}, "Method requested not found.")
-    end
-
     def sufficient_permissions?(intercom_method)
-      permissions = method_permissions!(intercom_method)
-      channel.may?(*permissions)
-    end
-
-    def sufficient_permissions!(intercom_method)
-      sufficient_permissions?(intercom_method) or
-        _respond!(
-          403,
-          {
-            "X-Intercom-Permissions-Missing" => _missing_permissions(intercom_method).to_a.join(',')
-            },
-          "Permissions missing."
-        )
+      channel.may?(Utils.method_identifier(subject, intercom_method))
     end
 
     def call(env)
@@ -105,46 +77,122 @@ module Ribbon::Intercom
       @env = env
 
       response = catch(:response) {
-        _setup_request
-        intercom_method, args = _process_request
-        _call_method(intercom_method, *args)
+        begin
+          intercom_method, args = _process_request
+          _call_method(intercom_method, *args)
+        rescue Exception => error
+          _respond_with_error!(error)
+        end
       }
 
       response.finish
-    rescue Exception => e
-      _response(500, {}, e.message).finish
     end
 
-    def validate!(assertion, error_msg="")
-      assertion.tap { _respond!(400, {}, error_msg) unless assertion }
+    def rotate_secret
+      channel.rotate_secret!
     end
 
     private
 
-    def _setup_request
+    def _process_request
+      _init_request
+      _authenticate_request!
+      _load_subject
+      [_load_method, _load_args]
+    end
+
+    def _init_request
       @request = Rack::Request.new(env)
-      _respond!(405) unless request.put?
+
+      unless request.put?
+        _error!(Errors::MethodNotAllowedError, 'only PUT allowed')
+      end
     end
 
-    def _process_request
-      _request_authenticated!
+    def _authenticate_request!
+      unless _request_authenticated?
+        _error!(Errors::AuthenticationError, "invalid channel credentials")
+      end
+    end
 
-      # Load the method name and args from the request
-      intercom_method = _load_method_name
-      args = _load_args
+    def _load_subject
+      if (encoded_subject=env['HTTP_X_INTERCOM_SUBJECT']) && !encoded_subject.empty?
+        @subject = _decode_subject(encoded_subject)
+        _error!(Errors::InvalidSubjectSignatureError) unless @subject
+      else
+        @subject = self
+      end
+    end
 
-      [intercom_method, args]
+    def _load_method
+      env['HTTP_X_INTERCOM_METHOD'].to_sym.tap { |intercom_method|
+        _sufficient_permissions!(intercom_method)
+      }
     end
 
-    def _call_method(intercom_method, *args)
-      body = Utils.sanitize(send(intercom_method, *args))
-      _respond!(200, {}, body)
+    def _load_args
+      _decode_args(request.body.read)
     rescue Errors::UnsafeValueError
-      _respond!(500, {}, "Return value type is invalid")
+      _error!(Errors::UnsafeArgumentError, "One or more argument type is invalid.")
     end
 
-    def _request_authenticated!
-      _respond!(401) unless _request_authenticated?
+    ##
+    # Call the method on the subject with the args.
+    def _call_method(intercom_method, *args)
+      body = _package(subject.public_send(intercom_method, *args))
+
+      headers = {}
+      unless subject == self
+        # Need to send subject back in case it was modified by the method.
+        headers['X-Intercom-Subject'] = _encode_subject(subject)
+
+        if subject.is_a?(Packageable::Mixin)
+          # Need to send the package data back in case it changed, too.
+          headers['X-Intercom-Package-Data'] = subject.encoded_package_data
+        end
+      end
+
+      _respond!(200, headers, body)
+    rescue NoMethodError => error
+      # Want to respond with a 404 here.
+      _error!(Errors::InvalidMethodError, intercom_method)
+    end
+
+    ##
+    # Package up any non-basic objects that include Packageable::Mixin.
+    def _package(object)
+      Utils.walk(object) { |object, context|
+        if Utils.basic_type?(object)
+          object
+        elsif context == :hash_key
+          # Hash keys must be basic types.
+          _error!(Errors::UnsafeResponseError, object.inspect)
+        elsif object.is_a?(Packageable::Mixin)
+          _package_obj(object, object.package_data)
+        elsif object.is_a?(Class) && object < Packageable::Mixin
+          _package_obj(object)
+        else
+          _error!(Errors::UnsafeResponseError, object.inspect)
+        end
+      }
+    end
+
+    def _package_obj(object, data=nil)
+      Package.new(_encode_subject(object), data)
+    end
+
+    ##
+    # Marshal dumps the subject and signs the resulting bytes with the channel.
+    def _encode_subject(subject)
+      Base64.strict_encode64(channel.sign(Marshal.dump(subject)))
+    end
+
+    ##
+    # Decodes the subject sent from the client.
+    def _decode_subject(encoded_subject)
+      signed_subject = Base64.strict_decode64(encoded_subject)
+      marshalled_subject = channel.verify(signed_subject)
+      marshalled_subject && Marshal.load(marshalled_subject)
     end
 
     def _request_authenticated?
@@ -160,56 +208,69 @@ module Ribbon::Intercom
       end
     end
 
-    def _load_method_name
-      env['HTTP_X_INTERCOM_METHOD'].to_sym.tap { |intercom_method|
-        # Check permissions
-        sufficient_permissions!(intercom_method)
-      }
+    def _sufficient_permissions!(intercom_method)
+      unless sufficient_permissions?(intercom_method)
+        required = Utils.method_identifier(subject, intercom_method)
+        _error!(Errors::InsufficientPermissionsError, required)
+      end
     end
 
-    def _load_args
-      _decode_args(request.body.read)
-    rescue Errors::UnsafeValueError
-      _respond!(400, {}, "Arg types are invalid")
+    def _response(status, headers={}, body=EmptyResponse)
+      body = body == EmptyResponse ? [] : [_encode_body(body)]
+      headers = headers.merge("Content-Type" => "text/plain", "Transfer-Encoding" => "gzip")
+      Rack::Response.new(body, status, headers)
     end
 
-    def _missing_permissions(intercom_method)
-      method_permissions(intercom_method) - channel.permissions
+    def _respond!(status, headers={}, body=EmptyResponse)
+      throw :response, _response(status, headers, body)
     end
 
-    def _response(status, headers={}, body="")
-      body = [_encode_body(body)]
-      headers = headers.merge("Content-Type" => "text/plain", "Transfer-Encoding" => "gzip")
-      Rack::Response.new(body, status, headers)
+    def _respond_with_error!(error, status=500)
+      _respond!(status, { 'X-Intercom-Error' => _encode_error(error) })
     end
 
-    def _respond!(status, headers={}, body="")
-      throw :response, _response(status, headers, body)
+    def _error!(klass, message=nil)
+      error = message ? klass.new(message) : klass.new
+      _respond_with_error!(error, _error_to_http_code(error))
+    end
+
+    def _error_to_http_code(error)
+      case error
+      when Errors::MethodNotAllowedError
+        405
+      when Errors::NotFoundError
+        404
+      when Errors::ForbiddenError
+        403
+      when Errors::AuthenticationError
+        401
+      when Errors::RequestError
+        400
+      when Errors::ServerError
+        500
+      else
+        500
+      end
     end
 
     def _encode_body(body)
       Base64.strict_encode64(Marshal.dump(body))
     end
 
+    def _encode_error(error)
+      Base64.strict_encode64(Marshal.dump(error))
+    end
+
+    ##
+    # Decodes the arguments.
+    #
+    # It's very important that this happens *after* channel authentication is
+    # performed. Since `args` comes from the client it could contain malicious
+    # marshalled data.
     def _decode_args(args)
       Utils.sanitize(Marshal.load(Base64.strict_decode64(args))).tap { |args|
         raise Errors::UnsafeValueError unless args.is_a?(Array)
       }
     end
   end # Service
-
-  # Re-opening the class so the above instance methods don't get added to the
-  # permissions hash
-  class Service
-    class << self
-      def method_added(method_name)
-        (@_method_permissions ||= {})[method_name] = (@_next_permissions || [method_name].to_set).dup.freeze
-        @_next_permissions = nil
-      end
-    end # Class Methods
-
-    def rotate_secret
-      channel.rotate_secret!
-    end
-  end # Service
 end # Ribbon::Intercom

data/lib/ribbon/intercom/utils/mixins/mock_safe.rb

@@ -0,0 +1,26 @@
+module Ribbon::Intercom
+  module Utils::Mixins
+    module MockSafe
+      ##
+      # Return a mock safe version of this package.
+      def mock_safe
+        dup.tap { |obj| obj.mock_safe! }
+      end
+
+      ##
+      # Make this package mock safe.
+      def mock_safe!
+        unless mock_safe?
+          @_mock_safe = true
+
+          # For RSpec: Allow any method to be mocked on this instance.
+          define_singleton_method(:respond_to?) { |*args| true }
+        end
+      end
+
+      def mock_safe?
+        !!@_mock_safe
+      end
+    end # MockSafe
+  end # Utils::Mixin
+end # Ribbon::Intercom

data/lib/ribbon/intercom/utils/mixins.rb

@@ -0,0 +1,5 @@
+module Ribbon::Intercom
+  module Utils::Mixins
+    autoload(:MockSafe, 'ribbon/intercom/utils/mixins/mock_safe')
+  end # Utils::Mixin
+end # Ribbon::Intercom

data/lib/ribbon/intercom/utils/signer.rb

@@ -0,0 +1,71 @@
+require 'securerandom'
+require 'openssl'
+
+module Ribbon::Intercom
+  module Utils
+    class Signer
+      class << self
+        def random_key
+          SecureRandom.random_bytes(32)
+        end
+
+        def random_salt
+          SecureRandom.random_bytes(8)
+        end
+      end
+
+      attr_reader :key
+
+      def initialize(key=self.class.random_key)
+        raise ArgumentError, "key must be defined" unless key
+        @key = key.dup.freeze
+        @_digest = OpenSSL::Digest::SHA256.new
+      end
+
+      def sign(data)
+        unless data.is_a?(String) && data.encoding == Encoding::BINARY
+          raise ArgumentError, "data must be a binary encoded string"
+        end
+
+        salt = self.class.random_salt
+        signature = _sign(salt, data)
+        _encode(signature, salt, data)
+      end
+
+      def verify(signed_data)
+        unless signed_data.is_a?(String) && signed_data.encoding == Encoding::BINARY
+          raise ArgumentError, "signed_data must be a binary encoded string"
+        end
+
+        signature, salt, data = _decode(signed_data)
+        data if _sign(salt, data) == signature
+      end
+
+      private
+
+      def _sign(salt, data)
+        OpenSSL::HMAC.digest(@_digest, key, salt + data)
+      end
+
+      def _encode(signature, salt, data)
+        "\x01" + signature + salt + data
+      end
+
+      def _decode(signed_data)
+        index = 0
+        version = signed_data[index]
+
+        index += version.length
+        signature = signed_data.slice(index, @_digest.length)
+
+        index += signature.length
+        salt = signed_data.slice(index, 8)
+
+        index += salt.length
+        data = signed_data.slice(index..-1)
+
+        [signature, salt, data]
+      end
+    end # Signer
+  end # Utils
+end # Ribbon::Intercom

data/lib/ribbon/intercom/utils.rb

@@ -1,27 +1,47 @@
 require 'date'
 
 module Ribbon::Intercom
-  class Utils
+  module Utils
+    autoload(:Signer, 'ribbon/intercom/utils/signer')
+    autoload(:Mixins, 'ribbon/intercom/utils/mixins')
+
+    BASIC_TYPES = [
+      String, Symbol, TrueClass, FalseClass, Integer, Float, NilClass, Date, Time, DateTime
+    ].freeze
+
     class << self
-      def sanitize(object)
+      def basic_type?(object)
+        case object
+        when *BASIC_TYPES then true
+        else false
+        end
+      end
+
+      def walk(object, context=nil, &block)
         case object
-        when String, Symbol, TrueClass, FalseClass, Integer, Float, NilClass, Date, Time, DateTime
-          object
         when Hash
-          sanitize_hash(object)
+          Hash[
+            object.map { |key, val|
+              [walk(key, :hash_key, &block), walk(val, :hash_value, &block)]
+            }
+          ]
         when Array
-          sanitize_array(object)
+          object.map { |obj| walk(obj, :array_elem, &block) }
         else
-          raise Errors::UnsafeValueError, object.inspect
+          yield object, context
         end
       end
 
-      def sanitize_array(array)
-        array.map { |obj| sanitize(obj) }
-      end
-
-      def sanitize_hash(hash)
-        Hash[hash.map { |key, val| [sanitize(key), sanitize(val)] }]
+      ##
+      # Raises an error if the object is or contains any non-basic types.
+      def sanitize(object)
+        walk(object) { |object|
+          if basic_type?(object)
+            object
+          else
+            raise Errors::UnsafeValueError, object.inspect
+          end
+        }
       end
 
       def symbolize_keys(hash)
@@ -31,6 +51,13 @@ module Ribbon::Intercom
       def classify(str)
         str.split("_").map(&:capitalize).join
       end
+
+      ##
+      # Returns an identifier for the method (e.g., A::B::C#method_name)
+      def method_identifier(subject, method)
+        scope = subject.is_a?(Class) ? subject.name : subject.class.name
+        scope + (subject.is_a?(Class) ? '.' : '#') + method.to_s
+      end
     end # Class methods
   end # Utils
 end # Ribbon::Intercom

data/lib/ribbon/intercom/version.rb

@@ -1,5 +1,5 @@
 module Ribbon
   module Intercom
-    VERSION = '0.2.3'
+    VERSION = '0.3.0'
   end
 end

data/lib/ribbon/intercom.rb

@@ -4,10 +4,12 @@ require 'rack'
 module Ribbon
   module Intercom
     require 'ribbon/intercom/railtie' if defined?(Rails)
-    autoload(:Service, 'ribbon/intercom/service')
-    autoload(:Errors, 'ribbon/intercom/errors')
-    autoload(:Client, 'ribbon/intercom/client')
-    autoload(:Utils, 'ribbon/intercom/utils')
+    autoload(:Service,     'ribbon/intercom/service')
+    autoload(:Errors,      'ribbon/intercom/errors')
+    autoload(:Client,      'ribbon/intercom/client')
+    autoload(:Package,     'ribbon/intercom/package')
+    autoload(:Packageable, 'ribbon/intercom/packageable')
+    autoload(:Utils,       'ribbon/intercom/utils')
 
     module_function
 
@@ -20,10 +22,11 @@ module Ribbon
     end
 
     def mock_safe
-      primary_client = client
-      @_client = @_client.dup
+      orig_client = client
+      @_client = @_client.mock_safe
       yield
-      @_client = primary_client
+    ensure
+      @_client = orig_client
     end
   end # Intercom
 end # Ribbon

data/lib/tasks/intercom.rake

@@ -4,9 +4,9 @@ require 'json'
 
 namespace :intercom do
   namespace :client do
-    task :rotate_secret, [:remote] => :environment do |t, args|
-      remote = args[:remote]
-      puts "New #{remote} secret: #{Intercom[remote].rotate_secret}"
+    task :rotate_secret, [:service] => :environment do |t, args|
+      service = args[:service]
+      puts "New #{service} secret: #{Intercom[service].rotate_secret}"
     end
   end
 

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: ribbon-intercom
 version: !ruby/object:Gem::Version
-  version: 0.2.3
+  version: 0.3.0
 platform: ruby
 authors:
 - Robert Honer
@@ -9,7 +9,7 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2015-04-20 00:00:00.000000000 Z
+date: 2015-05-06 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rack
@@ -65,20 +65,6 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: '0'
-- !ruby/object:Gem::Dependency
-  name: rest-client
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: 1.7.2
-  type: :runtime
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: 1.7.2
 - !ruby/object:Gem::Dependency
   name: ribbon-config
   requirement: !ruby/object:Gem::Requirement
@@ -173,16 +159,30 @@ extra_rdoc_files: []
 files:
 - lib/ribbon/intercom.rb
 - lib/ribbon/intercom/client.rb
+- lib/ribbon/intercom/client/mock_sdk.rb
 - lib/ribbon/intercom/client/sdk.rb
-- lib/ribbon/intercom/client/sdk/connection.rb
-- lib/ribbon/intercom/client/sdk/response.rb
+- lib/ribbon/intercom/client/sdk/adapters.rb
+- lib/ribbon/intercom/client/sdk/adapters/adapter.rb
+- lib/ribbon/intercom/client/sdk/adapters/adapter/response.rb
+- lib/ribbon/intercom/client/sdk/adapters/http_adapter.rb
+- lib/ribbon/intercom/client/sdk/adapters/http_adapter/connection.rb
+- lib/ribbon/intercom/client/sdk/adapters/local_adapter.rb
+- lib/ribbon/intercom/client/sdk/adapters/mock_adapter.rb
 - lib/ribbon/intercom/errors.rb
+- lib/ribbon/intercom/package.rb
+- lib/ribbon/intercom/packageable.rb
+- lib/ribbon/intercom/packageable/mixin.rb
 - lib/ribbon/intercom/railtie.rb
 - lib/ribbon/intercom/service.rb
 - lib/ribbon/intercom/service/channel.rb
-- lib/ribbon/intercom/service/channel_stores/base.rb
-- lib/ribbon/intercom/service/channel_stores/redis_store.rb
+- lib/ribbon/intercom/service/channel/stores.rb
+- lib/ribbon/intercom/service/channel/stores/mock_store.rb
+- lib/ribbon/intercom/service/channel/stores/redis_store.rb
+- lib/ribbon/intercom/service/channel/stores/store.rb
 - lib/ribbon/intercom/utils.rb
+- lib/ribbon/intercom/utils/mixins.rb
+- lib/ribbon/intercom/utils/mixins/mock_safe.rb
+- lib/ribbon/intercom/utils/signer.rb
 - lib/ribbon/intercom/version.rb
 - lib/tasks/intercom.rake
 homepage: http://github.com/ribbon/intercom

data/lib/ribbon/intercom/client/sdk/connection.rb

@@ -1,35 +0,0 @@
-require 'rest-client'
-
-module Ribbon::Intercom
-  class Client
-    class SDK
-      class Connection
-        def initialize(url, token, secret)
-          @client = RestClient::Resource.new(
-            url,
-            user: token,
-            password: secret,
-          ) { |response, request, result| response }
-        end
-
-        def put(path, method_name, args)
-          path = _build_path(path)
-          headers = { "X-Intercom-Method" => method_name }
-          payload = _encode_args(args)
-
-          Response.new(@client[path].put(payload, headers))
-        end
-
-        private
-
-        def _build_path(path)
-          path[0] == '/' ? path : '/' + path
-        end
-
-        def _encode_args(args)
-          Base64.strict_encode64(Marshal.dump(Utils.sanitize(args)))
-        end
-      end # Connection
-    end # SDK
-  end # Client
-end # Ribbon::Intercom