roadforest 0.5 → 0.7

data/lib/roadforest/application/services-host.rb

@@ -3,19 +3,33 @@ module RoadForest
     #XXX Worth doing some meta to get reality checking of configs here? Better
     #fail early if there's no DB configured, right?
     class ServicesHost
+      include Graph::Normalization
+
       def initialize
       end
 
       attr_writer :application
       attr_writer :router, :canonical_host, :type_handling
       attr_writer :logger, :authorization
+      attr_accessor :root_url
+
+      attr_accessor :default_content_engine
 
       def canonical_host
-        @application.canonical_host
+        @canonical_host ||= RDF::URI.intern(@root_url)
+      end
+
+      def augmenter
+        @augmenter ||= Augment::Augmenter.new(self)
       end
 
-      def router
-        @router ||= PathProvider.new(@application.dispatcher)
+      def dispatcher
+        @dispatcher ||= Dispatcher.new(self)
+      end
+      alias router dispatcher
+
+      def path_provider
+        @path_provider ||= router.path_provider
       end
 
       def authorization
@@ -34,6 +48,10 @@ module RoadForest
           end
       end
 
+      def default_content_engine
+        @default_content_engine || ContentHandling.rdf_engine
+      end
+
       alias authz authorization
     end
   end

data/lib/roadforest/augment/affordance.rb

@@ -6,7 +6,22 @@ module RoadForest
     module Affordance
       Af = Graph::Af
 
+      module GrantTokens
+        def each_grant_token(method, term)
+          grant_route = term.router.mapped_route_for_name(term.route.name, :perm, {})
+          term.resource.required_grants(method).each do |grant|
+            grant_path = grant_route.build_path(:grant_name => grant)
+            yield ::RDF::URI.new(canonical_uri.join(grant_path)) #XXX magical route name
+          end
+        rescue KeyError
+          term.resource.required_grants(method).each do |grant|
+            yield grant
+          end
+        end
+      end
+
       class Remove < Augmentation
+        include GrantTokens
         register_for_subjects
 
         def apply(term)
@@ -14,11 +29,15 @@ module RoadForest
             node = ::RDF::Node.new
             yield [node, ::RDF.type, Af.Remove]
             yield [node, Af.target, term.uri]
+            each_grant_token("DELETE", term) do |token|
+              yield [node, Af.authorizedBy, token]
+            end
           end
         end
       end
 
       class Links < Augmentation
+        include GrantTokens
         register_for_subjects
         register_for_objects
 
@@ -45,32 +64,84 @@ module RoadForest
                 yield [node, ::RDF.type, Af.Navigate]
                 yield [node, Af.target, term.uri]
               end
+              each_grant_token("GET", term) do |token|
+                yield [node, Af.authorizedBy, token]
+              end
             end
           end
         end
       end
 
-      class Update < Augmentation
-        register_for_subjects
+      class PayloadAugmentation < Augmentation
+        include GrantTokens
+
+        def get_payload(resource)
+
+        end
+
+        def applicable?(resource)
+
+        end
+
+        def affordance_type
+
+        end
+
+        def applicable?(resource)
+          resource.allowed_methods.include?(http_method)
+        end
 
         def apply(term)
-          if term.resource.allowed_methods.include?("PUT")
+          resource = term.resource
+          if applicable?(resource)
             node = ::RDF::Node.new
-            yield [node, ::RDF.type, Af.Update]
+            yield [node, ::RDF.type, affordance_type]
             yield [node, Af.target, term.uri]
+            each_grant_token(http_method, term) do |token|
+              yield [node, Af.authorizedBy, token]
+            end
+            payload = get_payload(resource)
+            unless payload.nil?
+              yield [node, Af.payload, payload.root]
+              unless payload.graph.nil?
+                payload.graph.each_statement do |stmt|
+                  yield stmt
+                end
+              end
+            end
           end
         end
       end
 
-      class Create < Augmentation
+      class Update < PayloadAugmentation
         register_for_subjects
 
-        def apply(term)
-          if term.resource.allowed_methods.include?("POST")
-            node = ::RDF::Node.new
-            yield [node, ::RDF.type, Af.Create]
-            yield [node, Af.target, term.uri]
-          end
+        def get_payload(resource)
+          resource.interface.update_payload
+        end
+
+        def http_method
+          "PUT"
+        end
+
+        def affordance_type
+          Af.Update
+        end
+      end
+
+      class Create < PayloadAugmentation
+        register_for_subjects
+
+        def get_payload(resource)
+          resource.interface.create_payload
+        end
+
+        def http_method
+          "POST"
+        end
+
+        def affordance_type
+          Af.Create
         end
       end
     end

data/lib/roadforest/augment/augmentation.rb

@@ -2,12 +2,30 @@ require 'roadforest/augment/augmenter'
 module RoadForest
   module Augment
     class Augmentation
-      def self.register_for_subjects
-        Augmenter.subject_augmentations_registry.add(self.name, self)
-      end
+      class << self
+        def register_for_subjects
+          Augmenter.subject_augmentations_registry.add(self.name, self)
+        end
+
+        def subject_precedes(other)
+          Augmenter.subject_augmentations_registry.seq(self.name, other)
+        end
+
+        def subject_follows(other)
+          Augmenter.subject_augmentations_registry.seq(other, self.name)
+        end
 
-      def self.register_for_objects
-        Augmenter.object_augmentations_registry.add(self.name, self)
+        def register_for_objects
+          Augmenter.object_augmentations_registry.add(self.name, self)
+        end
+
+        def object_precedes(other)
+          Augmenter.object_augmentations_registry.seq(self.name, other)
+        end
+
+        def object_follows(other)
+          Augmenter.object_augmentations_registry.seq(other, self.name)
+        end
       end
 
       def initialize(augmenter)
@@ -49,7 +67,7 @@ module RoadForest
 
       def type_list
         @type_list ||=
-          resource.content_types_provided.inject(ContentHandling::MediaTypeList.new) do |list, (type, method)|
+          resource.content_types_provided.inject(ContentHandling::MediaTypeList.new) do |list, (type, _)|
             list.add_header_val(type)
           end
       end

data/lib/roadforest/augment/augmenter.rb

@@ -4,7 +4,18 @@ require 'roadforest/utility/class-registry'
 module RoadForest
   module Augment
     class Augmenter
-      attr_accessor :router
+      def initialize(services)
+        @services = services
+      end
+      attr_reader :services
+
+      def router
+        services.router
+      end
+
+      def canonical_uri
+        @canonical_uri ||= Addressable::URI.parse(services.root_url)
+      end
 
       def self.subject_augmentations_registry
         @subject_registry ||= Utility::ClassRegistry.new(self, "subject augmentation")
@@ -26,8 +37,6 @@ module RoadForest
         end
       end
 
-      attr_accessor :canonical_uri
-
       def augment(graph)
         augmenting = Augment::Process.new(graph)
 

data/lib/roadforest/authorization.rb

@@ -1,231 +1,9 @@
-require 'base64'
-require 'openssl'
 require 'roadforest'
-require 'roadforest/utility/class-registry'
 
-module RoadForest
-  module Authorization
-    class GrantBuilder
-      def initialize(salt, cache)
-        @salt = salt
-        @cache = cache
-        @list = []
-      end
-      attr_reader :list
-
-      def add(name, params=nil)
-        canonical =
-          if params.nil?
-            [@salt, name]
-          else
-            [@salt, name, params.keys.sort.map do |key|
-              [key, params[key]]
-            end]
-          end
-        @list << @cache[canonical]
-      end
-    end
-
-    class GrantsHolder
-      def initialize(salt, hash_function)
-        @salt = salt
-
-        digester = OpenSSL::Digest.new(hash_function)
-        @grants_cache = Hash.new do |h, k| #XXX potential resource exhaustion here - only accumulate auth'd results
-          digester.reset
-          h[k] = digester.digest(h.inspect)
-        end
-      end
-
-      def get(key)
-        @grants_cache[key]
-      end
-      alias [] get
-
-      def build_grants
-        builder = GrantBuilder.new(@salt, self)
-        yield builder
-        return builder.list
-      end
-    end
-
-    class Manager
-      attr_accessor :authenticator
-      attr_accessor :policy
-      attr_reader :grants
-
-      HASH_FUNCTION = "SHA256".freeze
-
-      def initialize(salt = nil, authenticator = nil, policy = nil)
-        @grants = GrantsHolder.new(salt || "roadforest-insecure", HASH_FUNCTION)
-
-        @authenticator = authenticator || AuthenticationChain.new(DefaultAuthenticationStore.new)
-        @policy = policy || AuthorizationPolicy.new
-        @policy.grants_holder = @grants
-      end
-
-      def build_grants(&block)
-        @grants.build_grants(&block)
-      end
-
-      def challenge(options)
-        @authenticator.challenge(options)
-      end
-
-      # @returns [:public|:granted|:refused]
-      #
-      # :public means the request doesn't need authorization
-      # :granted means that it does need authz but the credentials passed are
-      #   allowed to access the resource
-      # :refused means that the credentials passed are not allowed to access
-      #   the resource
-      #
-      # TODO: Resource needs to add s-maxage=0 for :granted requests or public
-      # for :public requests to the CacheControl header
-      def authorization(header, required_grants)
-        entity = authenticator.authenticate(header)
-
-        return :refused if entity.nil?
-
-        available_grants = policy.grants_for(entity)
-
-        if required_grants.any?{|required| available_grants.include?(required)}
-          return :granted
-        else
-          return :refused
-        end
-      end
-    end
-
-    class AuthenticationChain
-      class Scheme
-        def self.registry_purpose; "authentication scheme"; end
-        extend Utility::ClassRegistry::Registrar
-
-        def self.register(name)
-          registrar.registry.add(name, self.new)
-        end
-
-        def authenticated_entity(credentials, store)
-          nil
-        end
-      end
-
-      class Basic < Scheme
-        register "Basic"
-
-        def challenge(options)
-          "Basic realm=\"#{options.fetch(:realm, "Roadforest App")}\""
-        end
-
-        def authenticated_entity(credentials, store)
-          username, password = Base64.decode64(credentials).split(':',2)
-
-          entity = store.by_username(username)
-          entity.authenticate_by_password(password)
-          entity
-        end
-      end
-
-      def initialize(store)
-        @store = store
-      end
-      attr_reader :store
-
-      def handler_for(scheme)
-        Scheme.get(scheme)
-      rescue
-        nil
-      end
-
-      def challenge(options)
-        (Scheme.registry.names.map do |scheme_name|
-          handler_for(scheme_name).challenge(options)
-        end).join(", ")
-      end
-
-      def add_account(user,password,token)
-        @store.add_account(user,password,token)
-      end
-
-      def authenticate(header)
-        return nil if header.nil?
-        scheme, credentials = header.split(/\s+/, 2)
-
-        handler = handler_for(scheme)
-        return nil if handler.nil?
-
-        entity = handler.authenticated_entity(credentials, store)
-        return nil if entity.nil?
-        return nil unless entity.authenticated?
-        return entity
-      end
-    end
-
-    class AuthEntity
-      def initialize
-        @authenticated = false
-      end
-      attr_accessor :username, :password, :token
-
-      def authenticated?
-        !!@authenticated
-      end
-
-      def authenticate_by_password(password)
-        @authenticated = (!password.nil? and password == @password)
-      end
-
-      def authenticate_by_token(token)
-        @authenticated = (!token.nil? and token == @token)
-      end
-
-      def authenticate!
-        @authenticated = true
-      end
-    end
-
-    class DefaultAuthenticationStore
-      def initialize
-        @accounts = []
-      end
-
-      def build_entity(account)
-        return nil if account.nil?
-        AuthEntity.new.tap do |entity|
-          entity.username = account[0]
-          entity.password = account[1]
-          entity.token = account[2]
-        end
-      end
-
-      def add_account(user, password, token)
-        @accounts << [user, password, token]
-      end
-
-      def by_username(username)
-        account = @accounts.find{|account| account[0] == username }
-        build_entity(account)
-      end
-
-      def by_token(token)
-        account = @accounts.find{|account| account[2] == token }
-        build_entity(account)
-      end
-    end
-
-    class AuthorizationPolicy
-      attr_accessor :grants_holder
-
-      def build_grants(&block)
-        grants_holder.build_grants(&block)
-      end
-
-      def grants_for(entity)
-        build_grants do |builder|
-          builder.add(:admin)
-        end
-      end
-    end
-  end
-end
+require 'roadforest/authorization/grant-builder'
+require 'roadforest/authorization/grants-holder'
+require 'roadforest/authorization/authentication-chain'
+require 'roadforest/authorization/auth-entity'
+require 'roadforest/authorization/default-authentication-store'
+require 'roadforest/authorization/policy'
+require 'roadforest/authorization/manager'