rodauth-json 0.1.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: 785c1bf53551151eb72d8477c4402ca761b47f5ddc18ff40d233257d6e6e7fc0
+  data.tar.gz: e5a4175561eba6ba14cbad6e7ceca40c32b564e7f1854773e4c45b3cefeabc1d
+SHA512:
+  metadata.gz: e61fe9df18448b6891f001214d7ea635046eb7fbfdb1e0df6ce23c986079299ff72bc46c191fee8dae7179a0ca4ea42c4f12c1fabaf5f7bf4928403080165347
+  data.tar.gz: 004c200c4eb01bb54467900f400d9fbb5e50c2f7d17eed195c2812b749700bccd68f963670fbd8fa1d2592154567ccd88f474d8f8dcc3d68a14e946b12c5cb9e

data/.gitignore

@@ -0,0 +1,9 @@
+/.bundle/
+/.yardoc
+/_yardoc/
+/coverage/
+/doc/
+/pkg/
+/spec/reports/
+/tmp/
+

data/Gemfile

@@ -0,0 +1,6 @@
+source "https://rubygems.org"
+
+# Specify your gem's dependencies in rodauth-json.gemspec
+gemspec
+
+gem "rake", "~> 12.0"

data/Gemfile.lock

@@ -0,0 +1,27 @@
+PATH
+  remote: .
+  specs:
+    rodauth-json (0.1.0)
+      rodauth (~> 2.0)
+
+GEM
+  remote: https://rubygems.org/
+  specs:
+    rack (2.2.3)
+    rake (12.3.3)
+    roda (3.38.0)
+      rack
+    rodauth (2.6.0)
+      roda (>= 2.6.0)
+      sequel (>= 4)
+    sequel (5.39.0)
+
+PLATFORMS
+  ruby
+
+DEPENDENCIES
+  rake (~> 12.0)
+  rodauth-json!
+
+BUNDLED WITH
+   2.1.4

data/LICENSE.txt

@@ -0,0 +1,21 @@
+The MIT License (MIT)
+
+Copyright (c) 2020 Koell
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.

data/README.md

@@ -0,0 +1,44 @@
+# Rodauth::Json
+
+Welcome to your new gem! In this directory, you'll find the files you need to be able to package up your Ruby library into a gem. Put your Ruby code in the file `lib/rodauth/json`. To experiment with that code, run `bin/console` for an interactive prompt.
+
+TODO: Delete this and the text above, and describe your gem
+
+## Installation
+
+Add this line to your application's Gemfile:
+
+```ruby
+gem 'rodauth-json'
+```
+
+And then execute:
+
+    $ bundle install
+
+Or install it yourself as:
+
+    $ gem install rodauth-json
+
+## Usage
+
+TODO: Write usage instructions here
+
+## Development
+
+After checking out the repo, run `bin/setup` to install dependencies. Then, run `rake spec` to run the tests. You can also run `bin/console` for an interactive prompt that will allow you to experiment.
+
+To install this gem onto your local machine, run `bundle exec rake install`. To release a new version, update the version number in `version.rb`, and then run `bundle exec rake release`, which will create a git tag for the version, push git commits and tags, and push the `.gem` file to [rubygems.org](https://rubygems.org).
+
+## Contributing
+
+Bug reports and pull requests are welcome on GitHub at https://github.com/[USERNAME]/rodauth-json. This project is intended to be a safe, welcoming space for collaboration, and contributors are expected to adhere to the [code of conduct](https://github.com/[USERNAME]/rodauth-json/blob/master/CODE_OF_CONDUCT.md).
+
+
+## License
+
+The gem is available as open source under the terms of the [MIT License](https://opensource.org/licenses/MIT).
+
+## Code of Conduct
+
+Everyone interacting in the Rodauth::Json project's codebases, issue trackers, chat rooms and mailing lists is expected to follow the [code of conduct](https://github.com/[USERNAME]/rodauth-json/blob/master/CODE_OF_CONDUCT.md).

data/Rakefile

@@ -0,0 +1,5 @@
+require "bundler/gem_tasks"
+
+RSpec::Core::RakeTask.new(:spec)
+
+task :default => :spec

data/lib/rodauth/features/json.rb

@@ -0,0 +1,221 @@
+# frozen-string-literal: true
+
+module Rodauth
+  Feature.define(:json, :Json) do
+    translatable_method :json_non_post_error_message, 'non-POST method used in JSON API'
+    translatable_method :json_not_accepted_error_message, 'Unsupported Accept header. Must accept "application/json" or compatible content type'
+    translatable_method :non_json_request_error_message, 'Only JSON format requests are allowed'
+    auth_value_method :json_request_content_type_regexp, /\bapplication\/(?:vnd\.api\+)?json\b/i
+    auth_value_method :json_accept_regexp, /(?:(?:\*|\bapplication)\/\*|\bapplication\/(?:vnd\.api\+)?json\b)/i
+    auth_value_method :json_response_content_type, 'application/json'
+    auth_value_method :json_response_error_status, 400
+    auth_value_method :json_response_custom_error_status?, true
+    auth_value_method :json_response_status_key, 'status'
+    auth_value_method :json_response_success_status, 'success'
+    auth_value_method :json_response_error_status, 'fail'
+    auth_value_method :json_response_error_code_key, 'error'
+    auth_value_method :json_message_key, 'message'
+    auth_value_method :json_response_field_error_key, 'field-error'
+    auth_value_method :json_include_message?, true
+    auth_value_method :json_check_accept?, true
+    
+
+    auth_value_methods(
+      :only_json?
+    )
+
+    auth_methods(
+      :json_request?
+    )
+
+    auth_private_methods :json_response_body
+
+    def set_field_error(field, message)
+      return super unless json_request?
+
+      json_response[json_response_error_code_key] = json_response_field_error_key
+      json_response[json_response_status_key] = json_response_field_error_key
+      json_response[json_response_field_error_key] = [field, message]
+    end
+
+    def set_error_flash(message)
+      return super unless json_request?
+
+      json_response[json_response_status_key] = json_response_error_status
+      json_response[json_message_key] = message
+    end
+
+    def set_redirect_error_flash(message)
+      return super unless json_request?
+
+      json_response[json_response_status_key] = json_response_error_status
+      json_response[json_message_key] = message
+    end
+
+    def set_notice_flash(message)
+      return super unless json_request?
+
+      json_response[json_response_status_key] = json_response_success_status
+      json_response[json_message_key] = message if json_include_message?
+    end
+
+    def set_notice_now_flash(message)
+      return super unless json_request?
+
+      json_response[json_response_status_key] = json_response_success_status
+      json_response[json_message_key] = message if json_include_message?
+    end
+
+    def json_request?
+      return @json_request if defined?(@json_request)
+
+      @json_request = request.content_type =~ json_request_content_type_regexp
+    end
+
+    def view(page, title)
+      return super unless json_request?
+      return_json_response
+    end
+
+
+    private
+
+    def check_csrf?
+      return false if json_request?
+      super
+    end
+
+    def before_rodauth
+      if json_request?
+        if json_check_accept? && (accept = request.env['HTTP_ACCEPT']) && accept !~ json_accept_regexp
+          response.status = 406
+          json_response[json_response_status_key] = json_response_error_status
+          json_response[json_message_key] = json_not_accepted_error_message
+          response['Content-Type'] ||= json_response_content_type
+          response.write(_json_response_body(json_response))
+          request.halt
+        end
+
+        unless request.post?
+          response.status = 405
+          response.headers['Allow'] = 'POST'
+          json_response[json_response_status_key] = json_response_error_status
+          json_response[json_message_key] = json_non_post_error_message
+          return_json_response
+        end
+      elsif only_json?
+        response.status = json_response_error_status
+        response.write non_json_request_error_message
+        request.halt
+      end
+
+      super
+    end
+
+    def before_login_attempt
+      if json_request?
+        unless open_account?
+          json_response[json_response_error_code_key] = "unverified_account"
+        end
+      end
+      super
+    end
+
+    def new_account(login)
+      if account_from_login(login) && allow_resending_verify_account_email?
+        json_response[json_response_error_code_key] = "unverified_account" if json_request?
+      end
+      super
+    end
+    
+    
+    def before_view_recovery_codes
+      super if defined?(super)
+      if json_request?
+        json_response[:codes] = recovery_codes
+        json_response[json_message_key] ||= "" if json_include_message?
+      end
+    end
+
+    def before_webauthn_setup_route
+      super if defined?(super)
+      if json_request? && !param_or_nil(webauthn_setup_param)
+        cred = new_webauthn_credential
+        json_response[webauthn_setup_param] = cred.as_json
+        json_response[webauthn_setup_challenge_param] = cred.challenge
+        json_response[webauthn_setup_challenge_hmac_param] = compute_hmac(cred.challenge)
+      end
+    end
+
+    def before_webauthn_auth_route
+      super if defined?(super)
+      if json_request? && !param_or_nil(webauthn_auth_param)
+        cred = webauth_credential_options_for_get
+        json_response[webauthn_auth_param] = cred.as_json
+        json_response[webauthn_auth_challenge_param] = cred.challenge
+        json_response[webauthn_auth_challenge_hmac_param] = compute_hmac(cred.challenge)
+      end
+    end
+
+    def before_webauthn_login_route
+      super if defined?(super)
+      if json_request? && !param_or_nil(webauthn_auth_param) && account_from_login(param(login_param))
+        cred = webauth_credential_options_for_get
+        json_response[webauthn_auth_param] = cred.as_json
+        json_response[webauthn_auth_challenge_param] = cred.challenge
+        json_response[webauthn_auth_challenge_hmac_param] = compute_hmac(cred.challenge)
+      end
+    end
+
+    def before_webauthn_remove_route
+      super if defined?(super)
+      if json_request? && !param_or_nil(webauthn_remove_param)
+        json_response[webauthn_remove_param] = account_webauthn_usage
+      end
+    end
+
+    def before_otp_setup_route
+      super if defined?(super)
+      if json_request? && otp_keys_use_hmac? && !param_or_nil(otp_setup_raw_param)
+        _otp_tmp_key(otp_new_secret)
+        json_response[otp_setup_param] = otp_user_key
+        json_response[otp_setup_raw_param] = otp_key
+      end
+    end
+
+    def redirect(path)
+      return super unless json_request?
+      # json_response["redirect"] = path
+      return_json_response
+    end
+    
+    def json_response
+      @json_response ||= {json_response_status_key => json_response_success_status}
+    end
+
+    def _json_response_body(hash)
+      request.send(:convert_to_json, hash)
+    end
+
+    def return_json_response
+      response.status ||= json_response_error_status if json_response[json_response_status_key] == json_response_error_status
+      response['Content-Type'] ||= json_response_content_type
+      response.write(_json_response_body(json_response))
+      request.halt
+    end
+
+    def set_redirect_error_status(status)
+      if json_request? && json_response_custom_error_status?
+        response.status = status
+      end
+    end
+
+    def set_response_error_status(status)
+      if json_request? && !json_response_custom_error_status?
+        status = json_response_error_status
+      end
+
+      super
+    end
+  end
+end

data/lib/rodauth/features/json_cors.rb

@@ -0,0 +1,53 @@
+# frozen-string-literal: true
+
+module Rodauth
+  Feature.define(:json_cors, :JsonCors) do
+    depends :json
+
+    auth_value_method :json_cors_allow_origin, false
+    auth_value_method :json_cors_allow_methods, 'POST'
+    auth_value_method :json_cors_allow_headers, 'Content-Type, Authorization, Accept'
+    auth_value_method :json_cors_expose_headers, 'Authorization'
+    auth_value_method :json_cors_max_age, 86400
+
+    auth_methods(:json_cors_allow?)
+
+    def json_cors_allow?
+      return false unless origin = request.env['HTTP_ORIGIN']
+
+      case allowed = json_cors_allow_origin
+      when String
+        timing_safe_eql?(origin, allowed)
+      when Array
+        allowed.any?{|s| timing_safe_eql?(origin, s)}
+      when Regexp
+        allowed =~ origin
+      when true
+        true
+      else
+        false
+      end
+    end
+
+    private
+
+    def before_rodauth
+      if json_cors_allow?
+        response['Access-Control-Allow-Origin'] = request.env['HTTP_ORIGIN']
+
+        # Handle CORS preflight request
+        if request.request_method == 'OPTIONS'
+          response['Access-Control-Allow-Methods'] = json_cors_allow_methods
+          response['Access-Control-Allow-Headers'] = json_cors_allow_headers
+          response['Access-Control-Max-Age'] = json_cors_max_age.to_s
+          response.status = 204
+          request.halt(response.finish)
+        end
+
+        response['Access-Control-Expose-Headers'] = json_cors_expose_headers
+      end
+
+      super
+    end
+  end
+end

data/rodauth-json.gemspec

@@ -0,0 +1,23 @@
+Gem::Specification.new do |spec|
+  spec.name          = "rodauth-json"
+  spec.version       = "0.1.0"
+  spec.authors       = ["Koell"]
+  spec.email         = ["i@wug.moe"]
+
+  spec.summary       = "Rodauth JSON extension"
+  spec.description   = "Rodauth JSON extension"
+  spec.homepage      = "https://git.localhost/rodauth-json"
+  spec.license       = "MIT"
+  spec.required_ruby_version = Gem::Requirement.new(">= 2.3.0")
+
+  spec.metadata["homepage_uri"] = spec.homepage
+  spec.metadata["source_code_uri"] = spec.homepage
+
+  spec.add_dependency "rodauth", "~> 2.0"
+
+  # Specify which files should be added to the gem when it is released.
+  # The `git ls-files -z` loads the files in the RubyGem that have been added into git.
+  spec.files         = Dir.chdir(File.expand_path('..', __FILE__)) do
+    `git ls-files -z`.split("\x0").reject { |f| f.match(%r{^(test|spec|features)/}) }
+  end
+end

metadata

@@ -0,0 +1,68 @@
+--- !ruby/object:Gem::Specification
+name: rodauth-json
+version: !ruby/object:Gem::Version
+  version: 0.1.0
+platform: ruby
+authors:
+- Koell
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2020-12-15 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: rodauth
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.0'
+description: Rodauth JSON extension
+email:
+- i@wug.moe
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- ".gitignore"
+- Gemfile
+- Gemfile.lock
+- LICENSE.txt
+- README.md
+- Rakefile
+- lib/rodauth/features/json.rb
+- lib/rodauth/features/json_cors.rb
+- rodauth-json.gemspec
+homepage: https://git.localhost/rodauth-json
+licenses:
+- MIT
+metadata:
+  homepage_uri: https://git.localhost/rodauth-json
+  source_code_uri: https://git.localhost/rodauth-json
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: 2.3.0
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubygems_version: 3.1.4
+signing_key: 
+specification_version: 4
+summary: Rodauth JSON extension
+test_files: []