ruby_native 0.1.2 → 0.1.3

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: '00576379773bb42c2d69e98cd880e81852ae7ec56c0428b13fea96c6bbc974cb'
-  data.tar.gz: eafeb8440ec88a7418577eefaccf5251e0c658f0b3ea0ccc89da809b0aba4710
+  metadata.gz: 20d760214b3f22f2ad779114c93fea5123415f54eae344bd4b8615704a5abc06
+  data.tar.gz: a840dcc62eb743a8319646fbc31429b62ec3bcd42c5927cbecf51bb1e72c114c
 SHA512:
-  metadata.gz: 8126c66d154001be50aa69da1586b5981afc3d7d1154b8f1bcf1e186320b601aad3370d8294091c528216f0c8a154b077c929e687011108c403bb6e685dd8370
-  data.tar.gz: 628c3bef731601b5eb202ae4767f1ad7bf4610a429c1c880bc0945662e861b487c7b8123f04a44697dd9a0145f7d88cef14a66383a20d06a0f1d07226a7b31b4
+  metadata.gz: 8566892b7a575d4b60fcda366827f663ac9b8ca66b2b80e4133f432434687f2b73b1276140e1b7fe3134f77bbab3daf60e136d8b3c6b4c28acb6cfc8079ca1a3
+  data.tar.gz: 48733345d9bf04179752359e7c3fd20ed9f72b1cbd5ed94983b0f5b1f6a74e5fc585bc4edda37b51425759ef793e4e39aeb2cd3112acc34b6fa3a3ccccf315f6

data/app/controllers/ruby_native/auth/sessions_controller.rb

@@ -0,0 +1,26 @@
+module RubyNative
+  module Auth
+    class SessionsController < ::ActionController::Base
+      def show
+        data = OAuthMiddleware.read_token(params[:token])
+
+        unless data
+          Rails.logger.debug { "[RubyNative] OAuth token exchange failed: invalid or expired token" }
+          head :unauthorized
+          return
+        end
+
+        # Prevent the session middleware from appending its own (empty)
+        # session cookie, which would overwrite the authenticated one.
+        request.session_options[:skip] = true
+
+        if data[:cookies].present?
+          response.headers["set-cookie"] = data[:cookies].join("\n")
+        end
+
+        Rails.logger.debug { "[RubyNative] OAuth token exchanged, redirecting to #{data[:redirect_url]}" }
+        render json: {redirect_url: data[:redirect_url]}
+      end
+    end
+  end
+end

data/app/controllers/ruby_native/auth/start_controller.rb

@@ -0,0 +1,16 @@
+module RubyNative
+  module Auth
+    class StartController < ::ActionController::Base
+      def show
+        @provider = params[:provider]
+
+        unless @provider.match?(/\A[a-z0-9_]+\z/)
+          head :bad_request
+          return
+        end
+
+        @callback_scheme = params[:callback_scheme]
+      end
+    end
+  end
+end

data/app/views/ruby_native/auth/start/show.html.erb

@@ -0,0 +1,16 @@
+<!DOCTYPE html>
+<html>
+<head>
+  <meta charset="utf-8">
+  <meta name="viewport" content="width=device-width, initial-scale=1">
+  <title>Signing in…</title>
+</head>
+<body>
+  <p>Signing in…</p>
+  <%= form_tag "/auth/#{@provider}", method: :post, id: "oauth-form" do %>
+    <input type="hidden" name="ruby_native" value="1">
+    <input type="hidden" name="callback_scheme" value="<%= @callback_scheme %>">
+  <% end %>
+  <script>document.getElementById("oauth-form").submit();</script>
+</body>
+</html>

data/config/routes.rb

@@ -3,4 +3,8 @@ RubyNative::Engine.routes.draw do
   namespace :push do
     resources :devices, only: :create
   end
+  namespace :auth do
+    get "start/:provider", to: "start#show", as: :start
+    resource :session, only: :show
+  end
 end

data/lib/ruby_native/engine.rb

@@ -28,6 +28,10 @@ module RubyNative
       end
     end
 
+    initializer "ruby_native.oauth_middleware" do |app|
+      app.middleware.insert_before ActionDispatch::Cookies, RubyNative::OAuthMiddleware
+    end
+
     initializer "ruby_native.routes" do |app|
       app.routes.prepend do
         mount RubyNative::Engine, at: "/native"

data/lib/ruby_native/oauth_middleware.rb

@@ -0,0 +1,144 @@
+module RubyNative
+  class OAuthMiddleware
+    COOKIE_NAME = "_ruby_native_oauth"
+
+    def initialize(app)
+      @app = app
+    end
+
+    def call(env)
+      request = ActionDispatch::Request.new(env)
+      started_oauth = oauth_start_request?(request)
+      callback_scheme = request.params["callback_scheme"] if started_oauth
+
+      status, headers, body = @app.call(env)
+
+      if started_oauth && callback_scheme.present? && redirect?(status)
+        Rails.logger.debug { "[RubyNative] OAuth started for #{request.path}, setting tracking cookie" }
+        set_cookie(headers, callback_scheme)
+      end
+
+      stored_scheme = read_cookie(request)
+
+      if stored_scheme && redirect?(status)
+        location = headers["location"] || headers["Location"]
+
+        if auth_failure?(location)
+          Rails.logger.info { "[RubyNative] OAuth failed, redirecting to native app" }
+          delete_cookie(headers)
+          return redirect_to_native(stored_scheme, error: true)
+        end
+
+        if internal_redirect?(request, location)
+          token = build_token(headers, location)
+          Rails.logger.info { "[RubyNative] OAuth succeeded, redirecting to native app" }
+          delete_cookie(headers)
+          return redirect_to_native(stored_scheme, token: token)
+        end
+      end
+
+      [status, headers, body]
+    end
+
+    def self.encryptor
+      @encryptor ||= begin
+        key = ActiveSupport::KeyGenerator.new(Rails.application.secret_key_base)
+          .generate_key("ruby_native_oauth", ActiveSupport::MessageEncryptor.key_len)
+        ActiveSupport::MessageEncryptor.new(key)
+      end
+    end
+
+    def self.build_token(cookies:, redirect_url:)
+      encryptor.encrypt_and_sign(
+        {cookies: cookies, redirect_url: redirect_url},
+        expires_in: 5.minutes,
+        purpose: "ruby_native_oauth"
+      )
+    end
+
+    def self.read_token(token)
+      data = encryptor.decrypt_and_verify(token, purpose: "ruby_native_oauth")
+      data&.symbolize_keys
+    rescue ActiveSupport::MessageEncryptor::InvalidMessage
+      nil
+    end
+
+    private
+
+    def oauth_start_request?(request)
+      return false unless oauth_paths.any? { |p| request.path == p }
+      request.params["ruby_native"] == "1"
+    end
+
+    def set_cookie(headers, callback_scheme)
+      signed = verifier.generate(callback_scheme)
+      Rack::Utils.set_cookie_header!(headers, COOKIE_NAME, {
+        value: signed,
+        path: "/",
+        httponly: true,
+        secure: Rails.env.production?,
+        same_site: :lax,
+        max_age: 300
+      })
+    end
+
+    def read_cookie(request)
+      signed_value = request.cookies[COOKIE_NAME]
+      return nil unless signed_value.present?
+      verifier.verified(signed_value)
+    rescue ActiveSupport::MessageVerifier::InvalidSignature
+      nil
+    end
+
+    def delete_cookie(headers)
+      Rack::Utils.delete_set_cookie_header!(headers, COOKIE_NAME, path: "/")
+    end
+
+    def verifier
+      @verifier ||= ActiveSupport::MessageVerifier.new(
+        Rails.application.secret_key_base,
+        digest: "SHA256",
+        purpose: "ruby_native_oauth"
+      )
+    end
+
+    def redirect?(status)
+      (300..399).cover?(status)
+    end
+
+    def auth_failure?(location)
+      return false unless location
+      URI.parse(location).path == "/auth/failure"
+    rescue URI::InvalidURIError
+      false
+    end
+
+    def internal_redirect?(request, location)
+      return false unless location
+      uri = URI.parse(location)
+      uri.host.nil? || uri.host == request.host
+    rescue URI::InvalidURIError
+      false
+    end
+
+    def build_token(headers, redirect_url)
+      raw_cookies = headers["set-cookie"] || headers["Set-Cookie"]
+      cookies = case raw_cookies
+      when String then raw_cookies.split("\n")
+      when Array then raw_cookies
+      else []
+      end
+
+      self.class.build_token(cookies: cookies, redirect_url: redirect_url)
+    end
+
+    def redirect_to_native(callback_scheme, token: nil, error: false)
+      query = error ? "error=true" : "token=#{CGI.escape(token)}"
+      [302, {"location" => "#{callback_scheme}://auth/callback?#{query}"}, [""]]
+    end
+
+    def oauth_paths
+      RubyNative.config&.dig(:auth, :oauth_paths) || []
+    end
+  end
+end

data/lib/ruby_native/version.rb

@@ -1,3 +1,3 @@
 module RubyNative
-  VERSION = "0.1.2"
+  VERSION = "0.1.3"
 end

data/lib/ruby_native.rb

@@ -1,6 +1,7 @@
 require "ruby_native/version"
 require "ruby_native/helper"
 require "ruby_native/native_detection"
+require "ruby_native/oauth_middleware"
 require "ruby_native/engine"
 
 module RubyNative
@@ -13,5 +14,6 @@ module RubyNative
     self.config = YAML.load_file(path).deep_symbolize_keys
     self.config[:app] ||= {}
     self.config[:app][:name] ||= "Ruby Native"
+    self.config[:auth] ||= {}
   end
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: ruby_native
 version: !ruby/object:Gem::Version
-  version: 0.1.2
+  version: 0.1.3
 platform: ruby
 authors:
 - Joe Masilotti
@@ -49,6 +49,8 @@ files:
 - LICENSE
 - README.md
 - app/assets/stylesheets/ruby_native.css
+- app/controllers/ruby_native/auth/sessions_controller.rb
+- app/controllers/ruby_native/auth/start_controller.rb
 - app/controllers/ruby_native/config_controller.rb
 - app/controllers/ruby_native/push/devices_controller.rb
 - app/javascript/ruby_native/back.js
@@ -59,6 +61,7 @@ files:
 - app/javascript/ruby_native/bridge/push_controller.js
 - app/javascript/ruby_native/bridge/search_controller.js
 - app/javascript/ruby_native/bridge/tabs_controller.js
+- app/views/ruby_native/auth/start/show.html.erb
 - config/importmap.rb
 - config/routes.rb
 - exe/ruby_native
@@ -71,6 +74,7 @@ files:
 - lib/ruby_native/engine.rb
 - lib/ruby_native/helper.rb
 - lib/ruby_native/native_detection.rb
+- lib/ruby_native/oauth_middleware.rb
 - lib/ruby_native/version.rb
 homepage: https://github.com/Ruby-Native/gem
 licenses: