satz 0.0.1 → 0.0.2

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: ef06f388d1b3113f7d709320b4ea4606e5fc9c8c
-  data.tar.gz: af63d424f6e74e95418804514075f72886777af5
+  metadata.gz: 5ef14c47b68ac506c9096dfa78e62d7e174d3dd4
+  data.tar.gz: eb243d56d8184dda598263589bcbfe7e5580bb2f
 SHA512:
-  metadata.gz: 8ef33ff001e893d12588c6fbf6f5825434c7cf8599f14db51ddf12b807e95ccb0e6731f9ff4241a80e6b587e6bec31ec827c3f4ddd919fb853eef807317deccc
-  data.tar.gz: 4a1df71be2425e688e51ed96dafb3d0a8d1d3be929f8f5c2917e8a7788382942d4c1018b5b1e7846f3d933179c98f6eec6df42a58a24a744598b555c8675dd90
+  metadata.gz: a1025b3c94d78c146c7cee02a24be964ae9b4fef849855d954e3dff793fc901dcd405b175155ea8fb159227a0b9d32ab61854f969242a0e41880aa7430b15fd6
+  data.tar.gz: cb37e3aabca0617d18c8730f815fc3997843a1528b3eca6834c985acd41fec8009486126d4072c229948308efd24a090cb1c2721477d036a20628486bde0b934

data/CHANGELOG

@@ -1 +1,5 @@
+0.0.2
 
+* Add customizable serializer
+
+* Add authentication via Basic Auth

data/README.md

@@ -19,7 +19,7 @@ Usage
 An example of a Satz application would look like this:
 
 ```ruby
-App = Satz.new do
+App = Satz.define do
   on "players" do
     on :player_id do
       get do
@@ -55,15 +55,61 @@ In user defined objects, you can define the method `to_json` according
 to your needs. Most ORMs already provide meaningful definitions for
 that method.
 
+Authentication
+--------------
+
+The `auth` method checks if Basic Auth headers were provided and
+returns `nil` otherwise. If it's able to access the supplied
+credentials, it yield the username and password and returns the
+result (if it's not false) or nil.
+
+Here's an example of how to use it:
+
+```ruby
+@user = auth do |user, pass|
+
+  # Here you can use any method of your
+  # choice. The example is from Shield.
+  User.authenticate(user, pass)
+end
+
+on @user.nil? do
+  res.status = 401
+  reply(error: "Unauthorized")
+end
+```
+
+Anything defined after that `on` block will be executed only if the
+authentication succeded.
+
+Serialization
+-------------
+
+The default serializer is `JSON`, but it can be customized by
+supplying a serializer:
+
+```ruby
+Satz.serializer = MySerializer
+```
+
+A serializer must respond to `load(arg)` and `dump(arg)`, and that's
+the only restriction. Note that the supplied serializer will be used
+by all `Satz` applications.
+
 API
 ---
 
 Apart from [Syro][syro]'s API, the following methods are available:
 
-`read`: Reads the body of the requst and parses it as JSON.
+`auth`: Process Basic Auth headers and yield username and password.
+
+`read`: Reads the body of the request and parses it as JSON.
 
 `reply`: Writes to the response its argument encoded as JSON.
 
+Installation
+------------
+
 ```
 $ gem install satz
 ```

data/lib/satz.rb

@@ -22,24 +22,83 @@
 
 require "syro"
 require "json"
+require "base64"
 
 class Satz
+
+  # The JSON module from stdlib provides a safe way of loading data
+  # with the `parse` method, but the most widespread API for encoding
+  # and decoding data is with the `load` and `dump` methods, which in
+  # the case of JSON are unsafe. This module wraps the JSON constant
+  # from stdlib in order to expose a safe version of `load`. As the
+  # serializer is configurable, the user is expected to provide
+  # objects that respond safely to those methods.
+  module Serializer
+    def self.load(value)
+      JSON.load(value, nil, create_additions: false)
+    end
+
+    def self.dump(value)
+      JSON.dump(value)
+    end
+  end
+
+  @@serializer = Serializer
+
+  def self.serializer
+    @@serializer
+  end
+
+  # Modify the serializer to be used for all Satz applications.
+  # The serializer object must reply to `load(arg)` and `dump(arg)`.
+  def self.serializer=(value)
+    @@serializer = value
+  end
+
   class Deck < Syro::Deck
+    HTTP_AUTHORIZATION = "HTTP_AUTHORIZATION".freeze
+
+    # Checks the Basic Auth headers and yields
+    # user and pass if credentials are provided.
+    # Returns nil if there are no credentials or
+    # if the block returns false or nil.
+    #
+    # Usage:
+    #
+    #     @user = auth do |user, pass|
+    #       User.authenticate(user, pass)
+    #     end
+    #
+    #     on @user.nil? do
+    #       res.status = 401
+    #       reply(error: "Unauthorized")
+    #     end
+    # 
+    def auth
+      http_auth = env.fetch(HTTP_AUTHORIZATION) do
+        return nil
+      end
+
+      cred = http_auth.split(" ")[1]
+      user, pass = Base64.decode64(cred).split(":")
+
+      yield(user, pass) || nil
+    end
 
-    # Respond by default with JSON.
+    # Respond by default with JSON. The default charset
+    # for "application/json" is UTF-8.
     def default_headers
       { "Content-Type" => "application/json" }
     end
 
     # Read JSON data from the POST request.
     def read
-      body = req.body.read
-      body && JSON.parse(body)
+      Satz.serializer.load(req.body.read)
     end
 
     # Write JSON data to the response.
     def reply(data)
-      res.write(JSON.dump(data))
+      res.write(Satz.serializer.dump(data))
     end
   end
 

data/satz.gemspec

@@ -1,6 +1,6 @@
 Gem::Specification.new do |s|
   s.name              = "satz"
-  s.version           = "0.0.1"
+  s.version           = "0.0.2"
   s.summary           = "Framework for JSON microservices"
   s.description       = "Framework for JSON microservices"
   s.authors           = ["Michel Martens"]

data/test/all.rb

@@ -1,22 +1,37 @@
-App = Satz.define do
+A1 = Satz.define do
   get do
-    reply(true)
+    reply(read)
   end
 
   post do
     reply(read)
   end
+
+  on "protected" do
+    @user = auth do |user, pass|
+      user == "foo" && pass == "bar"
+    end
+
+    on @user.nil? do
+      res.status = 401
+      reply(error: "Unauthorized")
+    end
+
+    get do
+      reply(true)
+    end
+  end
 end
 
 setup do
-  Driver.new(App)
+  Driver.new(A1)
 end
 
 test "get" do |app|
   app.get("/")
 
   assert_equal 200, app.last_response.status
-  assert_equal %Q(true), app.last_response.body
+  assert_equal %Q(null), app.last_response.body
 end
 
 test "post" do |app|
@@ -27,3 +42,45 @@ test "post" do |app|
   assert_equal data, app.last_response.body
   assert_equal 200, app.last_response.status
 end
+
+test "auth" do |app|
+  app.get("/protected")
+
+  assert_equal %Q({"error":"Unauthorized"}), app.last_response.body
+  assert_equal 401, app.last_response.status
+
+  app.authorize("foo", "bar")
+
+  app.get("/protected")
+
+  assert_equal %Q(true), app.last_response.body
+end
+
+module Reverser
+  def self.load(data)
+    data
+  end
+
+  def self.dump(data)
+    data.reverse
+  end
+end
+
+Satz.serializer = Reverser
+
+A2 = Satz.define do
+  get do
+    reply("hello")
+  end
+end
+
+setup do
+  Driver.new(A2)
+end
+
+test "get" do |app|
+  app.get("/")
+
+  assert_equal 200, app.last_response.status
+  assert_equal %Q(olleh), app.last_response.body
+end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: satz
 version: !ruby/object:Gem::Version
-  version: 0.0.1
+  version: 0.0.2
 platform: ruby
 authors:
 - Michel Martens
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2015-12-11 00:00:00.000000000 Z
+date: 2016-01-05 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: syro