schwab_rb 0.2.0

data/lib/schwab_rb/account.rb

@@ -0,0 +1,9 @@
+# frozen_string_literal: true
+
+module SchwabRb
+  class Account
+    module Statuses
+      POSITIONS = 'positions'
+    end
+  end
+end

data/lib/schwab_rb/auth/auth_context.rb

@@ -0,0 +1,23 @@
+require 'oauth2'
+
+module SchwabRb::Auth
+  class AuthContext
+    class << self
+      def build(oauth_client, callback_url, authorization_url, state: nil)
+        auth_params = { redirect_uri: callback_url }
+        auth_params[:state] = state if state
+        authorization_url = oauth_client.auth_code.authorize_url(auth_params)
+
+        new(callback_url, authorization_url, state)
+      end
+    end
+
+    def initialize(callback_url, authorization_url, state)
+      @callback_url = callback_url
+      @authorization_url = authorization_url
+      @state = state
+    end
+
+    attr_reader :callback_url, :authorization_url, :state
+  end
+end

data/lib/schwab_rb/auth/init_client_easy.rb

@@ -0,0 +1,45 @@
+require 'oauth2'
+require_relative 'init_client_token_file'
+require_relative 'init_client_login'
+
+module SchwabRb::Auth
+  def self.init_client_easy(
+    api_key,
+    app_secret,
+    callback_url,
+    token_path,
+    asyncio: false,
+    enforce_enums: false,
+    callback_timeout: 300.0,
+    interactive: true,
+    requested_browser: nil)
+
+    begin
+      if File.exist?(token_path)
+        client = SchwabRb::Auth::init_client_token_file(
+          api_key,
+          app_secret,
+          token_path,
+          enforce_enums: enforce_enums
+        )
+        client.refresh! if client.session.expired?
+        raise OAuth2::Error.new("Token expired") if client.session.expired?
+        client
+      else
+        raise OAuth2::Error.new("No token found")
+      end
+    rescue
+      SchwabRb::Auth::init_client_login(
+        api_key,
+        app_secret,
+        callback_url,
+        token_path,
+        asyncio: asyncio,
+        enforce_enums: enforce_enums,
+        callback_timeout: callback_timeout,
+        interactive: interactive,
+        requested_browser: requested_browser
+      )
+    end
+  end
+end

data/lib/schwab_rb/auth/init_client_login.rb

@@ -0,0 +1,201 @@
+require 'openssl'
+require 'uri'
+require 'net/http'
+require 'json'
+require 'oauth2'
+# require 'logger'
+
+module SchwabRb::Auth
+  class RedirectTimeoutError < StandardError
+    def initialize(msg="Timed out waiting for a callback")
+      super(msg)
+    end
+  end
+  class RedirectServerExitedError < StandardError; end
+  # class TokenExchangeError < StandardError
+  #   def initialize(msg)
+  #     super(msg)
+  #   end
+  # end
+  class InvalidHostname < ArgumentError
+    def initialize(hostname)
+      msg = "Disallowed hostname #{hostname}. init_client_login only allows callback URLs with hostname 127.0.0.1."
+      super(msg)
+    end
+  end
+
+  def self.init_client_login(
+    api_key,
+    app_secret,
+    callback_url,
+    token_path,
+    asyncio: false,
+    enforce_enums: false,
+    callback_timeout: 300.0,
+    interactive: true,
+    requested_browser: nil)
+
+    callback_timeout = if not callback_timeout
+      callback_timeout = 0
+    elsif callback_timeout < 0
+      raise ArgumentError, "callback_timeout must be non-negative"
+    else
+      callback_timeout
+    end
+
+    parsed = URI.parse(callback_url)
+    raise InvalidHostname.new(parsed.host) unless parsed.host == "127.0.0.1"
+
+    callback_port = parsed.port || 4567
+    callback_path = parsed.path.empty? ? "/" : parsed.path
+
+    cert_file, key_file = self.create_ssl_certificate
+
+    server_thread = SchwabRb::Auth::LoginFlowServer.run_in_thread(
+      callback_port: callback_port,
+      callback_path: callback_path,
+      cert_file: cert_file,
+      key_file: key_file
+    )
+
+    begin
+      # NOTE: wait for server to start
+      start_time = Time.now
+      while true
+        begin
+          uri = URI("https://127.0.0.1:#{callback_port}/status")
+          http = Net::HTTP.new(uri.host, uri.port)
+          http.use_ssl = true
+          http.ca_file = cert_file.path
+
+          http.set_debug_output($stdout)
+
+          resp = http.get(uri.path)
+
+          break if resp.is_a?(Net::HTTPSuccess)
+        rescue Errno::ECONNREFUSED
+          sleep 0.1
+        end
+
+        raise RedirectServerExitedError if Time.now - start_time > 5
+      end
+
+      auth_context = self.build_auth_context(api_key, callback_url)
+
+      puts <<~MESSAGE
+      ***********************************************************************
+      Open this URL in your browser to log in:
+      #{auth_context.authorization_url}
+      ***********************************************************************
+      MESSAGE
+
+      if interactive
+        puts "Press ENTER to open the browser..."
+        gets
+      end
+
+      `open "#{auth_context.authorization_url}}"`
+
+      timeout_time = Time.now + callback_timeout
+      received_url = nil
+
+      while Time.now < timeout_time
+        unless LoginFlowServer.queue.empty?
+          received_url = LoginFlowServer.queue.pop
+          break
+        end
+        sleep 0.1
+      end
+
+      raise RedirectTimeoutError.new unless received_url
+
+      self.client_from_received_url(
+        api_key,
+        app_secret,
+        auth_context,
+        received_url,
+        token_path
+      )
+    ensure
+      LoginFlowServer.stop
+    end
+  end
+
+  def self.create_ssl_certificate
+    key = OpenSSL::PKey::RSA.new(2048)
+    cert = OpenSSL::X509::Certificate.new
+
+    cert.subject = OpenSSL::X509::Name.parse("/CN=127.0.0.1")
+    cert.issuer = cert.subject
+    cert.public_key = key.public_key
+    cert.not_before = Time.now
+    cert.not_after = Time.now + (60 * 60 * 24) # 1 day
+    cert.serial = 0x0
+    cert.version = 2
+    cert.sign(key, OpenSSL::Digest::SHA256.new)
+
+    cert_file = Tempfile.new("cert.pem")
+    cert_file.write(cert.to_pem)
+    cert_file.close
+
+    key_file = Tempfile.new("key.pem")
+    key_file.write(key.to_pem)
+    key_file.close
+
+    return cert_file, key_file
+  end
+
+  def self.build_auth_context(api_key, callback_url, state: nil)
+    oauth = OAuth2::Client.new(
+      api_key,
+      nil,
+      site: SchwabRb::Constants::SCHWAB_BASE_URL,
+      authorize_url: "/v1/oauth/authorize",
+      connection_opts: { ssl: { verify: false } }
+    )
+
+    auth_params = { redirect_uri: callback_url }
+    auth_params[:state] = state if state
+    authorization_url = oauth.auth_code.authorize_url(auth_params)
+
+    AuthContext.new(callback_url, authorization_url, state)
+  end
+
+  def self.client_from_received_url(
+    api_key, app_secret, auth_context, received_url, token_path, enforce_enums: true
+  )
+    oauth = OAuth2::Client.new(
+      api_key,
+      app_secret,
+      site: SchwabRb::Constants::SCHWAB_BASE_URL,
+      token_url: "/v1/oauth/token"
+    )
+    uri = URI.parse(received_url)
+    params = URI.decode_www_form(uri.query).to_h
+    authorization_code = params["code"]
+
+    token = oauth.auth_code.get_token(authorization_code, redirect_uri: auth_context.callback_url)
+
+    metadata_manager = SchwabRb::Auth::TokenManager.from_oauth2_token(
+      token,
+      Time.now.to_i,
+      token_path: token_path
+    )
+    metadata_manager.to_file
+
+    session = OAuth2::AccessToken.new(
+      oauth,
+      token.token,
+      refresh_token: token.refresh_token,
+      expires_at: token.expires_at
+    )
+
+    SchwabRb::Client.new(
+      api_key,
+      app_secret,
+      session,
+      token_manager: metadata_manager,
+      enforce_enums: enforce_enums
+    )
+  end
+end

data/lib/schwab_rb/auth/init_client_token_file.rb

@@ -0,0 +1,30 @@
+require "oauth2"
+
+module SchwabRb::Auth
+  def self.init_client_token_file(api_key, app_secret, token_path, enforce_enums: true)
+    oauth = OAuth2::Client.new(
+      api_key,
+      app_secret,
+      site: SchwabRb::Constants::SCHWAB_BASE_URL,
+      token_url: "/v1/oauth/token"
+    )
+
+    metadata_manager = SchwabRb::Auth::TokenManager.from_file(token_path)
+    token = metadata_manager.token
+
+    session = OAuth2::AccessToken.new(
+      oauth,
+      token.token,
+      refresh_token: token.refresh_token,
+      expires_at: token.expires_at
+    )
+
+    SchwabRb::Client.new(
+      api_key,
+      app_secret,
+      session,
+      token_manager: metadata_manager,
+      enforce_enums: enforce_enums
+    )
+  end
+end

data/lib/schwab_rb/auth/login_flow_server.rb

@@ -0,0 +1,55 @@
+require "sinatra"
+require "puma"
+require "thread"
+
+module SchwabRb::Auth
+  class LoginFlowServer < Sinatra::Base
+    class << self
+      attr_accessor :queue
+    end
+
+    self.queue = Queue.new
+
+    self.disable :logging
+
+    get "/status" do
+      "running"
+    end
+
+    def self.create_routes(root_path)
+      get root_path do
+        self.class.queue.push(request.url)
+        "Callback received! You may now close this window/tab."
+      end
+    end
+
+    def self.run_in_thread(callback_port: 4567, callback_path: "/", cert_file: nil, key_file: nil)
+      create_routes(callback_path)
+
+      thread = Thread.new do
+        set :server, "puma"
+        set :port, callback_port
+        set :bind, "127.0.0.1"
+
+        ctx = Puma::MiniSSL::Context.new.tap do |ctx|
+          ctx.key = key_file.path
+          ctx.cert = cert_file.path
+          ctx.verify_mode=Puma::MiniSSL::VERIFY_NONE
+        end
+
+        puts ctx.inspect
+
+        Puma::Server.new(self).tap do |server|
+          server.add_ssl_listener("127.0.0.1", callback_port, ctx)
+          server.run
+        end
+      end
+      sleep 0.5
+      thread
+    end
+
+    def self.stop
+      Thread.list.each { |t| t.exit if t != Thread.main }
+    end
+  end
+end

data/lib/schwab_rb/auth/token.rb

@@ -0,0 +1,24 @@
+module SchwabRb::Auth
+  class Token
+    def initialize(
+      token: nil,
+      expires_in: nil,
+      token_type: "Bearer",
+      scope: nil,
+      refresh_token: nil,
+      id_token: nil,
+      expires_at: nil
+    )
+      @token = token
+      @expires_in = expires_in
+      @token_type = token_type
+      @scope = scope
+      @refresh_token = refresh_token
+      @id_token = id_token
+      @expires_at = expires_at
+    end
+
+    attr_reader :token, :expires_in, :token_type, :scope,
+      :refresh_token, :id_token, :expires_at
+  end
+end

data/lib/schwab_rb/auth/token_manager.rb

@@ -0,0 +1,105 @@
+require 'oauth2'
+require 'json'
+
+module SchwabRb::Auth
+  class TokenManager
+    class << self
+      def from_file(token_path)
+        token_data = JSON.parse(File.read(token_path))
+        token = SchwabRb::Auth::Token.new(
+          token: token_data["token"]["access_token"],
+          expires_in: token_data["token"]["expires_in"],
+          token_type: token_data["token"]["token_type"],
+          scope: token_data["token"]["scope"],
+          refresh_token: token_data["token"]["refresh_token"],
+          id_token: token_data["token"]["id_token"],
+          expires_at: token_data["token"]["expires_at"]
+        )
+
+        TokenManager.new(token, token_data["timestamp"], token_path: token_path)
+      end
+
+      def from_oauth2_token(oauth2_token, timestamp, token_path: SchwabRb::Constants::DEFAULT_TOKEN_PATH)
+        token = SchwabRb::Auth::Token.new(
+          token: oauth2_token.token,
+          expires_in: oauth2_token.expires_in,
+          token_type: oauth2_token.params["token_type"] || "Bearer",
+          scope: oauth2_token.params["scope"],
+          refresh_token: oauth2_token.refresh_token,
+          id_token: oauth2_token.params["id_token"],
+          expires_at: oauth2_token.expires_at
+        )
+
+        TokenManager.new(token, timestamp, token_path: token_path)
+      end
+    end
+
+    def initialize(token, timestamp, token_path: SchwabRb::Constants::DEFAULT_TOKEN_PATH)
+      @token = token
+      @timestamp = timestamp
+      @token_path = token_path
+    end
+
+    attr_reader :token, :timestamp, :token_path
+
+    def refresh_token(client)
+      new_token = client.session.refresh!
+
+      @token = SchwabRb::Auth::Token.new(
+        token: new_token.token,
+        expires_in: new_token.expires_in,
+        token_type: new_token.params["token_type"] || "Bearer",
+        scope: new_token.params["scope"],
+        refresh_token: new_token.refresh_token,
+        id_token: new_token.params["id_token"],
+        expires_at: new_token.expires_at
+      )
+      @timestamp = Time.now.to_i
+
+      to_file
+
+      oauth = OAuth2::Client.new(
+        client.api_key,
+        client.app_secret,
+        site: SchwabRb::Constants::SCHWAB_BASE_URL,
+        token_url: "/v1/oauth/token"
+      )
+
+      OAuth2::AccessToken.new(
+        oauth,
+        token.token,
+        refresh_token: token.refresh_token,
+        expires_at: token.expires_at
+      )
+    end
+
+    def to_file
+      File.open(token_path, "w") do |f|
+        f.write(to_json)
+      end
+    end
+
+    def token_age
+      Time.now.to_i - timestamp
+    end
+
+    def to_h
+      token_data = {
+        timestamp: timestamp,
+        token: {
+          expires_in: token.expires_in,
+          token_type: token.token_type,
+          scope: token.scope,
+          refresh_token: token.refresh_token,
+          access_token: token.token,
+          id_token: token.id_token,
+          expires_at: token.expires_at
+        }
+      }
+    end
+
+    def to_json
+      to_h.to_json
+    end
+  end
+end

data/lib/schwab_rb/clients/async_client.rb

@@ -0,0 +1,122 @@
+require 'async'
+require 'async/http'
+require 'json'
+require 'uri'
+require_relative 'base_client'
+require_relative '../utils/logger'
+require_relative '../utils/redactor'
+require_relative '../constants'
+
+module SchwabRb
+  class AsyncClient < BaseClient
+    def initialize(api_key, app_secret, session, token_manager:, enforce_enums: true)
+      super
+      @endpoint = Async::HTTP::Endpoint.parse(SchwabRb::Constants::SCHWAB_BASE_URL)
+      @client = Async::HTTP::Client.new(@endpoint)
+    end
+
+    def close_async_session
+      @client.close
+    end
+
+    private
+
+    def get(path, params = {})
+      Async do
+        refresh_token_if_needed
+        dest = URI(URI::DEFAULT_PARSER.escape("#{SchwabRb::Constants::SCHWAB_BASE_URL}#{path}"))
+        dest.query = URI.encode_www_form(params) if params.any?
+
+        req_num = req_num()
+        log_request('GET', req_num, dest, params)
+
+        # Use path only since @endpoint already has the base URL
+        query_string = params.any? ? "?#{URI.encode_www_form(params)}" : ""
+        response = @client.get("#{path}#{query_string}", build_headers)
+
+        log_response(response, req_num)
+        response
+      end
+    end
+
+    def post(path, data = {})
+      Async do
+        refresh_token_if_needed
+        dest = URI(URI::DEFAULT_PARSER.escape("#{SchwabRb::Constants::SCHWAB_BASE_URL}#{path}"))
+
+        req_num = req_num()
+        log_request('POST', req_num, dest, data)
+
+        response = @client.post(path, build_headers, JSON.dump(data))
+
+        log_response(response, req_num)
+        response
+      end
+    end
+
+    def put(path, data = {})
+      Async do
+        refresh_token_if_needed
+        dest = URI(URI::DEFAULT_PARSER.escape("#{SchwabRb::Constants::SCHWAB_BASE_URL}#{path}"))
+
+        req_num = req_num()
+        log_request('PUT', req_num, dest, data)
+
+        response = @client.put(path, build_headers, JSON.dump(data))
+
+        log_response(response, req_num)
+        response
+      end
+    end
+
+    def delete(path)
+      Async do
+        refresh_token_if_needed
+        dest = URI(URI::DEFAULT_PARSER.escape("#{SchwabRb::Constants::SCHWAB_BASE_URL}#{path}"))
+
+        req_num = req_num()
+        log_request('DELETE', req_num, dest)
+
+        response = @client.delete(path, build_headers)
+
+        log_response(response, req_num)
+        response
+      end
+    end
+
+    def build_headers
+      headers = { "Content-Type" => "application/json" }
+      
+      # Add authorization header if token is available
+      if @token_manager&.access_token
+        headers["Authorization"] = "Bearer #{@token_manager.access_token}"
+      end
+      
+      headers
+    end
+
+    def log_request(method, req_num, dest, data = nil)
+      redacted_dest = SchwabRb::Redactor.redact_url(dest.to_s)
+      SchwabRb::Logger.logger.info("Req #{req_num}: #{method} to #{redacted_dest}")
+      
+      if data
+        redacted_data = SchwabRb::Redactor.redact_data(data)
+        SchwabRb::Logger.logger.debug("Payload: #{JSON.pretty_generate(redacted_data)}")
+      end
+    end
+
+    def log_response(response, req_num)
+      SchwabRb::Logger.logger.info("Resp #{req_num}: Status #{response.status}")
+      
+      if SchwabRb::Logger.logger.level == ::Logger::DEBUG
+        redacted_body = SchwabRb::Redactor.redact_response_body(response)
+        SchwabRb::Logger.logger.debug("Response body: #{JSON.pretty_generate(redacted_body)}") if redacted_body
+      end
+    end
+
+    def req_num
+      @request_counter ||= 0
+      @request_counter += 1
+    end
+  end
+end