securenative 0.1.5 → 0.1.16

data/Rakefile

@@ -1,2 +1,6 @@
 require "bundler/gem_tasks"
-task :default => :spec
+task :default => :spec
+
+require 'rspec/core/rake_task'
+task :default => :spec
+RSpec::Core::RakeTask.new

data/VERSION

@@ -0,0 +1 @@
+0.1.16

data/lib/securenative/api_manager.rb

@@ -0,0 +1,30 @@
+require 'json'
+require_relative 'logger'
+
+class ApiManager
+  def initialize(event_manager, securenative_options)
+    @event_manager = event_manager
+    @options = securenative_options
+  end
+
+  def track(event_options)
+    Logger.debug('Track event call')
+    event = SDKEvent.new(event_options, @options)
+    @event_manager.send_async(event, ApiRoute::TRACK)
+  end
+
+  def verify(event_options)
+    Logger.debug('Verify event call')
+    event = SDKEvent.new(event_options, @options)
+
+    begin
+      res = JSON.parse(@event_manager.send_sync(event, ApiRoute::VERIFY, false))
+      return VerifyResult.new(res['riskLevel'], res['score'], res['triggers'])
+    rescue StandardError => e
+      Logger.debug('Failed to call verify; {}'.format(e))
+    end
+    return VerifyResult.new(RiskLevel::LOW, 0, nil) if @options.fail_over_strategy == FailOverStrategy::FAIL_OPEN
+
+    VerifyResult.new(RiskLevel::HIGH, 1, nil)
+  end
+end

data/lib/securenative/config/configuration_builder.rb

@@ -0,0 +1,26 @@
+class ConfigurationBuilder
+  attr_reader :api_key, :api_url, :interval, :max_events, :timeout, :auto_send, :disable, :log_level, :fail_over_strategy
+  attr_writer :api_key, :api_url, :interval, :max_events, :timeout, :auto_send, :disable, :log_level, :fail_over_strategy
+
+  def initialize(api_key = nil, api_url = 'https://api.securenative.com/collector/api/v1', interval = 1000,
+                 max_events = 1000, timeout = 1500, auto_send = true, disable = false, log_level = 'FATAL',
+                 fail_over_strategy = FailOverStrategy::FAIL_OPEN)
+    @api_key = api_key
+    @api_url = api_url
+    @interval = interval
+    @max_events = max_events
+    @timeout = timeout
+    @auto_send = auto_send
+    @disable = disable
+    @log_level = log_level
+    @fail_over_strategy = fail_over_strategy
+  end
+
+  def self.default_config_builder
+    ConfigurationBuilder()
+  end
+
+  def self.default_securenative_options
+    SecureNativeOptions()
+  end
+end

data/lib/securenative/config/configuration_manager.rb

@@ -0,0 +1,53 @@
+require 'parseconfig'
+
+class ConfigurationManager
+  DEFAULT_CONFIG_FILE = 'securenative.cfg'.freeze
+  CUSTOM_CONFIG_FILE_ENV_NAME = 'SECURENATIVE_COMFIG_FILE'.freeze
+  @config = nil
+
+  def self.read_resource_file(resource_path)
+    @config = ParseConfig.new(resource_path)
+
+    properties = {}
+    @config.get_groups.each { |group|
+      group.each do |key, value|
+        properties[key.upcase] = value
+      end
+    }
+    properties
+  end
+
+  def self._get_resource_path(env_name)
+    Env.fetch(env_name, ENV[DEFAULT_CONFIG_FILE])
+  end
+
+  def self.config_builder
+    ConfigurationBuilder.default_config_builder
+  end
+
+  def self._get_env_or_default(properties, key, default)
+    return Env[key] if Env[key]
+    return properties[key] if properties[key]
+
+    default
+  end
+
+  def self.load_config
+    options = ConfigurationBuilder().default_securenative_options
+
+    resource_path = DEFAULT_CONFIG_FILE
+    resource_path = Env[CUSTOM_CONFIG_FILE_ENV_NAME] if Env[CUSTOM_CONFIG_FILE_ENV_NAME]
+
+    properties = read_resource_file(resource_path)
+
+    ConfigurationBuilder(_get_env_or_default(properties, 'SECURENATIVE_API_KEY', options.api_key),
+                         _get_env_or_default(properties, 'SECURENATIVE_API_URL', options.api_url),
+                         _get_env_or_default(properties, 'SECURENATIVE_INTERVAL', options.interval),
+                         _get_env_or_default(properties, 'SECURENATIVE_MAX_EVENTS', options.max_events),
+                         _get_env_or_default(properties, 'SECURENATIVE_TIMEOUT', options.timeout),
+                         _get_env_or_default(properties, 'SECURENATIVE_AUTO_SEND', options.auto_send),
+                         _get_env_or_default(properties, 'SECURENATIVE_DISABLE', options.disable),
+                         _get_env_or_default(properties, 'SECURENATIVE_LOG_LEVEL', options.log_level),
+                         _get_env_or_default(properties, 'SECURENATIVE_FAILOVER_STRATEGY', options.fail_over_strategy))
+  end
+end

data/lib/securenative/config/securenative_options.rb

@@ -0,0 +1,18 @@
+class SecureNativeOptions
+  attr_reader :api_key, :api_url, :interval, :max_events, :timeout, :auto_send, :disable, :log_level, :fail_over_strategy
+  attr_writer :api_key, :api_url, :interval, :max_events, :timeout, :auto_send, :disable, :log_level, :fail_over_strategy
+
+  def initialize(api_key = nil, api_url = "https://api.securenative.com/collector/api/v1", interval = 1000,
+                 max_events = 1000, timeout = 1500, auto_send = true, disable = false, log_level = "FATAL",
+                 fail_over_strategy = FailOverStrategy::FAIL_OPEN)
+    @api_key = api_key
+    @api_url = api_url
+    @interval = interval
+    @max_events = max_events
+    @timeout = timeout
+    @auto_send = auto_send
+    @disable = disable
+    @log_level = log_level
+    @fail_over_strategy = fail_over_strategy
+  end
+end

data/lib/securenative/context/context_builder.rb

@@ -0,0 +1,59 @@
+class ContextBuilder
+  attr_reader :context
+
+  def initialize(client_token = nil, ip = nil, remote_ip = nil, headers = nil, url = nil, method = nil, body = nil)
+    @context = SecureNativeContext(client_token, ip, remote_ip, headers, url, method, body)
+  end
+
+  def client_token(client_token)
+    @context.client_token = client_token
+  end
+
+  def ip(ip)
+    @context.ip = ip
+  end
+
+  def remote_ip(remote_ip)
+    @context.remote_ip = remote_ip
+  end
+
+  def headers(headers)
+    @context.headers = headers
+  end
+
+  def url(url)
+    @context.url = url
+  end
+
+  def method(method)
+    @context.method = method
+  end
+
+  def body(body)
+    @context.body = body
+  end
+
+  def self.default_context_builder
+    ContextBuilder()
+  end
+
+  def self.from_http_request(request)
+    begin
+      client_token = request.cookies[RequestUtils.SECURENATIVE_COOKIE]
+    rescue StandardError
+      client_token = nil
+    end
+
+    begin
+      headers = request.headers
+    rescue StandardError
+      headers = nil
+    end
+
+    client_token = RequestUtils.get_secure_header_from_request(headers) if Utils.null_or_empty?(client_token)
+
+    ContextBuilder(url = request.url, method = request.method, header = headers, client_token = client_token,
+                   client_ip = RequestUtils.get_client_ip_from_request(request),
+                   remote_ip = RequestUtils.get_remote_ip_from_request(request), nil)
+  end
+end

data/lib/securenative/context/securenative_context.rb

@@ -0,0 +1,14 @@
+class SecureNativeContext
+  attr_reader :client_token, :ip, :remote_ip, :headers, :url, :method, :body
+  attr_writer :client_token, :ip, :remote_ip, :headers, :url, :method, :body
+
+  def initialize(client_token = nil, ip = nil, remote_ip = nil, headers = nil, url = nil, method = nil, body = nil)
+    @client_token = client_token
+    @ip = ip
+    @remote_ip = remote_ip
+    @headers = headers
+    @url = url
+    @method = method
+    @body = body
+  end
+end

data/lib/securenative/enums/api_route.rb

@@ -0,0 +1,4 @@
+module ApiRoute
+  TRACK = 'track'.freeze
+  VERIFY = 'verify'.freeze
+end

data/lib/securenative/enums/event_types.rb

@@ -0,0 +1,21 @@
+module EventTypes
+  LOG_IN = 'sn.user.login'.freeze
+  LOG_IN_CHALLENGE = 'sn.user.login.challenge'.freeze
+  LOG_IN_FAILURE = 'sn.user.login.failure'.freeze
+  LOG_OUT = 'sn.user.logout'.freeze
+  SIGN_UP = 'sn.user.signup'.freeze
+  AUTH_CHALLENGE = 'sn.user.auth.challenge'.freeze
+  AUTH_CHALLENGE_SUCCESS = 'sn.user.auth.challenge.success'.freeze
+  AUTH_CHALLENGE_FAILURE = 'sn.user.auth.challenge.failure'.freeze
+  TWO_FACTOR_DISABLE = 'sn.user.2fa.disable'.freeze
+  EMAIL_UPDATE = 'sn.user.email.update'.freeze
+  PASSWORD_REST = 'sn.user.password.reset'.freeze
+  PASSWORD_REST_SUCCESS = 'sn.user.password.reset.success'.freeze
+  PASSWORD_UPDATE = 'sn.user.password.update'.freeze
+  PASSWORD_REST_FAILURE = 'sn.user.password.reset.failure'.freeze
+  USER_INVITE = 'sn.user.invite'.freeze
+  ROLE_UPDATE = 'sn.user.role.update'.freeze
+  PROFILE_UPDATE = 'sn.user.profile.update'.freeze
+  PAGE_VIEW = 'sn.user.page.view'.freeze
+  VERIFY = 'sn.verify'.freeze
+end

data/lib/securenative/enums/failover_strategy.rb

@@ -0,0 +1,4 @@
+module FailOverStrategy
+  FAIL_OPEN = 'fail-open'.freeze
+  FAIL_CLOSED = 'fail-closed'.freeze
+end

data/lib/securenative/enums/risk_level.rb

@@ -0,0 +1,5 @@
+module RiskLevel
+  LOW = 'low'.freeze
+  MEDIUM = 'medium'.freeze
+  HIGH = 'high'.freeze
+end

data/lib/securenative/event_manager.rb

@@ -1,88 +1,149 @@
-require_relative 'securenative_options'
-require_relative 'http_client'
-require_relative 'sn_exception'
-require 'json'
-require 'thread'
+require_relative 'logger'
 
 class QueueItem
-  def initialize(url, body)
+  attr_reader :url, :body, :retry
+  attr_writer :url, :body, :retry
+
+  def initialize(url, body, _retry)
     @url = url
     @body = body
+    @retry = _retry
   end
-
-  attr_reader :url
-  attr_reader :body
 end
 
 class EventManager
-  def initialize(api_key, options: SecureNativeOptions.new, http_client: HttpClient.new)
-    if api_key == nil
-      raise SecureNativeSDKException.new
+  def initialize(options = SecureNativeOptions(), http_client = nil)
+    if options.api_key.nil?
+      raise SecureNativeSDKException('API key cannot be None, please get your API key from SecureNative console.')
     end
 
-    @api_key = api_key
+    @http_client = if http_client.nil?
+                     SecureNativeHttpClient(options)
+                   else
+                     http_client
+                   end
+
+    @queue = []
+    @thread = Thread.new(run)
+    @thread.start
+
     @options = options
-    @http_client = http_client
-    @queue = Queue.new
-
-    if @options.auto_send
-      interval_seconds = [(@options.interval / 1000).floor, 1].max
-      Thread.new do
-        loop do
-          flush
-          sleep(interval_seconds)
-        end
-      end
-    end
+    @send_enabled = false
+    @attempt = 0
+    @coefficients = [1, 1, 2, 3, 5, 8, 13]
+    @thread = nil
+    @interval = options.interval
   end
 
-  def send_async(event, path)
-    q_item = QueueItem.new(build_url(path), event)
-    @queue.push(q_item)
-  end
+  def send_async(event, resource_path)
+    if @options.disable
+      Logger.warning('SDK is disabled. no operation will be performed')
+      return
+    end
 
-  def send_sync(event, path)
-    @http_client.post(
-        build_url(path),
-        @api_key,
-        event.to_hash.to_json
-    )
+    item = QueueItem(resource_path, JSON.parse(EventManager.serialize(event)), false)
+    @queue.append(item)
   end
 
   def flush
-    if is_queue_full
-      i = @options.max_events - 1
-      while i >= 0
-        item = @queue.pop
-        @http_client.post(
-            build_url(item.url),
-            @api_key,
-            item.body.to_hash.to_json
-        )
-      end
-    else
-      q = Array.new(@queue.size) {@queue.pop}
-      q.each do |item|
-        @http_client.post(
-            build_url(item.url),
-            @api_key,
-            item.body
-        )
-        @queue = Queue.new
-      end
+    @queue.each do |item|
+      @http_client.post(item.url, item.body)
     end
   end
 
-  private
+  def send_sync(event, resource_path, _retry)
+    if @options.disable
+      Logger.warning('SDK is disabled. no operation will be performed')
+      return
+    end
+
+    Logger.debug('Attempting to send event {}'.format(event))
+    res = @http_client.post(resource_path, JSON.parse(EventManager.serialize(event)))
 
-  def build_url(path)
-    @options.api_url + path
+    if res.status_code != 200
+      Logger.info('SecureNative failed to call endpoint {} with event {}. adding back to queue'.format(resource_path, event))
+      item = QueueItem(resource_path, JSON.parse(EventManager.serialize(event)), _retry)
+      @queue.append(item)
+    end
+
+    res
+  end
+
+  def run
+    loop do
+      next unless !@queue.empty? && @send_enabled
+
+      @queue.each do |item|
+        begin
+          res = @http_client.post(item.url, item.body)
+          if res.status_code == 401
+            item.retry = false
+          elsif res.status_code != 200
+            raise SecureNativeHttpException(res.status_code)
+          end
+          Logger.debug('Event successfully sent; {}'.format(item.body))
+          return res
+        rescue StandardError => e
+          Logger.error('Failed to send event; {}'.format(e))
+          if item.retry
+            @attempt = 0 if @coefficients.length == @attempt + 1
+
+            back_off = @coefficients[@attempt] * @options.interval
+            Logger.debug('Automatic back-off of {}'.format(back_off))
+            @send_enabled = false
+            sleep back_off
+            @send_enabled = true
+          end
+        end
+      end
+      sleep @interval / 1000
+    end
   end
 
-  private
+  def start_event_persist
+    Logger.debug('Starting automatic event persistence')
+    if @options.auto_send || @send_enabled
+      @send_enabled = true
+    else
+      Logger.debug('Automatic event persistence is disabled, you should persist events manually')
+    end
+  end
 
-  def is_queue_full
-    @queue.length > @options.max_events
+  def stop_event_persist
+    if @send_enabled
+      Logger.debug('Attempting to stop automatic event persistence')
+      begin
+        flush
+        @thread&.stop
+        Logger.debug('Stopped event persistence')
+      rescue StandardError => e
+        Logger.error('Could not stop event scheduler; {}'.format(e))
+      end
+    end
   end
 
+  def self.serialize(obj)
+    {
+        rid: obj.rid,
+        eventType: obj.event_type,
+        userId: obj.user_id,
+        userTraits: {
+            name: obj.user_traits.name,
+            email: obj.user_traits.email,
+            createdAt: obj.user_traits.created_at
+        },
+        request: {
+            cid: obj.request.cid,
+            vid: obj.request.vid,
+            fp: obj.request.fp,
+            ip: obj.request.ip,
+            remoteIp: obj.request.remote_ip,
+            method: obj.request.method,
+            url: obj.request.url,
+            headers: obj.request.headers
+        },
+        timestamp: obj.timestamp,
+        properties: obj.properties
+    }
+  end
 end