securenative 0.1.5 → 0.1.21

data/lib/context/securenative_context.rb

@@ -0,0 +1,67 @@
+# frozen_string_literal: true
+
+require 'utils/request_utils'
+require 'utils/utils'
+require 'context/rails_context'
+require 'context/hanami_context'
+require 'context/sinatra_context'
+
+class SecureNativeContext
+  attr_reader :client_token, :ip, :remote_ip, :headers, :url, :http_method, :body
+  attr_writer :client_token, :ip, :remote_ip, :headers, :url, :http_method, :body
+
+  SECURENATIVE_COOKIE = '_sn'
+
+  def initialize(client_token: '', ip: '', remote_ip: '', headers: nil, url: '', http_method: '', body: '')
+    @client_token = client_token
+    @ip = ip
+    @remote_ip = remote_ip
+    @headers = headers
+    @url = url
+    @http_method = http_method
+    @body = body
+  end
+
+  def self.default_context_builder
+    SecureNativeContext.new
+  end
+
+  def self.from_http_request(request)
+    client_token = RailsContext.get_client_token(request)
+    client_token = SinatraContext.get_client_token(request) if client_token.nil?
+    client_token = HanamiContext.get_client_token(request) if client_token.nil?
+
+    begin
+      headers = RailsContext.get_headers(request)
+      headers = SinatraContext.get_headers(request) if headers.nil?
+      headers = HanamiContext.get_headers(request) if headers.nil?
+
+      # Standard Ruby request
+      headers = request.header.to_hash if headers.nil?
+    rescue StandardError
+      headers = []
+    end
+
+    url = RailsContext.get_url(request)
+    url = SinatraContext.get_url(request) if url.nil?
+    url = HanamiContext.get_url(request) if url.nil?
+    url = '' if url.nil?
+
+    method = RailsContext.get_method(request)
+    method = SinatraContext.get_method(request) if method.nil?
+    method = HanamiContext.get_method(request) if method.nil?
+    method = '' if method.nil?
+
+    begin
+      body = request.body.to_s
+    rescue StandardError
+      body = ''
+    end
+
+    client_token = RequestUtils.get_secure_header_from_request(headers) if Utils.null_or_empty?(client_token)
+
+    SecureNativeContext.new(client_token: client_token, ip: RequestUtils.get_client_ip_from_request(request),
+                            remote_ip: RequestUtils.get_remote_ip_from_request(request),
+                            headers: headers, url: url, http_method: method || '', body: body)
+  end
+end

data/lib/context/sinatra_context.rb

@@ -0,0 +1,42 @@
+# frozen_string_literal: true
+
+class SinatraContext
+  SECURENATIVE_COOKIE = '_sn'
+
+  def self.get_client_token(request)
+    begin
+      request.env[SECURENATIVE_COOKIE]
+    rescue StandardError
+      begin
+        request.cookies[SECURENATIVE_COOKIE]
+      rescue StandardError
+        nil
+      end
+    end
+  end
+
+  def self.get_url(request)
+    begin
+      request.env['REQUEST_URI']
+    rescue StandardError
+      nil
+    end
+  end
+
+  def self.get_method(request)
+    begin
+      request.env['REQUEST_METHOD']
+    rescue StandardError
+      nil
+    end
+  end
+
+  def self.get_headers(request)
+    begin
+      # Note: At the moment we're filtering out everything but user-agent since ruby's payload is way too big
+      { 'user-agent' => request.env['HTTP_USER_AGENT'] }
+    rescue StandardError
+      nil
+    end
+  end
+end

data/lib/enums/api_route.rb

@@ -0,0 +1,6 @@
+# frozen_string_literal: true
+
+module ApiRoute
+  TRACK = 'track'
+  VERIFY = 'verify'
+end

data/lib/enums/event_types.rb

@@ -0,0 +1,23 @@
+# frozen_string_literal: true
+
+module EventTypes
+  LOG_IN = 'sn.user.login'
+  LOG_IN_CHALLENGE = 'sn.user.login.challenge'
+  LOG_IN_FAILURE = 'sn.user.login.failure'
+  LOG_OUT = 'sn.user.logout'
+  SIGN_UP = 'sn.user.signup'
+  AUTH_CHALLENGE = 'sn.user.auth.challenge'
+  AUTH_CHALLENGE_SUCCESS = 'sn.user.auth.challenge.success'
+  AUTH_CHALLENGE_FAILURE = 'sn.user.auth.challenge.failure'
+  TWO_FACTOR_DISABLE = 'sn.user.2fa.disable'
+  EMAIL_UPDATE = 'sn.user.email.update'
+  PASSWORD_REST = 'sn.user.password.reset'
+  PASSWORD_REST_SUCCESS = 'sn.user.password.reset.success'
+  PASSWORD_UPDATE = 'sn.user.password.update'
+  PASSWORD_REST_FAILURE = 'sn.user.password.reset.failure'
+  USER_INVITE = 'sn.user.invite'
+  ROLE_UPDATE = 'sn.user.role.update'
+  PROFILE_UPDATE = 'sn.user.profile.update'
+  PAGE_VIEW = 'sn.user.page.view'
+  VERIFY = 'sn.verify'
+end

data/lib/enums/failover_strategy.rb

@@ -0,0 +1,6 @@
+# frozen_string_literal: true
+
+module FailOverStrategy
+  FAIL_OPEN = 'fail-open'
+  FAIL_CLOSED = 'fail-closed'
+end

data/lib/enums/risk_level.rb

@@ -0,0 +1,7 @@
+# frozen_string_literal: true
+
+module RiskLevel
+  LOW = 'low'
+  MEDIUM = 'medium'
+  HIGH = 'high'
+end

data/lib/errors/securenative_config_error.rb

@@ -0,0 +1,4 @@
+# frozen_string_literal: true
+
+class SecureNativeConfigError < StandardError
+end

data/lib/errors/securenative_http_error.rb

@@ -0,0 +1,4 @@
+# frozen_string_literal: true
+
+class SecureNativeHttpError < StandardError
+end

data/lib/errors/securenative_invalid_options_error.rb

@@ -0,0 +1,4 @@
+# frozen_string_literal: true
+
+class SecureNativeInvalidOptionsError < StandardError
+end

data/lib/errors/securenative_invalid_uri_error.rb

@@ -0,0 +1,4 @@
+# frozen_string_literal: true
+
+class SecureNativeInvalidUriError < StandardError
+end

data/lib/errors/securenative_parse_error.rb

@@ -0,0 +1,4 @@
+# frozen_string_literal: true
+
+class SecureNativeParseError < StandardError
+end

data/lib/errors/securenative_sdk_Illegal_state_error.rb

@@ -0,0 +1,4 @@
+# frozen_string_literal: true
+
+class SecureNativeSDKIllegalStateError < StandardError
+end

data/lib/errors/securenative_sdk_error.rb

@@ -0,0 +1,4 @@
+# frozen_string_literal: true
+
+class SecureNativeSDKError < StandardError
+end

data/lib/event_manager.rb

@@ -0,0 +1,157 @@
+# frozen_string_literal: true
+
+require 'utils/secure_native_logger'
+require 'config/securenative_options'
+require 'http/securenative_http_client'
+require 'errors/securenative_sdk_error'
+require 'errors/securenative_http_error'
+
+class QueueItem
+  attr_reader :url, :body, :retry_sending
+  attr_writer :url, :body, :retry_sending
+
+  def initialize(url, body, retry_sending)
+    @url = url
+    @body = body
+    @retry = retry_sending
+  end
+end
+
+class EventManager
+  def initialize(options = SecureNativeOptions.new, http_client = nil)
+    if options.api_key.nil?
+      raise SecureNativeSDKError, 'API key cannot be None, please get your API key from SecureNative console.'
+    end
+
+    @http_client = if http_client.nil?
+                     SecureNativeHttpClient.new(options)
+                   else
+                     http_client
+                   end
+
+    @queue = []
+    @semaphore = Mutex.new
+    @interval = options.interval
+    @options = options
+    @send_enabled = false
+    @attempt = 0
+    @coefficients = [1, 1, 2, 3, 5, 8, 13]
+
+    @thread = Thread.new { run }
+  end
+
+  def send_async(event, resource_path)
+    if @options.disable
+      SecureNativeLogger.warning('SDK is disabled. no operation will be performed')
+      return
+    end
+
+    item = QueueItem.new(resource_path, EventManager.serialize(event).to_json, false)
+    @queue.append(item)
+  end
+
+  def flush
+    @queue.each do |item|
+      @http_client.post(item.url, item.body)
+    end
+  end
+
+  def send_sync(event, resource_path, retry_sending)
+    if @options.disable
+      SecureNativeLogger.warning('SDK is disabled. no operation will be performed')
+      return
+    end
+
+    SecureNativeLogger.debug("Attempting to send event #{event}")
+    res = @http_client.post(resource_path, EventManager.serialize(event).to_json)
+
+    if res.nil? || res.code != '200'
+      SecureNativeLogger.info("SecureNative failed to call endpoint #{resource_path} with event #{event}. adding back to queue")
+      item = QueueItem.new(resource_path, EventManager.serialize(event).to_json, retry_sending)
+      @queue.append(item)
+    end
+
+    res
+  end
+
+  def run
+    loop do
+      @semaphore.synchronize do
+        next unless !@queue.empty? && @send_enabled
+
+        @queue.each do |item|
+          begin
+            res = @http_client.post(item.url, item.body)
+            if res.code == '401'
+              item.retry_sending = false
+            elsif res.code != '200'
+              raise SecureNativeHttpError, res.status_code
+            end
+            SecureNativeLogger.debug("Event successfully sent; #{item.body}")
+            return res
+          rescue StandardError => e
+            SecureNativeLogger.error("Failed to send event; #{e}")
+            if item.retry_sending
+              @attempt = 0 if @coefficients.length == @attempt + 1
+
+              back_off = @coefficients[@attempt] * @options.interval
+              SecureNativeLogger.debug("Automatic back-off of #{back_off}")
+              @send_enabled = false
+              sleep back_off
+              @send_enabled = true
+            end
+          end
+        end
+      end
+      sleep @interval / 1000
+    end
+  end
+
+  def start_event_persist
+    SecureNativeLogger.debug('Starting automatic event persistence')
+    if @options.auto_send || @send_enabled
+      @send_enabled = true
+    else
+      SecureNativeLogger.debug('Automatic event persistence is disabled, you should persist events manually')
+    end
+  end
+
+  def stop_event_persist
+    if @send_enabled
+      SecureNativeLogger.debug('Attempting to stop automatic event persistence')
+      begin
+        flush
+        @thread&.stop?
+        SecureNativeLogger.debug('Stopped event persistence')
+      rescue StandardError => e
+        SecureNativeLogger.error("Could not stop event scheduler; #{e}")
+      end
+    end
+  end
+
+  def self.serialize(obj)
+    {
+      rid: obj.rid,
+      eventType: obj.event_type,
+      userId: obj.user_id,
+      userTraits: {
+        name: obj.user_traits.name,
+        email: obj.user_traits.email,
+        phone: obj.user_traits.phone,
+        createdAt: obj.user_traits.created_at
+      },
+      request: {
+        cid: obj.request.cid,
+        vid: obj.request.vid,
+        fp: obj.request.fp,
+        ip: obj.request.ip,
+        remoteIp: obj.request.remote_ip,
+        method: obj.request.http_method || '',
+        url: obj.request.url,
+        headers: obj.request.headers
+      },
+      timestamp: obj.timestamp,
+      properties: obj.properties
+    }
+  end
+end

data/lib/http/secure_native_http_response.rb

@@ -0,0 +1,12 @@
+# frozen_string_literal: true
+
+class SecureNativeHttpResponse
+  attr_reader :ok, :status_code, :body
+  attr_writer :ok, :status_code, :body
+
+  def initialize(ok, status_code, body)
+    @ok = ok
+    @status_code = status_code
+    @body = body
+  end
+end

data/lib/http/securenative_http_client.rb

@@ -0,0 +1,50 @@
+# frozen_string_literal: true
+
+require 'net/http'
+require 'uri'
+require 'json'
+require 'utils/version_utils'
+require 'utils/secure_native_logger'
+
+class SecureNativeHttpClient
+  AUTHORIZATION_HEADER = 'Authorization'
+  VERSION_HEADER = 'SN-Version'
+  USER_AGENT_HEADER = 'User-Agent'
+  USER_AGENT_HEADER_VALUE = 'SecureNative-ruby'
+  CONTENT_TYPE_HEADER = 'Content-Type'
+  CONTENT_TYPE_HEADER_VALUE = 'application/json'
+
+  def initialize(securenative_options)
+    @options = securenative_options
+  end
+
+  def _headers
+    {
+      CONTENT_TYPE_HEADER => CONTENT_TYPE_HEADER_VALUE,
+      USER_AGENT_HEADER => USER_AGENT_HEADER_VALUE,
+      VERSION_HEADER => VersionUtils.version,
+      AUTHORIZATION_HEADER => @options.api_key
+    }
+  end
+
+  def post(path, body)
+    uri = URI.parse("#{@options.api_url}/#{path}")
+    headers = _headers
+
+    client = Net::HTTP.new(uri.host, uri.port)
+    client.use_ssl = true
+    client.verify_mode = OpenSSL::SSL::VERIFY_NONE
+
+    request = Net::HTTP::Post.new(uri.request_uri, headers)
+    request.body = body
+
+    res = nil
+    begin
+      res = client.request(request)
+    rescue StandardError => e
+      SecureNativeLogger.error("Failed to send request; #{e}")
+      return res
+    end
+    res
+  end
+end

data/lib/models/client_token.rb

@@ -0,0 +1,12 @@
+# frozen_string_literal: true
+
+class ClientToken
+  attr_reader :cid, :vid, :fp
+  attr_writer :cid, :vid, :fp
+
+  def initialize(cid, vid, fp)
+    @cid = cid
+    @vid = vid
+    @fp = fp
+  end
+end

data/lib/models/device.rb

@@ -0,0 +1,10 @@
+# frozen_string_literal: true
+
+class Device
+  attr_reader :device_id
+  attr_writer :device_id
+
+  def initialize(device_id)
+    @device_id = device_id
+  end
+end