securenative 0.1.5 → 0.1.21

data/lib/models/event_options.rb

@@ -0,0 +1,37 @@
+# frozen_string_literal: true
+
+require 'models/event_options'
+require 'models/user_traits'
+require 'errors/securenative_invalid_options_error'
+
+class EventOptions
+  attr_reader :event, :user_id, :user_traits, :context, :properties, :timestamp
+  attr_writer :event, :user_id, :user_traits, :context, :properties, :timestamp
+
+  MAX_PROPERTIES_SIZE = 10
+
+  def initialize(event: nil, user_id: nil, user_traits: nil, user_name: nil, email: nil, phone: nil, created_at: nil, context: nil, properties: nil, timestamp: nil)
+    if !properties.nil? && properties.length > MAX_PROPERTIES_SIZE
+      raise SecureNativeInvalidOptionsError, "You can have only up to #{MAX_PROPERTIES_SIZE} custom properties"
+    end
+
+    if user_traits.nil?
+      if user_name && email && phone && created_at
+        user_traits = UserTraits(user_name, email, phone, created_at)
+      elsif user_name && email && phone
+        user_traits = UserTraits(user_name, email, phone)
+      elsif user_name && email
+        user_traits = UserTraits(user_name, email)
+      else
+        user_traits = UserTraits.new
+      end
+    end
+
+    @event = event
+    @user_id = user_id
+    @user_traits = user_traits
+    @context = context
+    @properties = properties
+    @timestamp = timestamp
+  end
+end

data/lib/models/request_context.rb

@@ -0,0 +1,18 @@
+# frozen_string_literal: true
+
+class RequestContext
+  attr_reader :cid, :vid, :fp, :ip, :remote_ip, :headers, :url, :http_method
+  attr_writer :cid, :vid, :fp, :ip, :remote_ip, :headers, :url, :http_method
+
+  def initialize(cid: nil, vid: nil, fp: nil, ip: nil, remote_ip: nil, headers: nil, url: nil, http_method: nil)
+    @cid = cid
+    @vid = vid
+    @fp = fp
+    @ip = ip
+    @remote_ip = remote_ip
+    @headers = headers
+    @url = url
+    @method = http_method
+  end
+end
+

data/lib/models/request_options.rb

@@ -0,0 +1,12 @@
+# frozen_string_literal: true
+
+class RequestOptions
+  attr_reader :url, :body, :retry_sending
+  attr_writer :url, :body, :retry_sending
+
+  def initialize(url, body, retry_sending)
+    @url = url
+    @body = body
+    @retry_sending = retry_sending
+  end
+end

data/lib/models/sdk_event.rb

@@ -0,0 +1,40 @@
+# frozen_string_literal: true
+
+require 'context/securenative_context'
+require 'utils/encryption_utils'
+require 'utils/date_utils'
+require 'models/request_context'
+require 'securerandom'
+
+class SDKEvent
+  attr_reader :context, :rid, :event_type, :user_id, :user_traits, :request, :timestamp, :properties
+  attr_writer :context, :rid, :event_type, :user_id, :user_traits, :request, :timestamp, :properties
+
+  def initialize(event_options, securenative_options)
+    @context = if !event_options.context.nil?
+                 event_options.context
+               else
+                 SecureNativeContext.default_context_builder
+               end
+
+    client_token = EncryptionUtils.decrypt(@context.client_token, securenative_options.api_key)
+
+    @rid = SecureRandom.uuid.to_str
+    @event_type = event_options.event
+    @user_id = event_options.user_id
+    @user_traits = event_options.user_traits
+    @request = RequestContext.new(cid: client_token ? client_token.cid : '', vid: client_token ? client_token.vid : '',
+                                  fp: client_token ? client_token.fp : '', ip: @context.ip,
+                                  remote_ip: @context.remote_ip, headers: @context.headers,
+                                  url: @context.url, http_method: @context.http_method)
+
+
+    @timestamp = DateUtils.to_timestamp(event_options.timestamp)
+    @properties = event_options.properties
+  end
+
+  def to_s
+    "context: #{@context}, rid: #{@rid}, event_type: #{@event_type}, user_id: #{@user_id},
+    user_traits: #{@user_traits}, request: #{@request}, timestamp: #{@timestamp}, properties: #{@properties}"
+  end
+end

data/lib/models/user_traits.rb

@@ -0,0 +1,13 @@
+# frozen_string_literal: true
+
+class UserTraits
+  attr_reader :name, :email, :phone, :created_at
+  attr_writer :name, :email, :phone, :created_at
+
+  def initialize(name: nil, email: nil, phone: nil, created_at: nil)
+    @name = name
+    @email = email
+    @created_at = created_at
+    @phone = phone
+  end
+end

data/lib/models/verify_result.rb

@@ -0,0 +1,16 @@
+# frozen_string_literal: true
+
+class VerifyResult
+  attr_reader :risk_level, :score, :triggers
+  attr_writer :risk_level, :score, :triggers
+
+  def initialize(risk_level: nil, score: nil, triggers: nil)
+    @risk_level = risk_level
+    @score = score
+    @triggers = triggers
+  end
+
+  def to_s
+    "risk_level: #{@risk_level}, score: #{@score}, triggers: #{@triggers}"
+  end
+end

data/lib/securenative.rb

@@ -1,39 +1,83 @@
-require_relative 'securenative/sn_exception'
-require_relative 'securenative/secure_native_sdk'
+# frozen_string_literal: true
 
-$securenative = nil
+require 'utils/secure_native_logger'
+require 'utils/signature_utils'
+require 'utils/utils'
+require 'errors/securenative_sdk_error'
+require 'errors/securenative_sdk_Illegal_state_error'
+require 'errors/securenative_config_error'
+require 'enums/failover_strategy'
+require 'config/configuration_builder'
+require 'config/configuration_manager'
+require 'event_manager'
+require 'api_manager'
 
-module SecureNative
-  def self.init(api_key, options: SecureNativeOptions.new)
-    if $securenative == nil
-      $securenative = SecureNativeSDK.new(api_key, options: options)
+class SecureNative
+  attr_reader :options
+
+  def initialize(options)
+    @securenative = nil
+    raise SecureNativeSDKError, 'You must pass your SecureNative api key' if Utils.null_or_empty?(options.api_key)
+
+    @options = options
+    @event_manager = EventManager.new(@options)
+
+    @event_manager.start_event_persist unless @options.api_url.nil?
+
+    @api_manager = ApiManager.new(@event_manager, @options)
+    SecureNativeLogger.init_logger(@options.log_level)
+  end
+
+  def self.init_with_options(options)
+    if @securenative.nil?
+      @securenative = SecureNative.new(options)
+      @securenative
+    else
+      SecureNativeLogger.debug('This SDK was already initialized.')
+      raise SecureNativeSDKError, 'This SDK was already initialized.'
     end
   end
 
-  def self.track(event)
-    sdk = _get_or_throw
-    sdk.track(event)
+  def self.init_with_api_key(api_key)
+    raise SecureNativeConfigError, 'You must pass your SecureNative api key' if Utils.null_or_empty?(api_key)
+
+    if @securenative.nil?
+      options = ConfigurationBuilder.new(api_key: api_key)
+      @securenative = SecureNative.new(options)
+      @securenative
+    else
+      SecureNativeLogger.debug('This SDK was already initialized.')
+      raise SecureNativeSDKError, 'This SDK was already initialized.'
+    end
   end
 
-  def self.verify(event)
-    sdk = _get_or_throw
-    sdk.verify(event)
+  def self.init
+    options = ConfigurationManager.load_config
+    init_with_options(options)
   end
 
-  def self.verify_webhook(hmac_header, body)
-    sdk = _get_or_throw
-    sdk.verify_webhook(hmac_header = hmac_header, body = body)
+  def self.instance
+    raise SecureNativeSDKIllegalStateError if @securenative.nil?
+
+    @securenative
   end
 
-  def self.flush
-    sdk = _get_or_throw
-    sdk.flush
+  def track(event_options)
+    @api_manager.track(event_options)
   end
 
-  def self._get_or_throw
-    if $securenative == nil
-      raise SecureNativeSDKException.new
-    end
-    $securenative
+  def verify(event_options)
+    @api_manager.verify(event_options)
+  end
+
+  def self._flush
+    @securenative = nil
+  end
+
+  def verify_request_payload(request)
+    request_signature = request.header[SignatureUtils.SIGNATURE_HEADER]
+    body = request.body
+
+    SignatureUtils.valid_signature?(@options.api_key, body, request_signature)
   end
-end
+end

data/lib/utils/date_utils.rb

@@ -0,0 +1,9 @@
+# frozen_string_literal: true
+
+class DateUtils
+  def self.to_timestamp(date)
+    return Time.now.utc.iso8601 if date.nil?
+
+    Time.parse(date).iso8601
+  end
+end

data/lib/utils/encryption_utils.rb

@@ -0,0 +1,49 @@
+# frozen_string_literal: true
+
+require 'openssl'
+require 'digest'
+require 'base64'
+require 'models/client_token'
+
+class EncryptionUtils
+  def self.padding_key(key, length)
+    if key.length == length
+      key
+    else
+      if key.length > length
+        key.slice(0, length)
+      else
+        (length - key.length).times { key << '0' }
+        key
+      end
+    end
+  end
+
+  def self.encrypt(plain_text, secret_key)
+    begin
+      cipher = OpenSSL::Cipher.new('aes-256-cbc')
+      cipher.encrypt
+      iv = cipher.random_iv
+      cipher.key = padding_key(secret_key, 32)
+      encrypted = cipher.update(plain_text) + cipher.final
+      (iv + encrypted).unpack1('H*')
+    rescue StandardError
+      ''
+    end
+  end
+
+  def self.decrypt(cipher_text, secret_key)
+    begin
+      cipher = OpenSSL::Cipher.new('aes-256-cbc')
+      cipher.decrypt
+      raw_data = [cipher_text].pack('H*')
+      cipher.iv = raw_data.slice(0, 16)
+      cipher.key = padding_key(secret_key, 32)
+      decrypted = JSON.parse(cipher.update(raw_data.slice(16, raw_data.length)) + cipher.final)
+
+      return ClientToken.new(decrypted['cid'], decrypted['vid'], decrypted['fp'])
+    rescue StandardError
+      ClientToken.new('', '','')
+    end
+  end
+end

data/lib/utils/ip_utils.rb

@@ -0,0 +1,23 @@
+# frozen_string_literal: true
+
+require "resolv"
+
+class IpUtils
+  def self.ip_address?(ip_address)
+    return true if ip_address =~ Resolv::IPv4::Regex
+    return true if ip_address =~ Resolv::IPv6::Regex
+
+    false
+  end
+
+  def self.valid_public_ip?(ip_address)
+    ip = IPAddr.new(ip_address)
+    return false if ip.loopback? || ip.private? || ip.link_local? || ip.untrusted? || ip.tainted?
+
+    true
+  end
+
+  def self.loop_back?(ip_address)
+    IPAddr.new(ip_address).loopback?
+  end
+end

data/lib/utils/request_utils.rb

@@ -0,0 +1,54 @@
+# frozen_string_literal: true
+
+class RequestUtils
+  SECURENATIVE_COOKIE = '_sn'
+  SECURENATIVE_HEADER = 'x-securenative'
+
+  def self.get_secure_header_from_request(headers)
+    begin
+      return headers[SECURENATIVE_HEADER] unless headers.nil?
+    rescue StandardError
+      []
+    end
+    []
+  end
+
+  def self.get_client_ip_from_request(request)
+    begin
+      return request.ip unless request.ip.nil?
+    rescue NoMethodError
+    end
+
+    begin
+      x_forwarded_for = request.env['HTTP_X_FORWARDED_FOR']
+      return x_forwarded_for unless x_forwarded_for.nil?
+    rescue NoMethodError
+      begin
+        x_forwarded_for = request['HTTP_X_FORWARDED_FOR']
+        return x_forwarded_for unless x_forwarded_for.nil?
+      rescue NoMethodError
+      end
+    end
+
+    begin
+      x_forwarded_for = request.env['REMOTE_ADDR']
+      return x_forwarded_for unless x_forwarded_for.nil?
+    rescue NoMethodError
+      begin
+        x_forwarded_for = request['REMOTE_ADDR']
+        return x_forwarded_for unless x_forwarded_for.nil?
+      rescue NoMethodError
+      end
+    end
+
+    ''
+  end
+
+  def self.get_remote_ip_from_request(request)
+    begin
+      request.remote_ip
+    rescue NoMethodError
+      ''
+    end
+  end
+end

data/lib/utils/secure_native_logger.rb

@@ -0,0 +1,44 @@
+# frozen_string_literal: true
+
+require 'logger'
+
+class SecureNativeLogger
+  @logger = Logger.new(STDOUT)
+
+  def self.init_logger(level = 'DEBUG')
+    @logger.level = case level
+                    when 'WARN'
+                      Logger::WARN
+                    when 'DEBUG'
+                      Logger::DEBUG
+                    when 'ERROR'
+                      Logger::ERROR
+                    when 'FATAL'
+                      Logger::FATAL
+                    when 'INFO'
+                      Logger::INFO
+                    else
+                      Logger::FATAL
+                    end
+
+    @logger.formatter = proc do |severity, datetime, progname, msg|
+      "[#{datetime}] #{severity}  (#{progname}): #{msg}\n"
+    end
+  end
+
+  def self.info(msg)
+    @logger.info(msg)
+  end
+
+  def self.debug(msg)
+    @logger.debug(msg)
+  end
+
+  def self.warning(msg)
+    @logger.warning(msg)
+  end
+
+  def self.error(msg)
+    @logger.error(msg)
+  end
+end

data/lib/utils/signature_utils.rb

@@ -0,0 +1,16 @@
+# frozen_string_literal: true
+
+require 'openssl'
+
+class SignatureUtils
+  SIGNATURE_HEADER = 'x-securenative'
+
+  def self.valid_signature?(api_key, payload, header_signature)
+    key = api_key.encode('utf-8')
+    body = payload.encode('utf-8')
+    calculated_signature = OpenSSL::HMAC.hexdigest(OpenSSL::Digest.new('sha512'), key, body)
+    calculated_signature.eql? header_signature
+  rescue StandardError
+    false
+  end
+end