selfsdk 0.0.124

data/lib/messages/base.rb

@@ -0,0 +1,89 @@
+# frozen_string_literal: true
+
+module SelfSDK
+  module Messages
+    class Base
+      attr_accessor :from, :from_device, :to, :to_device, :expires, :id,
+                    :fields, :typ, :payload, :status, :input, :intermediary,
+                    :description, :sub, :exp_timeout
+
+      def initialize(messaging)
+        @client = messaging.client
+        @jwt = @client.jwt
+        @messaging = messaging
+        @device_id = "1"
+      end
+
+      def request
+        res = @messaging.send_and_wait_for_response(proto, self)
+        SelfSDK.logger.info "synchronously messaging to #{@to}:#{@to_device}"
+        res
+      end
+
+      def send_message
+        res = @messaging.send_message proto
+        SelfSDK.logger.info "asynchronously requested information to #{@to}:#{@to_device}"
+        res
+      end
+
+      def unauthorized?
+        status == "unauthorized"
+      end
+
+      def rejected?
+        status == "rejected"
+      end
+
+      def accepted?
+        status == "accepted"
+      end
+
+      def errored?
+        status == "errored"
+      end
+
+      def validate!(original)
+        unless original.nil?
+          raise ::StandardError.new("bad response audience") if @audience != original.from
+          if original.intermediary.nil?
+            raise ::StandardError.new("bad issuer") if @from != original.to
+          else
+            raise ::StandardError.new("bad issuer") if @from != original.intermediary
+          end
+        end
+        raise ::StandardError.new("expired message") if @expires < SelfSDK::Time.now
+        raise ::StandardError.new("issued too soon") if @issued > SelfSDK::Time.now
+      end
+
+      protected
+
+      def proto
+        raise ::StandardError.new("must define this method")
+      end
+
+      private
+
+      def get_payload(input)
+        body = if input.is_a? String
+                 input
+               else
+                 input.ciphertext
+               end
+
+        jwt = JSON.parse(body, symbolize_names: true)
+        payload = JSON.parse(@jwt.decode(jwt[:payload]), symbolize_names: true)
+        @from = payload[:iss]
+        verify! jwt
+        payload
+      end
+
+      def verify!(jwt)
+        k = @client.public_keys(@from).first[:key]
+        return if @jwt.verify(jwt, k)
+
+        SelfSDK.logger.info "skipping message, invalid signature"
+        raise ::StandardError.new("invalid signature on incoming message")
+      end
+    end
+  end
+end

data/lib/messages/fact.rb

@@ -0,0 +1,55 @@
+# frozen_string_literal: true
+
+require_relative 'attestation'
+
+module SelfSDK
+  module Messages
+    class Fact
+      attr_accessor :name, :attestations, :operator, :expected_value, :sources
+
+      def initialize(messaging)
+        @messaging = messaging
+      end
+
+      def parse(fact)
+        @name = SelfSDK::fact_name(fact[:fact])
+
+        @operator = ""
+        @operator = SelfSDK::operator(fact[:operator]) if fact[:operator]
+
+        @sources = []
+        fact[:sources]&.each do |s|
+          @sources << SelfSDK::source(s)
+        end
+
+        @expected_value = fact[:expected_value] || ""
+        @attestations = []
+
+        fact[:attestations]&.each do |a|
+            attestation = SelfSDK::Messages::Attestation.new(@messaging)
+            attestation.parse(fact[:fact].to_sym, a)
+            @attestations.push(attestation)
+          end
+      end
+
+      def validate!(original)
+        @attestations.each do |a|
+          a.validate! original
+        end
+      end
+
+      def to_hash
+        h = { fact: @name }
+        unless @sources.nil?
+          h[:sources] = @sources if @sources.length > 0
+        end
+        h[:operator] = @operator unless @operator.empty?
+        unless @attestations.nil?
+          h[:attestations] = @attestations if @attestations.length > 0
+        end
+        h[:expected_value] = @expected_value unless @expected_value.empty?
+        h
+      end
+    end
+  end
+end

data/lib/messages/fact_request.rb

@@ -0,0 +1,112 @@
+# frozen_string_literal: true
+
+require_relative 'base'
+require_relative '../ntptime'
+
+module SelfSDK
+  module Messages
+    class FactRequest < Base
+      MSG_TYPE = "identities.facts.query.req"
+      DEFAULT_EXP_TIMEOUT = 900
+
+      attr_accessor :facts, :options
+
+      def parse_facts(facts)
+        @facts = []
+        facts.each do |fact|
+          f = SelfSDK::Messages::Fact.new(@messaging)
+          f.parse(fact)
+          @facts << f.to_hash
+        end
+        @facts
+      end
+
+      def populate(selfid, facts, opts)
+        @id = SecureRandom.uuid
+        @from = @client.jwt.id
+        @to = selfid
+        @facts = parse_facts(facts)
+
+        @id = opts[:cid] if opts.include?(:cid)
+        @options = opts.fetch(:options, false)
+        @description = opts.include?(:description) ? opts[:description] : nil
+        @exp_timeout = opts.fetch(:exp_timeout, DEFAULT_EXP_TIMEOUT)
+
+        @intermediary = if opts.include?(:intermediary)
+                          opts[:intermediary]
+                        end
+      end
+
+      def parse(input)
+        @input = input
+        @typ = MSG_TYPE
+        @payload = get_payload input
+        @id = @payload[:cid]
+        @from = @payload[:iss]
+        @to = @payload[:sub]
+        @expires = @payload[:exp]
+        @description = @payload.include?(:description) ? @payload[:description] : nil
+        @facts = @payload[:facts]
+        @options = @payload[:options]
+      end
+
+      def build_response
+        m = SelfSDK::Messages::FactResponse.new(@messaging)
+        m.id = @id
+        m.from = @to
+        m.to = @from
+        m.audience = @from
+        m.to_device = @messaging.device_id
+        m.facts = @facts
+        m
+      end
+
+      def share_facts(facts)
+        m = build_response
+        m.facts = parse_facts(facts)
+        m.send_message
+      end
+
+      def body
+        b = {
+          typ: MSG_TYPE,
+          iss: @jwt.id,
+          sub: @to,
+          iat: SelfSDK::Time.now.strftime('%FT%TZ'),
+          exp: (SelfSDK::Time.now + @exp_timeout).strftime('%FT%TZ'),
+          cid: @id,
+          jti: SecureRandom.uuid,
+          facts: @facts,
+        }
+        b[:options] = @options unless (@options.nil? || @options == false)
+        b[:description] = @description unless (@description.nil? || @description.empty?)
+        b
+      end
+
+      protected
+
+      def proto
+        devices = if @intermediary.nil?
+                    @client.devices(@to)
+                  else
+                    @client.devices(@intermediary)
+                  end
+        @to_device = devices.first
+
+        recipient = if @intermediary.nil?
+                      "#{@to}:#{@to_device}"
+                    else
+                      "#{@intermediary}:#{@to_device}"
+                    end
+
+        Msgproto::Message.new(
+          type: Msgproto::MsgType::MSG,
+          id: @id,
+          sender: "#{@jwt.id}:#{@messaging.device_id}",
+          recipient: recipient,
+          ciphertext: @jwt.prepare(body),
+        )
+      end
+    end
+  end
+end

data/lib/messages/fact_response.rb

@@ -0,0 +1,91 @@
+# frozen_string_literal: true
+
+require_relative 'base'
+require_relative 'fact'
+require_relative '../ntptime'
+
+module SelfSDK
+  module Messages
+    class FactResponse < Base
+      MSG_TYPE = "identities.facts.query.resp"
+
+      attr_accessor :facts, :audience
+
+      def parse(input)
+        @input = input
+        @typ = MSG_TYPE
+        @payload = get_payload input
+        @id = payload[:cid]
+        @from = payload[:iss]
+        @to = payload[:sub]
+        @expires = ::Time.parse(payload[:exp])
+        @issued = ::Time.parse(payload[:iat])
+        @audience = payload[:aud]
+        @status = payload[:status]
+        @facts = []
+        payload[:facts] = [] if payload[:facts].nil?
+        payload[:facts].each do |f|
+          begin
+            fact = SelfSDK::Messages::Fact.new(@messaging)
+            fact.parse(f)
+            @facts.push(fact)
+          rescue StandardError => e
+            SelfSDK.logger.info e.message
+          end
+        end
+      end
+
+      def fact(name)
+        name = SelfSDK::fact_name(name)
+        @facts.select{|f| f.name == name}.first
+      end
+
+      def attestations_for(name)
+        f = fact(name)
+        return [] if f.nil?
+        f.attestations
+      end
+
+      def attestation_values_for(name)
+        a = attestations_for(name)
+        a.map{|a| a.value}
+      end
+
+      def validate!(original)
+        super
+        @facts.each do |f|
+          f.validate! original
+        end
+      end
+
+      protected
+
+      def proto
+        encoded_facts = []
+        @facts.each do |fact|
+          encoded_facts.push(fact.to_hash)
+        end
+        body = @jwt.prepare(
+          typ: MSG_TYPE,
+          iss: @jwt.id,
+          sub: @sub || @to,
+          aud: @audience,
+          iat: SelfSDK::Time.now.strftime('%FT%TZ'),
+          exp: (SelfSDK::Time.now + 3600).strftime('%FT%TZ'),
+          cid: @id,
+          jti: SecureRandom.uuid,
+          status: @status,
+          facts: encoded_facts,
+        )
+
+        Msgproto::Message.new(
+          type: Msgproto::MsgType::MSG,
+          id: SecureRandom.uuid,
+          sender: "#{@jwt.id}:#{@messaging.device_id}",
+          recipient: "#{@to}:#{@to_device}",
+          ciphertext: body,
+        )
+      end
+    end
+  end
+end

data/lib/messages/message.rb

@@ -0,0 +1,39 @@
+# frozen_string_literal: true
+
+require_relative "fact_request"
+require_relative "fact_response"
+require_relative "authentication_resp"
+require_relative "authentication_req"
+
+module SelfSDK
+  module Messages
+    def self.parse(input, messaging, original=nil)
+      body = if input.is_a? String
+               input
+             else
+               input.ciphertext
+             end
+
+      jwt = JSON.parse(body, symbolize_names: true)
+      payload = JSON.parse(messaging.jwt.decode(jwt[:payload]), symbolize_names: true)
+
+      case payload[:typ]
+      when "identities.facts.query.req"
+        m = FactRequest.new(messaging)
+        m.parse(body)
+      when "identities.facts.query.resp"
+        m = FactResponse.new(messaging)
+        m.parse(body)
+      when "identities.authenticate.resp"
+        m = AuthenticationResp.new(messaging)
+        m.parse(body)
+      when "identities.authenticate.req"
+        m = AuthenticationReq.new(messaging)
+        m.parse(body)
+      else
+        raise StandardError.new("Invalid message type.")
+      end
+      return m
+    end
+  end
+end

data/lib/messaging.rb

@@ -0,0 +1,441 @@
+# frozen_string_literal: true
+
+require 'json'
+require 'monitor'
+require 'faye/websocket'
+require 'fileutils'
+require_relative 'messages/message'
+require_relative 'proto/auth_pb'
+require_relative 'proto/message_pb'
+require_relative 'proto/msgtype_pb'
+require_relative 'proto/acl_pb'
+require_relative 'proto/aclcommand_pb'
+
+module SelfSDK
+  class MessagingClient
+    DEFAULT_DEVICE="1"
+    DEFAULT_AUTO_RECONNECT=true
+    DEFAULT_STORAGE_DIR="./.self_storage"
+    ON_DEMAND_CLOSE_CODE=3999
+
+    attr_accessor :client, :jwt, :device_id, :ack_timeout, :timeout, :type_observer, :uuid_observer
+
+    # RestClient initializer
+    #
+    # @param url [string] self-messaging url
+    # @params client [Object] SelfSDK::Client object
+    # @option opts [string] :storage_dir  the folder where encryption sessions and settings will be stored
+    # @option opts [Bool] :auto_reconnect Automatically reconnects to websocket if connection is lost (defaults to true).
+    # @option opts [String] :device_id The device id to be used by the app defaults to "1".
+    def initialize(url, client, options = {})
+      @mon = Monitor.new
+      @url = url
+      @messages = {}
+      @acks = {}
+      @type_observer = {}
+      @uuid_observer = {}
+      @jwt = client.jwt
+      @client = client
+      @ack_timeout = 60 # seconds
+      @timeout = 120 # seconds
+      @device_id = options.fetch(:device_id, DEFAULT_DEVICE)
+      @auto_reconnect = options.fetch(:auto_reconnect, DEFAULT_AUTO_RECONNECT)
+      @storage_dir = options.fetch(:storage_dir, DEFAULT_STORAGE_DIR)
+      @offset_file = "#{@storage_dir}/#{@jwt.id}:#{@device_id}.offset"
+      @offset = read_offset
+
+      FileUtils.mkdir_p @storage_dir unless File.exists? @storage_dir
+
+      if options.include? :ws
+        @ws = options[:ws]
+      else
+        start
+      end
+    end
+
+    def stop
+      @acks.each do |k, _v|
+        mark_as_acknowledged(k)
+      end
+      @messages.each do |k, _v|
+        mark_as_acknowledged(k)
+        mark_as_arrived(k)
+      end
+    end
+
+    def close
+      @ws.close(ON_DEMAND_CLOSE_CODE, "connection closed by the client")
+    end
+
+    # Responds a request information request
+    #
+    # @param recipient [string] selfID to be requested
+    # @param recipient_device [string] device id for the selfID to be requested
+    # @param request [string] original message requesing information
+    def share_information(recipient, recipient_device, request)
+      send_message Msgproto::Message.new(
+        type: Msgproto::MsgType::MSG,
+        id: SecureRandom.uuid,
+        sender: "#{@jwt.id}:#{@device_id}",
+        recipient: "#{recipient}:#{recipient_device}",
+        ciphertext: @jwt.prepare(request),
+      )
+    end
+
+    # Send custom mmessage
+    #
+    # @param recipient [string] selfID to be requested
+    # @param type [string] message type
+    # @param request [hash] original message requesing information
+    def send_custom(recipient, request_body)
+        @to_device = @client.devices(recipient).first
+        send_message msg = Msgproto::Message.new(
+          type: Msgproto::MsgType::MSG,
+          id: SecureRandom.uuid,
+          sender: "#{@jwt.id}:#{@device_id}",
+          recipient: "#{recipient}:#{@to_device}",
+          ciphertext: @jwt.prepare(request_body),
+        )
+    end
+
+    # Allows incomming messages from the given identity
+    #
+    # @params payload [string] base64 encoded payload to be sent
+    def add_acl_rule(payload)
+      send_message Msgproto::AccessControlList.new(
+        type: Msgproto::MsgType::ACL,
+        id: SecureRandom.uuid,
+        command: Msgproto::ACLCommand::PERMIT,
+        payload: payload,
+      )
+    end
+
+    # Blocks incoming messages from specified identities
+    #
+    # @params payload [string] base64 encoded payload to be sent
+    def remove_acl_rule(payload)
+      send_message Msgproto::AccessControlList.new(
+        type: Msgproto::MsgType::ACL,
+        id: SecureRandom.uuid,
+        command: Msgproto::ACLCommand::REVOKE,
+        payload: payload,
+      )
+    end
+
+    # Lists acl rules
+    def list_acl_rules
+      wait_for 'acl_list' do
+        send_raw Msgproto::AccessControlList.new(
+          type: Msgproto::MsgType::ACL,
+          id: SecureRandom.uuid,
+          command: Msgproto::ACLCommand::LIST,
+        )
+      end
+    end
+
+    # Sends a message and waits for the response
+    #
+    # @params msg [Msgproto::Message] message object to be sent
+    def send_and_wait_for_response(msg, original)
+      wait_for msg.id, original do
+        send_message msg
+      end
+    end
+
+    # Executes the given block and waits for the message id specified on
+    # the uuid.
+    #
+    # @params uuid [string] unique identifier for a conversation
+    def wait_for(uuid, msg = nil)
+      SelfSDK.logger.info "sending #{uuid}"
+      @mon.synchronize do
+        @messages[uuid] = {
+          waiting_cond: @mon.new_cond,
+          waiting: true,
+          timeout: SelfSDK::Time.now + @timeout,
+          original_message: msg,
+        }
+      end
+
+      yield
+
+      SelfSDK.logger.info "waiting for client to respond #{uuid}"
+      @mon.synchronize do
+        @messages[uuid][:waiting_cond].wait_while do
+          @messages[uuid][:waiting]
+        end
+      end
+
+      SelfSDK.logger.info "response received for #{uuid}"
+      @messages[uuid][:response]
+    ensure
+      @messages.delete(uuid)
+    end
+
+    # Send a message through self network
+    #
+    # @params msg [Msgproto::Message] message object to be sent
+    def send_message(msg)
+      uuid = msg.id
+      @mon.synchronize do
+        @acks[uuid] = {
+          waiting_cond: @mon.new_cond,
+          waiting: true,
+          timeout: SelfSDK::Time.now + @ack_timeout,
+        }
+      end
+      send_raw(msg)
+      SelfSDK.logger.info "waiting for acknowledgement #{uuid}"
+      @mon.synchronize do
+        @acks[uuid][:waiting_cond].wait_while do
+          @acks[uuid][:waiting]
+        end
+      end
+      SelfSDK.logger.info "acknowledged #{uuid}"
+      true
+    ensure
+      @acks.delete(uuid)
+      false
+    end
+
+    def clean_observers
+      live = {}
+      @uuid_observer.clone.each do |id, msg|
+        if msg[:timeout] < SelfSDK::Time.now
+          message = SelfSDK::Messages::Base.new(self)
+          message.status = "errored"
+
+          @uuid_observer[id][:block].call(message)
+          @uuid_observer.delete(id)
+        else
+          live[id] = msg
+        end
+      end
+      @uuid_observer = live
+    end
+
+    # Notify the type observer for the given message
+    def notify_observer(message)
+      if @uuid_observer.include? message.id
+        observer = @uuid_observer[message.id]
+        message.validate!(observer[:original_message]) if observer.include?(:original_message)
+        Thread.new do
+          @uuid_observer[message.id][:block].call(message)
+          @uuid_observer.delete(message.id)
+        end
+        return
+      end
+
+      # Return if there is no observer setup for this kind of message
+      return unless @type_observer.include? message.typ
+
+      Thread.new do
+        @type_observer[message.typ][:block].call(message)
+      end
+    end
+
+    def set_observer(original, options = {}, &block)
+      request_timeout = options.fetch(:timeout, @timeout)
+      @uuid_observer[original.id] = { original_message: original, block: block, timeout: SelfSDK::Time.now + request_timeout }
+    end
+
+    def subscribe(type, &block)
+      type = SelfSDK::message_type(type) if type.is_a? Symbol
+      @type_observer[type] = { block: block }
+    end
+
+    private
+
+    # Start sthe websocket listener
+    def start
+      SelfSDK.logger.info "starting"
+      @mon.synchronize do
+        @acks["authentication"] = { waiting_cond: @mon.new_cond,
+                                    waiting: true,
+                                    timeout: SelfSDK::Time.now + @ack_timeout }
+      end
+
+      Thread.new do
+        EM.run start_connection
+      end
+
+      Thread.new do
+        loop { sleep 10; clean_timeouts }
+      end
+
+      Thread.new do
+        loop { sleep 30; ping }
+      end
+
+      @mon.synchronize do
+        @acks["authentication"][:waiting_cond].wait_while { @acks["authentication"][:waiting] }
+        @acks.delete("authentication")
+      end
+    end
+
+    # Cleans expired messages
+    def clean_timeouts
+      clean_observers
+      clean_timeouts_for(@messages)
+      clean_timeouts_for(@acks)
+    end
+
+    def clean_timeouts_for(list)
+      list.clone.each do |uuid, _msg|
+        next unless list[uuid][:timeout] < SelfSDK::Time.now
+
+        @mon.synchronize do
+          SelfSDK.logger.info "message response timed out #{uuid}"
+          list[uuid][:waiting] = false
+          list[uuid][:waiting_cond].broadcast
+        end
+      end
+    end
+
+    # Creates a websocket connection and sets up its callbacks.
+    def start_connection
+      SelfSDK.logger.info "starting listener"
+      @ws = Faye::WebSocket::Client.new(@url)
+      SelfSDK.logger.info "initialized"
+
+      @ws.on :open do |_event|
+        SelfSDK.logger.info "websocket connection established"
+        authenticate
+      end
+
+      @ws.on :message do |event|
+        on_message(event)
+      end
+
+      @ws.on :close do |event|
+        if event.code == ON_DEMAND_CLOSE_CODE
+          puts "client closed connection"
+        else
+          if !@auto_reconnect
+            raise StandardError "websocket connection closed"
+          end
+          if !@reconnection_delay.nil?
+            SelfSDK.logger.info "websocket connection closed (#{event.code}) #{event.reason}"
+            sleep @reconnection_delay
+            SelfSDK.logger.info "reconnecting..."
+          end
+          @reconnection_delay = 3
+          start_connection
+        end
+      end
+    end
+
+    # Pings the websocket server to keep the connection alive.
+    def ping
+      # SelfSDK.logger.info "ping"
+      @ws&.ping
+    end
+
+    # Process an event when it arrives through the websocket connection.
+    def on_message(event)
+      input = Msgproto::Message.decode(event.data.pack('c*'))
+      SelfSDK.logger.info " - received #{input.id} (#{input.type})"
+      case input.type
+      when :ERR
+        SelfSDK.logger.info "error #{input.sender} on #{input.id}"
+        mark_as_arrived(input.id)
+      when :ACK
+        SelfSDK.logger.info "#{input.id} acknowledged"
+        mark_as_acknowledged input.id
+      when :ACL
+        SelfSDK.logger.info "ACL received"
+        process_incomming_acl input
+      when :MSG
+        SelfSDK.logger.info "Message #{input.id} received"
+        process_incomming_message input
+      end
+    rescue TypeError
+      SelfSDK.logger.info "invalid array message"
+    end
+
+    def process_incomming_acl(input)
+      list = JSON.parse(input.recipient)
+
+      @messages['acl_list'][:response] = list
+      mark_as_arrived 'acl_list'
+    rescue StandardError => e
+      p "Error processing incoming ACL #{input.to_json}"
+      SelfSDK.logger.info e
+      SelfSDK.logger.info e.backtrace
+      nil
+    end
+
+    def process_incomming_message(input)
+      message = SelfSDK::Messages.parse(input, self)
+
+      if @messages.include? message.id
+        message.validate! @messages[message.id][:original_message]
+        @messages[message.id][:response] = message
+        mark_as_arrived message.id
+      else
+        SelfSDK.logger.info "Received async message #{input.id}"
+        message.validate! @uuid_observer[message.id][:original_message] if @uuid_observer.include? message.id
+        notify_observer(message)
+      end
+
+      @offset = input.offset
+      write_offset(@offset)
+    rescue StandardError => e
+      p "Error processing incoming message #{input.to_json}"
+      SelfSDK.logger.info e
+      p e.backtrace
+      nil
+    end
+
+    # Authenticates current client on the websocket server.
+    def authenticate
+      SelfSDK.logger.info "authenticating"
+      send_raw Msgproto::Auth.new(
+        type: Msgproto::MsgType::AUTH,
+        id: "authentication",
+        token: @jwt.auth_token,
+        device: @device_id,
+        offset: @offset,
+      )
+    end
+
+    def send_raw(msg)
+      @ws.send(msg.to_proto.bytes)
+    end
+
+    # Marks a message as arrived.
+    def mark_as_arrived(id)
+      # Return if no one is waiting for this message
+      return unless @messages.include? id
+
+      @mon.synchronize do
+        @messages[id][:waiting] = false
+        @messages[id][:waiting_cond].broadcast
+      end
+    end
+
+    # Marks a message as acknowledged by the server.
+    def mark_as_acknowledged(id)
+      return unless @acks.include? id
+
+      @mon.synchronize do
+        @acks[id][:waiting] = false
+        @acks[id][:waiting_cond].broadcast
+      end
+    end
+
+    def read_offset
+      return 0 unless File.exist? @offset_file
+
+      File.open(@offset_file, 'rb') do |f|
+        return f.read.unpack('q')[0]
+      end
+    end
+
+    def write_offset(offset)
+      File.open(@offset_file, 'wb') do |f|
+        f.write([offset].pack('q'))
+      end
+    end
+  end
+end