selfsdk 0.0.124

data/lib/ntptime.rb

@@ -0,0 +1,51 @@
+# frozen_string_literal: true
+
+require 'time'
+require 'net/ntp'
+
+module SelfSDK
+  class Time
+    @@last_check = nil
+    @diff = nil
+    def self.now
+      timeout = 1
+      ntp_time = nil
+      5.times do
+        begin
+          ntp_time = get_ntp_current_time
+          break
+        rescue Timeout::Error
+          puts "time.google.com timed out, retrying in #{timeout} seconds..."
+          sleep timeout
+          timeout = timeout+1
+        end
+      end
+      raise Timeout::Error.new("ntp sync timed out") if ntp_time.nil?
+      ntp_time
+    end
+
+    private
+
+    def self.get_ntp_current_time
+      seconds_to_expire = 60
+
+      return ::Time.now.utc if ENV["RAKE_ENV"] == "test"
+
+      if @diff.nil?
+        self.sync
+        return @now
+      end
+      @now = (::Time.now + @diff).utc
+      if @@last_check + seconds_to_expire < @now
+        self.sync
+      end
+      @now
+    end
+
+    def self.sync
+      @@last_check = ::Time.parse(Net::NTP.get("time.google.com", "ntp", 2).time.to_s).utc
+      @diff = (@@last_check - ::Time.now.utc).abs
+      @now = (::Time.now + @diff).utc
+    end
+  end
+end

data/lib/proto/acl_pb.rb

@@ -0,0 +1,19 @@
+# Generated by the protocol buffer compiler.  DO NOT EDIT!
+# source: acl.proto
+
+require 'google/protobuf'
+
+require_relative 'msgtype_pb'
+require_relative 'aclcommand_pb'
+Google::Protobuf::DescriptorPool.generated_pool.build do
+  add_message "msgproto.AccessControlList" do
+    optional :type, :enum, 1, "msgproto.MsgType"
+    optional :id, :string, 2
+    optional :command, :enum, 3, "msgproto.ACLCommand"
+    optional :payload, :bytes, 4
+  end
+end
+
+module Msgproto
+  AccessControlList = Google::Protobuf::DescriptorPool.generated_pool.lookup("msgproto.AccessControlList").msgclass
+end

data/lib/proto/aclcommand_pb.rb

@@ -0,0 +1,16 @@
+# Generated by the protocol buffer compiler.  DO NOT EDIT!
+# source: aclcommand.proto
+
+require 'google/protobuf'
+
+Google::Protobuf::DescriptorPool.generated_pool.build do
+  add_enum "msgproto.ACLCommand" do
+    value :LIST, 0
+    value :PERMIT, 1
+    value :REVOKE, 2
+  end
+end
+
+module Msgproto
+  ACLCommand = Google::Protobuf::DescriptorPool.generated_pool.lookup("msgproto.ACLCommand").enummodule
+end

data/lib/proto/auth_pb.rb

@@ -0,0 +1,19 @@
+# Generated by the protocol buffer compiler.  DO NOT EDIT!
+# source: auth.proto
+
+require 'google/protobuf'
+
+require_relative 'msgtype_pb'
+Google::Protobuf::DescriptorPool.generated_pool.build do
+  add_message "msgproto.Auth" do
+    optional :type, :enum, 1, "msgproto.MsgType"
+    optional :id, :string, 2
+    optional :token, :string, 3
+    optional :device, :string, 4
+    optional :offset, :int64, 5
+  end
+end
+
+module Msgproto
+  Auth = Google::Protobuf::DescriptorPool.generated_pool.lookup("msgproto.Auth").msgclass
+end

data/lib/proto/errtype_pb.rb

@@ -0,0 +1,19 @@
+# Generated by the protocol buffer compiler.  DO NOT EDIT!
+# source: errtype.proto
+
+require 'google/protobuf'
+
+Google::Protobuf::DescriptorPool.generated_pool.build do
+  add_enum "msgproto.ErrType" do
+    value :ErrConnection, 0
+    value :ErrBadRequest, 1
+    value :ErrInternal, 2
+    value :ErrMessage, 3
+    value :ErrAuth, 4
+    value :ErrACL, 5
+  end
+end
+
+module Msgproto
+  ErrType = Google::Protobuf::DescriptorPool.generated_pool.lookup("msgproto.ErrType").enummodule
+end

data/lib/proto/header_pb.rb

@@ -0,0 +1,16 @@
+# Generated by the protocol buffer compiler.  DO NOT EDIT!
+# source: header.proto
+
+require 'google/protobuf'
+
+require_relative 'msgtype_pb'
+Google::Protobuf::DescriptorPool.generated_pool.build do
+  add_message "msgproto.Header" do
+    optional :type, :enum, 1, "msgproto.MsgType"
+    optional :id, :string, 2
+  end
+end
+
+module Msgproto
+  Header = Google::Protobuf::DescriptorPool.generated_pool.lookup("msgproto.Header").msgclass
+end

data/lib/proto/message_pb.rb

@@ -0,0 +1,22 @@
+# Generated by the protocol buffer compiler.  DO NOT EDIT!
+# source: message.proto
+
+require 'google/protobuf'
+
+require_relative 'msgtype_pb'
+require 'google/protobuf/timestamp_pb'
+Google::Protobuf::DescriptorPool.generated_pool.build do
+  add_message "msgproto.Message" do
+    optional :type, :enum, 1, "msgproto.MsgType"
+    optional :id, :string, 2
+    optional :sender, :string, 3
+    optional :recipient, :string, 4
+    optional :ciphertext, :bytes, 5
+    optional :timestamp, :message, 6, "google.protobuf.Timestamp"
+    optional :offset, :int64, 7
+  end
+end
+
+module Msgproto
+  Message = Google::Protobuf::DescriptorPool.generated_pool.lookup("msgproto.Message").msgclass
+end

data/lib/proto/msgtype_pb.rb

@@ -0,0 +1,18 @@
+# Generated by the protocol buffer compiler.  DO NOT EDIT!
+# source: msgtype.proto
+
+require 'google/protobuf'
+
+Google::Protobuf::DescriptorPool.generated_pool.build do
+  add_enum "msgproto.MsgType" do
+    value :MSG, 0
+    value :ACK, 1
+    value :ERR, 2
+    value :AUTH, 3
+    value :ACL, 4
+  end
+end
+
+module Msgproto
+  MsgType = Google::Protobuf::DescriptorPool.generated_pool.lookup("msgproto.MsgType").enummodule
+end

data/lib/proto/notification_pb.rb

@@ -0,0 +1,19 @@
+# Generated by the protocol buffer compiler.  DO NOT EDIT!
+# source: notification.proto
+
+require 'google/protobuf'
+
+require_relative 'msgtype_pb'
+require_relative 'errtype_pb'
+Google::Protobuf::DescriptorPool.generated_pool.build do
+  add_message "msgproto.Notification" do
+    optional :type, :enum, 1, "msgproto.MsgType"
+    optional :id, :string, 2
+    optional :error, :string, 3
+    optional :errtype, :enum, 4, "msgproto.ErrType"
+  end
+end
+
+module Msgproto
+  Notification = Google::Protobuf::DescriptorPool.generated_pool.lookup("msgproto.Notification").msgclass
+end

data/lib/selfsdk.rb

@@ -0,0 +1,109 @@
+# frozen_string_literal: true
+
+require 'securerandom'
+require "ed25519"
+require 'json'
+require 'net/http'
+require 'rqrcode'
+require_relative 'log'
+require_relative 'jwt_service'
+require_relative 'client'
+require_relative 'messaging'
+require_relative 'ntptime'
+require_relative 'authenticated'
+require_relative 'acl'
+require_relative 'sources'
+require_relative 'services/auth'
+require_relative 'services/facts'
+require_relative 'services/identity'
+require_relative 'services/messaging'
+
+# Namespace for classes and modules that handle Self interactions.
+module SelfSDK
+  # Abstract base class for CLI utilities. Provides some helper methods for
+  # the option parser
+  #
+  # @attr_reader [Types] app_id the identifier of the current app.
+  # @attr_reader [Types] app_key the api key for the current app.
+  class App
+    BASE_URL = "https://api.selfid.net".freeze
+    MESSAGING_URL = "wss://messaging.selfid.net/v1/messaging".freeze
+
+    attr_reader :client
+    attr_accessor :messaging_client
+
+    # Initializes a SelfSDK App
+    #
+    # @param app_id [string] the app id.
+    # @param app_key [string] the app api key provided by developer portal.
+    # @param storage_key [string] the key to be used to encrypt persisted data.
+    # @param [Hash] opts the options to authenticate.
+    # @option opts [String] :base_url The self provider url.
+    # @option opts [String] :messaging_url The messaging self provider url.
+    # @option opts [Bool] :auto_reconnect Automatically reconnects to websocket if connection is lost (defaults to true).
+    # @option opts [Symbol] :env The environment to be used, defaults to ":production".
+    # @option opts [String] :storage_dir The folder where encryption sessions and settings will be stored
+    def initialize(app_id, app_key, storage_key, opts = {})
+      SelfSDK.logger.debug "syncing ntp times #{SelfSDK::Time.now}"
+      env = opts.fetch(:env, "")
+
+      @client = RestClient.new(base_url(opts), app_id, app_key, env)
+      messaging_url = messaging_url(opts)
+      unless messaging_url.nil?
+        @messaging_client = MessagingClient.new(messaging_url,
+                                                @client,
+                                                storage_dir: opts.fetch(:storage_dir, MessagingClient::DEFAULT_STORAGE_DIR),
+                                                auto_reconnect: opts.fetch(:auto_reconnect, MessagingClient::DEFAULT_AUTO_RECONNECT),
+                                                device_id: opts.fetch(:device_id, MessagingClient::DEFAULT_DEVICE))
+      end
+    end
+
+    # Provides access to SelfSDK::Services::Facts service
+    def facts
+      @facts ||= SelfSDK::Services::Facts.new(@messaging_client, @client)
+    end
+
+    # Provides access to SelfSDK::Services::Authentication service
+    def authentication
+      @authentication ||= SelfSDK::Services::Authentication.new(@messaging_client, @client)
+    end
+
+    # Provides access to SelfSDK::Services::Identity service
+    def identity
+      @identity ||= SelfSDK::Services::Identity.new(@client)
+    end
+
+    # Provides access to SelfSDK::Services::Messaging service
+    def messaging
+      @messaging ||= SelfSDK::Services::Messaging.new(@messaging_client)
+    end
+
+    def app_id
+      client.jwt.id
+    end
+
+    def app_key
+      client.jwt.key
+    end
+
+    # Closes the websocket connection
+    def close
+      @messaging_client.close
+    end
+
+    protected
+
+      def base_url(opts)
+        return opts[:base_url] if opts.key? :base_url
+        return "https://api.#{opts[:env].to_s}.selfid.net" if opts.key? :env
+        BASE_URL
+      end
+
+      def messaging_url(opts)
+        return opts[:messaging_url] if opts.key? :messaging_url
+        return "wss://messaging.#{opts[:env].to_s}.selfid.net/v1/messaging" if opts.key? :env
+        MESSAGING_URL
+      end
+
+  end
+end

data/lib/services/auth.rb

@@ -0,0 +1,163 @@
+# frozen_string_literal: true
+
+# Namespace for classes and modules that handle SelfSDK gem
+module SelfSDK
+  # Namespace for classes and modules that handle selfsdk-gem public ui
+  module Services
+    # Input class to handle authentication requests on self network.
+    class Authentication
+      # Creates a new authentication service.
+      # Authentication service mainly manages authentication requests against self
+      # users wanting to authenticate on your app.
+      #
+      # @param messaging [SelfSDK::Messaging] messaging object.
+      # @param client [SelfSDK::Client] http client object.
+      #
+      # @return [SelfSDK::Services::Authentication] authentication service.
+      def initialize(messaging, client)
+        @messaging = messaging
+        @client = client
+      end
+
+      # Sends an authentication request to the specified selfid.
+      # An authentication requests allows your users to authenticate on your app using
+      # a secure self app.
+      #
+      # @overload request(selfid, opts = {}, &block)
+      #  @param [String] selfid the receiver of the authentication request.
+      #  @param [Hash] opts the options to authenticate.
+      #  @option opts [String] :cid The unique identifier of the authentication request.
+      #  @yield [request] Invokes the block with an authentication response for each result.
+      #  @return [String, String] conversation id or encoded body.
+      #
+      # @overload request(selfid, opts = {})
+      #  @param [String] selfid the receiver of the authentication request.
+      #  @param [Hash] opts the options to authenticate.
+      #  @option [Boolean] :async if the request is asynchronous.
+      #  @option opts [String] :cid The unique identifier of the authentication request.
+      #  @return [String, String] conversation id or encoded body.
+      def request(selfid, opts = {}, &block)
+        SelfSDK.logger.info "authenticating #{selfid}"
+
+        req = SelfSDK::Messages::AuthenticationReq.new(@messaging)
+        req.populate(selfid, opts)
+
+        body = @client.jwt.prepare(req.body)
+        return body unless opts.fetch(:request, true)
+        return req.send_message if opts.fetch(:async, false)
+
+        # when a block is given the request will always be asynchronous.
+        if block_given?
+          @messaging.set_observer(req, timeout: req.exp_timeout, &block)
+          return req.send_message
+        end
+
+        # Otherwise the request is synchronous
+        req.request
+      end
+
+      # Generates a QR code so users can authenticate to your app.
+      #
+      # @option opts [String] :selfid the user selfid you want to authenticate.
+      # @option opts [String] :cid The unique identifier of the authentication request.
+      #
+      # @return [String, String] conversation id or encoded body.
+      def generate_qr(opts = {})
+        opts[:request] = false
+        selfid = opts.fetch(:selfid, "-")
+        req = request(selfid, opts)
+        ::RQRCode::QRCode.new(req, level: 'l')
+      end
+
+      # Generates a deep link to authenticate with self app.
+      #
+      # @param callback [String] the url you'll be redirected if the app is not installed.
+      # @option opts [String] :selfid the user selfid you want to authenticate.
+      # @option opts [String] :cid The unique identifier of the authentication request.
+      #
+      # @return [String, String] conversation id or encoded body.
+      def generate_deep_link(callback, opts = {})
+        opts[:request] = false
+        selfid = opts.fetch(:selfid, "-")
+        body = @client.jwt.encode(request(selfid, opts))
+
+        if @client.env.empty?
+          return "https://selfid.page.link/?link=#{callback}%3Fqr=#{body}&apn=net.selfid.app"
+        elsif @client.env == 'development'
+          return "https://selfid.page.link/?link=#{callback}%3Fqr=#{body}&apn=net.selfid.app.dev"
+        end
+        "https://selfid.page.link/?link=#{callback}%3Fqr=#{body}&apn=net.selfid.app.#{@client.env}"
+      end
+
+      # Adds an observer for an authentication response
+      def subscribe(&block)
+        @messaging.subscribe :authentication_response do |res|
+          valid_payload(res.input)
+          yield(res)
+        end
+      end
+
+      private
+
+      # Checks if the given input is an accepted authentication request.
+      #
+      # @param response [string] the response to an authentication request from self-api.
+      # @return [Hash] Details response.
+      #   * :accepted [Boolean] a bool describing if authentication is accepted or not.
+      #   * :uuid [String] the request identifier.
+      def authenticated?(response)
+        Authenticated.new(valid_payload(response))
+      end
+
+      # checks if a payload is valid or not.
+      #
+      # @param response [string] the response to an authentication request from self-api.
+      def valid_payload(response)
+        parse_payload(response)
+      rescue StandardError => e
+        uuid = ""
+        uuid = response[:cid] unless response.nil?
+        SelfSDK.logger.error "error checking authentication for #{uuid} : #{e.message}"
+        p e.backtrace
+        nil
+      end
+
+      # Prepares an authentication payload to be sent to a user.
+      #
+      # @param selfid [string] the selfid of the user you want to send the auth request to.
+      # @param cid [string] the conversation id to be used.
+      def prepare_payload(selfid, cid)
+        # TODO should this be moved to its own message/auth_req.rb?
+        body = {
+            typ: 'identities.authenticate.req',
+            aud: @client.self_url,
+            iss: @client.jwt.id,
+            sub: selfid,
+            iat: SelfSDK::Time.now.strftime('%FT%TZ'),
+            exp: (SelfSDK::Time.now + 3600).strftime('%FT%TZ'),
+            cid: cid,
+            jti: SecureRandom.uuid,
+            device_id: @messaging.device_id,
+        }
+
+        @client.jwt.prepare(body)
+      end
+
+      def parse_payload(response)
+        jws = @client.jwt.parse(response)
+        return unless jws.include? :payload
+
+        payload = JSON.parse(@client.jwt.decode(jws[:payload]), symbolize_names: true)
+        return if payload.nil?
+
+        identity = @client.entity(payload[:sub])
+        return if identity.nil?
+
+        identity[:public_keys].each do |key|
+          return payload if @client.jwt.verify(jws, key[:key])
+        end
+        nil
+      end
+    end
+  end
+end