short 0.5.4 → 0.6.0

data/README.md

@@ -9,6 +9,20 @@ for obvious reasons, the demo is configured with S3 disabled. However, if you ar
 to play around with `short` follow the instructions below and use `http://shortener1.heroku.com`
 as your the url you want to use.
 
+## Version 0.6.0
+
+v0.6.0 is pretty much a complete rewrite of most things short. The server has
+been divided up in to smaller chunks, seperating the shortening service from the
+view front-end, and adding an optional authentication layer, and then the short
+client was patched to use these changes. v0.6.0 will hopefully wind up being 
+pretty close to version 1.0, but before then I want to put together some test
+cases and rewrite the docs to accuarately reflect the new server structure. 
+
+There shouldn't be any configuration changes most people need to make, unless 
+you want to take advantage of the new features, if you'd like to check these out
+before I can improve the docs, once again the `Configuration` class will be your 
+friend.
+
 ## Upgrading to 0.5.0
 
 v0.5.0 updates how shortener stores some data. To assist in keeping your data,

data/bin/short

@@ -75,6 +75,7 @@ def show_index
     index = Shortener.index
   rescue Shortener::NetworkException => boom
     puts boom.message
+    exit
   end
   short_summary = index.map do |v|
     url = v['url'].length > 38 ? "#{v['url'][0..25]}...#{v['url'][-10..-1]}" : "#{v['url']}"
@@ -174,6 +175,8 @@ when 'delete'
   do_action(:delete, ARGV[1])
 when '-v', '--version'
   puts "short version #{Shortener::VERSION}"
+when '-h', '--help'
+  usage
 else
   do_action(:shorten, ARGV[0])
 end

data/lib/shortener/configuration.rb

@@ -16,9 +16,10 @@ class Shortener
 
     OPTIONS = [:SHORTENER_URL, :DEFAULT_URL, :REDISTOGO_URL, :S3_KEY_PREFIX,
       :S3_ACCESS_KEY_ID, :S3_SECRET_ACCESS_KEY, :S3_DEFAULT_ACL, :S3_BUCKET,
-      :DOTFILE_PATH, :S3_ENABLED, :SHORTENER_NS]
+      :DOTFILE_PATH, :S3_ENABLED, :SHORTENER_NS, :REQUIRE_AUTH, :ALLOW_SIGNUP,
+      :VIEWS]
 
-    HEROKU_IGNORE = [:DOTFILE_PATH, :SHORTENER_URL, :REDISTOGO_URL]
+    HEROKU_IGNORE = [:DOTFILE_PATH, :SHORTENER_URL, :REDISTOGO_URL, :REQUIRE_AUTH]
 
     END_POINTS = [:add, :fetch, :upload, :index, :delete]
 
@@ -33,7 +34,18 @@ class Shortener
         check_env
         @options = @options.merge!(opts)
         @options[:DEFAULT_URL] ||= '/index'
+        if @options[:SHORTENER_URL] && @options[:SHORTENER_URL][-1] == '/'
+          @options[:SHORTENER_URL].chop! 
+        end
         @options[:SHORTENER_NS] ||= :shortener
+        @options[:VIEWS] = !(@options[:VIEWS] == false || @options[:VIEWS] == 'false')
+        @options[:ALLOW_SIGNUP] = @options.has_key?(:ALLOW_SIGNUP)
+        if @options[:REQUIRE_AUTH].is_a?(String) || @options[:REQUIRE_AUTH].is_a?(Symbol)
+          @options[:REQUIRE_AUTH] = @options[:REQUIRE_AUTH].to_s.split(',').map do |auth|
+            auth.upcase.to_sym
+          end
+        end
+        @options[:REQUIRE_AUTH] ||= []
       else
         @options = Configuration.current.options
       end
@@ -53,11 +65,20 @@ class Shortener
     def to_params
       ret = Array.new
       @options.each {|k,v| ret << "#{k}=#{v}" unless HEROKU_IGNORE.include?(k)}
+      _ra = @options[:REQUIRE_AUTH].join(',')
+      ret << "REQUIRE_AUTH=#{_ra}"
       ret.join(" ")
     end
 
+    def to_json
+      safe_options = @options.delete_if do |k|
+        [:S3_SECRET_ACCESS_KEY, :S3_ACCESS_KEY_ID, :REDISTOGO_URL].include?(k)
+      end
+      safe_options.to_json
+    end
+
     OPTIONS.each do |opt|
-      next if [:REDISTOGO_URL, :S3_ENABLED].include?(opt)
+      next if [:REDISTOGO_URL, :S3_ENABLED, :REQUIRES_AUTH].include?(opt)
       method_name = opt.to_s.downcase.to_sym
       define_method "#{method_name}" do
         @options[opt]
@@ -128,6 +149,19 @@ class Shortener
         OpenSSL::Digest::Digest.new('sha1'), s3_secret_access_key, policy)).gsub("\n","")
     end
 
+    # a boolean indicating whether we should use authentication
+    def authenticate?
+      !(@options[:REQUIRE_AUTH] == [])
+    end
+
+    # check if this endpoint needs auth
+    def auth_route?(url)
+      ep = url.split('/').last
+      return false if ep.nil?
+      ep.gsub!('.json', '')
+      @options[:REQUIRE_AUTH].include?(ep.upcase.to_sym)
+    end
+
     private
 
       # Parse the YAML dotfile if one exists
@@ -150,10 +184,8 @@ class Shortener
         case end_point
         when :fetch
           opts
-        when :delete
-          "#{end_point}/#{opts}"
         else
-          end_point.to_s
+          "api/v1/#{end_point}"
         end
       end
 

data/lib/shortener/server/Gemfile

@@ -4,3 +4,5 @@ source "http://rubygems.org"
 gem 'sinatra'
 gem 'redis-namespace'
 gem 'haml'
+gem 'warden'
+gem 'ruby-hmac'

data/lib/shortener/server/Gemfile.lock

@@ -8,11 +8,14 @@ GEM
     redis (2.2.2)
     redis-namespace (1.1.0)
       redis (< 3.0.0)
+    ruby-hmac (0.4.0)
     sinatra (1.3.1)
       rack (~> 1.3, >= 1.3.4)
       rack-protection (~> 1.1, >= 1.1.2)
       tilt (~> 1.3, >= 1.3.3)
     tilt (1.3.3)
+    warden (1.1.1)
+      rack (>= 1.0)
 
 PLATFORMS
   ruby
@@ -20,4 +23,6 @@ PLATFORMS
 DEPENDENCIES
   haml
   redis-namespace
+  ruby-hmac
   sinatra
+  warden

data/lib/shortener/server/api/v1.rb

@@ -0,0 +1,76 @@
+require 'uri'
+require 'json'
+require 'digest/sha1'
+require 'base64'
+require 'haml'
+
+class Shortener
+  module Server
+    module Api
+      class V1 < Sinatra::Base
+
+        set(:s3_available) { |v| condition {$conf.s3_available == v} }
+        set(:allow_signup) { |v| condition {$conf.allow_signup} }
+
+        set :root, File.dirname(File.dirname(__FILE__))
+
+        helpers ShortServerHelpers
+
+        before do
+          if $conf.auth_route?(env['PATH_INFO']) && 
+            !env['warden'].authenticated?(:token) &&
+            !env['warden'].authenticate!(:token)
+            halt 401, {}, "Not Authorized, specify your auth token."
+          end
+        end if $conf.authenticate?
+
+        get '/' do
+          redirect $conf.default_url
+        end
+
+        get '/api/v1/index.?:format?' do
+          Brief.all.to_json
+        end
+
+        post '/api/v1/upload.?:format?' do
+          @data = Brief.upload(params['shortener'])
+          puts "set #{@data['shortened']} to #{params['shortener']['file_name']}"
+          @url = "#{base_url}/#{@data['shortened']}"
+          content_type :json
+          @data.merge({html: haml(:display, layout: false)}).to_json
+        end
+
+        post '/api/v1/add.?:format?' do
+          @data = Brief.shorten(params["shortener"])
+          @url = "#{base_url}/#{@data['shortened']}"
+          puts "set #{@url} to #{params['shortener']['url']}"
+          content_type :json
+          @data.merge({success: true, html: haml(:display, :layout => false)}).to_json
+        end
+
+        post '/api/v1/delete.?:format?' do 
+          status = Brief.delete(params['id'])
+          nope! "Short not found: #{params['id']}" if status == false
+          puts " - deleted short id: #{params['id']}"
+          content_type :json
+          {success: status, shortened: params['id']}.to_json
+        end
+
+        get '/api/v1/config.?:format?' do
+          $conf.to_json
+        end
+
+        #get '/:id.?:format?' do
+        get %r{\/([a-z0-9]{3,})(\.[a-z]{3,}){0,1}}i do
+          id = params[:captures].first
+          @short, type = Brief.find(id, params)
+          redirect @short if type == :url
+          return haml(:"s3/#{@short['type']}", layout: :'s3/layout') if type == :s3
+          content_type :json
+          @short
+        end
+
+      end
+    end
+  end
+end

data/lib/shortener/server/auth.rb

@@ -0,0 +1,117 @@
+require File.join(File.dirname(__FILE__), 'user')
+
+class Shortener
+  module Server
+    class Auth < Sinatra::Base
+
+      dir = File.expand_path(File.dirname(__FILE__))
+      set :root,          dir
+      set :public_folder, File.join(dir, 'public')
+
+      set(:signup) {|v| condition {$conf.allow_signup == v}}
+      set(:has_views) {|v| condition {$conf.views == v}}
+
+      helpers ShortServerHelpers
+
+      helpers do
+        def _response(views, api)
+          if $conf.views && !(params[:format] == '.json' || 
+                              request.env['REQUEST_PATH'].include?('.json'))
+            return views.call if views.is_a?(Proc)
+            redirect views
+          else
+            content_type :json
+            api.is_a?(Proc) ? api.call.to_json : api.to_json
+          end
+        end
+      end
+
+      # this is our failure app, and this is where we handle that.
+      post '/unauthenticated/?' do
+        status 401
+        _response(->{haml :'u/login'},
+                  {message: "You are not authenticated. Pass your token!"})
+      end
+
+      #
+      #  these handle view based authentication.
+      #
+
+      get('/u/login', has_views: true) { haml :'u/login'}
+
+      get('/u/edit', has_views: true) do
+        authorize!
+        @action = '/api/v1/u/update'
+        @user = env['warden'].user
+        haml :'u/edit'
+      end
+
+      get('/u/signup', signup: true, has_views: true) do
+        @action = '/api/v1/u/create'
+        @user = User.new
+        haml :'u/edit'
+      end
+
+      #
+      # These are the api calls associated with authentiction
+      #
+
+      get '/api/v1/u/username_available.json' do
+        {available: User.available?(params['user']['username'])}.to_json
+      end
+
+      post '/api/v1/u/create', signup: true do
+        ret = if User.available?(params['user']['username'])
+          u = User.new(params['user'])
+          u.save
+          env['warden'].set_user(u)
+          ["#{base_url}/v/index", u]
+        else
+          ["#{base_url}/u/signup", {status: :fail, message: 'Username not available'}]
+        end
+        _response(*ret)
+      end
+
+      post '/api/v1/u/login.?:format?' do
+        env['warden'].authenticate!#(:token)
+        _url = session.delete(:REDIRECT_TO) || "#{$conf.shortener_url}/v/index"
+        _response(_url, env['warden'].user)
+      end
+
+      get '/api/v1/u/logout.?:format?' do
+        env['warden'].logout if env['warden'].authenticated?
+        _response($conf.default_url, {message: 'l8er'})
+      end
+
+      post '/api/v1/u/update' do
+        authorize!
+        @user = env['warden'].user
+        [:username, :email, :name].each do |attr|
+          @user.send(:"#{attr}=", params['user'][attr.to_s])
+        end
+        unless params['user']['password'].nil? || params['user']['password'].empty?
+          @user.password = params['user']['password']
+        end
+        @user.save
+        _response("#{base_url}/v/index", @user)
+      end
+
+      post '/api/v1/u/reset_token.json' do
+        authorize!
+        user = env['warden'].user
+        user.reset_token
+        user.save
+        env['warden'].set_user(user)
+        content_type :json
+        env['warden'].user.to_json
+      end
+
+      post '/api/v1/u/delete' do
+        env['warden'].user.delete
+        env['warden'].logout(env['warden'].config.default_scope)
+        _response($conf.default_url, {message: "Miss you already"})
+      end
+
+    end
+  end
+end

data/lib/shortener/server/brief.rb

@@ -0,0 +1,189 @@
+
+class Shortener
+  module Server
+    class Brief
+
+      class << self
+
+        def all
+          $redis.keys('data:*').map do |key|
+            short = $redis.hgetall(key)
+            puts "  url for #{key[-5..-1]} => #{short['url']}"
+            short['expire'] = $redis.ttl(short['expire']) if short.has_key?('expire')
+            short
+          end
+        end
+
+        def find(id, params)
+          sha = $redis.get(id)
+          if sha.nil?   # => Short Not Found
+            if (params[:captures].last == '.json')
+              nope! "Short not found: #{id}"
+            else
+              puts "redirecting #{params[:captures].inspect} to default url"
+              return $conf.default_url, :url
+            end
+          else         # => Short Found
+            key = "data:#{sha}:#{id}"
+            short = $redis.hgetall(key)
+            not_expired = short.has_key?('expire') ? $redis.get(short['expire']) : true
+            not_maxed = !(short['click_count'].to_i >= short['max_clicks'].to_i)
+            short.has_key?('max_clicks') ? not_maxed : not_maxed = true
+            if params[:captures].last == '.json'                                # => We just want JSON
+              ret = short.merge({expired: not_expired.nil? , maxed: !not_maxed})
+              return ret.to_json, :json
+            else                                                                # => Redirect Me!
+              $redis.hincrby(key, 'click_count', 1) if not_expired && not_maxed
+              if not_expired
+                unless short['s3'] == 'true' && !(short['type'] == 'download')
+                  if not_maxed
+                    puts "redirecting found short #{id} to #{short['url']}"
+                    return short['url'], :url
+                  end # => max clicks check
+                else                                                            # => This is S3 content
+                  puts "rendering view for s3 content. #{id} => #{short['url']}"
+                  return short, :s3
+                end # => it's S3 and needs displaying.
+              end # => expired check
+            end # => format
+          end
+          # =>    short was maxed or expired & not a JSON request
+          return $conf.default_url, :url
+        end
+
+        def shorten(params)
+          bad! 'Missing url.' unless url = params['url']
+          bad! 'Bad URL' unless params['url'] =~ /(^http|^www)/
+          url = "http://#{url}" unless /^http/i =~ url
+          bad! 'Bad URL' unless (url = URI.parse(url)) && /^http/ =~ url.scheme
+
+          %w(max_clicks expire desired_short allow_override).each do |k|
+            params[k] = false if params[k].nil? || params[k].empty?
+          end
+
+          unless params['max_clicks'] || params['expire'] || params['desired_short']
+            data = check_cache(url)
+          end
+          data ||= get_short_key(url, params)
+
+          data
+        end
+
+        def delete(id)
+          sha = $redis.get(id)
+          unless sha.nil?
+            $redis.multi do
+              $redis.del "data:#{sha}:#{id}"
+              $redis.del "expire:#{sha}:#{id}"
+              $redis.del id
+            end
+            true
+          else
+            false
+          end
+        end
+
+        def upload(params)
+          bad! 'Missing content type.' unless type = params['type']
+          fname = params['file_name'].gsub(' ', '+')
+          url = "https://s3.amazonaws.com/#{$conf.s3_bucket}/#{$conf.s3_key_prefix}/#{fname}"
+          data = {'s3' => true, 'extension' => File.extname(fname)[1..-1],
+            'description' => params.delete('description'),
+            'name' => params.delete('name'), 'type' => params.delete('type')}
+          get_short_key(url, params, data)
+        end
+
+        private
+
+        def get_short_key(url, options = {}, data = {})
+          hsh_data = catch :stop_setting_up do
+            unless options['desired_short']
+              puts "    just generating a short"
+              key = generate_short
+            else
+              do_check = $redis.get(options['desired_short'])
+              key = if do_check.nil? || passes_desired_short_check(url, do_check, options)
+                options['desired_short']
+              else
+                bad! 'Name is already taken. Use Allow override' unless options['allow_override'] == 'true'
+                generate_short
+              end
+            end
+
+            sha = Digest::SHA1.hexdigest(url.to_s)
+            $redis.set(key, sha)
+
+            hsh_data = data.merge('shortened' => key, 'url' => url, 'set_count' => 1)
+            hsh_data['max_clicks'] = options['max_clicks'].to_i if options['max_clicks']
+
+            if options['expire'] # set expire time if specified
+              ttl = options['expire'].to_i
+              ttl_key = "expire:#{sha}:#{key}"
+              $redis.set(ttl_key, "#{sha}:#{key}")
+              $redis.expire(ttl_key, ttl)
+              hsh_data[:expire] = ttl_key
+            end
+            $redis.hmset("data:#{sha}:#{key}", *arrayify_hash(hsh_data))
+
+            hsh_data
+          end
+        end
+
+        def bad! message
+          throw :halt, [412, {}, message]
+        end
+
+        def nope!(message = 'No luck.')
+          throw :halt, [404, {}, message]
+        end
+
+        def generate_short
+          begin
+            o =  [('a'..'z'),('A'..'Z'),(0..9)].map{|i| i.to_a}.flatten;
+            key  =  (0..4).map{ o[rand(o.length)]  }.join;
+            puts "testing #{key}"
+          end while !$redis.get(key).nil?
+          key
+        end
+
+        def passes_desired_short_check(url, check, options)
+          check_key = "data:#{check}:#{options['desired_short']}"
+          prev_set = $redis.hgetall(check_key)
+
+          return false if prev_set['expire']
+
+          # if we don't expire or have max clicks and previously set key
+          # doesn't expire or have max clicks we can go ahead and use it
+          # without any further setup.
+          unless options['expire'] || options['max_clicks']
+            if (!prev_set['max_clicks'] && !prev_set['expire'] &&
+              (prev_set['url'] == url.to_s))
+              $redis.hincrby(check_key, 'set_count', 1)
+              throw :stop_setting_up, prev_set
+            end
+          end
+
+          return (prev_set['clicks'].to_i > prev_set['max_clicks'].to_i)
+        end
+
+        def check_cache(url)
+          sha = Digest::SHA1.hexdigest(url.to_s)
+
+          $redis.keys("data:#{sha}:*").each do |key|
+            short = $redis.hgetall(key)
+            unless short == {} || short['expire'] || short['max_clicks']
+              $redis.hincrby(key, 'set_count', 1)
+              return short
+            end
+          end
+          nil
+        end
+
+        def arrayify_hash(hsh)
+          hsh.keys.map {|k| [k, hsh[k]] }.flatten
+        end
+      end # => class << self
+
+    end # => Shirt
+  end # => Server
+end # => Shortener