sinatra_sockets 0.0.6 → 0.0.7

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 4d379215d2220dba3ac97637d938c45e7695624d
-  data.tar.gz: c1a7fc1db29382e26218b6913be59094f72e9ddb
+  metadata.gz: 3b8e1fe4fafda9f7d0379477ab71a09f9d5c3527
+  data.tar.gz: 54a509e27709689f86e114ad309f96acffafa3f8
 SHA512:
-  metadata.gz: 7306077f348c70d269327f3bc70e5fd2b52a419ec8c0f81e9235e73257ce74d95b72f62760e7b2d1e03cfd263ace17f23572c5b45623850cd3739cfdfb40edf2
-  data.tar.gz: a39381a435fcea01b45610b981d05ee2b527a0db1b42e7b2914e6c7bcfc6a17569a1b21b87c017ced25dba3558bf198b5e0560e3e1158c41c73272a62d94dd78
+  metadata.gz: 3194158b45622e04b8e988cf89f49bf72549c1db9aa32ce47a1d0e6fb7eda730d38430ab87e2e7fc927176353f9fcd7a24c0e91b77b0f6c07611e9850d100b0d
+  data.tar.gz: 378b5fcf85f0cf8285bffac8164c596166c51bd0f0ce99d2ef3750f40d2a2998856ac91e7a3bfc0360e047a895eea1eb75726673f9a788bc191e560e047e9f19

data/README.md

@@ -1,3 +1,32 @@
+## Sinatra sockets
+
+### about
+
+A boilerplate including:
+
+- Sinatra
+- Github oAuth
+- Faye websockets, with token (not session) based auth so the front-end can be
+  on a different host.
+- ActiveRecord
+- CRUD generator for routes
+- Server-push module to alert clients of db updates.
+
+Note that at this point this project is the _exact same_ as the server component
+of [vue-sinatra-boiler](http://github.com/maxpleaner/vue-sinatra-boiler).
+Originally this included a minimal front-end, but upstream development ended up
+happening on an API-only variant, and that was the most full-featured version.
+
+In the future I would like to add generator options for components that are not
+necessarily dependent on one another, such as:
+
+- whether or not to include simple (no auth) front end demo page for websockets
+- whether or not to include Activerecord with crud generator and server-push module
+- Whether or not to add oAuth with token-based websocket credentials
+
+### installing
+
+
 ```sh
 $ gem install sinatra_sockets
 $ sinatra_sockets generate .
@@ -6,34 +35,179 @@ $ sinatra_sockets generate .
 It will print the generated directory tree:
 
 ```txt
-Generated directory:
-./server_skeleton
+.
 ├── config.ru
+├── crud_generator.rb
+├── db
+│   ├── migrate
+│   │   └── 20170312215739_create_todos.rb
+│   └── schema.rb
 ├── Gemfile
 ├── Gemfile.lock
-├── lib
-│   ├── routes
-│   │   └── ws.rb
-│   └── routes.rb
+├── models.rb
+├── Procfile
+├── Rakefile
 ├── README.md
-└── server.rb
+├── server_push.rb
+├── server.rb
+└── ws.rb
 
-2 directories, 7 files
+2 directories, 13 files
 ```
 
-Start the server with thin:
+Go to Github settings and create an oAuth application
+
+Set up the server:
 
 ```sh
 cd server_skeleton
-bundle exec thin start
-# ... listening on localhost:3000
+bundle install
+bundle exec rake db:create db:migrate
+cp .env.example .env
+nano .env # add the github credentials here
+```
+
+Start the server with thin (port defaults to 3000):
+
+```sh
+bundle exec thin start -p 3000
 ```
 
-Earlier iterations of this had more files, mainly because of front-end stuff. However, I think a boiler is best
-if it's kept minimal, so I removed all that and now it's API only. At the same time, though, I added a token-based
-credential system as well as Github oAuth. Now it can tie in well with a front-end that's hosted on another server like
-Webpack. 
+### components in detail:
+
+**database / models**
+
+this uses `sinatra-activerecord` and is similar to what's found in rails.
+
+To generate a migration: `bundle exec rake db:create_migration NAME=my_migration_name`
+
+Then customize it and `bundle exec rake db:migrate`.
+
+`server.rb` contains the database configuration inline in the ruby code.
+
+Models are all listed in `models.rb`, but it isn't necessary to do so. There are
+no dynamic requires happening in this application - everything is individually
+required in `server.rb`.
+
+If using the crud generator or server-push, there is one required method that all
+models must respond to: `public_attributes`. It returns a hash which is a filtered
+version of `attributes` (suitable to be sent to clients).
+
+**auth**
+
+Here's how the auth flow works (the pieces are in `server.rb` and `ws.rb`):
+
+-
+  - Client checks their cookies to see if there's a token.
+  - If there's not, one is requested from the server and saved as a cookie.
+- Client establishes a websocket connection with server, passing token in query params
+-
+  - If the client found the token in the query, it will send a websocket request to try and authenticate.
+    - If the server had stored credentials for that token, the client get a success response over websockets.
+    - otherwise the client will get no response
+  - If the client had to fetch a new token, the authentication is put on hold until the user clicks the
+    "authenticate with github" button, passing the token to the server
+    - The server makes the client through the Github auth flow but stores the token ref.
+    - When Github auth is done clients get a ws message (looked up by token) saying they're authenticated.
+
+
+**crud generator**
+
+In the Sinatra server definition in `server.rb`, it's included with 
+`register Sinatra::CrudGenerator`. This exposes one behemoth of a method:
+`crud_generate`.
+
+Here's its annotated signature (all the options are keyword args and are optional unless stated)
+
+```rb
+def crud_generate(
+  
+  # String such as "todo" (required).
+  # The singular and pluralized forms are used to define routes i.e. /todos or /todo
+  resource:,
+ 
+  # Class such as Todo (required)
+  resource_class:,
+
+  # String such as '/api/', prefixed on all routes (defaults to '/')
+  root_path: '/',
+
+  # Hash. If this is defined, the `cross_origin` method is invoked with it as an arument.
+  # e.g. { cross_origin: "http://localhost:8080" }
+  # would allow all these CRUD routes to be hit by this origin.
+  cross_origin_opts: nil,
+
+  # A Proc which is passed the request and returns something truthy if the auth failed.
+  # For example if it returns { error: "bad reqeust" }.to_json that will be the
+  # final return value of the route and it will return early. 
+  # If provided, this proc will apply to all of the routes, though each route can have
+  # it's own proc which will override it (see below)
+  auth: nil,
+
+  # Each route has its own option which is a hash for configuration.
+  # These are optional and defaults are set (see crud_generator.rb).
+  # There are slight differences in the configuration hashes accepted per route,
+  # but here is the full list of keys (all are optional):
+  #
+  #   method: Symbol (i.e. :get or :post, must be supported by Sinatra)
+  #
+  #   path: String (defaults to "/#{resource}" or "/#{plural_resource}"
+  #
+  #   auth: Proc with the same signature as the one discussed before
+  #
+  #   filter: Proc which is used on index route. Is passed an ActiveRecord Query of all records
+  #     of the record_class and returns some subset which gets sent to the client.
+  #
+  #   secure_params: Proc used on create/update which is passed the request object and returns
+  #      a list of the accepted param keys (params are filtered to only include these)
+  #   
+
+  # Hash with :method, :path, :auth, and :filter keys
+  index: nil,
+
+  # Hash with :method, :path, :auth, and :secure_params keys
+  create: nil,
+
+  # Hash with :method, :path, and :auth keys
+  read: nil,
+
+  # hash with :method, :path, :auth, and :secure_params keys
+  update: nil,
+
+  # hash with :method, :path, and :auth keys
+  destroy: nil,
+
+  # Array of symbols such as [:create, :update], will skip generating these routes.
+  except: []
+)
+```
+
+**Server push**
+
+This is a module which can be `included` into any model.
+
+It patches three foundational methods in ActiveRecord:
+
+- `save` handles the case of creating new records.
+  - although this method is called under the hood by both `create` and `update`,
+    only the `create` case is handled here because there's a check whether the record is
+    persisted and previously unsaved.
+- `update` - handles when existing records are changed
+- `destroy` - handles when records are deleted.
+
+So after `include ServerPush` is placed in the model, any calls to `create`
+(or `save`) on an unsaved record will trigger a "add_record" ws message to be sent.
+Any call to `destroy` will trigger "destroy_record", and similarly `update` triggers
+"update_record"
+
+By default all sockets get these messages sent to them, though this can be configured
+by defining a `publish_to` method in the model that returns a list of sockets.
+
+All of the outgoing websocket messages in server-push are hashes with this signature:
 
-This can be seen in action in another boilerplate, [vue-webpack-coffee-slim-boiler](https://github.com/maxpleaner/vue-webpack-coffee-slim-boiler). sinatra_sockets is used as the server component there. 
+- action: string ("add_record", "update_record", or "destroy_record")
+- type: string i.e. "todo"
+- record: Hash with the model's `public_attributes`.
 
-The source code includes comments. 
+[vue-sinatra-boiler](http://github.com/maxpleaner/vue-sinatra-boiler) has the front-end
+API in place to use this.

data/lib/server_skeleton/Gemfile

@@ -8,3 +8,12 @@ gem 'sinatra_auth_github'
 gem 'dotenv'
 gem 'sinatra-cross_origin'
 gem "rack-proxy"
+gem "sinatra-activerecord"
+group :development do
+  gem "sqlite3"
+end
+group :production do
+  gem 'pg'
+end
+gem "rake"
+gem 'activesupport'

data/lib/server_skeleton/Gemfile.lock

@@ -1,6 +1,12 @@
 GEM
   remote: http://rubygems.org/
   specs:
+    activemodel (5.0.1)
+      activesupport (= 5.0.1)
+    activerecord (5.0.1)
+      activemodel (= 5.0.1)
+      activesupport (= 5.0.1)
+      arel (~> 7.0)
     activesupport (5.0.1)
       concurrent-ruby (~> 1.0, >= 1.0.2)
       i18n (~> 0.7)
@@ -8,6 +14,7 @@ GEM
       tzinfo (~> 1.1)
     addressable (2.5.0)
       public_suffix (~> 2.0, >= 2.0.2)
+    arel (7.1.4)
     byebug (9.0.6)
     concurrent-ruby (1.0.4)
     daemons (1.2.4)
@@ -23,12 +30,14 @@ GEM
     multipart-post (2.0.0)
     octokit (4.6.2)
       sawyer (~> 0.8.0, >= 0.5.3)
+    pg (0.19.0)
     public_suffix (2.0.5)
     rack (1.6.5)
     rack-protection (1.5.3)
       rack
     rack-proxy (0.6.0)
       rack
+    rake (12.0.0)
     sawyer (0.8.1)
       addressable (>= 2.3.5, < 2.6)
       faraday (~> 0.8, < 1.0)
@@ -36,10 +45,14 @@ GEM
       rack (~> 1.5)
       rack-protection (~> 1.4)
       tilt (>= 1.3, < 3)
+    sinatra-activerecord (2.0.11)
+      activerecord (>= 3.2)
+      sinatra (~> 1.0)
     sinatra-cross_origin (0.4.0)
     sinatra_auth_github (1.2.0)
       sinatra (~> 1.0)
       warden-github (~> 1.2.0)
+    sqlite3 (1.3.10)
     thin (1.7.0)
       daemons (~> 1.0, >= 1.0.9)
       eventmachine (~> 1.0, >= 1.0.4)
@@ -62,13 +75,18 @@ PLATFORMS
   ruby
 
 DEPENDENCIES
+  activesupport
   byebug
   dotenv
   faye-websocket
+  pg
   rack-proxy
+  rake
   sinatra
+  sinatra-activerecord
   sinatra-cross_origin
   sinatra_auth_github
+  sqlite3
   thin
 
 BUNDLED WITH

data/lib/server_skeleton/Procfile

@@ -0,0 +1,2 @@
+web: env RACK_ENV=production bundle exec thin start -p $PORT
+

data/lib/server_skeleton/README.md

@@ -1,24 +1 @@
-
----
-
-This server is adapted from
-[sinatra_sockets](http://github.com/maxpleaner/sinatra_sockets),
-another boiler I made.
-
----
-
-Steps:
-
-1. bundle
-2. thin start
-
----
-
-This version has a lot of stuff removed since it's serving no front-end.
-It's just the API for the webpack client
-
-Important files:
-  - websocket stuff in lib/routes/ws.rb
-  - regular routes in server.rb
-
----
+See the readme at [sinatra_sockets](http://github.com/maxpleaner/sinatra_sockets)

data/lib/server_skeleton/Rakefile

@@ -0,0 +1,9 @@
+# Loads the tasks from sinatra-activerecord
+
+require "sinatra/activerecord/rake"
+
+namespace :db do
+  task :load_config do
+    require './server'
+  end
+end

data/lib/server_skeleton/crud_generator.rb

@@ -0,0 +1,191 @@
+#
+# Defines the "crud_generate" method to create routes
+# Load this using "register Sinatra::CrudGenerator"
+#
+# Note that if the :cross_origin_opts key in the crud_generate options is set,
+# then sinatra-cross_origin is a dependency and "register Sinatra::CrossOrigin"
+# should be run first
+#
+
+module Sinatra
+
+  module CrudGenerator
+
+    # private
+    def get_default_secure_params(resource_class)
+      Proc.new do |request|
+        resource_class.new.attributes.keys.reject do |key|
+          key.in? %w{id created_at updated_at}
+        end
+      end
+    end
+
+    # public
+    def crud_generate(
+      resource:, resource_class:, root_path: '/',
+      cross_origin_opts: nil, auth: nil,
+      index: nil, create: nil, read: nil, update: nil, destroy: nil,
+      except: []
+    )
+
+      # the auth argument is a proc that can be used to disallow some requests.
+      # It is passed the request as an argument.
+      # It it returns something truthy, then the result of the auth block is sent
+      # to the client and the route goes no further.
+      # That's why the default proc returns false (to allow all requests)
+
+      # The secure params (for update and create) defaults to all the keys except
+      # id, created_at, and updated_at
+      # It can be specified for a particular route
+      # e.g. to allow no params on create:
+      #    crud_generate(
+      #      ... other opts (resource and resource_class are mandatory)
+      #      create: { secure_params: Proc.new { |request| [] } }
+      #    )
+
+      if cross_origin_opts
+        # Allow CORS preflight requests.
+        # Each individual route still needs to state a CORS policy if it has one.
+        before do
+          if request.request_method == 'OPTIONS'
+            response.headers["Access-Control-Allow-Origin"] = CLIENT_BASE_URL
+            response.headers["Access-Control-Allow-Methods"] = "POST,DELETE,PUT,GET"
+            halt 200
+          end
+        end
+      end
+
+      plural = resource.pluralize
+      raise(
+        ArgumentError, "resource does not have a simple plural"
+      ) unless plural.eql?(resource + "s")
+      
+      default_secure_params_proc = get_default_secure_params(resource_class)
+
+      index ||= {}
+      index = {
+        method: :get,
+        path: "/#{plural}",
+        auth: auth || Proc.new { |request| false },
+        filter: Proc.new { |records| records }
+      }.merge(index)
+
+      create ||= {}
+      create = {
+        method: :post,
+        path: "/#{plural}",
+        auth: auth || Proc.new { |request| false },
+        secure_params: default_secure_params_proc 
+      }.merge(create)
+
+      read ||= {}
+      read = {
+        method: :get,
+        path: "/#{resource}",
+        auth: auth || Proc.new { |request| false } 
+      }.merge(read)
+
+      update ||= {}
+      update = {
+        method: :put,
+        path: "/#{resource}",
+        auth: auth || Proc.new { |request| false },
+        secure_params: default_secure_params_proc
+      }.merge(update)
+
+      destroy ||= {}
+      destroy = {
+        method: :delete,
+        path: "/#{resource}",
+        auth: auth || Proc.new { |request| false } 
+      }.merge(destroy)
+
+      unless except.include?(:index)
+        send(index[:method], index[:path]) do
+          cross_origin(cross_origin_opts) if cross_origin_opts
+          auth_result = index[:auth].call(request)
+          return auth_result if auth_result
+          {
+            success: index[:filter].call(resource_class.all).map(&:public_attributes)
+          }.to_json
+        end
+      end
+
+      # Calls ActiveRecord "save" (via "create"), which is patched by ServerPush
+      unless except.include?(:create)
+        send(create[:method], create[:path]) do
+          cross_origin(cross_origin_opts) if cross_origin_opts
+          auth_result = create[:auth].call(request)
+          return auth_result if auth_result
+          filtered_params = params.select do |key, val|
+            key.in? *create[:secure_params].call(request)
+          end
+          created = resource_class.create(filtered_params)
+          if created.persisted?
+            { success: created.public_attributes }.to_json
+          else
+            { error: created.errors.full_messages }.to_json
+          end
+        end
+      end
+
+      unless except.include?(:read)
+        send(read[:method], read[:path]) do
+          cross_origin(cross_origin_opts) if cross_origin_opts
+          auth_result = read[:auth].call(request)
+          return auth_result if auth_result
+          found = resource_class.find_by(id: params[:id])
+          if found
+            { success: found.attributes }.to_json
+          else
+            { error: ["not found"] }.to_json
+          end
+        end
+      end
+
+      # calls ActiveRecord "update", which is patched by ServerPush
+      unless except.include?(:update)
+        send(update[:method], update[:path]) do
+          cross_origin(cross_origin_opts) if cross_origin_opts
+          auth_result = update[:auth].call(request)
+          return auth_result if auth_result
+          filtered_params = params.select do |key, val|
+            key.in? *create[:secure_params].call(request)
+          end
+          found = resource_class.find_by(id: params[:id])
+          if found
+            update[:secure_params].call.each do |key|
+              found.send(:"#{key}=", params[key])
+            end
+            if found.valid?
+              found.update({})
+              { success: found.public_attributes }.to_json
+            else
+              { error: found.errors.full_messages }.to_json
+            end
+          else
+            { error: ["not found"] }.to_json
+          end
+        end
+      end
+
+      # calls ActiveRecord "destroy" which is patched by ServerPush
+      unless except.include?(:destroy)
+        send(destroy[:method], destroy[:path]) do
+          cross_origin(cross_origin_opts) if cross_origin_opts
+          auth_result = destroy[:auth].call(request)
+          return auth_result if auth_result
+          found = resource_class.find_by(id: params[:id])
+          if found
+            found.destroy!
+            { success: found.attributes }.to_json
+          else
+            { error: ["not found"] }.to_json
+          end
+        end
+      end
+
+    end # /crud_generate
+
+  end
+end

data/lib/server_skeleton/db/migrate/20170312215739_create_todos.rb

@@ -0,0 +1,8 @@
+class CreateTodos < ActiveRecord::Migration[5.0]
+  def change
+    create_table :todos do |t|
+      t.string :text
+      t.timestamps
+    end
+  end
+end

data/lib/server_skeleton/db/schema.rb

@@ -0,0 +1,21 @@
+# This file is auto-generated from the current state of the database. Instead
+# of editing this file, please use the migrations feature of Active Record to
+# incrementally modify your database, and then regenerate this schema definition.
+#
+# Note that this schema.rb definition is the authoritative source for your
+# database schema. If you need to create the application database on another
+# system, you should be using db:schema:load, not running all the migrations
+# from scratch. The latter is a flawed and unsustainable approach (the more migrations
+# you'll amass, the slower it'll run and the greater likelihood for issues).
+#
+# It's strongly recommended that you check this file into your version control system.
+
+ActiveRecord::Schema.define(version: 20170312215739) do
+
+  create_table "todos", force: :cascade do |t|
+    t.string   "text"
+    t.datetime "created_at", null: false
+    t.datetime "updated_at", null: false
+  end
+
+end

data/lib/server_skeleton/models.rb

@@ -0,0 +1,14 @@
+class Todo < ActiveRecord::Base
+  include ServerPush
+
+  def save(*args)
+    self.text ||= ""
+    super(*args)
+  end
+
+  # Every model should have this defined
+  def public_attributes
+    attributes
+  end
+  
+end

data/lib/server_skeleton/server.rb

@@ -1,71 +1,54 @@
-# ================================================
-# Entry to the Sinatra server
-# ------------------------------------------------
-# This file should not be run directly
-# Run it with "thin start"
-# ================================================
-
 require 'sinatra/base'
+require "sinatra/activerecord"
 require 'faye/websocket'
 require 'byebug'
 require 'sinatra_auth_github'
 require('dotenv'); Dotenv.load
 require 'sinatra/cross_origin'
+require 'active_support/all'
 
-# Requires all ruby files in this directory.
-# Orders them by the count of "/" in their filename.
-# Therefore, shallower files are loaded first.
-# The reasoning for this is to support the common convention of naming
-# files according to their contained class hierarchies.
-# i.e. class Foo would be in foo.rb,
-#      class Foo::Bar would be in foo/bar.rb,
-#
-# If there is the situation where a class depends on another that is in a 
-# deeper-nested file, there's always the option to pass the dependency at
-# runtime.
-
-Dir.glob("./**/*.rb").sort_by { |x| x.count("/") }.each do |path|
-  require path
-end
+require './crud_generator'
+require './server_push'
+require './models'
+require './ws'
 
-# The REST routes (listed in this file) cannot store information in the session
-# since it's on another host.
-# Rather, they pass back and forth a token identifier
-#
-# This is the :token param, and is required on all routes except for
-# /token
-#
-# Here's an outline of the flow:
-#
-# 1. Client hits GET /token, gets a new token
-# 2. Client sends token with websocket connection request at GET /ws
-# 3. Client hits GET /authenticate and goes through Github oAuth login
-# 4. Github sends callback to server, which sends the OK to client over websocket
-
-# In leue of sessions, three global objects are used:
-#   Users: <Hash> with keys: <username> and vals: <Set(token)>
-#   AuthenticatedTokens: <hash> with keys: <token> and vals: <username>
-#   Sockets: <hash> with keys: <token> and vals: <socket>
-
-Sockets = {}
-AuthenticatedTokens = {}
 Users = Hash.new { |hash, key| hash[key] = Set.new }
+AuthenticatedTokens = {}
+Sockets = Hash.new { |hash, key| hash[key] = Set.new }
+
+CLIENT_BASE_URL = if ENV["RACK_ENV"] == "production"
+  "https://maxpleaner.github.io"
+else
+  "http://localhost:8080"
+end
 
 class Server < Sinatra::Base
 
+  register Sinatra::ActiveRecordExtension
+
+  # Database config
+  if ENV["RACK_ENV"] == "production"
+    configure :production do
+     db = URI.parse(ENV['DATABASE_URL'] || 'postgres:///localhost/mydb')
+     ActiveRecord::Base.establish_connection(
+       :adapter  => db.scheme == 'postgres' ? 'postgresql' : db.scheme,
+       :host     => db.host,
+       :username => db.user,
+       :password => db.password,
+       :database => db.path[1..-1],
+       :encoding => 'utf8'
+     )
+    end
+  else
+    set :database, {adapter: "sqlite3", database: "db.sqlite3"}
+    set :show_exceptions, true
+  end
+
   set :server, 'thin'
   Faye::WebSocket.load_adapter('thin')
 
-  # Allow some routes to be accessed from different origins
-  # This is unnecessary for websocket requests, since browsers don't implement
-  # the same restictions.
-
   register Sinatra::CrossOrigin
 
-  # Github oAuth setup
-  # session is needed for the Github oAuth gem
-  # but its not used elsewhere
-
   enable :sessions
   set :github_options, {
     scopes: "user",
@@ -74,49 +57,68 @@ class Server < Sinatra::Base
   }
   register Sinatra::Auth::Github
   
-  # ------------------------------------------------
-  # Standard HTTP routes
-  # (get '/ws' is the entrance to the websocket API)
-  # ------------------------------------------------
 
-  # First clients request a token
+  logged_in_only = Proc.new do |request|
+    if AuthenticatedTokens[request.params['token']]
+      false
+    else
+      { error: ["not_authenticated for #{request.request_method} #{request.path_info}"] }.to_json
+    end
+  end
+
+  register Sinatra::CrudGenerator
+  crud_generate(
+    resource: "todo",
+    resource_class: Todo,
+    cross_origin_opts: {
+      allow_origin: CLIENT_BASE_URL
+    },
+    create: { auth: logged_in_only },
+    update: { auth: logged_in_only },
+    destroy: { auth: logged_in_only }
+  )
+
+  get '/health' do
+    cross_origin allow_origin: CLIENT_BASE_URL
+    status 200
+  end
 
   get '/token' do
-    cross_origin allow_origin: "http://localhost:8080"
+    cross_origin allow_origin: CLIENT_BASE_URL
     { token: new_token }.to_json
   end
 
-  # Then they send it in websocket connection request
-  # See server/lib/routes/ws.rb
-
   get '/ws' do
-    Routes::Ws.run(request)
+    Ws.run(request)
   end
 
-  # Then they authenticate with Github
-  #
-  # If the client refreshes the page after logging in, they should have stored
-  # the token in a cookie. If they hit this route with the same token, it
-  # keeps them logged in.
-  #
-  # This needs to be clicked like a regular link - no AJAX
-  #
   # TODO render a proper HTML page after authenticating not just plaintext
   # saying they can close the window.
-
   get '/authenticate' do
-    if token = params["token"]
-      if socket = Sockets[token]
-        unless username = AuthenticatedTokens[token]
+    username = nil
+    token = params["token"]
+    if token
+      sockets = Sockets[token]
+      if sockets.any?
+        username = AuthenticatedTokens[token]
+        unless username
           authenticate!
           username = get_username
-          Users[username] << (token)
           AuthenticatedTokens[token] = username
         end
-        socket.send({
-          action: "logged_in",
-          username: username
-        }.to_json)
+
+        new_token = SecureRandom.urlsafe_base64
+        Sockets[new_token] = Sockets.delete(token)
+        AuthenticatedTokens[new_token] = AuthenticatedTokens.delete(token)
+        Users[username] << new_token
+
+        sockets.each do |socket|
+          socket.send({
+            action: "logged_in",
+            username: username,
+            new_token: new_token
+          }.to_json)
+        end
         "authenticated as #{username}. (this window can be closed)"
       else
         "error. lost your websocket connection (this window can be closed)"
@@ -126,26 +128,22 @@ class Server < Sinatra::Base
     end
   end
 
-  # This is hit over AJAX
-  # This closes the websocket connection
-  # Clients should request a new token and reconnect to ws after logging out
-
   get '/logout' do
-    cross_origin allow_origin: "http://localhost:8080"
+    cross_origin allow_origin: CLIENT_BASE_URL
     token = params[:token]
     if token
       if username = AuthenticatedTokens[token]
         logout!
         AuthenticatedTokens.delete token
         Users[username].delete token
-        Sockets[token].close
+        Sockets[token].each { |ws| ws.close(1000, "logged_out") }
         Sockets.delete token
         { success: "logged out" }.to_json
       else
-        { error: "can't find user to log out" }.to_json
+        { error: ["can't find user to log out"] }.to_json
       end
     else
-      { error: 'cant log out; no token provided' }.to_json
+      { error: ['cant log out; no token provided'] }.to_json
     end
   end
 

data/lib/server_skeleton/server_push.rb

@@ -0,0 +1,53 @@
+# included into ActiveRecord models
+module ServerPush
+
+  # Can be overridden in model to limit who gets updates
+  # Returns a list of sockets (by default all of them)
+  def publish_to
+    Sockets.values.map(&:to_a).flatten
+  end
+  
+  def save(*args)
+    should_push = valid? && !persisted?
+    result = super(*args)
+    if should_push
+      publish_to.each do |socket|
+        socket.send({
+          action: "add_record",
+          type: self.class.to_s.underscore,
+          record: public_attributes
+        }.to_json)
+      end
+    end
+    result
+  end
+
+  def update(*args)
+    result = super(*args)
+    if result
+      publish_to.each do |socket|
+        socket.send({
+          action: "update_record",
+          type: self.class.to_s.underscore,
+          record: public_attributes  
+        }.to_json)
+      end
+    end
+    result
+  end
+
+  def destroy(*args)
+    result = super(*args)
+    unless persisted?
+      publish_to.each do |socket|
+        socket.send({
+          action: "destroy_record",
+          type: self.class.to_s.underscore,
+          record: public_attributes  
+        }.to_json)
+      end
+    end
+    result
+  end  
+
+end

data/lib/server_skeleton/{lib/routes/ws.rb → ws.rb}

@@ -1,6 +1,5 @@
-class Routes::Ws
+class Ws
 
-  # Opens a new websocket connection from a request
   def self.run(request)
     return unless Faye::WebSocket.websocket?(request.env)
     socket = Faye::WebSocket.new(request.env)
@@ -13,7 +12,7 @@ class Routes::Ws
   def self.onopen(request, ws)
     token = request.params["token"]
     if token
-      Sockets[token] = ws
+      Sockets[token] << ws
     else
       ws.close
     end
@@ -21,19 +20,26 @@ class Routes::Ws
 
   def self.onmessage(request, ws, msg_data)
     data = JSON.parse msg_data
-    if data["action"] == "try_authenticate"
-      try_authenticate(ws, data["token"])
+    token = data["token"]
+    user = find_username(token)
+    case data["action"]
+    when "try_authenticate" then try_authenticate(ws, token)
     end
   end
 
   def self.onclose(request, ws)
-    delete_socket(request, ws)
+    token = CGI.parse(URI.parse(ws.url).to_s)["token"]
+    Sockets.delete token
   end
 
   class << self
 
     private
 
+    def find_username(token)
+      AuthenticatedTokens[token]
+    end
+
     def try_authenticate(ws, token)
       if username = AuthenticatedTokens[token]
         ws.send({
@@ -47,11 +53,6 @@ class Routes::Ws
       EM.next_tick { ws.send msg.to_json }
     end
 
-    def delete_socket(request, ws)
-      token = CGI.parse(URI.parse(ws.url).to_s)["token"]
-      Sockets.delete token
-    end
-
   end
 
 end

data/lib/version.rb

@@ -1,3 +1,3 @@
 module SinatraSockets
-  VERSION = '0.0.6'
+  VERSION = '0.0.7'
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: sinatra_sockets
 version: !ruby/object:Gem::Version
-  version: 0.0.6
+  version: 0.0.7
 platform: ruby
 authors:
 - maxpleaner
@@ -35,11 +35,17 @@ files:
 - bin/sinatra_sockets
 - lib/server_skeleton/Gemfile
 - lib/server_skeleton/Gemfile.lock
+- lib/server_skeleton/Procfile
 - lib/server_skeleton/README.md
+- lib/server_skeleton/Rakefile
 - lib/server_skeleton/config.ru
-- lib/server_skeleton/lib/routes.rb
-- lib/server_skeleton/lib/routes/ws.rb
+- lib/server_skeleton/crud_generator.rb
+- lib/server_skeleton/db/migrate/20170312215739_create_todos.rb
+- lib/server_skeleton/db/schema.rb
+- lib/server_skeleton/models.rb
 - lib/server_skeleton/server.rb
+- lib/server_skeleton/server_push.rb
+- lib/server_skeleton/ws.rb
 - lib/sinatra_sockets.rb
 - lib/version.rb
 homepage: http://github.com/maxpleaner/sinatra_sockets

data/lib/server_skeleton/lib/routes.rb

@@ -1,2 +0,0 @@
-class Routes
-end