sp-job 0.2.3 → 0.3.22

data/lib/sp/job/jwt.rb

@@ -25,11 +25,61 @@ module SP
   module Job
   	class JWTHelper
 
-		# encode & sign jwt
-		def self.encode(key:, payload:)
-			rsa_private = OpenSSL::PKey::RSA.new( File.read( key ) )
-			return JWT.encode payload, rsa_private, 'RS256', { :typ => "JWT" }
-		end #self.encodeJWT
+  		# encode & sign jwt
+  		def self.encode(key:, payload:)
+  			rsa_private = OpenSSL::PKey::RSA.new( File.read( key ) )
+  			return JWT.encode payload, rsa_private, 'RS256', { :typ => "JWT" }
+  		end #self.encodeJWT
+
+      # key: Path of the private key to be used on encoding
+      # jwt_validity: Must be set in hours
+      # tube: Name of the tube
+      # ttr: Job max execution time in seconds
+      # payload: Data to be used on the job
+      def self.jobify(key:, jwt_validity: 24, tube:, ttr: 8600, payload:)
+        # UTC timestamp
+        now        = Time.now.getutc.to_i
+        # Expire
+        exp_offset = jwt_validity * 60 * 60
+        exp        = now + exp_offset
+        # Issued At
+        iat        = now
+        # Not before
+        nbf        = now
+
+        job_payload = { tube: tube }
+        job_payload.merge!(payload)
+
+        self.encode(key: key, payload: {
+          action: 'job',
+          exp: exp, # Data de expiração
+          iat: iat, # Issued at
+          nbf: nbf, # Not before
+          job: {
+            tube: tube,
+            ttr: ttr,
+            payload: job_payload
+          }
+        })
+      end
+
+      # Submit a jwt for a job
+      def self.submit (url:, jwt:)
+        response = HttpClient.get_klass.post(
+          url: url,
+          headers: {
+            'Content-Type' => 'application/text'
+          },
+          body: jwt,
+          expect: {
+            code: 200,
+            content: {
+              type: 'application/json'
+            }
+          }
+        )
+        response
+      end
 
     end # end class 'JWT'
   end # module Job

data/lib/sp/job/mail_queue.rb

@@ -44,11 +44,18 @@ module SP
           body:        job[:body],
           template:    job[:template],
           to:          job[:to],
+          cc:          job[:cc],
           reply_to:    job[:reply_to],
           subject:     job[:subject],
-          attachments: job[:attachments]
+          attachments: job[:attachments],
+          session: {
+            user_id: job[:user_id],
+            entity_id: job[:entity_id],
+            role_mask: job[:role_mask],
+            module_mask: job[:module_mask]
+          }
         )
-        logger.info "mailto: #{job[:to]} - #{job[:subject]}"
+        logger.info "mail - to: #{job[:to]} cc: #{job[:cc]} subject: #{job[:subject]}"
       end
 
       def self.on_failure (e, job)

data/lib/sp/job/manticore_http_client.rb

@@ -0,0 +1,94 @@
+#
+# Copyright (c) 2011-2016 Cloudware S.A. All rights reserved.
+#
+# This file is part of sp-job.
+#
+# sp-job is free software: you can redistribute it and/or modify
+# it under the terms of the GNU Affero General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# sp-job is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU Affero General Public License
+# along with sp-job.  If not, see <http://www.gnu.org/licenses/>.
+#
+# encoding: utf-8
+#
+
+#
+# A helper class to do HTTP request without session management.
+#
+
+require 'manticore'
+require_relative 'easy_http_client'
+
+module SP
+  module Job
+    class ManticoreHTTPClient < EasyHttpClient
+      def self.post(url:, headers:, body:, expect:, conn_options: {})
+        conn_options[:connection_timeout] ||= 10
+        conn_options[:request_timeout] ||= 60
+        client = ::Manticore::Client.new(socket_timeout: conn_options[:connection_timeout], request_timeout: conn_options[:request_timeout])
+        nr = self.normalize_response(response: client.post(url, body: body, headers: headers))
+
+        # compare status code
+        if nr[:code] != expect[:code]
+          if 401 == nr[:code]
+            raise ::SP::Job::JSONAPI::Error.new(status: nr[:code], code: 'A01', detail: nil)
+          else
+            raise ::SP::Job::JSONAPI::Error.new(status: nr[:code], code: 'B01', detail: nil)
+          end
+        end
+
+        # compare content-type
+        if nr[:content][:type] != expect[:content][:type]
+          raise ::SP::Job::JSONAPI::Error.new(status: 500, code: 'I01', detail: "Unexpected 'Content-Type': #{nr[:content][:type]}, expected #{expect[:content][:type]}!")
+        end
+
+        # done
+        nr
+      end
+
+      def self.get(url:)
+        client = ::Manticore::Client.new
+        self.normalize_response(response: client.get(url))
+      end
+
+      def self.delete(url:, headers:)
+        client = ::Manticore::Client.new
+        self.normalize_response(response: client.delete(url, headers: headers))
+      end
+
+      private
+
+      def self.normalize_response(response:)
+        o = {
+          code: response.code,
+          body: response.body,
+          description: http_reason(code: response.code),
+          content: {
+            type: nil,
+            length: 0
+          }
+        }
+
+        response.headers.each do |key, value|
+          case key
+          when 'content-type'
+            o[:content][:type] = value
+          when 'content-length'
+            o[:content][:length] = value
+          end
+        end
+
+        o
+      end
+
+
+    end
+  end
+end

data/lib/sp/job/pg_connection.rb

@@ -31,6 +31,7 @@ module SP
       # Public Attributes
       #
       attr_accessor :connection
+      attr_reader :config
 
       #
       # Prepare database connection configuration.
@@ -58,6 +59,7 @@ module SP
             @treshold = new_min.to_i
           end
         end
+        @transaction_open = false
       end
 
       #
@@ -87,7 +89,7 @@ module SP
       # @param args all the args for the query
       # @return query result.
       #
-      def exec (query, *args)
+      def execp (query, *args)
         @mutex.synchronize {
           if nil == @connection
             _connect()
@@ -95,7 +97,24 @@ module SP
           _check_life_span()
           unless @id_cache.has_key? query
             id = "p#{Digest::MD5.hexdigest(query)}"
-            @connection.prepare(id, query)
+            begin
+              @connection.prepare(id, query)
+            rescue PG::DuplicatePstatement => ds
+              tmp_debug_str = ""
+              @id_cache.each do | k, v |
+                if v == id || k == query
+                  tmp_debug_str += "#{v}: #{k}\n"
+                  break
+                end
+              end
+              if 0 == tmp_debug_str.length
+                  tmp_debug_str = "~~~\nAll Entries:\n" + @id_cache.to_s
+              else
+                  tmp_debug_str = "~~~\nCached Entry:\n#{tmp_debug_str}"
+              end
+              tmp_debug_str += "~~~\nNew Entry: #{id}:#{query}\n"
+              raise "#{ds.message}\n#{tmp_debug_str}"
+            end
             @id_cache[query] = id
           else
             id = @id_cache[query]
@@ -105,14 +124,21 @@ module SP
       end
 
       #
-      # Execute a query,
+      # Execute a normal SQL statement.
       #
-      # @param query
+      # @param query the SQL query with data binding
+      # @param args all the args for the query
+      # @return query result.
       #
-      def query (query:)
+      def exec (query, *args)
         @mutex.synchronize {
-          unless query.nil?
-            _check_life_span()
+          if nil == @connection
+            _connect()
+          end
+          _check_life_span()
+          if args.length > 0
+            @connection.exec(sprintf(query, *args))
+          else
             @connection.exec(query)
           end
         }
@@ -134,20 +160,71 @@ module SP
         @config[:conn_str]
       end
 
+      #
+      # Call this to open a transaction
+      #
+      def begin
+        @mutex.synchronize {
+          if nil == @connection
+            _connect()
+          end
+          _check_life_span()
+          r = @connection.exec("BEGIN;")
+          if PG::PGRES_COMMAND_OK != r.result_status
+            raise "Unable to BEGIN a new transaction!"
+          end
+          @transaction_open = true
+        }
+      end
+
+      #
+      # Call this to commit the currently open transaction
+      #
+      def commit
+        @mutex.synchronize {
+          if nil != @connection && true == @transaction_open
+            r = @connection.exec("COMMIT;")
+            if PG::PGRES_COMMAND_OK != r.result_status
+              raise "Unable to COMMIT a transaction!"
+            end
+            @transaction_open = false
+          end
+        }
+      end
+
+      #
+      # Call this to open a transaction
+      #
+      def rollback
+        @mutex.synchronize {
+          if nil != @connection && true == @transaction_open
+            r = @connection.exec("ROLLBACK;")
+            if PG::PGRES_COMMAND_OK != r.result_status
+              raise "Unable to ROLLBACK a transaction!"
+            end
+            @transaction_open = false
+          end
+        }
+
+      end
+
       private
 
-      def _connect () 
+      def _connect ()
         _disconnect()
         @connection = PG.connect(@config[:conn_str])
       end
 
       def _disconnect ()
+        @transaction_open = false
         if @connection.nil?
           return
         end
 
-        @connection.exec("DEALLOCATE ALL")
-        @id_cache = {}
+        if @id_cache.size
+          @connection.exec("DEALLOCATE ALL")
+          @id_cache = {}
+        end
 
         @connection.close
         @connection = nil
@@ -158,6 +235,9 @@ module SP
       # Check connection life span
       #
       def _check_life_span ()
+        if true == @transaction_open
+          return
+        end
         return unless @treshold > 0
         @counter += 1
         if @counter > @treshold

data/lib/sp/job/query_params.rb

@@ -0,0 +1,45 @@
+#
+# Copyright (c) 2011-2016 Cloudware S.A. All rights reserved.
+#
+# This file is part of sp-job.
+#
+# sp-job is free software: you can redistribute it and/or modify
+# it under the terms of the GNU Affero General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# sp-job is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU Affero General Public License
+# along with sp-job.  If not, see <http://www.gnu.org/licenses/>.
+#
+# encoding: utf-8
+#
+
+require 'cgi'
+
+module SP
+  module Job
+    module QueryParams
+
+      def self.encode(value, key = nil)
+        case value
+        when Hash  then value.map { |k,v| encode(v, append_key(key,k)) }.join('&')
+        when Array then value.map { |v| encode(v, "#{key}[]") }.join('&')
+        when nil   then ''
+        else
+          "#{key}=#{CGI.escape(value.to_s)}"
+        end
+      end
+
+      private
+
+      def self.append_key(root_key, key)
+        root_key.nil? ? key : "#{root_key}[#{key.to_s}]"
+      end
+    end
+  end
+end

data/lib/sp/job/rfc822.rb

@@ -0,0 +1,13 @@
+module RFC822
+  module Patterns
+    ATOM     = "[^\\x00-\\x20\\x22\\x28\\x29\\x2c\\x2e\\x3a-\\x3c\\x3e\\x40\\x5b-\\x5d\\x7f-\\u00ff]+"
+    QTEXT    = "[^\\x0d\\x22\\x5c\\u0080-\\u00ff]"
+    QPAIR    = "\\x5c[\\x00-\\x7f]"
+    QSTRING  = "\\x22(?:#{QTEXT}|#{QPAIR})*\\x22"
+    WORD     = "(?:#{ATOM}|#{QSTRING})"
+    LOCAL_PT = "#{WORD}(?:\\x2e#{WORD})*"
+    ADDRESS  = "#{LOCAL_PT}\\x40(?:#{URI::REGEXP::PATTERN::HOSTNAME})?#{ATOM}"
+  end
+
+  EMAIL = /\A#{Patterns::ADDRESS}\z/
+end

data/lib/sp/job/session.rb

@@ -0,0 +1,239 @@
+#
+# Copyright (c) 2017-2018 Cloudware S.A. All rights reserved.
+#
+# This file is part of sp-job.
+#
+# sp-job is free software: you can redistribute it and/or modify
+# it under the terms of the GNU Affero General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# sp-job is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU Affero General Public License
+# along with sp-job.  If not, see <http://www.gnu.org/licenses/>.
+#
+# encoding: utf-8
+#
+
+#
+# Helper class to create simplifed OAUTH sessions suitable for jobs and casper applications, for the full blown OAUTH scene check casper-nginx-broker
+#
+
+module SP
+  module Job
+
+    class Session
+
+      attr_reader :access_ttl
+      attr_reader :refresh_ttl
+
+      def initialize (configuration:, serviceId:, multithread: false, programName:, redis:)
+        @sid           = serviceId
+        @access_ttl    = configuration[:oauth2][:access_ttl]  || (1 * 3600)  # Duration of the access tokens
+        @refresh_ttl   = configuration[:oauth2][:refresh_ttl] || (2 * 3600)  # Duration of the refresh tokens
+        @tolerance_ttl = configuration[:oauth2][:deleted_ttl] || 30          # Time a deleted token will remain "alive"
+        @redis         = redis
+        @session_base  = {
+          patched_by:   programName,
+          client_id:    configuration[:oauth2][:client_id],
+          redirect_uri: configuration[:oauth2][:redirect_uri],
+          scope:        configuration[:oauth2][:scope],
+          issuer:       programName
+        }
+
+        if multithread
+          raise 'Multithreading is not supported in MRI/CRuby' unless RUBY_ENGINE == 'jruby'
+          @redis_mutex = Mutex.new
+        else
+          @redis_mutex = nil
+        end
+      end
+
+      #
+      # Thread safe redis driver, pass a block to execute a generic redis operation
+      #
+      def redis
+        # callback is not optional
+        if @redis_mutex.nil?
+          yield(@redis)
+        else
+          # ... to enforce safe usage!
+          @redis_mutex.synchronize {
+            yield(@redis)
+          }
+        end
+      end
+
+      #
+      # Create a brand new access token with optional refresh token
+      #
+      # @param patch symbolicated hash with session data
+      # @param with_refresh when true the refresh token is also created, when false just access
+      # @return access_token or access_token and refresh token
+      #
+      def create (patch:, with_refresh: false)
+        session = patch.merge(@session_base)
+        session[:created_at] = Time.new.iso8601
+        if with_refresh
+          refresh_token = create_token(session: session, refresh_token: true)
+          session[:refresh_token] = refresh_token
+        else
+          session.delete(:refresh_token)
+          refresh_token = nil
+        end
+        access_token = create_token(session: session)
+        return access_token, refresh_token
+      end
+
+      #
+      # Create an access token by clonning a refresh token
+      #
+      # @param refresh_token the id of the refresh token
+      # @param session symbolicated session data
+      #
+      def create_from_refresh (refresh_token:, session:)
+        session[:created_at] = Time.new.iso8601
+        session[:refresh_token] = refresh_token
+        return create_token(session: session)
+      end
+
+      #
+      # Retrieve session hash from redis, keys are symbolicated
+      #
+      # @param token The access or refresh token
+      # @param refresh true for refresh, false for access_token
+      #
+      def get (token:, refresh: false)
+        key = "#{@sid}:oauth:#{refresh ? 'refresh_token' : 'access_token'}:#{token}"
+        session = nil
+        redis do |r|
+          session = r.hgetall(key)
+        end
+        rv = Hash.new
+        session.each do |key,value|
+          rv[key.to_sym] = value
+        end
+        return rv
+      end
+
+      #
+      # Create a token pair session by merging an existing access_token with the given patch
+      #
+      # @param token The access token to retrieve the original session hash
+      # @param patch a symbolicated hash that will overide existing keys and/or add new ones
+      #
+      # @note Use null values on the patch to delete keys from the original session
+      #
+      def patch (token:, patch:)
+        session = get(token: token)
+        refresh_token = session[:refresh_token]
+        patch.each do |key, value|
+          if value.nil?
+            session.delete(key)
+          else
+            session[key] = value
+          end
+        end
+        at, rt = create(patch: session, with_refresh: refresh_token != nil)
+        dispose(token: token, refresh_token: refresh_token)
+        return at,rt
+      end
+
+      #
+      # Cross patch, creates a new token on the current cluster by patching a source token from another cluster
+      #
+      # @param source session handler from which the original token is read
+      # @param token id of the original token on the source cluster
+      # @param patch symbolicated hash that is fused into source cluster
+      # @return fresh pait of access_token and refresh_token
+      #
+      def x_patch (source:, token:, patch:)
+        session = source.get(token: token)
+        refresh_token = session[:refresh_token]
+        patch.each do |key, value|
+          if value.nil?
+            session.delete(key)
+          else
+            session[key] = value
+          end
+        end
+        at, rt = create(patch: session, with_refresh: refresh_token != nil)
+        source.dispose(token: token, refresh_token: refresh_token)
+        return at,rt
+      end
+
+      #
+      # Delete tokens, immediately or after a grace period.
+      #
+      # @param token access token to dispose
+      # @param refresh_token (optional) refresh token to dispose
+      # @param timeleft grace period to keep the token alive, 0 to dispose immediately
+      #
+      # @note if the refresh token is not supplied attempts to retrive it from the access token
+      #
+      def dispose (token:, refresh_token: nil, timeleft: nil)
+        timeleft ||= @tolerance_ttl
+        key = "#{@sid}:oauth:access_token:#{token}"
+        redis do |r|
+          if refresh_token.to_s.size == 0
+            refresh_token = r.hget(key, 'refresh_token')
+          end
+          if refresh_token.to_s.size != 0
+            rkey = "#{@sid}:oauth:refresh_token:#{refresh_token}"
+            r.expire(rkey, timeleft)
+          end
+          r.expire(key, timeleft)
+        end
+      end
+
+      #
+      # Extend the life of a token by timetolive seconds
+      #
+      # @param token the token to preserve
+      # @param refresh true it's a refresh token, false for access
+      # @param timetolive new duration in seconds
+      #
+      def extend (token:, refresh: false, timetolive:)
+        key = "#{@sid}:oauth:#{refresh ? 'refresh_token' : 'access_token'}:#{token}"
+        rv  = 0
+        redis do |r|
+          rv = r.expire(key, timetolive)
+        end
+        return rv
+      end
+
+      protected
+
+      def create_token (session:, refresh_token: false)
+        token = nil
+        3.times do
+          token = SecureRandom.hex(32)
+          key = "#{@sid}:oauth:#{refresh_token ? 'refresh_token' : 'access_token'}:#{token}"
+          hset = []
+          session.each do |key, value|
+            unless value.nil?
+              hset << key
+              hset << value.to_s
+            end
+          end
+          redis do |r|
+            unless r.exists(key)
+              r.pipelined do
+                r.hmset(key, hset)
+                r.expire(key, refresh_token ? @refresh_ttl : @access_ttl)
+              end
+              return token
+            end
+          end
+        end
+        return nil
+      end
+
+    end
+
+  end
+end