sq_auth 0.0.18

data/.gitignore

@@ -0,0 +1,5 @@
+*.gem
+.bundle
+Gemfile.lock
+pkg/*
+*.*.sw*

data/.rspec

@@ -0,0 +1 @@
+--color

data/Gemfile

@@ -0,0 +1,4 @@
+source "http://rubygems.org"
+
+# Specify your gem's dependencies in sq_auth.gemspec
+gemspec

data/Rakefile

@@ -0,0 +1,7 @@
+require "bundler/gem_tasks"
+require "rspec/core/rake_task"
+
+RSpec::Core::RakeTask.new
+
+task :default => :spec
+task :test => :spec

data/examples/client.rb

@@ -0,0 +1,23 @@
+require 'sinatra'
+require 'sq_auth'
+
+enable :sessions
+set :port, 7842
+
+SqAuth.connect(host: "localhost", port: 3000) do |d|
+  d.project_name = "Project"
+end
+
+get ["admin"], "/something" do
+  <<-EOF
+    Logined to something with params #{params}
+    <br>
+    #{SqAuth.with_sq_auth("admin::super", "Project"){"You can't see it"}}
+    <br>
+    #{access_for("admin"){"You can see it"}}
+  EOF
+end
+
+get "/abc" do
+  params.to_s
+end

data/examples/server.rb

@@ -0,0 +1,37 @@
+require 'sinatra'
+require 'json'
+require 'net/http'
+require 'uri'
+set :port, 7843
+
+get "/health" do
+  "OK"
+end
+
+post "/check_role" do
+  unless params[:role][/admin/]
+    {:role_exist => true}.to_json
+  else
+    {:role_exist => false}.to_json
+  end
+end
+
+get "/login" do
+  uri = URI::parse(params[:callback])
+  new_uri = URI::HTTP.build(host: uri.host, port: uri.port, path: "/save_session")
+
+  <<-EOF
+  <body>
+    <a href='#{params[:callback]}'>Back</a>
+    <form action="#{new_uri}" method="post">
+      <input type="text" name="sqauthsession" value="mydata" />
+      <input style="display:none" type="text" name="callback" value="#{params[:callback]}" />
+      <input type="submit" />
+    </form>
+  </body>
+  EOF
+end
+
+get "/push_session" do
+  push_session_to_client params[:client]
+end

data/lib/sq_auth/sq_auth_access.rb

@@ -0,0 +1,103 @@
+module SqAuth
+  class SqAuthAccess
+    DEFAULT_ACCESS_PATH = "/access_partial"
+    DEFAULT_DRAW_PROC = Proc.new {|uri, callback, role, project, session| SqAuthUtils::default_draw_template(uri, callback, role, project, session)}
+    DEFAULT_DATA_PROC = Proc.new { "Forbidden" }
+    DEFAULT_OPTIONS = {project: "Project", https: true}
+    attr_accessor :login_path, :callback, :project_name, :gateway_ip
+    def initialize options={}
+      @options = options
+      @data_proc = DEFAULT_DATA_PROC
+      @draw_proc = DEFAULT_DRAW_PROC
+      @login_path = DEFAULT_ACCESS_PATH
+      @gateway_ip = nil
+    end
+
+    def connect options = {}
+      options = DEFAULT_OPTIONS.merge(options)
+      @project_name = options[:project]
+      @gateway_ip = options[:gateway_ip]
+      yield self if block_given?
+      SqAuthIntegration.alter_environment options
+      @session_provider = SqAuthClient.new options
+    end
+
+    def draw_when_not_logged_in &block
+      @draw_proc = block
+    end
+
+    def data_when_not_logged_in &block
+      @data_proc = Proc.new {|*args| block.call(*args)}
+    end
+
+    def get_not_logged_in_proc type = nil
+      if type == true || type.nil?
+        @draw_proc
+      else
+        @data_proc
+      end
+    end
+
+    def check_session_provider
+      raise "Authentication service not specified" unless @session_provider
+    #  raise "Authentication service unavailable" unless @session_provider.available?
+    end
+
+    def api_filter(roles, project = @project_name, when_ok, when_no_role, options)
+      check_session_provider
+      not_logged_in_proc = get_not_logged_in_proc(options[:draw])
+      if sq_auth_filter(roles, project, options)
+        when_ok.call
+      else
+        when_no_role.(not_logged_in_proc.(login_to, callback, roles, project, @session_provider.session_for_current_user))
+      end
+    end
+
+    def sq_auth_filter(roles, project = @project_name, options = {})
+      @session_provider.session_for_current_user && @session_provider.role_exist_for_current_user?(roles, project)
+    end
+
+
+    def when_not_authenticated(roles, project, options = {})
+      not_logged_in_proc = get_not_logged_in_proc(options[:draw])
+      not_logged_in_proc.call(login_to, callback, roles, project, @session_provider.session_for_current_user)
+    end
+
+    def draw_when_not_authenticated(roles, project = @project_name)
+      when_not_authenticated(roles, project, {:draw => true})
+    end
+
+    def message_when_not_authenticated(roles = [], project = @project_name)
+      when_not_authenticated(roles, project, {:draw => false})
+    end
+
+    def with_sq_auth(roles, project = @project_name, options = {}, &block)
+      check_session_provider
+      binded_self = options[:binding].is_a?(Binding) ? eval("self", options[:binding]) : self
+      if sq_auth_filter(roles, project, options)
+        binded_self.instance_eval(&block) if block_given?
+      else
+        when_not_authenticated(roles, project, options)
+      end
+    end
+
+    def save_session_for_current_user sqauthsession
+      @session_provider.create_session_for_current_user sqauthsession
+    end
+
+    def current_user_ip= ip
+      if @gateway_ip
+        @session_provider.user.user_ip = @gateway_ip
+      else
+        @session_provider.user.user_ip = ip
+      end
+      p @session_provider.user.user_ip
+    end
+
+    def login_to
+      uri = @session_provider.auth_server_uri
+      uri.path = "#@login_path"
+      uri.to_s
+    end
+  end
+end

data/lib/sq_auth/sq_auth_client.rb

@@ -0,0 +1,72 @@
+module SqAuth
+  class SqAuthClient
+
+    def initialize options = {}
+      @https = !!options[:https]
+      @host = options[:host] || "localhost"
+      @port = (options[:port] || (@https ? 443 : 80)).to_i
+      @username = options[:username]
+      @password = options[:password]
+      @server = options[:server_type] || SqAuth::SqAuthServer::BasicServer
+      @user = options[:user_type] || SqAuth::SqAuthUser::BasicUser.new
+      @sessions = SqAuth::SqAuthSessions.new
+    end
+
+    def create_session_for_current_user session
+      create_session current_user, session
+    end
+
+    def session_for_current_user
+      session_for current_user
+    end
+
+    def check_connection
+      send_request :check_connection
+    end
+
+    def available?
+      response = check_connection
+      response.is_a?(Hash) && response[:status] == "200"
+    end
+
+    def role_exist_for_current_user? role, project
+      role_exist? current_user, role, project
+    end
+
+    def user
+      @user
+    end
+
+    def current_user
+      @user.current_user
+    end
+
+    def create_session user, session
+      @sessions[user] = session
+    end
+
+    def session_for user
+      p @sessions
+      @sessions[user]
+    end
+
+    def role_exist? user, roles, project
+      request_hash = {sqauthsession: session_for(user), roles: [*roles], auth_name: project, ip: user[:ip]}
+      response = send_request :check_role, request_hash
+      response.is_a?(Hash) && response[:data].is_a?(Hash) && (response[:data]["role_exist"] == true)
+    end
+
+    def send_request request_name, params = nil
+      @server.send(request_name, params, host_options)
+    end
+
+    def host_options
+      {host: @host, port: @port, username: @username, password: @password, https: @https}
+    end
+
+    def auth_server_uri
+      uri_builder = (@https ? URI::HTTPS : URI::HTTP)
+      uri_builder.build(host: @host, port: @port)
+    end
+  end
+end

data/lib/sq_auth/sq_auth_helpers/sq_auth_helpers_dsl.rb

@@ -0,0 +1,61 @@
+module SqAuth
+  module SqAuthHelpers
+    module DSL
+      def sq_auth_access &block
+        self.instance_eval &block
+      end
+
+      def access_actions *actions, &block
+        @sq_auth_actions_only = *actions
+        yield block if block_given?
+        @sq_auth_actions_only = nil
+      end
+
+      def access_action *action, &block
+        access_actions [*action], &block
+      end
+
+
+
+      def draw_for *roles, &block
+        access_for([*roles], &block)
+      end
+
+    end
+
+    module SinatraDSL
+      def show_to *roles
+        create_filter [*roles]
+      end
+      def execute_for *roles
+        create_filter [*roles], {draw: false}
+      end
+    end
+
+    module RailsDSL
+      def access_actions_except *actions, &block
+        @sq_auth_actions_except = *actions
+        yield block if block_given?
+        @sq_auth_actions_except = nil
+      end
+
+      def access_action_except *action, &block
+        access_actions_except [*action], &block
+      end
+
+      def method_missing m, *args, &block
+        begin
+          super
+        rescue NoMethodError
+          if m[/^show_.+_to$/]
+            format = m.to_s.scan(/^show_(.+)_to$/).flatten.first
+            create_filter args, {:format_type => format}
+          else
+            raise NoMethodError
+          end
+        end
+      end
+    end
+
+  end
+end

data/lib/sq_auth/sq_auth_helpers/sq_auth_helpers_rails.rb

@@ -0,0 +1,39 @@
+module SqAuth
+  module SqAuthHelpers
+    module ActionController
+      def self.included(base)
+        base.extend ClassMethods
+      end
+
+      module ClassMethods
+        include SqAuth::SqAuthHelpers::DSL
+        include SqAuth::SqAuthHelpers::RailsDSL
+        def create_filter roles, options = {}
+          filter_options = {}
+          filter_options[:only] = @sq_auth_actions_only
+          filter_options[:except] = @sq_auth_actions_except
+          before_filter(filter_options) do |controller|
+            format_type = options[:format_type]
+            format_condition = (format_type == "all") || (format_type.nil?) || (controller.request.format.send("#{format_type}?".to_sym))
+            if format_condition
+              error_proc = nil
+              api_options = {}
+              if format_type == "json"
+                error_proc = Proc.new do |message|
+                  render json: message
+                end
+                api_options[:draw] = false
+              else
+                error_proc = Proc.new do |message|
+                  render text: message
+                end
+                api_options[:draw] = true
+              end
+              SqAuth.api_filter(roles, Proc.new {}, error_proc, api_options)
+            end
+          end
+        end
+      end
+    end
+  end
+end

data/lib/sq_auth/sq_auth_helpers/sq_auth_helpers_sinatra.rb

@@ -0,0 +1,25 @@
+module SqAuth
+  module SqAuthHelpers
+    module Sinatra
+      include SqAuth::SqAuthHelpers::SinatraDSL
+      include SqAuth::SqAuthHelpers::DSL
+
+      def create_filter roles, options = {}
+        action = nil
+        action = [*@sq_auth_actions_only].flatten.first if @sq_auth_actions_only
+
+        if !roles.empty?
+          ok_proc = Proc.new {}
+          error_proc = Proc.new do |message|
+            throw(:halt, [401, message])
+          end
+          before(action) do
+            SqAuth.api_filter(roles, ok_proc, error_proc, options)
+          end
+        end
+      end
+
+
+    end
+  end
+end

data/lib/sq_auth/sq_auth_integration/sq_auth_action_controller.rb

@@ -0,0 +1,16 @@
+module SqAuth
+  module SqAuthIntegration
+    module SqAuthActionController 
+      def self.check_environment
+        defined?(ActionController::Base)
+      end
+
+      def self.alter_environment options={}
+        ActionController::Base.instance_eval do
+          include SqAuth::SqAuthHelpers::ActionController
+        end
+      end
+
+    end
+  end
+end

data/lib/sq_auth/sq_auth_integration/sq_auth_integration.rb

@@ -0,0 +1,23 @@
+module SqAuth
+  module SqAuthIntegration
+    def self.alter_environment options = {}
+      @already_altered ||= []
+      alter_modules = SqAuth::SqAuthIntegration.constants.map do |const|
+        alter_module = nil
+        check_module = SqAuth::SqAuthIntegration.const_get(const)
+        if check_module.kind_of?(Module) && check_module.respond_to?(:alter_environment) && check_module.respond_to?(:check_environment)
+          alter_module = check_module
+        end
+        alter_module
+      end.compact
+      alter_modules.each do |m|
+        unless @already_altered.include? m
+          if m.check_environment
+            @already_altered << m
+            m.alter_environment options
+          end
+        end
+      end
+    end
+  end
+end

data/lib/sq_auth/sq_auth_integration/sq_auth_rack.rb

@@ -0,0 +1,89 @@
+module SqAuth
+  module SqAuthIntegration
+    module SqAuthRack
+      def self.check_environment
+        defined?(Rack)
+      end
+      def self.alter_environment options={}
+        if defined?(Rails)
+          Rails.application.class.instance_eval do
+            config.middleware.use Rack::Session::Cookie, :expire_after => 2592000
+            config.middleware.use SqAuth::SqAuthIntegration::SqAuthRack::Middleware
+          end
+        else
+          use Rack::Session::Cookie, :expire_after => 2592000
+          use SqAuth::SqAuthIntegration::SqAuthRack::Middleware
+        end
+      end
+
+      class Middleware
+        attr_accessor :app, :env
+        def call(env)
+          req = Rack::Request.new(env)
+          SqAuth.access.callback = callback_uri(env)
+          SqAuth.access.current_user_ip = env["HTTP_X_FORWARDED_FOR"] || env["REMOTE_ADDR"]
+          SqAuth.access.save_session_for_current_user (env["rack.session"]||{})[:sqauthsession]
+          form_hash = req.params||{}
+          if auth_request?(env, form_hash)
+            redirect_to_callback(env, form_hash)
+          else
+            pass_through env
+          end
+        end
+
+        def auth_request? env, form_hash
+          env["REQUEST_METHOD"] == "POST" && form_hash.keys.include?("sqauthsession") && form_hash.keys.include?("callback")
+        end
+
+        def redirect_to_callback env, form_hash
+          env["rack.session"][:sqauthsession] = form_hash["sqauthsession"] if env["rack.session"]
+          SqAuth.access.save_session_for_current_user form_hash["sqauthsession"]
+
+          [302, {'Location' => form_hash["callback"]}, ['Authenticated']]
+        end
+
+        def callback_uri env
+          if URI.parse(env["REQUEST_URI"]).host
+            env["REQUEST_URI"]
+          else
+            uri_type = URI.const_get(env["HTTP_X_URL_SCHEME"].upcase) rescue nil
+            uri_type ||= URI.const_get(env["rack.url_scheme"].upcase) rescue nil
+            uri_type ||= URI::HTTP
+            if env["HTTP_HOST"].is_a? String
+              host, port = env["HTTP_HOST"].split(":")
+            end
+            host ||= env["SERVER_NAME"]
+            port ||= env["SERVER_PORT"]
+            path = env["REQUEST_PATH"].to_s
+            if path.empty?
+              path = URI::parse(env["PATH_INFO"]).path rescue ""
+            end
+            if path.empty?
+              path = URI::parse(env["REQUEST_URI"]).path
+            end
+            query = env["QUERY_STRING"]
+            if port
+              uri = uri_type.build(host: host, port: port.to_i, path: path, query: query)
+            else
+              uri = uri_type.build(host: host, path: path, query: query)
+            end
+            uri.to_s
+          end
+        rescue Exception => ex
+          p ex.message
+          return ""
+        end
+
+        def pass_through env
+          status, headers, response = app.call(env)
+          [status, headers, response]
+        end
+
+        def initialize(app)
+          @app = app
+        end
+      end
+
+    end
+  end
+end

data/lib/sq_auth/sq_auth_integration/sq_auth_rack_protection.rb

@@ -0,0 +1,28 @@
+module SqAuth
+  module SqAuthIntegration
+    module SqAuthRackProtection
+
+      def self.check_environment
+        defined?(Rack::Protection::RemoteToken)
+      end
+
+      def self.alter_environment options={}
+        # Sorry, Konstantin
+        except_host = options[:host]
+        Rack::Protection::RemoteToken.class_exec(except_host) do |except|
+          const_set("HOST", except)
+          alias :old_accepts? :accepts?
+          def accepts?(env)
+            form_hash = env["rack.request.form_hash"]||{}
+            if referrer(env) == HOST && env["REQUEST_METHOD"] == "POST" && form_hash.keys.include?("sqauthsession")
+              true
+            else
+              old_accepts?(env)
+            end
+          end
+        end
+      end
+
+    end
+  end
+end

data/lib/sq_auth/sq_auth_integration/sq_auth_sinatra.rb

@@ -0,0 +1,36 @@
+module SqAuth
+  module SqAuthIntegration
+    module SqAuthSinatra
+
+      def self.check_environment
+        defined?(Sinatra)
+      end
+
+      def self.alter_environment options={}
+        Sinatra.register SqAuth::SqAuthHelpers::Sinatra
+        Sinatra::Base.instance_eval do
+          alias :old_get :get
+          def get(*args, &block)
+            roles = []
+            if args[0].is_a?(Array)
+              roles << args[0]
+              args.shift
+            end
+            roles.flatten!
+            if !roles.empty?
+              ok_proc = Proc.new {}
+              error_proc = Proc.new do |message|
+                throw(:halt, [401, message])
+              end
+              before(*args) do
+                SqAuth.api_filter(roles, ok_proc, error_proc)
+              end
+            end
+            old_get(*args, &block)
+          end
+        end
+      end
+
+    end
+  end
+end

data/lib/sq_auth/sq_auth_request.rb

@@ -0,0 +1,88 @@
+module SqAuth
+  class SqAuthRequest
+
+    def self.hash_to_query hash
+      query = ""
+      encode_chars = Regexp.new("[^#{URI::PATTERN::UNRESERVED}]")
+      if hash.is_a? Hash
+        query = hash.map do |param_name, param_value|
+          if param_value.is_a? Array
+            param_value.map do |v|
+              "#{param_name}[]=#{URI::encode(v.to_s, encode_chars)}"
+            end.join("&")
+          else
+            "#{param_name}=#{URI::encode(param_value.to_s, encode_chars)}"
+          end
+        end.join("&")
+      end
+      query
+    end
+
+    def self.parse_response response = nil
+      data = nil
+      if response.is_a? Net::HTTPResponse
+        data = {}
+        data[:status] = response.code
+        data[:message] = response.message
+        if response.is_a? Net::HTTPOK
+          data[:data] = begin
+            JSON::load(response.body)
+          rescue JSON::ParserError
+            response.body
+          end
+        end
+      end
+      data
+    end
+
+    def initialize options
+      @host = options[:host] || raise("Host not specified")
+      @port = options[:port] || 80
+      @username = options[:username]
+      @password = options[:password]
+      path = options[:path]
+      absolute_path = "/"
+      if path.is_a? Symbol
+        absolute_path << path.to_s
+      elsif path.is_a? String
+        absolute_path << path
+      end
+      @path = absolute_path
+      method = options[:method] || :get
+      @https = !!options[:https]
+      @method = ::Net::HTTP.const_get(method.to_s.capitalize)
+      @uri_builder = @https ? URI::HTTPS : URI::HTTP
+    end
+
+    def setup_query query_hash
+      @query = SqAuthRequest.hash_to_query(query_hash)
+      @uri = @uri_builder.build(host: @host, port: @port, path: @path, query: (@method == Net::HTTP::Get)? @query: nil)
+      @http = Net::HTTP.new(@uri.host, @uri.port)
+      @http.use_ssl = @https
+      @http.verify_mode = OpenSSL::SSL::VERIFY_NONE if @https
+
+    end
+
+    def request query = {}
+      setup_query(query)
+      response = get_response
+      SqAuthRequest.parse_response response
+    end
+
+    def get_response
+      request = @method.new(@uri.request_uri)
+      if @username && @password
+        request.basic_auth @username, @password
+      end
+      send_data(request)
+    end
+
+    def send_data request
+      if @method == Net::HTTP::Post
+        request.body = @query
+        request.content_length = request.body.bytesize
+      end
+      @http.request(request) rescue nil
+    end
+  end
+end

data/lib/sq_auth/sq_auth_server_interface/basic_server.rb

@@ -0,0 +1,40 @@
+module SqAuth
+  module SqAuthServer
+    class BasicServer
+      SERVER_INTERFACE = {
+        check_connection: {path: "health", method: :get},
+        check_role: {path: "check_role", method: :post}
+      }
+
+      def self.init_request specification, host_options = {}
+        options = {}
+        options[:host] = host_options[:host]
+        options[:port] = host_options[:port]
+        options[:username] = host_options[:username]
+        options[:password] = host_options[:password]
+        options[:https] = host_options[:https]
+        options[:path] = specification[:path]
+        options[:method] = specification[:method]
+        SqAuthRequest.new options
+      end
+
+      def self.sq_auth_host host_options
+        {host: host_options[:host], port: host_options[:port]}
+      end
+
+      def self.use_interface interface, query, host_options = {}
+        interface[:requests] ||= {}
+        interface[:requests][sq_auth_host(host_options)] ||= init_request(interface, host_options)
+        interface[:requests][sq_auth_host(host_options)].request query
+      end
+
+      def self.method_missing m, *args, &block
+        if SERVER_INTERFACE[m]
+          use_interface(SERVER_INTERFACE[m], *args)
+        else
+          super
+        end
+      end
+    end
+  end
+end

data/lib/sq_auth/sq_auth_sessions.rb

@@ -0,0 +1,16 @@
+module SqAuth
+  class SqAuthSessions
+    def initialize
+      @sessions = {}
+    end
+
+    def [] key
+      @sessions[key]
+    end
+
+    def []= key, value
+      @sessions[key] = value
+    end
+
+  end
+end

data/lib/sq_auth/sq_auth_user/basic_user.rb

@@ -0,0 +1,10 @@
+module SqAuth
+  module SqAuthUser
+    class BasicUser
+      attr_accessor :user_name, :user_ip
+      def current_user
+        {name: (user_name || "Anonymous"), ip: (user_ip || "127.0.0.1")}
+      end
+    end
+  end
+end

data/lib/sq_auth/sq_auth_user/rack_user.rb

@@ -0,0 +1,11 @@
+module SqAuth
+  module SqAuthUser
+    class RackUser < BasicUser
+      attr_accessor :user_ip, :user_name
+
+      def current_user
+        {name: (user_name || "Anonymous"), ip: (user_ip || "127.0.0.1")}
+      end
+    end
+  end
+end

data/lib/sq_auth/sq_auth_utils.rb

@@ -0,0 +1,12 @@
+module SqAuth
+  module SqAuthUtils
+    def self.default_draw_template uri, callback, role, project, session
+      <<-EOF
+        <div class="sq_auth_not_logged_in">
+          <iframe src='#{uri}?#{SqAuth::SqAuthRequest.hash_to_query({callback: callback, roles: [*role], auth_name: project, sqauthsession: session})}'>
+          </iframe>
+        </div>
+      EOF
+    end
+   end
+end

data/lib/sq_auth/version.rb

@@ -0,0 +1,3 @@
+module SqAuth
+  VERSION = "0.0.18"
+end

data/lib/sq_auth.rb

@@ -0,0 +1,68 @@
+# external dependencies
+require 'uri'
+require 'net/http'
+require 'net/https'
+require 'openssl'
+require 'json'
+require 'digest'
+
+# internal dependencies
+require "sq_auth/version"
+require "sq_auth/sq_auth_access"
+require "sq_auth/sq_auth_client"
+require "sq_auth/sq_auth_request"
+require "sq_auth/sq_auth_sessions"
+require "sq_auth/sq_auth_utils"
+require "sq_auth/sq_auth_server_interface/basic_server"
+require "sq_auth/sq_auth_user/basic_user"
+require "sq_auth/sq_auth_user/rack_user"
+require "sq_auth/sq_auth_integration/sq_auth_integration"
+require "sq_auth/sq_auth_integration/sq_auth_rack"
+require "sq_auth/sq_auth_integration/sq_auth_rack_protection"
+require "sq_auth/sq_auth_integration/sq_auth_sinatra"
+require "sq_auth/sq_auth_integration/sq_auth_action_controller"
+require "sq_auth/sq_auth_helpers/sq_auth_helpers_dsl"
+require "sq_auth/sq_auth_helpers/sq_auth_helpers_rails"
+require "sq_auth/sq_auth_helpers/sq_auth_helpers_sinatra"
+
+module SqAuth
+  @session_access = SqAuth::SqAuthAccess.new
+  def self.connect(*args, &block)
+    @session_access.connect(*args, &block)
+  end
+  def self.access
+    @session_access
+  end
+  def self.with_sq_auth(*args, &block)
+    @session_access.with_sq_auth(*args, &block)
+  end
+
+  def self.api_filter(roles, ok_proc, error_proc, options = {})
+    @session_access.api_filter(roles, SqAuth.access.project_name, ok_proc, error_proc, options)
+  end
+
+  def self.included(base)
+    base.send :include, InstanceMethods
+  end # self.included
+
+  module InstanceMethods
+    def access_for(*roles, &block)
+      SqAuth.with_sq_auth([*roles], SqAuth.access.project_name, {:binding => binding}, &block)
+    end
+    alias :draw_for :access_for
+
+    def accessed_by?(*roles)
+      SqAuth.access.sq_auth_filter([*roles])
+    end
+
+    def not_accessible_message
+      SqAuth.access.message_when_not_authenticated
+    end
+
+    def not_accessible_link(*roles)
+      SqAuth.access.draw_when_not_authenticated(roles)
+    end
+  end
+end
+
+include SqAuth

data/spec/lib/sq_auth/sq_auth_client_spec.rb

@@ -0,0 +1,30 @@
+require File.expand_path('spec/spec_helper')
+
+describe SqAuth::SqAuthClient do
+  let(:client) {SqAuth::SqAuthClient.new}
+  let(:user1) { {name: "user1", ip: "234.24.23.1" } }
+  let(:user2) { {name: "user2", ip: "234.24.23.2" } }
+  let(:user3) { {name: "user3", ip: "234.24.23.3" } }
+
+  it "saves user session" do
+    SqAuth::SqAuthUser::BasicUser.stub(:current_user).and_return(user1)
+    client.create_session_for_current_user(Digest::MD5.digest(user1.to_s)).should_not == nil
+  end
+
+  it "checks for existance of user session" do
+    client.session_for(user2).should == nil
+    SqAuth::SqAuthUser::BasicUser.stub(:current_user).and_return(user3)
+    user3_session = client.create_session_for_current_user(Digest::MD5.digest(user3.to_s))
+    client.session_for_current_user.should == user3_session
+  end
+
+  it "sends check request to auth server" do
+    client.stub(:send_request).with(:check_connection).and_return("ok")
+    client.check_connection.should_not == nil
+  end
+
+  it "checks for role for sessioned user" do
+    client.stub(:send_request).with(:check_role, {sqauthsession: client.session_for_current_user, roles: ["role"], auth_name: "project", ip: "127.0.0.1"}).and_return("ok")
+    client.role_exist_for_current_user?("role", "project").should_not == nil
+  end
+end

data/spec/lib/sq_auth/sq_auth_request_spec.rb

@@ -0,0 +1,40 @@
+require File.expand_path('spec/spec_helper')
+
+describe SqAuth::SqAuthRequest do
+  it 'convert hashes to http query strings' do
+    query_hash1 = {a: 1, b: "Hello", c: [123, "A B C", "+++"]}
+    query_string1 = "a=1&b=Hello&c[]=123&c[]=A%20B%20C&c[]=%2B%2B%2B"
+    SqAuth::SqAuthRequest.hash_to_query(query_hash1).should == query_string1
+    SqAuth::SqAuthRequest.hash_to_query({}).should == ""
+    SqAuth::SqAuthRequest.hash_to_query(nil).should == ""
+    SqAuth::SqAuthRequest.hash_to_query([1,2,3,4]).should == ""
+  end
+
+  it 'parse http responses' do
+    example_ok = Net::HTTPOK.new(1.1, '200', 'Ok')
+    example_ok.stub(:body).and_return("{\"a\": 1}")
+    SqAuth::SqAuthRequest.parse_response(example_ok).should == {status: "200", message: "Ok", data: {"a" => 1}}
+
+    example_error = Net::HTTPNotFound.new(1.1, '404', 'Page not found')
+    SqAuth::SqAuthRequest.parse_response(example_error).should == {status: "404", message: "Page not found"}
+
+    example_ok_with_not_json_body = Net::HTTPOK.new(1.1, '200', 'Ok')
+    example_ok.stub(:body).and_return("<title>Test</title><body>Body of the page</body>")
+    SqAuth::SqAuthRequest.parse_response(example_ok).should == {status: "200", message: "Ok", data: "<title>Test</title><body>Body of the page</body>"}
+  end
+
+  it 'should not fail if host unreachable' do
+    request = SqAuth::SqAuthRequest.new(host: "fake", path: "health", method: "get")
+    lambda {request.request({a: 1, b: 2})}.should_not raise_error
+  end
+
+  it 'send request to sq_auth server and parses response' do
+    request = SqAuth::SqAuthRequest.new(host: "localhost", path: "", method: "get")
+    example_ok = Net::HTTPOK.new(1.1, '200', 'Ok')
+    example_ok.stub(:body).and_return("{\"a\": 1}")
+    request.stub(:send_data).with(kind_of(Net::HTTP::Get)).and_return(example_ok)
+    request.request({}).should == {status: "200", message: "Ok", data: {"a" => 1}}
+  end
+
+
+end

data/spec/lib/sq_auth/sq_auth_server_interface/basic_server_spec.rb

@@ -0,0 +1,24 @@
+require File.expand_path('spec/spec_helper')
+
+describe SqAuth::SqAuthServer::BasicServer do
+  it 'should create request to custom sq_auth server once per server and send data to server by created request' do
+    host_options = {host: "localhost", port: 80}
+    interface = SqAuth::SqAuthServer::BasicServer::SERVER_INTERFACE[:check_connection]
+    mock_req = SqAuth::SqAuthRequest.new(host_options.merge({method: :get, path: "health"}))
+
+    # should create 2 requests: localhost/check_connection and localhost/check_role
+    SqAuth::SqAuthRequest.should_receive(:new).exactly(2).and_return(mock_req)
+    to_return = {status: "200", message: "Ok", data: {"a" => 1}}
+
+    # should send data 3 times by 2 request requests: localhost/check_connection, localhost/check_connection, and localhost/check_role
+    mock_req.should_receive(:request).exactly(3).and_return(to_return)
+
+    SqAuth::SqAuthServer::BasicServer.check_connection({}, host_options)[:data].should == {"a" => 1}
+    SqAuth::SqAuthServer::BasicServer.check_connection({}, host_options)[:data].should == {"a" => 1}
+    SqAuth::SqAuthServer::BasicServer.check_role({}, host_options)[:data].should == {"a" => 1}
+
+    SqAuth::SqAuthServer::BasicServer::SERVER_INTERFACE[:check_connection][:requests][host_options].should be_a_kind_of SqAuth::SqAuthRequest
+    SqAuth::SqAuthServer::BasicServer::SERVER_INTERFACE[:check_role][:requests][host_options].should be_a_kind_of SqAuth::SqAuthRequest
+  end
+
+end

data/spec/lib/sq_auth/sq_auth_sessions_spec.rb

@@ -0,0 +1,3 @@
+describe SqAuth::SqAuthSessions do
+
+end

data/spec/lib/sq_auth/sq_auth_user/basic_user_spec.rb

@@ -0,0 +1,5 @@
+require File.expand_path('spec/spec_helper')
+
+describe SqAuth::SqAuthUser::BasicUser do
+
+end

data/spec/lib/sq_auth_spec.rb

@@ -0,0 +1,5 @@
+require 'spec_helper'
+
+describe SqAuth do
+
+end

data/spec/spec_helper.rb

@@ -0,0 +1 @@
+require 'sq_auth'

data/sq_auth.gemspec

@@ -0,0 +1,24 @@
+# -*- encoding: utf-8 -*-
+$:.push File.expand_path("../lib", __FILE__)
+require "sq_auth/version"
+
+Gem::Specification.new do |s|
+  s.name        = "sq_auth"
+  s.version     = SqAuth::VERSION
+  s.authors     = ["Leonid Krinitsyn"]
+  s.email       = ["leonidkrn@gmail.com"]
+  s.homepage    = ""
+  s.summary     = %q{SQ sevices authentication gem}
+  s.description = %q{SQ sevices authentication gem}
+
+  s.rubyforge_project = "sq_auth"
+
+  s.files         = `git ls-files`.split("\n")
+  s.test_files    = `git ls-files -- {test,spec,features}/*`.split("\n")
+  s.executables   = `git ls-files -- bin/*`.split("\n").map{ |f| File.basename(f) }
+  s.require_paths = ["lib"]
+
+  s.add_development_dependency 'rake'
+  s.add_development_dependency 'rspec'
+  s.add_development_dependency 'sinatra'
+end

metadata

@@ -0,0 +1,125 @@
+--- !ruby/object:Gem::Specification
+name: sq_auth
+version: !ruby/object:Gem::Version
+  version: 0.0.18
+  prerelease: 
+platform: ruby
+authors:
+- Leonid Krinitsyn
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2012-04-05 00:00:00.000000000Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: rspec
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: sinatra
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+description: SQ sevices authentication gem
+email:
+- leonidkrn@gmail.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- .gitignore
+- .rspec
+- Gemfile
+- Rakefile
+- examples/client.rb
+- examples/server.rb
+- lib/sq_auth.rb
+- lib/sq_auth/sq_auth_access.rb
+- lib/sq_auth/sq_auth_client.rb
+- lib/sq_auth/sq_auth_helpers/sq_auth_helpers_dsl.rb
+- lib/sq_auth/sq_auth_helpers/sq_auth_helpers_rails.rb
+- lib/sq_auth/sq_auth_helpers/sq_auth_helpers_sinatra.rb
+- lib/sq_auth/sq_auth_integration/sq_auth_action_controller.rb
+- lib/sq_auth/sq_auth_integration/sq_auth_integration.rb
+- lib/sq_auth/sq_auth_integration/sq_auth_rack.rb
+- lib/sq_auth/sq_auth_integration/sq_auth_rack_protection.rb
+- lib/sq_auth/sq_auth_integration/sq_auth_sinatra.rb
+- lib/sq_auth/sq_auth_request.rb
+- lib/sq_auth/sq_auth_server_interface/basic_server.rb
+- lib/sq_auth/sq_auth_sessions.rb
+- lib/sq_auth/sq_auth_user/basic_user.rb
+- lib/sq_auth/sq_auth_user/rack_user.rb
+- lib/sq_auth/sq_auth_utils.rb
+- lib/sq_auth/version.rb
+- spec/lib/sq_auth/sq_auth_client_spec.rb
+- spec/lib/sq_auth/sq_auth_request_spec.rb
+- spec/lib/sq_auth/sq_auth_server_interface/basic_server_spec.rb
+- spec/lib/sq_auth/sq_auth_sessions_spec.rb
+- spec/lib/sq_auth/sq_auth_user/basic_user_spec.rb
+- spec/lib/sq_auth_spec.rb
+- spec/spec_helper.rb
+- sq_auth.gemspec
+homepage: ''
+licenses: []
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  none: false
+  requirements:
+  - - ! '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  none: false
+  requirements:
+  - - ! '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: sq_auth
+rubygems_version: 1.8.18
+signing_key: 
+specification_version: 3
+summary: SQ sevices authentication gem
+test_files: []