staticd 0.0.1

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: a3f8e905eb11b074a1b854a2405f944a7d87b324
+  data.tar.gz: e747882c6c79a1bf71873d649e7e66d1e3c68f2d
+SHA512:
+  metadata.gz: 03a74ca0b48fe5ec8826f3063dcf9ef8c58850dfe79b7afb54d997ef13c690e5498396a36479a831519ca997f745406408646d60403d8125388ccd797df20f9c
+  data.tar.gz: 89b7000862534763252743bacbe9dddec3c92dddd2a48cf183af01f8fafce8eac80227b8f62b6864660c1442cf0bb62c8cdbe4835f30adbce08142ecd9b3f1aa

data/bin/staticd

@@ -0,0 +1,7 @@
+#!/usr/bin/env ruby
+$:.unshift "#{File.dirname(__FILE__)}/../lib"
+
+require "staticd/cli"
+
+cli = Staticd::CLI.new
+exit cli.run(ARGV)

data/lib/rack/auth/hmac.rb

@@ -0,0 +1,81 @@
+require "api_auth"
+require "base64"
+
+# Rack middleware to authenticate requests using the HMAC-SHA1 protocol.
+#
+# It take a Proc as argument to find the entity secret key using the access id
+# provided in the request. Once returned, the entity secret key is compared
+# with secret key provided by the the request.
+# Unless the two keys match, a 401 Unauthorized HTTP Error page is sent.
+#
+# Options:
+# * environment: bypass authentication if set to "test"
+# * except: list of HTTP paths with no authentication required
+#
+# Example:
+#   use Rack::Auth::HMAC do |request_access_id|
+#     return entity_secret_key if request_access_id == entity_access_id
+#   end
+class Rack::Auth::HMAC
+
+  def initialize(app, options={}, &block)
+    @app = app
+    options[:except] ||= []
+    @options = options
+    @block = block
+  end
+
+  def call(env)
+    dup._call(env)
+  end
+
+  def _call(env)
+    return @app.call(env) if @options[:except].include?(env["PATH_INFO"])
+
+    env = fix_content_type(env)
+
+    request = Rack::Request.new(env)
+    access_id = ApiAuth.access_id(request)
+    secret_key = @block.call(access_id)
+
+    if ApiAuth.authentic?(request, secret_key)
+      status, headers, response = @app.call(env)
+    else
+      send_401(content_type: env["HTTP_ACCEPT"], ip: request.ip)
+    end
+  end
+
+  private
+
+  # Fix an issue with the HMAC canonical string calculation.
+  #
+  # Ensure the request Content-Type is not set to anything when a GET or
+  # DELETE method is used. Sinatra (or Rack) seems to set it to 'plain/text'
+  # when not specified.
+  def fix_content_type(env)
+    if ["GET", "DELETE"].include?(env["REQUEST_METHOD"])
+      env["CONTENT_TYPE"] = ""
+    end
+    env
+  end
+
+  def send_401(content_type: "text/plain", ip: nil)
+    message = "Valid access ID and secret key are required."
+    snonce = Base64.encode64(Time.now.to_s + ip)
+
+    body =
+      case content_type
+      when "application/json" then %({"error": "#{message}"})
+      when "text/html" then "<h1>#{message}</h1>"
+      else
+        message
+      end
+
+    headers = {
+      "Content-Type" => content_type,
+      "WWW-Authenticate" => %(HMACDigest realm="#{message}" snonce="#{snonce}")
+    }
+
+    Rack::Response.new(body, 401, headers)
+  end
+end

data/lib/rack/request_time.rb

@@ -0,0 +1,19 @@
+
+# Rack middleware to log request time.
+#
+# Add the request time to the request environment using request.time key.
+class Rack::RequestTime
+
+  def initialize(app)
+    @app = app
+  end
+
+  def call(env)
+    dup._call(env)
+  end
+
+  def _call(env)
+    env["request.time"] = Time.now
+    @app.call(env)
+  end
+end

data/lib/staticd.rb

@@ -0,0 +1,7 @@
+Dir["#{File.dirname(__FILE__)}/staticd/**/*.rb"].each do |library|
+  require library
+end
+
+module Staticd
+  include Staticd::Models
+end

data/lib/staticd/api.rb

@@ -0,0 +1,356 @@
+require "sinatra/base"
+require "rack/auth/hmac"
+require "digest/sha1"
+require "haml"
+require "open-uri"
+
+require "staticd/json_response"
+require "staticd/json_request"
+require "staticd/domain_generator"
+require "staticd/datastore"
+require "staticd/database"
+
+require "staticd_utils/archive"
+require "staticd_utils/sitemap"
+
+module Staticd
+  class APIError < StandardError; end
+
+  class API < Sinatra::Base
+    include Staticd::Models
+
+    VERSION = "v1"
+
+    PUBLIC_URI = %w(
+      /welcome /ping /main.css /main.js /jquery-1.11.1.min.js
+    )
+
+    configure do
+      set :app_file, __FILE__
+      set :show_exceptions, false
+      set :raise_errors, false
+    end
+
+    # Manage API errors.
+    error { raise env['sinatra.error'] }
+    error(APIError) { JSONResponse.send(:error, env['sinatra.error'].message) }
+
+    def initialize(params={})
+      @config = params
+
+      raise "Missing :domain parameter" unless @config[:domain]
+      raise "Missing :port parameter" unless @config[:port]
+
+      super
+    end
+
+    # Auto parse the request body when JSON and present.
+    before { load_json_body }
+
+    # Getting the Welcome Page.
+    #
+    # Display a welcome page with instructions to finish setup and configure
+    # the Staticd toolbelt.
+    get "/welcome" do
+      @staticd_host = @config[:domain]
+      if @config[:public_port] && @config[:public_port] != "80"
+        @staticd_host += ":#{@config[:public_port]}"
+      end
+      @staticd_url = "http://#{@staticd_host}/api/#{VERSION}"
+      if StaticdConfig.ask_value?(:disable_setup_page)
+        haml :welcome, layout: :main
+      else
+        @domain_resolve = ping?(@config[:domain], @config[:public_port])
+        @wildcard_resolve =
+          ping?("ping.#{@config[:domain]}", @config[:public_port])
+        haml :setup, layout: :main
+      end
+    end
+
+    # Hide the Welcome Page.
+    #
+    # After initial setup, you want to hide the welcome page displaying
+    # sensitive data.
+    delete "/welcome" do
+      StaticdConfig.set_value(:disable_setup_page, true)
+    end
+
+    # Ping page.
+    #
+    # Used by the ping command to verify a specified domain resolve to this app.
+    get "/ping" do
+      @config[:domain]
+    end
+
+    # Create a new site.
+    #
+    # Responds with the new site attributes.
+    # Parameters:
+    # * name: the name of the new site
+    #
+    # Example:
+    #   $> curl --data '{"name": "my_app"}' http://localhost/api/sites
+    #   {"name":"my_app"}
+    post "/sites" do
+      site = Site.new(name: @json["name"])
+      domain_suffix = ".#{@config[:domain]}"
+      domain = DomainGenerator.new(suffix: domain_suffix) do |generated_domain|
+        !DomainName.get(generated_domain)
+      end
+      site.domain_names << DomainName.new(name: domain)
+
+      if site.save
+        JSONResponse.send(:success, site.to_h(:full))
+      else
+        raise APIError, "Cannot create the new site (#{site.error})"
+      end
+    end
+
+    # Get a list of all sites.
+    #
+    # Responds with a list of sites with all attributes, releases and domain
+    # names.
+    #
+    # Example:
+    #   $> curl localhost/api/sites
+    #   [{
+    #     "name":"my_app",
+    #     "releases":[],
+    #     "domain_names":[{"name":"my_app.com","site_name":"my_app"}]
+    #   }]
+    get "/sites" do
+      sites = Site.map{ |site| site.to_h(:full) }
+      JSONResponse.send(:success, sites)
+    end
+
+    # Delete a site and all its associated resources (releases, domains,
+    # etc...).
+    #
+    # If the site is successfully deleted, it does not responds with any
+    # content.
+    # Parameters:
+    # * site_name: the name of the site (url)
+    #
+    # Example:
+    #   $> curl --request DELETE localhost/api/sites/my_app
+    delete "/sites/:site_name" do
+      if current_site.destroy
+        JSONResponse.send(:success_no_content)
+      else
+        raise APIError, "Cannot remove the site '#{current_site}'"
+      end
+    end
+
+    # Create a new site release.
+    #
+    # Responds with the new releases attributes.
+    # Parameters:
+    # * site_name: the name of the site (url)
+    # * file: the archive containing the site resources
+    # * sitemap: a sitemap file indexing the site resources
+    #
+    # Example:
+    #   $> curl --form "file=@archive.tar.gz;sitemap=@sitemap.yml" \
+    #      localhost/api/sites/my_app/releases
+    #   {
+    #     "id":1,
+    #     "tag":"v1",
+    #     "site_name":"my_app"
+    #   }
+    post "/sites/:site_name/releases" do
+      archive_path = load_file_attachment(:file)
+      sitemap_path = load_file_attachment(:sitemap)
+
+      # Create a new release.
+      release = Release.new(
+        site: current_site,
+        tag: "v#{current_site.releases.count + 1}"
+      )
+
+      # Open the archive and sitemap file.
+      archive = StaticdUtils::Archive.open_file(archive_path)
+      sitemap = StaticdUtils::Sitemap.open_file(sitemap_path)
+
+      archive.open do
+
+        # Store each new resources and build routes for known resources.
+        sitemap.each_resources do |sha1, path|
+
+          # Store or retrieve each resources.
+          resource =
+            if File.exist?(sha1)
+
+              # Verify file integrity.
+              calc_sha1 = Digest::SHA1.hexdigest(File.read(sha1))
+              unless sha1 == calc_sha1
+                raise APIError, "The file #{path} digest recorded inside " +
+                      "the sitemap file is not correct"
+              end
+
+              # Store the file.
+              resource_url = Datastore.put(sha1)
+
+              # Create the resource.
+              Resource.new(sha1: sha1, url: resource_url)
+            else
+
+              # Get the resource from the database.
+              cached = Resource.get(sha1)
+              unless cached
+                raise APIError, "A resource is missing (missing file and " +
+                      "database record)"
+              end
+              cached
+            end
+
+          # Create the release route.
+          release.routes.new(resource: resource, path: path)
+        end
+      end
+
+      if release.save
+        JSONResponse.send(:success, release.to_h(:full))
+      else
+        raise APIError, "Cannot create the new release (#{release.error})"
+      end
+    end
+
+    # Get all releases of a site.
+    #
+    # Respond with a list of releases and their attributes.
+    # Parameters:
+    # * site_name: the name of the site (url)
+    #
+    # Example:
+    #   $> curl localhost/api/sites/my_app/releases
+    #   [{
+    #     "id": "1",
+    #     "tag": "v1",
+    #     "url": "/tmp/store/20ebde5306c481363297008c70bd45e2.tar.gz",
+    #     "site_name": "my_app"
+    #   }]
+    get "/sites/:site_name/releases" do
+      releases = current_site.releases.map{ |release| release.to_h }
+      JSONResponse.send(:success, releases)
+    end
+
+    # Attach a new domain name to a site.
+    #
+    # Respond with the domain list attributes.
+    # Parameters:
+    # * site_name: the name of the site (url)
+    # * name: the domain name to attach
+    #
+    # Example:
+    #   $> curl --data '{"name": "hello.io"}' \
+    #      localhost/api/sites/my_app/domain_names
+    #   {"name":"hello.io","site_name":"my_app"}
+    post "/sites/:site_name/domain_names" do
+      domain_name = DomainName.new(site: current_site, name: @json["name"])
+
+      if domain_name.save
+        JSONResponse.send(:success, domain_name.to_h)
+      else
+        raise APIError, "Cannot create the new domain name " +
+              "(#{domain_name.error})"
+      end
+    end
+
+    # Detach a domain name from a site.
+    #
+    # If successfully deleted, it does not respond with any content.
+    # Parameters:
+    # * site_name: the name of the site (url)
+    # * domain_name: the domain name (url)
+    #
+    # Example:
+    #   $> curl --request DELETE \
+    #      localhost/api/sites/my_app/domain_names/domain.tld
+    delete "/sites/:site_name/domain_names/:domain_name" do
+      if current_domain.destroy
+        JSONResponse.send(:success_no_content)
+      else
+        raise APIError, "Cannot detach the #{params[:domain_name]} domain " +
+              "name from the #{site} site"
+      end
+    end
+
+    # Get all domain names attched to a site.
+    #
+    # Respond with a list of all domain names and their attributes attached to
+    # the site.
+    # Parameters:
+    # * site_name: the name of the site (url)
+    #
+    # Example:
+    #   $> curl localhost/api/sites/my_app/domain_names
+    #   [{"name": "hello.io"}]
+    get "/sites/:site_name/domain_names" do
+      domains = current_site.domain_names.map{ |domain| domain.to_h }
+      JSONResponse.send(:success, domains)
+    end
+
+    # Get all already known resources included in a sitemap.
+    #
+    # Get a list of resources in a custom sitemap format (translated into json)
+    # and respond with the list of new resources (not already cached by any
+    # release) in the same format.
+    #
+    # Example:
+    #   $> curl --data \
+    #      '{ \
+    #         "92136ff551f50188f46486ab80db269eda4dfd4e":"/hi.html", \
+    #         "56897ff551f50188f46486ab80db269eda4dfd4e":"/ho.html" \
+    #       }' localhost/api/resources/get_cached
+    #   {"92136ff551f50188f46486ab80db269eda4dfd4e":"/hi.html"}
+    post "/resources/get_cached" do
+      unknow_resources_map = map = @json
+      sitemap = StaticdUtils::Sitemap.new(map)
+      known_resources = Resource.all(sha1: sitemap.digests)
+      known_resources.each do |resource|
+        unknow_resources_map.delete(resource.sha1)
+      end
+      JSONResponse.send(:success, unknow_resources_map)
+    end
+
+    private
+
+    def ping?(domain, port=80)
+      open("http://#{domain}:#{port}/api/#{VERSION}/ping", read_timeout: 1) do |response|
+        response.read == @config[:domain]
+      end
+    rescue
+      false
+    end
+
+    def load_json_body
+      if request.content_type == "application/json"
+        request.body.rewind
+        @json = JSONRequest.parse(request.body.read)
+      end
+    end
+
+    def load_file_attachment(field)
+      unless params.has_key?(field.to_s) && params[field].has_key?(:tempfile)
+        raise APIError, "No valid #{field} file submitted"
+      end
+      params[field][:tempfile].path
+    end
+
+    def current_site
+      unless (@current_site ||= Site.get(params[:site_name]))
+        raise APIError, "This site (#{params[:site_name]}) does not exist"
+      end
+      @current_site
+    end
+
+    def current_domain
+      @current_domain ||= current_site.domain_names.get(params[:domain_name])
+      unless @current_domain
+        raise APIError, "This domain name (#{params[:domain_name]}) is not " +
+              "attached to the #{current_site} site"
+      end
+      @current_domain
+    end
+  end
+end