stitches 4.0.0 → 4.2.0.RC1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 3ea8633778064ab7646860c9a0682a7290bfbea3d6f3f091c290f50d22f97de2
-  data.tar.gz: 0eb1d04f15fc37ab0b0484ae6a73f953426cc5dd1b9efd056e42300caa4c2d04
+  metadata.gz: ff331a78189008795f3789617197c5bf4ac77fb9b2db8fe036256903668656ba
+  data.tar.gz: 2757ff4ef4739e826b60406726547b225693f44846d811c0c8fd0afa093eb55a
 SHA512:
-  metadata.gz: f854d4c3feca2e48b6edfde3174564112b2c0c1d6cb6b93bed960985cc779c1119bcf5ddb65d43d85d3c349d9f440b61e14b1cef27aa6f8c1701768ab5ac1dd5
-  data.tar.gz: b19d1b967d4a5e0dc57265475683bbfd8e9f255d15ee0af1a8130832d16e73e54b52b7e34fc025fe170a4322cb30cbddb6f2e631f7c81521953e4e48514bb547
+  metadata.gz: c6a9e99b2f0410ba3e1bff9c851fde7ec923154388667ea86c7a080354eb3943a2188e33336cc23e5ea530a98851e1fdf00ceb750cd246ebc95a3f43f2ecb95e
+  data.tar.gz: ed1f7f688b16629940ccd0f7b201ad6b47e9fcfdc005969dd3fdff7264fb45bd7c31d572a1dda5a962386bf567e07bb1823dbab66ccea40e8bed9650d67b59c9

data/.circleci/config.yml

@@ -3,9 +3,33 @@
 ---
 version: 2
 jobs:
+  generate-and-push-docs:
+    docker:
+    - image: circleci/ruby:3.0.0
+      auth:
+        username: "$DOCKERHUB_USERNAME"
+        password: "$DOCKERHUB_PASSWORD"
+    steps:
+    - checkout
+    - run: bundle config stitchfix01.jfrog.io $ARTIFACTORY_USER:$ARTIFACTORY_TOKEN
+    - run: bundle install --full-index
+    - run:
+        name: Generate documentation
+        command: ' if [[ $(bundle exec rake -T docs:generate:custom) ]]; then echo
+          "Generating docs using rake task docs:generate:custom" ; bundle exec rake
+          docs:generate:custom ; elif [[ $(bundle exec rake -T docs:generate) ]];
+          then echo "Generating docs using rake task docs:generate" ; bundle exec
+          rake docs:generate ; else echo "Skipping doc generation" ; exit 0 ; fi '
+    - run:
+        name: Push documentation to Unwritten
+        command: if [[ $(bundle exec rake -T docs:push) ]]; then bundle exec rake
+          docs:push; fi
   release:
     docker:
-    - image: circleci/ruby:2.7.1
+    - image: circleci/ruby:3.0.0
+      auth:
+        username: "$DOCKERHUB_USERNAME"
+        password: "$DOCKERHUB_PASSWORD"
     steps:
     - checkout
     - run: bundle config stitchfix01.jfrog.io $ARTIFACTORY_USER:$ARTIFACTORY_TOKEN
@@ -17,14 +41,22 @@ jobs:
     - run:
         name: Build/release gem to artifactory
         command: bundle exec rake push_artifactory
-  ruby-2.7.1-rails-6.0:
+  ruby-3.0.0-rails-6.1:
     docker:
-    - image: circleci/ruby:2.7.1
+    - image: circleci/ruby:3.0.0
+      auth:
+        username: "$DOCKERHUB_USERNAME"
+        password: "$DOCKERHUB_PASSWORD"
       environment:
-        BUNDLE_GEMFILE: Gemfile.rails-6.0
+        BUNDLE_GEMFILE: Gemfile.rails-6.1
     working_directory: "~/stitches"
     steps:
     - checkout
+    - run:
+        name: Check for Gemfile.lock presence
+        command: ' if (test -f Gemfile.lock) then echo "Dont commit Gemfile.lock (see
+          https://github.com/stitchfix/eng-wiki/blob/master/architecture-decisions/0009-rubygem-dependencies-will-be-managed-more-explicitly.md)"
+          1>&2 ; exit 1 ; else exit 0 ; fi '
     - run: bundle config stitchfix01.jfrog.io $ARTIFACTORY_USER:$ARTIFACTORY_TOKEN
     - run: bundle install --full-index
     - run: bundle exec rspec --format RspecJunitFormatter --out /tmp/test-results/rspec.xml
@@ -35,18 +67,26 @@ jobs:
           fi
     - run:
         name: Notify Pager Duty
-        command: bundle exec y-notify "#devex-alerts"
+        command: bundle exec y-notify "#eng-runtime-alerts"
         when: on_fail
     - store_test_results:
         path: "/tmp/test-results"
-  ruby-2.6.6-rails-6.0:
+  ruby-2.7.2-rails-6.1:
     docker:
-    - image: circleci/ruby:2.6.6
+    - image: circleci/ruby:2.7.2
+      auth:
+        username: "$DOCKERHUB_USERNAME"
+        password: "$DOCKERHUB_PASSWORD"
       environment:
-        BUNDLE_GEMFILE: Gemfile.rails-6.0
+        BUNDLE_GEMFILE: Gemfile.rails-6.1
     working_directory: "~/stitches"
     steps:
     - checkout
+    - run:
+        name: Check for Gemfile.lock presence
+        command: ' if (test -f Gemfile.lock) then echo "Dont commit Gemfile.lock (see
+          https://github.com/stitchfix/eng-wiki/blob/master/architecture-decisions/0009-rubygem-dependencies-will-be-managed-more-explicitly.md)"
+          1>&2 ; exit 1 ; else exit 0 ; fi '
     - run: bundle config stitchfix01.jfrog.io $ARTIFACTORY_USER:$ARTIFACTORY_TOKEN
     - run: bundle install --full-index
     - run: bundle exec rspec --format RspecJunitFormatter --out /tmp/test-results/rspec.xml
@@ -57,18 +97,26 @@ jobs:
           fi
     - run:
         name: Notify Pager Duty
-        command: bundle exec y-notify "#devex-alerts"
+        command: bundle exec y-notify "#eng-runtime-alerts"
         when: on_fail
     - store_test_results:
         path: "/tmp/test-results"
-  ruby-2.7.1-rails-5.2:
+  ruby-3.0.0-rails-6.0:
     docker:
-    - image: circleci/ruby:2.7.1
+    - image: circleci/ruby:3.0.0
+      auth:
+        username: "$DOCKERHUB_USERNAME"
+        password: "$DOCKERHUB_PASSWORD"
       environment:
-        BUNDLE_GEMFILE: Gemfile.rails-5.2
+        BUNDLE_GEMFILE: Gemfile.rails-6.0
     working_directory: "~/stitches"
     steps:
     - checkout
+    - run:
+        name: Check for Gemfile.lock presence
+        command: ' if (test -f Gemfile.lock) then echo "Dont commit Gemfile.lock (see
+          https://github.com/stitchfix/eng-wiki/blob/master/architecture-decisions/0009-rubygem-dependencies-will-be-managed-more-explicitly.md)"
+          1>&2 ; exit 1 ; else exit 0 ; fi '
     - run: bundle config stitchfix01.jfrog.io $ARTIFACTORY_USER:$ARTIFACTORY_TOKEN
     - run: bundle install --full-index
     - run: bundle exec rspec --format RspecJunitFormatter --out /tmp/test-results/rspec.xml
@@ -79,18 +127,26 @@ jobs:
           fi
     - run:
         name: Notify Pager Duty
-        command: bundle exec y-notify "#devex-alerts"
+        command: bundle exec y-notify "#eng-runtime-alerts"
         when: on_fail
     - store_test_results:
         path: "/tmp/test-results"
-  ruby-2.6.6-rails-5.2:
+  ruby-2.7.2-rails-6.0:
     docker:
-    - image: circleci/ruby:2.6.6
+    - image: circleci/ruby:2.7.2
+      auth:
+        username: "$DOCKERHUB_USERNAME"
+        password: "$DOCKERHUB_PASSWORD"
       environment:
-        BUNDLE_GEMFILE: Gemfile.rails-5.2
+        BUNDLE_GEMFILE: Gemfile.rails-6.0
     working_directory: "~/stitches"
     steps:
     - checkout
+    - run:
+        name: Check for Gemfile.lock presence
+        command: ' if (test -f Gemfile.lock) then echo "Dont commit Gemfile.lock (see
+          https://github.com/stitchfix/eng-wiki/blob/master/architecture-decisions/0009-rubygem-dependencies-will-be-managed-more-explicitly.md)"
+          1>&2 ; exit 1 ; else exit 0 ; fi '
     - run: bundle config stitchfix01.jfrog.io $ARTIFACTORY_USER:$ARTIFACTORY_TOKEN
     - run: bundle install --full-index
     - run: bundle exec rspec --format RspecJunitFormatter --out /tmp/test-results/rspec.xml
@@ -101,7 +157,7 @@ jobs:
           fi
     - run:
         name: Notify Pager Duty
-        command: bundle exec y-notify "#devex-alerts"
+        command: bundle exec y-notify "#eng-runtime-alerts"
         when: on_fail
     - store_test_results:
         path: "/tmp/test-results"
@@ -112,31 +168,40 @@ workflows:
     - release:
         context: org-global
         requires:
-        - ruby-2.7.1-rails-6.0
-        - ruby-2.6.6-rails-6.0
-        - ruby-2.7.1-rails-5.2
-        - ruby-2.6.6-rails-5.2
+        - ruby-3.0.0-rails-6.1
+        - ruby-2.7.2-rails-6.1
+        - ruby-3.0.0-rails-6.0
+        - ruby-2.7.2-rails-6.0
+        filters:
+          tags:
+            only: /^[0-9]+\.[0-9]+\.[0-9]+(\.?(RC|rc)[-\.]?\w*)?$/
+          branches:
+            ignore: /.*/
+    - generate-and-push-docs:
+        context: org-global
+        requires:
+        - release
         filters:
           tags:
-            only: /^[0-9]+\.[0-9]+\.[0-9]+(\.?(RC|rc)[-\.]?\d*)?$/
+            only: /^[0-9]+\.[0-9]+\.[0-9]+(\.?(RC|rc)[-\.]?\w*)?$/
           branches:
             ignore: /.*/
-    - ruby-2.7.1-rails-6.0:
+    - ruby-3.0.0-rails-6.1:
         context: org-global
         filters:
           tags:
             only: &1 /.*/
-    - ruby-2.6.6-rails-6.0:
+    - ruby-2.7.2-rails-6.1:
         context: org-global
         filters:
           tags:
             only: *1
-    - ruby-2.7.1-rails-5.2:
+    - ruby-3.0.0-rails-6.0:
         context: org-global
         filters:
           tags:
             only: *1
-    - ruby-2.6.6-rails-5.2:
+    - ruby-2.7.2-rails-6.0:
         context: org-global
         filters:
           tags:
@@ -150,11 +215,11 @@ workflows:
             only:
             - master
     jobs:
-    - ruby-2.7.1-rails-6.0:
+    - ruby-3.0.0-rails-6.1:
         context: org-global
-    - ruby-2.6.6-rails-6.0:
+    - ruby-2.7.2-rails-6.1:
         context: org-global
-    - ruby-2.7.1-rails-5.2:
+    - ruby-3.0.0-rails-6.0:
         context: org-global
-    - ruby-2.6.6-rails-5.2:
+    - ruby-2.7.2-rails-6.0:
         context: org-global

data/.github/CODEOWNERS

@@ -8,4 +8,4 @@
 # This file uses the GitHub CODEOWNERS convention to assign PR reviewers:
 # https://help.github.com/articles/about-codeowners/
 
-* @brettfishman @bwebster @stitchfix/devex
+* @brettfishman @bwebster @stitchfix/runtime-infrastructure

data/.gitignore

@@ -1,5 +1,6 @@
 pkg
 spec/reports
+spec/fake_app/log/
 .vimrc
 *.sw?
 .idea/

data/.ruby-version

@@ -1 +1 @@
-2.7.1
+ruby-2.7.2

data/Gemfile.rails-6.1

@@ -0,0 +1,7 @@
+# DO NOT MODIFY - this is managed by Git Reduce in goro
+#
+source 'https://stitchfix01.jfrog.io/stitchfix01/api/gems/eng-gems/'
+
+gemspec
+
+gem 'rails', '~> 6.1.0'

data/README.md

@@ -35,7 +35,7 @@ Then, set it up:
 
 ### Upgrading from an older version
 
-- When upgrading to version 4.0.0 you may now take advantage of an in-memory cache
+- When upgrading to version 4.0.0 and above you may now take advantage of an in-memory cache
 
 You can enabled it like so
 
@@ -46,18 +46,46 @@ Stitches.configure do |config|
 end
 ```
 
-- If you have a version lower than 3.3.0, you need to run two generators, one of which creates a new database migration on your
-  `api_clients` table:
+You can also set a leniency for disabled API keys, which will allow old API keys to continue to be used if they have a
+`disabled_at` field set as long as the leniency is not exceeded. Note that if the `disabled_at` field is not populated
+the behavior will remain the same as it always was, and the request will be denied when the `enabled` field is set to
+`true`. If Stitches allows a call due to leniency settings, a log message will be generated with a severity depending on
+how long ago the API key was disabled.
+
+```ruby
+Stitches.configure do |config|
+  config.disabled_key_leniency_in_seconds = 3 * 24 * 60 * 60 # Time in seconds, defaults to three days 
+  config.disabled_key_leniency_error_log_threshold_in_seconds = 2 * 24 * 60 * 60 # Time in seconds, defaults to two days 
+end
+```
+
+If a disabled key is used within the `disabled_key_leniency_in_seconds`, it will be allowed. 
+
+Anytime a disabled key is used a log will be generated. If it is before the 
+`disabled_key_leniency_error_log_threshold_in_seconds` it will be a warning log message, if it is after that, it will be
+an error message. `disabled_key_leniency_error_log_threshold_in_seconds` should never be a greater number than 
+`disabled_key_leniency_in_seconds`, as this provides an escallating series of warnings before finally disabling access.
+
+- If you are upgrading from a version older than 3.3.0 you need to run three generators, two of which create database
+  migrations on your `api_clients` table:
 
   ```
   > bin/rails generate stitches:add_enabled_to_api_clients
   > bin/rails generate stitches:add_deprecation
+  > bin/rails generate stitches:add_disabled_at_to_api_clients
   ```
 
-- If you have a version lower than 3.6.0, you need to run one generator:
+- If you are upgrading from a version between 3.3.0 and 3.5.0 you need to run two generators:
 
   ```
   > bin/rails generate stitches:add_deprecation
+  > bin/rails generate stitches:add_disabled_at_to_api_clients
+  ```
+
+- If you are upgrading from a version between 3.6.0 and 4.0.2 you need to run one generator:
+
+  ```
+  > bin/rails generate stitches:add_disabled_at_to_api_clients
   ```
 
 ## Example Microservice Endpoint
@@ -143,6 +171,10 @@ Also, the integration test does a lot of "testing the implementation", but since
 failing with a successful result, we have to make sure that the various `inject_into_file` calls are actually working. Do not do
 any fancy refactors here, just keep it up to date.
 
+## Releases
+
+See the release process for open source gems in the Stitch Fix engineering wiki under technical topics.
+
 ---
 
 Provided with love by your friends at [Stitch Fix Engineering](http://technology.stitchfix.com)

data/lib/stitches/add_disabled_at_to_api_clients_generator.rb

@@ -0,0 +1,18 @@
+require 'rails/generators'
+
+module Stitches
+  class AddDisabledAtToApiClientsGenerator < Rails::Generators::Base
+    include Rails::Generators::Migration
+
+    source_root(File.expand_path(File.join(File.dirname(__FILE__),"generator_files")))
+
+    def self.next_migration_number(path)
+      Time.now.utc.strftime("%Y%m%d%H%M%S")
+    end
+
+    desc "Upgrade your api_clients table so it includes the `disabled_at` field"
+    def update_api_clients_table
+      migration_template "db/migrate/add_disabled_at_to_api_clients.rb", "db/migrate/add_disabled_at_to_api_clients.rb"
+    end
+  end
+end

data/lib/stitches/allowlist_middleware.rb

@@ -3,15 +3,14 @@ module Stitches
   class AllowlistMiddleware
     def initialize(app, options={})
       @app           = app
-      @configuration = options[:configuration] ||  Stitches.configuration
-      @except        = options[:except]        || @configuration.allowlist_regexp
+      @configuration = options[:configuration]
+      @except        = options[:except]
 
-      unless @except.nil? || @except.is_a?(Regexp)
-        raise ":except must be a Regexp"
-      end
+      allowlist_regex
     end
+
     def call(env)
-      if @except && @except.match(env["PATH_INFO"])
+      if allowlist_regex && allowlist_regex.match(env["PATH_INFO"])
         @app.call(env)
       else
         do_call(env)
@@ -24,5 +23,20 @@ module Stitches
       raise 'subclass must implement'
     end
 
+    def configuration
+      @configuration || Stitches.configuration
+    end
+
+  private
+
+    def allowlist_regex
+      regex = @except || configuration.allowlist_regexp
+
+      if !regex.nil? && !regex.is_a?(Regexp)
+        raise ":except must be a Regexp"
+      end
+
+      regex
+    end
   end
 end

data/lib/stitches/api_client_access_wrapper.rb

@@ -2,26 +2,57 @@ require 'lru_redux'
 
 module Stitches::ApiClientAccessWrapper
 
-  def self.fetch_for_key(key)
+  def self.fetch_for_key(key, configuration)
     if cache_enabled
-      fetch_for_key_from_cache(key)
+      fetch_for_key_from_cache(key, configuration)
     else
-      fetch_for_key_from_db(key)
+      fetch_for_key_from_db(key, configuration)
     end
   end
 
-  def self.fetch_for_key_from_cache(key)
+  def self.fetch_for_key_from_cache(key, configuration)
     api_key_cache.getset(key) do
-      fetch_for_key_from_db(key)
+      fetch_for_key_from_db(key, configuration)
     end
   end
 
-  def self.fetch_for_key_from_db(key)
-    if ::ApiClient.column_names.include?("enabled")
-      ::ApiClient.find_by(key: key, enabled: true)
+  def self.fetch_for_key_from_db(key, configuration)
+    api_client = ::ApiClient.find_by(key: key)
+    return unless api_client
+
+    unless api_client.respond_to?(:enabled?)
+      logger.warn('api_keys is missing "enabled" column.  Run "rails g stitches:add_enabled_to_api_clients"')
+      return api_client
+    end
+
+    unless api_client.respond_to?(:disabled_at)
+      logger.warn('api_keys is missing "disabled_at" column.  Run "rails g stitches:add_disabled_at_to_api_clients"')
+    end
+
+    return api_client if api_client.enabled?
+
+    disabled_at = api_client.respond_to?(:disabled_at) ? api_client.disabled_at : nil
+    if disabled_at && disabled_at > configuration.disabled_key_leniency_in_seconds.seconds.ago
+      message = "Allowing disabled ApiClient: #{api_client.name} with key #{api_client.key} disabled at #{disabled_at}"
+      if disabled_at > configuration.disabled_key_leniency_error_log_threshold_in_seconds.seconds.ago
+        logger.warn(message)
+      else
+        logger.error(message)
+      end
+      return api_client
+    else
+      logger.error("Rejecting disabled ApiClient: #{api_client.name} with key #{api_client.key}")
+    end
+    nil
+  end
+
+  def self.logger
+    if defined?(StitchFix::Logger::LogWriter)
+      StitchFix::Logger::LogWriter
+    elsif defined?(Rails.logger)
+      Rails.logger
     else
-      ActiveSupport::Deprecation.warn('api_keys is missing "enabled" column.  Run "rails g stitches:add_enabled_to_api_clients"')
-      ::ApiClient.find_by(key: key)
+      ::Logger.new('/dev/null')
     end
   end
 
@@ -39,4 +70,4 @@ module Stitches::ApiClientAccessWrapper
   def self.cache_enabled
     Stitches.configuration.max_cache_ttl.positive?
   end
-end
+end