syntropy 0.30.0 → 0.31.0

data/examples/mcp-oauth/app/oauth/token.rb

@@ -0,0 +1,79 @@
+AuthStore = import '../_lib/auth_store'
+
+# https://datatracker.ietf.org/doc/html/rfc6749#section-5
+export ->(req) do
+  req.validate_http_method('post')
+  params = req.get_form_data
+  req.validate(
+    params['redirect_uri'], String,
+    message: 'invalid_request'
+  )
+
+  req.validate(
+    params['grant_type'], 'authorization_code',
+    message: 'unsupported_grant_type'
+  )
+
+  code = params['code']
+  auth_info = AuthStore.fetch(code)
+  req.validate(
+    auth_info, Hash,
+    message: 'invalid_request'
+  )
+
+  req.validate(
+    params['redirect_uri'], auth_info['redirect_uri'],
+    message: 'invalid_request'
+  )
+
+  client_id = params['client_id']
+  client_info = AuthStore.fetch(client_id)
+  req.validate(
+    client_info, Hash,
+    message: 'invalid_client'
+  )
+
+  code_verifier = params['code_verifier']
+  hashed = Base64.urlsafe_encode64(Digest::SHA256.digest(code_verifier), padding: false)
+  req.validate(
+    hashed, auth_info['code_challenge'],
+    message: 'invalid_grant'
+  )
+
+  session_info = AuthStore.fetch(auth_info['sid'])
+  req.validate(
+    session_info, Hash,
+    message: 'invalid_grant'
+  )
+
+  token_info = session_info.merge(
+    # some app-specific metadata
+    type: 'oauth',
+    ttl: 86400 * 30
+  )
+  token = AuthStore.store(token_info)
+
+  req.respond_json({
+    access_token: token,
+    token_type: 'Bearer',
+    expires_in: token_info[:ttl]
+  })
+rescue ValidationError => e
+  req.respond_json(
+    {
+      error: e.message
+    },
+    ':status' => Syntropy::HTTP::BAD_REQUEST
+  )
+rescue => e
+  status = Syntropy::Error.http_status(e)
+  raise if status == HTTP::INTERNAL_SERVER_ERROR
+
+  req.respond_json(
+    {
+      error: 'invalid_request',
+      error_description: e.message
+    },
+    ':status' => Syntropy::HTTP::BAD_REQUEST
+  )
+end

data/examples/mcp-oauth/app/signin.rb

@@ -0,0 +1,85 @@
+AuthStore = import '../_lib/auth_store'
+
+export ->(req) {
+  case req.method
+  when 'get'
+    render_signin_form(req)
+  when 'post'
+    validate_signin(req)
+  else
+    raise Syntropy::Error.method_not_allowed
+  end
+}
+
+def render_signin_form(req)
+  req.respond_html(@signin_form.render)
+end
+
+def validate_signin(req)
+  creds = req.get_form_data
+
+  if !valid_creds?(creds)
+    req.respond_html(
+      @signin_form.render,
+      ':status' => Syntropy::HTTP::UNAUTHORIZED
+    )
+    return
+  end
+
+  sid = AuthStore.store({
+    username: creds['username'],
+    timestamp: Time.now.to_i
+  })
+
+  oauth_signin_id = req.cookies['oauth_signin_id']
+  if oauth_signin_id
+    auth_info = AuthStore.fetch(oauth_signin_id)
+    AuthStore.update(oauth_signin_id, auth_info.merge('sid' => sid))
+    req.validate(auth_info, Hash)
+    req.respond(
+      nil,
+      ':status'     => Syntropy::HTTP::SEE_OTHER,
+      'Location'    => '/oauth/consent',
+    )
+    return
+  end
+
+  req.respond(
+      nil,
+      ':status'     => Syntropy::HTTP::SEE_OTHER,
+      'Location'    => '/',
+      'Set-Cookie'  => "sid=#{sid}"
+    )
+end
+
+def valid_creds?(creds)
+  (creds['username'] == 'foobar') && (creds['password'] == 'foobar')
+end
+
+@signin_form = template {
+  html {
+    head {
+      title 'My awesome site'
+    }
+    body {
+      h1 'Sign in:'
+
+      form(method: 'post') {
+        div {
+          label 'username:', for: 'username'
+          input type: 'text', name: 'username', required: true
+        }
+
+        div {
+          label 'password:', for: 'password'
+          input type: 'password', name: 'password', required: true
+        }
+
+        div {
+          input type: 'submit', value: 'Submit'
+        }
+      }
+    }
+    auto_refresh!
+  }
+}

data/examples/mcp-oauth/test/helper.rb

@@ -0,0 +1,9 @@
+# frozen_string_literal: true
+
+# require 'bundler/setup'
+# require 'syntropy'
+# require 'syntropy/test'
+# require 'minitest/autorun'
+
+# STDOUT.sync = true
+# STDERR.sync = true

data/examples/mcp-oauth/test/test_app.rb

@@ -0,0 +1,27 @@
+# frozen_string_literal: true
+
+require_relative 'helper'
+
+class AppTest < Minitest::Test
+  APP_ROOT = File.expand_path(File.join(__dir__, '../app'))
+  HTTP = Syntropy::HTTP
+
+  def setup
+    @machine = UM.new
+    @app = Syntropy::App.new(
+      root_dir: APP_ROOT,
+      mount_path: '/',
+      machine: @machine
+    )
+    @test_harness = Syntropy::TestHarness.new(@app)
+  end
+
+  def test_root
+    req = @test_harness.request(
+      ':method' => 'GET',
+      ':path'   => '/'
+    )
+    assert_equal HTTP::OK, req.response_status
+    assert_match /Syntropy/, req.response_body
+  end
+end