talis 0.12.0

data/lib/talis/authentication/public_key.rb

@@ -0,0 +1,53 @@
+require 'active_support'
+require 'talis/authentication/token'
+
+module Talis
+  module Authentication
+    # Provides the ability to fetch a public key to verify tokens.
+    # There is no need to use this class directly as it is used by the Token
+    # class to verify tokens.
+    class PublicKey < Talis::Resource
+      base_uri Token.base_uri
+
+      # Construct an empty public key object.
+      # @param cache_store [ActiveSupport::Cache::MemoryStore] A cache
+      #  store to use to fetch locally cached keys before trying remotely.
+      def initialize(cache_store)
+        @cache_store = cache_store
+      end
+
+      # Fetch a public key for use with token verification, either from
+      # the provided cache or remotely.
+      # @param request_id [String] (uuid) unique ID for the remote request.
+      # @return [String] the public key.
+      def fetch(request_id: self.class.new_req_id)
+        # Token base URI may have changed after the class was loaded.
+        self.class.base_uri(Token.base_uri)
+        public_key = @cache_store.fetch(cache_key, cache_options) do
+          opts = { format: :plain, headers: { 'X-Request-Id' => request_id } }
+          response = self.class.get('/oauth/keys', opts)
+          self.class.handle_response(response)
+        end
+        OpenSSL::PKey.read(public_key)
+      end
+
+      private
+
+      def digest_data(data)
+        md4 = OpenSSL::Digest::MD4.new
+        Base64.encode64(md4.digest(data))
+      end
+
+      def cache_key
+        "public_key:#{digest_data(self.class.base_uri)}"
+      end
+
+      def cache_options
+        {
+          expires_in: ENV.fetch('PUBLIC_KEY_EXPIRY_SECONDS', 7.minutes),
+          race_condition_ttl: 10.seconds
+        }
+      end
+    end
+  end
+end

data/lib/talis/authentication/token.rb

@@ -0,0 +1,172 @@
+require 'active_support'
+require 'jwt'
+require 'openssl'
+
+module Talis
+  module Authentication
+    # Represents a JWT-based OAuth access token.
+    #
+    # Optionally configure an ActiveSupport-based cache store for caching the
+    # public key and tokens. The default cache used is an in-memory one.
+    # See http://api.rubyonrails.org/classes/ActiveSupport/Cache.html for
+    # supported cache types.
+    # @example Using an in-memory cache.
+    #   store = ActiveSupport::Cache::MemoryStore.new
+    #   Talis::Authentication::Token.cache_store = store
+    class Token < Talis::Resource
+      base_uri Talis::PERSONA_HOST
+      cattr_accessor :cache_store
+      Token.cache_store = ActiveSupport::Cache::MemoryStore.new
+
+      # Create a new token object from an existing JWT.
+      # @param jwt [String] the encoded JWT.
+      # @param public_key [PublicKey] (nil) Only used in unit tests.
+      def initialize(jwt:, public_key: nil)
+        @jwt = jwt
+        @public_key = public_key || PublicKey.new(Token.cache_store)
+      end
+
+      # Validate the token, optionally against one or more required scopes.
+      #
+      # Scope validation is performed locally unless there are too many tokens
+      # to list inside the token payload. When this is the case, a remote
+      # request is performed to validate the token against the scopes.
+      #
+      # The validation error returned can be one of the following:
+      # - `:expired_token` if the token has expired.
+      # - `:insufficient_scope` if the provided scopes are not in the token.
+      # - `:invalid_token` if the token could not be verified by the public
+      #   key.
+      # - `:invalid_token` if the token could not be decoded.
+      # - `:invalid_key` if the public key is corrupt.
+      # @param request_id [String] (uuid) unique ID for the remote request.
+      # @param scopes [Array] Scope(s) that the token needs in order to be
+      #   valid.
+      # @param all [Boolean] (true) Whether or not all scopes must be present
+      #   within the token for validation to pass. If false, only one matching
+      #   scope is required.
+      # @return [Symbol, Nil] nil iff the token is valid else a symbol error.
+      # @raise [Talis::ServerError] if the sever cannot validate the
+      #   scope.
+      # @raise [Talis::ServerCommunicationError] for network issues.
+      def validate(request_id: self.class.new_req_id, scopes: [], all: true)
+        decoded = JWT.decode(@jwt, p_key(request_id), true, algorithm: 'RS256')
+        validate_scopes(request_id, scopes, decoded[0], all)
+      rescue JWT::ExpiredSignature
+        return :expired_token
+      rescue JWT::VerificationError, JWT::DecodeError
+        return :invalid_token
+      rescue NoMethodError
+        return :invalid_key
+      rescue Talis::ClientError
+        :insufficient_scope
+      end
+
+      # @return [String] the encoded version of the token - a JWT string.
+      def to_s
+        @jwt
+      end
+
+      private
+
+      def p_key(req_id)
+        @public_key.fetch(request_id: req_id)
+      end
+
+      def validate_scopes(request_id, wanted_scopes, token, all_must_match)
+        # The existence of this key means there are too many scopes to fit
+        # into an encoded token, it must be fetched from the server
+        token = fetch_token(request_id) if token.key? 'scopeCount'
+
+        return :invalid_token unless token.key? 'scopes'
+        provided_scopes = token['scopes']
+        return nil if wanted_scopes.empty?
+        return nil if provided_scopes.include? 'su'
+        compare_scope_intersect(wanted_scopes, provided_scopes, all_must_match)
+      end
+
+      def compare_scope_intersect(wanted_scope, provided_scope, all_must_match)
+        intersect_scope = (wanted_scope & provided_scope)
+        if (all_must_match && intersect_scope != wanted_scope) ||
+           intersect_scope.empty?
+          :insufficient_scope
+        end
+      end
+
+      def fetch_token(request_id)
+        token_url = "/oauth/tokens/#{@jwt}"
+        headers = { headers: { 'X-Request-Id' => request_id } }
+        self.class.handle_response(self.class.get(token_url, headers))
+      end
+
+      class << self
+        # Generate a new token for the given client.
+        # If a previous token has been generated for the client and has not
+        # expired then this will be returned from the cache.
+        # @param request_id [String] ('uuid') unique ID for the remote request.
+        # @param client_id [String] the client for whom this token is for.
+        # @param client_secret [String] secret belonging to the client.
+        # @param host [String] Optional persona host override for service
+        # @return [Talis::Authentication::Token] the generated or cached token.
+        # @raise [Talis::ClientError] if the client ID/secret are
+        #   invalid.
+        # @raise [Talis::ServerError] if the generation failed on the
+        #   server.
+        # @raise [Talis::ServerCommunicationError] for network issues.
+        def generate(request_id: new_req_id, client_id:, client_secret:,
+                     host: base_uri)
+          token = cached_token(client_id, host)
+          if token
+            new(jwt: token)
+          else
+            generate_remote_token(request_id, client_id, client_secret, host)
+          end
+        end
+
+        private
+
+        def generate_remote_token(request_id, client_id, client_secret, host)
+          response = create_token(request_id, client_id, client_secret, host)
+          parsed_response = handle_response(response)
+          cache_token(parsed_response, client_id, host)
+          new(jwt: parsed_response['access_token'])
+        end
+
+        def digest_data(data)
+          md4 = OpenSSL::Digest::MD4.new
+          Base64.encode64(md4.digest(data))
+        end
+
+        def cache_key(client_id, host)
+          "token:#{digest_data(client_id)}_#{digest_data(host)}"
+        end
+
+        def cache_token(data, client_id, host)
+          access_token = data['access_token']
+          # Expire the cache slightly before the token expires to cater for
+          # communication delay between server issuing and client receiving.
+          expiry_time = data['expires_in'].to_i - 5.seconds
+          Token.cache_store.write(cache_key(client_id, host), access_token,
+                                  expires_in: expiry_time)
+        end
+
+        def cached_token(client_id, host)
+          key = cache_key(client_id, host)
+          Token.cache_store.fetch(key) if Token.cache_store.exist?(key)
+        end
+
+        def create_token(request_id, client_id, client_secret, host)
+          post(host + '/oauth/tokens',
+               headers: { 'X-Request-Id' => request_id },
+               body: {
+                 client_id: client_id,
+                 client_secret: client_secret,
+                 grant_type: 'client_credentials'
+               })
+        rescue
+          raise Talis::ServerCommunicationError
+        end
+      end
+    end
+  end
+end

data/lib/talis/bibliography.rb

@@ -0,0 +1,52 @@
+require_relative 'bibliography/result_set'
+require_relative 'bibliography/work'
+require_relative 'bibliography/manifestation'
+require_relative 'bibliography/ebook'
+
+module Talis
+  # Encompasses all classes associated with bibliographic resources
+  module Bibliography
+    # Exposes the underlying Metatron API client.
+    # @param request_id [String] ('uuid') unique ID for remote requests.
+    # @return MetatronClient::DefaultApi
+    def api_client(request_id = new_req_id)
+      configure_metatron
+
+      api_client = MetatronClient::ApiClient.new
+      api_client.default_headers = {
+        'X-Request-Id' => request_id,
+        'User-Agent' => "talis-ruby-client/#{Talis::VERSION} "\
+        "ruby/#{RUBY_VERSION}"
+      }
+
+      MetatronClient::DefaultApi.new(api_client)
+    end
+
+    private
+
+    def configure_metatron
+      MetatronClient.configure do |config|
+        config.scheme = base_uri[/https?/]
+        config.host = base_uri
+        # Non-production environments have a base path
+        if ENV['METATRON_BASE_PATH']
+          config.base_path = ENV['METATRON_BASE_PATH']
+        end
+        config.api_key_prefix['Authorization'] = 'Bearer'
+      end
+    end
+
+    def empty_result_set(klass, meta_properties)
+      meta = OpenStruct.new(meta_properties)
+      klass.new(data: [], meta: meta).extend(ResultSet)
+    end
+
+    def escape_query(query_string)
+      # TODO: are all of these necessary?
+      pattern = %r{
+        (\+|\-|\=|\&\&|\|\||\>|\<|\!|\(|\)|\{|\}|\[|\]|\^|\"|\~|\*|\?|\:|\\|\/)
+      }x
+      query_string.gsub(pattern) { |match| "\\#{match}" }
+    end
+  end
+end

data/lib/talis/bibliography/ebook.rb

@@ -0,0 +1,50 @@
+require 'metatron_ruby_client'
+require 'forwardable'
+
+module Talis
+  module Bibliography
+    # Represents an eBook which is a type of asset associated with
+    # works and their manifestations.
+    #
+    # In order to perform remote operations, the client must be configured
+    # with a valid OAuth client that is allowed to query nodes:
+    #
+    #  Talis::Authentication.client_id = 'client_id'
+    #  Talis::Authentication.client_secret = 'client_secret'
+    #
+    class EBook < Talis::Resource
+      extend Forwardable, Talis::OAuthService, Talis::Bibliography
+      base_uri Talis::METATRON_HOST
+      attr_accessor :id, :vbid, :title, :author, :format, :digital_list_price,
+                    :publisher_list_price, :store_price
+      private_class_method :new
+
+      def initialize(asset_data)
+        attrs = asset_data.try(:attributes) || {}
+        @id = asset_data.id
+        @vbid = attrs[:vbid]
+        @title = attrs[:title]
+        @author = attrs[:author]
+        @format = attrs[:'book-format']
+        price_list = attrs.fetch(:pricelist, {})
+        @digital_list_price = price_list[:'digital-list-price']
+        @publisher_list_price = price_list[:'publisher-list-price']
+        @store_price = price_list.fetch(:'store-price', {})[:value]
+      end
+
+      class << self
+        def find_by_manifestation_id(manifestation_id, request_id = new_req_id)
+          id = manifestation_id.gsub('nbd:', '')
+          begin
+            set = api_client(request_id).get_manifestation_assets(token, id)
+          rescue MetatronClient::ApiError => error
+            return [] if error.code == 404
+            handle_response(error)
+          end
+          set.data.select { |asset| asset.type == Talis::EBOOK_TYPE }
+             .map { |asset| new(asset) }
+        end
+      end
+    end
+  end
+end

data/lib/talis/bibliography/manifestation.rb

@@ -0,0 +1,141 @@
+require 'metatron_ruby_client'
+require 'forwardable'
+
+module Talis
+  module Bibliography
+    # Represents bibliographic manifestations API operations provided by the
+    # Metatron gem
+    # {https://github.com/talis/metatron_rb}
+    #
+    # In order to perform remote operations, the client must be configured
+    # with a valid OAuth client that is allowed to query nodes:
+    #
+    #  Talis::Authentication.client_id = 'client_id'
+    #  Talis::Authentication.client_secret = 'client_secret'
+    #
+    class Manifestation < Talis::Resource
+      extend Forwardable, Talis::OAuthService, Talis::Bibliography
+      base_uri Talis::METATRON_HOST
+      attr_reader :contributors, :assets, :manifestation_data, :work
+      attr_accessor :id, :type, :title
+      def_delegators :@manifestation_data, :id, :type
+
+      # rubocop:disable Metrics/LineLength
+      class << self
+        # Search for bibliographic manifestations
+        # @param request_id [String] ('uuid') unique ID for the remote request.
+        # @param opts [Hash] the query parameters: currently supported: work_id and isbn
+        #   see {https://github.com/talis/metatron_rb/blob/metatron-swagger-updates/docs/DefaultApi.md#manifestation}
+        # @return [MetatronClient::ManifestationResultSet] containing data and meta attributes.
+        #   The structure is as follows:
+        #     {
+        #       data: [manifestation1, manifestation2, manifestation3],
+        #       meta: { count: 3 }
+        #       included: [contributor1]
+        #     }
+        #  where manifestations are of type Talis::Bibliography::Manifestation, which are also available
+        # directly via the Enumerable methods: each, find, find_all, first, last
+        # @raise [Talis::ClientError] if the request was invalid.
+        # @raise [Talis::ServerError] if the search failed on the
+        #   server.
+        # @raise [Talis::ServerCommunicationError] for network issues.
+        def find(request_id: new_req_id, opts: {})
+          api_client(request_id).manifestation(token, opts)
+                                .extend(ResultSet).hydrate
+        rescue MetatronClient::ApiError => error
+          begin
+            handle_response(error)
+          rescue Talis::NotFoundError
+            empty_result_set(MetatronClient::ManifestationResultSet, count: 0)
+          end
+        end
+
+        # Fetch a single work by id
+        # @param request_id [String] ('uuid') unique ID for the remote request.
+        # @param id [String] the ID of the work to fetch.
+        # @return Talis::Bibliography::Work or nil if the work cannot be found.
+        # @raise [Talis::ClientError] if the request was invalid.
+        # @raise [Talis::ServerError] if the fetch failed on the
+        #   server.
+        # @raise [Talis::ServerCommunicationError] for network issues.
+        def get(request_id: new_req_id, id:)
+          new api_client(request_id).get_manifestation(token, id).data
+        rescue MetatronClient::ApiError => error
+          begin
+            handle_response(error)
+          rescue Talis::NotFoundError
+            nil
+          end
+        end
+      end
+
+      def initialize(manifestation_data = nil)
+        if manifestation_data.is_a? MetatronClient::ManifestationData
+          parse_manifestation_data manifestation_data
+        else
+          @manifestation_data = MetatronClient::ManifestationData.new
+        end
+      end
+
+      def contributors
+        @contributors ||= []
+      end
+
+      # TODO: call assets route if not set
+      def assets
+        @assets ||= []
+      end
+
+      # By default, the metatron client returns generic ResourceLink objects
+      # as the related resources.  When passed an array of Metatron::ResourceData
+      # objects, it will replace the ResourceLink objects with more appropriately
+      # typed objects
+      # @param resources [Array] an array of Metatron::ResourceData objects
+      def hydrate_relationships(included_resources)
+        contributors.map! do |contributor|
+          find_relationship_in_included(contributor,
+                                        included_resources)
+        end
+      end
+
+      private
+
+      def find_relationship_in_included(resource_data, included)
+        included.find do |resource|
+          resource.id == resource_data.id && resource.type == resource_data.type
+        end
+      end
+
+      def parse_manifestation_data(manifestation_data)
+        @manifestation_data = manifestation_data
+        @title = manifestation_data.try(:attributes).try(:title)
+
+        unless manifestation_data.relationships.nil?
+          add_relationships(manifestation_data)
+        end
+      end
+
+      def add_relationships(manifestation_data)
+        [:contributors, :work].each do |rel|
+          next unless manifestation_data.relationships.try(rel).try(:data)
+          if rel == :contributors
+            add_related_contributors(manifestation_data)
+          else
+            add_related_work(manifestation_data)
+          end
+        end
+      end
+
+      def add_related_contributors(manifestation_data)
+        @contributors ||= []
+        @contributors += manifestation_data.relationships.contributors.data
+      end
+
+      def add_related_work(manifestation_data)
+        @work = MetatronClient::WorkData.new(
+          manifestation_data.relationships.work.data.to_hash
+        )
+      end
+    end
+  end
+end