tentd 0.0.1

data/.gitignore

@@ -0,0 +1,18 @@
+*.gem
+*.rbc
+.bundle
+.config
+.yardoc
+Gemfile.lock
+InstalledFiles
+_yardoc
+coverage
+doc/
+lib/bundler/man
+pkg
+rdoc
+spec/reports
+test/tmp
+test/version_tmp
+tmp
+.rbx/

data/.rspec

@@ -0,0 +1 @@
+--color --backtrace

data/.travis.yml

@@ -0,0 +1,8 @@
+source_key: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFcFFJQkFBS0NBUUVBM2Nvc0tLYnJWQllHTlI5WEE5WTc1L2FJbndPUWZ6L1dzK29GblQrR1hhVzV0Y3poCnpybTlyckU4WkpTWmtOaEpQQkZaMEpLMjI2M3FWSHkxWW45MC9XdUZ0aEZxbGdVNUgxbS9TTHJuelgrUzd2NHcKZk9zWU1xV1VvNVNzVXpLV3B0REhXNjMvQjlCNjBtck9OZnkwRU0yZjM0b05GMTlLTFM5ZTZKQ2t0aWViQXg2VAppaXE2OEtkVW5rODNVZjhYRkVOWi9iK2p3N2FaekdQNVY0R0JvMmhud1hEbFUxanlwNkVnVFUzdThNWFpHRUU2CjV4MWJlYmtIYUdPZXlGRUNTQUJsTEZBUGwrMDZsNEluaE0rMC9RSmJUTnlWdUNHaUtDNStlU3FwREdtdlJxK3MKTC9sNG9zMTBOUEdLU0c1eDRXcFIycUVRQXVxYTZPV0dTMlE0SHdJREFRQUJBb0lCQVFDeXlrckV6cUtBVzJ6UApvQjhHUWNwekdRTlRwSXowZDZMOTBCYU1oK3dxUy9Ha1E3QjRkTFViUVZjZEFjbTF3UlZ3YmRCSVdpMDhkRHVsCnRnNkdnNWJzdjZPL2ZOUytjU0YyUzJQdkhuVEU3U1dtc1pTbTd1SEgya0V6aVNOTndrYzkzS29KRnYreTdmWkUKNzhLaU5MOTNtRHRiK2E3Sis1QVJVdEdnaXhHc29Fb3FYeU9xYVJNNFBmK1pwSHZYcVZLR2xUM0tNaDBCQVM4TQpuK1ZtblpzRDUyMFNETXR0SUJQYXg3U2pPb2NQQ3lmOEt5dHVxblRRSC9RMjVsSE5HcmI1VmQxYzd4dFJ1SlRDCnVGWmFhczAwSzZBUG5uZDZkak1rM3kxSTJSNG8vRUlBOFZhRWNoc0ZCUXd5ZGlxQThkL0gyZTd5czRBd1RHL0sKbVFBMzk0eDVBb0dCQVBwUnNRdStib1dvclFRWC9teTdyU0M4QzFRQmlYQVBNUGxhU3A1d29WMlEzbnQzL1l4TApYbVh6SFdBTlU2dWo2Q01vTHg3UWtXMGppOXFySk9aR2JUejZ0VTFBOHFHL28yRVVKSldJN3F0Qnh5R291YS8yCjcraDliOGJYZDBNZDVWYXp5S21hSEE5aHA3Qm04Y2hpaTlNUUhBTFVrNUIwbyt5azhoUHVFOXl6QW9HQkFPTFMKdXY5ZE8wdm9wTVA2aHpYYitIamJodkZJVXBudTNOR2srQVdWQ3Rlc2NHRzZkMUdqR1loaUxmN2p5eGdUQ3NBegpBek9kVEs3eXI5bXZpTHJKb2J2a05pbG5SNzBnRHNkckJuK2p0ajQvb1MwaUpRWTB6WlpSVTZ2bzhIM3cvSGxyCjVMRVFPOUVGOCs1bWRlT3lIMDI4b1lUY1IvaWNTcC9vV3RiTG53VGxBb0dBWWh5WXp5aVJ1ek9VdE5FT3VPR0sKaHhVTlA1em1tSlJydHFCTU5QT2lXOEVIWXM5eUFvWWI5c3VtVE5xTVcrNy9jcUF5YjlxQjFZd2tLYzRBeFh6LwpIZktLRTBDTW1SYzYyemNBNjlkaTdKNzRoTm5VQmdNOG54eGpMa1dQaWkveWp0d2luMDgzQmxSWlhJdk00cVMxCmQwR09LUkhXMEx6VzcwN3JUeUoyaUg4Q2dZRUF3cGdwNStWemRzZExlL3NXUHdYTjRObnRwbGoyekt0WmRONkUKRGozMHhGMWpPT1RCY3g5clMwOTN5SUpqZmU3d1BUNUdrK1J5b25FQW50QnlqRlZwMVFtUDBldVNaMVgyZCsyQQo4TVppRm50K2Fuc3RxbXBvcW5weFB6NGovTmhmc2tmM05sVUlER2FBQk5xUWIxMGtjQXZSd21zOXI3TmVibHZvCmV2ak1IMlVDZ1lFQWpnYlRGcnV0Ri9Kam82bW4zYW1HNVBWVGJ1S2NRUEdwUEZWRm1tZFlreCthRXk4b2xEV1EKcFF2Y0k0U0F4UVRnaGFXOUZkc3ZBUEtVMkdUbTZFR2VlR0ZuMERTZExPZ2ZLSW52UFMrbUo3NEhBTnllQWpmbApxR1diTWJRcXFtclQ4akVFemNRWENZYnVNZndZOTJyTVZwVXhRc3VVb1dzWXN2aVFkOGM5ZlN3PQotLS0tLUVORCBSU0EgUFJJVkFURSBLRVktLS0tLQo=
+before_script:
+  - psql -c 'create database tentd_test;' -U postgres
+env:
+  - TEST_DATABASE_URL=postgres://postgres@localhost/tentd_test
+rvm:
+  - 1.9.3
+  - rbx-19mode

data/Gemfile

@@ -0,0 +1,9 @@
+source 'https://rubygems.org'
+
+gemspec
+
+gem 'rack-test', :git => 'https://github.com/brynary/rack-test.git'
+gem 'tent-client', :git => 'git://github.com/tent/tent-client-ruby.git', :branch => 'master'
+gem 'rb-fsevent', '~> 0.9.1'
+gem 'do_jdbc', :platform => :jruby
+gem 'girl_friday', '~> 0.10'

data/Guardfile

@@ -0,0 +1,6 @@
+guard 'rspec', :version => 2 do
+  watch(%r{^spec/.+_spec\.rb$})
+  watch(%r{^lib/tentd/(.+)\.rb$})     { |m| "spec/unit/#{m[1]}_spec.rb" }
+  watch(%r{^lib/[^/]+\.rb$})    { "spec" }
+  watch(%r{spec/(spec_helper|support/).*\.rb})  { "spec" }
+end

data/LICENSE.txt

@@ -0,0 +1,22 @@
+Copyright (c) 2012 Apollic Software, LLC
+
+MIT License
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.md

@@ -0,0 +1,49 @@
+# tentd ![Build Status](https://magnum.travis-ci.com/tent/tentd.png?branch=master&token=YmxLSPgdpsxNUMWJpzRx)
+
+tentd is an **alpha** implementation of a [Tent Protocol](http://tent.io) server.
+It currently contains **broken code, ugly code, many bugs, and security flaws**.
+The code should only be used to experiment with how Tent works. Under no
+circumstances should the code in its current form be used for data that is
+supposed to be private. All of the implemented APIs are in flux, and are
+expected to change heavily before the Tent 1.0 release.
+
+
+## Requirements
+
+TentD is written using Ruby 1.9 with Rack and Datamapper and is only tested with
+PostgreSQL. The code needs a few fixes to work with 1.8 and other databases.
+
+If you have Ruby 1.9, Bundler, and PostgreSQL installed, this should get the
+tests running:
+
+```shell
+createdb tent_server_test
+bundle install
+rake
+```
+
+If you want to run this as a Tent server, you should use
+[tentd-admin](https://github.com/tent/tentd-admin).
+
+
+## Contributions
+
+If you want to help out with the TentD code instead of writing Tent clients and
+applications, here are some areas that can be worked on:
+
+- Fix database queries. There are a bunch of suboptimal uses of the database,
+  and basically no indexes. Low hanging fruit would be to turn on logging while
+  running the tests and index all the queries.
+- Add data validation/normalization.
+- Audit security.
+- Refactor. The current code was hacked together quickly and is pretty ugly.
+- Add tests. There are quite a few areas that aren't tested completely.
+- Fix tests. A lot of tests are written as integration tests and depend on the
+  database, many would be much faster as unit tests that don't hit the database.
+
+Please note that we are not looking for Pull Requests that make fundamental
+changes to how the Tent Protocol works.
+
+### Contributors
+
+- [Jonas Schneider](https://github.com/jonasschneider)

data/Rakefile

@@ -0,0 +1,8 @@
+require 'bundler/setup'
+require 'bundler/gem_tasks'
+
+require 'rspec/core/rake_task'
+RSpec::Core::RakeTask.new(:spec) do |spec|
+  spec.pattern = 'spec/**/*_spec.rb'
+end
+task :default => :spec

data/bin/tent-server

@@ -0,0 +1,3 @@
+#!/usr/bin/env ruby
+
+require 'tent-server'

data/lib/tentd.rb

@@ -0,0 +1,31 @@
+require 'tentd/version'
+require 'tent-client'
+
+module TentD
+  autoload :API, 'tentd/api'
+  autoload :Action, 'tentd/action'
+  autoload :JsonPatch, 'tentd/json_patch'
+  autoload :TentVersion, 'tentd/tent_version'
+  autoload :TentType, 'tentd/tent_type'
+
+  def self.new(options={})
+    if options[:database] || ENV['DATABASE_URL']
+      DataMapper.setup(:default, options[:database] || ENV['DATABASE_URL'])
+    end
+
+    require "tentd/notifications/#{options[:job_backend] || 'girl_friday'}"
+
+    @faraday_adapter = options[:faraday_adapter]
+    API.new
+  end
+
+  def self.faraday_adapter
+    @faraday_adapter
+  end
+
+  def self.faraday_adapter=(a)
+    @faraday_adapter = a
+  end
+end
+
+require 'tentd/model'

data/lib/tentd/api.rb

@@ -0,0 +1,58 @@
+module TentD
+  class API
+    PER_PAGE = 50
+    MAX_PER_PAGE = 200
+    MEDIA_TYPE = 'application/vnd.tent.v0+json'.freeze
+    PROFILE_REL = 'https://tent.io/rels/profile'.freeze
+
+    autoload :Apps, 'tentd/api/apps'
+    autoload :Posts, 'tentd/api/posts'
+    autoload :Groups, 'tentd/api/groups'
+    autoload :Profile, 'tentd/api/profile'
+    autoload :Followers, 'tentd/api/followers'
+    autoload :Followings, 'tentd/api/followings'
+    autoload :CoreProfileData, 'tentd/api/core_profile_data'
+    autoload :UserLookup, 'tentd/api/user_lookup'
+    autoload :AuthenticationLookup, 'tentd/api/authentication_lookup'
+    autoload :AuthenticationVerification, 'tentd/api/authentication_verification'
+    autoload :AuthenticationFinalize, 'tentd/api/authentication_finalize'
+    autoload :Authorization, 'tentd/api/authorization'
+    autoload :Authorizable, 'tentd/api/authorizable'
+    autoload :Router, 'tentd/api/router'
+    autoload :Middleware, 'tentd/api/middleware'
+    include Router
+
+    mount Apps
+    mount Posts
+    mount Groups
+    mount Profile
+    mount Followers
+    mount Followings
+
+    class HelloWorld < Middleware
+      def action(env)
+        [200, { 'Link' => %(<%s>; rel="%s") % [File.join(env['SCRIPT_NAME'], 'profile'), PROFILE_REL] }, ['Tent!']]
+      end
+    end
+
+    class CorsPreflight < Middleware
+      def action(env)
+        headers = {
+          'Access-Control-Allow-Origin' => '*',
+          'Access-Control-Allow-Methods' => 'GET, POST, HEAD, PUT, DELETE, PATCH, OPTIONS',
+          'Access-Control-Allow-Headers' => 'Authorization',
+          'Access-Control-Max-Age' => '2592000' # 30 days
+        }
+        [200, headers, []]
+      end
+    end
+
+    get '/' do |b|
+      b.use HelloWorld
+    end
+
+    options %r{/.*} do |b|
+      b.use CorsPreflight
+    end
+  end
+end

data/lib/tentd/api/apps.rb

@@ -0,0 +1,196 @@
+module TentD
+  class API
+    class Apps
+      include Router
+
+      class GetActualId < Middleware
+        def action(env)
+          if env.params.app_id
+            if app = Model::App.first(:public_id => env.params.app_id)
+              env.params.app_id = app.id
+            else
+              env.params.app_id = nil
+            end
+          end
+
+          if env.params.auth_id
+            if app_auth = Model::AppAuthorization.first(:public_id => env.params.auth_id)
+              env.params.auth_id = app_auth.id
+            else
+              env.params.auth_id = nil
+            end
+          end
+
+          env
+        end
+      end
+
+      class AuthorizeReadOne < Middleware
+        def action(env)
+          authorize_env!(env, :read_apps) unless env.params.app_id && env.current_auth &&
+                                                 env.current_auth.kind_of?(Model::App) &&
+                                                 env.current_auth.id == env.params.app_id
+          env
+        end
+      end
+
+      class AuthorizeReadAll < Middleware
+        def action(env)
+          authorize_env!(env, :read_apps)
+          env
+        end
+      end
+
+      class AuthorizeWriteOne < Middleware
+        def action(env)
+          authorize_env!(env, :write_apps) unless env.params.app_id && env.current_auth &&
+                                                  env.current_auth.kind_of?(Model::App) &&
+                                                  env.current_auth.id == env.params.app_id
+          env
+        end
+      end
+
+      class GetOne < Middleware
+        def action(env)
+          if app = Model::App.first(:id => env.params.app_id)
+            env.response = app
+          end
+          env
+        end
+      end
+
+      class GetAll < Middleware
+        def action(env)
+          env.response = Model::App.all
+          env
+        end
+      end
+
+      class Create < Middleware
+        def action(env)
+          env.response = Model::App.create_from_params(env.params.data)
+          env.authorized_scopes << :read_secrets
+          env
+        end
+      end
+
+      class CreateAuthorization < Middleware
+        def action(env)
+          unless authorize_env?(env, :write_apps)
+            if env.params.data.code
+              return AuthorizationTokenExchange.new(@app).call(env)
+            else
+              authorize_env!(env, :write_apps)
+            end
+          end
+
+          if app = Model::App.first(:id => env.params.app_id)
+            env.authorized_scopes << :authorization_token
+            authorization = app.authorizations.create_from_params(
+              :app_id => env.params.app_id,
+              :notification_url => env.params.data.notification_url,
+              :post_types => env.params.data.post_types.to_a.map { |url| URI.decode(url) },
+              :profile_info_types => env.params.data.profile_info_types.to_a.map { |url| URI.decode(url) },
+              :scopes => env.params.data.scopes
+            )
+            env.response = authorization
+          end
+          env
+        end
+      end
+
+      class AuthorizationTokenExchange < Middleware
+        def action(env)
+          if authorization = Model::AppAuthorization.first(:app_id => env.params.app_id, :token_code => env.params.data.code)
+            env.response = authorization.token_exchange!
+          else
+            raise Unauthorized
+          end
+          env
+        end
+      end
+
+      class Update < Middleware
+        def action(env)
+          if app = Model::App.update_from_params(env.params.app_id, env.params.data)
+            env.response = app
+          end
+          env
+        end
+      end
+
+      class UpdateAppAuthorization < Middleware
+        def action(env)
+          authorize_env!(env, :write_apps)
+          if (auth = TentD::Model::AppAuthorization.first(:app_id => env.params.app_id, :id => env.params.auth_id)) &&
+              auth.update_from_params(env.params.data)
+            env.response = auth
+          end
+          env
+        end
+      end
+
+      class Destroy < Middleware
+        def action(env)
+          if (app = Model::App.get(env.params.app_id)) && app.destroy
+            env.response = ''
+          end
+          env
+        end
+      end
+
+      class DestroyAppAuthorization < Middleware
+        def action(env)
+          authorize_env!(env, :write_apps)
+          if (auth = TentD::Model::AppAuthorization.first(:app_id => env.params.app_id, :id => env.params.auth_id)) &&
+            auth.destroy
+            env.response = ''
+          end
+          env
+        end
+      end
+
+      get '/apps/:app_id' do |b|
+        b.use GetActualId
+        b.use AuthorizeReadOne
+        b.use GetOne
+      end
+
+      get '/apps' do |b|
+        b.use AuthorizeReadAll
+        b.use GetAll
+      end
+
+      post '/apps' do |b|
+        b.use Create
+      end
+
+      post '/apps/:app_id/authorizations' do |b|
+        b.use GetActualId
+        b.use CreateAuthorization
+      end
+
+      put '/apps/:app_id/authorizations/:auth_id' do |b|
+        b.use GetActualId
+        b.use UpdateAppAuthorization
+      end
+
+      delete '/apps/:app_id/authorizations/:auth_id' do |b|
+        b.use GetActualId
+        b.use DestroyAppAuthorization
+      end
+
+      put '/apps/:app_id' do |b|
+        b.use GetActualId
+        b.use AuthorizeWriteOne
+        b.use Update
+      end
+
+      delete '/apps/:app_id' do |b|
+        b.use GetActualId
+        b.use AuthorizeWriteOne
+        b.use Destroy
+      end
+    end
+  end
+end

data/lib/tentd/api/authentication_finalize.rb

@@ -0,0 +1,12 @@
+module TentD
+  class API
+    class AuthenticationFinalize < Middleware
+      def action(env)
+        return env unless env.hmac? && env.hmac.verified
+        env.current_auth = env.potential_auth
+        env.current_auth.update(:mac_timestamp_delta => Time.now.to_i - env.hmac.ts.to_i) unless env.current_auth.mac_timestamp_delta
+        env
+      end
+    end
+  end
+end

data/lib/tentd/api/authentication_lookup.rb

@@ -0,0 +1,27 @@
+module TentD
+  class API
+    class AuthenticationLookup < Middleware
+      def action(env)
+        return env unless env['HTTP_AUTHORIZATION']
+        env['hmac'] = Hash[env['HTTP_AUTHORIZATION'].scan(/([a-z]+)="([^"]+)"/i)]
+        mac_key_id = env['hmac']['id']
+        env.potential_auth = case mac_key_id.to_s[0,1]
+        when 's'
+          TentD::Model::Follower.first(:mac_key_id => mac_key_id)
+        when 'a'
+          TentD::Model::App.first(:mac_key_id => mac_key_id)
+        when 'u'
+          TentD::Model::AppAuthorization.first(:mac_key_id => mac_key_id)
+        end
+        env.potential_auth = Model::Following.first(:mac_key_id => mac_key_id) unless env.potential_auth
+        if env.potential_auth
+          env.hmac.secret = env.potential_auth.mac_key
+          env.hmac.algorithm = env.potential_auth.mac_algorithm
+        else
+          env.hmac = nil
+        end
+        env
+      end
+    end
+  end
+end