tinypass 0.0.1

data/lib/tinypass/builder/security_utils.rb

@@ -0,0 +1,67 @@
+require 'openssl'
+require 'base64'
+
+module Tinypass
+  module SecurityUtils
+    extend self
+
+    DELIM = '~~~'
+
+    def encrypt(key, data)
+      original_key = key
+      key = prepare_key(key)
+
+      cipher = OpenSSL::Cipher.new('AES-256-ECB')
+      cipher.encrypt
+      cipher.key = key
+      encrypted = cipher.update(data) + cipher.final
+
+      safe = url_ensafe(encrypted)
+      safe + DELIM + hash_hmac_sha256(original_key, safe)
+    end
+
+    def decrypt(key, data)
+      cipher_text, hmac_text = data.split(DELIM)
+      check_hmac!(key, cipher_text, hmac_text) if hmac_text
+      key = prepare_key(key)
+      cipher_text = url_desafe(cipher_text)
+
+      cipher = OpenSSL::Cipher.new('AES-256-ECB')
+      cipher.decrypt
+      cipher.key = key
+      cipher.update(cipher_text) + cipher.final
+    end
+
+    def hash_hmac_sha256(key, data)
+      digest = OpenSSL::Digest::Digest.new('sha256')
+      hmac = OpenSSL::HMAC.digest(digest, key, data)
+      url_ensafe(hmac)
+    end
+
+    private
+
+    def url_ensafe(data)
+      base64 = Base64.urlsafe_encode64(data)
+      base64.sub!(/(=+)$/, '')
+      base64
+    end
+
+    def url_desafe(data)
+      modulus = data.length % 4
+      data << '=' * (4 - modulus) if modulus != 0
+      Base64.urlsafe_decode64(data)
+    end
+
+    def prepare_key(key)
+      key = key.slice(0, 32) if key.length > 32
+      key = key.ljust(32, 'X') if key.length < 32
+      key
+    end
+
+    def check_hmac!(key, cipher_text, hmac_text)
+      if hash_hmac_sha256(key, cipher_text) != hmac_text
+        raise ArgumentError.new('Could not parse message invalid hmac')
+      end
+    end
+  end
+end

data/lib/tinypass/gateway.rb

@@ -0,0 +1,104 @@
+require 'rest_client'
+require 'uri'
+require 'ostruct'
+
+module Tinypass
+  module Gateway
+    extend self
+
+    def fetch_access_detail(rid, user_ref)
+      params = { rid: rid, user_ref: user_ref }
+      response = get('access', params)
+
+      return unless response
+
+      AccessDetails.new(MultiJson.load(response))
+    end
+
+    def fetch_access_details(params)
+      pagesize = params.delete(:pagesize) || params.delete("pagesize") || 500
+      params[:pagesize] = pagesize
+      response = get('access/search', params)
+
+      return [] unless response
+
+      PagedList.new(MultiJson.load(response))
+    end
+
+    def fetch_subscription_details(params)
+      response = get('subscription/search', params)
+
+      MultiJson.load(response)
+    end
+
+    def cancel_subscription(params)
+      post('subscription/cancel', params)
+    end
+
+    def grant_access(params)
+      post('access/grant', params)
+    end
+
+    def revoke_access(params)
+      post('access/revoke', params)
+    end
+
+    private
+
+    def get(action, params)
+      url = build_url(action, params)
+      headers = build_authenticated_headers('GET', url)
+
+      full_url = Config.endpoint + url
+
+      RestClient.get(full_url, headers)
+    rescue RestClient::ResourceNotFound
+      nil
+    end
+
+    def post(action, params)
+      url = build_url(action, params)
+      headers = build_authenticated_headers('POST', url)
+      
+      full_url = Config.endpoint + url
+
+      RestClient.post(full_url, {}, headers)
+    end
+
+    def build_url(url, params)
+      "#{ Config::REST_CONTEXT }/#{ url }?#{ URI.encode_www_form(params) }"
+    end
+
+    def build_authenticated_headers(http_method, url)
+      request_definition = "#{ http_method.upcase } #{ url }"
+      signature = "#{ Tinypass.aid }:#{ SecurityUtils.hash_hmac_sha256(Tinypass.private_key, request_definition) }"
+
+      { authorization: signature }
+    end
+
+    class AccessDetails < OpenStruct
+      def access_granted?
+        expires.nil? || expires.to_i >= Time.now.to_i
+      end
+    end
+
+    class PagedList < OpenStruct
+      include Enumerable
+
+      def initialize(parsed_response)
+        @list = []
+        raw_access_details = parsed_response.delete('data')
+
+        raw_access_details.each do |d|
+          @list << AccessDetails.new(d)
+        end
+
+        super(parsed_response)
+      end
+
+      def each(&block)
+        @list.each(&block)
+      end
+    end
+  end
+end

data/lib/tinypass/offer.rb

@@ -0,0 +1,23 @@
+module Tinypass
+  class Offer
+    attr_reader :resource, :pricing, :policies, :tags
+
+    def initialize(resource, *price_options_or_policy)
+      raise ArgumentError.new("Can't initialize offer without price options or policy") if price_options_or_policy.empty?
+
+      @resource = resource
+      @policies = []
+      @tags = []
+
+      if price_options_or_policy.first.kind_of?(PricingPolicy)
+        @pricing = price_options_or_policy.first
+      else
+        @pricing = PricingPolicy.new(price_options_or_policy)
+      end
+    end
+
+    def has_active_prices?
+      pricing.has_active_options?
+    end
+  end
+end

data/lib/tinypass/policies.rb

@@ -0,0 +1,5 @@
+require 'tinypass/policies/policy'
+
+require 'tinypass/policies/discount_policy'
+require 'tinypass/policies/pricing_policy'
+require 'tinypass/policies/restriction_policy'

data/lib/tinypass/policies/discount_policy.rb

@@ -0,0 +1,25 @@
+module Tinypass
+  class DiscountPolicy < Policy
+    def self.on_total_spend_in_period(amount, within_period, discount)
+      policy = new
+
+      policy[POLICY_TYPE] = DISCOUNT_TOTAL_IN_PERIOD
+      policy["amount"] = amount
+      policy["withinPeriod"] = within_period
+      policy["discount"] = discount
+
+      policy
+    end
+
+    def self.previous_purchased(rids, discount)
+      rids = Array(rids)
+      policy = new
+
+      policy[POLICY_TYPE] = DISCOUNT_PREVIOUS_PURCHASE
+      policy["rids"] = rids
+      policy["discount"] = discount
+
+      policy
+    end
+  end
+end

data/lib/tinypass/policies/policy.rb

@@ -0,0 +1,25 @@
+module Tinypass
+  class Policy
+    DISCOUNT_TOTAL_IN_PERIOD = "d1"
+    DISCOUNT_PREVIOUS_PURCHASE = "d2"
+    STRICT_METER_BY_TIME = "sm1"
+    REMINDER_METER_BY_TIME = "rm1"
+    REMINDER_METER_BY_COUNT = "rm2"
+    RESTRICT_MAX_PURCHASES = "r1"
+
+    POLICY_TYPE = "type"
+
+    def initialize
+      @map = {}
+    end
+
+    def []=(key,value)
+      key = key.to_s
+      @map[key] = value
+    end
+
+    def to_hash
+      @map
+    end
+  end
+end

data/lib/tinypass/policies/pricing_policy.rb

@@ -0,0 +1,13 @@
+module Tinypass
+  class PricingPolicy < Policy
+    attr_reader :price_options
+
+    def initialize(price_options)
+      @price_options = Array(price_options)
+    end
+
+    def has_active_options?
+      price_options.any? { |price_option| price_option.active? }
+    end
+  end
+end

data/lib/tinypass/policies/restriction_policy.rb

@@ -0,0 +1,14 @@
+module Tinypass
+  class RestrictionPolicy < Policy
+    def self.limit_purchases_in_period_by_amount(amount, within_period, link_with_details = nil)
+      policy = new
+
+      policy[POLICY_TYPE] = RESTRICT_MAX_PURCHASES
+      policy['amount'] = amount
+      policy['withinPeriod'] = within_period
+      policy['linkWithDetails'] = link_with_details if link_with_details
+
+      policy
+    end
+  end
+end

data/lib/tinypass/price_option.rb

@@ -0,0 +1,66 @@
+module Tinypass
+  class PriceOption
+    attr_accessor :price, :access_period, :caption, :start_date_in_secs, :end_date_in_secs
+    attr_reader :split_pays
+
+    def initialize(price, access_period = nil, start_date_in_secs = nil, end_date_in_secs = nil)
+      @split_pays = {}
+
+      @price, @access_period = price, access_period
+
+      @start_date_in_secs = TokenData.convert_to_epoch_seconds(start_date_in_secs) if start_date_in_secs
+      @end_date_in_secs = TokenData.convert_to_epoch_seconds(end_date_in_secs) if end_date_in_secs
+    end
+
+    def access_period_in_msecs
+      Utils.parse_loose_period_in_msecs(@access_period)
+    end
+
+    def access_period_in_secs
+      access_period_in_msecs / 1000
+    end
+
+    def active?(timestamp = nil)
+      timestamp ||= Time.now.to_i
+      timestamp = TokenData.convert_to_epoch_seconds(timestamp)
+
+      return false if start_date_in_secs && timestamp < start_date_in_secs
+      return false if end_date_in_secs && timestamp > end_date_in_secs
+      return true
+    end
+
+    def caption=(value)
+      value = value[0...50] if value
+      @caption = value
+    end
+
+    def add_split_pay(email, amount)
+      amount = amount[0..-2].to_f / 100.0 if amount.end_with?('%')
+      amount = amount.to_f
+
+      @split_pays[email] = amount
+    end
+
+    def to_s
+      string = "Price:#{ price }\tPeriod:#{ access_period }\tTrial Period:#{ access_period }"
+
+      if start_date_in_secs
+        string << "\tStart:#{ start_date_in_secs }:#{ Time.at(start_date_in_secs).strftime('%a, %d %b %Y %H %M %S') }"
+      end
+
+      if end_date_in_secs
+        string << "\tEnd:#{ end_date_in_secs }:#{ Time.at(end_date_in_secs).strftime('%a, %d %b %Y %H %M %S') }"
+      end
+
+      string << "\tCaption:#{ caption }" if caption
+
+      if @split_pays.any?
+        @split_pays.each do |email, amount|
+          string << "\tSplit:#{ email }:#{ amount }"
+        end
+      end
+
+      string
+    end
+  end
+end

data/lib/tinypass/resource.rb

@@ -0,0 +1,17 @@
+module Tinypass
+  class Resource
+    attr_accessor :name, :url
+
+    def initialize(rid = nil, name = nil, url = nil)
+      @rid, @name, @url = rid, name, url
+    end
+
+    def rid
+      @rid.to_s
+    end
+
+    def rid=(value)
+      @rid = value.to_s
+    end
+  end
+end

data/lib/tinypass/token.rb

@@ -0,0 +1,6 @@
+require 'tinypass/token/access_token'
+require 'tinypass/token/access_token_list'
+require 'tinypass/token/access_token_store'
+require 'tinypass/token/meter'
+require 'tinypass/token/meter_helper'
+require 'tinypass/token/token_data'

data/lib/tinypass/token/access_token.rb

@@ -0,0 +1,163 @@
+module Tinypass
+  class AccessToken
+    attr_accessor :access_state, :token_data
+
+    def initialize(rid_or_token_data, expiration_in_seconds = nil, early_expiration_in_seconds = nil)
+      if rid_or_token_data.kind_of?(TokenData)
+        self.token_data = rid_or_token_data
+        return
+      end
+
+      expiration_in_seconds ||= 0
+      early_expiration_in_seconds ||= 0
+
+      token_data = TokenData.new
+      token_data[TokenData::RID] = rid_or_token_data.to_s
+      token_data[TokenData::EX] = TokenData.convert_to_epoch_seconds(expiration_in_seconds)
+      token_data[TokenData::EARLY_EX] = TokenData.convert_to_epoch_seconds(early_expiration_in_seconds)
+      self.token_data = token_data
+    end
+
+    def rid
+      token_data.rid
+    end
+
+    def access_id
+      token_data[TokenData::ACCESS_ID]
+    end
+
+    def uid
+      token_data.fetch(TokenData::UID, 0)
+    end
+
+    def expiration_in_seconds
+      token_data.fetch(TokenData::EX, 0)
+    end
+    alias_method :expiration_in_secs, :expiration_in_seconds
+
+    def early_expiration_in_seconds
+      token_data.fetch(TokenData::EARLY_EX, 0)
+    end
+    alias_method :early_expiration_in_secs, :early_expiration_in_seconds
+
+    def trial_end_time_secs
+      token_data.fetch(TokenData::METER_TRIAL_ENDTIME, 0)
+    end
+
+    def lockout_end_time_secs
+      token_data.fetch(TokenData::METER_LOCKOUT_ENDTIME, 0)
+    end
+
+    def trial_view_count
+      token_data.fetch(TokenData::METER_TRIAL_ACCESS_ATTEMPTS, 0)
+    end
+
+    def trial_view_limit
+      token_data.fetch(TokenData::METER_TRIAL_MAX_ACCESS_ATTEMPTS, 0)
+    end
+
+    def metered?
+      meter_type != 0
+    end
+
+    def meter_view_based?
+      metered? && token_data[TokenData::METER_TRIAL_MAX_ACCESS_ATTEMPTS]
+    end
+
+    def meter_type
+      token_data.fetch(TokenData::METER_TYPE, 0)
+    end
+
+    def ips
+      token_data.fetch(TokenData::IPS, [])
+    end
+
+    def access_state
+      access_granted? if @access_state.nil?
+      @access_state
+    end
+
+    def access_granted?(client_ip = nil)
+      if expiration_in_seconds == -1
+        # special case. RID_NOT_FOUND
+        @access_state = AccessState::RID_NOT_FOUND if @access_state != AccessState::NO_TOKENS_FOUND
+        return false
+      end
+
+      if Utils::valid_ip?(client_ip) && ips.any? && !ips.include?(client_ip)
+        @access_state = AccessState::CLIENT_IP_DOES_NOT_MATCH_TOKEN
+        return false
+      end
+
+      if metered?
+        if trial_period_active?
+          @access_state = AccessState::METERED_IN_TRIAL
+          return true
+        end
+
+        if lockout_period_active?
+          @access_state = AccessState::METERED_IN_LOCKOUT
+        else
+          @access_state = AccessState::METERED_TRIAL_DEAD
+        end
+
+        return false
+      end
+
+      if expired?
+        @access_state = AccessState::EXPIRED
+        return false
+      end
+
+      @access_state = AccessState::ACCESS_GRANTED
+      true
+    end
+
+    def trial_period_active?
+      return false unless metered?
+
+      if meter_type == TokenData::METER_STRICT
+        return Time.now.to_i <= trial_end_time_secs
+      end
+
+      if meter_view_based?
+        return trial_view_count <= trial_view_limit && Time.now.to_i <= trial_end_time_secs
+      end
+
+      # unknown meter
+      return trial_end_time_secs == 0 || Time.now.to_i <= trial_end_time_secs
+    end
+
+    def lockout_period_active?
+      return false unless metered?
+      return false if trial_period_active?
+
+      return Time.now.to_i <= lockout_end_time_secs
+    end
+
+    def expired?
+      expiration = early_expiration_in_seconds
+      expiration = expiration_in_seconds if expiration == 0
+
+      return false if expiration == 0
+
+      expiration <= Time.now.to_i
+    end
+
+    def trial_dead?
+      !lockout_period_active? && !trial_period_active?
+    end
+  end
+
+  module AccessState
+    ACCESS_GRANTED = 100;
+    CLIENT_IP_DOES_NOT_MATCH_TOKEN = 200
+    RID_NOT_FOUND = 201
+    NO_TOKENS_FOUND = 202
+    METERED_IN_TRIAL = 203
+    EXPIRED = 204
+    NO_ACTIVE_PRICES = 205
+    METERED_IN_LOCKOUT = 206
+    METERED_TRIAL_DEAD = 207
+  end
+end