twilio-ruby 5.0.0.rc10 → 5.0.0.rc11

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: befdd4f96aa0b5e442b72e11092febd7e239f710
-  data.tar.gz: 0efa699b3d93dbf76b0252cfb55fb78475c37247
+  metadata.gz: 08fdb6eda5b98184a808746fcedbbc14bbed427d
+  data.tar.gz: d66ce45e3a0742fe226e45cd515e8cd450bd423e
 SHA512:
-  metadata.gz: 8e746dba563996ad009d22c9177ab41d8474a7b65ef149d047235bca7abd2a8204228942bbd1ba8ab3ab7ecf8070c324c8a313089b832d191bc7adb5c4336a0c
-  data.tar.gz: 2316f5410d312dc300d2ac8e507afe1b869306af9eae5a69ec1116f920258436cc5827591f51bf4033e8223ebe110bf90f6c7f443acc699c0c5bcef1bb50df9e
+  metadata.gz: 362332a50a8e5870e1ff80044a1985c6a7241725d947ecb98661fa8b1414e194fea0d882d7cc82c299afe6eb027d51a58169c14c952e767e0c6ae157d4544b63
+  data.tar.gz: 0200bd6483b8a7e2ffbdf1a12708ad3df4eb0523e252bba3094940eb4cfe689f01d23452c41bd8a66931a658b6ab2e003659044c4e950edfe601824ef56ff7ea

data/lib/rack/twilio_webhook_authentication.rb

@@ -25,12 +25,12 @@ module Rack
     end
 
     def call(env)
-      return @app.call(env) unless env["PATH_INFO"].match(@path_regex)
+      return @app.call(env) unless env['PATH_INFO'].match(@path_regex)
       request = Rack::Request.new(env)
       original_url = request.url
       params = request.post? ? request.POST : {}
       auth_token = @auth_token || get_auth_token(params['AccountSid'])
-      validator = Twilio::Util::RequestValidator.new(auth_token)
+      validator = Twilio::Security::RequestValidator.new(auth_token)
       signature = env['HTTP_X_TWILIO_SIGNATURE'] || ""
       if validator.validate(original_url, params, signature)
         @app.call(env)
@@ -38,7 +38,7 @@ module Rack
         [
           403,
           {'Content-Type' => 'text/plain'},
-          ["Twilio Request Validation Failed."]
+          ['Twilio Request Validation Failed.']
         ]
       end
     end

data/lib/twilio-ruby/jwt/access_token.rb

@@ -0,0 +1,111 @@
+module Twilio
+  module JWT
+    class AccessToken
+      attr_accessor :account_sid,
+                    :signing_key_id,
+                    :secret,
+                    :ttl,
+                    :identity,
+                    :nbf
+
+      def initialize(account_sid, signing_key_id, secret, ttl=3600, identity=nil, nbf=nil)
+        @account_sid = account_sid
+        @signing_key_sid = signing_key_id
+        @secret = secret
+        @ttl = ttl
+        @identity = identity
+        @nbf = nbf
+        @grants = []
+      end
+
+      def add_grant(grant)
+        @grants.push(grant)
+      end
+
+      def to_jwt(algorithm='HS256')
+        now = Time.now.to_i - 1
+        headers = {
+            cty: 'twilio-fpa;v=1',
+            typ: 'JWT'
+        }
+
+        grants = {}
+        if @identity
+          grants[:identity] = @identity
+        end
+
+        @grants.each { |grant| grants[grant.key] = grant.payload }
+
+        payload = {
+            jti: "#{@signing_key_sid}-#{now}",
+            iss: @signing_key_sid,
+            sub: @account_sid,
+            exp: now + @ttl,
+            grants: grants
+        }
+
+        payload[:nbf] = @nbf unless @nbf.nil?
+
+        ::JWT.encode payload, @secret, algorithm, headers
+      end
+
+      def to_s
+        to_jwt
+      end
+
+      class ConversationsGrant
+        attr_accessor :configuration_profile_sid
+
+        def key
+          'rtc'
+        end
+
+        def payload
+          payload = {}
+
+          if configuration_profile_sid
+            payload[:configuration_profile_sid] = configuration_profile_sid
+          end
+
+          payload
+        end
+
+      end
+
+      class IpMessagingGrant
+        attr_accessor :service_sid,
+                      :endpoint_id,
+                      :deployment_role_sid,
+                      :push_credential_sid
+
+        def key
+          'ip_messaging'
+        end
+
+        def payload
+          payload = {}
+
+          if service_sid
+            payload[:service_sid] = service_sid
+          end
+
+          if endpoint_id
+            payload[:endpoint_id] = endpoint_id
+          end
+
+          if deployment_role_sid
+            payload[:deployment_role_sid] = deployment_role_sid
+          end
+
+          if push_credential_sid
+            payload[:push_credential_sid] = push_credential_sid
+          end
+
+          payload
+        end
+
+      end
+
+    end
+  end
+end

data/lib/twilio-ruby/{util → jwt}/capability.rb

@@ -1,5 +1,5 @@
 module Twilio
-  module Util
+  module JWT
     class Capability
 
       include Twilio::Util
@@ -15,21 +15,21 @@ module Twilio
 
       def allow_client_incoming(client_name)
         @client_name = client_name # stash for use in outgoing
-        scope_params = { 'clientName' => client_name }
+        scope_params = { clientName: client_name }
         @capabilities << scope_uri_for('client', 'incoming', scope_params)
       end
 
       def allow_client_outgoing(app_sid, params = {})
         @allow_client_outgoing = true
-        @outgoing_scope_params = { 'appSid' => app_sid }
+        @outgoing_scope_params = { appSid: app_sid }
         unless params.empty?
           @outgoing_scope_params['appParams'] = url_encode params
         end
       end
 
       def allow_event_stream(filters = {})
-        scope_params = { 'path' => '/2010-04-01/Events' }
-        scope_params['params'] = filters unless filters.empty?
+        scope_params = { path: '/2010-04-01/Events' }
+        scope_params[:params] = filters unless filters.empty?
         @capabilities << scope_uri_for('stream', 'subscribe', scope_params)
       end
 
@@ -50,12 +50,12 @@ module Twilio
         end
 
         payload = {
-          'scope' => capabilities.join(' '),
-          'iss' => @account_sid,
-          'exp' => (Time.now.to_i + ttl),
+          scope: capabilities.join(' '),
+          iss: @account_sid,
+          exp: (Time.now.to_i + ttl),
         }
 
-        JWT.encode payload, @auth_token
+        ::JWT.encode payload, @auth_token
 
       end
 

data/lib/twilio-ruby/jwt/task_router.rb

@@ -0,0 +1,203 @@
+module Twilio
+  module JWT
+    class TaskRouterCapability
+      TASK_ROUTER_BASE_URL = 'https://taskrouter.twilio.com'
+      TASK_ROUTER_VERSION = 'v1'
+      TASK_ROUTER_WEBSOCKET_BASE_URL = 'https://event-bridge.twilio.com/v1/wschannels'
+
+      REQUIRED = {required: true}
+      OPTIONAL = {required: false}
+
+      def initialize(account_sid, auth_token, workspace_sid, channel_id)
+        @account_sid = account_sid
+        @auth_token = auth_token
+        @policies = []
+
+        @workspace_sid = workspace_sid
+        @channel_id = channel_id
+
+        @base_url = "#{TASK_ROUTER_BASE_URL}/#{TASK_ROUTER_VERSION}/Workspaces/#{workspace_sid}"
+
+        validate_jwt
+
+        setup_resource
+
+        allow_websocket_requests(@channel_id)
+        allow(@resource_url, 'GET')
+      end
+
+      def allow_fetch_subresources
+        allow(@resource_url + '/**', 'GET')
+      end
+
+      def allow_updates
+        allow(@resource_url, 'POST')
+      end
+
+      def allow_updates_subresources
+        allow(@resource_url + '/**', 'POST')
+      end
+
+      def allow_delete
+        allow(@resource_url, 'DELETE')
+      end
+
+      def allow_delete_subresources
+        allow(@resource_url + '/**', 'DELETE')
+      end
+
+      def add_policy(url, method, allowed = true, query_filters = nil, post_filters = nil)
+        policy = {
+            url: url,
+            method: method,
+            query_filter: query_filters || {},
+            post_filter: post_filters || {},
+            allow: allowed
+        }
+
+        @policies.push(policy)
+      end
+
+      def allow(url, method, query_filters = nil, post_filters = nil)
+        add_policy(url, method, true, query_filters, post_filters)
+      end
+
+      def deny(url, method, query_filters = nil, post_filters = nil)
+        add_policy(url, method, false, query_filters, post_filters)
+      end
+
+      def generate_token(ttl = 3600)
+        task_router_attributes = {
+            account_sid: @account_sid,
+            workspace_sid: @workspace_sid,
+            channel: @channel_id
+        }
+
+        if @channel_id[0..1] == 'WK'
+          task_router_attributes[:worker_sid] = @channel_id
+        elsif @channel_id[0..1] == 'WQ'
+          task_router_attributes[:taskqueue_sid] = @channel_id
+        end
+
+        generate_token_protected(ttl, task_router_attributes)
+      end
+
+      protected
+
+      def generate_token_protected(ttl = 3600, extra_attributes)
+        payload = {
+            iss: @account_sid,
+            exp: (Time.now.to_i + ttl),
+            version: TASK_ROUTER_VERSION,
+            friendly_name: @channel_id,
+            policies: @policies,
+        }
+        extra_attributes.each { |key, value|
+          payload[key] = value
+        }
+
+        ::JWT.encode payload, @auth_token
+      end
+
+      def setup_resource
+        if @channel_id[0..1] == 'WS'
+          @resource_url = @base_url
+        elsif @channel_id[0..1] == 'WK'
+          @resource_url = @base_url + '/Workers/' + @channel_id
+
+          @activity_url = @base_url + '/Activities'
+          allow(@activity_url, 'GET')
+
+          @tasks_url = @base_url + '/Tasks/**'
+          allow(@tasks_url, 'GET')
+
+          @worker_reservations_url = @resource_url + '/Reservations/**'
+          allow(@worker_reservations_url, 'GET')
+
+        elsif @channel_id[0..1] == 'WQ'
+          @resource_url = @base_url + '/TaskQueues/' + @channel_id
+        end
+      end
+
+      def allow_websocket_requests(channel_id)
+        worker_url = "#{TASK_ROUTER_WEBSOCKET_BASE_URL}/#{@account_sid}/#{channel_id}"
+        ['GET', 'POST'].each do |meth|
+          add_policy(worker_url, meth)
+        end
+      end
+
+      def validate_jwt
+        if @account_sid.nil? or @account_sid[0..1] != 'AC'
+          raise "Invalid AccountSid provided #{@account_sid}"
+        end
+        if @workspace_sid.nil? or @workspace_sid[0..1] != 'WS'
+          raise "Invalid WorkspaceSid provided #{@workspace_sid}"
+        end
+        if @channel_id.nil?
+          raise 'ChannelId not provided'
+        end
+        @prefix = @channel_id[0..1]
+        if @prefix != 'WS' and @prefix != 'WK' and @prefix != 'WQ'
+          raise "Invalid ChannelId provided: #{@channel_id}"
+        end
+      end
+    end
+
+    class WorkerCapability < TaskRouterCapability
+
+      def initialize(account_sid, auth_token, workspace_sid, worker_sid)
+        super(account_sid, auth_token, workspace_sid, worker_sid)
+        @tasks_url = @base_url + '/Tasks/**'
+        @activity_url = @base_url + '/Activities'
+        @worker_reservations_url = @resource_url + '/Reservations/**'
+
+        allow(@activity_url, 'GET')
+        allow(@tasks_url, 'GET')
+        allow(@worker_reservations_url, 'GET')
+      end
+
+      def allow_activity_updates
+        allow(@resource_url, 'POST', nil, {ActivitySid: REQUIRED})
+      end
+
+      def allow_reservation_updates
+        allow(@tasks_url, 'POST', nil, nil)
+        allow(@worker_reservations_url, 'POST', nil, nil)
+      end
+
+      protected
+
+      def setup_resource
+        @resource_url = @base_url + '/Workers/' + @channel_id
+      end
+
+    end
+
+    class WorkspaceCapability < TaskRouterCapability
+
+      def initialize(account_sid, auth_token, workspace_sid)
+        super(account_sid, auth_token, workspace_sid, workspace_sid)
+      end
+
+      protected
+
+      def setup_resource
+        @resource_url = @base_url
+      end
+
+    end
+
+    class TaskQueueCapability < TaskRouterCapability
+
+      def initialize(account_sid, auth_token, workspace_sid, taskqueue_sid)
+        super(account_sid, auth_token, workspace_sid, taskqueue_sid)
+      end
+
+      protected
+
+      def setup_resource
+        @resource_url = @base_url + '/TaskQueues/' + @channel_id
+      end
+    end
+  end
+end

data/lib/twilio-ruby/{util → security}/request_validator.rb

@@ -1,5 +1,5 @@
 module Twilio
-  module Util
+  module Security
     class RequestValidator
 
       def initialize(auth_token = nil)

data/lib/twilio-ruby/version.rb

@@ -1,3 +1,3 @@
 module Twilio
-  VERSION = '5.0.0.rc10'
+  VERSION = '5.0.0.rc11'
 end

data/lib/twilio-ruby.rb

@@ -6,38 +6,36 @@ require 'openssl'
 require 'base64'
 require 'forwardable'
 require 'jwt'
+require 'time'
 
 require 'twilio-ruby/version' unless defined?(Twilio::VERSION)
 require 'rack/twilio_webhook_authentication'
 
 require 'twilio-ruby/util'
-require 'twilio-ruby/util/capability'
-require 'twilio-ruby/util/client_config'
+require 'twilio-ruby/jwt/access_token'
+require 'twilio-ruby/jwt/capability'
+require 'twilio-ruby/jwt/task_router'
+require 'twilio-ruby/security/request_validator'
 require 'twilio-ruby/util/configuration'
-require 'twilio-ruby/util/request_validator'
-require 'twilio-ruby/util/access_token'
+
 require 'twilio-ruby/twiml/response'
 
-Dir[File.dirname(__FILE__) + "/twilio-ruby/http/**/*.rb"].each do |file|
-  require file
-end
-Dir[File.dirname(__FILE__) + "/twilio-ruby/framework/**/*.rb"].each do |file|
+Dir[File.dirname(__FILE__) + '/twilio-ruby/http/**/*.rb'].each do |file|
   require file
 end
-Dir[File.dirname(__FILE__) + "/twilio-ruby/rest/*.rb"].each do |file|
+Dir[File.dirname(__FILE__) + '/twilio-ruby/framework/**/*.rb'].each do |file|
   require file
 end
-Dir[File.dirname(__FILE__) + "/twilio-ruby/rest/**/*.rb"].each do |file|
+Dir[File.dirname(__FILE__) + '/twilio-ruby/rest/*.rb'].each do |file|
   require file
 end
-Dir[File.dirname(__FILE__) + "/twilio-ruby/compatibility/**/*.rb"].each do |file|
+Dir[File.dirname(__FILE__) + '/twilio-ruby/rest/**/*.rb'].each do |file|
   require file
 end
-Dir[File.dirname(__FILE__) + "/twilio-ruby/task_router/**/*.rb"].each do |file|
+Dir[File.dirname(__FILE__) + '/twilio-ruby/compatibility/**/*.rb'].each do |file|
   require file
 end
 
-
 module Twilio
   extend SingleForwardable