vidibus-service 0.0.1

data/.bundle/config

@@ -0,0 +1,2 @@
+--- 
+BUNDLE_DISABLE_SHARED_GEMS: "1"

data/.document

@@ -0,0 +1,5 @@
+README.rdoc
+lib/**/*.rb
+bin/*
+features/**/*.feature
+LICENSE

data/.gitignore

@@ -0,0 +1,21 @@
+## MAC OS
+.DS_Store
+
+## TEXTMATE
+*.tmproj
+tmtags
+
+## EMACS
+*~
+\#*
+.\#*
+
+## VIM
+*.swp
+
+## PROJECT::GENERAL
+coverage
+rdoc
+pkg
+
+## PROJECT::SPECIFIC

data/.rspec

@@ -0,0 +1,2 @@
+--colour
+--format nested

data/Gemfile

@@ -0,0 +1,19 @@
+source :rubygems
+
+gem "mongoid", "~> 2.0.0.beta.20"
+gem "vidibus-core_extensions"
+gem "vidibus-secure"
+gem "vidibus-uuid"
+gem "vidibus-validate_uri"
+
+gem "httparty"
+gem "json"
+
+# Development dependecies
+gem "jeweler"
+gem "rake"
+gem "rspec", "~> 2.0.0.beta.20"
+gem "rr"
+gem "relevance-rcov"
+gem "webmock"
+

data/Gemfile.lock

@@ -0,0 +1,135 @@
+GEM
+  remote: http://rubygems.org/
+  specs:
+    abstract (1.0.0)
+    actionmailer (3.0.0)
+      actionpack (= 3.0.0)
+      mail (~> 2.2.5)
+    actionpack (3.0.0)
+      activemodel (= 3.0.0)
+      activesupport (= 3.0.0)
+      builder (~> 2.1.2)
+      erubis (~> 2.6.6)
+      i18n (~> 0.4.1)
+      rack (~> 1.2.1)
+      rack-mount (~> 0.6.12)
+      rack-test (~> 0.5.4)
+      tzinfo (~> 0.3.23)
+    activemodel (3.0.0)
+      activesupport (= 3.0.0)
+      builder (~> 2.1.2)
+      i18n (~> 0.4.1)
+    activerecord (3.0.0)
+      activemodel (= 3.0.0)
+      activesupport (= 3.0.0)
+      arel (~> 1.0.0)
+      tzinfo (~> 0.3.23)
+    activeresource (3.0.0)
+      activemodel (= 3.0.0)
+      activesupport (= 3.0.0)
+    activesupport (3.0.0)
+    addressable (2.2.1)
+    arel (1.0.1)
+      activesupport (~> 3.0.0)
+    bson (1.0.4)
+    builder (2.1.2)
+    crack (0.1.8)
+    diff-lcs (1.1.2)
+    erubis (2.6.6)
+      abstract (>= 1.0.0)
+    gemcutter (0.6.1)
+    git (1.2.5)
+    httparty (0.6.1)
+      crack (= 0.1.8)
+    i18n (0.4.1)
+    jeweler (1.4.0)
+      gemcutter (>= 0.1.0)
+      git (>= 1.2.5)
+      rubyforge (>= 2.0.0)
+    json (1.4.6)
+    json_pure (1.4.6)
+    macaddr (1.0.0)
+    mail (2.2.6)
+      activesupport (>= 2.3.6)
+      mime-types
+      treetop (>= 1.4.5)
+    mime-types (1.16)
+    mongo (1.0.7)
+      bson (>= 1.0.4)
+    mongoid (2.0.0.beta.17)
+      activemodel (~> 3.0.0)
+      bson (= 1.0.4)
+      mongo (= 1.0.7)
+      tzinfo (~> 0.3.22)
+      will_paginate (~> 3.0.pre)
+    polyglot (0.3.1)
+    rack (1.2.1)
+    rack-mount (0.6.13)
+      rack (>= 1.0.0)
+    rack-test (0.5.4)
+      rack (>= 1.0)
+    rails (3.0.0)
+      actionmailer (= 3.0.0)
+      actionpack (= 3.0.0)
+      activerecord (= 3.0.0)
+      activeresource (= 3.0.0)
+      activesupport (= 3.0.0)
+      bundler (~> 1.0.0)
+      railties (= 3.0.0)
+    railties (3.0.0)
+      actionpack (= 3.0.0)
+      activesupport (= 3.0.0)
+      rake (>= 0.8.4)
+      thor (~> 0.14.0)
+    rake (0.8.7)
+    relevance-rcov (0.9.2.1)
+    rr (1.0.0)
+    rspec (2.0.0.beta.20)
+      rspec-core (= 2.0.0.beta.20)
+      rspec-expectations (= 2.0.0.beta.20)
+      rspec-mocks (= 2.0.0.beta.20)
+    rspec-core (2.0.0.beta.20)
+    rspec-expectations (2.0.0.beta.20)
+      diff-lcs (>= 1.1.2)
+    rspec-mocks (2.0.0.beta.20)
+    rubyforge (2.0.4)
+      json_pure (>= 1.1.7)
+    thor (0.14.0)
+    treetop (1.4.8)
+      polyglot (>= 0.3.1)
+    tzinfo (0.3.23)
+    uuid (2.3.1)
+      macaddr (~> 1.0)
+    vidibus-core_extensions (0.3.5)
+    vidibus-secure (0.0.1)
+      activesupport (~> 3.0.0)
+      mongoid (~> 2.0.0.beta.17)
+      rack
+      vidibus-core_extensions
+    vidibus-uuid (0.3.7)
+      mongoid (~> 2.0.0.beta.17)
+      uuid (~> 2.3.1)
+    vidibus-validate_uri (0.1.1)
+      rails (~> 3.0.0.rc)
+    webmock (1.3.5)
+      addressable (>= 2.1.1)
+      crack (>= 0.1.7)
+    will_paginate (3.0.pre2)
+
+PLATFORMS
+  ruby
+
+DEPENDENCIES
+  httparty
+  jeweler
+  json
+  mongoid (~> 2.0.0.beta.20)
+  rake
+  relevance-rcov
+  rr
+  rspec (~> 2.0.0.beta.20)
+  vidibus-core_extensions
+  vidibus-secure
+  vidibus-uuid
+  vidibus-validate_uri
+  webmock

data/LICENSE

@@ -0,0 +1,20 @@
+Copyright (c) 2009 Andre Pankratz
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.rdoc

@@ -0,0 +1,17 @@
+= vidibus-service
+
+Description goes here.
+
+== Note on Patches/Pull Requests
+ 
+* Fork the project.
+* Make your feature addition or bug fix.
+* Add tests for it. This is important so I don't break it in a
+  future version unintentionally.
+* Commit, do not mess with rakefile, version, or history.
+  (if you want to have your own version, that is fine but bump version in a commit by itself I can ignore when I pull)
+* Send me a pull request. Bonus points for topic branches.
+
+== Copyright
+
+Copyright (c) 2010 Andre Pankratz. See LICENSE for details.

data/Rakefile

@@ -0,0 +1,42 @@
+require "rubygems"
+require "rake"
+require "rake/rdoctask"
+require "rspec"
+require "rspec/core/rake_task"
+
+begin
+  require "jeweler"
+  Jeweler::Tasks.new do |gem|
+    gem.name = "vidibus-service"
+    gem.summary = %Q{Provides tools for Vidibus services}
+    gem.description = %Q{Description...}
+    gem.email = "andre@vidibus.com"
+    gem.homepage = "http://github.com/vidibus/vidibus-service"
+    gem.authors = ["Andre Pankratz"]
+    gem.add_dependency "mongoid", "~> 2.0.0.beta.20"
+    gem.add_dependency "vidibus-core_extensions"
+    gem.add_dependency "vidibus-uuid"
+    gem.add_dependency "vidibus-secure"
+    gem.add_dependency "vidibus-validate_uri"
+    gem.add_dependency "httparty"
+    gem.add_dependency "json"
+  end
+  Jeweler::GemcutterTasks.new
+rescue LoadError
+  puts "Jeweler (or a dependency) not available. Install it with: gem install jeweler"
+end
+
+Rspec::Core::RakeTask.new(:rcov) do |t|
+  t.pattern = "spec/**/*_spec.rb"
+  t.rcov = true
+  t.rcov_opts = ["--exclude", "^spec,/gems/"]
+end
+
+Rake::RDocTask.new do |rdoc|
+  version = File.exist?("VERSION") ? File.read("VERSION") : ""
+  rdoc.rdoc_dir = "rdoc"
+  rdoc.title = "vidibus-service #{version}"
+  rdoc.rdoc_files.include("README*")
+  rdoc.rdoc_files.include("lib/**/*.rb")
+  rdoc.options << "--charset=utf-8"
+end

data/VERSION

@@ -0,0 +1 @@
+0.0.1

data/app/models/service.rb

@@ -0,0 +1,4 @@
+class Service
+  include Mongoid::Document
+  include Vidibus::Service::Mongoid
+end

data/config/locales/en.yml

@@ -0,0 +1,5 @@
+en:
+  activemodel:
+    errors:
+      messages:
+        secret_not_allowed_for_connector: "is not allowed for a Connector"

data/config/routes.rb

@@ -0,0 +1,5 @@
+require "service/connector_app"
+
+Rails.application.routes.draw do
+  match "/connector" => Vidibus::Service::ConnectorApp
+end

data/lib/vidibus/service/client.rb

@@ -0,0 +1,66 @@
+require "httparty"
+
+module Vidibus
+  module Service
+    class Client
+      include HTTParty
+      format :json
+
+      class ServiceError < Error; end
+
+      attr_accessor :base_uri, :service, :this
+
+      # Initializes a new client for given service.
+      def initialize(service)
+        raise ServiceError.new("Service required") unless service and service.is_a?(::Service)
+        self.service = service
+        self.this = ::Service.this
+        self.base_uri = service.url or raise(ServiceError.new("URL of service required"))
+      end
+
+      # Sends a GET request to given path.
+      def get(path, options = {})
+        request(:get, path, options)
+      end
+
+      # Sends a POST request to given path.
+      def post(path, options = {})
+        request(:post, path, options)
+      end
+
+      # Sends a PUT request to given path.
+      def put(path, options = {})
+        request(:put, path, options)
+      end
+
+      # Sends a DELETE request to given path.
+      def delete(path, options = {})
+        request(:delete, path, options)
+      end
+
+      protected
+
+      # Extends given query options and sends request with given verb.
+      def request(verb, path, options)
+        options_type = %w[post put].include?(verb.to_s) ? :body : :query
+        options[options_type] = {:realm => service.realm_uuid, :service => this.uuid}.merge(options[options_type] || {})
+        uri = build_uri(path)
+        Vidibus::Secure.sign_request(verb, uri, options[options_type], secret)
+        self.class.send(verb, uri, options)
+      end
+
+      # Builds URI from base URI of service and given path.
+      def build_uri(path)
+        path = path.to_s
+        raise("Expected path, got #{path}") unless path.match(/^\//)
+        base_uri + path
+      end
+
+      # Returns secret to use depending on given service. If a Connector is about to be contacted,
+      # the secret of this service will be used, otherwise the secret of the contacted service.
+      def secret
+        (@service.connector? and @service.secret == nil) ? @this.secret : @service.secret
+      end
+    end
+  end
+end

data/lib/vidibus/service/connector_app.rb

@@ -0,0 +1,154 @@
+require "json"
+
+module Vidibus
+  module Service
+    class ConnectorApp
+      class SignatureError < StandardError; end
+
+      def self.call(env)
+        self.new.call(env)
+      end
+
+      # This is just a rack endpoint for Remote authentication. It will be called
+      # by the Remote after requesting an authentication code.
+      def call(env)
+        @request = Rack::Request.new(env)
+        unless @request.path == "/connector"
+          return response(:error => "This app must be configured to respond to /connector path.")
+        end
+        method = @request.request_method.downcase
+        if respond_to?(method)
+          send(method)
+        else
+          response(:error => "Invalid request method: #{method}")
+        end
+      end
+
+      protected
+
+      # Creates this service and, unless it has already been set up, a Connector service.
+      # Once this service has been created, a secret will be traded for given nonce.
+      def post
+        unless this = service.where(:this => true, :realm => nil).first
+          unless connector = service.local(:connector)
+            connector_data = @request.params["connector"] or
+              return response(:error => "No Connector data given.")
+            connector = service.new(connector_data.merge(:function => "connector"))
+            unless connector.save
+              return response(:error => "Setting up the Connector failed: #{connector.errors.full_messages}")
+            end
+          end
+          this_data = @request.params["this"] or
+            return response(:error => "No data for this service given.")
+          this = service.new(this_data.merge(:this => true))
+          this.secret = "this is just a mock"
+          if this.valid?
+            nonce = @request.params["this"]["nonce"]
+            unless nonce == ""
+              uri = "#{connector.url}/services/#{this.uuid}/secret"
+              res = HTTParty.get(uri, :format => :json)
+            end
+            unless nonce.to_s.length > 5 and Vidibus::Secure.sign(res["secret"], nonce) == res["sign"]
+              return response(:error => "Nonce is invalid.")
+            end
+            this.secret = Vidibus::Secure.decrypt(res["secret"], nonce)
+            if this.save
+              return response({:success => "Setup successful"}, 201)
+            end
+          end
+          response(:error => "Setting up this service failed: #{this.errors.full_messages}")
+        else
+          response(:error => "Service has already been set up.")
+        end
+      end
+
+      # Returns settings of this and Connector.
+      # This action must only be called by Connector. Thus it is signed
+      # with the Service's secret.
+      def get
+        verify_request!
+        out = {:this => this.public_data}
+        if connector = service.local(:connector)
+          out[:connector] = connector.public_data
+        end
+        response(out)
+      rescue => e
+        response(:error => e.message)
+      end
+
+      # Updates data of given services.
+      # If a service does not exist, it will be created.
+      def put
+        verify_request!
+        for function, attributes in @request.params.except("sign")
+          _service = service.local(function) || service.new(:function => function)
+          _service.attributes = attributes
+          unless _service.save
+            return response(:error => "Updating #{function} failed: #{_service.errors.full_messages}")
+          end
+        end
+        response(:success => "Services updated.")
+      rescue => e
+        response(:error => e.message)
+      end
+
+      # Deletes services by their UUID.
+      def delete
+        verify_request!
+        raise ArgumentError.new("Provide list of :uuids") unless uuids = @request.params["uuids"]
+        for uuid in uuids
+          if found = service.where(:uuid => uuid).first
+            found.destroy
+          end
+        end
+        response(:success => "Services have been deleted.")
+      rescue => e
+        response(:error => e.message)
+      end
+
+      # Verifies that signature is valid.
+      def verify_request!
+        Vidibus::Secure.verify_request(@request.request_method, @request.url, @request.params, this.secret) or
+          raise SignatureError.new("Invalid signature.")
+      end
+
+      # Renders response.
+      def response(data, status = nil, type = :js)
+        if data[:error]
+          status ||= 400
+        else
+          status ||= 200
+        end
+        Rack::Response.new([data.to_json], status, content_type(type)).finish
+      end
+
+      # Sets content type for response.
+      def content_type(type = nil)
+        string = case type
+        when :js
+          "text/javascript; charset=utf-8"
+        else
+          "text/html; charset=utf-8"
+        end
+        { 'Content-Type' => string }
+      end
+
+      # Returns service class.
+      def service
+        @service ||= ::Service
+      end
+
+      # Returns data of this service.
+      # It will raise an error if this service is unconfigured.
+      def this
+        @this ||= service.this
+      end
+
+      # Returns data of the Connector.
+      # It will raise an error if this service is unconfigured.
+      def connector
+        @connector ||= service.connector
+      end
+    end
+  end
+end

data/lib/vidibus/service/controller_validations.rb

@@ -0,0 +1,35 @@
+module Vidibus
+  module Service
+    module ControllerValidations
+      extend ActiveSupport::Concern
+
+      included do
+        skip_before_filter :verify_authenticity_token
+        before_filter :ensure_realm!
+        before_filter :ensure_service!
+        before_filter :validate_signature!
+      end
+
+      protected
+
+      # Ensures that +realm+ parameter is given and valid.
+      def ensure_realm!
+        @realm = params[:realm] or raise "no realm given"
+      end
+
+      # Ensures that +service+ parameter is given and valid.
+      def ensure_service!
+        service = params[:service] or raise "no service given"
+        @service = Service(service, @realm) or raise "invalid service"
+      end
+
+      # Validates +sign+ parameter.
+      def validate_signature!
+        params[:sign] or raise "no signature given"
+        unless valid_request?(@service.secret)
+          raise "invalid signature"
+        end
+      end
+    end
+  end
+end

data/lib/vidibus/service/mongoid.rb

@@ -0,0 +1,130 @@
+module Vidibus
+  module Service
+    module Mongoid
+      extend ActiveSupport::Concern
+      include Vidibus::Secure::Mongoid
+
+      class ConfigurationError < Error; end
+      class ConnectorError < Error; end
+
+      included do
+        field :url
+        field :uuid
+        field :function
+        field :realm_uuid
+        field :this, :type => Boolean
+
+        attr_encrypted :secret
+
+        validates :url, :uri => {:protocol => [:http, :https], :accessible => false}
+        validates :uuid, :uuid => true, :uniqueness => {:scope => :realm_uuid}
+        validates :realm_uuid, :uuid => {:allow_blank => true}
+        validates :function, :presence => true
+        validates :secret, :presence => true, :unless => :connector?
+        validates :realm_uuid, :presence => true, :unless => Proc.new {|s| s.connector? or s.this?}
+
+        validate :dont_allow_secret_for_connector, :if => :connector?
+
+        # Removes trailing slash from given value.
+        def url=(value)
+          value.gsub!(/\/+$/, "") if value
+          self.write_attribute(:url, value)
+        end
+
+        # Returns true if this service is a connector
+        def connector?
+          @is_connector ||= function == "connector"
+        end
+
+        # Sends a GET request to given path.
+        def get(path, options = {})
+          client.get(path, options)
+        end
+
+        # Sends a POST request to given path.
+        def post(path, options = {})
+          client.post(path, options)
+        end
+
+        # Sends a PUT request to given path.
+        def put(path, options = {})
+          client.put(path, options)
+        end
+
+        # Sends a DELETE request to given path.
+        def delete(path, options = {})
+          client.delete(path, options)
+        end
+
+        # Returns publicly requestable data.
+        def public_data
+          attributes.only(%w[uuid function url])
+        end
+
+        # Returns url without protocol.
+        def domain
+          url.gsub(/https?:\/\//, "") if url
+        end
+
+        protected
+
+        # Returns a Client for current service.
+        def client
+          @client ||= Client.new(self)
+        end
+
+        # Sets an error if secret is given for Connector service.
+        def dont_allow_secret_for_connector
+          errors.add(:secret, :secret_not_allowed_for_connector) if connector? and secret
+        end
+      end
+
+      module ClassMethods
+
+        # Returns this service, if it has been configured, or raises an ConfigurationError.
+        def this
+          where(:this => true).and(:realm_uuid => nil).first or
+            raise ConfigurationError.new("This service has not been configured yet. Use your Connector to set it up.")
+        end
+
+        # Returns Connector service, if it has been configured, or raises an ConfigurationError.
+        def connector
+          where(:function => "connector").and(:realm_uuid => nil).first or
+            raise ConfigurationError.new("No Connector has been assigned to this service yet. Use your Connector to perform the assignment.")
+        end
+
+        # Returns best service by function or UUID within given realm.
+        # If a service can be found in stored, it will be fetched from Connector.
+        def discover(wanted, realm = nil)
+          unless service = local(wanted, realm)
+            service = remote(wanted, realm)
+          end
+          service
+        end
+
+        # Returns stored service by function or UUID within given realm.
+        def local(wanted, realm = nil)
+          key = Vidibus::Uuid.validate(wanted) ? :uuid : :function
+          where(key => wanted).and(:realm_uuid => realm).first
+        end
+
+        # Requests service from Connector and stores it.
+        # Wanted may be a function or an UUID.
+        # This method should not be called directly. Use #discover to avoid unneccessary lookups.
+        def remote(wanted, realm)
+          unless realm
+            raise ArgumentError.new("Please provide a valid realm to discover an appropriate service.")
+          end
+          if response = connector.get("/services/#{wanted}", :query => {:realm => realm})
+            secret = response["secret"] || raise(ConnectorError.new("The Connector did not return a secret for #{wanted}. Response was: #{response.parsed_response.inspect}"))
+            secret = Vidibus::Secure.decrypt(secret, this.secret)
+            attributes = response.only(%w[uuid function url]).merge(:realm_uuid => realm, :secret => secret)
+            create!(attributes)
+          else
+            raise "no service found"
+          end
+        end
+      end
+    end
+  end
+end