virtuatable-core 1.2.1 → 1.3.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/core/helpers/applications.rb +4 -4
- data/lib/core/models/concerns/sluggable.rb +9 -15
- data/lib/core/models/oauth/access_token.rb +24 -1
- data/lib/core/models/oauth/application.rb +14 -5
- data/lib/core/models/oauth/authorization.rb +13 -1
- data/lib/core/models/oauth/refresh_token.rb +9 -2
- data/lib/core/models/oauth/scope.rb +32 -0
- data/lib/core/models/oauth.rb +1 -0
- data/lib/core/models/permissions/category.rb +0 -2
- data/lib/core/models/permissions/group.rb +0 -2
- data/lib/core/models/permissions/right.rb +0 -2
- data/lib/core/models.rb +17 -19
- data/lib/core/services.rb +5 -1
- data/lib/core/version.rb +4 -2
- data/lib/core.rb +4 -5
- metadata +3 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 203433dce36ee2d214216cd18bdb69fcd4e42328a4527678ece54d96c8608383
|
4
|
+
data.tar.gz: 5864fa51e5c3fb70385f0419485042a23dfd8af8e0de918bcae219026b7e26e8
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: e8c387a4883b7d4ff02120461895bcadcb4744e3b865326423ac24be062b60d80be5f05d0baac49860f958cc6479012e196e54b540a46d5382313e485570a9b8
|
7
|
+
data.tar.gz: 3b6429e446fb7fc955999b9bdd4b861bfe889b8d17eb22cb7029318ae52dee81b2b368326ae6cd052e7b91951d1e16ba42313b08740530a76e9e404c18abf377
|
@@ -10,10 +10,10 @@ module Core
|
|
10
10
|
def application(premium: false)
|
11
11
|
return @application unless @application.nil?
|
12
12
|
|
13
|
-
check_presence '
|
14
|
-
@application = application_model.find_by(
|
15
|
-
api_not_found '
|
16
|
-
api_forbidden '
|
13
|
+
check_presence 'client_id'
|
14
|
+
@application = application_model.find_by(client_id: params['client_id'])
|
15
|
+
api_not_found 'client_id.unknown' if @application.nil?
|
16
|
+
api_forbidden 'client_id.forbidden' if premium && !@application.premium
|
17
17
|
|
18
18
|
@application
|
19
19
|
end
|
@@ -6,22 +6,16 @@ module Core
|
|
6
6
|
module Sluggable
|
7
7
|
extend ActiveSupport::Concern
|
8
8
|
|
9
|
-
|
10
|
-
|
11
|
-
|
12
|
-
|
13
|
-
# @param entity_type [String,Symbol] the name of the model including it, to be included in the error messages.
|
14
|
-
def make_sluggable(entity_type)
|
15
|
-
# @!attribute [rw] slug
|
16
|
-
# @return [String] the slug of the current entity ; it must be snake-cased, longer than four characters, unique for the entity and given.
|
17
|
-
field :slug, type: String
|
9
|
+
included do
|
10
|
+
# @!attribute [rw] slug
|
11
|
+
# @return [String] the slug of the current entity ; it must be snake-cased, longer than four characters, unique for the entity and given.
|
12
|
+
field :slug, type: String
|
18
13
|
|
19
|
-
|
20
|
-
|
21
|
-
|
22
|
-
|
23
|
-
|
24
|
-
end
|
14
|
+
validates :slug,
|
15
|
+
length: {minimum: 4, message: 'minlength', if: :slug?},
|
16
|
+
format: {with: /\A[a-z]+(_[a-z]+)*\z/, message: 'pattern', if: :slug?},
|
17
|
+
uniqueness: {message: 'uniq', if: :slug?},
|
18
|
+
presence: {message: 'required'}
|
25
19
|
end
|
26
20
|
end
|
27
21
|
end
|
@@ -8,7 +8,7 @@ module Core
|
|
8
8
|
include Mongoid::Document
|
9
9
|
include Mongoid::Timestamps
|
10
10
|
|
11
|
-
store_in collection: '
|
11
|
+
store_in collection: 'oauth_access_tokens'
|
12
12
|
|
13
13
|
# @!attribute [rw] value
|
14
14
|
# @return [String] the value of the token, returned to the application when built.
|
@@ -21,6 +21,12 @@ module Core
|
|
21
21
|
# @return [Core::Models::OAuth::Authorization] the authorization code that issued this token to the application for this user.
|
22
22
|
belongs_to :authorization, class_name: 'Core::Models::OAuth::Authorization', inverse_of: :tokens
|
23
23
|
|
24
|
+
|
25
|
+
# A refresh token is attached to each and every refresh token so that it can be used to deliver a new access token.
|
26
|
+
# @!attribute [rx] refresh_token
|
27
|
+
# @return [Core::Models::OAuth::RefreshToken] the refresh token linked to this token
|
28
|
+
has_one :refresh_token, class_name: 'Core::Models::OAuth::RefreshToken', inverse_of: :token
|
29
|
+
|
24
30
|
validates :value,
|
25
31
|
presence: {message: 'required'},
|
26
32
|
uniqueness: {message: 'uniq'}
|
@@ -28,8 +34,25 @@ module Core
|
|
28
34
|
# Checks if the current date is inferior to the creation date + expiration period
|
29
35
|
# @return [Boolean] TRUE if the token is expired, FALSE otherwise.
|
30
36
|
def expired?
|
37
|
+
# Handles the case where the token is given to a premium app (our apps have infinite tokens).
|
38
|
+
return false if premium?
|
39
|
+
return true if refresh_token.used?
|
40
|
+
|
31
41
|
created_at.to_time.to_i + expiration < Time.now.to_i
|
32
42
|
end
|
43
|
+
|
44
|
+
# Returns the scopes this access token can use to access the application
|
45
|
+
# @return [Array<Core::Models::OAuth::Scope>] the array of scopes from the linked authorization
|
46
|
+
def scopes
|
47
|
+
# Premium applications (our applications) have all the rights on the API.
|
48
|
+
return Core::Models::OAuth::Scope.all.to_a if premium?
|
49
|
+
|
50
|
+
authorization.scopes
|
51
|
+
end
|
52
|
+
|
53
|
+
def premium?
|
54
|
+
authorization.application.premium
|
55
|
+
end
|
33
56
|
end
|
34
57
|
end
|
35
58
|
end
|
@@ -7,14 +7,17 @@ module Core
|
|
7
7
|
include Mongoid::Document
|
8
8
|
include Mongoid::Timestamps
|
9
9
|
|
10
|
-
store_in collection: '
|
10
|
+
store_in collection: 'oauth_applications'
|
11
11
|
|
12
12
|
# @!attribute [rw] name
|
13
13
|
# @return [String] the unique name of the application, mainly used to identify and display it.
|
14
14
|
field :name, type: String
|
15
|
-
# @!attribute [rw]
|
15
|
+
# @!attribute [rw] client_id
|
16
16
|
# @return [String] the unique key for the application, identifying it when requesting a token for the API.
|
17
|
-
field :
|
17
|
+
field :client_id, type: String, default: ->{ SecureRandom.hex }
|
18
|
+
# @!attribute [rw] client_secret
|
19
|
+
# @return [String] the "password" of the application, used to identify it when requesting tokens.
|
20
|
+
field :client_secret, type: String, default: ->{ SecureRandom.hex }
|
18
21
|
# @!attribute [rw] premium
|
19
22
|
# @return [Boolean] a value indicating whether the application should automatically receive a token when an account is created, or not.
|
20
23
|
field :premium, type: Mongoid::Boolean, default: false
|
@@ -28,16 +31,22 @@ module Core
|
|
28
31
|
# @!attribute [rw] authorizations
|
29
32
|
# @return [Array<Core::Models::OAuth::Authorization>] the authorizations linked to the accounts this application can get the data from.
|
30
33
|
has_many :authorizations, class_name: 'Core::Models::OAuth::Authorization', inverse_of: :application
|
34
|
+
# @!attribute [rw]
|
35
|
+
# @return [Array<Core::Models::OAuth::Scope>] the scopes this application will transmit to its token
|
36
|
+
has_and_belongs_to_many :scopes, class_name: 'Core::Models::OAuth::Scope', inverse_of: :applications
|
31
37
|
|
32
38
|
validates :name,
|
33
39
|
presence: {message: 'required'},
|
34
40
|
length: {minimum: 6, message: 'minlength'},
|
35
41
|
uniqueness: {message: 'uniq'}
|
36
42
|
|
37
|
-
validates :
|
43
|
+
validates :client_id,
|
38
44
|
presence: {message: 'required'},
|
39
45
|
uniqueness: {message: 'uniq'}
|
40
46
|
|
47
|
+
validates :client_secret,
|
48
|
+
presence: {message: 'required'}
|
49
|
+
|
41
50
|
validate :redirect_uris_values
|
42
51
|
|
43
52
|
# Checks the URIs to get sure they are correct, a URI is correct if :
|
@@ -48,7 +57,7 @@ module Core
|
|
48
57
|
if !uri.is_a? String
|
49
58
|
errors.add(:redirect_uris, 'type')
|
50
59
|
break
|
51
|
-
elsif uri.match(/\
|
60
|
+
elsif uri.match(/\Ahttps?:\/\/(www\.)?[-a-zA-Z0-9@:%._\+~#=]{1,256}\.[a-zA-Z0-9()]{1,6}\b([-a-zA-Z0-9()@:%_\+.~#?&\/\/=]*)\z/).nil?
|
52
61
|
errors.add(:redirect_uris, 'format')
|
53
62
|
break
|
54
63
|
end
|
@@ -10,11 +10,14 @@ module Core
|
|
10
10
|
include Mongoid::Document
|
11
11
|
include Mongoid::Timestamps
|
12
12
|
|
13
|
-
store_in collection: '
|
13
|
+
store_in collection: 'oauth_authorizations'
|
14
14
|
|
15
15
|
# @!attribute [rw] code
|
16
16
|
# @return [String] the value corresponding to the authentication code in the RFC of OAuth2.0, kep for historic purpose.
|
17
17
|
field :code, type: String, default: ->{ SecureRandom.hex }
|
18
|
+
# @!attribute [rw] expiration
|
19
|
+
# @return [Integer] the time, in seconds, after which the authorization is declared expired.
|
20
|
+
field :expiration, type: Integer, default: 86400
|
18
21
|
|
19
22
|
# @!attribute [rw] account
|
20
23
|
# @return [Arkaaan::Account] the account granting the authorization to access its data to the application.
|
@@ -25,10 +28,19 @@ module Core
|
|
25
28
|
# @!attribute [rw] token
|
26
29
|
# @return [Core::Models::OAuth::AccessToken] the access token used further in the application process to access private data of the account.
|
27
30
|
has_many :tokens, class_name: 'Core::Models::OAuth::AccessToken', inverse_of: :authorization
|
31
|
+
# @!attribute [rw]
|
32
|
+
# @return [Array<Core::Models::OAuth::Scope>] the scopes this access token has.
|
33
|
+
has_and_belongs_to_many :scopes, class_name: 'Core::Models::OAuth::Scope', inverse_of: :authorizations
|
28
34
|
|
29
35
|
validates :code,
|
30
36
|
presence: {message: 'required'},
|
31
37
|
uniqueness: {message: 'uniq'}
|
38
|
+
|
39
|
+
# Checks if the current date is inferior to the creation date + expiration period
|
40
|
+
# @return [Boolean] TRUE if the authorization is expired, FALSE otherwise.
|
41
|
+
def expired?
|
42
|
+
created_at.to_time.to_i + expiration < Time.now.to_i
|
43
|
+
end
|
32
44
|
end
|
33
45
|
end
|
34
46
|
end
|
@@ -7,15 +7,22 @@ module Core
|
|
7
7
|
include Mongoid::Document
|
8
8
|
include Mongoid::Timestamps
|
9
9
|
|
10
|
-
store_in collection: '
|
10
|
+
store_in collection: 'oauth_refresh_tokens'
|
11
11
|
|
12
12
|
# @!attribute [rw] value
|
13
13
|
# @return [String] the value of the token, returned to the application when built.
|
14
14
|
field :value, type: String, default: ->{ SecureRandom.hex }
|
15
|
+
# @!attribute [rw] used_at
|
16
|
+
# @return [DateTime] the date and time at which this refresh token has been useds to create a new access token.
|
17
|
+
field :used_at, type: DateTime, default: nil
|
15
18
|
|
16
19
|
# @!attribute [rw] authorization
|
17
20
|
# @return [Core::Models::OAuth::Authorization] the authorization code that issued this token to the application for this user.
|
18
|
-
belongs_to :
|
21
|
+
belongs_to :token, class_name: 'Core::Models::OAuth::AccessToken', inverse_of: :refresh_token
|
22
|
+
|
23
|
+
def used?
|
24
|
+
!used_at.nil? && used_at < DateTime.now
|
25
|
+
end
|
19
26
|
end
|
20
27
|
end
|
21
28
|
end
|
@@ -0,0 +1,32 @@
|
|
1
|
+
module Core
|
2
|
+
module Models
|
3
|
+
module OAuth
|
4
|
+
# A scope gives access to some parts of the API, for example to the management of campaigns,
|
5
|
+
# applications or for account profile management.
|
6
|
+
# @author Vincent Courtois <courtois.vincent@outlook.com>
|
7
|
+
class Scope
|
8
|
+
include Mongoid::Document
|
9
|
+
include Mongoid::Timestamps
|
10
|
+
|
11
|
+
store_in collection: 'oauth_scopes'
|
12
|
+
|
13
|
+
# @!attribute [rw] name
|
14
|
+
# @return [String] the name of the scope, used to get its translation on the frontend.
|
15
|
+
field :name, type: String, default: ''
|
16
|
+
|
17
|
+
# @!attribute [rw] applications
|
18
|
+
# @return [Array<Core::Models::OAuth::Application>] the applications that want to have access to this
|
19
|
+
# scope from the users of the platform. These rights will be carried on to the tokens and frozen.
|
20
|
+
has_and_belongs_to_many :applications, class_name: 'Core::Models::OAuth::Application', inverse_of: :scopes
|
21
|
+
# @!attribute [rw] tokeauthorizationsns
|
22
|
+
# @return [Array<Core::Models::OAuth::Authorization] the tokens having these scopes.
|
23
|
+
has_and_belongs_to_many :authorizations, class_name: 'Core::Models::OAuth::Authorization', inverse_of: :scopes
|
24
|
+
|
25
|
+
validates :name,
|
26
|
+
presence: {message: 'required'},
|
27
|
+
length: {minimum: 6, if: :name?, message: 'minlength'},
|
28
|
+
uniqueness: {id: :name?, message: 'uniq'}
|
29
|
+
end
|
30
|
+
end
|
31
|
+
end
|
32
|
+
end
|
data/lib/core/models/oauth.rb
CHANGED
@@ -26,8 +26,6 @@ module Core
|
|
26
26
|
# @!attribute [rw] routes
|
27
27
|
# @return [Array<Core::Models::Monitoring::Route>] the routes this group can access in the API.
|
28
28
|
has_and_belongs_to_many :routes, class_name: 'Core::Models::Permissions::Route', inverse_of: :groups
|
29
|
-
|
30
|
-
make_sluggable 'group'
|
31
29
|
end
|
32
30
|
end
|
33
31
|
end
|
@@ -15,8 +15,6 @@ module Core
|
|
15
15
|
has_and_belongs_to_many :groups, class_name: 'Core::Models::Permissions::Group', inverse_of: :rights
|
16
16
|
|
17
17
|
belongs_to :category, class_name: 'Core::Models::Permissions::Category', inverse_of: :rights
|
18
|
-
|
19
|
-
make_sluggable 'right'
|
20
18
|
end
|
21
19
|
end
|
22
20
|
end
|
data/lib/core/models.rb
CHANGED
@@ -1,24 +1,22 @@
|
|
1
|
-
|
2
|
-
require 'active_model'
|
3
|
-
require 'active_support'
|
4
|
-
require 'dotenv/load'
|
1
|
+
# frozen_string_literal: true
|
5
2
|
|
6
|
-
# Main module of the application, holding all the subsequent classes.
|
7
|
-
# @author Vincent Courtois <courtois.vincent@outlook.com>
|
8
3
|
module Core
|
4
|
+
# Module holding the representations of the business objects we're manipulating
|
5
|
+
# in the database. Models are declared as Mongoid classes to connect to MongoDB
|
6
|
+
# @author Vincent Courtois <courtois.vincent@outlook.com>
|
9
7
|
module Models
|
10
|
-
autoload :Account
|
8
|
+
autoload :Account, 'core/models/account'
|
11
9
|
autoload :Authentication, 'core/models/authentication'
|
12
|
-
autoload :Campaign
|
13
|
-
autoload :Campaigns
|
14
|
-
autoload :Chatroom
|
15
|
-
autoload :Chatrooms
|
16
|
-
autoload :Concerns
|
17
|
-
autoload :Event
|
18
|
-
autoload :Files
|
19
|
-
autoload :Notification
|
20
|
-
autoload :OAuth
|
21
|
-
autoload :Permissions
|
22
|
-
autoload :Ruleset
|
10
|
+
autoload :Campaign, 'core/models/campaign'
|
11
|
+
autoload :Campaigns, 'core/models/campaigns'
|
12
|
+
autoload :Chatroom, 'core/models/chatroom'
|
13
|
+
autoload :Chatrooms, 'core/models/chatrooms'
|
14
|
+
autoload :Concerns, 'core/models/concerns'
|
15
|
+
autoload :Event, 'core/models/event'
|
16
|
+
autoload :Files, 'core/models/files'
|
17
|
+
autoload :Notification, 'core/models/notification'
|
18
|
+
autoload :OAuth, 'core/models/oauth'
|
19
|
+
autoload :Permissions, 'core/models/permissions'
|
20
|
+
autoload :Ruleset, 'core/models/ruleset'
|
23
21
|
end
|
24
|
-
end
|
22
|
+
end
|
data/lib/core/services.rb
CHANGED
@@ -1,8 +1,12 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
1
3
|
module Core
|
4
|
+
# Services are orchestrating models to provide more high-level operations.
|
5
|
+
# @author Vincent Courtois <courtois.vincent@outlook.com>
|
2
6
|
module Services
|
3
7
|
autoload :Accounts, 'core/services/accounts'
|
4
8
|
autoload :Base, 'core/services/base'
|
5
9
|
autoload :Registry, 'core/services/registry'
|
6
10
|
autoload :Sessions, 'core/services/sessions'
|
7
11
|
end
|
8
|
-
end
|
12
|
+
end
|
data/lib/core/version.rb
CHANGED
data/lib/core.rb
CHANGED
@@ -1,7 +1,6 @@
|
|
1
|
-
|
2
|
-
|
3
|
-
require
|
4
|
-
require 'dotenv/load'
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
%w[active_model mongoid active_support].each { |g| require g }
|
5
4
|
|
6
5
|
# Main module of the application, holding all the subsequent classes.
|
7
6
|
# @author Vincent Courtois <courtois.vincent@outlook.com>
|
@@ -10,4 +9,4 @@ module Core
|
|
10
9
|
autoload :Helpers, 'core/helpers'
|
11
10
|
autoload :Models, 'core/models'
|
12
11
|
autoload :Services, 'core/services'
|
13
|
-
end
|
12
|
+
end
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: virtuatable-core
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 1.
|
4
|
+
version: 1.3.1
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Vincent Courtois
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2022-04-
|
11
|
+
date: 2022-04-29 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: database_cleaner
|
@@ -332,6 +332,7 @@ files:
|
|
332
332
|
- lib/core/models/oauth/application.rb
|
333
333
|
- lib/core/models/oauth/authorization.rb
|
334
334
|
- lib/core/models/oauth/refresh_token.rb
|
335
|
+
- lib/core/models/oauth/scope.rb
|
335
336
|
- lib/core/models/permissions.rb
|
336
337
|
- lib/core/models/permissions/category.rb
|
337
338
|
- lib/core/models/permissions/group.rb
|