virtuatable-core 1.3.1 → 1.4.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/lib/core/controllers/base.rb +3 -2
- data/lib/core/helpers/accounts.rb +2 -2
- data/lib/core/helpers/declarators.rb +6 -62
- data/lib/core/helpers/scopes.rb +22 -0
- data/lib/core/helpers/tokens.rb +28 -0
- data/lib/core/helpers.rb +2 -1
- data/lib/core/models/account.rb +0 -4
- data/lib/core/models.rb +0 -1
- data/lib/core/version.rb +1 -1
- metadata +4 -8
- data/lib/core/helpers/sessions.rb +0 -30
- data/lib/core/models/permissions/category.rb +0 -17
- data/lib/core/models/permissions/group.rb +0 -32
- data/lib/core/models/permissions/right.rb +0 -21
- data/lib/core/models/permissions/route.rb +0 -35
- data/lib/core/models/permissions.rb +0 -13
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: bb7485c8bb6e781dcf4b6d3299d3065769a4556e01421fba08eb2404a3d982a5
|
|
4
|
+
data.tar.gz: 281cce31ddad58a7ffb44e8fd78de1bdefdc5d5f1f2f6b53f8a89e9125e8792e
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 2df4695bf1450c3c99cc3d86e5cee1cc91050275b6f54e40c587553376e93bd9752aac1683692a556c3265c16bab9fb06daa530b30645b3b4fdb6748a5e741ec
|
|
7
|
+
data.tar.gz: eee4af9a5591e1ef3fa5a7a5a1071791680a02af442df91bcfb03d5f4f63cc334ea6fe78edfbfb848a358af3d0df9327fb13429b0d104637e9622ae71c568d64
|
|
@@ -13,8 +13,9 @@ module Core
|
|
|
13
13
|
# Includes the custom errors throwers and responses helpers.
|
|
14
14
|
include Core::Helpers::Errors
|
|
15
15
|
include Core::Helpers::Responses
|
|
16
|
-
# Includes the checking methods for
|
|
17
|
-
include Core::Helpers::
|
|
16
|
+
# Includes the checking methods for access tokens.
|
|
17
|
+
include Core::Helpers::Tokens
|
|
18
|
+
include Core::Helpers::Scopes
|
|
18
19
|
# Include the checkers and getters for OAuth apps
|
|
19
20
|
include Core::Helpers::Applications
|
|
20
21
|
# Include checkers for field requirement and check
|
|
@@ -10,8 +10,8 @@ module Core
|
|
|
10
10
|
def account
|
|
11
11
|
return @account unless @account.nil?
|
|
12
12
|
|
|
13
|
-
|
|
14
|
-
@account
|
|
13
|
+
@account = token.authorization.account
|
|
14
|
+
@account
|
|
15
15
|
end
|
|
16
16
|
|
|
17
17
|
def account_id_not_found
|
|
@@ -6,9 +6,6 @@ module Core
|
|
|
6
6
|
# to declare routes whithin a service, performing needed checks and filters.
|
|
7
7
|
# @author Vincent Courtois <courtois.vincent@outlook.com>
|
|
8
8
|
module Declarators
|
|
9
|
-
# @!attribute [r] routes
|
|
10
|
-
# @return [Array<Core::Models::Permissions::Route>] the currently declared routes.
|
|
11
|
-
attr_reader :api_routes
|
|
12
9
|
|
|
13
10
|
# Main method to declare new routes, persisting them in the database and
|
|
14
11
|
# declaring it in the Sinatra application with the needed before checks.
|
|
@@ -16,68 +13,15 @@ module Core
|
|
|
16
13
|
# @param verb [String] the HTTP method for the route.
|
|
17
14
|
# @param path [String] the whole URI with parameters for the route.
|
|
18
15
|
# @param options [Hash] the additional options for the route.
|
|
19
|
-
def api_route(verb, path,
|
|
20
|
-
|
|
21
|
-
|
|
22
|
-
|
|
23
|
-
|
|
24
|
-
|
|
25
|
-
# add some treatments but avoid many problems if route.premium
|
|
26
|
-
send(route.verb, route.path) do
|
|
27
|
-
application(premium: current_route.premium)
|
|
28
|
-
session if current_route.authenticated
|
|
16
|
+
def api_route(verb, path, premium: false, scopes: ['data::usage'], &block)
|
|
17
|
+
send(verb, path) do
|
|
18
|
+
scope_objects = fetch_scopes(scopes)
|
|
19
|
+
appli = application(premium: premium)
|
|
20
|
+
check_app_scopes(appli, scope_objects)
|
|
21
|
+
check_token_scopes(token, scope_objects)
|
|
29
22
|
instance_eval(&block)
|
|
30
23
|
end
|
|
31
24
|
end
|
|
32
|
-
|
|
33
|
-
# Add a route to the database, then to the routes array.
|
|
34
|
-
# @param verb [String] the HTTP method used to request this route.
|
|
35
|
-
# @param path [String] the path used to request this route.
|
|
36
|
-
# @return [Core::Models::Permissions::Route] the created route.
|
|
37
|
-
def add_route(verb:, path:, options:)
|
|
38
|
-
route = Core::Models::Permissions::Route.find_or_create_by!(
|
|
39
|
-
path: path,
|
|
40
|
-
verb: verb.downcase,
|
|
41
|
-
premium: options[:premium],
|
|
42
|
-
authenticated: options[:authenticated]
|
|
43
|
-
)
|
|
44
|
-
api_routes.nil? ? @api_routes = [route] : push_route(route)
|
|
45
|
-
add_permissions(route)
|
|
46
|
-
route
|
|
47
|
-
end
|
|
48
|
-
|
|
49
|
-
# Pushes the route in the api routes list, by creating it if needed
|
|
50
|
-
# @param route [Core::Models::Permissions::Route] the route to push in the list of routes.
|
|
51
|
-
def push_route(route)
|
|
52
|
-
@api_routes << route if api_routes.none? do |tmp_route|
|
|
53
|
-
route.id == tmp_route.id
|
|
54
|
-
end
|
|
55
|
-
end
|
|
56
|
-
|
|
57
|
-
# Add the default access permissions to a route. Any group tagged superuser
|
|
58
|
-
# can automatically access any newly declared_route.
|
|
59
|
-
# params route [Core::Models::Permissions::Route] the route to add the permissions to.
|
|
60
|
-
def add_permissions(route)
|
|
61
|
-
groups = Core::Models::Permissions::Group.where(is_superuser: true)
|
|
62
|
-
groups.each do |group|
|
|
63
|
-
unless route.groups.where(id: group.id).exists?
|
|
64
|
-
route.groups << group
|
|
65
|
-
route.save!
|
|
66
|
-
end
|
|
67
|
-
end
|
|
68
|
-
end
|
|
69
|
-
|
|
70
|
-
# The default options for a route, being the most used value for each key.
|
|
71
|
-
# @return [Hash] the default options as a hash.
|
|
72
|
-
def default_options
|
|
73
|
-
{
|
|
74
|
-
# If TRUE the application MUST be premium to access the route.
|
|
75
|
-
# Mainly used to protect administration routes against illegal accesses.
|
|
76
|
-
premium: false,
|
|
77
|
-
# If TRUE the user MUST be authenticated to access the route.
|
|
78
|
-
authenticated: true
|
|
79
|
-
}
|
|
80
|
-
end
|
|
81
25
|
end
|
|
82
26
|
end
|
|
83
27
|
end
|
|
@@ -0,0 +1,22 @@
|
|
|
1
|
+
module Core
|
|
2
|
+
module Helpers
|
|
3
|
+
module Scopes
|
|
4
|
+
|
|
5
|
+
def fetch_scopes(names)
|
|
6
|
+
(names.map { |n| Core::Models::OAuth::Scope.find_by(name: n) }).select { |s| !s.nil? }
|
|
7
|
+
end
|
|
8
|
+
|
|
9
|
+
def check_token_scopes(token, scopes)
|
|
10
|
+
scopes.each do |scope|
|
|
11
|
+
api_forbidden 'scope.forbidden' if !token.scopes.include? scope
|
|
12
|
+
end
|
|
13
|
+
end
|
|
14
|
+
|
|
15
|
+
def check_app_scopes(application, scopes)
|
|
16
|
+
scopes.each do |scope|
|
|
17
|
+
api_forbidden 'scope.forbidden' if !application.scopes.include? scope
|
|
18
|
+
end
|
|
19
|
+
end
|
|
20
|
+
end
|
|
21
|
+
end
|
|
22
|
+
end
|
|
@@ -0,0 +1,28 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
module Core
|
|
4
|
+
module Helpers
|
|
5
|
+
# This helper aims at providing vanity methods concerning OAuth tokens.
|
|
6
|
+
# @author Vincent Courtois <courtois.vincent@outlook.com>
|
|
7
|
+
module Tokens
|
|
8
|
+
# Returns the database object representing the current OAuth token, or
|
|
9
|
+
# raises an error if the token seems to be invalid for any reason.
|
|
10
|
+
# @return [Core::Models::Oauth::AccessToken] the token if everything went well.
|
|
11
|
+
# @raise [Core::Helpers::Errors::BadRequest] if the token is not given.
|
|
12
|
+
# @raise [Core::Helpers::Errors::NotFound] if the token is not found in the
|
|
13
|
+
# database searching for the value passed as parameter.
|
|
14
|
+
# @raise [Core::Helpers::Errors::Forbidden] if the token belongs to another
|
|
15
|
+
# application.
|
|
16
|
+
def token
|
|
17
|
+
return @token unless @token.nil?
|
|
18
|
+
|
|
19
|
+
check_presence 'token'
|
|
20
|
+
@token = Core::Models::OAuth::AccessToken.find_by(value: params['token'])
|
|
21
|
+
api_not_found 'token.unknown' if @token.nil?
|
|
22
|
+
token_app_id = token.authorization.application.id.to_s
|
|
23
|
+
api_forbidden 'token.mismatch' if token_app_id != application.id.to_s
|
|
24
|
+
@token
|
|
25
|
+
end
|
|
26
|
+
end
|
|
27
|
+
end
|
|
28
|
+
end
|
data/lib/core/helpers.rb
CHANGED
|
@@ -13,6 +13,7 @@ module Core
|
|
|
13
13
|
autoload :Parameters, 'core/helpers/parameters'
|
|
14
14
|
autoload :Responses, 'core/helpers/responses'
|
|
15
15
|
autoload :Routes, 'core/helpers/routes'
|
|
16
|
-
autoload :
|
|
16
|
+
autoload :Scopes, 'core/helpers/scopes'
|
|
17
|
+
autoload :Tokens, 'core/helpers/tokens'
|
|
17
18
|
end
|
|
18
19
|
end
|
data/lib/core/models/account.rb
CHANGED
|
@@ -37,10 +37,6 @@ module Core
|
|
|
37
37
|
# @!attribute [w] password_confirmation
|
|
38
38
|
# @return [String] the confirmation of the password, do not get, just set it ; it must be the same as the password.
|
|
39
39
|
has_secure_password validations: false
|
|
40
|
-
|
|
41
|
-
# @!attribute [rw] groups
|
|
42
|
-
# @return [Array<Core::Models::Permissions::Group>] the groups giving their corresponding rights to the current account.
|
|
43
|
-
has_and_belongs_to_many :groups, class_name: 'Core::Models::Permissions::Group', inverse_of: :accounts
|
|
44
40
|
|
|
45
41
|
# @!attribute [rw] applications
|
|
46
42
|
# @return [Array<Core::Models::OAuth::Application] the applications this user has created and owns.
|
data/lib/core/models.rb
CHANGED
data/lib/core/version.rb
CHANGED
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: virtuatable-core
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 1.
|
|
4
|
+
version: 1.4.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Vincent Courtois
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2022-
|
|
11
|
+
date: 2022-05-08 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: database_cleaner
|
|
@@ -298,7 +298,8 @@ files:
|
|
|
298
298
|
- lib/core/helpers/parameters.rb
|
|
299
299
|
- lib/core/helpers/responses.rb
|
|
300
300
|
- lib/core/helpers/routes.rb
|
|
301
|
-
- lib/core/helpers/
|
|
301
|
+
- lib/core/helpers/scopes.rb
|
|
302
|
+
- lib/core/helpers/tokens.rb
|
|
302
303
|
- lib/core/models.rb
|
|
303
304
|
- lib/core/models/account.rb
|
|
304
305
|
- lib/core/models/authentication.rb
|
|
@@ -333,11 +334,6 @@ files:
|
|
|
333
334
|
- lib/core/models/oauth/authorization.rb
|
|
334
335
|
- lib/core/models/oauth/refresh_token.rb
|
|
335
336
|
- lib/core/models/oauth/scope.rb
|
|
336
|
-
- lib/core/models/permissions.rb
|
|
337
|
-
- lib/core/models/permissions/category.rb
|
|
338
|
-
- lib/core/models/permissions/group.rb
|
|
339
|
-
- lib/core/models/permissions/right.rb
|
|
340
|
-
- lib/core/models/permissions/route.rb
|
|
341
337
|
- lib/core/models/ruleset.rb
|
|
342
338
|
- lib/core/services.rb
|
|
343
339
|
- lib/core/services/accounts.rb
|
|
@@ -1,30 +0,0 @@
|
|
|
1
|
-
# frozen_string_literal: true
|
|
2
|
-
|
|
3
|
-
module Core
|
|
4
|
-
module Helpers
|
|
5
|
-
# This helper gives access to methods about user's session on the API.
|
|
6
|
-
# @author Vincent Courtois <courtois.vincent@outlook.com>
|
|
7
|
-
module Sessions
|
|
8
|
-
# Checks the session of the user requesting the API and returns an error
|
|
9
|
-
# if it either not exists with the given token, or the token is not given.
|
|
10
|
-
#
|
|
11
|
-
# @raise [Virtuatable::API::Errors::NotFound] if the session is not found
|
|
12
|
-
# or the token not given in the parameters of the request.
|
|
13
|
-
# @raise [Virtuatable::API::Errors::BadRequest] if the session token is
|
|
14
|
-
# not correctly given in the parameters.
|
|
15
|
-
#
|
|
16
|
-
# @return [Core::Models::Authentication::Session] the current session of the user.
|
|
17
|
-
def session
|
|
18
|
-
return @session unless @session.nil?
|
|
19
|
-
|
|
20
|
-
check_presence 'session_id'
|
|
21
|
-
@session = session_model.find_by(token: params['session_id'])
|
|
22
|
-
@session.nil? ? api_not_found('session_id.unknown') : @session
|
|
23
|
-
end
|
|
24
|
-
|
|
25
|
-
def session_model
|
|
26
|
-
Core::Models::Authentication::Session
|
|
27
|
-
end
|
|
28
|
-
end
|
|
29
|
-
end
|
|
30
|
-
end
|
|
@@ -1,17 +0,0 @@
|
|
|
1
|
-
module Core
|
|
2
|
-
module Models
|
|
3
|
-
module Permissions
|
|
4
|
-
# A category of rights regroups one or several rights for convenience purposes.
|
|
5
|
-
# @author Vincent Courtois <courtois.vincent@outlook.com>
|
|
6
|
-
class Category
|
|
7
|
-
include Mongoid::Document
|
|
8
|
-
include Mongoid::Timestamps
|
|
9
|
-
include Core::Models::Concerns::Sluggable
|
|
10
|
-
|
|
11
|
-
store_in collection: 'categories'
|
|
12
|
-
|
|
13
|
-
has_many :rights, class_name: 'Core::Models::Permissions::Right', inverse_of: :category
|
|
14
|
-
end
|
|
15
|
-
end
|
|
16
|
-
end
|
|
17
|
-
end
|
|
@@ -1,32 +0,0 @@
|
|
|
1
|
-
module Core
|
|
2
|
-
module Models
|
|
3
|
-
module Permissions
|
|
4
|
-
# A group gathers one or several users to give them the same rights for conviniency purposes.
|
|
5
|
-
# @author Vincent Courtois <courtois.vincent@outlook.com>
|
|
6
|
-
class Group
|
|
7
|
-
include Mongoid::Document
|
|
8
|
-
include Mongoid::Timestamps
|
|
9
|
-
include Core::Models::Concerns::Sluggable
|
|
10
|
-
|
|
11
|
-
store_in collection: 'groups'
|
|
12
|
-
|
|
13
|
-
# @!attribute [rw] is_default
|
|
14
|
-
# @return [Boolean] a boolean indicating whether this group is given when a new user registered or not.
|
|
15
|
-
field :is_default, type: Mongoid::Boolean, default: false
|
|
16
|
-
# @!attribute [rw] is_superuser
|
|
17
|
-
# @return [Boolean] a boolean indicating whether this group should have access to all groups and rights or not.
|
|
18
|
-
field :is_superuser, type: Mongoid::Boolean, default: false
|
|
19
|
-
|
|
20
|
-
# @!attribute [rw] accounts
|
|
21
|
-
# @return [Array<Core::Models::Account>] the accounts having the rights granted by this group.
|
|
22
|
-
has_and_belongs_to_many :accounts, class_name: 'Core::Models::Account', inverse_of: :groups
|
|
23
|
-
# @!attribute [rw] rights
|
|
24
|
-
# @return [Array<Core::Models::Permissions::Right>] the rights granted by belonging to this group.
|
|
25
|
-
has_and_belongs_to_many :rights, class_name: 'Core::Models::Permissions::Right', inverse_of: :groups
|
|
26
|
-
# @!attribute [rw] routes
|
|
27
|
-
# @return [Array<Core::Models::Monitoring::Route>] the routes this group can access in the API.
|
|
28
|
-
has_and_belongs_to_many :routes, class_name: 'Core::Models::Permissions::Route', inverse_of: :groups
|
|
29
|
-
end
|
|
30
|
-
end
|
|
31
|
-
end
|
|
32
|
-
end
|
|
@@ -1,21 +0,0 @@
|
|
|
1
|
-
module Core
|
|
2
|
-
module Models
|
|
3
|
-
module Permissions
|
|
4
|
-
# A right is the access to one or several features in the application. It's applied to a group, and transitively to an account.
|
|
5
|
-
# @author Vincent Courtois <courtois;vincent@outlook.com>
|
|
6
|
-
class Right
|
|
7
|
-
include Mongoid::Document
|
|
8
|
-
include Mongoid::Timestamps
|
|
9
|
-
include Core::Models::Concerns::Sluggable
|
|
10
|
-
|
|
11
|
-
store_in collection: 'rights'
|
|
12
|
-
|
|
13
|
-
# @!attribute [rw] groups
|
|
14
|
-
# @return [Array<Core::Models::Permissions::Group>] the groups granted with the permission to access features opened by this right.
|
|
15
|
-
has_and_belongs_to_many :groups, class_name: 'Core::Models::Permissions::Group', inverse_of: :rights
|
|
16
|
-
|
|
17
|
-
belongs_to :category, class_name: 'Core::Models::Permissions::Category', inverse_of: :rights
|
|
18
|
-
end
|
|
19
|
-
end
|
|
20
|
-
end
|
|
21
|
-
end
|
|
@@ -1,35 +0,0 @@
|
|
|
1
|
-
module Core
|
|
2
|
-
module Models
|
|
3
|
-
module Permissions
|
|
4
|
-
# A route is an endpoint accessible in the API. Each route has to have an associated endpoint in the deployed instances.
|
|
5
|
-
# @param Vincent Courtois <courtois.vincent@outlook.com>
|
|
6
|
-
class Route
|
|
7
|
-
include Mongoid::Document
|
|
8
|
-
include Mongoid::Timestamps
|
|
9
|
-
include Core::Models::Concerns::Premiumable
|
|
10
|
-
include Core::Models::Concerns::Activable
|
|
11
|
-
|
|
12
|
-
store_in collection: 'routes'
|
|
13
|
-
|
|
14
|
-
# @!attribute [rw] path
|
|
15
|
-
# @return [String] the path (URI) of the route in the API.
|
|
16
|
-
field :path, type: String, default: '/'
|
|
17
|
-
# @!attribute [rw] verb
|
|
18
|
-
# @return [String] the verb (HTTP method) of this route in the API.
|
|
19
|
-
field :verb, type: String, default: 'get'
|
|
20
|
-
# @!attribute [rw] authenticated
|
|
21
|
-
# @return [Boolean] if true, the session_id is needed for this route, if false it is not.
|
|
22
|
-
field :authenticated, type: Mongoid::Boolean, default: true
|
|
23
|
-
# @!attribute [rw] groups
|
|
24
|
-
# @return [Array<Core::Models::Permissions::Group>] the groups having permission to access this route.
|
|
25
|
-
has_and_belongs_to_many :groups, class_name: 'Core::Models::Permissions::Group', inverse_of: :groups
|
|
26
|
-
|
|
27
|
-
validates :path,
|
|
28
|
-
format: {with: /\A(\/|((\/:?[a-zA-Z0-9_]+)+))\z/, message: 'pattern', if: :path?}
|
|
29
|
-
|
|
30
|
-
validates :verb,
|
|
31
|
-
inclusion: {message: 'unknown', in: ['get', 'post', 'put', 'delete', 'patch', 'option']}
|
|
32
|
-
end
|
|
33
|
-
end
|
|
34
|
-
end
|
|
35
|
-
end
|
|
@@ -1,13 +0,0 @@
|
|
|
1
|
-
module Core
|
|
2
|
-
module Models
|
|
3
|
-
# This module holds the logic for all the classes concerning the permissions abd rights for the user.
|
|
4
|
-
# A permission is restricting the access to one or several features to the users having it.
|
|
5
|
-
# @author Vincent Courtois <courtois.vincent@outlook.com>
|
|
6
|
-
module Permissions
|
|
7
|
-
autoload :Right , 'core/models/permissions/right'
|
|
8
|
-
autoload :Group , 'core/models/permissions/group'
|
|
9
|
-
autoload :Category, 'core/models/permissions/category'
|
|
10
|
-
autoload :Route , 'core/models/permissions/route'
|
|
11
|
-
end
|
|
12
|
-
end
|
|
13
|
-
end
|