visor-auth 0.0.1

data/bin/visor-admin

@@ -0,0 +1,282 @@
+#!/usr/bin/env ruby
+
+require 'optparse'
+require 'uri'
+require 'visor-common'
+$:.unshift File.expand_path('../../lib', __FILE__)
+require 'auth/version'
+require 'auth/client'
+
+# VISoR administration command line interface script.
+#
+# Commands:
+#
+#list           Show all registered users
+#get            Show a specific user
+#add            Register a new user
+#update         Update an user
+#delete         Delete an user
+#clean          Delete all users
+#help <cmd>     Show help message for one of the above commands
+#
+# Run <visor -h> to get more usage help.
+#
+class VisorAdminCLI
+  include Visor::Common::Exception
+  include Visor::Common::Config
+
+  # VISoR Admin CLI version
+  VERSION = '0.0.1'
+
+  attr_reader :argv, :options, :parser, :command
+
+  # Initialize a new CLI
+  def initialize(argv=ARGV)
+    @argv    = argv
+    @options = load_conf_file
+    @parser  = parser
+    @command = parse!
+  end
+
+  # OptionParser parser
+  def parser
+    OptionParser.new do |opts|
+      opts.banner = "Usage: visor-admin <command> [options]"
+
+      opts.separator ""
+      opts.separator "Commands:"
+      opts.separator "     list           Show all registered users"
+      opts.separator "     get            Show a specific user"
+      opts.separator "     add            Register a new user"
+      opts.separator "     update         Update an user"
+      opts.separator "     delete         Delete an user"
+      opts.separator "     clean          Delete all users"
+      opts.separator "     help <cmd>     Show help message for one of the above commands"
+
+      opts.separator ""
+      opts.separator "Options:"
+      opts.on("-a", "--access KEY", "The user access key (username)") { |key| options[:access_key] = key }
+      opts.on("-e", "--email ADDRESS", "The user email address") { |addr| options[:email] = addr }
+      opts.on("-q", "--query QUERY", "HTTP query like string to filter results") do |query|
+        (options[:query] = URI.decode_www_form(query)) rescue abort "The provided query string is not valid."
+      end
+
+      opts.separator ""
+      opts.separator "Common options:"
+      opts.on_tail("-D", "--dry-run", "Don't persist results, just print what would it do") { options[:dry] = true }
+      opts.on_tail('-v', '--verbose', "Enable verbose") { options[:verbose] = true }
+      opts.on_tail("-h", "--help", "Show this help message") { puts opts; exit 0 }
+      opts.on_tail('-V', '--version', "Show version") { puts "VISoR Admin CLI v#{VERSION}"; exit 0 }
+    end
+  end
+
+  # Parse argv arguments
+  def parse!
+    parser.parse! ARGV
+    ARGV.shift
+  end
+
+  # Parse the current shell arguments and run the command
+  def run!
+    abort parser.to_s if command.nil?
+    start = Time.now
+    case command
+    when 'list' then
+      list
+    when 'get' then
+      get
+    when 'add' then
+      add
+    when 'update' then
+      update
+    when 'delete' then
+      delete
+    when 'help' then
+      help
+    else
+      abort "Unknown command '#{command}'"
+    end
+    finish = Time.now
+    printf("Done in %-0.4f seconds", finish - start) if verbose?
+    exit 0
+  end
+
+  # Show all registered users
+  def list
+    users = client.get_users(options[:query])
+    puts "Found #{users.size} users..."
+    print_users(users)
+  rescue NotFound => e
+    puts e.message
+  rescue => e
+    abort "Failure while executing 'list':\n#{e.message}"
+  end
+
+  # Retrieve an user
+  def get
+    access_key = argv.shift
+    abort "No user access key provided as first argument, please provide it." unless access_key
+    user = client.get_user(access_key)
+    print_users(user)
+  rescue NotFound => e
+    puts e.message
+  rescue => e
+    abort "Failure while executing 'get':\n#{e.message}"
+  end
+
+  # Add a new user
+  def add
+    begin
+      info = parse_info_from_args
+      user = client.post_user(info)
+      puts "Successfully added new user with access key '#{user[:access_key]}'."
+      print_users(user)
+    rescue NotFound => e
+      puts e.message
+    rescue => e
+      abort "Failure while executing 'add':\n#{e.message}"
+    end
+  end
+
+  # Update an user
+  def update
+    access_key = argv.shift
+    abort "No user access key provided as first argument, please provide it." unless access_key
+    begin
+      info = parse_info_from_args
+      user = client.put_user(access_key, info)
+      puts "Successfully updated the user #{access_key}."
+      print_users(user) if verbose?
+    rescue NotFound => e
+      puts e.message
+    rescue => e
+      abort "Failure while executing 'update':\n#{e.message}"
+    end
+  end
+
+  # Delete an user
+  def delete
+    begin
+      argv.each do |access_key|
+        abort "No user access key provided as first argument, please provide it." unless access_key
+        user = client.delete_user(access_key)
+        puts "Successfully deleted user #{access_key}."
+        print_users(user) if verbose?
+      end
+    end
+  rescue NotFound => e
+    puts e.message
+  rescue => e
+    abort "Failure while executing 'delete':\n#{e.message}"
+  end
+
+  # Show help message for one of the above commands
+  def help
+    cmd = argv[0]
+    abort "Please provide a command name as argument (example: visor-admin help list)." unless cmd
+
+    case cmd.to_sym
+    when :list
+      puts %q[Usage: visor-admin list [options]
+
+Returns a list of all registered users.
+
+You can filter results based on a query using the --query (-q) option.
+
+Examples:
+  $ visor-admin list
+  $ visor-admin list --query email=foo@bar.com]
+    when :get
+      puts %q[Usage: visor-admin get <ACCESS KEY> [options]
+
+Returns the account information of the user with the given access key.
+
+Examples:
+  $ visor get foo]
+    when :add
+      puts %q[Usage: visor-admin add <ATTRIBUTES> [options]
+
+Add a new user, providing its attributes.
+
+The following attributes can be specified as key/value pairs:
+
+  access_key: The wanted user access key (username)
+       email: The user email address
+
+Examples:
+  $ visor-admin add access_key=foo email=foo@bar.com]
+    when :update
+      puts %q[Usage: visor-admin update <ACCESS KEY> [options]
+
+Updates the account information of the user with the given access key.
+
+The following attributes can be specified as key/value pairs:
+
+  access_key: The wanted user access key (username)
+       email: The user email address
+
+Examples:
+  $ visor update foo email=bar@foo.com]
+    when :delete
+      puts %q[Usage: visor-admin delete <ACCESS KEY> [options]
+
+Deletes the account of the user with the given access key.
+
+Examples:
+  $ visor delete foo]
+    else
+      abort "Unknown command '#{cmd}'"
+    end
+  end
+
+  private
+
+# Pretty print users
+  def print_users(user)
+    str = "%-37s %-18s %-41s %-27s %-24s %-24s\n"
+    printf(str, 'ID', 'ACCESS KEY', 'SECRET KEY', 'EMAIL', 'CREATED AT', 'UPDATED AT')
+    puts "#{'-'*36+"  "+'-'*17+"  "+'-'*40+"  "+'-'*26+"  "+'-'*23+"  "+'-'*23}"
+
+    if user.is_a?(Array)
+      user.each { |u| printf(str, u[:_id], u[:access_key], u[:secret_key], u[:email] || '-', u[:created_at] || '-', u[:updated_at] || '-') }
+    else
+      printf(str, user[:_id], user[:access_key], user[:secret_key], user[:email] || '-', user[:created_at] || '-', user[:updated_at] || '-')
+    end
+  end
+
+# Load configuration file options
+  def load_conf_file
+    config = Visor::Common::Config.load_config(:visor_auth)
+    {host: config[:bind_host], port: config[:bind_port]}
+  rescue => e
+    raise "There was an error loading the configuration file: #{e.message}"
+  end
+
+# Get a new VISoR Auth Client instance
+  def client
+    Visor::Auth::Client.new(options)
+  end
+
+# Find if verbose mode is active
+  def verbose?
+    options[:verbose]
+  end
+
+# Parse key/value pair arguments to a valid hash
+  def parse_info_from_args
+    info = {}
+    raise "You should provide at least one key=value pair." if argv.empty?
+    argv.each do |arg|
+      k, v = arg.split('=')
+      raise "Arguments should be in the form of key=value pairs." unless k && v
+      info[k.downcase.sub('-', '_')] = v
+    end
+    info
+  end
+end
+
+# Execute if file is called
+#if __FILE__ == $0
+VisorAdminCLI.new.run!
+#end
+

data/bin/visor-auth

@@ -0,0 +1,8 @@
+#!/usr/bin/env ruby
+
+# VISoR Meta command line interface script.
+# Run <visor-meta -h> to get more usage help.
+
+require File.expand_path('../../lib/visor-auth', __FILE__)
+
+Visor::Auth::CLI.new(Visor::Auth::Server, 'visor-auth').run!

data/lib/auth/backends/base.rb

@@ -0,0 +1,167 @@
+require 'securerandom'
+
+module Visor
+  module Auth
+    module Backends
+
+      # This is the Base super class for all Backends. Each new backend inherits from Base,
+      # which contains the model and all validations for the users metadata.
+      #
+      # Implementing a new backend is as simple as create a new backend class which inherits
+      # from Base and them implement the specific methods for querying the underlying database.
+      #
+      class Base
+
+        # Keys validation
+        #
+        # Mandatory attributes
+        MANDATORY = [:access_key, :email]
+        # Read-only attributes
+        READONLY  = [:_id, :secret_key, :created_at, :updated_at]
+        # All attributes
+        ALL       = MANDATORY + READONLY
+
+        attr_reader :db, :host, :port, :user, :password, :conn
+
+        # Initializes a Backend instance.
+        #
+        # @option [Hash] opts Any of the available options can be passed.
+        #
+        # @option opts [String] :host The host address.
+        # @option opts [Integer] :port The port to be used.
+        # @option opts [String] :db The wanted database.
+        # @option opts [String] :user The username to be authenticate db access.
+        # @option opts [String] :password The password to be authenticate db access.
+        # @option opts [Object] :conn The connection pool to access database.
+        #
+        def initialize(opts)
+          @host     = opts[:host]
+          @port     = opts[:port]
+          @db       = opts[:db]
+          @user     = opts[:user]
+          @password = opts[:password]
+          @conn     = opts[:conn]
+        end
+
+        # Validates the user information for a post operation, based on possible keys and values.
+        #
+        # @param [Hash] info The user information.
+        #
+        # @raise[ArgumentError] If some of the information fields do not respect the
+        #   possible values, contains any read-only or misses any mandatory field.
+        #
+        def validate_data_post(info)
+          info.assert_exclusion_keys(READONLY)
+          info.assert_inclusion_keys(MANDATORY)
+          validate_email(info[:email])
+        end
+
+        # Validates the user information for a put operation, based on possible keys and values.
+        #
+        # @param [Hash] info The user information.
+        #
+        # @raise[ArgumentError] If some of the metadata fields do not respect the
+        #   possible values, contains any read-only or misses any mandatory field.
+        #
+        def validate_data_put(info)
+          info.assert_exclusion_keys(READONLY)
+          validate_email(info[:email]) if info[:email]
+        end
+
+        # Set protected fields value from a post operation.
+        # Being them the _id and created_at.
+        #
+        # @param [Hash] info The user information.
+        #
+        # @option [Hash] opts Any of the available options can be passed.
+        #
+        # @return [Hash] The updated user information.
+        #
+        def set_protected_post(info)
+          info.merge!(_id: SecureRandom.uuid, secret_key: SecureRandom.base64(30), created_at: Time.now)
+        end
+
+        # Set protected field value from a get operation.
+        # Being it the updated_at.
+        #
+        # @param [Hash] info The user information update.
+        #
+        # @return [Hash] The updated user information.
+        #
+        def set_protected_put(info)
+          info.merge!(updated_at: Time.now)
+        end
+
+        # Generates a compatible SQL WHERE string from a hash.
+        #
+        # @param [Hash] h The input hash.
+        #
+        # @return [String] A string as "k='v' AND k1='v1'",
+        #   only Strings Times or Hashes values are surrounded with '<value>'.
+        #
+        def to_sql_where(h)
+          h.map { |k, v| string_time_or_hash?(v) ? "#{k}='#{v}'" : "#{k}=#{v}" }.join(' AND ')
+        end
+
+        # Generates a compatible SQL UPDATE string from a hash.
+        #
+        # @param [Hash] h The input hash.
+        #
+        # @return [String] A string as "k='v', k1='v1'",
+        #   only Strings Times or Hashes values are surrounded with '<value>'.
+        #
+        def to_sql_update(h)
+          h.map { |k, v| string_time_or_hash?(v) ? "#{k}='#{v}'" : "#{k}=#{v}" }.join(', ')
+        end
+
+        # Generates a compatible SQL INSERT string from a hash.
+        #
+        # @param [Hash] h The input hash.
+        #
+        # @return [String] A string as "(k, k1) VALUES ('v', 'v1')",
+        #   only Strings Times or Hashes values are surrounded with '<value>'.
+        #
+        def to_sql_insert(h)
+          surround = h.values.map { |v| string_time_or_hash?(v) ? "'#{v}'" : v }
+          %W{(#{h.keys.join(', ')}) (#{surround.join(', ')})}
+        end
+
+        # Validates that incoming query filters fields are valid.
+        #
+        # @param [Hash] filters The image metadata filters coming from a GET request.
+        #
+        # @raise[ArgumentError] If some of the query filter fields do not respect the
+        #   possible values.
+        #
+        def validate_query_filters(filters)
+          filters.symbolize_keys!
+          filters.assert_valid_keys(ALL)
+        end
+
+        private
+
+        # Verifies if a given object is a String, a Time or a Hash.
+        #
+        # @param [Object] v The input value.
+        #
+        # @return [true, false] If the provided value is or not a String, a Time or a Hash.
+        #
+        def string_time_or_hash?(v)
+          v.is_a?(String) or v.is_a?(Time) or v.is_a?(Hash)
+        end
+
+        # Verifies if a given email string is a valid email.
+        #
+        # @param [String] s The input value.
+        #
+        # @raise [ArgumentError] If the email address is invalid.
+        #
+        def validate_email(s)
+          valid = s.match(/([^@\s*]+)@((?:[-a-z0-9]+\.)+[a-z]{2,})/i)
+          raise ArgumentError, "The email address seems to be invalid." unless valid
+        end
+
+      end
+    end
+  end
+end

data/lib/auth/backends/mongo_db.rb

@@ -0,0 +1,165 @@
+require 'mongo'
+require 'uri'
+
+module Visor
+  module Auth
+    module Backends
+
+      # The MongoDB Backend for the VISoR Auth.
+      #
+      class MongoDB < Base
+
+        include Visor::Common::Exception
+
+        # Connection constants
+        #
+        # Default MongoDB database
+        DEFAULT_DB       = 'visor'
+        # Default MongoDB host address
+        DEFAULT_HOST     = '127.0.0.1'
+        # Default MongoDB host port
+        DEFAULT_PORT     = 27017
+        # Default MongoDB user
+        DEFAULT_USER     = nil
+        # Default MongoDB password
+        DEFAULT_PASSWORD = nil
+
+        # Initializes a MongoDB Backend instance.
+        #
+        # @option [Hash] opts Any of the available options can be passed.
+        #
+        # @option opts [String] :uri The connection uri, if provided, no other option needs to be setted.
+        # @option opts [String] :db (DEFAULT_DB) The wanted database.
+        # @option opts [String] :host (DEFAULT_HOST) The host address.
+        # @option opts [Integer] :port (DEFAULT_PORT) The port to be used.
+        # @option opts [String] :user (DEFAULT_USER) The user to be used.
+        # @option opts [String] :password (DEFAULT_PASSWORD) The password to be used.
+        # @option opts [Object] :conn The connection pool to access database.
+        #
+        def self.connect(opts = {})
+          opts[:uri]      ||= ''
+          uri             = URI.parse(opts[:uri])
+          opts[:db]       = uri.path ? uri.path.gsub('/', '') : DEFAULT_DB
+          opts[:host]     = uri.host || DEFAULT_HOST
+          opts[:port]     = uri.port || DEFAULT_PORT
+          opts[:user]     = uri.user || DEFAULT_USER
+          opts[:password] = uri.password || DEFAULT_PASSWORD
+
+          self.new opts
+        end
+
+        def initialize(opts)
+          super opts
+          @conn = connection
+        end
+
+        # Establishes and returns a MongoDB database connection.
+        #
+        # @return [Mongo::Collection] A MongoDB collection object.
+        #
+        def connection
+          db = Mongo::Connection.new(@host, @port, :pool_size => 10, :pool_timeout => 5).db(@db)
+          db.authenticate(@user, @password) unless @user.empty? && @password.empty?
+          db.collection('users')
+        end
+
+        # Returns an array with the registered users.
+        #
+        # @option [Hash] filters Users attributes for filtering the returned results.
+        #   Besides common attributes filters, the following options can be passed to.
+        #
+        # @return [Array] The users information.
+        #
+        # @raise [NotFound] If there are no registered users.
+        #
+        def get_users(filters = {})
+          validate_query_filters filters unless filters.empty?
+          users = @conn.find(filters).to_a
+          raise NotFound, "No users found." if users.empty? && filters.empty?
+          raise NotFound, "No users found with given parameters." if users.empty?
+          users
+        end
+
+        # Returns an user information.
+        #
+        # @param [String] access_key The user access_key.
+        #
+        # @return [BSON::OrderedHash] The requested user information.
+        #
+        # @raise [NotFound] If user was not found.
+        #
+        def get_user(access_key)
+          user = @conn.find_one(access_key: access_key)
+          raise NotFound, "No user found with Access Key '#{access_key}'." unless user
+          user
+        end
+
+        # Delete a registered user.
+        #
+        # @param [String] access_key The user access_key.
+        #
+        # @return [BSON::OrderedHash] The deleted image metadata.
+        #
+        # @raise [NotFound] If user was not found.
+        #
+        def delete_user(access_key)
+          user = @conn.find_one(access_key: access_key)
+          raise NotFound, "No user found with Access Key '#{access_key}'." unless user
+          @conn.remove(access_key: access_key)
+          user
+        end
+
+        # Delete all registered users.
+        #
+        def delete_all!
+          @conn.remove
+        end
+
+        # Create a new user record for the given information.
+        #
+        # @param [Hash] user The user information.
+        #
+        # @return [BSON::OrderedHash] The already added user information.
+        #
+        # @raise [Invalid] If user information validation fails.
+        # @raise [ConflictError] If an access_key was already taken.
+        #
+        def post_user(user)
+          validate_data_post user
+          exists = @conn.find_one(access_key: user[:access_key])
+          raise ConflictError, "The Access Key '#{user[:access_key]}' was already taken." if exists
+          set_protected_post user
+          @conn.insert(user)
+          self.get_user(user[:access_key])
+        end
+
+        # Update an user information.
+        #
+        # @param [String] access_key The user access_key.
+        # @param [Hash] update The user information update.
+        #
+        # @return [BSON::OrderedHash] The updated user information.
+        #
+        # @raise [Invalid] If user information validation fails.
+        # @raise [ConflictError] If an access_key was already taken.
+        # @raise [NotFound] If user was not found.
+        #
+        def put_user(access_key, update)
+          validate_data_put update
+          user = @conn.find_one(access_key: access_key)
+          raise NotFound, "No user found with Access Key '#{access_key}'." unless user
+          if update[:access_key]
+            exists = @conn.find_one(access_key: update[:access_key])
+            raise ConflictError, "The Access Key '#{update[:access_key]}' was already taken." if exists
+          end
+          set_protected_put update
+          @conn.update({access_key: access_key}, :$set => update)
+          self.get_user(update[:access_key] || access_key)
+        end
+
+      end
+    end
+  end
+end
+
+