watch-tower 1.0.0

data/AUTHORS

@@ -0,0 +1 @@
+Kristan 'Krispy' Uccello <krispy@soldierofcode.com> (founder of project)

data/Change.log

@@ -0,0 +1,6 @@
+Feb. 5,2010
+---
+> Created project Watch Tower after getting very fedup with Warden and other authentication systems for rack
+  that seem to offer more headache then benifit. See README for my rambling on this.
+
+> Project is working as I need it to for the purposes I need - may add some supporting things later

data/README

@@ -0,0 +1,70 @@
+Watch Tower:
+=================
+
+"RANT –verb (used without object)
+ to speak or declaim extravagantly or violently;
+ talk in a wild or vehement way;
+ rave: The demagogue ranted for hours."
+
+I have come to dispise all authentication systems. Put simply they are overy abstract in my humble opinion.
+Sure in small applications you can get away with a roll your own auth system based on simple principals such
+as using a cookie or session combined with some form of authentication like user/pass processing. So I feel
+completly comfortable saying that the small apps have it covered and then there are the big applications that
+span multiple machines and have session servers to act as stateful verification of user presence and roll based
+access. This are is covered by a bunch of different technologies already - I'm not getting into that right now.
+
+I write applications that for the most part are sinatra based. I have my own way of seperating out concerns
+by way of user responsibilites. So most of my web apps are actually three web apps working togeather. I usually
+have an admin app for me to use when managing the site's customers, then I have a customer app for my direct
+customers to use, and then I might have a front facing application for the rest of the web to see that is public,
+I call this one "public". So I need admin login authentication and customer login authentication. Hmmm does not
+seem to warent a roll based system as I only have two class of credentialed users as well I have already
+seperated out their concerns by way of writting them out as two applications. After fucking around with warden
+and many other types of authentication gems out there on github I found myself constantly saying "this does not
+do what I want it to" or "I really don't like what I have to do to manage this". I took a step back and pulled
+out a graph pad and pen and sketched out a couple of questions:
+
+1. do I know you? are you logged in? (look for token key values)
+2. who are you? (provide a login method)
+3. are you who you say you are? (validate login credentials)
+4. are you allowed to access what you are trying to access? (does the token match the rules?)
+
+this of course took me to the two things every authentication system has
+
+Authentication & Authorization
+
+Watch Tower works of the principal of least reseistance with the use of leathal force. Basically you tell it
+what to protect and how.
+
+Example config.ru from the example directory:
+
+require 'rack'
+require 'sinatra'
+require 'haml'
+require 'dirge' # see http://github.com/joshbuddy/dirge/
+
+# replace this require with require 'watch-tower' in your code
+require ::File.join(::File.dirname(__FILE__),'../lib/watch-tower.rb')
+
+# our app files
+require ~'app1/app1'
+require ~'app1/app1_deligate'
+require ~'app2/app2'
+require ~'login_handler/login_handler'
+
+use Rack::Session::Pool, :expire_after => 60 * 30 # 30 minute timeout on sessons
+
+use SoldierOfCode::TowerGate, { '/app1/'=>App1Deligate,
+                                '/app2/'=>App2}
+
+map '/app2/' do
+  run App2
+end
+
+map '/app1/' do
+  run App1
+end
+
+map '/' do
+  run LoginHandler
+end

data/Rakefile

@@ -0,0 +1,15 @@
+begin
+  require 'jeweler'
+  Jeweler::Tasks.new do |s|
+    s.name = "watch-tower"
+    s.summary = "Rack Middleware for multi app authentication - All along the watchtower - 'there must be some kinda way outa here said the joker to the thief'"
+    s.email = "krispy@soldierofcode.com"
+    s.homepage = "http://github.com/kuccello/watch-tower"
+    s.description = "I was sick of all the complex abstractions that were being put into other authentication libs - I have attempted to keep this one as reuseable and non-abstract as possible"
+    s.authors = ["Kristan 'Krispy' Uccello"]
+    s.files =  FileList["[A-Z]*", "{example,lib}/**/*"]
+    s.add_dependency 'rack'
+  end
+rescue LoadError
+  puts "Jeweler, or one of its dependencies, is not available. Install it with: sudo gem install technicalpickles-jeweler -s http://gems.github.com"
+end

data/VERSION

@@ -0,0 +1 @@
+1.0.0

data/example/Makefile

@@ -0,0 +1,3 @@
+go:
+	thin start -R config.ru -p 8080
+

data/example/app1/app1.rb

@@ -0,0 +1,13 @@
+require ~'app1_deligate'
+
+class App1 < Sinatra::Base
+
+  set :views, ~'/views'
+  #set :public, ~'/public'
+  #set :root, ~''
+  #set :static, true
+
+  get '/' do
+    "Hello from app1"
+  end
+end

data/example/app1/app1_deligate.rb

@@ -0,0 +1,16 @@
+class App1Deligate
+  include SoldierOfCode::SentryDeligate
+
+  def login_uri
+    '/login'
+  end
+
+  def token_keys
+    [:app1,:default]
+  end
+
+  def authenticate(usr_id, pass)
+    # You would perform what ever authentication you wanted to here or deligate to another object
+    return :app1, "yes"
+  end
+end

data/example/app1/views/layout.haml

@@ -0,0 +1,6 @@
+%html
+  %head
+    %title
+      App 1 Layout
+  %body
+    = yield

data/example/app2/app2.rb

@@ -0,0 +1,22 @@
+class App2 < Sinatra::Base
+  include SoldierOfCode::SentryDeligate
+
+  def login_uri
+    '/login'
+  end
+
+  def token_keys
+    [:app2,:default]
+  end
+
+  def authenticate(usr_id, pass)
+    # You would perform what ever authentication you wanted to here or deligate to another object
+    return :app2, "yes"
+  end
+
+  set :views, ~'/views'
+
+  get '/' do
+    "Hello from app2"
+  end
+end

data/example/app2/views/layout.haml

@@ -0,0 +1,6 @@
+%html
+  %head
+    %title
+      App 2 Layout
+  %body
+    = yield

data/example/config.ru

@@ -0,0 +1,30 @@
+require 'rack'
+require 'sinatra'
+require 'haml'
+require 'dirge' # see http://github.com/joshbuddy/dirge/
+
+# replace this require with require 'watch-tower' in your code
+require ::File.join(::File.dirname(__FILE__),'../lib/watch-tower.rb')
+
+# our app files
+require ~'app1/app1'
+require ~'app1/app1_deligate'
+require ~'app2/app2'
+require ~'login_handler/login_handler'
+
+use Rack::Session::Pool, :expire_after => 60 * 30 # 30 minute timeout on sessons
+
+use SoldierOfCode::TowerGate, { '/app1/'=>App1Deligate,
+                                '/app2/'=>App2}
+
+map '/app2/' do
+  run App2
+end
+
+map '/app1/' do
+  run App1
+end
+
+map '/' do
+  run LoginHandler
+end

data/example/login_handler/login_handler.rb

@@ -0,0 +1,31 @@
+=begin
+  This is an example of a login handler
+=end
+class LoginHandler < Sinatra::Base
+
+  set :views, ~'/views'
+
+  get '/' do
+    haml :index
+  end
+
+  get '/login' do
+    return_path = session['watchtower.return_path'] ? session['watchtower.return_path'] : "/login"
+    haml :login, :locals=>{:submit_to=>return_path}
+  end
+
+  post '/login' do
+    if params[:email] == "foo@example.com" && params[:password] == "abc123" then
+      session[:default] = params[:email]
+      redirect '/app2/'
+    else
+      redirect '/login'
+    end
+  end
+
+  get '/logout' do
+    session[:default]=nil
+    redirect '/login'
+  end
+
+end

data/example/login_handler/views/index.haml

@@ -0,0 +1,13 @@
+%a{:href=>"/app1/"}
+  App 1
+
+%br
+
+%a{:href=>"/app2/"}
+  App 2
+
+%br
+
+%a{:href=>"/login"}
+  Login Handler Login
+

data/example/login_handler/views/layout.haml

@@ -0,0 +1,6 @@
+%html
+  %head
+    %title
+      Login Handler
+  %body
+    = yield

data/example/login_handler/views/login.haml

@@ -0,0 +1,10 @@
+%form{:action=>submit_to,:method=>"post"}
+  %label
+    Email
+  %input{:type=>"text",:name=>"email"}
+  %br
+  %label
+    Password
+  %input{:type=>"password",:name=>"password"}
+  %br
+  %input{:type=>"submit",:value=>"Login"}

data/lib/watch-tower.rb

@@ -0,0 +1,186 @@
+=begin
+
+Copyright (c) 2010 Kristan 'Krispy' Uccello <krispy@soldierofcode.com>
+                                                     - Soldier Of Code
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.
+
+=end
+module SoldierOfCode
+
+  module SentryDeligate
+
+    send :define_method, :token_keys do
+      [:default]
+    end
+
+    send :define_method, :valid_user_identifier? do |ident|
+      %w{ email username usr nickname nick u }.each do |v|
+        return true if v == ident
+      end
+      false
+    end
+
+    send :define_method, :valid_password_identifier? do |ident|
+      %w{ password pass pwd secret }.each do |v|
+        return true if v == ident
+      end
+      false
+    end
+
+    # authenticate -- perform authentication against usr/pass
+    send :define_method, :authenticate do |usr_id, pass|
+      # should return a token key and token value
+      throw "You need to implement the authenticate(usr_id,pass) method on #{self.class.name} which returns a token key and token value if successful"
+    end
+
+    # authenticated? -- correct token(s) is present on session
+    send :define_method, :authenticated? do |env|
+      session = env['rack.session']
+      token = nil
+      (send :token_keys).each do |k|
+        # check session for key
+        token = session[k] if session[k]
+      end
+      token
+    end
+
+    # authorized? -- token key is authorized or authorization credentials are provided
+    send :define_method, :authorized? do |env|
+      authorized = false
+      unless (send :authenticated?, env)
+        req = Rack::Request.new(env)
+        if req.post? then
+          usr = ''
+          pwd = ''
+          req.params.each do |k, v|
+            usr = v if usr == '' && (send :valid_user_identifier?, k)
+            pwd = v if pwd == '' && (send :valid_password_identifier?, k)
+          end
+          token_key, token_value = (send :authenticate, usr, pwd)
+          if token_key && token_value then
+            session = env['rack.session']
+            session[token_key] = token_value
+            env['rack.session'] = session
+          end
+          authorized = (send :authenticated?, env)
+        end
+      else
+        authorized = true
+      end
+      authorized
+    end
+
+    send :define_method, :login_uri do
+      # should return a token key and token value
+      throw "You need to implement the login_uri method on #{self.class.name} which returns a uri to its login view"
+    end
+
+
+  end
+
+  class TowerGate
+    attr_accessor :guards, :app
+
+    def initialize(app=nil, guards={})
+      @app = app
+      @guards = guards
+    end
+
+    def call(env)
+      session = env['rack.session']
+      result = [401, {"Content-Type"=>"text/html"}, 'You have been arrested by this server.']
+      begin
+        guard = locate_guard(env)
+
+        if guard then
+
+          # "just need to check your paper work sir..."
+          if guard.authenticated?(env) then
+            # "looks like your cleared to enter, have a nice day"
+            result = @app.call(env)
+          elsif guard.authorized?(env) then
+            return_path = session['watchtower.return_path']
+            return_path = nil if return_path == ''
+
+            # "looks like your cleared to enter, have a nice day"
+            unless return_path then
+              result = @app.call(env)
+            else
+              code = 302
+              headers = {"Location" => return_path}
+              result = [code, headers, []]
+              session['watchtower.return_path'] = nil
+            end
+          else
+            # "If you'd like to step over here sir and please remove your shoes..."
+            code = 302
+            headers = {"Location" => guard.login_uri}
+            result = [code, headers, []]
+          end
+        else
+          # No guard on duty - "This compound is monitored at all times" - sure...
+          result = @app.call(env)
+        end
+      rescue => e
+        puts "#{__FILE__}:#{__LINE__} [#{__method__}] EXCEPTION: #{e}"
+        e.backtrace().each_with_index do |l, i|
+          puts "\t- EXCEPTION STACK [#{i}]: #{l}"
+        end
+      end
+      result
+    end
+
+    def locate_guard(env)
+      guard = nil
+      begin
+        session = env['rack.session'] ||= {}
+        path = env['REQUEST_PATH']
+        @guards.each do |proto_path, deligate|
+          if path.starts_with?(proto_path)
+            keys = deligate.new.token_keys # I really wanted to meta code a class method but...
+            token = nil
+            keys.each do |k|
+              # check session for key
+              token = session[k] if session[k]
+            end
+            unless token
+              session['watchtower.return_path'] = path
+              env['rack.session'] = session
+              guard = deligate.new
+            end
+          end
+        end
+      rescue => e
+        puts "#{__FILE__}:#{__LINE__} [#{__method__}] EXCEPTION: #{e}"
+        e.backtrace().each_with_index do |l, i|
+          puts "\t- EXCEPTION STACK [#{i}]: #{l}"
+        end
+      end
+      guard
+    end
+  end
+
+end
+
+class String
+  def starts_with?(characters)
+    self.match(/^#{characters}/) ? true : false
+  end
+end

metadata

@@ -0,0 +1,84 @@
+--- !ruby/object:Gem::Specification 
+name: watch-tower
+version: !ruby/object:Gem::Version 
+  version: 1.0.0
+platform: ruby
+authors: 
+- Kristan 'Krispy' Uccello
+autorequire: 
+bindir: bin
+cert_chain: []
+
+date: 2010-02-06 00:00:00 -05:00
+default_executable: 
+dependencies: 
+- !ruby/object:Gem::Dependency 
+  name: rack
+  type: :runtime
+  version_requirement: 
+  version_requirements: !ruby/object:Gem::Requirement 
+    requirements: 
+    - - ">="
+      - !ruby/object:Gem::Version 
+        version: "0"
+    version: 
+description: I was sick of all the complex abstractions that were being put into other authentication libs - I have attempted to keep this one as reuseable and non-abstract as possible
+email: krispy@soldierofcode.com
+executables: []
+
+extensions: []
+
+extra_rdoc_files: 
+- README
+files: 
+- AUTHORS
+- Change.log
+- README
+- Rakefile
+- VERSION
+- example/Makefile
+- example/README
+- example/app1/README
+- example/app1/app1.rb
+- example/app1/app1_deligate.rb
+- example/app1/views/layout.haml
+- example/app2/README
+- example/app2/app2.rb
+- example/app2/views/layout.haml
+- example/config.ru
+- example/login_handler/README
+- example/login_handler/login_handler.rb
+- example/login_handler/views/index.haml
+- example/login_handler/views/layout.haml
+- example/login_handler/views/login.haml
+- lib/watch-tower.rb
+has_rdoc: true
+homepage: http://github.com/kuccello/watch-tower
+licenses: []
+
+post_install_message: 
+rdoc_options: 
+- --charset=UTF-8
+require_paths: 
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement 
+  requirements: 
+  - - ">="
+    - !ruby/object:Gem::Version 
+      version: "0"
+  version: 
+required_rubygems_version: !ruby/object:Gem::Requirement 
+  requirements: 
+  - - ">="
+    - !ruby/object:Gem::Version 
+      version: "0"
+  version: 
+requirements: []
+
+rubyforge_project: 
+rubygems_version: 1.3.5
+signing_key: 
+specification_version: 3
+summary: Rack Middleware for multi app authentication - All along the watchtower - 'there must be some kinda way outa here said the joker to the thief'
+test_files: []
+