webhookdb 0.1.0

data/lib/webhookdb/service/auth.rb

@@ -0,0 +1,138 @@
+# frozen_string_literal: true
+
+require "appydays/configurable"
+require "warden"
+
+class Webhookdb::Service::Auth
+  include Appydays::Configurable
+
+  class PasswordStrategy < Warden::Strategies::Base
+    def valid?
+      params["password"] && params["email"]
+    end
+
+    def authenticate!
+      customer = self.lookup_customer
+      success!(customer) if customer
+    end
+
+    protected def lookup_customer
+      customer = Webhookdb::Customer.with_email(params["email"].strip)
+      if customer.nil?
+        fail!("No customer with that email")
+        return nil
+      end
+      return customer if customer.authenticate(params["password"])
+      fail!("Incorrect password")
+      return nil
+    end
+  end
+
+  class AdminPasswordStrategy < PasswordStrategy
+    def authenticate!
+      return unless (customer = self.lookup_customer)
+      unless customer.admin?
+        fail!
+        return
+      end
+      success!(customer)
+    end
+  end
+
+  # Create the middleware for a Warden auth failure.
+  # Is not a 'normal' Rack middleware, which normally accepts 'app' in the initializer and has
+  # 'call' as an instance method.
+  # See https://github.com/wardencommunity/warden/wiki/Setup
+  class FailureApp
+    def self.call(env)
+      warden_opts = env.fetch("warden.options", {})
+      msg = warden_opts[:message] || env["webhookdb.authfailuremessage"] || "Unauthorized"
+      body = Webhookdb::Service.error_body(401, msg)
+      return 401, {"Content-Type" => "application/json"}, [body.to_json]
+    end
+  end
+
+  # Middleware to use for Grape admin auth.
+  # See https://github.com/ruby-grape/grape#register-custom-middleware-for-authentication
+  # NOTE: Callers can use auth(nil) to disable auth for specific endpoints.
+  class Admin
+    def initialize(app, *_args)
+      @app = app
+    end
+
+    def call(env)
+      return @app.call(env) if Skip.skip?(@app)
+      warden = env["warden"]
+      customer = warden.authenticate!(scope: :admin)
+
+      unless customer.admin?
+        body = Webhookdb::Service.error_body(401, "Unauthorized")
+        return 401, {"Content-Type" => "application/json"}, [body.to_json]
+      end
+      return @app.call(env)
+    end
+  end
+
+  # Custom auth strategies can check if their child app is a :skip auth,
+  # and if so, skip auth. Allows unauthed endpoints under authed endpoints.
+  class Skip
+    def self.skip?(app)
+      return app.options[:type] == :skip
+    end
+
+    def initialize(app, *_args)
+      @app = app
+    end
+
+    def call(env)
+      return @app.call(env)
+    end
+  end
+
+  Warden::Manager.serialize_into_session(&:id)
+  Warden::Manager.serialize_from_session { |id| Webhookdb::Customer[id] }
+
+  Warden::Strategies.add(:password, PasswordStrategy)
+  Warden::Strategies.add(:admin_password, AdminPasswordStrategy)
+
+  # Restore the /unauthenticated route to what it originally was.
+  # This is an API, not a rendered app...
+  Warden::Manager.before_failure do |env, opts|
+    env["PATH_INFO"] = opts[:attempted_path]
+  end
+
+  def self.add_warden_middleware(builder)
+    builder.use Warden::Manager do |manager|
+      # manager.default_strategies :password
+      manager.failure_app = FailureApp
+
+      manager.scope_defaults(:customer, strategies: [:password])
+      manager.scope_defaults(:admin, strategies: [:admin_password])
+    end
+  end
+
+  class Impersonation
+    attr_reader :admin_customer, :warden
+
+    def initialize(warden)
+      @warden = warden
+    end
+
+    def is?
+      return false unless self.warden.authenticated?(:admin)
+      return self.warden.session(:admin)["impersonating"].present?
+    end
+
+    def on(target_customer)
+      self.warden.session(:admin)["impersonating"] = target_customer.id
+      self.warden.logout(:customer)
+      self.warden.set_user(target_customer, scope: :customer)
+    end
+
+    def off(admin_customer)
+      self.warden.logout(:customer)
+      self.warden.session(:admin).delete("impersonating")
+      self.warden.set_user(admin_customer, scope: :customer)
+    end
+  end
+end

data/lib/webhookdb/service/collection.rb

@@ -0,0 +1,91 @@
+# frozen_string_literal: true
+
+require "appydays/loggable"
+require "grape"
+
+require "webhookdb/service" unless defined?(Webhookdb::Service)
+
+class Webhookdb::Service::Collection
+  extend Webhookdb::MethodUtilities
+
+  singleton_attr_reader :collection_entity_cache
+  @collection_entity_cache = {}
+
+  attr_reader :current_page, :items, :page_count, :total_count, :last_page
+
+  def self.from_dataset(ds)
+    if ds.respond_to?(:current_page)
+      return self.new(
+        ds.all,
+        current_page: ds.current_page,
+        page_count: ds.page_count,
+        total_count: ds.pagination_record_count,
+        last_page: ds.last_page?,
+      )
+    end
+    return self.from_array(ds.all)
+  end
+
+  def self.from_array(array)
+    return self.new(array, current_page: 1, page_count: 1, total_count: array.size, last_page: true)
+  end
+
+  def initialize(items, current_page:, page_count:, total_count:, last_page:)
+    @items = items
+    @current_page = current_page
+    @page_count = page_count
+    @last_page = last_page
+    @total_count = total_count
+  end
+
+  def last_page?
+    return @last_page
+  end
+
+  def more?
+    return !@last_page
+  end
+
+  module Helpers
+    def present_collection(collection, opts={})
+      item_entity = opts.delete(:with) || opts.delete(:using)
+      if !item_entity.nil? && (item_entity < Webhookdb::Service::Entities::Base)
+        # If we have a real entity, we only want message on the top level, not any nested
+        item_entity = Class.new(item_entity) do
+          unexpose :message
+        end
+      end
+      unless (collection_entity = Webhookdb::Service::Collection.collection_entity_cache[item_entity])
+        collection_entity = Class.new(Webhookdb::Service::Entities::Base) do
+          define_method(:object_type) do
+            "list"
+          end
+          expose :items, using: item_entity
+          expose :current_page
+          expose :page_count
+          expose :total_count
+          expose :more?, as: :has_more
+          expose :message do |_instance, options|
+            options[:message] || ""
+          end
+          expose :display_headers do |_, _|
+            item_entity.respond_to?(:display_headers) ? item_entity.send(:display_headers) : []
+          end
+        end
+        Webhookdb::Service::Collection.collection_entity_cache[item_entity] = collection_entity
+      end
+      opts[:with] = collection_entity
+
+      wrapped =
+        if collection.respond_to?(:dataset) || collection.is_a?(Sequel::Dataset)
+          Webhookdb::Service::Collection.from_dataset(collection)
+        elsif collection.is_a?(Webhookdb::Service::Collection)
+          collection
+        else
+          Webhookdb::Service::Collection.from_array(collection)
+        end
+
+      present wrapped, opts
+    end
+  end
+end

data/lib/webhookdb/service/entities.rb

@@ -0,0 +1,97 @@
+# frozen_string_literal: true
+
+require "grape_entity"
+
+module Webhookdb::Service::Entities
+  class Money < Grape::Entity
+    expose :cents
+    expose :currency do |obj|
+      obj.currency.iso_code
+    end
+  end
+
+  class TimeRange < Grape::Entity
+    expose :begin, as: :start
+    expose :end
+  end
+
+  class Base < Grape::Entity
+    extend Webhookdb::MethodUtilities
+
+    expose :object_type, as: :object, unless: ->(_, _) { self.object_type.nil? }
+
+    # Override this on entities that are addressable on their own
+    def object_type
+      return nil
+    end
+
+    def self.delegate_to(*names, safe: false, safe_with_default: nil)
+      return lambda do |instance|
+        names.reduce(instance) do |memo, name|
+          memo.send(name)
+        rescue NoMethodError => e
+          raise e unless safe || safe_with_default
+          return safe_with_default
+        end
+      end
+    end
+
+    def self.timezone(*lookup_path, field: nil)
+      return lambda do |instance, opts|
+        field ||= opts[:attr_path].last
+        tz = lookup_path.reduce(instance) do |memo, name|
+          memo.send(name)
+        rescue NoMethodError
+          nil
+        end
+        t = instance.send(field)
+        if tz.blank?
+          t
+        else
+          tz = tz.timezone if tz.respond_to?(:timezone)
+          tz = tz.time_zone if tz.respond_to?(:time_zone)
+          t.in_time_zone(tz).iso8601
+        end
+      end
+    end
+
+    expose :message do |_instance, options|
+      options[:message] || ""
+    end
+  end
+
+  class Image < Base
+    expose :url
+    expose :alt
+  end
+
+  class CurrentCustomer < Base
+    expose :id
+    expose :created_at
+    expose :email
+    expose :name
+    expose :roles do |instance|
+      instance.roles.map(&:name)
+    end
+    expose :impersonated do |_instance, options|
+      Webhookdb::Service::Auth::Impersonation.new(options[:env]["warden"]).is?
+    end
+  end
+
+  # Add an 'etag' field to the rendered entity.
+  # This should only be used on the root entity, and entities with etags should not be nested.
+  # Usage:
+  #
+  #   class DashboardEntity < BaseEntity
+  #     prepend Webhookdb::Service::Entities::EtaggedMixin
+  #     expose :my_field
+  #   end
+  module EtaggedMixin
+    def to_json(*)
+      serialized = super
+      raise TypeError, "EtaggedMixin can only be used for object entities" unless serialized[-1] == "}"
+      etag = Digest::MD5.hexdigest(Webhookdb::COMMIT.to_s + serialized)
+      return serialized[...-1] + ",\"etag\":\"#{etag}\"}"
+    end
+  end
+end

data/lib/webhookdb/service/helpers.rb

@@ -0,0 +1,270 @@
+# -*- ruby -*-
+# frozen_string_literal: true
+
+require "appydays/loggable"
+require "grape"
+
+require "webhookdb/service" unless defined?(Webhookdb::Service)
+require "webhookdb/service/collection"
+
+# A collection of helper functions that can be included
+module Webhookdb::Service::Helpers
+  extend Grape::API::Helpers
+  include Webhookdb::Service::Collection::Helpers
+
+  def logger
+    return Webhookdb::Service.logger
+  end
+
+  # Return the currently-authenticated user,
+  # or respond with a 401 if there is no authenticated user.
+  def current_customer
+    return _check_customer_deleted(env["warden"].authenticate!(scope: :customer), admin_customer?)
+  end
+
+  # Return the currently-authenticated user,
+  # or respond nil if there is no authenticated user.
+  def current_customer?
+    return _check_customer_deleted(env["warden"].user(scope: :customer), admin_customer?)
+  end
+
+  def admin_customer
+    return _check_customer_deleted(env["warden"].authenticate!(scope: :admin), nil)
+  end
+
+  def admin_customer?
+    return _check_customer_deleted(env["warden"].authenticate(scope: :admin), nil)
+  end
+
+  def authenticate!
+    warden = env["warden"]
+    user = warden.authenticate!(scope: :customer)
+    warden.set_user(user, scope: :admin) if user.admin?
+    return user
+  end
+
+  # Handle denying authentication if the given user cannot auth.
+  # That is:
+  # - if we have an admin, but they should not be (deleted or missing role), throw unauthed error.
+  # - if current user is nil, return nil, since the caller can handle it.
+  # - if current user is deleted and there is no admin, throw unauthed error.
+  # - if current user is deleted and admin is deleted, throw unauthed error.
+  # - otherwise, return current user.
+  #
+  # The scenarios this covers are:
+  # - Normal users cannot auth if deleted.
+  # - Admins can sudo deleted users, and current_customer still works.
+  # - Deleted admins cannot auth or get their sudo'ed user.
+  #
+  # NOTE: It is safe to throw unauthed errors for deleted users-
+  # this does not expose whether a user exists or not,
+  # because the only way to call this is via cookies,
+  # and cookies are encrypted. So it is impossible to force requests
+  # trying to auth/check auth for a user without knowing the secret.
+  def _check_customer_deleted(user, potential_admin)
+    return nil if user.nil?
+    if potential_admin && (potential_admin.soft_deleted? || !potential_admin.roles.include?(Webhookdb::Role.admin_role))
+      delete_session_cookies
+      unauthenticated!
+    end
+    if user.soft_deleted? && potential_admin.nil?
+      delete_session_cookies
+      unauthenticated!
+    end
+    return user
+  end
+
+  def delete_session_cookies
+    # Nope, cannot do this through Warden easily.
+    # And really we should have server-based sessions we can expire,
+    # but in the meantime, stomp on the cookie hard.
+    options = env[Rack::RACK_SESSION_OPTIONS]
+    options[:drop] = true
+    # Rack sends a cookie with an empty session, but let's tell the browser to actually delete the cookie.
+    cookies.delete(Webhookdb::Service::SESSION_COOKIE, domain: options[:domain], path: options[:path])
+  end
+
+  def set_customer(customer)
+    warden = env["warden"]
+    warden.set_user(customer, scope: :customer)
+    warden.set_user(customer, scope: :admin) if customer.admin?
+  end
+
+  def current_session_id
+    return env["rack.session"].id
+  end
+
+  def check_role!(customer, role_name)
+    has_role = customer.roles.find { |r| r.name == role_name }
+    return if has_role
+    role_exists = !Webhookdb::Role.where(name: role_name).empty?
+    raise "The role '#{role_name}' does not exist so cannot be checked. You need to create it first." unless role_exists
+    permission_error!("Sorry, this action is unavailable.")
+  end
+
+  def merror!(status, message, code: nil, more: {}, headers: {}, rollback_db: nil, alert: false)
+    header "Content-Type", "application/json"
+    body = Webhookdb::Service.error_body(status, message, code:, more:)
+    if alert
+      Sentry.with_scope do |scope|
+        scope&.set_extras(**body)
+        Sentry.capture_message(message)
+      end
+    end
+    if rollback_db
+      Webhookdb::Postgres.defer_after_rollback(rollback_db) do
+        error!(body, status, headers)
+      end
+      raise Sequel::Rollback
+    else
+      error!(body, status, headers)
+    end
+  end
+
+  def unauthenticated!
+    merror!(401, "Unauthenticated", code: "unauthenticated")
+  end
+
+  def unauthenticated_with_message!(msg)
+    env["webhookdb.authfailuremessage"] = msg
+    unauthenticated!
+  end
+
+  def forbidden!
+    merror!(403, "Forbidden", code: "forbidden")
+  end
+
+  def not_found!
+    merror!(404, "Not Found", code: "not_found")
+  end
+
+  def permission_error!(message)
+    merror!(403, message, code: "permission_check")
+  end
+
+  # Raise a 400 error for unstructured validation.
+  # @param errors [Array<String>,String] Error messages, like 'password is invalid'.
+  # @param message [String] If not given, build it from the errors list.
+  def invalid!(errors, message: nil)
+    errors = [errors] unless errors.respond_to?(:to_ary)
+    message ||= errors.join(", ").upcase_first
+    merror!(400, message, code: "validation_error", more: {errors:, field_errors: {}})
+  end
+
+  # Raise a 400 error for structured validation.
+  # @param field_errors [Hash<String, Array<String>>] If errors are tied to fields,
+  #   this is a hash where the key is the field name, and the value is an array of all validation messages.
+  #   For example, {password: ['is invalid']}
+  # @param message [String] If not given, build it from the errors list.
+  def invalid_fields!(field_errors, message: nil)
+    errors = field_errors.map { |field, field_errs| field_errs.map { |e| "#{field} #{e}" } }.flatten
+    message ||= errors.join(", ").upcase_first
+    merror!(400, message, code: "validation_error", more: {errors:, field_errors:})
+  end
+
+  def endpoint_removed!
+    merror!(
+      403,
+      "Sorry, this endpoint has been removed. Run `webhookdb update` to upgrade your CLI, " \
+      "or file a ticket at #{Webhookdb.oss_repo_url} for help.",
+      code: "endpoint_removed",
+    )
+  end
+
+  def search_param_to_sql(params, column, param: :search)
+    search = params[param]&.strip
+    return nil if search.blank? || search == "*"
+    term = "%#{search.strip}%"
+    return Sequel.ilike(column, term)
+  end
+
+  ### If +object+ is valid, save and return it.
+  ### If not, call invalid! witht the validation errors.
+  def save_or_error!(object)
+    if object.valid?
+      object.save_changes
+      return object
+    else
+      invalid_fields!(object.errors.to_h)
+    end
+  end
+
+  def paginate(dataset, params)
+    return dataset.paginate(params[:page], params[:per_page])
+  end
+
+  def order(dataset, params)
+    expr = params[:order_direction] == :asc ? Sequel.asc(params[:order_by]) : Sequel.desc(params[:order_by])
+    return dataset.order(expr, Sequel.desc(:id))
+  end
+
+  def use_http_expires_caching(expiration)
+    return unless Webhookdb::Service.endpoint_caching
+    header "Cache-Control", "public"
+    header "Expires", expiration.from_now.httpdate
+  end
+
+  # Set the provided, declared/valid parameters in params on model.
+  # Because Grape's `declared()` function *adds* parameters that are declared-but-not-provided,
+  # and its `params` value includes provided-but-not-declared entries,
+  # the fields we set are the intersection of the two.
+  def set_declared(model, params, ignore: [:id])
+    # If .to_h is used (rather than Grape's 'params' which is HashWithIndifferentAccess),
+    # the keys may be strings. We need to deep symbolize since nested hashes get to_h with 'symbolize_keys'.
+    params = params.deep_symbolize_keys
+    decl = declared_and_provided_params(params, exclude: ignore)
+    ignore.each { |k| decl.delete(k) }
+    decl.delete_if { |k| !params.key?(k) }
+    model.set(decl)
+  end
+
+  def declared_and_provided_params(params, exclude: [])
+    decl = declared(params)
+    exclude.each { |k| decl.delete(k) }
+    decl.delete_if { |k| !params.key?(k) }
+    return decl
+  end
+
+  params :money do
+    requires :cents, type: Integer
+    optional :currency, type: String, default: "USD"
+  end
+
+  params :time_range do
+    requires :start, as: :begin, type: Time
+    requires :end, type: Time
+  end
+
+  params :pagination do
+    optional :page, type: Integer, default: 1
+    optional :per_page, type: Integer, default: 100
+  end
+
+  params :searchable do
+    optional :search, type: String
+  end
+
+  params :order do |options|
+    optional :order_by, type: Symbol, values: options[:order_by], default: options[:default_order_by]
+    optional :order, type: Symbol, values: [:asc, :desc], default: options[:default_order]
+  end
+
+  params :ordering do |options|
+    default_order_by = options[:default] || :created_at
+    order_by_values = options[:values] || options[:model]&.columns
+    raise "Must provide :values or :model for possible orderings" unless order_by_values
+    optional :order_by, type: Symbol, values: order_by_values, default: default_order_by
+    optional :order_direction, type: Symbol, values: [:asc, :desc], default: :desc
+  end
+
+  params :address do
+    optional :address1, type: String, allow_blank: false
+    optional :address2, type: String
+    optional :city, type: String, allow_blank: false
+    optional :state_or_province, type: String, allow_blank: false
+    optional :postal_code, type: String, allow_blank: false
+    all_or_none_of :address1, :city, :state_or_province, :postal_code
+    optional :lat, type: Float
+    optional :lng, type: Float
+  end
+end