yiffspace 0.0.1

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: d76f09af3606e844dc35e1d97ce80a14eb6d99a989d421ec0e8a81ba6a3735f7
+  data.tar.gz: b81ec5a4ad23d5e0606fd8247f5b09537078fb9fe271c3a72ac3442963b3554f
+SHA512:
+  metadata.gz: 39fcd8410ca585b80edd98ce465d62c188c54a967db2cd98158306c313deaf6b8ea73e3ab3208b2e3cf69100fad641a763a25eecefbbf4a1cc31474851619b3d
+  data.tar.gz: 776dd1d3c6c53d1746fd7f671a2ce9667263ee031a34a7329054e753d4415bb0f1cf3d5432c34c258059aeab3bc652fccd57c1b7ed6e6226aaddee94fc93b5cc

data/LICENSE

@@ -0,0 +1,20 @@
+Copyright Donovan_DMC
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.md

@@ -0,0 +1,25 @@
+# YiffSpace
+
+Collection of ruby code for https://yiff.space and related projects
+
+## Installation
+
+Add this line to your application's Gemfile:
+
+```ruby
+gem "yiffspace"
+```
+
+And then execute:
+
+```bash
+$ bundle install
+```
+
+## Contributing
+
+Go away
+
+## License
+
+The gem is available as open source under the terms of the [MIT License](https://opensource.org/licenses/MIT).

data/Rakefile

@@ -0,0 +1,10 @@
+# frozen_string_literal: true
+
+require("bundler/setup")
+
+APP_RAKEFILE = File.expand_path("test/dummy/Rakefile", __dir__)
+load("rails/tasks/engine.rake")
+
+load("rails/tasks/statistics.rake")
+
+require("bundler/gem_tasks")

data/app/assets/config/yiff_space_manifest.js

@@ -0,0 +1 @@
+//= link_directory ../stylesheets/yiffspace .css

data/app/assets/stylesheets/yiff_space/application.css

@@ -0,0 +1,30 @@
+/*
+ * This is a manifest file that'll be compiled into application.css, which will include all the files
+ * listed below.
+ *
+ * Any CSS and SCSS file within this directory, lib/assets/stylesheets, vendor/assets/stylesheets,
+ * or any plugin's vendor/assets/stylesheets directory can be referenced here using a relative path.
+ *
+ * You're free to add application-wide styles to this file and they'll appear at the bottom of the
+ * compiled file so the styles you add here take precedence over styles defined in any other CSS/SCSS
+ * files in this directory. Styles in this file should be added after the last require_* statement.
+ * It is generally better to create a new file per style scope.
+ *
+ *= require_tree .
+ *= require_self
+ */
+
+body {
+    background-color: #2C2F33;
+    color: #FFFDD0;
+    font-size: 2rem;
+}
+
+body div#page {
+    text-align: center;
+
+    ul.permissions-list {
+        display: inline-block;
+        text-align: left;
+    }
+}

data/app/controllers/yiff_space/application_controller.rb

@@ -0,0 +1,6 @@
+# frozen_string_literal: true
+
+module YiffSpace
+  class ApplicationController < ActionController::Base
+  end
+end

data/app/helpers/yiff_space/application_helper.rb

@@ -0,0 +1,6 @@
+# frozen_string_literal: true
+
+module YiffSpace
+  module ApplicationHelper
+  end
+end

data/app/helpers/yiff_space/auth_helper.rb

@@ -0,0 +1,6 @@
+# frozen_string_literal: true
+
+module YiffSpace
+  module AuthHelper
+  end
+end

data/app/models/yiff_space/application_record.rb

@@ -0,0 +1,7 @@
+# frozen_string_literal: true
+
+module YiffSpace
+  class ApplicationRecord < ActiveRecord::Base
+    self.abstract_class = true
+  end
+end

data/app/views/layouts/yiff_space/application.html.erb

@@ -0,0 +1,17 @@
+<!DOCTYPE html>
+<html>
+<head>
+  <title>YiffSpace</title>
+  <%= csrf_meta_tags %>
+  <%= csp_meta_tag %>
+
+  <%= stylesheet_link_tag("yiffspace/application", media: "all") %>
+</head>
+<body>
+
+<div id="page">
+  <%= yield %>
+</div>
+
+</body>
+</html>

data/app/views/yiff_space/error.html.erb

@@ -0,0 +1,3 @@
+<%# locals: (message:) %>
+<h1 class="title">Error</h1>
+<p class="message"><%= message %></p>

data/engines/auth/app/controllers/yiff_space/auth/application_controller.rb

@@ -0,0 +1,11 @@
+# frozen_string_literal: true
+
+module YiffSpace
+  module Auth
+    class ApplicationController < ::YiffSpace::ApplicationController
+      include(Helper)
+
+      helper(Helper)
+    end
+  end
+end

data/engines/auth/app/controllers/yiff_space/auth/root_controller.rb

@@ -0,0 +1,67 @@
+# frozen_string_literal: true
+
+module YiffSpace
+  module Auth
+    class RootController < ApplicationController
+      include(Helper)
+
+      def show
+        state            = generate_state!
+        self.return_path = params[:path]
+        redirect_to(auth_client_config.url(state: state), allow_other_host: true)
+      end
+
+      def cb
+        return render("yiffspace/error", locals: { message: "missing code in request" }, status: :bad_request) if params[:code].blank?
+        return render("yiffspace/error", locals: { message: "missing state in request" }, status: :bad_request) if params[:state].blank?
+        return render("yiffspace/error", locals: { message: "invalid state in request" }, status: :bad_request) if params[:state] != state
+
+        reset_state!
+        exchange  = auth_client_config.exchange(params[:code])
+        self.auth = exchange.auth
+        self.user = exchange.user
+        path      = return_path
+        action    = auth_client_config.after_auth_action
+        reset_return_path!
+        if action.is_a?(Proc)
+          instance_exec(*(action.arity.zero? ? [] : [path]), &action)
+          return if performed?
+        elsif action.is_a?(String)
+          return redirect_to(action)
+        end
+
+        redirect_to(path || "/")
+      end
+
+      def permissions; end
+
+      def logout
+        return redirect_back_or_to("/") if auth.blank? && user.blank?
+
+        self.return_path = params[:path] # sanitization
+        path             = return_path
+        action           = auth_client_config.after_logout_action
+        full_reset!
+        if action.is_a?(Proc)
+          action.call(*[self, path].slice(0, action.arity))
+          return if performed?
+        elsif action.is_a?(String)
+          return redirect_to(action)
+        end
+
+        redirect_to(path || "/")
+      end
+
+      def debug
+        return render("yiffspace/error", locals: { message: "Access Denied" }, status: :forbidden) unless YiffSpace::Auth.enable_debug_action?
+
+        render(json: {
+          env:     request.env.select { |env| env.start_with?("yiffspace.") },
+          params:  params,
+          session: session,
+          client:  auth_client_config.as_json.merge(client_secret: "[REDACTED]"),
+        })
+      end
+    end
+  end
+end

data/engines/auth/app/views/yiff_space/auth/root/permissions.html.erb

@@ -0,0 +1,14 @@
+<h1 class="title">Permissions</h1>
+<% if auth? %>
+  <% if auth.permissions.any? %>
+    <ul class="permissions-list">
+      <% auth.permissions.each do |perm| %>
+        <li class="permission"><%= perm %></li>
+      <% end %>
+    </ul>
+  <% else %>
+    <p class="message">You have no permissions.</p>
+  <% end %>
+<% else %>
+  <p class="message">You are not logged in.</p>
+<% end %>

data/engines/auth/config/routes.rb

@@ -0,0 +1,11 @@
+# frozen_string_literal: true
+
+YiffSpace::Auth::Engine.routes.draw do
+  constraints(YiffSpace::Auth::SetClientName.default) do
+    get(:cb, controller: :root)
+    get(:logout, controller: :root)
+    get(:permissions, controller: :root)
+    get(:debug, controller: :root) if YiffSpace::Auth.enable_debug_action?
+    root(action: :show, controller: :root, as: :auth)
+  end
+end

data/lib/tasks/yiff_space_tasks.rake

@@ -0,0 +1,6 @@
+# frozen_string_literal: true
+
+# desc "Explaining what the task does"
+# task :yiffspace do
+#   # Task goes here
+# end

data/lib/yiffspace/auth/auth_info/anonymous.rb

@@ -0,0 +1,64 @@
+# frozen_string_literal: true
+
+require("singleton")
+
+module YiffSpace
+  module Auth
+    class AuthInfo
+      class Anonymous
+        include(::Singleton)
+
+        %i[id token].each do |attr|
+          define_method(attr) { |*, **| raise(NotImplementedError, "#{attr} is not present on anonymous auth") }
+        end
+
+        def entitlements
+          []
+        end
+
+        def roles
+          []
+        end
+
+        def permissions
+          Permissions.new([])
+        end
+
+        def has_permission?(*)
+          false
+        end
+
+        def anonymous?
+          true
+        end
+
+        # this feels wrong, but it hopefully shouldn't break anything
+        def present?
+          false
+        end
+
+        def blank?
+          true
+        end
+
+        def serializable_hash(*)
+          nil
+        end
+
+        def to_session
+          serializable_hash
+        end
+
+        def self.from_json(*)
+          Anonymous.new
+        end
+
+        def self.from_session(data)
+          return nil if data.blank?
+
+          from_json(data)
+        end
+      end
+    end
+  end
+end

data/lib/yiffspace/auth/auth_info.rb

@@ -0,0 +1,74 @@
+# frozen_string_literal: true
+
+module YiffSpace
+  module Auth
+    class AuthInfo
+      attr_reader(:id, :token, :entitlements, :roles, :permissions)
+
+      # @param id String
+      # @param roles Array(String)
+      # @param entitlements Array(String)
+      # @param token OpenIDConnect::AccessToken
+      def initialize(id:, entitlements:, roles:, token:)
+        raise(ArgumentError, "no id provided") if id.blank?
+        raise(ArgumentError, "no token provided") if token.blank?
+
+        @id           = id
+        @token        = token
+        @entitlements = Array(entitlements)
+        @roles        = Array(roles)
+        @permissions  = Permissions.new(@entitlements)
+      end
+
+      def anonymous?
+        false
+      end
+
+      # this feels wrong, but it hopefully shouldn't break anything
+      def present?
+        true
+      end
+
+      def blank?
+        false
+      end
+
+      def has_permission?(name)
+        permissions.include?(name.to_s)
+      end
+
+      def serializable_hash(*)
+        {
+          "id"           => id,
+          "token"        => ::YiffSpace::Auth.serialize_token(token),
+          "entitlements" => entitlements,
+          "roles"        => roles,
+        }
+      end
+
+      def to_session
+        serializable_hash
+      end
+
+      def self.from_json(data)
+        raise(ArgumentError, "invalid data") if data.blank?
+
+        data = JSON.parse(data) if data.is_a?(String)
+        data = ::YiffSpace::Utils::OpenHash.from(data)
+
+        new(
+          id:           data.id,
+          token:        ::YiffSpace::Auth.unserialize_token(data.token),
+          entitlements: data.entitlements,
+          roles:        data.roles,
+        )
+      end
+
+      def self.from_session(data)
+        return nil if data.blank?
+
+        from_json(data)
+      end
+    end
+  end
+end

data/lib/yiffspace/auth/client.rb

@@ -0,0 +1,58 @@
+# frozen_string_literal: true
+
+module YiffSpace
+  module Auth
+    class Client
+      attr_accessor(:client_name, :client_id, :client_secret, :redirect_uri,
+                    :server_url, :scopes, :auth_session_key, :user_session_key,
+                    :token_session_key, :return_path_session_key, :state_session_key,
+                    :state_generator, :after_auth_action, :after_logout_action,
+                    :update_discord_images)
+
+      attr_reader(:name)
+
+      def initialize(name)
+        @name                    = name.to_sym
+        @server_url              = "https://auth.yiff.space"
+        @redirect_uri            = "http://127.0.0.1:3000/auth/cb"
+        @scopes                  = %i[openid discord offline_access entitlements]
+        @auth_session_key        = :"yiffspace_auth_#{name}"
+        @user_session_key        = :"yiffspace_user_#{name}"
+        @token_session_key       = :"yiffspace_token_#{name}"
+        @return_path_session_key = :"yiffspace_return_path_#{name}"
+        @state_session_key       = :"yiffspace_state_#{name}"
+        @state_generator         = -> { SecureRandom.hex(48) }
+        @update_discord_images   = true
+      end
+
+      def openid_config
+        @openid_config ||= OpenIDConnect::Discovery::Provider::Config.discover!("#{server_url}/application/o/#{client_name}/")
+      end
+
+      def oidc_client
+        @oidc_client ||= OpenIDConnect::Client.new(
+          identifier:             client_id,
+          secret:                 client_secret,
+          redirect_uri:           redirect_uri,
+          authorization_endpoint: openid_config.authorization_endpoint,
+          token_endpoint:         openid_config.token_endpoint,
+          userinfo_endpoint:      openid_config.userinfo_endpoint,
+        )
+      end
+
+      def url(state: nil)
+        oidc_client.authorization_uri(scope: scopes, state: state)
+      end
+
+      def exchange(code)
+        oidc_client.authorization_code = code
+        token                          = oidc_client.access_token!
+        user                           = token.userinfo!
+        id                             = user.raw_attributes["discord"]["id"]
+        authinfo                       = AuthInfo.new(token: token, entitlements: user.raw_attributes["entitlements"], roles: user.raw_attributes["roles"], id: id)
+        userinfo                       = UserInfo.new(user: user, id: id, discord: user.raw_attributes["discord"], client_id: oidc_client.identifier)
+        Auth::ExchangeResponse.new(authinfo, userinfo)
+      end
+    end
+  end
+end

data/lib/yiffspace/auth/discord_info.rb

@@ -0,0 +1,63 @@
+# frozen_string_literal: true
+
+module YiffSpace
+  module Auth
+    class DiscordInfo
+      ATTRIBUTES = %i[id flags avatar banner locale username avatar_url banner_url global_name mfa_enabled public_flags discriminator].freeze
+      attr_reader(*ATTRIBUTES)
+
+      def initialize(options = {}, **kwargs)
+        options = options.merge(kwargs).with_indifferent_access
+        ATTRIBUTES.each do |attr|
+          instance_variable_set("@#{attr}", options[attr])
+        end
+
+        return unless YiffSpace.config.auth.update_discord_images
+
+        last_avatar = Rails.cache.fetch("yiffspace:auth:discord_avatar_update:#{id}")
+        last_banner = Rails.cache.fetch("yiffspace:auth:discord_banner_update:#{id}")
+
+        if last_avatar != avatar
+          Rails.cache.write("yiffspace:auth:discord_avatar_update:#{id}", avatar, expires_in: 30.days)
+          update_avatar
+        end
+
+        return unless last_banner != banner
+
+        Rails.cache.write("yiffspace:auth:discord_banner_update:#{id}", banner, expires_in: 30.days)
+        update_banner
+      end
+
+      def update_avatar
+        Images::Avatar.get_for(id, :discord).update(avatar)
+      end
+
+      def update_banner
+        Images::Banner.get_for(id, :discord).update(banner)
+      end
+
+      def serializable_hash
+        ATTRIBUTES.to_h { |key| [key.to_s, instance_variable_get("@#{key}")] }
+      end
+
+      def to_session
+        serializable_hash
+      end
+
+      def self.from_json(data)
+        raise(ArgumentError, "invalid data") if data.blank?
+
+        data = JSON.parse(data) if data.is_a?(String)
+        data = ::YiffSpace::Utils::OpenHash.from(data)
+
+        new(data)
+      end
+
+      def self.from_session(data)
+        return nil if data.blank?
+
+        from_json(data)
+      end
+    end
+  end
+end

data/lib/yiffspace/auth/engine.rb

@@ -0,0 +1,57 @@
+# frozen_string_literal: true
+
+require("rails")
+
+module YiffSpace
+  module Auth
+    class Engine < ::Rails::Engine
+      isolate_namespace(YiffSpace::Auth)
+      config.root        = File.expand_path("../../../engines/auth", __dir__)
+      shared_root        = File.expand_path("../../../app", __dir__)
+      shared_controllers = "#{shared_root}/controllers"
+      shared_helpers     = "#{shared_root}/helpers"
+      shared_models      = "#{shared_root}/models"
+      shared_views       = "#{shared_root}/views"
+      shared_assets      = "#{shared_root}/assets"
+
+      paths["app/controllers"] << shared_controllers
+      paths["app/helpers"] << shared_helpers
+      paths["app/models"] << shared_models
+      paths["app/views"] << shared_views
+      paths["app/assets"] << shared_assets
+
+      config.autoload_paths   += [shared_controllers, shared_helpers, shared_models]
+      config.eager_load_paths += [shared_controllers, shared_helpers, shared_models]
+
+      initializer("yiffspace.auth.asset_paths") do |app|
+        if app.config.respond_to?(:assets)
+          app.config.assets.paths << "#{shared_assets}/config"
+          app.config.assets.precompile += %w[yiffspace/application.css]
+        end
+      end
+
+      class << self
+        def for(name)
+          @instances              ||= {}
+          @instances[name.to_sym] ||= begin
+            subclass = Class.new(self)
+            subclass.engine_name("yiffspace_auth_#{name}")
+            # Inherit isolation settings that aren't copied from the parent class
+            subclass.instance_variable_set(:@isolated, true)
+            subclass.routes.default_scope = { module: "yiffspace/auth" }
+            subclass.routes.draw do
+              constraints(SetClientName.new(name)) do
+                get(:cb, controller: :root)
+                get(:logout, controller: :root)
+                get(:permissions, controller: :root)
+                get(:debug, controller: :root) if ::YiffSpace::Auth.enable_debug_action?
+                root(action: :show, controller: :root, as: :auth)
+              end
+            end
+            subclass
+          end
+        end
+      end
+    end
+  end
+end