yus 1.0.0

data/lib/yus/entity.rb

@@ -0,0 +1,140 @@
+#!/usr/bin/env ruby
+# Entity -- yus -- 29.05.2006 -- hwyss@ywesee.com
+
+require 'yus/privilege'
+
+module Yus
+  class YusError < RuntimeError; end
+  class AuthenticationError < YusError; end
+  class CircularAffiliationError < YusError; end
+  class DuplicateNameError < YusError; end
+  class NotPrivilegedError < YusError; end
+  class UnknownEntityError < YusError; end
+  class Entity
+    attr_reader :name, :affiliations, :privileges
+    attr_accessor :valid_from, :valid_until
+    attr_writer :passhash
+    def initialize(name, valid_until=nil, valid_from=Time.now)
+      @name = name.to_s
+      @valid_until = valid_until
+      @valid_from = valid_from
+      @affiliations = []
+      @privileges = Hash.new(false)
+      @preferences = {}
+      @last_logins = {}
+      @tokens = {}
+    end
+    def allowed?(action, item=:everything)
+      valid? &&  privileged?(action, item) \
+        || @affiliations.any? { |entity| entity.allowed?(action, item) }
+    end
+    def authenticate(passhash)
+      @passhash == passhash.to_s
+    end
+    def authenticate_token(token)
+      if expires = (@tokens ||= {}).delete(token)
+        expires > Time.now
+      else
+        # Hacking-Attempt? Remove all Tokens for this user.
+        @tokens.clear
+        false
+      end
+    end
+    def detect_circular_affiliation(entity)
+      _detect_circular_affiliation(entity)
+    rescue CircularAffiliationError => error
+      error.message << ' <- "' << entity.name << '"'
+      raise
+    end
+    def grant(action, item=:everything, expires=:never)
+      action = Entity.sanitize(action)
+      (@privileges[action] ||= Privilege.new).grant(item, expires)
+    end
+    def info(recursive=false)
+      info = [ @name ]
+      @privileges.sort.each { |action, priv|
+        info.push [action, priv.info]
+      }
+      if recursive
+        @affiliations.sort_by { |entity| entity.name }.each { |entity|
+          info.push entity.info(true)
+        }
+      elsif !@affiliations.empty?
+        info.push @affiliations.collect { |entity| entity.name }.sort
+      end
+      info
+    end
+    def join(party)
+      unless(@affiliations.include?(party))
+        party.detect_circular_affiliation(self)
+        @affiliations.push(party)
+      end
+    end
+    def last_login(domain)
+      (@last_logins ||= {})[domain]
+    end
+    def leave(party)
+      @affiliations.delete(party)
+    end
+    def login(domain)
+      (@last_logins ||= {}).store(domain, Time.now)
+    end
+    def get_preference(key, domain='global')
+      domain_preferences(domain)[key] || domain_preferences('global')[key]
+    end
+    def privileged?(action, item=:everything)
+      (privilege = @privileges[Entity.sanitize(action)]) \
+        && privilege.granted?(item)
+    end
+    def privileged_until(action, item=:everything)
+      if(privilege = @privileges[Entity.sanitize(action)])
+        privilege.expiry_time(item)
+      else
+        raise NotPrivilegedError
+      end
+    end
+    def remove_token(token)
+      @tokens.delete(token) if @tokens
+    end
+    def rename(new_name)
+      @name = new_name
+    end
+    def revoke(action, item=:everything, time=nil)
+      action = Entity.sanitize(action)
+      if(priv = @privileges[action])
+        priv.revoke(item, time)
+      end
+    end
+    def set_preference(key, value, domain=nil)
+      domain_preferences(domain || 'global')[key] = value
+    end
+    def set_token(token, expires)
+      (@tokens ||= {}).store token, expires
+    end
+    def to_s
+      @name
+    end
+    def valid?
+      now = Time.now
+      @valid_from < now && (!@valid_until || @valid_until > now)
+    end
+    def Entity.sanitize(term)
+      term.to_s.downcase
+    end
+    protected
+    def _detect_circular_affiliation(entity)
+      if(@affiliations.include?(entity))
+        raise CircularAffiliationError, 
+          "circular affiliation detected: \"#{entity.name}\""
+      end
+      @affiliations.each { |aff| aff._detect_circular_affiliation(entity) }
+    rescue CircularAffiliationError => error
+      error.message << ' <- "' << @name << '"'
+      raise
+    end
+    private
+    def domain_preferences(domain)
+      @preferences[domain] ||= {}
+    end
+  end
+end

data/lib/yus/persistence/odba.rb

@@ -0,0 +1,77 @@
+#!/usr/bin/env ruby
+# Persistence::ODBA -- yus -- 31.05.2006 -- hwyss@ywesee.com
+
+require 'odba'
+require 'odba/drbwrapper'
+require 'yus/entity'
+require 'yus/server'
+require 'yus/session'
+
+module Yus
+  module Persistence
+    class Odba
+      def initialize
+        @entities = ODBA.cache.fetch_named('entities', self) { Hash.new }
+      end
+      def add_entity(entity)
+        @entities.store(Entity.sanitize(entity.name), entity)
+        entity.odba_store
+        @entities.odba_store
+        entity
+      end
+      def delete_entity(name)
+        if entity = @entities.delete(Entity.sanitize(name))
+          @entities.odba_store
+          affiliations = entity.affiliations
+          affiliations.odba_delete unless affiliations.odba_unsaved?
+          entity.odba_delete
+          entity
+        end
+      end
+      def entities
+        @entities.values
+      end
+      def find_entity(name)
+        @entities[Entity.sanitize(name)]
+      end
+      def save_entity(entity)
+        if(@entities[entity.name])
+          entity.odba_store
+        else
+          @entities.delete_if { |name, ent| ent.name == entity.name }
+          add_entity(entity)
+        end
+      end
+    end
+  end
+  class Entity
+    include ODBA::Persistable
+    ODBA_SERIALIZABLE = ['@last_logins', '@privileges', '@preferences', '@tokens']
+    alias :odba_join :join
+    alias :odba_leave :leave
+    def join(entity)
+      res = odba_join(entity)
+      @affiliations.odba_store
+      res
+    end
+    def leave(entity)
+      res = odba_leave(entity)
+      @affiliations.odba_store
+      res
+    end
+  end
+  class Server
+    alias :odba_login_entity :login_entity
+    alias :odba_login_root :login_root
+    def login_entity(*args)
+      if(entity = odba_login_entity(*args))
+        ODBA::DRbWrapper.new(entity)
+      end
+    end
+    def login_root(*args)
+      if(root = odba_login_root(*args))
+        ODBA::DRbWrapper.new(root)
+      end
+    end
+  end
+end

data/lib/yus/persistence/og.rb

@@ -0,0 +1,37 @@
+#!/usr/bin/env ruby
+# Persistence::Og -- yus -- 31.05.2006 -- hwyss@ywesee.com
+
+require 'og'
+require 'yus/entity'
+require 'yus/server'
+
+module Yus
+  module Persistence
+    class Og
+      def add_entity(entity)
+        entity.save
+      end
+      def entities
+        Entity.find_all
+      end
+      def find_entity(name)
+        Entity.find_by_name(name)
+      end
+      def save_entity(entity)
+        entity.save
+      end
+    end
+  end
+  class Privilege
+    property :expiry_time, Time
+    property :items, Hash
+  end
+  class Entity
+    property :name, String
+    property :valid_from, Time
+    property :valid_until, Time
+    property :preferences, Hash
+    has_many :affiliations, Entity
+    has_many :privileges, Privilege
+  end
+end

data/lib/yus/privilege.rb

@@ -0,0 +1,63 @@
+#!/usr/bin/env ruby
+# Privilege -- yus -- 31.05.2006 -- hwyss@ywesee.com
+
+module Yus
+  class Privilege
+    attr_writer :expiry_time
+    def initialize
+      @items = {}
+    end
+    def expiry_time(item=:everything)
+      if(time = [@items[item], @items[:everything]].compact.max)
+        time if time.is_a?(Time)
+      else
+        raise NotPrivilegedError
+      end
+    end
+    def grant(item, expiry_time=:never)
+      @items.store(item, expiry_time)
+    end
+    def granted?(item)
+      if(expiry_time = @items[item])
+        case expiry_time
+        when Time
+          Time.now < expiry_time
+        else
+          true
+        end
+      elsif(@items.include?(:everything))
+        # check time
+        granted?(:everything)
+      else
+        item = item.to_s.dup
+        if(item[-1] != ?*)
+          while(!item.empty?)
+            item.slice!(/[^.]*$/)
+            if(granted?(item + "*"))
+              return true
+            end
+            item.chop!
+          end
+        end
+        false
+      end
+    end
+    def info
+      @items.collect { |item, time|
+        info = [item.to_s]
+        if time.is_a?(Time)
+          info.push time
+        end
+        info
+      }.sort
+    end
+    def revoke(item, expiry_time=nil)
+      case expiry_time
+      when Time
+        @items.store(item, expiry_time)
+      else
+        @items.delete(item)
+      end
+    end
+  end
+end

data/lib/yus/server.rb

@@ -0,0 +1,116 @@
+#!/usr/bin/env ruby
+# Server -- yus -- 31.05.2006 -- hwyss@ywesee.com
+
+require 'drb'
+require 'yus/entity'
+require 'yus/session'
+require 'needle'
+
+VERSION = '1.0.0'
+
+module Yus
+  class Server
+    def initialize(persistence, config, logger)
+      @needle = Needle::Registry.new
+      @needle.register(:persistence) { persistence }
+      @needle.register(:config) { config }
+      @needle.register(:logger) { logger }
+      @sessions = []
+      run_cleaner
+    end
+    def autosession(domain, &block)
+      session = AutoSession.new(@needle, domain)
+      block.call(session)
+    end
+    def login(name, password, domain)
+      @needle.logger.info(self.class) { 
+        sprintf('Login attempt for %s from %s', name, domain)
+      }
+      hash = @needle.config.digest.hexdigest(password.to_s)
+      session = login_root(name, hash, domain) \
+        || login_entity(name, hash, domain) # raises YusError
+      @sessions.push(session)
+      session
+    end
+    def login_token(name, token, domain)
+      entity = authenticate_token(name, token)
+      entity.login(domain)
+      @needle.persistence.save_entity(entity)
+      timeout = entity.get_preference("session_timeout", domain) \
+        || @needle.config.session_timeout
+      TokenSession.new(@needle, entity, domain)
+    end
+    def logout(session)
+      @needle.logger.info(self.class) { 
+        sprintf('Logout for %s', session)
+      }
+      @sessions.delete(session)
+      if(session.respond_to?(:destroy!))
+        session.destroy! 
+      end
+    end
+    def ping
+      true
+    end
+    private
+    def authenticate(name, passhash)
+      user = @needle.persistence.find_entity(name) \
+        or raise UnknownEntityError, "Unknown Entity '#{name}'"
+      user.authenticate(passhash) \
+        or raise AuthenticationError, "Wrong password"
+      @needle.logger.info(self.class) { 
+        sprintf('Authentication succeeded for %s', name)
+      }
+      user
+    rescue YusError
+      @needle.logger.warn(self.class) { 
+        sprintf('Authentication failed for %s', name)
+      }
+      raise
+    end
+    def authenticate_token(name, token)
+      user = @needle.persistence.find_entity(name) \
+        or raise UnknownEntityError, "Unknown Entity '#{name}'"
+      user.authenticate_token(token) \
+        or raise AuthenticationError, "Wrong token or token expired"
+      @needle.logger.info(self.class) { 
+        sprintf('Token-Authentication succeeded for %s', name)
+      }
+      user
+    rescue YusError
+      @needle.persistence.save_entity(user) if user
+      @needle.logger.warn(self.class) { 
+        sprintf('Token-Authentication failed for %s', name)
+      }
+      raise
+    end
+    def clean
+      @sessions.delete_if { |session| session.expired? }
+    end
+    def login_entity(name, passhash, domain)
+      entity = authenticate(name, passhash)
+      entity.login(domain)
+      @needle.persistence.save_entity(entity)
+      timeout = entity.get_preference("session_timeout", domain) \
+        || @needle.config.session_timeout
+      EntitySession.new(@needle, entity, domain)
+    end
+    def login_root(name, passhash, domain)
+      if(name == @needle.config.root_name \
+         && passhash == @needle.config.root_pass)
+        @needle.logger.info(self.class) { 
+          sprintf('Authentication succeeded for root: %s', name)
+        }
+        RootSession.new(@needle)
+      end
+    end
+    def run_cleaner
+      @cleaner = Thread.new {
+        loop {
+          sleep(@needle.config.cleaner_interval)
+          clean 
+        }
+      }
+    end
+  end
+end