zas-service 0.0.1

data/LICENSE

@@ -0,0 +1,7 @@
+Copyright (c) 2012 Anthony Eden
+
+Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.md

@@ -0,0 +1,60 @@
+# Zero Authentication Service
+
+Zas is an authentication service build on 0mq. It is designed to accept credentials and verify them against a data store. The purpose of Zas is for simple and fast authentication in Service Oriented Architectures.
+
+## Installing the service
+
+    gem install bundler
+    bundle install
+
+## Running the Service
+
+General usage. This example assumes an in-memory database and uses Sequel to connect to that database.
+
+    # connect to the database
+    require 'sequel'
+    db = Sequel.connect(db_url)
+
+    # set up the authenticator
+    authenticator = Zas::Authenticators::SequelPasswordAuthenticator.new(db)
+    
+    # construct the service and add the authenticator
+    service = Zas::Service.new
+    service.authenticators['http_basic_auth'] = Zas::Authenticators::FilteredAuthenticator.new(
+      sequel_authenticator, [Zas::Filters::HttpBasicAuth]
+    )
+
+    # run the service
+    service.run
+
+Running from irb:
+
+    bundle exec irb -Ilib -rzas
+    => # as above
+
+## Configuration
+
+You may provide a service configuration to the service initializer:
+
+    config = Zas::ServiceConfiguration.new(:host => '127.0.0.1', :port => '6000', :name => 'my-service')
+    Zas::Service.new(config).run
+
+The following options are available:
+
+ * host - The host to listen to. Either * or an IP address. Defaults to *
+ * port - The port to listen to. Defaults to 5555
+ * name - A name to use in log messages. Defaults to zas-service
+  
+## Logging
+
+All logging will be sent to syslog.
+
+## Notes
+
+This library is not thread-safe.
+
+## Integration Specs
+
+To run the integration specs:
+
+    rake -Ilib integrations

data/lib/zas.rb

@@ -0,0 +1,3 @@
+module Zas
+  require 'zas/service'
+end

data/lib/zas/authenticators.rb

@@ -0,0 +1,6 @@
+module Zas
+  module Authenticators
+    require 'zas/authenticators/filtered_authenticator'
+    require 'zas/authenticators/sequel_password_authenticator'
+  end
+end

data/lib/zas/authenticators/filtered_authenticator.rb

@@ -0,0 +1,35 @@
+module Zas
+  module Authenticators
+    # An authenticator that filters the credentials through 1 or more filters that can transform
+    # the credentials before passing them to another authenticator.
+    #
+    # Example:
+    #
+    #   authenticator = FilteredAuthenticator.new(MyRealAuthenticator.new, [SomeFilter, SomeOtherFilter])
+    #   authenticator.authenticate(credentials)
+    class FilteredAuthenticator
+      # Initialize the filtered authenticator with the given delegate
+      # and filters. Filters will be applied when the authentication
+      # occurs.
+      #
+      # delegate - The implementation to delegate to after filtering is complete
+      # filters - The filters to apply
+      def initialize(delegate, *filters)
+        self.delegate = delegate
+        self.filters = [filters].compact.flatten
+      end
+
+      # Authenticate the given credentials.
+      #
+      # credentials - The credentials
+      def authenticate(credentials)
+        credentials = filters.reduce(credentials) { |credentials, filter| filter.authenticate(credentials) }
+        delegate.authenticate(*credentials)
+      end
+
+      private
+      attr_accessor :delegate
+      attr_accessor :filters
+    end
+  end
+end

data/lib/zas/authenticators/sequel_password_authenticator.rb

@@ -0,0 +1,69 @@
+module Zas
+  module Authenticators
+    # Public: Authenticate a username/password combination against a database using Sequel.
+    class SequelPasswordAuthenticator
+      # Public: Configuration for the authenticator
+      #
+      # Configuration attributes include:
+      #
+      # table_name - The table name to query to authenticate. Defaults to 'users'
+      # username_field - The name of the field used to store the user identifier, defaults to 'username'
+      # password_field - The name of the field used to store the encrypted password, 'defaults to 'crypted_password'
+      # salt_field - The name of the field used to store a salt, defaults to 'password_salt'
+      class Configuration < Struct.new(:table_name, :username_field, :password_field, :salt_field)
+        def initialize(attributes={})
+          attributes.each do |k, v|
+            self[k] = v
+          end
+        end
+        def table_name
+          self[:table_name] || :users
+        end
+        def username_field
+          self[:username_field] || :username
+        end
+        def password_field
+          self[:password_field] || :crypted_password
+        end
+        def salt_field
+          self[:salt_field] || :password_salt
+        end
+      end
+      
+      # Initialize the autenticator with the given sequel DB. Optionally pass in additional
+      # configuration for the authenticator.
+      #
+      # sequel_db - The Sequel Datbase instance
+      # config - The configuration instance
+      def initialize(sequel_db, config=Configuration.new)
+        self.db = sequel_db
+        self.table_name = config.table_name.to_sym
+        self.username_field = config.username_field.to_sym
+        self.password_field = config.password_field.to_sym
+        self.salt_field = config.salt_field.to_sym
+      end
+
+      # Authenticate the given username/password pair
+      def authenticate(username, password)
+        record = db[table_name].filter(username_field => username).first
+        tokens = [password, record[salt_field]].compact
+        matches?(record[password_field], *tokens) if record
+      end
+
+      private
+      attr_accessor :db
+      attr_accessor :table_name
+      attr_accessor :username_field
+      attr_accessor :password_field
+      attr_accessor :salt_field
+     
+      def encrypt(*password)
+        Zas::CryptoProviders::Sha512.new.encrypt(*password) 
+      end
+
+      def matches?(crypted, *tokens)
+        Zas::CryptoProviders::Sha512.new.matches?(crypted, *tokens)
+      end
+    end
+  end
+end

data/lib/zas/crypto_providers.rb

@@ -0,0 +1,5 @@
+module Zas
+  module CryptoProviders
+    require 'zas/crypto_providers/sha512'
+  end
+end

data/lib/zas/crypto_providers/sha512.rb

@@ -0,0 +1,28 @@
+module Zas  
+  module CryptoProviders
+    # = Sha512
+    #
+    # Uses the Sha512 hash algorithm to encrypt passwords.
+    class Sha512
+      require 'digest/sha2'
+
+      # The number of times to loop through the encryption. This is twenty because that is what restful_authentication defaults to.
+      def stretches
+        @stretches ||= 20
+      end
+      attr_writer :stretches
+
+      # Turns your raw password into a Sha512 hash.
+      def encrypt(*tokens)
+        digest = tokens.flatten.join(nil)
+        stretches.times { digest = Digest::SHA512.hexdigest(digest) }
+        digest
+      end
+
+      # Does the crypted password match the tokens? Uses the same tokens that were used to encrypt.
+      def matches?(crypted, *tokens)
+        encrypt(*tokens) == crypted
+      end
+    end
+  end
+end

data/lib/zas/filters.rb

@@ -0,0 +1,5 @@
+module Zas
+  module Filters
+    require 'zas/filters/http_basic_auth'
+  end
+end

data/lib/zas/filters/http_basic_auth.rb

@@ -0,0 +1,20 @@
+require 'base64'
+module Zas
+  module Filters 
+    # Filter that base64 decodes the credentials and splits them
+    # on a colon (based on the HTTP Basic Authentication
+    # speciications).
+    module HttpBasicAuth 
+      module_function
+      # Filter the authentication credentials.
+      #
+      # credentials - The credentials
+      #
+      # Returns a pair of [username, password]
+      def authenticate(credentials)
+        decoded_credentials = Base64.decode64(credentials)
+        decoded_credentials.split(":")
+      end
+    end
+  end
+end

data/lib/zas/service.rb

@@ -0,0 +1,78 @@
+require 'zmq'
+require 'syslogger'
+require 'yajl'
+require 'hashie'
+
+module Zas
+  # Authentication service class. Construct a new instance of this
+  # class and call the instance method #run to start it.
+  class Service
+    require 'zas/service_configuration'
+    require 'zas/filters'
+    require 'zas/authenticators'
+    require 'zas/crypto_providers'
+
+    # A collection authenticators mapped to keys.
+    def authenticators 
+      @authenticators ||= {}
+    end
+
+    # Initialize the service. The service will not be running yet. Invoke the #run method on the service
+    # instantce to run the service.
+    #
+    # config - Configuration spec for the service.
+    def initialize(config=ServiceConfiguration.new)
+      self.host = config.host
+      self.port = config.port
+      self.context = ZMQ::Context.new
+      self.logger = Syslogger.new(config.name, Syslog::LOG_PID, Syslog::LOG_LOCAL0)
+    end
+
+    # Run the service.
+    def run
+      socket = context.socket ZMQ::REP
+      socket.bind "tcp://#{host}:#{port}"
+
+      trap("INT") { socket.close }
+
+      begin
+        while req = socket.recv
+          logger.debug req
+          socket.send(encode(authenticate(req)))
+        end
+      rescue ZMQ::Error => e
+        logger.error "Shutting down: #{e.message}" 
+        e
+      end      
+    end
+
+    private
+    attr_accessor :host
+    attr_accessor :port
+    attr_accessor :context
+    attr_accessor :logger
+
+    # Handle the authentication.
+    #
+    # req_string - A JSON string
+    # 
+    # Returns something useful
+    def authenticate(req_string)
+      req = Hashie::Mash.new(Yajl::Parser.parse(req_string))
+      authenticator = authenticators[req.strategy]
+      raise "No authenticator found for #{req.strategy}" unless authenticator
+      {:authenticated? => authenticator.authenticate(req.credentials)}
+    rescue => e
+      {:error => e.message}
+    end
+
+    # Encode the response object
+    #
+    # data - The object
+    #
+    # Returns the JSON encoded object
+    def encode(data)
+      Yajl::Encoder.encode(data)
+    end
+  end
+end

data/lib/zas/service_configuration.rb

@@ -0,0 +1,23 @@
+module Zas
+  # Struct used to hold configuration information for the service
+  #
+  # host - The host to listen to requests on. May be "*" or an IP address.
+  # port - The port number to listen to requests on.
+  # name - The name of the service for logging.
+  class ServiceConfiguration < Struct.new(:host, :port, :name)
+    def initialize(attributes={})
+      attributes.each do |k, v|
+        self[k] = v
+      end
+    end
+    def host
+      self[:host] || '*'
+    end
+    def port
+      self[:port] || '5555'
+    end
+    def name
+      self[:name] || 'zas-service'
+    end
+  end
+end

metadata

@@ -0,0 +1,74 @@
+--- !ruby/object:Gem::Specification
+name: zas-service
+version: !ruby/object:Gem::Version
+  version: 0.0.1
+  prerelease: 
+platform: ruby
+authors:
+- Anthony Eden
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2012-04-22 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: rspec
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+description: ZeroAS provides an authentication service that uses 0mq as its transport
+  protocol
+email:
+- anthonyeden+zero-as@gmail.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- lib/zas/authenticators/filtered_authenticator.rb
+- lib/zas/authenticators/sequel_password_authenticator.rb
+- lib/zas/authenticators.rb
+- lib/zas/crypto_providers/sha512.rb
+- lib/zas/crypto_providers.rb
+- lib/zas/filters/http_basic_auth.rb
+- lib/zas/filters.rb
+- lib/zas/service.rb
+- lib/zas/service_configuration.rb
+- lib/zas.rb
+- LICENSE
+- README.md
+homepage: http://github.com/zero-as/zas-service
+licenses: []
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  none: false
+  requirements:
+  - - ! '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  none: false
+  requirements:
+  - - ! '>='
+    - !ruby/object:Gem::Version
+      version: 1.3.6
+requirements: []
+rubyforge_project: 
+rubygems_version: 1.8.21
+signing_key: 
+specification_version: 3
+summary: Simple, fast authentication service for Service Oriented Architectures
+test_files: []