zuora_connectD 1.7.09

data/lib/zuora_connectD/configuration.rb

@@ -0,0 +1,52 @@
+module ZuoraConnect
+  class Configuration
+
+    attr_accessor :default_locale, :default_time_zone, :url, :mode, :delayed_job,:private_key, :additional_apartment_models
+
+    attr_accessor :enable_metrics, :telegraf_endpoint, :telegraf_debug, :custom_prometheus_update_block, :silencer_resque_finish
+
+    attr_accessor :oauth_client_id, :oauth_client_secret, :oauth_client_redirect_uri
+
+    attr_accessor :dev_mode_logins, :dev_mode_options, :dev_mode_mode, :dev_mode_appinstance, :dev_mode_user, :dev_mode_pass, :dev_mode_admin, :dev_mode_secret_access_key,:dev_mode_access_key_id,:aws_region, :s3_bucket_name, :s3_folder_name
+
+    def initialize
+      @default_locale = :en
+      @default_time_zone = Time.zone
+      @url = "https://connect.zuora.com"
+      @mode = "Production"
+      @delayed_job = false
+      @private_key = ENV["CONNECT_KEY"]
+      @additional_apartment_models = []
+      @silencer_resque_finish = true
+      
+      # Setting the app name for telegraf write
+      @enable_metrics = false
+      @telegraf_endpoint = 'udp://telegraf-app-metrics.monitoring.svc.cluster.local:8094'
+      @telegraf_debug = false
+      
+      # OAuth Settings
+      @oauth_client_id = ""
+      @oauth_client_secret = ""
+      @oauth_client_redirect_uri = "https://connect.zuora.com/"
+
+      # DEV MODE OPTIONS
+      @dev_mode_logins = { "target_login" => {"tenant_type" => "Zuora", "username" => "user", "password" => "pass", "url" => "url"} }
+      @dev_mode_options = {"name" => {"config_name" => "name", "datatype" => "type", "value" => "value"}}
+      @dev_mode_mode = "Universal"
+      @dev_mode_appinstance = "1"
+      @dev_mode_user = "test"
+      @dev_mode_pass = "test"
+      @dev_mode_admin = false
+      @dev_mode_secret_access_key = nil
+      @dev_mode_access_key_id = nil
+      @aws_region = "us-west-2"
+      @s3_bucket_name = "rbm-apps"
+      @s3_folder_name = Rails.application.class.parent_name
+    end
+
+    def private_key
+      raise "Private Key Not Set" if @private_key.blank?
+      @private_key.include?("BEGIN") ? @private_key : Base64.urlsafe_decode64(@private_key)
+    end
+  end
+end

data/lib/zuora_connectD/controllers/helpers.rb

@@ -0,0 +1,165 @@
+require 'apartment/migrator'
+module ZuoraConnect
+  module Controllers
+    module Helpers
+      extend ActiveSupport::Concern
+
+      def authenticate_app_api_request
+        #Skip session for api requests
+        Thread.current[:appinstance] = nil
+        request.session_options[:skip] = true
+        start_time = Time.now
+        if request.headers["API-Token"].present?
+          @appinstance = ZuoraConnect::AppInstance.where(:api_token => request.headers["API-Token"]).first
+          Rails.logger.debug("[#{@appinstance.id}] API REQUEST - API token") if @appinstance.present?
+          check_instance
+        else
+          authenticate_or_request_with_http_basic do |username, password|
+            @appinstance = ZuoraConnect::AppInstance.where(:token => password).first
+            @appinstance ||= ZuoraConnect::AppInstance.where(:api_token => password).first
+            Rails.logger.debug("[#{@appinstance.id}] API REQUEST - Basic Auth") if @appinstance.present?
+            check_instance
+          end
+        end
+        Rails.logger.debug("[#{@appinstance.blank? ? "N/A" : @appinstance.id}] Authenticate App API Request Completed In - #{(Time.now - start_time).round(2)}s")
+      end
+
+      def authenticate_connect_app_request
+        Thread.current[:appinstance] = nil
+        start_time = Time.now
+        if ZuoraConnect.configuration.mode == "Production"
+          if request["data"]
+            setup_instance_via_data
+          else
+            setup_instance_via_session
+          end
+        else
+          setup_instance_via_dev_mode
+        end
+        #Call .data_lookup with the current session to retrieve session. In some cases session may be stored/cache in redis 
+        #so data lookup provides a model method that can be overriden per app.
+        if params[:controller] != 'zuora_connect/api/v1/app_instance' && params[:action] != 'drop'
+          if @appinstance.new_session_for_ui_requests(:params => params)
+            @appinstance.new_session(:session => @appinstance.data_lookup(:session => session))
+          end
+        end
+        PaperTrail.whodunnit =  session["#{@appinstance.id}::user::email"] if defined?(PaperTrail) && session["#{@appinstance.id}::user::email"].present? 
+        begin
+          I18n.locale = session["#{@appinstance.id}::user::locale"] ?  session["#{@appinstance.id}::user::locale"] : @appinstance.locale
+        rescue I18n::InvalidLocale => ex
+          Rails.logger.error("Invalid Locale: #{ex.message}")
+        end
+        Time.zone = session["#{@appinstance.id}::user::timezone"] ? session["#{@appinstance.id}::user::timezone"] : @appinstance.timezone
+        Rails.logger.debug("[#{@appinstance.blank? ? "N/A" : @appinstance.id}] Authenticate App Request Completed In - #{(Time.now - start_time).round(2)}s")
+      end
+
+      def persist_connect_app_session
+        if @appinstance.present?
+          if defined?(Redis.current)
+            @appinstance.cache_app_instance
+          else
+            session.merge!(@appinstance.save_data)
+          end
+        end
+      end
+
+      def check_connect_admin!
+        raise ZuoraConnect::Exceptions::AccessDenied.new("User is not an authorized admin for this application") if !session["#{@appinstance.id}::admin"]
+      end
+
+      def check_connect_admin
+        return session["#{@appinstance.id}::admin"]
+      end
+
+    private
+      def setup_instance_via_data
+        session.clear
+        values = JSON.parse(ZuoraConnect::AppInstance.decrypt_response(Base64.urlsafe_decode64(request["data"])))
+        Rails.logger.debug("Data: #{values.to_json}")
+        if values["param_data"]
+          values["param_data"].each do |k ,v|
+            params[k] = v
+          end
+        end
+        session["#{values["appInstance"]}::destroy"] = values["destroy"]
+        session["appInstance"] = values["appInstance"]
+        if values["current_user"]
+          session["#{values["appInstance"]}::admin"] = values["current_user"]["admin"] ? values["current_user"]["admin"] : false
+          session["#{values["appInstance"]}::user::timezone"] = values["current_user"]["timezone"]
+          session["#{values["appInstance"]}::user::locale"] = values["current_user"]["locale"]
+          session["#{values["appInstance"]}::user::email"] = values["current_user"]["email"]
+        end
+
+        Rails.logger.debug("App Params: #{values.to_json}}") if Rails.env != "production"
+
+        @appinstance = ZuoraConnect::AppInstance.where(:id => values["appInstance"].to_i).first
+        if @appinstance.blank?
+          Apartment::Tenant.switch!("public")
+          begin
+            Apartment::Tenant.create(values["appInstance"].to_s)
+          rescue Apartment::TenantExists => ex
+            Rails.logger.debug("Tenant Already Exists")
+          end
+          @appinstance = ZuoraConnect::AppInstance.new(:api_token =>  values[:api_token],:id => values["appInstance"].to_i, :access_token => values["access_token"].blank? ? values["user"] : values["access_token"], :token => values["refresh_token"]  , :refresh_token => values["refresh_token"].blank? ? values["key"] : values["refresh_token"], :oauth_expires_at => values["expires"])
+          @appinstance.save(:validate => false)
+        else
+          @appinstance.access_token = values["access_token"] if !values["access_token"].blank? && @appinstance.access_token != values["access_token"]
+          @appinstance.refresh_token = values["refresh_token"] if !values["refresh_token"].blank? && @appinstance.refresh_token != values["refresh_token"]
+          @appinstance.oauth_expires_at = values["expires"] if !values["expires"].blank?
+          @appinstance.api_token = values["api_token"] if !values["api_token"].blank? && @appinstance.api_token != values["api_token"]
+          if @appinstance.access_token_changed? && @appinstance.refresh_token_changed?
+            @appinstance.save(:validate => false)
+          else
+            raise ZuoraConnect::Exceptions::AccessDenied.new("Authorization mistmatch. Possible tampering")
+          end
+        end     
+      end
+
+      def setup_instance_via_session
+        if session["appInstance"].present?
+          @appinstance = ZuoraConnect::AppInstance.where(:id => session["appInstance"]).first
+        else
+          raise ZuoraConnect::Exceptions::SessionInvalid.new("Session Blank -- Relaunch Application")
+        end
+      end
+
+      def setup_instance_via_dev_mode
+        session["appInstance"] = ZuoraConnect.configuration.dev_mode_appinstance
+        user = ZuoraConnect.configuration.dev_mode_user
+        key = ZuoraConnect.configuration.dev_mode_pass
+        values = {:user => user , :key => key, :appinstance => session["appInstance"]}
+        @appinstance = ZuoraConnect::AppInstance.where(:id => values[:appinstance].to_i).first
+        if @appinstance.blank?
+          Apartment::Tenant.switch!("public")
+          begin
+            Apartment::Tenant.create(values[:appinstance].to_s)
+          rescue Apartment::TenantExists => ex
+            Apartment::Tenant.drop(values[:appinstance].to_s)
+            retry
+          end
+
+          @appinstance = ZuoraConnect::AppInstance.new(:id => values[:appinstance].to_i, :access_token => values[:user], :refresh_token => values[:key], :token => "#{values[:key]}#{values[:key]}", :api_token => "#{values[:key]}#{values[:key]}")
+          @appinstance.save(:validate => false)
+        end
+        if @appinstance.access_token.blank? || @appinstance.refresh_token.blank? || @appinstance.token.blank? || @appinstance.api_token.blank?
+          @appinstance.update_attributes!(:access_token =>  values["user"], :refresh_token =>  values["key"], :token => "#{values[:key]}#{values[:key]}", :api_token => "#{values[:key]}#{values[:key]}")
+        end
+        session["#{@appinstance.id}::admin"] =  ZuoraConnect.configuration.dev_mode_admin
+      end
+
+      #API ONLY
+      def check_instance
+        if @appinstance.present?
+          if @appinstance.new_session_for_api_requests(:params => params)
+            @appinstance.new_session(:session => @appinstance.data_lookup(:session => session))
+          end
+          Thread.current[:appinstance] = @appinstance
+          PaperTrail.whodunnit = "API User" if defined?(PaperTrail)
+          return true
+        else
+          render text: "Access Denied", status: :unauthorized
+        end
+      end
+    end
+  end
+end

data/lib/zuora_connectD/engine.rb

@@ -0,0 +1,30 @@
+require 'rails/all'
+require 'zuora_connectD'
+require 'apartment'
+require 'httparty'
+require 'zuora_apiD'
+module ZuoraConnect
+  class Engine < ::Rails::Engine
+    isolate_namespace ZuoraConnect
+
+    initializer "connect", before: :load_config_initializers do |app|
+      Rails.application.routes.prepend do
+        mount ZuoraConnect::Engine, at: "/connect"
+      end
+    end
+
+   initializer :append_migrations do |app|
+      unless app.root.to_s.match root.to_s
+        config.paths["db/migrate"].expanded.each do |expanded_path|
+          app.config.paths["db/migrate"] << expanded_path
+        end
+      end
+    end
+
+    initializer "connect.helpers" do
+      ActiveSupport.on_load(:action_controller) do
+        include ZuoraConnect::Controllers::Helpers
+      end
+    end
+  end
+end

data/lib/zuora_connectD/exceptions.rb

@@ -0,0 +1,67 @@
+module ZuoraConnect
+  module Exceptions
+
+    class HoldingPattern < StandardError; end
+    class Error < StandardError; end
+    class AuthorizationNotPerformed < Error; end
+
+    class SessionInvalid < Error
+      attr_writer :default_message
+
+      def initialize(message = nil)
+        @message = message
+        @default_message = "Session data invalid."
+      end
+
+      def to_s
+        @message || @default_message
+      end
+    end
+
+    class ConnectCommunicationError < Error
+      attr_reader :code, :response
+      attr_writer :default_message
+
+      def initialize(message = nil,response=nil, code =nil)
+        @code = code
+        @message = message
+        @response = response
+        @default_message = "Error communication with Connect."
+      end
+
+      def to_s
+        @message || @default_message
+      end
+    end
+
+    class APIError < Error
+      attr_reader :code, :response
+      attr_writer :default_message
+
+      def initialize(message: nil,response: nil, code: nil)
+        @code = code
+        @message = message
+        @response = response
+        @default_message = "Connect update error."
+      end
+
+      def to_s
+        @message || @default_message
+      end
+
+    end
+
+    class AccessDenied < Error
+      attr_writer :default_message
+
+      def initialize(message = nil)
+        @message = message
+        @default_message = "You are not authorized to access this page."
+      end
+
+      def to_s
+        @message || @default_message
+      end
+    end
+  end
+end

data/lib/zuora_connectD/railtie.rb

@@ -0,0 +1,59 @@
+require 'middleware/metrics_middleware'
+
+module ZuoraConnect
+  class Railtie < Rails::Railtie
+
+
+    config.before_initialize do
+      version = Rails.version
+      if version >= "5.0.0"
+        ::Rails.configuration.public_file_server.enabled = true
+      elsif version >= "4.2.0"
+        ::Rails.configuration.serve_static_files = true
+      else
+        ::Rails.configuration.serve_static_assets = true
+      end
+      ::Rails.configuration.action_dispatch.x_sendfile_header = nil
+    end
+
+    if defined? Prometheus
+      initializer "prometheus.configure_rails_initialization" do |app|
+        app.middleware.use Prometheus::Middleware::Exporter,(options ={:path => '/connect/internal/metrics'})
+      end
+    end
+    initializer "zuora_connect.configure_rails_initialization" do |app|
+      app.middleware.insert_after Rack::Sendfile, Middleware::MetricsMiddleware
+    end
+
+    # hook to process_action
+    ActiveSupport::Notifications.subscribe('process_action.action_controller', Middleware::PageRequest.new)
+
+    initializer(:rails_stdout_logging, before: :initialize_logger) do
+      if Rails.env != 'development' && !ENV['DEIS_APP'].blank?
+        require 'lograge'
+        logger           = ActiveSupport::Logger.new(STDOUT)
+        logger.formatter = ::Logger::Formatter.new
+        # logger.formatter  = proc do |severity, datetime, progname, msg|
+        #   {severity: severity, time: datetime.strftime('%FT%T.%6N'), process_id: Process.pid, message: msg }.to_json
+        # end
+        Rails.configuration.logger = ActiveSupport::TaggedLogging.new(logger)
+        Rails.configuration.log_tags = [:uuid]
+        Rails.configuration.lograge.enabled = true
+        Rails.configuration.lograge.formatter = Lograge::Formatters::Json.new
+        Rails.configuration.lograge.custom_options = lambda do |event|
+          exceptions = %w(controller action format id)
+          items = {
+            #time: event.time.strftime('%FT%T.%6N'),  
+            params: event.payload[:params].except(*exceptions),
+            exception: event.payload[:exception],
+            exception_object: event.payload[:exception_object],
+            process_id: Process.pid
+          }
+          if Thread.current[:appinstance].present? 
+            items.merge({appinstance_id: Thread.current[:appinstance].id, connect_user: Thread.current[:appinstance].connect_user, new_session: Thread.current[:appinstance].new_session_message})
+          end
+        end
+      end
+    end
+  end
+end

data/lib/zuora_connectD/version.rb

@@ -0,0 +1,3 @@
+module ZuoraConnect
+  VERSION = "1.7.09"
+end

data/lib/zuora_connectD/views/helpers.rb

@@ -0,0 +1,9 @@
+module ZuoraConnect
+  module Views
+    module Helpers
+      def is_app_admin?
+        return @appinstance.blank? ? false : session["#{@appinstance.id}::admin"]
+      end
+    end
+  end
+end

data/test/controllers/zuora_connect/api/v1/app_instance_controller_test.rb

@@ -0,0 +1,13 @@
+require 'test_helper'
+
+module ZuoraConnect
+  class Api::V1::AppInstanceControllerTest < ActionController::TestCase
+    setup do
+      @routes = Engine.routes
+    end
+
+    # test "the truth" do
+    #   assert true
+    # end
+  end
+end

data/test/dummy/README.rdoc

@@ -0,0 +1,28 @@
+== README
+
+This README would normally document whatever steps are necessary to get the
+application up and running.
+
+Things you may want to cover:
+
+* Ruby version
+
+* System dependencies
+
+* Configuration
+
+* Database creation
+
+* Database initialization
+
+* How to run the test suite
+
+* Services (job queues, cache servers, search engines, etc.)
+
+* Deployment instructions
+
+* ...
+
+
+Please feel free to use a different markup language if you do not plan to run
+<tt>rake doc:app</tt>.

data/test/dummy/Rakefile

@@ -0,0 +1,6 @@
+# Add your own tasks in files placed in lib/tasks ending in .rake,
+# for example lib/tasks/capistrano.rake, and they will automatically be available to Rake.
+
+require File.expand_path('../config/application', __FILE__)
+
+Rails.application.load_tasks