@@ -3,4 +3,5 @@ coverage rdoc pkg -*.lwp \ No newline at end of file +*.lwp +config.yml \ No newline at end of file .gitignore @@ -2,156 +2,129 @@ require "rubygems" require "uri" require "digest/sha1" require "base64" -require "curl" -class Cloudquery - - KEEP_ALIVE = true - RAISE_EXCEPTIONS = false - INSECURE_ENDPOINT = "http://api.xoopit.com/v0/" - SECURE_ENDPOINT = "https://api.xoopit.com/v0/" - SIGNING_METHOD = "SHA1" - - COOKIE_JAR = '.cookies.lwp' +module Cloudquery + SCHEME = "https".freeze + HOST = "api.xoopit.com".freeze + PATH = "/v0".freeze API_PATHS = { - :authenticate => 'auth', + :account => "account", }.freeze - - attr_writer :secret - attr_reader :account_name, :stats - attr_reader :endpoint_url, :scheme, :host, :port, :path - attr_reader :signing_method - - def initialize(account_name, options={}) - @account_name = account_name - @secret = options[:secret] - prepare_endpoint_ivars(options) - - @signing_method = SIGNING_METHOD - @stats = { - :info => nil, - :timing => nil, - } - end - - def secure? - !!@secure - end + + SIGNING_METHOD = "SHA1" + COOKIE_JAR = ".cookies.lwp" - # Signs a request in preparation for transit to the @endpoint_url - def sign_request_url(path, params={}) - params['x_name'] = @account_name - params['x_method'] = @signing_method - params['x_time'] = Time.now.to_i_with_milliseconds - params['x_nonce'] = Crypto::Random.number + class Request + attr_accessor :method, :headers, :scheme, :host, :port, :path, :params, :body - query_str = params.to_query_string - constructed_url = construct_url(path, query_str) - append_signature(constructed_url) - end - - # Authenticate the account using the password - def authenticate(password) - raise "Authentication using this method is only allowed over HTTPS" unless secure? + def initialize(options={}) + @method = options[:method] || 'POST' + @headers = options[:headers] || {} + @scheme = options[:scheme] || SCHEME + @host = options[:host] || HOST + @port = options[:port] || URI::HTTPS::DEFAULT_PORT + @path = options[:path] || PATH + @params = options[:params] || {} + @body = options[:body] + end - params = { - 'name' => @account_name, - 'password' => password, - } + def add_authentication_params(account) + @params['x_name'] = account + @params['x_time'] = Time.now.to_i_with_milliseconds + @params['x_nonce'] = Cloudquery::Crypto::Random.number + @params['x_method'] = SIGNING_METHOD + end + + def request_uri + URI.build(:path => @path, :query => query_str).to_s + end - request = ['POST', construct_url(API_PATHS[:authenticate]), params.to_query_string] - send_request(request) - end - -private - def prepare_endpoint_ivars(options) - @secure = !options[:use_http] - @endpoint_url = @secure ? SECURE_ENDPOINT : INSECURE_ENDPOINT - e = URI.parse(@endpoint_url) - @scheme, @host, @path = e.select(:scheme, :host, :path) - end - - def construct_url(api_path, query_str="") - uri_class = secure? ? URI::HTTPS : URI::HTTP - uri = uri_class.build({ - :scheme => @scheme, - :host => @host, - :path => @path, - }) - uri.merge!(api_path) - uri.query = query_str unless query_str.to_s.empty? - uri.to_s - end - - def append_signature(url) - signer = case signing_method - when "SHA1"; Crypto::Sha1 - else; raise "The #{signing_method} signing method is not supported" + def signed_request_uri(secret) + sign(request_uri, secret) end - - signable_url = normalize_url_for_signing(url) - signature = signer.sign(@secret, signable_url) - url_safe_signature = URI.escape(signature.tr('+/', '-_'), /=/) - "#{url}&x_sig=#{url_safe_signature}" - end - - # Expects a rack-style request descriptor - # e.g. [HTTP_VERB, url, body] - def send_request(descriptor) - verb, url, body = descriptor - @curl ||= Curl::Easy.new do |c| - c.enable_cookies = true - c.cookiejar = COOKIE_JAR - c.verbose = true + def uri + base_uri.merge(request_uri).to_s end - @curl.url = url + def signed_uri(secret) + base_uri.merge(signed_request_uri).to_s + end + + private + def append_signature(uri, secret) + signature = Crypto::Sha1.sign(secret, uri) + url_safe_signature = URI.escape(signature.tr('+/', '-_'), /=/) + "#{uri}&x_sig=#{url_safe_signature}" + end - case verb - when 'GET' - @curl.http_get - when 'POST' - puts body - @curl.http_post(body) + def query_str + @params.to_params end + def base_uri + URI.build(:scheme => @scheme, :host => @host, :port => @port) + end + + def hash_to_params(hash) + hash.map { |k, v| URI.escape("#{k}=#{v}") }.join('&') + URI.escape(query_str, /@/) + end end - def normalize_url_for_signing(url) - URI.parse(url).request_uri - end -end + module Crypto + module Random + extend self -module Crypto - module Random - extend self - - SecureRandom = (defined?(::SecureRandom) && ::SecureRandom) || (defined?(::ActiveSupport::SecureRandom) && ::ActiveSupport::SecureRandom) - - if SecureRandom - def number - "#{SecureRandom.random_number}.#{Time.now.to_i}"[2..-1] + SecureRandom = (defined?(::SecureRandom) && ::SecureRandom) || (defined?(::ActiveSupport::SecureRandom) && ::ActiveSupport::SecureRandom) + if SecureRandom + def number + "#{SecureRandom.random_number}.#{Time.now.to_i}"[2..-1] + end + else + def number + "#{rand.to_s}.#{Time.now.to_i}"[2..-1] + end end - else - def number - "#{rand.to_s}.#{Time.now.to_i}"[2..-1] + + end + + module Sha1 + extend self + + def sign(*tokens) + tokens = tokens.flatten + digest = Digest::SHA1.digest(tokens.join) + Base64.encode64(digest).chomp end + end - end - module Sha1 - extend self + class Client + attr_reader :account + attr_writer :secret + + def initialize(options={}) + @account = options[:account] + @secret = options[:secret] + @secure = options[:secure] != false # must pass false for insecure + end - def sign(*tokens) - tokens = tokens.flatten - digest = Digest::SHA1.digest(tokens.join) - Base64.encode64(digest).chomp + def get_account + send_request Request.new(:path => build_path(API_PATHS[:account], account)) end + private + def send_request(request) + p request + end + + def build_path(*path_elements) + path_elements.flatten.unshift(PATH).join('/') + end end end @@ -160,11 +133,3 @@ class Time (to_f * 1000).to_i end end - -class Hash - - def to_query_string - query_str = map { |k, v| URI.escape("#{k}=#{v}") }.join('&') - URI.escape(query_str, /@/) - end -end \ No newline at end of file lib/cloudquery.rb @@ -1,130 +1,63 @@ require 'spec_helper' -describe Cloudquery do +describe Cloudquery::Request do before(:each) do - @valid_arguments = ['account', {}] + @valid_options = { + :scheme => 'http', + :host => 'example.com', + :path => '/v0/', + } end - def client - return @client if defined?(@client) - @client = Cloudquery.new(*@valid_arguments) - @client.stub!(:send_request) - @client + def request(additional_options={}) + return @request if defined?(@request) + @request = Cloudquery::Request.new(@valid_options.merge(additional_options)) end - - it "instantiates when passed valid arguments" do - lambda { client }.should_not raise_error - end - - describe "API endpoint" do - it "uses the secure endpoint by default" do - client.endpoint_url.should == Cloudquery::SECURE_ENDPOINT - end - it "parses the scheme from the endpoint" do - client.scheme.should == URI.parse(Cloudquery::SECURE_ENDPOINT).scheme - end + it "instantiates with valid options" do + lambda { request }.should_not raise_error + end - it "parses the host from the endpoint" do - client.host.should == URI.parse(Cloudquery::SECURE_ENDPOINT).host + describe "add_authentication_params" do + before(:each) do + request.add_authentication_params('account') end - - it "parses the path from the endpoint" do - client.path.should == URI.parse(Cloudquery::SECURE_ENDPOINT).path + + it "should add the x_name parameter with the account name" do + request.params.should have_key('x_name') + request.params['x_name'].should == 'account' end - end - - describe "URL munging" do - it "merges paths together to create a full URL" do - path = "path/elements/and/stuff" - client.send(:construct_url, path).should == "#{client.endpoint_url}#{path}" + + it "should add the x_time parameter with the current milliseconds since epoch" do + request.params.should have_key('x_time') + request.params['x_time'].should be_close(Time.now.to_i_with_milliseconds, 100) end - it "merges paths and the query string to create a full URL" do - path = "a/path" - query_string = "query=param&foo=bar" - client.send(:construct_url, path, query_string).should == "#{client.endpoint_url}#{path}?#{query_string}" + it "should add the x_nonce parameter of the format \d+.\d+" do + request.params.should have_key('x_nonce') + request.params['x_nonce'].should match(/^\d+.\d+$/) end - it "extracts the normalized, signable url from the full URL" do - request_uri = "/path/elements/?query=string" - url = "https://subdomain.domain.tld:9027#{request_uri}" - client.send(:normalize_url_for_signing, url).should == request_uri + it "should add the x_method parameter with the signing method name" do + request.params.should have_key('x_method') + request.params['x_method'].should == Cloudquery::SIGNING_METHOD end end - + + describe "append_signature" do + it "should append the signature as the x_sig parameter at the end of the query string" + end +end + +describe Cloudquery::Crypto::Random do describe "nonce generation" do it "generates a nonce with a random number, a dot, and the current time" do - nonce = Crypto::Random.number + nonce = Cloudquery::Crypto::Random.number nonce.should match(/^\d+.\d+$/) random_digits, time = nonce.split('.') time.to_i.should be_close(Time.now.to_i, 1) random_digits.should match(/^\d+$/) end end - - describe "cryptographic signing" do - before(:each) do - @url = 'https://a.url.to-sign/with/a/path' - end - - it "supports SHA1 as the signing method" do - client.signing_method.should == 'SHA1' - lambda { - client.send(:append_signature, @url) - }.should_not raise_error - end - - it "raises an exception for unsupported signing methods" do - client.should_receive(:signing_method).at_least(:once).and_return("BCrypt") - lambda { - client.send(:append_signature, @url) - }.should raise_error("The BCrypt signing method is not supported") - end - - it "appends the signature as the x_sig parameter at the end of the full url" do - signed_url = client.send(:append_signature, @url) - signed_url.should match(/^#{@url}/) - signed_url.should match(/x_sig=[-\w]+(?:%3D)*$/) - end - - it "encodes the signature with url-safe base64" do - signature = client.send(:append_signature, @url).split('x_sig=').last - signature.should_not include('+') - signature.should_not include('/') - end - end - - describe "request url signing" do - it "keeps reserved characters out of the query" do - params = {"escape_me" => "account@example.com", "foo" => "bar"} - url = "https://subdomain.domain.tld:9027/path/elements/" - client.sign_request_url(url, params).should_not match(/@/) - end - end - - describe "#authenticate" do - it "raises an exception unless a password is provided" do - lambda { client.authenticate }.should raise_error(ArgumentError) - - end - - it "raises an exception unless the client is secure" do - client.should_receive(:secure?).and_return(false) - lambda { - client.authenticate('password') - }.should raise_error("Authentication using this method is only allowed over HTTPS") - - end - - it "sends a request with a descriptor to post params to the authentication url" do - params = {'name' => @valid_arguments.first, 'password' => 'password'} - client.should_receive(:send_request) do |request_descriptor| - request_descriptor.shift.should == 'POST' - request_descriptor.shift.should == client.send(:construct_url, Cloudquery::API_PATHS[:authenticate]) - request_descriptor.shift.should == params.to_query_string - end - client.authenticate('password') - end - end end + \ No newline at end of file spec/cloudquery_spec.rb 283ada2b586b1953ca8cc651a3b05d5528ae25c8 Cameron Walters cameron.walters@gmail.com http://github.com/bmizerany/cloudquery/commit/968ac0b598ed1f70c306b506d1dd8e9235d542e3 968ac0b598ed1f70c306b506d1dd8e9235d542e3 2009-04-30T13:36:55-07:00 2009-04-30T13:36:55-07:00 Refactored into Request and Client. Secrets are the way. ff7e0867fef024102d6c02cb9982e5d36b5efa3e Cameron Walters cameron.walters@gmail.com