Class: GitkitLib::RpcHelper

Inherits:

Object

• Object
• GitkitLib::RpcHelper

Defined in:

lib/rpc_helper.rb

Constant Summary

TOKEN_ENDPOINT =

'https://accounts.google.com/o/oauth2/token'

GITKIT_SCOPE =

'https://www.googleapis.com/auth/identitytoolkit'

GITKIT_API_URL =

'https://www.googleapis.com/identitytoolkit/v3/relyingparty/'

Instance Attribute Summary

• #access_token ⇒ Object

  Returns the value of attribute access_token.

• #token_duration ⇒ Object

  Returns the value of attribute token_duration.

• #token_issued_at ⇒ Object

  Returns the value of attribute token_issued_at.

Instance Method Summary

• #check_gitkit_error(response) ⇒ JSON private

  Checks the Gitkit response.

• #delete_account(local_id) ⇒ Object private

  Delete an account.

• #download_account(next_page_token, max_results) ⇒ Array<JSON> private

  Download all accounts.

• #fetch_access_token ⇒ Object private

  Get an access token, from Google server if cached one is expired.

• #get_gitkit_certs ⇒ JSON private

  Download the Gitkit public certs.

• #get_oob_code(request) ⇒ String private

  Get out-of-band code for ResetPassword/ChangeEmail etc.

• #get_user_by_email(email) ⇒ JSON private

  GetAccountInfo by email.

• #get_user_by_id(id) ⇒ JSON private

  GetAccountInfo by id.

• #initialize(service_account_email, service_account_key, server_api_key, google_token_endpoint = TOKEN_ENDPOINT) ⇒ RpcHelper constructor

  A new instance of RpcHelper.

• #invoke_gitkit_api(method, params, need_service_account = true) ⇒ JSON private

  Invoke Gitkit API, with optional access token for service account operations.

• #is_token_expired ⇒ Boolean private

  Check whether the cached access token is expired.

• #sign_assertion ⇒ String private

  Creates a signed jwt assertion.

• #upload_account(hash_algorithm, hash_key, accounts) ⇒ Object private

  Upload batch accounts.

Constructor Details

#initialize(service_account_email, service_account_key, server_api_key, google_token_endpoint = TOKEN_ENDPOINT) ⇒ RpcHelper

Returns a new instance of RpcHelper.

# File 'lib/rpc_helper.rb', line 30

def initialize(service_account_email, service_account_key, server_api_key,
    google_token_endpoint = TOKEN_ENDPOINT)
  @service_account_email = service_account_email
  @google_api_url = google_token_endpoint
  @connection = Faraday::Connection.new
  @service_account_key =
      OpenSSL::PKCS12.new(service_account_key, 'notasecret').key
  @server_api_key = server_api_key
  @token_duration = 3600
  @token_issued_at = 0
  @access_token = nil
end

Instance Attribute Details

#access_token ⇒ Object

Returns the value of attribute access_token.

# File 'lib/rpc_helper.rb', line 23

def access_token
  @access_token
end

#token_duration ⇒ Object

Returns the value of attribute token_duration.

# File 'lib/rpc_helper.rb', line 23

def token_duration
  @token_duration
end

#token_issued_at ⇒ Object

Returns the value of attribute token_issued_at.

# File 'lib/rpc_helper.rb', line 23

def token_issued_at
  @token_issued_at
end

Instance Method Details

#check_gitkit_error(response) ⇒ JSON

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Checks the Gitkit response

Parameters:

• response (JSON) —

  the response received

Returns:

• (JSON) —

  the response if no error

# File 'lib/rpc_helper.rb', line 194

def check_gitkit_error(response)
  if response.has_key? 'error'
    error = response['error']
    if error.has_key? 'code'
      code = error['code']
      raise GitkitClientError, error['message'] if code.to_s.match(/^4/)
      raise GitkitServerError, error['message']
    else
      raise GitkitServerError, 'null error code from Gitkit server'
    end
  else
    response
  end
end

#delete_account(local_id) ⇒ Object

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Delete an account

Parameters:

• local_id (String) —

  user id to be deleted

# File 'lib/rpc_helper.rb', line 93

def delete_account(local_id)
  invoke_gitkit_api('deleteAccount', {'localId' => local_id})
end

#download_account(next_page_token, max_results) ⇒ Array<JSON>

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Download all accounts

Parameters:

• next_page_token (String) —

  pagination token for next page

• max_results (Fixnum) —

  pagination size

Returns:

• (Array<JSON>) —

  user account info

# File 'lib/rpc_helper.rb', line 77

def download_account(next_page_token, max_results)
  param = {}
  if next_page_token
    param['nextPageToken'] = next_page_token
  end
  if max_results
    param['maxResults'] = max_results
  end
  response = invoke_gitkit_api('downloadAccount', param)
  return response.fetch('nextPageToken', nil), response.fetch('users', {})
end

#fetch_access_token ⇒ Object

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Get an access token, from Google server if cached one is expired

# File 'lib/rpc_helper.rb', line 131

def fetch_access_token
  if is_token_expired
    assertion = sign_assertion
    post_body = {
        'assertion' => assertion,
        'grant_type' => 'urn:ietf:params:oauth:grant-type:jwt-bearer'}
    headers = {'Content-type' => 'application/x-www-form-urlencoded'}
    response = @connection.post(RpcHelper::TOKEN_ENDPOINT, post_body,
        headers)
    @access_token = JSON.parse(response.env[:body])['access_token']
    @token_issued_at = Time.new.to_i
  end
  @access_token
end

#get_gitkit_certs ⇒ JSON

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Download the Gitkit public certs

Returns:

• (JSON) —

  the public certs

# File 'lib/rpc_helper.rb', line 178

def get_gitkit_certs
  if @server_api_key.nil?
    @connection.authorization :Bearer, fetch_access_token
    response = @connection.get(GITKIT_API_URL + 'publicKeys')
  else
    response = @connection.get [GITKIT_API_URL, 'publicKeys?key=',
        @server_api_key].join
  end
  MultiJson.load response.body
end

#get_oob_code(request) ⇒ String

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Get out-of-band code for ResetPassword/ChangeEmail etc. operation

Parameters:

• request (Hash<String, String>) —

  the oob request

Returns:

• (String) —

  the oob code

# File 'lib/rpc_helper.rb', line 66

def get_oob_code(request)
  response = invoke_gitkit_api('getOobConfirmationCode', request)
  response.fetch('oobCode', nil)
end

#get_user_by_email(email) ⇒ JSON

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

GetAccountInfo by email

Parameters:

• email (String) —

  account email to be queried

Returns:

• (JSON) —

  account info

# File 'lib/rpc_helper.rb', line 48

def get_user_by_email(email)
  invoke_gitkit_api('getAccountInfo', {'email' => [email]})
end

#get_user_by_id(id) ⇒ JSON

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

GetAccountInfo by id

Parameters:

• id (String) —

  account id to be queried

Returns:

• (JSON) —

  account info

# File 'lib/rpc_helper.rb', line 57

def get_user_by_id(id)
  invoke_gitkit_api('getAccountInfo', {'localId' => [id]})
end

#invoke_gitkit_api(method, params, need_service_account = true) ⇒ JSON

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Invoke Gitkit API, with optional access token for service account operations

authenticated

Parameters:

• method (String) —

  Gitkit API method name

• params (Hash<String, String>) —

  api request params

• need_service_account (bool) (defaults to: true) —

  whether the request needs to be

Returns:

• (JSON) —

  the Gitkit api response

# File 'lib/rpc_helper.rb', line 164

def invoke_gitkit_api(method, params, need_service_account=true)
  post_body = JSON.generate(params)
  headers = {'Content-type' => 'application/json'}
  if need_service_account
    @connection.authorization :Bearer, fetch_access_token
  end
  response = @connection.post(GITKIT_API_URL + method, post_body, headers)
  check_gitkit_error JSON.parse(response.env[:body])
end

#is_token_expired ⇒ Boolean

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Check whether the cached access token is expired

Returns:

• (Boolean) —

  whether the access token is expired

# File 'lib/rpc_helper.rb', line 150

def is_token_expired
  @access_token == nil ||
      Time.new.to_i > @token_issued_at + @token_duration - 30
end

#sign_assertion ⇒ String

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Creates a signed jwt assertion

Returns:

• (String) —

  jwt assertion

# File 'lib/rpc_helper.rb', line 116

def sign_assertion
  now = Time.new
  assertion = {
      'iss' => @service_account_email,
      'scope' => GITKIT_SCOPE,
      'aud' => @google_api_url,
      'exp' => (now + @token_duration).to_i,
      'iat' => now.to_i
  }
  JWT.encode(assertion, @service_account_key, 'RS256')
end

#upload_account(hash_algorithm, hash_key, accounts) ⇒ Object

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Upload batch accounts

Parameters:

• hash_algorithm (String) —

  hash algorithm

• hash_key (String) —

  hash key

• accounts (Array<GitkitUser>) —

  account to be uploaded

# File 'lib/rpc_helper.rb', line 103

def upload_account(hash_algorithm, hash_key, accounts)
  param = {
      'hashAlgorithm' => hash_algorithm,
      'signerKey' => hash_key,
      'users' => accounts
  }
  invoke_gitkit_api('uploadAccount', param)
end