-
Notifications
You must be signed in to change notification settings - Fork 1
/
app.rb
509 lines (463 loc) · 14.6 KB
/
app.rb
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
require 'rubygems'
require 'sinatra'
require 'securerandom'
require 'mongo'
require 'json/ext' # required for .to_json
require 'uri'
require 'httparty'
require 'gon-sinatra'
require 'octokit'
require 'openssl' # required for use of digest module
require 'open-uri'
require_relative 'lib/badge'
require_relative 'lib/utils'
CLIENT_ID = ENV['CLIENT_ID']
CLIENT_SECRET = ENV['CLIENT_SECRET']
use Rack::Session::Pool
Sinatra::register Gon::Sinatra
configure do
if settings.development?
dbname = "test"
db = Mongo::Client.new(['127.0.0.1:27017'], :database => dbname)
gateway = "http://localhost:8080"
elsif settings.environment == :docker
dbname = "test"
db = Mongo::Client.new(['mongodb:27017'], :database => dbname)
gateway = ENV['GATEWAY']
else
dbname = ENV['MONGODB_URI'].split("/").last
db = Mongo::Client.new(ENV['MONGODB_URI'], :database => dbname)
end
set :mongo_db, db[dbname.to_sym]
set :gateway, gateway
set :server, :puma
set :bind, "0.0.0.0"
set :protection, except: [:frame_options, :json_csrf]
set :root, File.dirname(__FILE__)
set :public_folder, 'public'
# this added in attempt to "forbidden" response when clicking on links
#set :protection, :except => :ip_spoofing
#set :protection, :except => :json
end
if settings.development?
require 'pry'
end
# authentation code taken from https://developer.github.com/v3/guides/basics-of-authentication/ and http://radek.io/2014/08/03/github-oauth-with-octokit/
def authenticated?
session[:access_token]
end
def authenticate!
client = Octokit::Client.new
scopes = ['user']
url = client.authorize_url(CLIENT_ID, :scope => 'repo')
redirect url
end
def authorized?
begin
client = Octokit::Client.new :access_token => session[:access_token]
data = client.user
username = data.login
rescue
username = ""
end
username == "jeffreycwitt" || username == "sjhuskey"
end
get '/login' do
if !authenticated?
authenticate!
else
access_token = session[:access_token]
scopes = []
client = Octokit::Client.new \
:client_id => CLIENT_ID,
:client_secret => CLIENT_SECRET
begin
client.check_application_authorization access_token
rescue => e
# request didn't succeed because the token was revoked so we
# invalidate the token stored in the session and render the
# index page so that the user can start the OAuth flow again
session[:access_token] = nil
return authenticate!
end
# doesn't necessarily need to go in 'editor'
redirect '/'
end
end
get '/logout' do
session.clear
redirect '/'
end
get '/return' do
# get code return from github and get access token
session_code = request.env['rack.request.query_hash']['code']
result = Octokit.exchange_code_for_token(session_code, CLIENT_ID, CLIENT_SECRET)
session[:access_token] = result[:access_token]
redirect '/'
end
get '/' do
begin
client = Octokit::Client.new :access_token => session[:access_token]
data = client.user
@username = data.login
@user_url = data.html_url
gon.access_token = session[:access_token]
gon.username = @username
rescue
end
erb :index
end
get '/rubric/:society' do |society|
if society == "maa"
erb :maa_rubric
end
end
get '/reviews' do
@reviews = []
@authorized = authorized?
db = settings.mongo_db
db.find().map {|object|
@reviews << object
}
erb :reviews
end
get '/about' do
erb :about
end
get '/docs' do
redirect 'docs/index.html'
end
# find a document by its Mongo ID
get '/document/:id/?' do
content_type :json
document_by_id(params[:id])
end
# form for verifying certificate against signed signature and public key
get '/verify' do
erb :verify
end
# verify certificate against signed signature and public key
get '/verify_result' do
if params[:clearsigned_url]
clearsigned_url = if params[:clearsigned_url].include? "https://gateway.scta.info" then
params[:clearsigned_url].gsub("https://gateway.scta.info", "http://localhost:8080")
elsif params[:clearsigned_url].include? "http://gateway.scta.info"
params[:clearsigned_url].gsub("http://gateway.scta.info", "http://localhost:8080")
else
params[:clearsigned_url]
end
open("tmp/clearsigned_certificate", "wb") do |file|
open(clearsigned_url) do |uri|
file.write(uri.read)
end
end
@report = `gpg --verify tmp/clearsigned_certificate 2>&1`
puts @report
else
signature_url = if params[:signature_url].include? "https://gateway.scta.info" then
params[:signature_url].gsub("https://gateway.scta.info", "http://localhost:8080")
elsif params[:signature_url].include? "http://gateway.scta.info"
params[:signature_url].gsub("http://gateway.scta.info", "http://localhost:8080")
else
params[:signature_url]
end
certificate_url = if params[:certificate_url].include? "https://gateway.scta.info" then
params[:certificate_url].gsub("https://gateway.scta.info", "http://localhost:8080")
elsif params[:certificate_url].include? "http://gateway.scta.info"
params[:certificate_url].gsub("http://gateway.scta.info", "http://localhost:8080")
else
params[:certificate_url]
end
open("tmp/signature", "wb") do |file|
open(signature_url) do |uri|
file.write(uri.read)
end
end
open("tmp/certificate", "wb") do |file|
open(certificate_url) do |uri|
file.write(uri.read)
end
end
@report = `gpg --verify tmp/signature tmp/certificate 2>&1`
puts @report
end
erb :verify_result
end
get '/reviews/create' do
if authenticated?
@authorized = authorized?
client = Octokit::Client.new :access_token => session[:access_token]
data = client.user
@username = data.email ? data.email : data.login
erb :create
else
"You must be logged in to leave a review. <a href='/login'>Click here to log in with github</a>"
end
end
post '/reviews/create' do
if authenticated?
if params[:review_text_url].include? "master"
@message = "sorry, it looks like you've used a github branch url, please is a url with the file blob or commit hash"
@success = false
erb :create_completed
else
id = SecureRandom.uuid
date = Time.new
review_text_url = params[:review_text_url]
submitted_by = params[:submitted_by]
review_society = params[:review_society]
review_summary = params[:review_summary]
review_badge_number = params[:review_badge_number]
if review_badge_number == "1"
review_badge = "#{request.base_url}/maa-badge-working.svg"
badge_rubric = "#{request.base_url}/rubric/maa#green"
elsif review_badge_number == "2"
review_badge = "#{request.base_url}/maa-badge.svg"
badge_rubric = "#{request.base_url}/rubric/maa#gold"
end
urls = review_text_url.split(" ")
ipfs_hashes = []
shasums = []
urls.each do |url|
response = HTTParty.get(url)
shasum = OpenSSL::Digest::SHA256.hexdigest(response.body)
shasums << shasum
filename = url.split('/').last
File.open("tmp/#{filename}", 'w') { |file|
file.write(response.body)
}
puts "IPFS test"
ipfs_report = `ipfs add "tmp/#{filename}"`
puts ipfs_report
ipfs_hash = ipfs_report.split(" ")[1]
ipfs_hashes << ipfs_hash
end
certificate = createBadge(ipfs_hashes)
File.open("tmp/newcert", 'w') { |file|
file.write(certificate)
}
puts "IPFS test"
cert_ipfs_report = `ipfs add "tmp/newcert"`
puts cert_ipfs_report
cert_ipfs_hash = cert_ipfs_report.split(" ")[1]
puts "creates detached signature for file"
puts "gpg --armor -u 'Medieval Academy of America' -o tmp/#{cert_ipfs_hash}-sig.asc --passphrase #{ENV['PASSPHRASE']} --detach-sig tmp/newcert"
`gpg --no-tty --armor -u "Medieval Academy of America" -o tmp/#{cert_ipfs_hash}-sig.asc --passphrase #{ENV['PASSPHRASE']} --detach-sig tmp/newcert`
`gpg --no-tty -u "Medieval Academy of America" -o tmp/#{cert_ipfs_hash}-clearsigned.asc --passphrase #{ENV['PASSPHRASE']} --clearsign tmp/newcert`
detach_sig_ipfs_report = `ipfs add "tmp/#{cert_ipfs_hash}-sig.asc"`
puts detach_sig_ipfs_report
detach_sig_hash = detach_sig_ipfs_report.split(" ")[1]
puts detach_sig_hash
clearsigned_cert_report = `ipfs add "tmp/#{cert_ipfs_hash}-clearsigned.asc"`
puts clearsigned_cert_report
clearsigned_hash = clearsigned_cert_report.split(" ")[1]
puts clearsigned_hash
review_content = {
"id": id,
"review-society": review_society,
"date": date,
"badge-url": review_badge,
"badge-rubric": badge_rubric,
"review-summary": review_summary,
"sha-256": shasums,
"ipfs-hash": ipfs_hashes,
"submitted-url": urls,
"submitted-by": submitted_by,
"cert-ipfs-hash": cert_ipfs_hash,
"detach-sig-hash": detach_sig_hash,
"clearsigned-hash": clearsigned_hash,
}
#filename = "public/" + id + '.json'
#final_content = JSON.pretty_generate(review_content)
db = settings.mongo_db
db.insert_one(review_content)
#File.open(filename, 'w') { |file|
# file.write(final_content)
#}
@id = id
@success = true
@message = "Congratulations, Review Created"
erb :create_completed
end
else
"You must be logged in to leave a review. <a href='/login'>Click here to log in with github</a>"
end
end
get '/reviews/:id.json' do |id|
headers( "Access-Control-Allow-Origin" => "*")
content_type :json
db = settings.mongo_db
document = db.find( { "id": "#{id}" } ).to_a.first
(document || {}).to_json
end
get '/reviews/:id.html' do |id|
db = settings.mongo_db
@gateway = settings.gateway
@document = db.find( { "id": "#{id}" } ).to_a.first
@id = @document["id"]
erb :show
end
get '/reviews/:id/delete' do |id|
if authorized?
db = settings.mongo_db
db.delete_one( { "id": "#{id}" } )
redirect "/reviews"
else
"not authorized"
end
end
get '/hash/:hash.json' do |id|
headers( "Access-Control-Allow-Origin" => "*")
content_type :json
db = settings.mongo_db
if id.start_with? "Qm"
documents = db.find( { "ipfs-hash": "#{id}"}).to_a
else
documents = db.find( { "sha-256": "#{id}"}).to_a
end
(documents || {}).to_json
end
get '/hash/:hash.html' do |id|
db = settings.mongo_db
@gateway = settings.gateway
if id.start_with? "Qm"
@documents = db.find( { "ipfs-hash": "#{id}"}).to_a
else
@documents = db.find( { "sha-256": "#{id}"}).to_a
end
erb :show_array
end
# api/v1 routes
get '/api/v1/reviews/?:hash?' do |id|
headers( "Access-Control-Allow-Origin" => "*")
content_type :json
if params[:url] && id.nil?
url = convertUrl(params[:url])
response = HTTParty.get(url)
shasum = OpenSSL::Digest::SHA256.hexdigest(response.body)
id = shasum
end
db = settings.mongo_db
if id.start_with? "Qm"
if params[:society]
documents = db.find( { "ipfs-hash": "#{id}", "review-society": "#{params[:society]}"}).to_a
else
documents = db.find( { "ipfs-hash": "#{id}"}).to_a
end
else
if params[:society]
documents = db.find( { "sha-256": "#{id}", "review-society": "#{params[:society]}"}).to_a
else
documents = db.find( { "sha-256": "#{id}"}).to_a
end
end
(documents || {})
response = documents.map{|doc|
{
"id": doc["id"],
"review-society": doc["review-society"],
"date": doc["date"],
"badge-url": doc["badge-url"],
"badge-rubric": doc["badge-rubric"],
"review-summary": doc["review-summary"],
"sha-256": doc["sha-256"],
"ipfs-hash": doc["ipfs-hash"],
"submitted-url": doc["submitted-url"],
"submitted-by": doc["submitted-by"],
"cert-ipfs-hash": doc["cert-ipfs-hash"],
"clearsigned-hash": doc["clearsigned-hash"],
"detach-sig-hash": doc["detach-sig-hash"]
}
}.to_json
end
get '/api/v1/review/:id' do |id|
headers( "Access-Control-Allow-Origin" => "*")
content_type :json
db = settings.mongo_db
doc = db.find( { "id": "#{id}" } ).to_a.first
(doc || {})
response = {
"id": doc["id"],
"review-society": doc["review-society"],
"date": doc["date"],
"badge-url": doc["badge-url"],
"badge-rubric": doc["badge-rubric"],
"review-summary": doc["review-summary"],
"sha-256": doc["sha-256"],
"ipfs-hash": doc["ipfs-hash"],
"submitted-url": doc["submitted-url"],
"submitted-by": doc["submitted-by"],
"cert-ipfs-hash": doc["cert-ipfs-hash"],
"clearsigned-hash": doc["clearsigned-hash"],
"detach-sig-hash": doc["detach-sig-hash"]
}.to_json
end
get '/api/v1/verify/' do
headers( "Access-Control-Allow-Origin" => "*")
content_type :json
if params[:url]
clearsigned_url = if params[:url].include? "https://gateway.scta.info" then
params[:url].gsub("https://gateway.scta.info", "http://localhost:8080")
elsif params[:url].include? "http://gateway.scta.info"
params[:url].gsub("http://gateway.scta.info", "http://localhost:8080")
else
params[:url]
end
open("tmp/clearsigned_certificate", "wb") do |file|
open(clearsigned_url) do |uri|
file.write(uri.read)
end
end
report = `gpg --verify tmp/clearsigned_certificate 2>&1`
return {"verification-response": report}.to_json
else
return {"message": "no clearsigned_url parameter given"}.to_json
end
end
get '/api/v1/hash' do
headers( "Access-Control-Allow-Origin" => "*")
content_type :json
url = convertUrl(params[:url])
whitelist = [
#"http://localhost:3000",
"http://scta.lombardpress.org",
"https://scta.lombardpress.org",
"http://scta-staging.lombardpress.org",
"https://scta-staging.lombardpress.org",
]
if whitelist.include? request.env["HTTP_ORIGIN"]
response = HTTParty.get(url)
shasum = OpenSSL::Digest::SHA256.hexdigest(response.body)
filename = url.split('/').last
File.open("tmp/#{filename}", 'w') { |file|
file.write(response.body)
}
puts "IPFS test"
ipfs_report = `ipfs add "tmp/#{filename}"`
puts ipfs_report
ipfs_hash = ipfs_report.split(" ")[1]
return {"ipfs-hash": ipfs_hash}.to_json
else
return "Not allowed. Request must be white listed"
end
end
helpers do
# a helper method to turn a string ID
# representation into a BSON::ObjectId
def object_id val
begin
BSON::ObjectId.from_string(val)
rescue BSON::ObjectId::Invalid
nil
end
end
def document_by_id id
id = object_id(id) if String === id
if id.nil?
{}.to_json
else
document = settings.mongo_db.find(:_id => id).to_a.first
(document || {}).to_json
end
end
end