diff --git a/api/v1/domains.rb b/api/v1/domains.rb index 82d7f9e..110537c 100644 --- a/api/v1/domains.rb +++ b/api/v1/domains.rb @@ -24,6 +24,25 @@ class CheckpointV1 < Sinatra::Base pg :domain, :locals => {:domain => domain} end + # @apidoc + # Test if a domain associated with Checkpoint trusts an abritary domain + # + # @category Checkpoint/Domains + # @path /api/checkpoint/v1/domains/:name/allows/:origin + # @http GET + # @required [String] name The domain name associated with Checkpoint. + # @required [String] origin The abritary domain name to test against. + # @example /api/checkpoint/v1/domains/acme.org/allows/pinshing.com + # @status 404 No associated domain name. + # @status 200 [JSON] allowed: true/false + + get '/domains/:name/allows/:origin' do |name, origin| + domain = Domain.find_by_name(name) + halt 404, "No associated domain name" unless domain + content_type :json + {allowed: domain.allow_origin?(origin)}.to_json + end + # @apidoc # Add a domain to a realm. # @@ -48,6 +67,32 @@ class CheckpointV1 < Sinatra::Base [201, pg(:domain, :locals => {:domain => domain})] end + # @apidoc + # Add an origin host to a domain. + # + # @description Add a host to the domain's origins + # @note Only gods of the realm may do this. + # @category Checkpoint/Domains + # @path /api/checkpoint/v1/realms/:label/domains/:name/origins + # @http POST + # @required [String] label The realm. + # @required [String] name The domain name. + # @required [String] origin The origin domain name. + # @example /api/checkpoint/v1/realms/acme/acme.org/origins + # @status 403 The domain is connected to a different realm. + # @status 409 You are not a god in this realm. + # @status 201 OK + + post '/realms/:label/domains/:name/origins' do |label, name| + halt 400, "param origin missing" unless params[:origin] + realm = find_realm_by_label(label) + check_god_credentials(realm.id) + domain = Domain.find_by_name(name) + halt 403, "Domain is connected to realm '#{domain.realm.label}'" if domain && domain.name != name + domain.add_origin(params[:origin]) + [201, pg(:domain, :locals => {:domain => domain})] + end + # @apidoc # Delete a domain from a realm. # @@ -70,4 +115,26 @@ class CheckpointV1 < Sinatra::Base halt 204 end + # @apidoc + # Delete an origin host from a domain. + # + # @note Only gods of the realm may do this. + # @category Checkpoint/Domains + # @path /api/checkpoint/v1/realms/:label/domains/:name/origins/:origin + # @http DELETE + # @required [String] label The realm. + # @required [String] name The domain name. + # @required [String] origin The origin domain name. + # @example /api/checkpoint/v1/realms/acme/domains/acme.org/origins/pinshing.com + # @status 403 The domain is connected to a different realm. + # @status 409 You are not a god in this realm. + # @status 204 Ok. + + delete '/realms/:label/domains/:name/origins/:origin' do |label, name, origin| + domain = Domain.find_by_name(name) + halt 403, "Domain is connected to '#{domain.realm.label}'" unless domain.realm.label == label + check_god_credentials(domain.realm.id) + domain.remove_origin(origin) + halt 204 + end end diff --git a/api/v1/views/domain.pg b/api/v1/views/domain.pg index bcb7375..6a73fc2 100644 --- a/api/v1/views/domain.pg +++ b/api/v1/views/domain.pg @@ -1,4 +1,4 @@ node :domain => domain do - attributes :name + attributes :name, :origins node :realm => domain.realm.label end diff --git a/db/development_structure.sql b/db/development_structure.sql index 4c4745e..77fb4a9 100644 --- a/db/development_structure.sql +++ b/db/development_structure.sql @@ -3,20 +3,20 @@ -- SET statement_timeout = 0; -SET client_encoding = 'UTF8'; +SET client_encoding = 'SQL_ASCII'; SET standard_conforming_strings = on; SET check_function_bodies = false; SET client_min_messages = warning; -- --- Name: plpgsql; Type: EXTENSION; Schema: -; Owner: +-- Name: plpgsql; Type: EXTENSION; Schema: -; Owner: - -- CREATE EXTENSION IF NOT EXISTS plpgsql WITH SCHEMA pg_catalog; -- --- Name: EXTENSION plpgsql; Type: COMMENT; Schema: -; Owner: +-- Name: EXTENSION plpgsql; Type: COMMENT; Schema: -; Owner: - -- COMMENT ON EXTENSION plpgsql IS 'PL/pgSQL procedural language'; @@ -29,7 +29,7 @@ SET default_tablespace = ''; SET default_with_oids = false; -- --- Name: access_group_memberships; Type: TABLE; Schema: public; Owner: checkpoint; Tablespace: +-- Name: access_group_memberships; Type: TABLE; Schema: public; Owner: -; Tablespace: -- CREATE TABLE access_group_memberships ( @@ -41,10 +41,8 @@ CREATE TABLE access_group_memberships ( ); -ALTER TABLE public.access_group_memberships OWNER TO checkpoint; - -- --- Name: access_group_subtrees; Type: TABLE; Schema: public; Owner: checkpoint; Tablespace: +-- Name: access_group_subtrees; Type: TABLE; Schema: public; Owner: -; Tablespace: -- CREATE TABLE access_group_subtrees ( @@ -56,10 +54,8 @@ CREATE TABLE access_group_subtrees ( ); -ALTER TABLE public.access_group_subtrees OWNER TO checkpoint; - -- --- Name: access_groups; Type: TABLE; Schema: public; Owner: checkpoint; Tablespace: +-- Name: access_groups; Type: TABLE; Schema: public; Owner: -; Tablespace: -- CREATE TABLE access_groups ( @@ -71,10 +67,8 @@ CREATE TABLE access_groups ( ); -ALTER TABLE public.access_groups OWNER TO checkpoint; - -- --- Name: accounts; Type: TABLE; Schema: public; Owner: checkpoint; Tablespace: +-- Name: accounts; Type: TABLE; Schema: public; Owner: -; Tablespace: -- CREATE TABLE accounts ( @@ -93,15 +87,13 @@ CREATE TABLE accounts ( image_url text, email text, synced_at timestamp without time zone, - created_at timestamp without time zone, - updated_at timestamp without time zone + created_at timestamp without time zone NOT NULL, + updated_at timestamp without time zone NOT NULL ); -ALTER TABLE public.accounts OWNER TO checkpoint; - -- --- Name: accounts_id_seq; Type: SEQUENCE; Schema: public; Owner: checkpoint +-- Name: accounts_id_seq; Type: SEQUENCE; Schema: public; Owner: - -- CREATE SEQUENCE accounts_id_seq @@ -112,17 +104,15 @@ CREATE SEQUENCE accounts_id_seq CACHE 1; -ALTER TABLE public.accounts_id_seq OWNER TO checkpoint; - -- --- Name: accounts_id_seq; Type: SEQUENCE OWNED BY; Schema: public; Owner: checkpoint +-- Name: accounts_id_seq; Type: SEQUENCE OWNED BY; Schema: public; Owner: - -- ALTER SEQUENCE accounts_id_seq OWNED BY accounts.id; -- --- Name: bannings; Type: TABLE; Schema: public; Owner: checkpoint; Tablespace: +-- Name: bannings; Type: TABLE; Schema: public; Owner: -; Tablespace: -- CREATE TABLE bannings ( @@ -130,16 +120,14 @@ CREATE TABLE bannings ( fingerprint text, path text, location_id integer, + realm_id integer, created_at timestamp without time zone NOT NULL, - updated_at timestamp without time zone NOT NULL, - realm_id integer + updated_at timestamp without time zone NOT NULL ); -ALTER TABLE public.bannings OWNER TO checkpoint; - -- --- Name: bannings_id_seq; Type: SEQUENCE; Schema: public; Owner: checkpoint +-- Name: bannings_id_seq; Type: SEQUENCE; Schema: public; Owner: - -- CREATE SEQUENCE bannings_id_seq @@ -150,17 +138,15 @@ CREATE SEQUENCE bannings_id_seq CACHE 1; -ALTER TABLE public.bannings_id_seq OWNER TO checkpoint; - -- --- Name: bannings_id_seq; Type: SEQUENCE OWNED BY; Schema: public; Owner: checkpoint +-- Name: bannings_id_seq; Type: SEQUENCE OWNED BY; Schema: public; Owner: - -- ALTER SEQUENCE bannings_id_seq OWNED BY bannings.id; -- --- Name: callbacks; Type: TABLE; Schema: public; Owner: checkpoint; Tablespace: +-- Name: callbacks; Type: TABLE; Schema: public; Owner: -; Tablespace: -- CREATE TABLE callbacks ( @@ -173,10 +159,8 @@ CREATE TABLE callbacks ( ); -ALTER TABLE public.callbacks OWNER TO checkpoint; - -- --- Name: callbacks_id_seq; Type: SEQUENCE; Schema: public; Owner: checkpoint +-- Name: callbacks_id_seq; Type: SEQUENCE; Schema: public; Owner: - -- CREATE SEQUENCE callbacks_id_seq @@ -187,17 +171,15 @@ CREATE SEQUENCE callbacks_id_seq CACHE 1; -ALTER TABLE public.callbacks_id_seq OWNER TO checkpoint; - -- --- Name: callbacks_id_seq; Type: SEQUENCE OWNED BY; Schema: public; Owner: checkpoint +-- Name: callbacks_id_seq; Type: SEQUENCE OWNED BY; Schema: public; Owner: - -- ALTER SEQUENCE callbacks_id_seq OWNED BY callbacks.id; -- --- Name: domains; Type: TABLE; Schema: public; Owner: checkpoint; Tablespace: +-- Name: domains; Type: TABLE; Schema: public; Owner: -; Tablespace: -- CREATE TABLE domains ( @@ -205,14 +187,13 @@ CREATE TABLE domains ( name text, realm_id integer, created_at timestamp without time zone, - updated_at timestamp without time zone + updated_at timestamp without time zone, + origins tsvector ); -ALTER TABLE public.domains OWNER TO checkpoint; - -- --- Name: domains_id_seq; Type: SEQUENCE; Schema: public; Owner: checkpoint +-- Name: domains_id_seq; Type: SEQUENCE; Schema: public; Owner: - -- CREATE SEQUENCE domains_id_seq @@ -223,17 +204,15 @@ CREATE SEQUENCE domains_id_seq CACHE 1; -ALTER TABLE public.domains_id_seq OWNER TO checkpoint; - -- --- Name: domains_id_seq; Type: SEQUENCE OWNED BY; Schema: public; Owner: checkpoint +-- Name: domains_id_seq; Type: SEQUENCE OWNED BY; Schema: public; Owner: - -- ALTER SEQUENCE domains_id_seq OWNED BY domains.id; -- --- Name: group_memberships_id_seq; Type: SEQUENCE; Schema: public; Owner: checkpoint +-- Name: group_memberships_id_seq; Type: SEQUENCE; Schema: public; Owner: - -- CREATE SEQUENCE group_memberships_id_seq @@ -244,17 +223,15 @@ CREATE SEQUENCE group_memberships_id_seq CACHE 1; -ALTER TABLE public.group_memberships_id_seq OWNER TO checkpoint; - -- --- Name: group_memberships_id_seq; Type: SEQUENCE OWNED BY; Schema: public; Owner: checkpoint +-- Name: group_memberships_id_seq; Type: SEQUENCE OWNED BY; Schema: public; Owner: - -- ALTER SEQUENCE group_memberships_id_seq OWNED BY access_group_memberships.id; -- --- Name: group_subtrees_id_seq; Type: SEQUENCE; Schema: public; Owner: checkpoint +-- Name: group_subtrees_id_seq; Type: SEQUENCE; Schema: public; Owner: - -- CREATE SEQUENCE group_subtrees_id_seq @@ -265,17 +242,15 @@ CREATE SEQUENCE group_subtrees_id_seq CACHE 1; -ALTER TABLE public.group_subtrees_id_seq OWNER TO checkpoint; - -- --- Name: group_subtrees_id_seq; Type: SEQUENCE OWNED BY; Schema: public; Owner: checkpoint +-- Name: group_subtrees_id_seq; Type: SEQUENCE OWNED BY; Schema: public; Owner: - -- ALTER SEQUENCE group_subtrees_id_seq OWNED BY access_group_subtrees.id; -- --- Name: groups_id_seq; Type: SEQUENCE; Schema: public; Owner: checkpoint +-- Name: groups_id_seq; Type: SEQUENCE; Schema: public; Owner: - -- CREATE SEQUENCE groups_id_seq @@ -286,17 +261,15 @@ CREATE SEQUENCE groups_id_seq CACHE 1; -ALTER TABLE public.groups_id_seq OWNER TO checkpoint; - -- --- Name: groups_id_seq; Type: SEQUENCE OWNED BY; Schema: public; Owner: checkpoint +-- Name: groups_id_seq; Type: SEQUENCE OWNED BY; Schema: public; Owner: - -- ALTER SEQUENCE groups_id_seq OWNED BY access_groups.id; -- --- Name: identities; Type: TABLE; Schema: public; Owner: checkpoint; Tablespace: +-- Name: identities; Type: TABLE; Schema: public; Owner: -; Tablespace: -- CREATE TABLE identities ( @@ -304,18 +277,16 @@ CREATE TABLE identities ( realm_id integer NOT NULL, primary_account_id integer, god boolean DEFAULT false, - created_at timestamp without time zone, - updated_at timestamp without time zone, + created_at timestamp without time zone NOT NULL, + updated_at timestamp without time zone NOT NULL, last_seen_on date, fingerprints tsvector, tags tsvector ); -ALTER TABLE public.identities OWNER TO checkpoint; - -- --- Name: identities_id_seq; Type: SEQUENCE; Schema: public; Owner: checkpoint +-- Name: identities_id_seq; Type: SEQUENCE; Schema: public; Owner: - -- CREATE SEQUENCE identities_id_seq @@ -326,17 +297,15 @@ CREATE SEQUENCE identities_id_seq CACHE 1; -ALTER TABLE public.identities_id_seq OWNER TO checkpoint; - -- --- Name: identities_id_seq; Type: SEQUENCE OWNED BY; Schema: public; Owner: checkpoint +-- Name: identities_id_seq; Type: SEQUENCE OWNED BY; Schema: public; Owner: - -- ALTER SEQUENCE identities_id_seq OWNED BY identities.id; -- --- Name: identity_ips; Type: TABLE; Schema: public; Owner: checkpoint; Tablespace: +-- Name: identity_ips; Type: TABLE; Schema: public; Owner: -; Tablespace: -- CREATE TABLE identity_ips ( @@ -348,10 +317,8 @@ CREATE TABLE identity_ips ( ); -ALTER TABLE public.identity_ips OWNER TO checkpoint; - -- --- Name: identity_ips_id_seq; Type: SEQUENCE; Schema: public; Owner: checkpoint +-- Name: identity_ips_id_seq; Type: SEQUENCE; Schema: public; Owner: - -- CREATE SEQUENCE identity_ips_id_seq @@ -362,17 +329,15 @@ CREATE SEQUENCE identity_ips_id_seq CACHE 1; -ALTER TABLE public.identity_ips_id_seq OWNER TO checkpoint; - -- --- Name: identity_ips_id_seq; Type: SEQUENCE OWNED BY; Schema: public; Owner: checkpoint +-- Name: identity_ips_id_seq; Type: SEQUENCE OWNED BY; Schema: public; Owner: - -- ALTER SEQUENCE identity_ips_id_seq OWNED BY identity_ips.id; -- --- Name: locations; Type: TABLE; Schema: public; Owner: checkpoint; Tablespace: +-- Name: locations; Type: TABLE; Schema: public; Owner: -; Tablespace: -- CREATE TABLE locations ( @@ -392,10 +357,8 @@ CREATE TABLE locations ( ); -ALTER TABLE public.locations OWNER TO checkpoint; - -- --- Name: locations_id_seq; Type: SEQUENCE; Schema: public; Owner: checkpoint +-- Name: locations_id_seq; Type: SEQUENCE; Schema: public; Owner: - -- CREATE SEQUENCE locations_id_seq @@ -406,17 +369,15 @@ CREATE SEQUENCE locations_id_seq CACHE 1; -ALTER TABLE public.locations_id_seq OWNER TO checkpoint; - -- --- Name: locations_id_seq; Type: SEQUENCE OWNED BY; Schema: public; Owner: checkpoint +-- Name: locations_id_seq; Type: SEQUENCE OWNED BY; Schema: public; Owner: - -- ALTER SEQUENCE locations_id_seq OWNED BY locations.id; -- --- Name: realms; Type: TABLE; Schema: public; Owner: checkpoint; Tablespace: +-- Name: realms; Type: TABLE; Schema: public; Owner: -; Tablespace: -- CREATE TABLE realms ( @@ -424,16 +385,14 @@ CREATE TABLE realms ( title text, label text NOT NULL, service_keys text, - created_at timestamp without time zone, - updated_at timestamp without time zone, + created_at timestamp without time zone NOT NULL, + updated_at timestamp without time zone NOT NULL, primary_domain_id integer ); -ALTER TABLE public.realms OWNER TO checkpoint; - -- --- Name: realms_id_seq; Type: SEQUENCE; Schema: public; Owner: checkpoint +-- Name: realms_id_seq; Type: SEQUENCE; Schema: public; Owner: - -- CREATE SEQUENCE realms_id_seq @@ -444,17 +403,15 @@ CREATE SEQUENCE realms_id_seq CACHE 1; -ALTER TABLE public.realms_id_seq OWNER TO checkpoint; - -- --- Name: realms_id_seq; Type: SEQUENCE OWNED BY; Schema: public; Owner: checkpoint +-- Name: realms_id_seq; Type: SEQUENCE OWNED BY; Schema: public; Owner: - -- ALTER SEQUENCE realms_id_seq OWNED BY realms.id; -- --- Name: schema_migrations; Type: TABLE; Schema: public; Owner: checkpoint; Tablespace: +-- Name: schema_migrations; Type: TABLE; Schema: public; Owner: -; Tablespace: -- CREATE TABLE schema_migrations ( @@ -462,25 +419,21 @@ CREATE TABLE schema_migrations ( ); -ALTER TABLE public.schema_migrations OWNER TO checkpoint; - -- --- Name: sessions; Type: TABLE; Schema: public; Owner: checkpoint; Tablespace: +-- Name: sessions; Type: TABLE; Schema: public; Owner: -; Tablespace: -- CREATE TABLE sessions ( id integer NOT NULL, identity_id integer, key text, - created_at timestamp without time zone, - updated_at timestamp without time zone + created_at timestamp without time zone NOT NULL, + updated_at timestamp without time zone NOT NULL ); -ALTER TABLE public.sessions OWNER TO checkpoint; - -- --- Name: sessions_id_seq; Type: SEQUENCE; Schema: public; Owner: checkpoint +-- Name: sessions_id_seq; Type: SEQUENCE; Schema: public; Owner: - -- CREATE SEQUENCE sessions_id_seq @@ -491,101 +444,99 @@ CREATE SEQUENCE sessions_id_seq CACHE 1; -ALTER TABLE public.sessions_id_seq OWNER TO checkpoint; - -- --- Name: sessions_id_seq; Type: SEQUENCE OWNED BY; Schema: public; Owner: checkpoint +-- Name: sessions_id_seq; Type: SEQUENCE OWNED BY; Schema: public; Owner: - -- ALTER SEQUENCE sessions_id_seq OWNED BY sessions.id; -- --- Name: id; Type: DEFAULT; Schema: public; Owner: checkpoint +-- Name: id; Type: DEFAULT; Schema: public; Owner: - -- ALTER TABLE ONLY access_group_memberships ALTER COLUMN id SET DEFAULT nextval('group_memberships_id_seq'::regclass); -- --- Name: id; Type: DEFAULT; Schema: public; Owner: checkpoint +-- Name: id; Type: DEFAULT; Schema: public; Owner: - -- ALTER TABLE ONLY access_group_subtrees ALTER COLUMN id SET DEFAULT nextval('group_subtrees_id_seq'::regclass); -- --- Name: id; Type: DEFAULT; Schema: public; Owner: checkpoint +-- Name: id; Type: DEFAULT; Schema: public; Owner: - -- ALTER TABLE ONLY access_groups ALTER COLUMN id SET DEFAULT nextval('groups_id_seq'::regclass); -- --- Name: id; Type: DEFAULT; Schema: public; Owner: checkpoint +-- Name: id; Type: DEFAULT; Schema: public; Owner: - -- ALTER TABLE ONLY accounts ALTER COLUMN id SET DEFAULT nextval('accounts_id_seq'::regclass); -- --- Name: id; Type: DEFAULT; Schema: public; Owner: checkpoint +-- Name: id; Type: DEFAULT; Schema: public; Owner: - -- ALTER TABLE ONLY bannings ALTER COLUMN id SET DEFAULT nextval('bannings_id_seq'::regclass); -- --- Name: id; Type: DEFAULT; Schema: public; Owner: checkpoint +-- Name: id; Type: DEFAULT; Schema: public; Owner: - -- ALTER TABLE ONLY callbacks ALTER COLUMN id SET DEFAULT nextval('callbacks_id_seq'::regclass); -- --- Name: id; Type: DEFAULT; Schema: public; Owner: checkpoint +-- Name: id; Type: DEFAULT; Schema: public; Owner: - -- ALTER TABLE ONLY domains ALTER COLUMN id SET DEFAULT nextval('domains_id_seq'::regclass); -- --- Name: id; Type: DEFAULT; Schema: public; Owner: checkpoint +-- Name: id; Type: DEFAULT; Schema: public; Owner: - -- ALTER TABLE ONLY identities ALTER COLUMN id SET DEFAULT nextval('identities_id_seq'::regclass); -- --- Name: id; Type: DEFAULT; Schema: public; Owner: checkpoint +-- Name: id; Type: DEFAULT; Schema: public; Owner: - -- ALTER TABLE ONLY identity_ips ALTER COLUMN id SET DEFAULT nextval('identity_ips_id_seq'::regclass); -- --- Name: id; Type: DEFAULT; Schema: public; Owner: checkpoint +-- Name: id; Type: DEFAULT; Schema: public; Owner: - -- ALTER TABLE ONLY locations ALTER COLUMN id SET DEFAULT nextval('locations_id_seq'::regclass); -- --- Name: id; Type: DEFAULT; Schema: public; Owner: checkpoint +-- Name: id; Type: DEFAULT; Schema: public; Owner: - -- ALTER TABLE ONLY realms ALTER COLUMN id SET DEFAULT nextval('realms_id_seq'::regclass); -- --- Name: id; Type: DEFAULT; Schema: public; Owner: checkpoint +-- Name: id; Type: DEFAULT; Schema: public; Owner: - -- ALTER TABLE ONLY sessions ALTER COLUMN id SET DEFAULT nextval('sessions_id_seq'::regclass); -- --- Name: accounts_pkey; Type: CONSTRAINT; Schema: public; Owner: checkpoint; Tablespace: +-- Name: accounts_pkey; Type: CONSTRAINT; Schema: public; Owner: -; Tablespace: -- ALTER TABLE ONLY accounts @@ -593,7 +544,7 @@ ALTER TABLE ONLY accounts -- --- Name: bannings_pkey; Type: CONSTRAINT; Schema: public; Owner: checkpoint; Tablespace: +-- Name: bannings_pkey; Type: CONSTRAINT; Schema: public; Owner: -; Tablespace: -- ALTER TABLE ONLY bannings @@ -601,7 +552,7 @@ ALTER TABLE ONLY bannings -- --- Name: callbacks_pkey; Type: CONSTRAINT; Schema: public; Owner: checkpoint; Tablespace: +-- Name: callbacks_pkey; Type: CONSTRAINT; Schema: public; Owner: -; Tablespace: -- ALTER TABLE ONLY callbacks @@ -609,7 +560,7 @@ ALTER TABLE ONLY callbacks -- --- Name: domains_pkey; Type: CONSTRAINT; Schema: public; Owner: checkpoint; Tablespace: +-- Name: domains_pkey; Type: CONSTRAINT; Schema: public; Owner: -; Tablespace: -- ALTER TABLE ONLY domains @@ -617,7 +568,7 @@ ALTER TABLE ONLY domains -- --- Name: group_memberships_pkey; Type: CONSTRAINT; Schema: public; Owner: checkpoint; Tablespace: +-- Name: group_memberships_pkey; Type: CONSTRAINT; Schema: public; Owner: -; Tablespace: -- ALTER TABLE ONLY access_group_memberships @@ -625,7 +576,7 @@ ALTER TABLE ONLY access_group_memberships -- --- Name: group_subtrees_pkey; Type: CONSTRAINT; Schema: public; Owner: checkpoint; Tablespace: +-- Name: group_subtrees_pkey; Type: CONSTRAINT; Schema: public; Owner: -; Tablespace: -- ALTER TABLE ONLY access_group_subtrees @@ -633,7 +584,7 @@ ALTER TABLE ONLY access_group_subtrees -- --- Name: groups_pkey; Type: CONSTRAINT; Schema: public; Owner: checkpoint; Tablespace: +-- Name: groups_pkey; Type: CONSTRAINT; Schema: public; Owner: -; Tablespace: -- ALTER TABLE ONLY access_groups @@ -641,7 +592,7 @@ ALTER TABLE ONLY access_groups -- --- Name: identities_pkey; Type: CONSTRAINT; Schema: public; Owner: checkpoint; Tablespace: +-- Name: identities_pkey; Type: CONSTRAINT; Schema: public; Owner: -; Tablespace: -- ALTER TABLE ONLY identities @@ -649,7 +600,7 @@ ALTER TABLE ONLY identities -- --- Name: identity_ips_pkey; Type: CONSTRAINT; Schema: public; Owner: checkpoint; Tablespace: +-- Name: identity_ips_pkey; Type: CONSTRAINT; Schema: public; Owner: -; Tablespace: -- ALTER TABLE ONLY identity_ips @@ -657,7 +608,7 @@ ALTER TABLE ONLY identity_ips -- --- Name: locations_pkey; Type: CONSTRAINT; Schema: public; Owner: checkpoint; Tablespace: +-- Name: locations_pkey; Type: CONSTRAINT; Schema: public; Owner: -; Tablespace: -- ALTER TABLE ONLY locations @@ -665,7 +616,7 @@ ALTER TABLE ONLY locations -- --- Name: realms_pkey; Type: CONSTRAINT; Schema: public; Owner: checkpoint; Tablespace: +-- Name: realms_pkey; Type: CONSTRAINT; Schema: public; Owner: -; Tablespace: -- ALTER TABLE ONLY realms @@ -673,7 +624,7 @@ ALTER TABLE ONLY realms -- --- Name: sessions_pkey; Type: CONSTRAINT; Schema: public; Owner: checkpoint; Tablespace: +-- Name: sessions_pkey; Type: CONSTRAINT; Schema: public; Owner: -; Tablespace: -- ALTER TABLE ONLY sessions @@ -681,154 +632,154 @@ ALTER TABLE ONLY sessions -- --- Name: account_uniqueness_index; Type: INDEX; Schema: public; Owner: checkpoint; Tablespace: +-- Name: account_uniqueness_index; Type: INDEX; Schema: public; Owner: -; Tablespace: -- CREATE UNIQUE INDEX account_uniqueness_index ON accounts USING btree (provider, realm_id, uid); -- --- Name: group_label_uniqueness_index; Type: INDEX; Schema: public; Owner: checkpoint; Tablespace: +-- Name: group_label_uniqueness_index; Type: INDEX; Schema: public; Owner: -; Tablespace: -- CREATE UNIQUE INDEX group_label_uniqueness_index ON access_groups USING btree (realm_id, label); -- --- Name: group_membership_identity_uniqueness_index; Type: INDEX; Schema: public; Owner: checkpoint; Tablespace: +-- Name: group_membership_identity_uniqueness_index; Type: INDEX; Schema: public; Owner: -; Tablespace: -- CREATE UNIQUE INDEX group_membership_identity_uniqueness_index ON access_group_memberships USING btree (access_group_id, identity_id); -- --- Name: group_subtree_location_uniqueness_index; Type: INDEX; Schema: public; Owner: checkpoint; Tablespace: +-- Name: group_subtree_location_uniqueness_index; Type: INDEX; Schema: public; Owner: -; Tablespace: -- CREATE UNIQUE INDEX group_subtree_location_uniqueness_index ON access_group_subtrees USING btree (access_group_id, location); -- --- Name: index_accounts_on_identity_id; Type: INDEX; Schema: public; Owner: checkpoint; Tablespace: +-- Name: index_accounts_on_identity_id; Type: INDEX; Schema: public; Owner: -; Tablespace: -- CREATE INDEX index_accounts_on_identity_id ON accounts USING btree (identity_id); -- --- Name: index_accounts_on_realm_id; Type: INDEX; Schema: public; Owner: checkpoint; Tablespace: +-- Name: index_accounts_on_realm_id; Type: INDEX; Schema: public; Owner: -; Tablespace: -- CREATE INDEX index_accounts_on_realm_id ON accounts USING btree (realm_id); -- --- Name: index_bannings_on_fingerprint_and_path; Type: INDEX; Schema: public; Owner: checkpoint; Tablespace: +-- Name: index_bannings_on_fingerprint_and_path; Type: INDEX; Schema: public; Owner: -; Tablespace: -- CREATE INDEX index_bannings_on_fingerprint_and_path ON bannings USING btree (fingerprint, path); -- --- Name: index_callbacks_on_location_id; Type: INDEX; Schema: public; Owner: checkpoint; Tablespace: +-- Name: index_callbacks_on_location_id; Type: INDEX; Schema: public; Owner: -; Tablespace: -- CREATE INDEX index_callbacks_on_location_id ON callbacks USING btree (location_id); -- --- Name: index_domains_on_name; Type: INDEX; Schema: public; Owner: checkpoint; Tablespace: +-- Name: index_domains_on_name; Type: INDEX; Schema: public; Owner: -; Tablespace: -- CREATE UNIQUE INDEX index_domains_on_name ON domains USING btree (name); -- --- Name: index_domains_on_realm_id; Type: INDEX; Schema: public; Owner: checkpoint; Tablespace: +-- Name: index_domains_on_realm_id; Type: INDEX; Schema: public; Owner: -; Tablespace: -- CREATE INDEX index_domains_on_realm_id ON domains USING btree (realm_id); -- --- Name: index_group_subtrees_on_group_id; Type: INDEX; Schema: public; Owner: checkpoint; Tablespace: +-- Name: index_group_subtrees_on_group_id; Type: INDEX; Schema: public; Owner: -; Tablespace: -- CREATE INDEX index_group_subtrees_on_group_id ON access_group_subtrees USING btree (access_group_id); -- --- Name: index_groups_on_realm_id; Type: INDEX; Schema: public; Owner: checkpoint; Tablespace: +-- Name: index_groups_on_realm_id; Type: INDEX; Schema: public; Owner: -; Tablespace: -- CREATE INDEX index_groups_on_realm_id ON access_groups USING btree (realm_id); -- --- Name: index_identities_on_realm_id; Type: INDEX; Schema: public; Owner: checkpoint; Tablespace: +-- Name: index_identities_on_realm_id; Type: INDEX; Schema: public; Owner: -; Tablespace: -- CREATE INDEX index_identities_on_realm_id ON identities USING btree (realm_id); -- --- Name: index_identity_ips_on_address; Type: INDEX; Schema: public; Owner: checkpoint; Tablespace: +-- Name: index_identity_ips_on_address; Type: INDEX; Schema: public; Owner: -; Tablespace: -- CREATE INDEX index_identity_ips_on_address ON identity_ips USING btree (address); -- --- Name: index_identity_ips_on_identity_id; Type: INDEX; Schema: public; Owner: checkpoint; Tablespace: +-- Name: index_identity_ips_on_identity_id; Type: INDEX; Schema: public; Owner: -; Tablespace: -- CREATE INDEX index_identity_ips_on_identity_id ON identity_ips USING btree (identity_id); -- --- Name: index_location_on_labels; Type: INDEX; Schema: public; Owner: checkpoint; Tablespace: +-- Name: index_location_on_labels; Type: INDEX; Schema: public; Owner: -; Tablespace: -- CREATE UNIQUE INDEX index_location_on_labels ON locations USING btree (label_0, label_1, label_2, label_3, label_4, label_5, label_6, label_7, label_8, label_9); -- --- Name: index_realms_on_label; Type: INDEX; Schema: public; Owner: checkpoint; Tablespace: +-- Name: index_realms_on_label; Type: INDEX; Schema: public; Owner: -; Tablespace: -- CREATE UNIQUE INDEX index_realms_on_label ON realms USING btree (label); -- --- Name: index_sessions_on_identity_id; Type: INDEX; Schema: public; Owner: checkpoint; Tablespace: +-- Name: index_sessions_on_identity_id; Type: INDEX; Schema: public; Owner: -; Tablespace: -- CREATE INDEX index_sessions_on_identity_id ON sessions USING btree (identity_id); -- --- Name: index_sessions_on_key; Type: INDEX; Schema: public; Owner: checkpoint; Tablespace: +-- Name: index_sessions_on_key; Type: INDEX; Schema: public; Owner: -; Tablespace: -- CREATE INDEX index_sessions_on_key ON sessions USING btree (key); -- --- Name: session_key_uniqueness_index; Type: INDEX; Schema: public; Owner: checkpoint; Tablespace: +-- Name: session_key_uniqueness_index; Type: INDEX; Schema: public; Owner: -; Tablespace: -- CREATE UNIQUE INDEX session_key_uniqueness_index ON sessions USING btree (key); -- --- Name: unique_schema_migrations; Type: INDEX; Schema: public; Owner: checkpoint; Tablespace: +-- Name: unique_schema_migrations; Type: INDEX; Schema: public; Owner: -; Tablespace: -- CREATE UNIQUE INDEX unique_schema_migrations ON schema_migrations USING btree (version); -- --- Name: accounts_identity_id_fkey; Type: FK CONSTRAINT; Schema: public; Owner: checkpoint +-- Name: accounts_identity_id_fkey; Type: FK CONSTRAINT; Schema: public; Owner: - -- ALTER TABLE ONLY accounts @@ -836,7 +787,7 @@ ALTER TABLE ONLY accounts -- --- Name: accounts_realm_id_fkey; Type: FK CONSTRAINT; Schema: public; Owner: checkpoint +-- Name: accounts_realm_id_fkey; Type: FK CONSTRAINT; Schema: public; Owner: - -- ALTER TABLE ONLY accounts @@ -844,7 +795,7 @@ ALTER TABLE ONLY accounts -- --- Name: domains_realm_id_fkey; Type: FK CONSTRAINT; Schema: public; Owner: checkpoint +-- Name: domains_realm_id_fkey; Type: FK CONSTRAINT; Schema: public; Owner: - -- ALTER TABLE ONLY domains @@ -852,7 +803,7 @@ ALTER TABLE ONLY domains -- --- Name: group_memberships_group_id_fkey; Type: FK CONSTRAINT; Schema: public; Owner: checkpoint +-- Name: group_memberships_group_id_fkey; Type: FK CONSTRAINT; Schema: public; Owner: - -- ALTER TABLE ONLY access_group_memberships @@ -860,7 +811,7 @@ ALTER TABLE ONLY access_group_memberships -- --- Name: group_memberships_identity_id_fkey; Type: FK CONSTRAINT; Schema: public; Owner: checkpoint +-- Name: group_memberships_identity_id_fkey; Type: FK CONSTRAINT; Schema: public; Owner: - -- ALTER TABLE ONLY access_group_memberships @@ -868,7 +819,7 @@ ALTER TABLE ONLY access_group_memberships -- --- Name: group_subtrees_group_id_fkey; Type: FK CONSTRAINT; Schema: public; Owner: checkpoint +-- Name: group_subtrees_group_id_fkey; Type: FK CONSTRAINT; Schema: public; Owner: - -- ALTER TABLE ONLY access_group_subtrees @@ -876,7 +827,7 @@ ALTER TABLE ONLY access_group_subtrees -- --- Name: groups_realm_id_fkey; Type: FK CONSTRAINT; Schema: public; Owner: checkpoint +-- Name: groups_realm_id_fkey; Type: FK CONSTRAINT; Schema: public; Owner: - -- ALTER TABLE ONLY access_groups @@ -884,7 +835,7 @@ ALTER TABLE ONLY access_groups -- --- Name: realms_primary_domain_id_fkey; Type: FK CONSTRAINT; Schema: public; Owner: checkpoint +-- Name: realms_primary_domain_id_fkey; Type: FK CONSTRAINT; Schema: public; Owner: - -- ALTER TABLE ONLY realms @@ -892,7 +843,7 @@ ALTER TABLE ONLY realms -- --- Name: sessions_identity_id_fkey; Type: FK CONSTRAINT; Schema: public; Owner: checkpoint +-- Name: sessions_identity_id_fkey; Type: FK CONSTRAINT; Schema: public; Owner: - -- ALTER TABLE ONLY sessions diff --git a/db/migrate/20130515141358_add_origins_field_to_domains.rb b/db/migrate/20130515141358_add_origins_field_to_domains.rb new file mode 100644 index 0000000..3051ac5 --- /dev/null +++ b/db/migrate/20130515141358_add_origins_field_to_domains.rb @@ -0,0 +1,9 @@ +class AddOriginsFieldToDomains < ActiveRecord::Migration + def self.up + add_column :domains, :origins, :tsvector + end + + def self.down + remove_column :domains, :origins + end +end diff --git a/lib/checkpoint/models/domain.rb b/lib/checkpoint/models/domain.rb index a8fa7f8..498edc8 100644 --- a/lib/checkpoint/models/domain.rb +++ b/lib/checkpoint/models/domain.rb @@ -13,7 +13,9 @@ class Domain < ActiveRecord::Base :dependent => :nullify after_save :ensure_primary_domain - + + ts_vector :origins + validates :name, :presence => {}, :uniqueness => {} validates_each :name do |record, attr, name| unless Domain.valid_name?(name) @@ -24,6 +26,27 @@ class Domain < ActiveRecord::Base end end + def allow_origin?(origin) + all_hosts = (realm.domains.map(&:name) << self.origins.to_a).compact.flatten.uniq + all_hosts.include?(SimpleIDN.to_ascii(origin)) + end + + def add_origin(origin) + raise "Invalid origin #{origin}" unless Domain.valid_name?(origin) + self.origins = self.origins << SimpleIDN.to_ascii(origin) + save! + end + + def remove_origin(origin) + origin_host = SimpleIDN.to_ascii(origin) + if self.origins.include?(origin_host) + self.origins = self.origins.to_a.select { |d| d != origin_host } + save + else + raise "Not found" + end + end + class << self # Finds domain matching a host name. def resolve_from_host_name(host_name) diff --git a/spec/api/v1/domains_spec.rb b/spec/api/v1/domains_spec.rb index 8c415d9..c9ce6b8 100644 --- a/spec/api/v1/domains_spec.rb +++ b/spec/api/v1/domains_spec.rb @@ -58,6 +58,26 @@ def app result['domain']['realm'].should eq 'area51' end + it "creates rules and tests if a host is allowed as an origin" do + domain = Domain.create!(:name => 'mystuff.com', :realm => realm) + get "/domains/mystuff.com/allows/example.org" + result = JSON.parse(last_response.body) + result['allowed'].should eq true + get "/domains/mystuff.com/allows/pinshing.com" + result = JSON.parse(last_response.body) + result['allowed'].should eq false + post "/realms/area51/domains/mystuff.com/origins", :origin => "pinshing.com", :session => somegod_session + last_response.status.should == 201 + get "/domains/mystuff.com/allows/pinshing.com" + result = JSON.parse(last_response.body) + result['allowed'].should eq true + delete "/realms/area51/domains/mystuff.com/origins/pinshing.com", :session => somegod_session + last_response.status.should == 204 + get "/domains/mystuff.com/allows/pinshing.com" + result = JSON.parse(last_response.body) + result['allowed'].should eq false + end + it "lets gods attach a new domain to a realm, but not reattach it to another realm" do post "/realms/area51/domains", :name => "ditto.org", :session => somegod_session last_response.status.should eq 201