Initial Commit

.dockerignore

@@ -0,0 +1,3 @@
+.git
+persistent
+scripts

.editorconfig

@@ -0,0 +1,19 @@
+root = true
+
+[*]
+charset = utf-8
+end_of_line = lf
+insert_final_newline = true
+
+[*.{php,js,css,less,json,html,sh}]
+indent_style = space
+trim_trailing_whitespace = true
+
+[*.php]
+indent_size = 4
+
+[*.{js,css,less,json,sh,service,target,ini}]
+indent_size = 2
+
+[Makefile]
+indent_style = tab

.gitignore

@@ -0,0 +1,11 @@
+autoload.php
+*.mo
+/Framework/build/
+/API/build/
+/Styles/css/
+/Application/build/
+/packages/**/rpm/
+/.idea
+/persistent/
+npm-debug.log
+/config

.gitmodules

@@ -0,0 +1,7 @@
+[submodule "Ink"]
+	path = Ink
+	url = [email protected]:timetabio/Ink
+	branch = master
+[submodule "Framework/lib/S3Helper"]
+	path = Framework/lib/S3Helper
+	url = [email protected]:timetabio/S3Helper.git

.travis.yml

@@ -0,0 +1,39 @@
+sudo: required
+dist: trusty
+group: edge
+
+services:
+- docker
+
+env:
+- TTIO_BUILD_ENV=production
+
+notifications:
+  email: false
+
+before_install:
+- 'openssl aes-256-cbc -K $encrypted_b3a2ec95562f_key -iv $encrypted_b3a2ec95562f_iv -in data/timetabio-bot.enc -out data/timetabio-bot -d'
+- docker login -p ${TTIO_DOCKER_PASSWORD} -u bot https://docker.ttio.cloud:5000
+
+addons:
+  ssh_known_hosts:
+  - timetab.io
+
+before_script:
+- ./scripts/rake.sh
+
+script:
+- ./scripts/rake.sh test
+
+before_deploy:
+- chmod 600 $TRAVIS_BUILD_DIR/data/timetabio-bot
+- ./scripts/
+
+deploy:
+  provider: script
+  skip_cleanup: true
+
+  script: ./scripts/deploy.sh
+
+  on:
+    tags: true

API/Rakefile

@@ -0,0 +1,19 @@
+require 'rake/clean'
+require '../rake/gen_autoload'
+
+TARGETS = [
+    gen_autoload('src'),
+    # gen_autoload('tests')
+]
+
+task default: TARGETS
+
+desc 'Run tests'
+task :test do
+  # sh 'phpunit'
+end
+
+desc 'Install dependencies'
+task :deps do
+  # install dependencies here
+end

API/bootstrap.php

@@ -0,0 +1,4 @@
+<?php
+require __DIR__ . '/../Framework/bootstrap.php';
+require __DIR__ . '/../Library/bootstrap.php';
+require __DIR__ . '/src/autoload.php';

API/config/system.ini

@@ -0,0 +1 @@
+../../config/dev/api.ini

API/index.php

@@ -0,0 +1,13 @@
+<?php
+/**
+ * (c) 2016 Ruben Schmidmeister
+ */
+namespace Timetabio\API
+{
+    use Timetabio\API\Bootstrap\Bootstrapper;
+    use Timetabio\Framework\FrontController;
+
+    require __DIR__ . '/bootstrap.php';
+
+    (new FrontController(new Bootstrapper()))->run();
+}

API/phpunit.xml

@@ -0,0 +1,35 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<phpunit bootstrap="tests/bootstrap.php"
+         backupGlobals="false"
+         backupStaticAttributes="false"
+         beStrictAboutTestsThatDoNotTestAnything="true"
+         beStrictAboutOutputDuringTests="true"
+         beStrictAboutTestSize="true"
+         timeoutForSmallTests="2"
+         colors="true"
+         forceCoversAnnotation="true"
+         beStrictAboutCoversAnnotation="true"
+         strict="true"
+         verbose="true">
+
+    <testsuites>
+        <testsuite name="API">
+            <directory suffix="Test.php">tests</directory>
+        </testsuite>
+    </testsuites>
+
+    <logging>
+        <log type="coverage-html" target="build/coverage" title="API"
+             charset="UTF-8" yui="true" highlight="true"
+             lowUpperBound="35" highLowerBound="70"/>
+    </logging>
+
+    <filter>
+        <whitelist addUncoveredFilesFromWhitelist="true">
+            <directory suffix=".php">src</directory>
+            <exclude>
+                <file>src/autoload.php</file>
+            </exclude>
+        </whitelist>
+    </filter>
+</phpunit>

API/scripts/create-feeds.sh

@@ -0,0 +1,11 @@
+#!/bin/sh
+
+WORDS=$(curl "https://raw.githubusercontent.com/hzlzh/Domain-Name-List/master/Animal-words.txt")
+API_BASE='https://devapi.timetab.io/v1'
+
+TOKEN_JSON=$(curl -X POST ${API_BASE}/auth -d user='peanut_butter' -d password='foo_bar_baz' -d scopes='*')
+TOKEN=$(echo ${TOKEN_JSON} | python -c "import json, sys; obj = json.load(sys.stdin); print obj['access_token'];")
+
+for WORD in ${WORDS}; do
+  curl -X POST ${API_BASE}/feeds -H "Authorization: Bearer ${TOKEN}" -d name=${WORD} -d is_private=false
+done

API/scripts/create-system-token.php

@@ -0,0 +1,31 @@
+#!/usr/bin/env php
+<?php
+/**
+ * (c) 2016 Ruben Schmidmeister
+ */
+namespace Timetabio\API
+{
+    use Timetabio\API\Access\AccessTypes\SystemAccess;
+    use Timetabio\API\ValueObjects\AccessToken;
+    use Timetabio\Framework\ValueObjects\Token;
+
+    require __DIR__ . '/../bootstrap.php';
+
+    $config = parse_ini_file(__DIR__ . '/../config/system.ini', false);
+
+    $token = new Token;
+    $accessToken = new AccessToken($token, new SystemAccess);
+
+    $redis = new \Redis();
+    $redis->connect($config['redisHost']);
+
+    if ($redis->exists('system_token')) {
+        echo 'System token already exists.' . PHP_EOL;
+        exit;
+    }
+
+    $redis->set('access_token_' . $token, serialize($accessToken));
+    $redis->set('system_token', (string) $token);
+
+    echo 'System token created.' . PHP_EOL;
+}

API/scripts/create-user.sh

@@ -0,0 +1,33 @@
+#!/bin/sh
+
+TOKEN=$(docker exec ttio-dev-redis redis-cli --raw GET system_token)
+API_BASE='https://devapi.timetab.io/v1'
+
+printf 'Email [[email protected]]: '
+read EMAIL
+
+printf 'Username [peanut_butter]: '
+read USERNAME
+
+printf 'Password [foo_bar_baz]: '
+read -s PASSWORD
+
+echo ""
+
+if [ -z "${EMAIL}" ]; then
+  EMAIL='[email protected]'
+fi
+
+if [ -z "${USERNAME}" ]; then
+  USERNAME='peanut_butter'
+fi
+
+if [ -z "${PASSWORD}" ]; then
+  PASSWORD='foo_bar_baz'
+fi
+
+curl -X POST ${API_BASE}/users -H "Authorization: Bearer ${TOKEN}" -d username="${USERNAME}" -d password="${PASSWORD}" -d email="${EMAIL}"
+
+VERIFY_TOKEN=($(docker exec -i ttio-dev-postgres psql -U postgres -t -q -c "SELECT token FROM verification_tokens WHERE email='${EMAIL}' LIMIT 1"))
+
+curl -X POST ${API_BASE}/verify -H "Authorization: Bearer ${TOKEN}" -d token=${VERIFY_TOKEN}

API/src/Access/AccessControl.php

@@ -0,0 +1,57 @@
+<?php
+/**
+ * (c) 2016 Ruben Schmidmeister
+ */
+namespace Timetabio\API\Access
+{
+    use Timetabio\API\Access\AccessTypes\AccessTypeInterface;
+    use Timetabio\API\Access\AccessTypes\NoAccess;
+    use Timetabio\API\DataStore\DataStoreReader;
+    use Timetabio\API\Endpoints\EndpointInterface;
+    use Timetabio\API\Readers\RequestTokenReader;
+    use Timetabio\Framework\Http\Request\RequestInterface;
+
+    class AccessControl
+    {
+        /**
+         * @var DataStoreReader
+         */
+        private $dataStoreReader;
+
+        /**
+         * @var RequestTokenReader
+         */
+        private $requestTokenReader;
+
+        public function __construct(
+            DataStoreReader $dataStoreReader,
+            RequestTokenReader $requestTokenReader
+        )
+        {
+            $this->dataStoreReader = $dataStoreReader;
+            $this->requestTokenReader = $requestTokenReader;
+        }
+
+        public function hasAccess(RequestInterface $request, EndpointInterface $endpoint): bool
+        {
+            return $endpoint->hasAccess($this->getAccessType($request));
+        }
+
+        protected function getAccessType(RequestInterface $request): AccessTypeInterface
+        {
+            $token = $this->requestTokenReader->read($request);
+
+            if ($token === null) {
+                return new NoAccess;
+            }
+
+            if (!$this->dataStoreReader->hasAccessToken($token)) {
+                return new NoAccess;
+            }
+
+            $accessToken = $this->dataStoreReader->getAccessToken($token);
+
+            return $accessToken->getAccessType();
+        }
+    }
+}

API/src/Access/AccessControl/AbstractAccessControl.php

@@ -0,0 +1,28 @@
+<?php
+/**
+ * (c) 2016 Ruben Schmidmeister
+ */
+namespace Timetabio\API\Access\AccessControl
+{
+    use Timetabio\API\Access\AccessTypes\FullAccess;
+    use Timetabio\API\Access\AccessTypes\ScopedAccess;
+    use Timetabio\API\ValueObjects\AccessToken;
+
+    abstract class AbstractAccessControl
+    {
+        protected function checkScope(AccessToken $accessToken, string $scope): bool
+        {
+            $accessType = $accessToken->getAccessType();
+
+            if ($accessType instanceof FullAccess) {
+                return true;
+            }
+
+            if ($accessType instanceof ScopedAccess) {
+                return $accessType->hasScope($scope);
+            }
+
+            return false;
+        }
+    }
+}

API/src/Access/AccessControl/CollectionAccessControl.php

@@ -0,0 +1,33 @@
+<?php
+/**
+ * (c) 2016 Ruben Schmidmeister
+ */
+namespace Timetabio\API\Access\AccessControl
+{
+    use Timetabio\API\ValueObjects\AccessToken;
+
+    class CollectionAccessControl extends AbstractAccessControl
+    {
+        public function hasReadAccess(AccessToken $accessToken, array $collection): bool
+        {
+            $userId = (string) $accessToken->getUserId();
+
+            if ($collection['owner_id'] === (string) $userId) {
+                return $this->checkScope($accessToken, 'collections:read');
+            }
+
+            return false;
+        }
+
+        public function hasWriteAccess(AccessToken $accessToken, array $collection): bool
+        {
+            $userId = (string) $accessToken->getUserId();
+
+            if ($collection['owner_id'] === (string) $userId) {
+                return $this->checkScope($accessToken, 'collections:write');
+            }
+
+            return false;
+        }
+    }
+}