3scale-labs / 3scale_ws_api_for_ruby Goto Github PK

https://github.com/3scale/3scale_ws_api_for_ruby/blob/master/lib/3scale/client.rb#L67 should be documented

From November 2016 service_id is mandatory. The code would need to be reviewed to support the use of service_id (it should be optional to avoid breaking change).

ThreeScale::Client#report does not receive a service ID by parameter. For that reason, all the reports are applied to the default service. It is not possible to specify a different one.

The #authrep method in the Client class accepts user_id as a param, but #authorize and #report do not.

We need to fix this to support services that have the end user plans feature enabled.

The 3scale service management API accepts a predicted usage field in the authorize calls, but this gem does not.

Currently the client does not basically do OAuth calls (just oauth_authorize, and surprisingly it lacks token support). This should be fixed/added to properly support such workflows.

https://github.com/3scale/3scale_ws_api_for_ruby#a-rails-example

The example provided in Rails Example section of the README is not thread-safe. This is not a good example because the default Rails web server today, puma, is threaded.

A better example might include this method for create_client instead:

def create_client
  @@threescale_client ||= {}
  @@threescale_client[Thread.current.name] ||=
    ThreeScale::Client.new(service_tokens: true)
end

I am not an expert but when I was hitting my API several times within the space of a second, I was getting some calls out to 3scale aborted with a response from "openresty" that looked like a header was placed into the body by accident.

It seems to me this could only be a threading issue, because it went away when I gave each worker thread his own 3scale client.

> puts body
HTTP/1.1 200 OK
Server: openresty
Date: Thu, 15 Nov 2018 14:45:56 GMT
Content-Type: application/vnd.3scale-v2.0+xml
Con

intercepted at lib/3scale/client.rb ~ line 368 instead of the expected response body:

<?xml version="1.0" encoding="UTF-8"?><status><authorized>true</authorized><plan>Your Plan Name Here</plan></status>

When an authorize response does not return period_start and period_end values, the plugin fails with an undefined methodcontent' for nil:NilClass`

3scale_client (2.3.0) lib/3scale/client.rb:301:in `block in build_authorize_response'
nokogiri (1.5.0) lib/nokogiri/xml/node_set.rb:239:in `block in each'
nokogiri (1.5.0) lib/nokogiri/xml/node_set.rb:238:in `upto'
nokogiri (1.5.0) lib/nokogiri/xml/node_set.rb:238:in `each'
3scale_client (2.3.0) lib/3scale/client.rb:298:in `build_authorize_response'
3scale_client (2.3.0) lib/3scale/client.rb:195:in `authorize'
app/controllers/application_controller.rb:155:in `check_api_key'
app/controllers/application_controller.rb:55:in `before_functions'
activesupport (3.2.0) lib/active_support/callbacks.rb:418:in `_run__949943618__process_action__284222620__callbacks'

This happens when the period for a metric is set to eternity.

As described in #43 (comment)

Move RackQuery somewhere inside ThreeScale namespace.

The plugin would need to be updated to support service_token along with provider_key.

By default, ThreeScale::Client.new initializes the 3scale host as su1.3scale.net. It allows you to specify a different host with ThreeScale::Client.new(provider_key: 'my_provider_key', host: 'my_host'). However, it does not allow using a port other than 80.

I'm having the following error when I try to authorize an application without app_key

NoMethodError: undefined method 'content' for nil:NilClass
    from .../ruby-1.9.2-p180/gems/activesupport-3.1.3/lib/active_support/whiny_nil.rb:48:in 'method_missing'
    from .../ruby-1.9.2-p180/gems/3scale_client-2.2.4/lib/3scale/client.rb:217:in 'build_error_response'
    from .../ruby-1.9.2-p180/gems/3scale_client-2.2.4/lib/3scale/client.rb:154:in 'authorize'
    from .../ruby-1.9.2-p180/gems/railties-3.1.3/lib/rails/commands/console.rb:45:in 'start'
    from .../ruby-1.9.2-p180/gems/railties-3.1.3/lib/rails/commands/console.rb:8:in 'start'
    from ...//ruby-1.9.2-p180/gems/railties-3.1.3/lib/rails/commands.rb:40:in '<top (required)>'

but when I add the app_key it just works.
Can someone explain me this problem?

Travis is currently failing on master for all the ruby versions that Travis tries except 2.3.0. In the gemspec, there isn't a rack version specified, so Travis downloads the latest one (2.0.1), which requires ruby >= 2.2.2.

I think the ideal solution is to specify a minimum ruby version in the gemspec, and then, specify a rack version accordingly.

https://support.3scale.net/forum/topics/threescale-client-authrep-doesn-t-return-error_code-on-throttled-requests

The API doc says that authorize() returns a 409 status code and a reason message when a request is denied due to throttling. The Ruby client swallows the status code, so I have to parse the error_message. It would be nice to set the @error_code. Here’s an example response:

#<ThreeScale::AuthorizeResponse:0×007ffbdc702620 @usage_reports=
[#<ThreeScale::AuthorizeResponse::UsageReport:0×007ffbe1dbca10 
@metric=“hits”, @period=:minute, @period_start=“2014-05-23 19:40:00 +0000”, 
@period_end=“2014-05-23 19:41:00 +0000”, @current_value=1, @max_value=1>], 
@error_code=nil, @error_message=“usage limits are exceeded”, @plan=“Test Plan”>

The client is using http, not https, for communication to 3scale. This means that credentials are sent unencrypted over the wire, making it trivial to sniff any client's secret keys with access to network traffic between an API and 3scale.

Hey,

I tried to report a call like this

@@client.report( {:user_key => params[:user_key],  :usage => {method_name => usage_value}})

But in my error tabs on my dashboard there is the following error
application with id="" was not found

and the call is not reported on this metric.

I will try to fork and PR, just no time right now.
Thanks