Drop signing and use JWT (#35)

Author: ferhatelmas

src/stream-net-tests/IntegrationTests.cs

@@ -1225,11 +1225,8 @@ public async Task TestAggregate()
             var response = await _user1.AddActivity(newActivity1);
             response = await _user1.AddActivity(newActivity2);
 
-
-
             await _agg4.FollowFeed(this._user1);
 
-
             var activities = await this._agg4.GetActivities(0);
             Assert.IsNotNull(activities);
             Assert.AreEqual(1, activities.Count());

src/stream-net-tests/SigningTest.cs

@@ -132,7 +132,7 @@ internal JObject ToJObject(StreamClient client)
             if (To.SafeCount() > 0)
             {
                 JArray toArray = new JArray();
-                (from t in To select client.SignTo(t)).ForEach((st) =>
+                To.ForEach((st) =>
                 {
                     toArray.Add(st);
                 });

src/stream-net/Activity.cs

@@ -76,7 +76,6 @@ public async Task AddToMany(Activity activity, IEnumerable<string> feedIds)
             request.SetJsonBody(
                 "{" + string.Format("\"activity\": {0}, \"feeds\": {1}", activity.ToJson(this._client), JsonConvert.SerializeObject(feedIds)) + "}"
             );
-            _client.SignRequest(request);
 
             var response = await _client.MakeRequest(request);
 
@@ -101,8 +100,6 @@ public async Task FollowMany(IEnumerable<Follow> follows, int activityCopyLimit
                                                                 target = f.Target
                                                             }));
 
-            _client.SignRequest(request);
-
             var response = await _client.MakeRequest(request);
 
             if (response.StatusCode != System.Net.HttpStatusCode.Created)
@@ -116,7 +113,7 @@ public async Task<IEnumerable<Activity>> GetActivities(IEnumerable<string> ids =
             if (ids != null && foreignIDTimes != null)
                 throw new ArgumentException("at most one of the parameters ids or foreignIdTimes must be provided", "ids, foreignIDTimes");
 
-            var request = _client.BuildJWTAppRequest("activities/", HttpMethod.GET);
+            var request = _client.BuildAppRequest("activities/", HttpMethod.GET);
 
             if (ids != null)
             {
@@ -140,7 +137,7 @@ public async Task<IEnumerable<Activity>> GetActivities(IEnumerable<string> ids =
 
         public async Task UpdateActivities(IEnumerable<Activity> activities)
         {
-            var request = _client.BuildJWTAppRequest("activities/", HttpMethod.POST);
+            var request = _client.BuildAppRequest("activities/", HttpMethod.POST);
             request.SetJsonBody(Activity.ToActivitiesJson(activities, this._client));
 
             var response = await this._client.MakeRequest(request);
@@ -151,7 +148,7 @@ public async Task UpdateActivities(IEnumerable<Activity> activities)
 
         public async Task ActivitiesPartialUpdate(IEnumerable<ActivityPartialUpdateRequestObject> updates)
         {
-            var request = this._client.BuildJWTAppRequest("activity/", HttpMethod.POST);
+            var request = this._client.BuildAppRequest("activity/", HttpMethod.POST);
 
             var requestData = new Dictionary<string, object>(){
                 {"changes", updates.Select(x => x.ToJObject())}

src/stream-net/BatchOperations.cs

@@ -129,7 +129,7 @@ public async Task UpsertMany(string collectionName, IEnumerable<CollectionObject
                 new JProperty("data", new JObject(
                     new JProperty(collectionName, data.Select(x => x.ToJObject())))));
 
-            var request = this._client.BuildJWTAppRequest("collections/", HttpMethod.POST);
+            var request = this._client.BuildAppRequest("collections/", HttpMethod.POST);
             request.SetJsonBody(dataJson.ToString());
 
             var response = await this._client.MakeRequest(request);
@@ -148,7 +148,7 @@ public async Task<IEnumerable<CollectionObject>> SelectMany(string collectionNam
         {
             var foreignIds = ids.Select(x => string.Format("{0}:{1}", collectionName, x));
 
-            var request = this._client.BuildJWTAppRequest("collections/", HttpMethod.GET);
+            var request = this._client.BuildAppRequest("collections/", HttpMethod.GET);
             request.AddQueryParameter("foreign_ids", string.Join(",", foreignIds));
 
             var response = await this._client.MakeRequest(request);
@@ -161,7 +161,7 @@ public async Task<IEnumerable<CollectionObject>> SelectMany(string collectionNam
 
         public async Task DeleteMany(string collectionName, IEnumerable<string> ids)
         {
-            var request = this._client.BuildJWTAppRequest("collections/", HttpMethod.DELETE);
+            var request = this._client.BuildAppRequest("collections/", HttpMethod.DELETE);
             request.AddQueryParameter("collection_name", collectionName);
             request.AddQueryParameter("ids", string.Join(",", ids));
 
@@ -180,7 +180,7 @@ public async Task<CollectionObject> Add(string collectionName, GenericData data,
                 _data = data,
             };
 
-            var request = this._client.BuildJWTAppRequest($"collections/{collectionName}/", HttpMethod.POST);
+            var request = this._client.BuildAppRequest($"collections/{collectionName}/", HttpMethod.POST);
             request.SetJsonBody(collectionObject.ToJson());
 
             var response = await this._client.MakeRequest(request);
@@ -193,7 +193,7 @@ public async Task<CollectionObject> Add(string collectionName, GenericData data,
 
         public async Task<CollectionObject> Get(string collectionName, string ID)
         {
-            var request = this._client.BuildJWTAppRequest($"collections/{collectionName}/{ID}/", HttpMethod.GET);
+            var request = this._client.BuildAppRequest($"collections/{collectionName}/{ID}/", HttpMethod.GET);
 
             var response = await this._client.MakeRequest(request);
 
@@ -206,7 +206,7 @@ public async Task<CollectionObject> Get(string collectionName, string ID)
         public async Task<CollectionObject> Update(string collectionName, string ID, GenericData data)
         {
             var dataJson = new JObject(new JProperty("data", data.ToJObject()));
-            var request = this._client.BuildJWTAppRequest($"collections/{collectionName}/{ID}/", HttpMethod.PUT);
+            var request = this._client.BuildAppRequest($"collections/{collectionName}/{ID}/", HttpMethod.PUT);
             request.SetJsonBody(dataJson.ToString());
 
             var response = await this._client.MakeRequest(request);
@@ -219,7 +219,7 @@ public async Task<CollectionObject> Update(string collectionName, string ID, Gen
 
         public async Task Delete(string collectionName, string ID)
         {
-            var request = this._client.BuildJWTAppRequest($"collections/{collectionName}/{ID}/", HttpMethod.DELETE);
+            var request = this._client.BuildAppRequest($"collections/{collectionName}/{ID}/", HttpMethod.DELETE);
 
             var response = await this._client.MakeRequest(request);
 

src/stream-net/Collections.cs

@@ -9,6 +9,7 @@ public interface IStreamClient
         Collections Collections { get; }
         Reactions Reactions { get; }
         Users Users { get; }
+        Personalization Personalization { get; }
 
         Task ActivityPartialUpdate(string id = null, ForeignIDTime foreignIDTime = null, GenericData set = null, IEnumerable<string> unset = null);
         IStreamFeed Feed(string feedSlug, string userId);

src/stream-net/IStreamClient.cs

@@ -6,9 +6,8 @@ namespace Stream
     public interface IStreamFeed
     {
         string FeedId { get; }
-        string ReadOnlyToken { get; }
-        string Token { get; }
         string UrlPath { get; }
+        string EnrichedPath { get; }
 
         Task<IEnumerable<Activity>> AddActivities(IEnumerable<Activity> activities);
         Task<Activity> AddActivity(Activity activity);

src/stream-net/IStreamFeed.cs

@@ -13,7 +13,7 @@ public class ReactionsWithActivity
     {
         [JsonProperty(NullValueHandling = NullValueHandling.Ignore, PropertyName = "results")]
         public IEnumerable<Reaction> Reactions { get; internal set; }
-        
+
         public EnrichedActivity Activity { get; internal set; }
     }
 
@@ -73,7 +73,7 @@ public ReactionFiltering WithFilter(ReactionFilter filter)
         }
 
         internal ReactionFiltering WithActivityData()
-        {            
+        {
             _filter = (_filter == null) ? ReactionFilter.Where().WithActivityData() : _filter.WithActivityData();
 
             return this;
@@ -178,7 +178,7 @@ internal static EnrichedActivity GetActivity(string json)
 
                 return null;
             }
-        }        
+        }
 
         internal Reactions(StreamClient client)
         {
@@ -217,7 +217,7 @@ public async Task<Reaction> AddChild(Reaction parent, string kind, string userID
 
         public async Task<Reaction> Get(string reactionID)
         {
-            var request = this._client.BuildJWTAppRequest($"reaction/{reactionID}/", HttpMethod.GET);
+            var request = this._client.BuildAppRequest($"reaction/{reactionID}/", HttpMethod.GET);
 
             var response = await this._client.MakeRequest(request);
 
@@ -228,19 +228,19 @@ public async Task<Reaction> Get(string reactionID)
         }
 
         public async Task<IEnumerable<Reaction>> Filter(ReactionFiltering filtering, ReactionPagination pagination)
-        {            
+        {
             var response = await FilterHelper(filtering, pagination);
 
             if (response.StatusCode == System.Net.HttpStatusCode.OK)
-            {                
+            {
                 return JsonConvert.DeserializeObject<ReactionsFilterResponse>(response.Content).Reactions;
             }
 
             throw StreamException.FromResponse(response);
         }
 
         public async Task<ReactionsWithActivity> FilterWithActivityData(ReactionFiltering filtering, ReactionPagination pagination)
-        {            
+        {
             var response = await FilterHelper(filtering.WithActivityData(), pagination);
 
             if (response.StatusCode == System.Net.HttpStatusCode.OK)
@@ -261,9 +261,9 @@ public async Task<ReactionsWithActivity> FilterWithActivityData(ReactionFilterin
         private async Task<RestResponse> FilterHelper(ReactionFiltering filtering, ReactionPagination pagination)
         {
             var urlPath = pagination.GetPath();
-            var request = this._client.BuildJWTAppRequest($"reaction/{urlPath}", HttpMethod.GET);
+            var request = this._client.BuildAppRequest($"reaction/{urlPath}", HttpMethod.GET);
             filtering.Apply(request);
-          
+
             var response = await this._client.MakeRequest(request);
 
             return response;
@@ -278,7 +278,7 @@ public async Task<Reaction> Update(string reactionID, IDictionary<string, object
                 TargetFeeds = targetFeeds
             };
 
-            var request = this._client.BuildJWTAppRequest($"reaction/{reactionID}/", HttpMethod.PUT);
+            var request = this._client.BuildAppRequest($"reaction/{reactionID}/", HttpMethod.PUT);
             request.SetJsonBody(JsonConvert.SerializeObject(r));
 
             var response = await this._client.MakeRequest(request);
@@ -292,7 +292,7 @@ public async Task<Reaction> Update(string reactionID, IDictionary<string, object
 
         public async Task Delete(string reactionID)
         {
-            var request = this._client.BuildJWTAppRequest($"reaction/{reactionID}/", HttpMethod.DELETE);
+            var request = this._client.BuildAppRequest($"reaction/{reactionID}/", HttpMethod.DELETE);
 
             var response = await this._client.MakeRequest(request);
 
@@ -302,7 +302,7 @@ public async Task Delete(string reactionID)
 
         private async Task<Reaction> Add(Reaction r)
         {
-            var request = this._client.BuildJWTAppRequest("reaction/", HttpMethod.POST);
+            var request = this._client.BuildAppRequest("reaction/", HttpMethod.POST);
             request.SetJsonBody(JsonConvert.SerializeObject(r));
 
             var response = await this._client.MakeRequest(request);

src/stream-net/Reactions.cs

@@ -71,8 +71,7 @@ public IStreamFeed Feed(string feedSlug, string userId)
             if (string.IsNullOrWhiteSpace(userId))
                 throw new ArgumentNullException("userId", "Must have an userId");
 
-            string token = Sign(feedSlug + userId);
-            return new StreamFeed(this, feedSlug, userId, token);
+            return new StreamFeed(this, feedSlug, userId);
         }
 
         public async Task ActivityPartialUpdate(string id = null, ForeignIDTime foreignIDTime = null, GenericData set = null, IEnumerable<string> unset = null)
@@ -200,38 +199,16 @@ internal RestRequest BuildActivitiesRequest(StreamFeed feed)
             return BuildRestRequest(BaseUrlPath + ActivitiesUrlPath, HttpMethod.POST);
         }
 
-        internal RestRequest BuildJWTAppRequest(string path, HttpMethod method)
-        {
-            return BuildRestRequest(BaseUrlPath + path, method);
-        }
-
         internal RestRequest BuildAppRequest(string path, HttpMethod method)
         {
-            var request = new RestRequest(BaseUrlPath + path, method);
-            request.AddHeader("X-Api-Key", _apiKey);
-            return request;
+            return BuildRestRequest(BaseUrlPath + path, method);
         }
 
         internal RestRequest BuildPersonalizationRequest(string path, HttpMethod method)
         {
             return BuildRestRequest(BasePersonalizationUrlPath + path, method, "*");
         }
 
-        internal void SignRequest(RestRequest request)
-        {
-            // make signature
-            var queryString = "";
-            request.QueryParameters.ForEach((p) =>
-            {
-                queryString += (queryString.Length == 0) ? "?" : "&";
-                queryString += string.Format("{0}={1}", p.Key, Uri.EscapeDataString(p.Value.ToString()));
-            });
-            var toSign = string.Format("(request-target): {0} {1}", request.Method.ToString().ToLower(), request.Resource + queryString);
-
-            var signature = string.Format("keyId=\"{0}\",algorithm=\"hmac-sha256\",headers=\"(request-target)\",signature=\"{1}\"", this._apiKey, Sign256(toSign));
-            request.AddHeader("Authorization", "Signature " + signature);
-        }
-
         internal Task<RestResponse> MakeRequest(RestRequest request)
         {
             return _client.Execute(request);
@@ -245,26 +222,6 @@ private static string Base64UrlEncode(byte[] input)
                     .Trim('=');
         }
 
-        internal string Sign(string feedId)
-        {
-            Encoding encoding = new ASCIIEncoding();
-#if NETCORE
-            var hashedSecret = SHA1.Create().ComputeHash(encoding.GetBytes(_apiSecret));
-#else
-            var hashedSecret = (new SHA1Managed()).ComputeHash(encoding.GetBytes(_apiSecret));
-#endif
-
-            var hmac = new HMACSHA1(hashedSecret);
-            return Base64UrlEncode(hmac.ComputeHash(encoding.GetBytes(feedId)));
-        }
-
-        internal string Sign256(string feedId)
-        {
-            Encoding encoding = new ASCIIEncoding();
-            var hmac = new HMACSHA256(encoding.GetBytes(_apiSecret));
-            return Convert.ToBase64String(hmac.ComputeHash(encoding.GetBytes(feedId)));
-        }
-
         internal string JWToken(string feedId, string userID = null)
         {
             var payload = new Dictionary<string, string>()
@@ -300,12 +257,5 @@ internal string JWToken(object payload)
             }
             return string.Join(".", segments.ToArray());
         }
-
-        internal string SignTo(string to)
-        {
-            string[] bits = to.Split(':');
-            var otherFeed = this.Feed(bits[0], bits[1]);
-            return to + " " + otherFeed.Token;
-        }
     }
 }