acme-authorizer 0.1.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: 977529790f213295b6f3c79975b6513cd944ff46
+  data.tar.gz: c111c0e8486f8dab57bea8263b7c89272828abf1
+SHA512:
+  metadata.gz: 73af8b62cee96aa35a9fc0fc1332213822bd6ba058f872d2a376dd52b72c49547be4a3eb6d32dd9955307fdf9a3430ec77b2d753d46f009bc56fb0d66a058284
+  data.tar.gz: 2f142ca3a679b917f5a49c08b0ab62dde93d4595fe37cb063a4e908cbd6d4ee0b72c4fc0a6359f13b701360f4c3410a712a5aae63ad904be1649c4cbfdf46eed

data/MIT-LICENSE

@@ -0,0 +1,20 @@
+Copyright 2016 BetterUp, Inc.
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.md

@@ -0,0 +1,39 @@
+## Overview
+This gem is an implementation of the [ACME http-01
+challenge](https://tools.ietf.org/html/draft-ietf-acme-acme-01#page-38)
+for use in Rails applications.
+
+## Installation
+
+```ruby
+# Gemfile
+gem 'acme-authorizer'
+```
+
+NOTE: the ACME http-01 challenge/response *must* be served over HTTP without
+SSL.  This means that your Rails application can not have the `force_ssl` flag
+set in your `config/application.rb`.
+
+In order to enable application wide SSL, use this alternative method:
+http://guides.rubyonrails.org/action_controller_overview.html#force-https-protocol
+
+## Configuration
+
+By default, this library is configured via pairs of ENV variables with the same format used by [sabayon](https://github.com/dmathieu/sabayon):
+```
+/ACME_TOKEN_[0-9]+/
+/ACME_KEY_[0-9]+/
+```
+
+for example:
+```
+ACME_TOKEN_0=123123
+ACME_KEY_0=123123
+```
+
+The challenge and token can also be configured via Ruby API.
+```ruby
+Acme::Authorizer.configure do |config|
+  config.add_token('my_challenge_token', 'my_key_authorization')
+end
+```

data/Rakefile

@@ -0,0 +1,29 @@
+begin
+  require 'bundler/setup'
+rescue LoadError
+  puts 'You must `gem install bundler` and `bundle install` to run rake tasks'
+end
+
+require 'rdoc/task'
+
+RDoc::Task.new(:rdoc) do |rdoc|
+  rdoc.rdoc_dir = 'rdoc'
+  rdoc.title    = 'acme-authorizer'
+  rdoc.options << '--line-numbers'
+  rdoc.rdoc_files.include('README.rdoc')
+  rdoc.rdoc_files.include('lib/**/*.rb')
+end
+
+APP_RAKEFILE = File.expand_path("../spec/dummy/Rakefile", __FILE__)
+load 'rails/tasks/engine.rake'
+
+load 'rails/tasks/statistics.rake'
+
+Bundler::GemHelper.install_tasks
+
+begin
+  require 'rspec/core/rake_task'
+  RSpec::Core::RakeTask.new(:spec)
+rescue LoadError
+end
+task default: :spec

data/app/controllers/acme/authorizer/application_controller.rb

@@ -0,0 +1,7 @@
+module Acme
+  module Authorizer
+    class ApplicationController < ActionController::Base
+      protect_from_forgery with: :exception
+    end
+  end
+end

data/app/controllers/acme/authorizer/tokens_controller.rb

@@ -0,0 +1,20 @@
+module Acme
+  module Authorizer
+    class TokensController < ApplicationController
+      def show
+        token = params[:token]
+        if acme_authorizer_config.valid_token?(token)
+          render text: acme_authorizer_config.key_authorization_for_token(token)
+        else
+          render nothing: true, status: 404
+        end
+      end
+
+      private
+
+      def acme_authorizer_config
+        Acme::Authorizer.configuration
+      end
+    end
+  end
+end

data/config/routes.rb

@@ -0,0 +1,3 @@
+Rails.application.routes.draw do
+  get '/.well-known/acme-challenge/:token' => 'acme/authorizer/tokens#show', constraints: { protocol: 'http://' }
+end

data/lib/acme-authorizer.rb

@@ -0,0 +1,16 @@
+require 'acme/authorizer/engine' if defined?(Rails)
+require 'acme/authorizer/configuration'
+
+module Acme
+  module Authorizer
+    class << self
+      def configure
+        yield configuration
+      end
+
+      def configuration
+        @configuration ||= Acme::Authorizer::Configuration.new
+      end
+    end
+  end
+end

data/lib/acme/authorizer/configuration.rb

@@ -0,0 +1,36 @@
+module Acme
+  module Authorizer
+    class Configuration
+      def initialize
+        @tokens = {}
+        add_tokens_from_env
+      end
+
+      def add_token(token, key_authorization)
+        @tokens[token] = key_authorization
+      end
+
+      def valid_token?(token)
+        @tokens.key?(token)
+      end
+
+      def key_authorization_for_token(token)
+        @tokens[token]
+      end
+
+      private
+
+      # TODO: raise error if missing matching authorization for token index
+      def add_tokens_from_env
+        ENV.each do |key, value|
+          match = key.match(/\A^ACME_TOKEN_([0-9]+)\Z/)
+          next unless match
+          index = match[1]
+          token = value
+          key_authorization = ENV["ACME_KEY_#{index}"]
+          add_token(token, key_authorization)
+        end
+      end
+    end
+  end
+end

data/lib/acme/authorizer/engine.rb

@@ -0,0 +1,12 @@
+module Acme
+  module Authorizer
+    class Engine < ::Rails::Engine
+      InvalidConfigurationError = Class.new(StandardError)
+
+      isolate_namespace Acme::Authorizer
+      initializer 'acme-authorizer.config.force_ssl_assertion' do |app|
+        raise InvalidConfigurationError, 'force_ssl can not be enabled globally. see http://guides.rubyonrails.org/action_controller_overview.html#force-https-protocol' if app.config.force_ssl
+      end
+    end
+  end
+end

data/lib/acme/authorizer/version.rb

@@ -0,0 +1,5 @@
+module Acme
+  module Authorizer
+    VERSION = '0.1.0'
+  end
+end

metadata

@@ -0,0 +1,111 @@
+--- !ruby/object:Gem::Specification
+name: acme-authorizer
+version: !ruby/object:Gem::Version
+  version: 0.1.0
+platform: ruby
+authors:
+- BetterUp Developers
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2016-06-02 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: rails
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 4.2.6
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 4.2.6
+- !ruby/object:Gem::Dependency
+  name: sqlite3
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: rspec-rails
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: shoulda-matchers
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+description: Rails engine for generating SSL certificates using the ACME challenge
+  and response method
+email:
+- developers@betterup.co
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- MIT-LICENSE
+- README.md
+- Rakefile
+- app/controllers/acme/authorizer/application_controller.rb
+- app/controllers/acme/authorizer/tokens_controller.rb
+- config/routes.rb
+- lib/acme-authorizer.rb
+- lib/acme/authorizer/configuration.rb
+- lib/acme/authorizer/engine.rb
+- lib/acme/authorizer/version.rb
+homepage: http://github.com/betterup/acme-authorizer
+licenses:
+- MIT
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.6.4
+signing_key: 
+specification_version: 4
+summary: Rails engine for generating SSL certificates with ACME challenges
+test_files: []