active-access 0.5.2 → 0.6.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.rubocop.yml +4 -0
- data/Gemfile.lock +1 -1
- data/lib/active-access/middleware.rb +12 -1
- data/lib/active-access/utility/config.rb +24 -12
- data/lib/active-access/version.rb +1 -1
- metadata +1 -1
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 752724276a2f33e14a2f16d012edb57288e71ad8d451ff00db106d71fe151b3f
|
4
|
+
data.tar.gz: a5ce3f6831dfa59933e886a2aede8e1117e54af676728d2ac0e9bec5d9f3dab3
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: c219009620244d24db334cfb802ad46591a4d3874ce918fc9026c5fa376a93a140bbc7df3d01c06c6c649841eb73ad2780c2010a735e01cf0b74b910bf4351ea
|
7
|
+
data.tar.gz: 6aee1b4116e571f5957e338de020e4aee181e0655f751e05ef20afbea226c8809926298daca7be77045c578d4beb561ade70f87e32d5f8de4f4a06d89d0a2b0b
|
data/.rubocop.yml
CHANGED
data/Gemfile.lock
CHANGED
@@ -31,6 +31,7 @@ module ActiveAccess
|
|
31
31
|
def allow?(rack_request)
|
32
32
|
request = Rack::Request.new(rack_request)
|
33
33
|
return true unless protected_domain?(request)
|
34
|
+
return true if whitelisted_path?(request)
|
34
35
|
|
35
36
|
if request.ip.present?
|
36
37
|
ip_address = IPAddr.new(request.ip.split("%").first)
|
@@ -40,7 +41,13 @@ module ActiveAccess
|
|
40
41
|
|
41
42
|
def protected_domain?(request)
|
42
43
|
return false if config.protected_domains.blank?
|
43
|
-
config.protected_domains[request.host]
|
44
|
+
config.protected_domains[config.strip_url(request.host)]
|
45
|
+
end
|
46
|
+
|
47
|
+
def whitelisted_path?(request)
|
48
|
+
return false if config.whitelisted_urls.blank?
|
49
|
+
request_method = whitelisted_request_method(request)
|
50
|
+
request_method && (request_method == "ANY" || request_method.upcase == request.request_method)
|
44
51
|
end
|
45
52
|
|
46
53
|
# A place to fetch a cached / a list of IP's
|
@@ -55,6 +62,10 @@ module ActiveAccess
|
|
55
62
|
end
|
56
63
|
end
|
57
64
|
|
65
|
+
def whitelisted_request_method(request)
|
66
|
+
config.whitelisted_urls[request.path] || config.whitelisted_urls[config.strip_url(request.url)]
|
67
|
+
end
|
68
|
+
|
58
69
|
def config
|
59
70
|
ActiveAccess.config
|
60
71
|
end
|
@@ -8,17 +8,16 @@ module ActiveAccess
|
|
8
8
|
def initialize(*)
|
9
9
|
super
|
10
10
|
|
11
|
-
|
12
|
-
|
13
|
-
|
14
|
-
|
15
|
-
|
16
|
-
|
17
|
-
|
18
|
-
|
19
|
-
self.
|
20
|
-
self.
|
21
|
-
self.message = "Resource Not Found" if message.nil?
|
11
|
+
domains = protected_domains
|
12
|
+
good_urls = whitelisted_urls
|
13
|
+
self["protected_domains"] = {}
|
14
|
+
self["whitelisted_urls"] = {}
|
15
|
+
|
16
|
+
self.whitelisted_urls = good_urls
|
17
|
+
self.protected_domains = domains
|
18
|
+
self.allowed_ips = allowed_ips
|
19
|
+
self.enabled = true if enabled.nil?
|
20
|
+
self.message = "Resource Not Found" if message.nil?
|
22
21
|
end
|
23
22
|
|
24
23
|
def allowed_ips=(ip_addresses)
|
@@ -27,7 +26,20 @@ module ActiveAccess
|
|
27
26
|
|
28
27
|
def protected_domains=(domains)
|
29
28
|
return if domains.blank?
|
30
|
-
split_or_ship(domains).each { |domain| self["protected_domains"][domain
|
29
|
+
split_or_ship(domains).each { |domain| self["protected_domains"][strip_url(domain)] = true }
|
30
|
+
end
|
31
|
+
|
32
|
+
def whitelisted_urls=(url_sets)
|
33
|
+
return if url_sets.blank?
|
34
|
+
split_or_ship(url_sets).each do |url_set|
|
35
|
+
url, request_method = url_set
|
36
|
+
next if url.blank?
|
37
|
+
self["whitelisted_urls"][strip_url(url)] = request_method.nil? ? "GET" : request_method.to_s.upcase
|
38
|
+
end
|
39
|
+
end
|
40
|
+
|
41
|
+
def strip_url(url)
|
42
|
+
url.to_s.sub(%r{^https?\:\/\/(www.)?}, "")
|
31
43
|
end
|
32
44
|
|
33
45
|
private
|