active-access 0.5.2 → 0.6.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (7) hide show
  1. checksums.yaml +4 -4
  2. data/.rubocop.yml +4 -0
  3. data/Gemfile.lock +1 -1
  4. data/lib/active-access/middleware.rb +12 -1
  5. data/lib/active-access/utility/config.rb +24 -12
  6. data/lib/active-access/version.rb +1 -1
  7. metadata +1 -1
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 7076d0331ab9ea3ab40dbe6c552bb70f2250d6b0595ccf2bdf522777393cd9a5
4
- data.tar.gz: 4be4155fa5aa815aea27aea98af0cb46ce9ef2f37bc3380d51db0fa94291c6b5
3
+ metadata.gz: 752724276a2f33e14a2f16d012edb57288e71ad8d451ff00db106d71fe151b3f
4
+ data.tar.gz: a5ce3f6831dfa59933e886a2aede8e1117e54af676728d2ac0e9bec5d9f3dab3
5
5
  SHA512:
6
- metadata.gz: 06ed95fbdcc880a71dc46ac6267e351f25d0e19996d827d51e5d5faf578f703f7dc7dbfa906dd7d4a151b9b95e1f7a89c482dd0e741851540453bdb0dde4b324
7
- data.tar.gz: 4685f3961201a16c7448afa5a1acb40bd0dbb5d2addb897843860803649ef9b0c319ec56fc600e93a94dff640a9e81ca75d061b2b78fb226c1a2d5c7ab359665
6
+ metadata.gz: c219009620244d24db334cfb802ad46591a4d3874ce918fc9026c5fa376a93a140bbc7df3d01c06c6c649841eb73ad2780c2010a735e01cf0b74b910bf4351ea
7
+ data.tar.gz: 6aee1b4116e571f5957e338de020e4aee181e0655f751e05ef20afbea226c8809926298daca7be77045c578d4beb561ade70f87e32d5f8de4f4a06d89d0a2b0b
data/.rubocop.yml CHANGED
@@ -37,6 +37,10 @@ StringLiterals:
37
37
  #################
38
38
  # Disabled cops #
39
39
  #################
40
+ Metrics/AbcSize:
41
+ Exclude:
42
+ - spec/**/*
43
+
40
44
  Metrics/ClassLength:
41
45
  Enabled: false
42
46
 
data/Gemfile.lock CHANGED
@@ -1,7 +1,7 @@
1
1
  PATH
2
2
  remote: .
3
3
  specs:
4
- active-access (0.5.2)
4
+ active-access (0.6.0)
5
5
  activesupport (>= 4.2)
6
6
  rack (>= 1.0)
7
7
 
data/lib/active-access/middleware.rb CHANGED
@@ -31,6 +31,7 @@ module ActiveAccess
31
31
  def allow?(rack_request)
32
32
  request = Rack::Request.new(rack_request)
33
33
  return true unless protected_domain?(request)
34
+ return true if whitelisted_path?(request)
34
35
 
35
36
  if request.ip.present?
36
37
  ip_address = IPAddr.new(request.ip.split("%").first)
@@ -40,7 +41,13 @@ module ActiveAccess
40
41
 
41
42
  def protected_domain?(request)
42
43
  return false if config.protected_domains.blank?
43
- config.protected_domains[request.host].presence
44
+ config.protected_domains[config.strip_url(request.host)]
45
+ end
46
+
47
+ def whitelisted_path?(request)
48
+ return false if config.whitelisted_urls.blank?
49
+ request_method = whitelisted_request_method(request)
50
+ request_method && (request_method == "ANY" || request_method.upcase == request.request_method)
44
51
  end
45
52
 
46
53
  # A place to fetch a cached / a list of IP's
@@ -55,6 +62,10 @@ module ActiveAccess
55
62
  end
56
63
  end
57
64
 
65
+ def whitelisted_request_method(request)
66
+ config.whitelisted_urls[request.path] || config.whitelisted_urls[config.strip_url(request.url)]
67
+ end
68
+
58
69
  def config
59
70
  ActiveAccess.config
60
71
  end
data/lib/active-access/utility/config.rb CHANGED
@@ -8,17 +8,16 @@ module ActiveAccess
8
8
  def initialize(*)
9
9
  super
10
10
 
11
- if protected_domains.nil?
12
- self["protected_domains"] = {}
13
- elsif protected_domains.is_a?(Array)
14
- domains = protected_domains
15
- self["protected_domains"] = {}
16
- self.protected_domains = domains
17
- end
18
-
19
- self.allowed_ips = allowed_ips
20
- self.enabled = true if enabled.nil?
21
- self.message = "Resource Not Found" if message.nil?
11
+ domains = protected_domains
12
+ good_urls = whitelisted_urls
13
+ self["protected_domains"] = {}
14
+ self["whitelisted_urls"] = {}
15
+
16
+ self.whitelisted_urls = good_urls
17
+ self.protected_domains = domains
18
+ self.allowed_ips = allowed_ips
19
+ self.enabled = true if enabled.nil?
20
+ self.message = "Resource Not Found" if message.nil?
22
21
  end
23
22
 
24
23
  def allowed_ips=(ip_addresses)
@@ -27,7 +26,20 @@ module ActiveAccess
27
26
 
28
27
  def protected_domains=(domains)
29
28
  return if domains.blank?
30
- split_or_ship(domains).each { |domain| self["protected_domains"][domain.to_s] = true }
29
+ split_or_ship(domains).each { |domain| self["protected_domains"][strip_url(domain)] = true }
30
+ end
31
+
32
+ def whitelisted_urls=(url_sets)
33
+ return if url_sets.blank?
34
+ split_or_ship(url_sets).each do |url_set|
35
+ url, request_method = url_set
36
+ next if url.blank?
37
+ self["whitelisted_urls"][strip_url(url)] = request_method.nil? ? "GET" : request_method.to_s.upcase
38
+ end
39
+ end
40
+
41
+ def strip_url(url)
42
+ url.to_s.sub(%r{^https?\:\/\/(www.)?}, "")
31
43
  end
32
44
 
33
45
  private
data/lib/active-access/version.rb CHANGED
@@ -1,5 +1,5 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  module ActiveAccess
4
- VERSION = "0.5.2"
4
+ VERSION = "0.6.0"
5
5
  end
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: active-access
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.5.2
4
+ version: 0.6.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - George J. Protacio-Karaszi