RubyGems - aikido-zen - Versions diffs - 1.0.3-arm64-linux → 1.0.5-arm64-linux - Mend

aikido-zen 1.0.3-arm64-linux → 1.0.5-arm64-linux

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (6) hide show

checksums.yaml +4 -4
data/docs/config.md +9 -0
data/lib/aikido/zen/config.rb +7 -0
data/lib/aikido/zen/rails_engine.rb +26 -10
data/lib/aikido/zen/version.rb +1 -1
metadata +2 -2

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: cb6fafe1d5857eac161a3dee53455b0b8a395f9965a1124026cec7d9c49d3c6b
-  data.tar.gz: 3c9f8c6345771fa56c59b639ce9e7b30eac7c414b91949604462b667b24a563f
+  metadata.gz: 42aa0c53c7c2db9edc33a04776dcf93773c7bf35eb3a0fd523a344b1cd208dc4
+  data.tar.gz: 380811891ab3396f024ccad2def27c32438a4b89ec9be80430c3d2a58519b446
 SHA512:
-  metadata.gz: ba9563a9e876acf53ae91eea1db3d85895bcfe7a927026b1e321f711f1cc7662c54e2269443d73ce2b5755eda7d952d3c03fbcaaf12d6a07761670b35298abbb
-  data.tar.gz: 4237d1c64fdaddc3953ff75b38d6ffbf2f37a12ef88fd422361901367ab9c610832783a998b813584cb4155ba9140904c8d29eb9fce3545895aca9ae052ac31c
+  metadata.gz: 91d7e278c99c31c9bac45bf44bf491a22c890b32f03fff1bfda6cbdc7ab13c2c5bf803389db1c16d10371b286d3c94d542a60ba73a3034a0a9448c97510a2269
+  data.tar.gz: 5eca54161486245ec81db830e971deaafd508b0de2da2266ce0f5d138f2c6fb9c03dc41bdf9507db7dddf0edfd4f35e06b66dea4dd342c296a80552ede81692f

data/docs/config.md CHANGED Viewed

@@ -5,6 +5,15 @@ changing values on the `Aikido::Zen.config` object, which you can do from
 your app's startup file (like an initializer in Rails, or `config.ru` in
 other Rack-based apps).
+## Middleware insertion
+By default, the Zen middleware is inserted after `ActionDispatch::Executor`.
+You can change this by setting `Aikido::Zen.config.insert_middleware_after`
+to a Rack middleware class or index.
+When set to `nil`, the middleware is inserted before the first middleware in
+the then-current middleware stack.
 ## Disable Zen
 In order to fully turn off Zen and prevent it from intercepting any requests or

data/lib/aikido/zen/config.rb CHANGED Viewed

@@ -8,6 +8,12 @@ require_relative "context"
 module Aikido::Zen
   class Config
+    # @return [Class, Integer, nil] The Rack middleware class or index after which
+    #   the Zen middleware should be inserted. When set to nil, the middleware is
+    #   inserted before the first middleware in the then-current middleware stack.
+    #   Defaults to ::ActionDispatch::Executor.
+    attr_accessor :insert_middleware_after
     # @return [Boolean] whether Aikido should be turned completely off (no
     #   intercepting calls to protect the app, no agent process running, no
     #   middleware installed). Defaults to false (so, enabled). Can be set
@@ -178,6 +184,7 @@ module Aikido::Zen
     attr_accessor :attack_wave_max_cache_entries
     def initialize
+      self.insert_middleware_after = ::ActionDispatch::Executor
       self.disabled = read_boolean_from_env(ENV.fetch("AIKIDO_DISABLE", false)) || read_boolean_from_env(ENV.fetch("AIKIDO_DISABLED", false))
       self.blocking_mode = read_boolean_from_env(ENV.fetch("AIKIDO_BLOCK", false))
       self.api_timeouts = 10

data/lib/aikido/zen/rails_engine.rb CHANGED Viewed

@@ -9,16 +9,32 @@ module Aikido::Zen
       config.zen = Aikido::Zen.config
     end
-    initializer "aikido.add_middleware" do |app|
-      app.middleware.insert_before 0, Aikido::Zen::Middleware::ForkDetector
-      app.middleware.use Aikido::Zen::Middleware::ContextSetter
-      app.middleware.use Aikido::Zen::Middleware::AllowedAddressChecker
-      app.middleware.use Aikido::Zen::Middleware::AttackProtector
-      app.middleware.use Aikido::Zen::Middleware::AttackWaveProtector
-      # Request Tracker stats do not consider failed request or 40x, so the middleware
-      # must be the last one wrapping the request.
-      app.middleware.use Aikido::Zen::Middleware::RequestTracker
+    initializer "aikido.add_middleware", after: :load_config_initializers do |app|
+      # The Zen middleware is inserted in order as a block after the configured
+      # middleware anchor point.
+      middleware_block = [
+        Aikido::Zen::Middleware::ForkDetector,
+        Aikido::Zen::Middleware::ContextSetter,
+        Aikido::Zen::Middleware::AllowedAddressChecker,
+        Aikido::Zen::Middleware::AttackProtector,
+        Aikido::Zen::Middleware::AttackWaveProtector,
+        # Request Tracker stats do not consider failed requests, so the middleware
+        # must be the last one wrapping the request.
+        Aikido::Zen::Middleware::RequestTracker
+      ]
+      middleware_anchor = Aikido::Zen.config.insert_middleware_after
+      if middleware_anchor.nil?
+        app.middleware.insert_before 0, middleware_block.first
+      else
+        app.middleware.insert_after middleware_anchor, middleware_block.first
+      end
+      middleware_block.each_cons(2) do |existing_middleware, middleware|
+        app.middleware.insert_after(existing_middleware, middleware)
+      end
       ActiveSupport.on_load(:action_controller) do
         # Due to how Rails sets up its middleware chain, the routing is evaluated

data/lib/aikido/zen/version.rb CHANGED Viewed

@@ -2,7 +2,7 @@
 module Aikido
   module Zen
-    VERSION = "1.0.3"
+    VERSION = "1.0.5"
     # The version of libzen_internals that we build against.
     LIBZEN_VERSION = "0.1.48"

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: aikido-zen
 version: !ruby/object:Gem::Version
-  version: 1.0.3
+  version: 1.0.5
 platform: arm64-linux
 authors:
 - Aikido Security
 autorequire:
 bindir: exe
 cert_chain: []
-date: 2025-12-16 00:00:00.000000000 Z
+date: 2025-12-23 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: concurrent-ruby