artsy-rack-auth-admin-only 0.0.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (14) hide show
  1. checksums.yaml +7 -0
  2. data/.gitignore +12 -0
  3. data/.rspec +2 -0
  4. data/.travis.yml +5 -0
  5. data/Gemfile +6 -0
  6. data/README.md +43 -0
  7. data/Rakefile +6 -0
  8. data/artsy-rack-auth-admin-only.gemspec +28 -0
  9. data/bin/console +14 -0
  10. data/bin/setup +8 -0
  11. data/lib/artsy-rack-auth-admin-only.rb +1 -0
  12. data/lib/artsy_auth/gravity.rb +82 -0
  13. data/lib/artsy_auth/version.rb +5 -0
  14. metadata +129 -0
checksums.yaml ADDED
@@ -0,0 +1,7 @@
1
+ ---
2
+ SHA1:
3
+ metadata.gz: 5ec702cdb9b2288278b0bb5d63eb347fadbf1890
4
+ data.tar.gz: fe0c6e0e4c2543816d55297cdf66c0d134964928
5
+ SHA512:
6
+ metadata.gz: 2ec4af4c2c4b9d4db2940c20c5c1326fde72793455e6c6b07d1031a94ced49a31135ebcae167a38d182068fb01e34fee810d8a294b3687698df50924484a43de
7
+ data.tar.gz: a7753bf119dd6f976b285cf670eb3fe37f332fe5c2f1c97d862a1d5c8aa38a4cab8bf5afe40e8e52fb3c8a404865bf95718029db4a249ce9c979950541213afb
data/.gitignore ADDED
@@ -0,0 +1,12 @@
1
+ /.bundle/
2
+ /.yardoc
3
+ /Gemfile.lock
4
+ /_yardoc/
5
+ /coverage/
6
+ /doc/
7
+ /pkg/
8
+ /spec/reports/
9
+ /tmp/
10
+
11
+ # rspec failure tracking
12
+ .rspec_status
data/.rspec ADDED
@@ -0,0 +1,2 @@
1
+ --format documentation
2
+ --color
data/.travis.yml ADDED
@@ -0,0 +1,5 @@
1
+ sudo: false
2
+ language: ruby
3
+ rvm:
4
+ - 2.1.3
5
+ before_install: gem install bundler -v 1.15.3
data/Gemfile ADDED
@@ -0,0 +1,6 @@
1
+ source "https://rubygems.org"
2
+
3
+ git_source(:github) {|repo_name| "https://github.com/#{repo_name}" }
4
+
5
+ # Specify your gem's dependencies in artsy-rack-auth-admin-only.gemspec
6
+ gemspec
data/README.md ADDED
@@ -0,0 +1,43 @@
1
+ # ArtsyAuth::Gravity
2
+
3
+ A really simple authentication tool that uses the JWT to authenticate.
4
+
5
+ ### Meta
6
+
7
+ * __State:__ production
8
+ * __Point People:__ [@orta](https://github.com/orta), [@wrgoldstein](https://github.com/wrgoldstein)
9
+
10
+ ## Installation
11
+
12
+ Add this line to your application's Gemfile:
13
+
14
+ ```ruby
15
+ gem 'artsy-rack-auth-admin-only'
16
+ ```
17
+
18
+ And then execute:
19
+
20
+ $ bundle
21
+
22
+ ## Usage
23
+
24
+ In your rack project, add the following ENV vars:
25
+
26
+ ```sh
27
+ GRAVITY_URL = # A gravity API instance like https://api.artsy.net/
28
+ APPLICATION_ID = # Your ClientApplication's ID
29
+ APPLICATION_SECRET = # Your ClientApplication's secret
30
+ APPLICATION_INTERNAL_SECRET = # Your ClientApplication's internal secret, you can get this via gravity console
31
+ HOST = # Your site's public URL
32
+ ```
33
+
34
+ Then inside the file where you're configuring your app, add:
35
+
36
+ ```ruby
37
+ require "artsy-rack-auth-admin-only"
38
+ use ArtsyAuth::Gravity
39
+ ```
40
+
41
+ ## Contributing
42
+
43
+ Bug reports and pull requests are welcome on GitHub at https://github.com/artsy/artsy-rack-auth-admin-only.
data/Rakefile ADDED
@@ -0,0 +1,6 @@
1
+ require "bundler/gem_tasks"
2
+ require "rspec/core/rake_task"
3
+
4
+ RSpec::Core::RakeTask.new(:spec)
5
+
6
+ task :default => :spec
data/artsy-rack-auth-admin-only.gemspec ADDED
@@ -0,0 +1,28 @@
1
+ # coding: utf-8
2
+
3
+ lib = File.expand_path('../lib', __FILE__)
4
+ $LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
5
+ require 'artsy_auth/version'
6
+
7
+ Gem::Specification.new do |spec|
8
+ spec.name = 'artsy-rack-auth-admin-only'
9
+ spec.version = ArtsyAuth::VERSION
10
+ spec.authors = ['Orta Therox', 'Will Goldstein']
11
+ spec.email = ['orta.therox@gmail.com', 'williamrgoldstein@gmail.com']
12
+
13
+ spec.summary = 'A simple gem for adding Rack based admin-only Oauth-credentials to Artsy apps.'
14
+ spec.description = 'A simple gem for adding Rack based admin-only Oauth-credentials to Artsy apps.'
15
+ spec.homepage = 'https://github.com/artsy/artsy-rack-auth-admin-only'
16
+
17
+ spec.files = `git ls-files -z`.split("\x0").reject do |f|
18
+ f.match(%r{^(test|spec|features)/})
19
+ end
20
+ spec.require_paths = ['lib']
21
+
22
+ spec.add_runtime_dependency 'rack'
23
+ spec.add_runtime_dependency 'jwt'
24
+
25
+ spec.add_development_dependency 'bundler', '~> 1.15'
26
+ spec.add_development_dependency 'rake', '~> 10.0'
27
+ spec.add_development_dependency 'rspec', '~> 3.0'
28
+ end
data/bin/console ADDED
@@ -0,0 +1,14 @@
1
+ #!/usr/bin/env ruby
2
+
3
+ require "bundler/setup"
4
+ require "artsy/rack/auth/admin/only"
5
+
6
+ # You can add fixtures and/or initialization code here to make experimenting
7
+ # with your gem easier. You can also use a different console, if you like.
8
+
9
+ # (If you use this, don't forget to add pry to your Gemfile!)
10
+ # require "pry"
11
+ # Pry.start
12
+
13
+ require "irb"
14
+ IRB.start(__FILE__)
data/bin/setup ADDED
@@ -0,0 +1,8 @@
1
+ #!/usr/bin/env bash
2
+ set -euo pipefail
3
+ IFS=$'\n\t'
4
+ set -vx
5
+
6
+ bundle install
7
+
8
+ # Do any other automated setup that you need to do here
data/lib/artsy-rack-auth-admin-only.rb ADDED
@@ -0,0 +1 @@
1
+ require 'artsy_auth/gravity'
data/lib/artsy_auth/gravity.rb ADDED
@@ -0,0 +1,82 @@
1
+ require 'json'
2
+ require 'open-uri'
3
+
4
+ require 'jwt'
5
+ require 'rack/auth/abstract/handler'
6
+ require 'rack/auth/abstract/request'
7
+
8
+ GRAVITY_URL = ENV['GRAVITY_URL']
9
+ APPLICATION_ID = ENV['APPLICATION_ID']
10
+ APPLICATION_SECRET = ENV['APPLICATION_SECRET']
11
+ APPLICATION_INTERNAL_SECRET = ENV['APPLICATION_INTERNAL_SECRET']
12
+
13
+ REDIRECT_URL = "#{ENV['HOST']}/auth".freeze
14
+ OAUTH_REDIRECT = "#{GRAVITY_URL}/oauth2/authorize?client_id=#{APPLICATION_ID}&redirect_uri=#{REDIRECT_URL}&response_type=code".freeze
15
+
16
+ COOKIE_EXP = Time.now + 7 * 24 * 60 * 60
17
+
18
+ # Gravity auth code
19
+ module ArtsyAuth
20
+ # Generates a URL for the gravity oauth access code which the server gets
21
+ # given after a user successfullly logs in.
22
+ def oauth_url(code)
23
+ query = [
24
+ "client_id=#{APPLICATION_ID}",
25
+ "client_secret=#{APPLICATION_SECRET}",
26
+ "redirect_uri=#{REDIRECT_URL}",
27
+ "code=#{code}",
28
+ 'grant_type=authorization_code'
29
+ ]
30
+ "#{GRAVITY_URL}/oauth2/access_token?#{query.join('&')}"
31
+ end
32
+
33
+ # An authentication library that uses the JWT and Artsy Oauth
34
+ # to verify whether someone using a site is an admin.
35
+ #
36
+ class Gravity < Rack::Auth::AbstractHandler
37
+ def call(env)
38
+ return authorize(env) if env['REQUEST_PATH'] == '/auth'
39
+ return @app.call(env) if valid?(env)
40
+ unauthorized
41
+ end
42
+
43
+ private
44
+
45
+ def valid?(env)
46
+ cookies = Rack::Utils.parse_cookies_header(env['HTTP_COOKIE'])
47
+ valid_access_token?(cookies['access_token'])
48
+ end
49
+
50
+ def valid_access_token?(access_token)
51
+ return false if access_token.nil?
52
+ jwt, = JWT.decode(access_token, APPLICATION_INTERNAL_SECRET)
53
+ jwt['roles'].split(',').include? 'admin'
54
+ end
55
+
56
+ def authorize(env)
57
+ query = Rack::Utils.parse_nested_query(env['QUERY_STRING'])
58
+ code = query['code']
59
+ url = oauth_url(code)
60
+ response = open(url).read
61
+ json = JSON.parse(response)
62
+ return authorized(json) if valid_access_token?(json['access_token'])
63
+ unauthorized
64
+ end
65
+
66
+ def authorized(json)
67
+ response = Rack::Response.new
68
+ response.set_cookie('access_token',
69
+ value: json['access_token'],
70
+ path: '/',
71
+ expires: COOKIE_EXP)
72
+ response.redirect '/', 307
73
+ response.finish
74
+ end
75
+
76
+ def unauthorized
77
+ response = Rack::Response.new
78
+ response.redirect OAUTH_REDIRECT, 307
79
+ response.finish
80
+ end
81
+ end
82
+ end
data/lib/artsy_auth/version.rb ADDED
@@ -0,0 +1,5 @@
1
+ # -*- coding: utf-8 -*- #
2
+
3
+ module ArtsyAuth
4
+ VERSION = '0.0.1'.freeze
5
+ end
metadata ADDED
@@ -0,0 +1,129 @@
1
+ --- !ruby/object:Gem::Specification
2
+ name: artsy-rack-auth-admin-only
3
+ version: !ruby/object:Gem::Version
4
+ version: 0.0.1
5
+ platform: ruby
6
+ authors:
7
+ - Orta Therox
8
+ - Will Goldstein
9
+ autorequire:
10
+ bindir: bin
11
+ cert_chain: []
12
+ date: 2017-08-15 00:00:00.000000000 Z
13
+ dependencies:
14
+ - !ruby/object:Gem::Dependency
15
+ name: rack
16
+ requirement: !ruby/object:Gem::Requirement
17
+ requirements:
18
+ - - ">="
19
+ - !ruby/object:Gem::Version
20
+ version: '0'
21
+ type: :runtime
22
+ prerelease: false
23
+ version_requirements: !ruby/object:Gem::Requirement
24
+ requirements:
25
+ - - ">="
26
+ - !ruby/object:Gem::Version
27
+ version: '0'
28
+ - !ruby/object:Gem::Dependency
29
+ name: jwt
30
+ requirement: !ruby/object:Gem::Requirement
31
+ requirements:
32
+ - - ">="
33
+ - !ruby/object:Gem::Version
34
+ version: '0'
35
+ type: :runtime
36
+ prerelease: false
37
+ version_requirements: !ruby/object:Gem::Requirement
38
+ requirements:
39
+ - - ">="
40
+ - !ruby/object:Gem::Version
41
+ version: '0'
42
+ - !ruby/object:Gem::Dependency
43
+ name: bundler
44
+ requirement: !ruby/object:Gem::Requirement
45
+ requirements:
46
+ - - "~>"
47
+ - !ruby/object:Gem::Version
48
+ version: '1.15'
49
+ type: :development
50
+ prerelease: false
51
+ version_requirements: !ruby/object:Gem::Requirement
52
+ requirements:
53
+ - - "~>"
54
+ - !ruby/object:Gem::Version
55
+ version: '1.15'
56
+ - !ruby/object:Gem::Dependency
57
+ name: rake
58
+ requirement: !ruby/object:Gem::Requirement
59
+ requirements:
60
+ - - "~>"
61
+ - !ruby/object:Gem::Version
62
+ version: '10.0'
63
+ type: :development
64
+ prerelease: false
65
+ version_requirements: !ruby/object:Gem::Requirement
66
+ requirements:
67
+ - - "~>"
68
+ - !ruby/object:Gem::Version
69
+ version: '10.0'
70
+ - !ruby/object:Gem::Dependency
71
+ name: rspec
72
+ requirement: !ruby/object:Gem::Requirement
73
+ requirements:
74
+ - - "~>"
75
+ - !ruby/object:Gem::Version
76
+ version: '3.0'
77
+ type: :development
78
+ prerelease: false
79
+ version_requirements: !ruby/object:Gem::Requirement
80
+ requirements:
81
+ - - "~>"
82
+ - !ruby/object:Gem::Version
83
+ version: '3.0'
84
+ description: A simple gem for adding Rack based admin-only Oauth-credentials to Artsy
85
+ apps.
86
+ email:
87
+ - orta.therox@gmail.com
88
+ - williamrgoldstein@gmail.com
89
+ executables: []
90
+ extensions: []
91
+ extra_rdoc_files: []
92
+ files:
93
+ - ".gitignore"
94
+ - ".rspec"
95
+ - ".travis.yml"
96
+ - Gemfile
97
+ - README.md
98
+ - Rakefile
99
+ - artsy-rack-auth-admin-only.gemspec
100
+ - bin/console
101
+ - bin/setup
102
+ - lib/artsy-rack-auth-admin-only.rb
103
+ - lib/artsy_auth/gravity.rb
104
+ - lib/artsy_auth/version.rb
105
+ homepage: https://github.com/artsy/artsy-rack-auth-admin-only
106
+ licenses: []
107
+ metadata: {}
108
+ post_install_message:
109
+ rdoc_options: []
110
+ require_paths:
111
+ - lib
112
+ required_ruby_version: !ruby/object:Gem::Requirement
113
+ requirements:
114
+ - - ">="
115
+ - !ruby/object:Gem::Version
116
+ version: '0'
117
+ required_rubygems_version: !ruby/object:Gem::Requirement
118
+ requirements:
119
+ - - ">="
120
+ - !ruby/object:Gem::Version
121
+ version: '0'
122
+ requirements: []
123
+ rubyforge_project:
124
+ rubygems_version: 2.2.2
125
+ signing_key:
126
+ specification_version: 4
127
+ summary: A simple gem for adding Rack based admin-only Oauth-credentials to Artsy
128
+ apps.
129
+ test_files: []