aserto 0.0.1 → 0.0.2

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 16cd06af827e4a2522cefc9d6d699d4e7d027ca6780a7d70560e2b6bf1abca24
-  data.tar.gz: 0e23e7ccdb687e005b57f80b446dfce4dce244df30c5c7411b4634aa1c2f0e45
+  metadata.gz: 265e22aba2a89ca1da3792a7648725d785686d045cc9740eae205f4c89992c76
+  data.tar.gz: e5425ba2adb3b23f341757d9cb7babeaebf9773c5bba7e40aa506143f4506a63
 SHA512:
-  metadata.gz: 460cd9aa2f3380aff50a1ca15ebb6f052c8de0f34a98ba8fc84a7bc21c740cc1ab51ee954976010fb27a2d757ca42ef4d3853b544c4447282bedbca4405ae910
-  data.tar.gz: 0c339a31a7c92c0ace5139f0cd7081f06e9ea77ad5afc43d21e62d758ad36187ebbad4d0901207b6b03ed09982a99b93f0535b3bd779fb79b93f1d1f0004f8c0
+  metadata.gz: 0cbe00e79be969233b42f548b260a763dbb06ec5d10180bdbafe5346f25c26929f3e1d16dc5a27e44e03ffea9feee1575eac05324a955b39a1876781b81856da
+  data.tar.gz: f688ba5bfc91bb5dd4d1d8a19096e4aa1e5b78a51d00d384cd288d2638b04e9eafc72d624983f06c5d2acde48ba3228ec4a8a018e57459e21876d5a5a220fd5d

data/README.md

@@ -1,5 +1,10 @@
 # Ruby Rack Middleware for Aserto
 
+[![Gem Version](https://badge.fury.io/rb/aserto.svg)](https://badge.fury.io/rb/aserto)
+[![ci](https://github.com/aserto-dev/aserto-ruby/actions/workflows/ci.yaml/badge.svg)](https://github.com/aserto-dev/aserto-ruby/actions/workflows/ci.yaml)
+[![slack](https://img.shields.io/badge/slack-Aserto%20Community-brightgreen)](https://asertocommunity.slack.com
+)
+
 `Aserto::Authorization` is a middleware that allows Ruby applications to use Aserto as the Authorization provider.
 
 ## Prerequisites
@@ -39,14 +44,14 @@ The middleware accepts the following optional parameters:
 | service_url | `"authorizer.prod.aserto.com:8443"` | Sets the URL for the authorizer endpoint. |
 | decision | `"allowed"` | The decision that will be used by the middleware when creating an authorizer request. |
 | logger | `STDOUT` | The logger to be used by the middleware. |
-| identity_mapping | `{ type: :none }` | The strategy for retrieveing the identity, possible values: `:jwt, :sub, :none` |
+| identity_mapping | `{ type: :none }` | The strategy for retrieving the identity, possible values: `:jwt, :sub, :none` |
 | disabled_for | `[{}]` | Which path and actions to skip the authorization for. |
 | on_unauthorized | `-> { return [403, {}, ["Forbidden"]] }`| A lambda that is executed when the authorization fails. |
 
 ## Identity
 To determine the identity of the user, the middleware can be configured to use a JWT token or a claim using the `identity_mapping` config.
 ```ruby
-# configure the middleware to use a JWT token form the `my-auth-header` header.
+# configure the middleware to use a JWT token from the `my-auth-header` header.
 config.identity_mapping = {
   type: :jwt,
   from: "my-auth-header",
@@ -54,7 +59,7 @@ config.identity_mapping = {
 ```
 ```ruby
 # configure the middleware to use a claim from the JWT token.
-# This will decode the JWT token and extract the `sub` field from payload.
+# This will decode the JWT token and extract the `sub` field from the payload.
 config.identity_mapping = {
   type: :sub,
   from: :sub,
@@ -81,7 +86,7 @@ By default, when computing the policy path, the middleware:
 * converts any character that is not alpha, digit, dot or underscore to underscore
 * converts uppercase characters in the URL path to lowercases
 
-This behavior can be overwritten by providing a custom function:
+This behaviour can be overwritten by providing a custom function:
 
 ```ruby
 # config/initializers/aserto.rb
@@ -96,9 +101,9 @@ end
 ```
 
 ## Resource
-A resource can be any structured data that the authorization policy uses to evaluate decisions. By default, middleware do not include a resource in authorization calls.
+A resource can be any structured data that the authorization policy uses to evaluate decisions. By default, middleware does not include a resource in authorization calls.
 
-This behavior can be overwritten by providing a custom function:
+This behaviour can be overwritten by providing a custom function:
 
 ```ruby
 # config/initializers/aserto.rb

data/VERSION

@@ -1 +1 @@
-0.0.1
+0.0.2

data/lib/aserto/auth_client.rb

@@ -2,6 +2,10 @@
 
 require "aserto-grpc-authz"
 
+require_relative "identity_mapper"
+require_relative "policy_path_mapper"
+require_relative "resource_mapper"
+
 module Aserto
   class AuthClient
     attr_reader :client, :config, :request

data/lib/aserto/authorization.rb

@@ -32,11 +32,11 @@ module Aserto
 
     def route(request)
       if defined? ::Rails
-        require "aserto/rails/utils"
+        require_relative "rails/utils"
 
         Aserto::Rails::Utils.route(request)
       elsif defined? ::Sinatra
-        require "aserto/sinatra/utils"
+        require_relative "sinatra/utils"
         Aserto::Sinatra::Utils.route(request)
       end
     end

data/lib/aserto/errors.rb

@@ -0,0 +1,30 @@
+# frozen_string_literal: true
+
+module Aserto
+  class Error < StandardError; end
+
+  class AccessDenied < Error
+    attr_reader :action, :conditions
+    attr_writer :default_message
+
+    def initialize(message = nil, action = nil, conditions = nil)
+      @message = message
+      @action = action
+      @conditions = conditions
+      @default_message = I18n.t(:"unauthorized.default", default: "You are not authorized to access this page.")
+      super()
+    end
+
+    def to_s
+      @message || @default_message
+    end
+
+    def inspect
+      details = %i[action conditions message].filter_map do |attribute|
+        value = instance_variable_get "@#{attribute}"
+        "#{attribute}: #{value.inspect}" if value.present?
+      end.join(", ")
+      "#<#{self.class.name} #{details}>"
+    end
+  end
+end

data/lib/aserto/policy_path_mapper.rb

@@ -8,14 +8,14 @@ module Aserto
         path = request.path_info
 
         if defined? ::Rails
-          require "aserto/rails/utils"
+          require_relative "rails/utils"
 
           route = Aserto::Rails::Utils.route(request)
           path = route[:path] if route
         end
 
         if defined? ::Sinatra
-          require "aserto/sinatra/utils"
+          require_relative "sinatra/utils"
 
           route = Aserto::Sinatra::Utils.route(request)
           path = route[:path] if route

data/lib/aserto.rb

@@ -10,6 +10,7 @@ require_relative "aserto/policy_path_mapper"
 require_relative "aserto/identity_mapper"
 require_relative "aserto/resource_mapper"
 require_relative "aserto/auth_client"
+require_relative "aserto/errors"
 
 module Aserto
   class << self
@@ -61,7 +62,7 @@ module Aserto
     # Aserto.with_identity_mapper do |request|
     #   {
     #     sub: "test",
-    #     type: Aserto::Api::V1::IdentityType::IDENTITY_TYPE_NONE
+    #     type: :none
     #   }
     # end
     def with_identity_mapper

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: aserto
 version: !ruby/object:Gem::Version
-  version: 0.0.1
+  version: 0.0.2
 platform: ruby
 authors:
 - Aserto
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2022-07-19 00:00:00.000000000 Z
+date: 2022-07-21 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: aserto-grpc-authz
@@ -156,6 +156,7 @@ files:
 - lib/aserto/auth_client.rb
 - lib/aserto/authorization.rb
 - lib/aserto/config.rb
+- lib/aserto/errors.rb
 - lib/aserto/identity_mapper.rb
 - lib/aserto/identity_mapper/base.rb
 - lib/aserto/identity_mapper/jwt.rb
@@ -174,6 +175,7 @@ metadata:
   homepage_uri: https://www.aserto.com
   source_code_uri: https://github.com/aserto-dev/aserto-ruby
   changelog_uri: https://github.com/aserto-dev/aserto-ruby
+  documentation_uri: https://docs.aserto.com/docs/software-development-kits/ruby/middleware
   rubygems_mfa_required: 'true'
 post_install_message: 
 rdoc_options: []