auth-centric-firewall 0.0.1

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: a00ae75ed3fd2e771940475c9cc9deb20d4ba8e2bdc513ec00c5b2835e5411ba
+  data.tar.gz: a77c13530988f331f8484ad57ab4ca699caecd7edd0f4b3f96fe66a48a44d510
+SHA512:
+  metadata.gz: 751b1b6390bdb766308cedeea5692b9d28dc51bdf437958e2131086bef3f83e9bf6b38c5081c4ee107006bfbeea59f6a4cff7d210d884864650257e499aa330b
+  data.tar.gz: a7ba68574f38eb859c4b6592bc43b74d85a22c47673ecb5fa50a0dc18be905073941ad268ddd4845e3c279d6abc91c0a1dcf04b2ba91bdcf0c2c20f71c995eed

data/.rbenv-vars.example

@@ -0,0 +1,3 @@
+AUTH_CENTRIC_HOST=https://...
+AUTH_CENTRIC_API_KEY=
+AUTH_CENTRIC_TIMEOUT_SECONDS=3

data/.rspec

@@ -0,0 +1,3 @@
+--format documentation
+--color
+--require spec_helper

data/.rubocop.yml

@@ -0,0 +1,34 @@
+AllCops:
+  TargetRubyVersion: 3.1
+  NewCops: enable
+
+Style/StringLiterals:
+  EnforcedStyle: single_quotes
+
+Style/StringLiteralsInInterpolation:
+  EnforcedStyle: single_quotes
+
+Layout/IndentationConsistency:
+  EnforcedStyle: indented_internal_methods
+
+Naming/PredicateName:
+  AllowedMethods:
+    - has_access?
+  NamePrefix:
+    - is_
+    - has_
+    - have_
+  MethodDefinitionMacros:
+    - define_method
+    - define_singleton_method
+    - def_node_matcher
+    - def_node_search
+
+Metrics/MethodLength:
+  CountComments: false  # count full line comments?
+  Max: 28
+
+Layout/CaseIndentation:
+  Description: 'Indentation of when in a case/when/[else/]end.'
+  StyleGuide: '#indent-when-to-case'
+  Enabled: false

data/CHANGELOG.md

@@ -0,0 +1,5 @@
+## [Unreleased]
+
+## [0.1.0] - 2025-03-12
+
+- Initial release

data/LICENSE.txt

@@ -0,0 +1,21 @@
+The MIT License (MIT)
+
+Copyright (c) 2025 Saimon Lovell
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.

data/README.md

@@ -0,0 +1,34 @@
+# Auth::Centric::Firewall
+
+Stop bad actors.
+
+## Installation
+
+
+```bash
+bundle add auth-centric-firewall
+```
+
+If bundler is not being used to manage dependencies, install the gem by executing:
+
+```bash
+gem install auth-centric-firewall
+```
+
+## Usage
+
+### Env Variables
+
+```bash
+AUTH_CENTRIC_HOST=http://localhost:3003
+AUTH_CENTRIC_API_KEY=...
+AUTH_CENTRIC_TIMEOUT_SECONDS=3
+```
+
+## Contributing
+
+Bug reports and pull requests are welcome on GitHub at https://gitlab.com/authcentric/auth-centric-firewall.
+
+## License
+
+The gem is available as open source under the terms of the [MIT License](https://opensource.org/licenses/MIT).

data/Rakefile

@@ -0,0 +1,12 @@
+# frozen_string_literal: true
+
+require 'bundler/gem_tasks'
+require 'rspec/core/rake_task'
+
+RSpec::Core::RakeTask.new(:spec)
+
+require 'rubocop/rake_task'
+
+RuboCop::RakeTask.new
+
+task default: %i[spec rubocop]

data/lib/auth_centric/firewall/capture_request.rb

@@ -0,0 +1,70 @@
+# frozen_string_literal: true
+
+module AuthCentric
+  module Firewall
+    # Takes the incoming request and extracts
+    class CaptureRequest
+      def initialize(request)
+        @request = request
+      end
+
+      def as_json
+        {
+          domain:,
+          url:,
+          query_string:,
+          request_method:,
+          request_post_body:,
+          user_agent:,
+          language:,
+          request_formats:,
+          remote_ip:,
+          headers:
+        }
+      end
+
+      def domain
+        @request.domain || @request.headers.env['HTTP_HOST']
+      end
+
+      def url
+        return @request.original_fullpath if @request.original_fullpath.length == 1
+
+        @request.original_fullpath[1...]
+      end
+
+      def query_string
+        @request.query_string
+      end
+
+      def request_method
+        @request.method
+      end
+
+      def request_post_body
+        @request.body.read
+      end
+
+      def user_agent
+        @request.user_agent
+      end
+
+      def language
+        @request.accept_language
+      end
+
+      def request_formats
+        @request.formats.map(&:to_s)
+      end
+
+      def remote_ip
+        @request.remote_ip
+      end
+
+      def headers
+        data = @request.headers.env.reject { |key| key.to_s.include?('.') || IGNORE_HEADER_KEYS.include?(key) }
+        data.as_json
+      end
+    end
+  end
+end

data/lib/auth_centric/firewall/constants.rb

@@ -0,0 +1,30 @@
+# frozen_string_literal: true
+
+module AuthCentric
+  module Firewall
+    IGNORE_HEADER_KEYS = %w[
+      HTTP_HOST
+      HTTP_REFERER
+      HTTP_IF_NONE_MATCH
+      HTTP_CACHE_CONTROL
+      ORIGINAL_FULLPATH
+      PATH_INFO
+      QUERY_STRING
+      REMOTE_ADDR
+      REQUEST_URI
+      REQUEST_PATH
+      REQUEST_METHOD
+      SERVER_NAME
+      SERVER_SOFTWARE
+      warden
+    ].freeze
+
+    IGNORE_IP = %w[
+      0.0.0.0
+      127.0.0.1
+      127.0.0.2
+    ].freeze
+
+    IGNORE_REQUEST = %w[/ delayed_job favicon.ico robots.txt ads.txt humans.txt].freeze
+  end
+end

data/lib/auth_centric/firewall/version.rb

@@ -0,0 +1,7 @@
+# frozen_string_literal: true
+
+module AuthCentric
+  module Firewall
+    VERSION = '0.0.1'
+  end
+end

data/lib/auth_centric/firewall.rb

@@ -0,0 +1,74 @@
+# frozen_string_literal: true
+
+# require 'pry'
+require 'http'
+
+require_relative 'firewall/version'
+require_relative 'firewall/constants'
+require_relative 'firewall/capture_request'
+
+module AuthCentric
+  # Client code for the firewall
+  module Firewall
+    class Error < StandardError; end
+
+    def log_firewall(request)
+      return true if IGNORE_IP.include?(request.remote_ip)
+      return true if IGNORE_REQUEST.include?(request.original_fullpath)
+
+      cr = CaptureRequest.new(request)
+      payload = { request: cr.as_json }
+
+      http = HTTP
+             .timeout(timeout_seconds)
+             .headers(apikey:)
+             .post(capture_path, json: payload)
+
+      http.status == 200
+    rescue HTTP::TimeoutError
+      true
+    end
+
+    def valid_ip?(ip_address)
+      return true if IGNORE_IP.include?(ip_address)
+
+      http = HTTP
+             .timeout(timeout_seconds)
+             .headers(apikey:)
+             .get(ip_status_path(ip_address))
+
+      case http.status
+        when 200, 202
+          true
+        when 403
+          false
+        else
+          raise Error, "#{http.status}: #{http.body}"
+      end
+    rescue HTTP::TimeoutError
+      true
+    end
+
+    private
+
+      def host
+        @host ||= ENV['AUTH_CENTRIC_HOST'] || 'http://localhost:3003'
+      end
+
+      def apikey
+        @apikey ||= ENV['AUTH_CENTRIC_API_KEY'] || 'EsRx0-rLseNPjXuXj_FEa-xxzY0isi26'
+      end
+
+      def ip_status_path(ip_address)
+        [host, "api/v1/internet_protocols/status?ip=#{ip_address}"].join('/')
+      end
+
+      def capture_path
+        @capture_path ||= [host, 'api/v1/incoming_requests/capture'].join('/')
+      end
+
+      def timeout_seconds
+        @timeout_seconds ||= (ENV['AUTH_CENTRIC_TIMEOUT_SECONDS'] || 3).to_i
+      end
+  end
+end

data/sig/auth_centric/firewall/capture_request.rbs

@@ -0,0 +1,30 @@
+module AuthCentric
+  module Firewall
+    class CaptureRequest
+      @request: Net::HTTPRequest
+
+      def as_json: -> { }
+
+      def domain: -> string
+
+      def headers: -> { }
+
+      def language: -> string
+
+      def query_string: -> string
+
+      def remote_ip: -> string
+
+      def request_formats: -> [ ]
+
+      def request_method: -> string
+
+      def request_post_body: -> string
+
+      def url: -> string
+
+      def user_agent: -> string
+    end
+  end
+end
+

data/sig/auth_centric/firewall/check_ip.rbs

@@ -0,0 +1,9 @@
+module AuthCentric
+  module Firewall
+    class CheckIp
+      @ip: string
+
+      def is_valid?: -> bool
+    end
+  end
+end

data/sig/auth_centric/firewall/constants.rbs

@@ -0,0 +1,7 @@
+module AuthCentric
+  module Firewall
+    IGNORE_HEADER_KEYS: []
+    IGNORE_REQUEST: []
+    IGNORE_IP: []
+  end
+end

data/sig/auth_centric/firewall.rbs

@@ -0,0 +1,21 @@
+module AuthCentric
+  module Firewall
+    VERSION: string
+
+    @host: string
+    @apikey: string
+    @capture_path: string
+    @timeout_seconds: int
+
+    def log_firewall: -> bool
+    def valid_ip?: -> bool
+
+    private
+
+    def host: -> string
+    def apikey: -> string
+    def capture_path: -> string
+    def ip_status_path: -> string
+    def timeout_seconds: -> int
+  end
+end

data/sig/ignore_header_keys.rbs

@@ -0,0 +1 @@
+IGNORE_HEADER_KEYS: []

data/sig/ignore_ip.rbs

@@ -0,0 +1 @@
+IGNORE_IP: []

data/sig/ignore_request.rbs

@@ -0,0 +1 @@
+IGNORE_REQUEST: []

metadata

@@ -0,0 +1,77 @@
+--- !ruby/object:Gem::Specification
+name: auth-centric-firewall
+version: !ruby/object:Gem::Version
+  version: 0.0.1
+platform: ruby
+authors:
+- Saimon Lovell
+bindir: exe
+cert_chain: []
+date: 2025-03-20 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: http
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '5'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '5'
+description: Uses A.I to analyze connections to find hackers.
+email:
+- staysynchronize@gmail.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- ".rbenv-vars.example"
+- ".rspec"
+- ".rubocop.yml"
+- CHANGELOG.md
+- LICENSE.txt
+- README.md
+- Rakefile
+- lib/auth_centric/firewall.rb
+- lib/auth_centric/firewall/capture_request.rb
+- lib/auth_centric/firewall/constants.rb
+- lib/auth_centric/firewall/version.rb
+- sig/auth_centric/firewall.rbs
+- sig/auth_centric/firewall/capture_request.rbs
+- sig/auth_centric/firewall/check_ip.rbs
+- sig/auth_centric/firewall/constants.rbs
+- sig/ignore_header_keys.rbs
+- sig/ignore_ip.rbs
+- sig/ignore_request.rbs
+homepage: https://gitlab.com/authcentric/auth-centric-firewall
+licenses:
+- MIT
+metadata:
+  allowed_push_host: https://rubygems.org
+  homepage_uri: https://gitlab.com/authcentric/auth-centric-firewall
+  source_code_uri: https://gitlab.com/authcentric/auth-centric-firewall
+  changelog_uri: https://gitlab.com/authcentric/auth-centric-firewall/-/blob/dev/CHANGELOG.md
+  rubygems_mfa_required: 'true'
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: 3.1.0
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubygems_version: 3.6.6
+specification_version: 4
+summary: Use artificial intelligence to find hackers.
+test_files: []