auth-centric-firewall 0.1.1 → 0.2.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/.rubocop.yml +1 -0
- data/CHANGELOG.md +8 -1
- data/lib/auth/centric/captcha/check_code.rb +41 -0
- data/lib/auth/centric/captcha/retrieve.rb +40 -0
- data/lib/auth/centric/common/settings.rb +29 -0
- data/lib/auth/centric/firewall/capture_request.rb +2 -5
- data/lib/auth/centric/firewall/internet_protocol.rb +38 -0
- data/lib/auth/centric/firewall/version.rb +1 -1
- data/lib/auth/centric/firewall.rb +17 -15
- data/sig/auth/centric/captcha/check_code.rbs +10 -0
- data/sig/auth/centric/captcha/retrieve.rbs +15 -0
- data/sig/auth/centric/common/settings.rbs +19 -0
- data/sig/auth/centric/firewall/capture_request.rbs +15 -9
- data/sig/auth/centric/firewall/{check_ip.rbs → internet_protocol.rbs} +3 -2
- data/sig/auth/centric/firewall.rbs +4 -9
- data/sig/auth/centric/security_captcha.rbs +8 -0
- metadata +25 -7
- data/sig/auth/centric/firewall/constants.rbs +0 -9
- data/sig/ignore_header_keys.rbs +0 -1
- data/sig/ignore_ip.rbs +0 -1
- data/sig/ignore_request.rbs +0 -1
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 6b0b8e31fe34345f545a3c4896d91eca03c805ace909dd71ba6286f15038770b
|
|
4
|
+
data.tar.gz: 20ca9c8cea11b5266bd62f8beecf732c2301cd7b0ea553e59c64f95b3876b9d1
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 6d6767cccf9c465b35b2cdbbeb7fb98851eb02489f4ddb153a265f2af894d9cb2e20b5d5759149180744d603903b0f78c46d59bd4a400a87865a3d226d2202fb
|
|
7
|
+
data.tar.gz: a4bf16a35820835621ae8243c06cd467e4ac5cebfa64e3a7f3174712b952408b92d969b17b0b46edfddd67aa34b76689e8315e43db2715064be877bfe212316e
|
data/.rubocop.yml
CHANGED
data/CHANGELOG.md
CHANGED
|
@@ -0,0 +1,41 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
module Auth
|
|
4
|
+
module Centric
|
|
5
|
+
module Captcha
|
|
6
|
+
module CheckCode
|
|
7
|
+
def verify_code?(id:, code:)
|
|
8
|
+
return true unless enabled?
|
|
9
|
+
|
|
10
|
+
payload = {
|
|
11
|
+
security_captcha: {
|
|
12
|
+
ip: @ip_address,
|
|
13
|
+
code:,
|
|
14
|
+
session_id: @session_id
|
|
15
|
+
}
|
|
16
|
+
}
|
|
17
|
+
|
|
18
|
+
http = HTTP
|
|
19
|
+
.timeout(timeout_seconds)
|
|
20
|
+
.headers(apikey:)
|
|
21
|
+
.post(check_code_path(id), json: payload)
|
|
22
|
+
|
|
23
|
+
case http.status
|
|
24
|
+
when 202
|
|
25
|
+
return true
|
|
26
|
+
when 404, 406
|
|
27
|
+
return false
|
|
28
|
+
else
|
|
29
|
+
raise Error, "#{http.status}: #{http.body}"
|
|
30
|
+
end
|
|
31
|
+
rescue HTTP::TimeoutError
|
|
32
|
+
false
|
|
33
|
+
end
|
|
34
|
+
|
|
35
|
+
def check_code_path(id)
|
|
36
|
+
[host, "api/v1/security_captchas/#{id}/check_code"].join('/')
|
|
37
|
+
end
|
|
38
|
+
end
|
|
39
|
+
end
|
|
40
|
+
end
|
|
41
|
+
end
|
|
@@ -0,0 +1,40 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
module Auth
|
|
4
|
+
module Centric
|
|
5
|
+
module Captcha
|
|
6
|
+
module Retrieve
|
|
7
|
+
def retrieve_captcha
|
|
8
|
+
return true unless enabled?
|
|
9
|
+
|
|
10
|
+
payload = {
|
|
11
|
+
security_captcha: {
|
|
12
|
+
ip: @ip_address,
|
|
13
|
+
session_id: @session_id
|
|
14
|
+
}
|
|
15
|
+
}
|
|
16
|
+
|
|
17
|
+
http = HTTP
|
|
18
|
+
.timeout(timeout_seconds)
|
|
19
|
+
.headers(apikey:)
|
|
20
|
+
.post(find_or_create_path, json: payload)
|
|
21
|
+
|
|
22
|
+
case http.status
|
|
23
|
+
when 200..202
|
|
24
|
+
JSON.parse(http.body)['data']['attributes'].except('session_id', 'ip')
|
|
25
|
+
when 422
|
|
26
|
+
raise Error, http.body.to_s
|
|
27
|
+
else
|
|
28
|
+
raise Error, "#{http.status}: #{http.body}"
|
|
29
|
+
end
|
|
30
|
+
rescue HTTP::TimeoutError
|
|
31
|
+
true
|
|
32
|
+
end
|
|
33
|
+
|
|
34
|
+
def find_or_create_path
|
|
35
|
+
[host, 'api/v1/security_captchas'].join('/')
|
|
36
|
+
end
|
|
37
|
+
end
|
|
38
|
+
end
|
|
39
|
+
end
|
|
40
|
+
end
|
|
@@ -0,0 +1,29 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
module Auth
|
|
4
|
+
module Centric
|
|
5
|
+
module Common
|
|
6
|
+
module Settings
|
|
7
|
+
def host
|
|
8
|
+
@host ||= ENV['AUTH_CENTRIC_HOST'] || 'http://localhost:3003'
|
|
9
|
+
end
|
|
10
|
+
|
|
11
|
+
def apikey
|
|
12
|
+
@apikey ||= ENV['AUTH_CENTRIC_API_KEY'] || 'EsRx0-rLseNPjXuXj_FEa-xxzY0isi26'
|
|
13
|
+
end
|
|
14
|
+
|
|
15
|
+
def timeout_seconds
|
|
16
|
+
@timeout_seconds ||= (ENV['AUTH_CENTRIC_TIMEOUT_SECONDS'] || 3).to_i
|
|
17
|
+
end
|
|
18
|
+
|
|
19
|
+
def enabled?
|
|
20
|
+
@enabled ||= %w[true 1 yes on enabled].include?(ENV['AUTH_CENTRIC_ENABLED']&.downcase)
|
|
21
|
+
end
|
|
22
|
+
|
|
23
|
+
def ip(request)
|
|
24
|
+
@ip ||= InternetProtocol.new(request).ip
|
|
25
|
+
end
|
|
26
|
+
end
|
|
27
|
+
end
|
|
28
|
+
end
|
|
29
|
+
end
|
|
@@ -7,11 +7,12 @@ module Auth
|
|
|
7
7
|
class CaptureRequest
|
|
8
8
|
def initialize(request)
|
|
9
9
|
@request = request
|
|
10
|
+
nil
|
|
10
11
|
end
|
|
11
12
|
|
|
12
13
|
def as_json
|
|
13
14
|
{
|
|
14
|
-
ip
|
|
15
|
+
ip: ip(@request),
|
|
15
16
|
domain:,
|
|
16
17
|
url:,
|
|
17
18
|
query_string:,
|
|
@@ -24,10 +25,6 @@ module Auth
|
|
|
24
25
|
}
|
|
25
26
|
end
|
|
26
27
|
|
|
27
|
-
def ip
|
|
28
|
-
@request.env['HTTP_X_REAL_IP'] || @request.env['HTTP_X_FORWARDED_FOR'] || @request.remote_ip
|
|
29
|
-
end
|
|
30
|
-
|
|
31
28
|
def domain
|
|
32
29
|
@request.domain || @request.headers.env['HTTP_HOST']
|
|
33
30
|
end
|
|
@@ -0,0 +1,38 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
module Auth
|
|
4
|
+
module Centric
|
|
5
|
+
module Firewall
|
|
6
|
+
# Try to find the IPv4
|
|
7
|
+
class InternetProtocol
|
|
8
|
+
require 'ipaddr'
|
|
9
|
+
|
|
10
|
+
def initialize(request)
|
|
11
|
+
@request = request
|
|
12
|
+
end
|
|
13
|
+
|
|
14
|
+
def ip
|
|
15
|
+
return @ip unless @ip.blank?
|
|
16
|
+
|
|
17
|
+
@ip = @request.env['HTTP_X_REAL_IP'] || @request.env['HTTP_X_FORWARDED_FOR'] || @request.remote_ip
|
|
18
|
+
return @ip unless @ip.include?(',')
|
|
19
|
+
|
|
20
|
+
@ip.split(',').each do |ip|
|
|
21
|
+
next if is_ipv6?(ip.strip)
|
|
22
|
+
|
|
23
|
+
@ip = ip.strip
|
|
24
|
+
break
|
|
25
|
+
end
|
|
26
|
+
|
|
27
|
+
@ip
|
|
28
|
+
end
|
|
29
|
+
|
|
30
|
+
def is_ipv6?(ip_string)
|
|
31
|
+
IPAddr.new(ip_string).ipv6?
|
|
32
|
+
rescue IPAddr::AddressFamilyError, IPAddr::InvalidAddressError
|
|
33
|
+
false
|
|
34
|
+
end
|
|
35
|
+
end
|
|
36
|
+
end
|
|
37
|
+
end
|
|
38
|
+
end
|
|
@@ -5,12 +5,16 @@ require 'http'
|
|
|
5
5
|
|
|
6
6
|
require_relative 'firewall/version'
|
|
7
7
|
require_relative 'firewall/constants'
|
|
8
|
+
require_relative 'common/settings'
|
|
8
9
|
require_relative 'firewall/capture_request'
|
|
10
|
+
require_relative 'firewall/internet_protocol'
|
|
9
11
|
|
|
10
12
|
module Auth
|
|
11
13
|
module Centric
|
|
12
14
|
# Client firewall module
|
|
13
15
|
module Firewall
|
|
16
|
+
include Auth::Centric::Common::Settings
|
|
17
|
+
|
|
14
18
|
class Error < StandardError; end
|
|
15
19
|
|
|
16
20
|
def log_firewall(request, forced: false, exception: nil)
|
|
@@ -37,7 +41,7 @@ module Auth
|
|
|
37
41
|
def valid_ip?(request, forced: false)
|
|
38
42
|
return true unless enabled?
|
|
39
43
|
|
|
40
|
-
ip_address =
|
|
44
|
+
ip_address = InternetProtocol.new(request).ip
|
|
41
45
|
return true if !forced && IGNORE_IP.include?(ip_address)
|
|
42
46
|
|
|
43
47
|
http = HTTP
|
|
@@ -59,14 +63,6 @@ module Auth
|
|
|
59
63
|
|
|
60
64
|
private
|
|
61
65
|
|
|
62
|
-
def host
|
|
63
|
-
@host ||= ENV['AUTH_CENTRIC_HOST'] || 'http://localhost:3003'
|
|
64
|
-
end
|
|
65
|
-
|
|
66
|
-
def apikey
|
|
67
|
-
@apikey ||= ENV['AUTH_CENTRIC_API_KEY'] || 'EsRx0-rLseNPjXuXj_FEa-xxzY0isi26'
|
|
68
|
-
end
|
|
69
|
-
|
|
70
66
|
def ip_status_path(ip_address)
|
|
71
67
|
[host, "api/v1/internet_protocols/status?ip=#{ip_address}"].join('/')
|
|
72
68
|
end
|
|
@@ -74,14 +70,20 @@ module Auth
|
|
|
74
70
|
def capture_path
|
|
75
71
|
@capture_path ||= [host, 'api/v1/incoming_requests/capture'].join('/')
|
|
76
72
|
end
|
|
73
|
+
end
|
|
77
74
|
|
|
78
|
-
|
|
79
|
-
|
|
80
|
-
|
|
75
|
+
class SecurityCaptcha
|
|
76
|
+
require_relative 'captcha/retrieve'
|
|
77
|
+
require_relative 'captcha/check_code'
|
|
81
78
|
|
|
82
|
-
|
|
83
|
-
|
|
84
|
-
|
|
79
|
+
include Auth::Centric::Common::Settings
|
|
80
|
+
include Auth::Centric::Captcha::Retrieve
|
|
81
|
+
include Auth::Centric::Captcha::CheckCode
|
|
82
|
+
|
|
83
|
+
def initialize(ip_address:, session_id:)
|
|
84
|
+
@ip_address = ip_address
|
|
85
|
+
@session_id = session_id
|
|
86
|
+
end
|
|
85
87
|
end
|
|
86
88
|
end
|
|
87
89
|
end
|
|
@@ -0,0 +1,15 @@
|
|
|
1
|
+
module Auth
|
|
2
|
+
module Centric
|
|
3
|
+
module Captcha
|
|
4
|
+
module Retrieve
|
|
5
|
+
def find_or_create_path: -> tring
|
|
6
|
+
def retrieve_captcha: -> {
|
|
7
|
+
"id" => "uuid7",
|
|
8
|
+
"failed_count" => int,
|
|
9
|
+
"image" => { "url" => string },
|
|
10
|
+
"fail_limit" => int
|
|
11
|
+
}
|
|
12
|
+
end
|
|
13
|
+
end
|
|
14
|
+
end
|
|
15
|
+
end
|
|
@@ -0,0 +1,19 @@
|
|
|
1
|
+
module Auth
|
|
2
|
+
module Centric
|
|
3
|
+
module Common
|
|
4
|
+
module Settings
|
|
5
|
+
@apikey: string
|
|
6
|
+
@enabled: bool
|
|
7
|
+
@host: string
|
|
8
|
+
@ip: string
|
|
9
|
+
@timeout_seconds: int
|
|
10
|
+
|
|
11
|
+
def apikey: -> string
|
|
12
|
+
def enabled?: -> bool
|
|
13
|
+
def host: -> string
|
|
14
|
+
def ip: -> string
|
|
15
|
+
def timeout_seconds: -> int
|
|
16
|
+
end
|
|
17
|
+
end
|
|
18
|
+
end
|
|
19
|
+
end
|
|
@@ -2,23 +2,29 @@ module Auth
|
|
|
2
2
|
module Centric
|
|
3
3
|
module Firewall
|
|
4
4
|
class CaptureRequest
|
|
5
|
-
|
|
6
|
-
|
|
7
|
-
|
|
5
|
+
def as_json: ->
|
|
6
|
+
{
|
|
7
|
+
ip: string,
|
|
8
|
+
domain: string,
|
|
9
|
+
url: string,
|
|
10
|
+
query_string: string,
|
|
11
|
+
request_method: string,
|
|
12
|
+
request_post_body: string,
|
|
13
|
+
user_agent: string,
|
|
14
|
+
language: string,
|
|
15
|
+
request_formats: string,
|
|
16
|
+
headers: {}
|
|
17
|
+
}
|
|
8
18
|
|
|
9
19
|
def domain: -> string
|
|
10
20
|
|
|
11
|
-
def headers: ->
|
|
12
|
-
|
|
13
|
-
def ip: -> string
|
|
21
|
+
def headers: -> string
|
|
14
22
|
|
|
15
23
|
def language: -> string
|
|
16
24
|
|
|
17
25
|
def query_string: -> string
|
|
18
26
|
|
|
19
|
-
def
|
|
20
|
-
|
|
21
|
-
def request_formats: -> [ ]
|
|
27
|
+
def request_formats: -> string
|
|
22
28
|
|
|
23
29
|
def request_method: -> string
|
|
24
30
|
|
|
@@ -1,26 +1,21 @@
|
|
|
1
1
|
module Auth
|
|
2
2
|
module Centric
|
|
3
3
|
module Firewall
|
|
4
|
+
IGNORE_HEADER_KEYS: []
|
|
5
|
+
IGNORE_REQUEST: []
|
|
6
|
+
IGNORE_IP: []
|
|
7
|
+
|
|
4
8
|
VERSION: string
|
|
5
9
|
|
|
6
|
-
@host: string
|
|
7
|
-
@apikey: string
|
|
8
|
-
@enabled: bool
|
|
9
10
|
@capture_path: string
|
|
10
|
-
@timeout_seconds: int
|
|
11
11
|
|
|
12
12
|
def log_firewall: -> bool
|
|
13
13
|
def valid_ip?: -> bool
|
|
14
14
|
|
|
15
15
|
private
|
|
16
16
|
|
|
17
|
-
|
|
18
|
-
def host: -> string
|
|
19
|
-
def apikey: -> string
|
|
20
|
-
def enabled?: -> bool
|
|
21
17
|
def capture_path: -> string
|
|
22
18
|
def ip_status_path: -> string
|
|
23
|
-
def timeout_seconds: -> int
|
|
24
19
|
end
|
|
25
20
|
end
|
|
26
21
|
end
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: auth-centric-firewall
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.2.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Saimon Lovell
|
|
@@ -23,6 +23,20 @@ dependencies:
|
|
|
23
23
|
- - "~>"
|
|
24
24
|
- !ruby/object:Gem::Version
|
|
25
25
|
version: '5'
|
|
26
|
+
- !ruby/object:Gem::Dependency
|
|
27
|
+
name: ipaddr
|
|
28
|
+
requirement: !ruby/object:Gem::Requirement
|
|
29
|
+
requirements:
|
|
30
|
+
- - "~>"
|
|
31
|
+
- !ruby/object:Gem::Version
|
|
32
|
+
version: '1.2'
|
|
33
|
+
type: :runtime
|
|
34
|
+
prerelease: false
|
|
35
|
+
version_requirements: !ruby/object:Gem::Requirement
|
|
36
|
+
requirements:
|
|
37
|
+
- - "~>"
|
|
38
|
+
- !ruby/object:Gem::Version
|
|
39
|
+
version: '1.2'
|
|
26
40
|
description: Uses A.I to analyze connections to find hackers.
|
|
27
41
|
email:
|
|
28
42
|
- staysynchronize@gmail.com
|
|
@@ -37,18 +51,22 @@ files:
|
|
|
37
51
|
- LICENSE.txt
|
|
38
52
|
- README.md
|
|
39
53
|
- Rakefile
|
|
54
|
+
- lib/auth/centric/captcha/check_code.rb
|
|
55
|
+
- lib/auth/centric/captcha/retrieve.rb
|
|
56
|
+
- lib/auth/centric/common/settings.rb
|
|
40
57
|
- lib/auth/centric/firewall.rb
|
|
41
58
|
- lib/auth/centric/firewall/capture_request.rb
|
|
42
59
|
- lib/auth/centric/firewall/constants.rb
|
|
60
|
+
- lib/auth/centric/firewall/internet_protocol.rb
|
|
43
61
|
- lib/auth/centric/firewall/version.rb
|
|
44
62
|
- public/403.html
|
|
63
|
+
- sig/auth/centric/captcha/check_code.rbs
|
|
64
|
+
- sig/auth/centric/captcha/retrieve.rbs
|
|
65
|
+
- sig/auth/centric/common/settings.rbs
|
|
45
66
|
- sig/auth/centric/firewall.rbs
|
|
46
67
|
- sig/auth/centric/firewall/capture_request.rbs
|
|
47
|
-
- sig/auth/centric/firewall/
|
|
48
|
-
- sig/auth/centric/
|
|
49
|
-
- sig/ignore_header_keys.rbs
|
|
50
|
-
- sig/ignore_ip.rbs
|
|
51
|
-
- sig/ignore_request.rbs
|
|
68
|
+
- sig/auth/centric/firewall/internet_protocol.rbs
|
|
69
|
+
- sig/auth/centric/security_captcha.rbs
|
|
52
70
|
homepage: https://gitlab.com/authcentric/auth-centric-firewall
|
|
53
71
|
licenses:
|
|
54
72
|
- MIT
|
|
@@ -72,7 +90,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
72
90
|
- !ruby/object:Gem::Version
|
|
73
91
|
version: '0'
|
|
74
92
|
requirements: []
|
|
75
|
-
rubygems_version: 3.
|
|
93
|
+
rubygems_version: 3.7.2
|
|
76
94
|
specification_version: 4
|
|
77
95
|
summary: Use artificial intelligence to find hackers.
|
|
78
96
|
test_files: []
|
data/sig/ignore_header_keys.rbs
DELETED
|
@@ -1 +0,0 @@
|
|
|
1
|
-
IGNORE_HEADER_KEYS: []
|
data/sig/ignore_ip.rbs
DELETED
|
@@ -1 +0,0 @@
|
|
|
1
|
-
IGNORE_IP: []
|
data/sig/ignore_request.rbs
DELETED
|
@@ -1 +0,0 @@
|
|
|
1
|
-
IGNORE_REQUEST: []
|