authbox 0.0.4 → 0.0.5
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/authbox.rb +31 -4
- metadata +1 -1
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 88f3bad31b1a1dc5767a54eba3593de501f0a0bb
|
|
4
|
+
data.tar.gz: d3f8f8c13f83a669824f9f3488915c1a95cb49ef
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: c52b50856e96ebcf07272763549b82432613b69aa7abc1fd009c8ad57de51686e07ae1f89f00ac1a8acf513f0d59516905248fb89d5dc0b844580a8930288821
|
|
7
|
+
data.tar.gz: 04823d5d38976a4a89debf7f7e5bad4c4ef55657320e90eea2dc82da6b05143c606852f599ef509adde7c4ac7c8d465623bb5780a2bf30cf796c77fcadb52fd1
|
data/lib/authbox.rb
CHANGED
|
@@ -85,6 +85,8 @@ module Authbox
|
|
|
85
85
|
##
|
|
86
86
|
# Override me to inject a custom HTTP POST library
|
|
87
87
|
def authbox_post_form(uri, body)
|
|
88
|
+
authbox_debug_log {"Posting data to #{uri}: #{body}"}
|
|
89
|
+
|
|
88
90
|
req = Net::HTTP::Post.new(uri.path, initheader = {'Content-Type' =>'application/json'})
|
|
89
91
|
req.body = body.to_json
|
|
90
92
|
|
|
@@ -92,7 +94,7 @@ module Authbox
|
|
|
92
94
|
begin
|
|
93
95
|
http.request(req)
|
|
94
96
|
rescue => e
|
|
95
|
-
|
|
97
|
+
authbox_warn_log { "HTTP request error: #{e}" }
|
|
96
98
|
end
|
|
97
99
|
end
|
|
98
100
|
end
|
|
@@ -113,6 +115,23 @@ module Authbox
|
|
|
113
115
|
return @authbox_pool
|
|
114
116
|
end
|
|
115
117
|
|
|
118
|
+
def authbox_debug_log(&message_block)
|
|
119
|
+
# Rails doesn't have a great way to filter logging out of the box and we want
|
|
120
|
+
# this SDK to be as out-of-the-way as possible, so we gate all logging behind a
|
|
121
|
+
# config.
|
|
122
|
+
if Rails.configuration.authbox[:debug]
|
|
123
|
+
logger.tagged('AUTHBOX') {
|
|
124
|
+
logger.debug message_block
|
|
125
|
+
}
|
|
126
|
+
end
|
|
127
|
+
end
|
|
128
|
+
|
|
129
|
+
def authbox_warn_log(&message_block)
|
|
130
|
+
logger.tagged('AUTHBOX') {
|
|
131
|
+
logger.warn message_block
|
|
132
|
+
}
|
|
133
|
+
end
|
|
134
|
+
|
|
116
135
|
def authbox_get_cookie(cookie_type)
|
|
117
136
|
sha256 = Digest::SHA256.new
|
|
118
137
|
return sha256.hexdigest(
|
|
@@ -126,7 +145,7 @@ module Authbox
|
|
|
126
145
|
|
|
127
146
|
def authbox_ensure_one_request
|
|
128
147
|
if @authbox_requested
|
|
129
|
-
|
|
148
|
+
authbox_warn_log { 'authbox_log() already called' }
|
|
130
149
|
return false
|
|
131
150
|
end
|
|
132
151
|
|
|
@@ -137,6 +156,10 @@ module Authbox
|
|
|
137
156
|
def authbox_request(endpoint, action, async)
|
|
138
157
|
cookie_name = authbox_get_cookie('local_machine_id')
|
|
139
158
|
|
|
159
|
+
if Rails.configuration.authbox[:api_key].nil? or Rails.configuration.authbox[:secret_key].nil?
|
|
160
|
+
authbox_warn_log { 'api_key and secret_key were not set' }
|
|
161
|
+
end
|
|
162
|
+
|
|
140
163
|
if cookies[cookie_name].blank?
|
|
141
164
|
local_machine_id = SecureRandom.hex(32)
|
|
142
165
|
@authbox_new_local_machine_id = true
|
|
@@ -169,7 +192,11 @@ module Authbox
|
|
|
169
192
|
'$ipAddress' => remote_ip,
|
|
170
193
|
'$endpointURL' => request.original_url,
|
|
171
194
|
'$apiKey' => Rails.configuration.authbox[:api_key],
|
|
172
|
-
'$secretKey' => Rails.configuration.authbox[:secret_key]
|
|
195
|
+
'$secretKey' => Rails.configuration.authbox[:secret_key],
|
|
196
|
+
'$rails' => {
|
|
197
|
+
'$controller' => controller_name,
|
|
198
|
+
'$action' => action_name
|
|
199
|
+
}
|
|
173
200
|
}
|
|
174
201
|
|
|
175
202
|
body.merge!(authbox_get_request_data())
|
|
@@ -194,7 +221,7 @@ module Authbox
|
|
|
194
221
|
return @authbox_verdict
|
|
195
222
|
end
|
|
196
223
|
rescue => e
|
|
197
|
-
|
|
224
|
+
authbox_warn_log { "Error decoding body: #{e}" }
|
|
198
225
|
|
|
199
226
|
# Fail open
|
|
200
227
|
@authbox_verdict = {'type' => 'ALLOW', 'info' => 'Error from server'}
|