authorized_networks 1.0.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: f566c1e34f168c5114387ed6d83898eebde38521ed2968e0905475a7fdae9838
+  data.tar.gz: 2b6347ee201917c2bff2bd5453014c67e4160ab742a59f99d10518c02f2ac9e2
+SHA512:
+  metadata.gz: 26900b8f10c3843cd8570a2f2f206324c8ff6705c0996a1faa3229f0a80285f826e6a27566530e49195cec2de0dddda217218eb5d0b3a935ff18597a93840edd
+  data.tar.gz: 5de810d467c3666a7f7137c0044e31b373ba7bb4e053f2c1375dac327b396ae435569201c213c6518d37c9d782764cb70008ccef9a99d4a41b0b515ca8ddc239

checksums.yaml.gz.sig

@@ -0,0 +1 @@
+�O�%|�T�́Ҏ�ڊ��N��5}�(9��)�g�5�l8���5ˊ	���"fūWe����Y����(�5�
�b���"���d�!�~��%�Y��>G�ߕ�䳟E���D:t�G1�m�����/fk�q/¨�;� ��9˼ٶ"�c�\�)�y�\�H�&�l��,j�6Ӌd�/F<�+.O~�W�}ظ��G�~�����^�қ���-:���A�i�Ѥ��slW�L9�f�m&���H��9yZ{,s_{3x���kp���Nw��+��'�q,�}Y��Qo�b��

data/lib/authorized_networks.rb

@@ -0,0 +1,49 @@
+require 'ipaddr'
+require 'yaml'
+require 'authorized_networks/error'
+require 'authorized_networks/config'
+require 'authorized_networks/instance'
+
+if defined?(Rails)
+  require 'authorized_networks/railtie'
+end
+
+module AuthorizedNetworks
+
+  # Provide a configuration
+  #
+  def self.config
+    @config ||= Config.new
+  end
+
+  # Provide a configuration object to the given block and reteurn the config
+  #
+  # @return [AuthorizedNetworks::Config]
+  def self.configure(&block)
+    block.call(config)
+    config
+  end
+
+  # Provide an instance for global use
+  #
+  # @return [AuthorizedNetwork::Instance]
+  def self.instance
+    @instance ||= Instance.new(config)
+  end
+
+  # Is the given IP a valid IP on the global instance?
+  #
+  # @return [Boolean]
+  def self.valid_ip?(ip, options = {})
+    instance.valid_ip?(ip, options)
+  end
+
+  # Is the given IP a valid IP? Raises an error if not
+  #
+  # @raises [AuthorizedNetworks::UnauthorizedNetworkError]
+  # @return [True]
+  def self.valid_ip!(ip, options = {})
+    instance.valid_ip!(ip, options)
+  end
+
+end

data/lib/authorized_networks/config.rb

@@ -0,0 +1,44 @@
+module AuthorizedNetworks
+  class Config
+
+    # The path where the networks file can be found.
+    #
+    # @return [String]
+    def networks_file_path
+      @networks_file_path || ENV['AUTHORIZED_NETWORKS_CONFIG_PATH'] || find_default_networks_file_path
+    end
+    attr_writer :networks_file_path
+
+    # Return an array of groups that are allowed by default when using the `AuthorizedNetworks.valid?`
+    #
+    # @return [Array<Symbol>]
+    def default_groups
+      @default_groups ||= [:default]
+    end
+
+    # Set a networks hash directly in the configuration rather than using a config file file
+    #
+    # @return [Hash<Symbol, Array>]
+    attr_accessor :networks
+
+    # The length of time networks should be cached in the instance before being loaded
+    # again. This is in seconds.
+    #
+    # @return [Integer]
+    def network_list_cache_ttl
+      @network_list_cache_ttl || 3600
+    end
+    attr_writer :network_list_cache_ttl
+
+    private
+
+    def find_default_networks_file_path
+      if defined?(Rails)
+        Rails.root.join('config', 'authorized_networks.yml')
+      else
+        "/etc/authorized_networks.yml"
+      end
+    end
+
+  end
+end

data/lib/authorized_networks/controller_extension.rb

@@ -0,0 +1,11 @@
+module AuthorizedNetworks
+  module ControllerExtension
+
+    def require_authorized_network(options = {})
+      unless AuthorizedNetworks.valid_ip?(request.ip, options)
+        raise AuthorizedNetworks::UnauthorizedNetworkError, "#{request.ip} does not have access to this resource"
+      end
+    end
+
+  end
+end

data/lib/authorized_networks/error.rb

@@ -0,0 +1,10 @@
+module AuthorizedNetworks
+  class Error < StandardError
+  end
+
+  class NetworksConfigFileNotFoundError < Error
+  end
+
+  class UnauthorizedNetworkError < Error
+  end
+end

data/lib/authorized_networks/instance.rb

@@ -0,0 +1,74 @@
+require 'authorized_networks/config'
+
+module AuthorizedNetworks
+  class Instance
+
+    def initialize(config = nil, &block)
+      @config = config || Config.new
+      block.call(@config) if block_given?
+    end
+
+    # Return a hash of all configured network groups
+    #
+    # @return [Hash<Symbol,Array>]
+    def networks
+      if @networks && @networks_cached_at && (@networks_cached_at + @config.network_list_cache_ttl) >= Time.now.utc
+        # If we have cached some networks and it has expired, clear the
+        # cache so we can get a new copy of the networks list.
+        @networks = nil
+      end
+
+      @networks ||= begin
+        if @config.networks
+          normalize_ips(@config.networks)
+        elsif File.exist?(@config.networks_file_path)
+          @networks_cached_at = Time.now.utc
+          normalize_ips(YAML.safe_load(File.read(@config.networks_file_path)))
+        else
+          raise NetworksConfigFileNotFoundError, "No config file was found at #{@config.networks_file_path}"
+        end
+      end
+    end
+
+    # Is the given IP a valid IP?
+    #
+    # @return [Boolean]
+    def valid_ip?(ip, options = {})
+      ip = IPAddr.new(ip.to_s) rescue nil
+      return false unless ip.is_a?(IPAddr)
+      groups = options[:groups] || @config.default_groups
+      groups.each do |group|
+        if group_ips = networks[group.to_sym]
+          if group_ips.any? { |gip| gip.include?(ip) }
+            return true
+          end
+        end
+      end
+      return false
+    end
+
+    # Is the given IP a valid IP? Raises an error if not
+    #
+    # @raises [AuthorizedNetworks::UnauthorizedNetworkError]
+    # @return [True]
+    def valid_ip!(ip, options = {})
+      valid_ip?(ip, options) || raise(AuthorizedNetworks::UnauthorizedNetworkError, "#{ip} is not a valid IP")
+    end
+
+    private
+
+    def normalize_ips(hash)
+      hash.each_with_object({}) do |(group_name, networks), hash|
+        networks = [networks.to_s] unless networks.is_a?(Array)
+        hash[group_name.to_sym] = networks.map do |network|
+          begin
+            IPAddr.new(network.to_s)
+          rescue IPAddr::InvalidAddressError
+            nil
+          end
+        end.compact
+      end
+    end
+
+  end
+end

data/lib/authorized_networks/railtie.rb

@@ -0,0 +1,12 @@
+module AuthorizedNetworks
+  class Railtie < Rails::Railtie
+
+    initializer 'authorized_networks.initialize' do
+      ActiveSupport.on_load(:action_controller) do
+        require 'authorized_networks/controller_extension'
+        include AuthorizedNetworks::ControllerExtension
+      end
+    end
+
+  end
+end

data/lib/authorized_networks/version.rb

@@ -0,0 +1,3 @@
+module AuthorizedNetworks
+  VERSION = '1.0.0'
+end

metadata

@@ -0,0 +1,79 @@
+--- !ruby/object:Gem::Specification
+name: authorized_networks
+version: !ruby/object:Gem::Version
+  version: 1.0.0
+platform: ruby
+authors:
+- Adam Cooke
+autorequire: 
+bindir: bin
+cert_chain:
+- |
+  -----BEGIN CERTIFICATE-----
+  MIIEZDCCAsygAwIBAgIBATANBgkqhkiG9w0BAQsFADA8MQswCQYDVQQDDAJtZTEZ
+  MBcGCgmSJomT8ixkARkWCWFkYW1jb29rZTESMBAGCgmSJomT8ixkARkWAmlvMB4X
+  DTE4MDMwNTE3MzAwNVoXDTE5MDMwNTE3MzAwNVowPDELMAkGA1UEAwwCbWUxGTAX
+  BgoJkiaJk/IsZAEZFglhZGFtY29va2UxEjAQBgoJkiaJk/IsZAEZFgJpbzCCAaIw
+  DQYJKoZIhvcNAQEBBQADggGPADCCAYoCggGBAOH6HpXwjmVYrUQxUHm25mLm9qYK
+  WS66Me1IfMUX3ZREZ/GzqiJZdV6itPuaaaKpbcm2A/KjgGSPOi9FZBneZ5KvbIeK
+  /GsixL98kxB06q9DZwJbFz7Inklxkd/S0anm+PxtWkQP1TLkMsviRcBPEAqSLON9
+  dCKC7+3kibhatdlsbqIQaeEhSoCUipYMi7ZyFHu5Qz+zMwc8JwHvQ4yi8cMa/QZ+
+  s1tN4mkp/6vWWj4G4lF3YjFYyt2txJcK5ELDtyBy7a3vbMImPy9pplFx1/M6SNpn
+  7Pck0LqDprRzJXsGjq3CbC0nUaudFjUPr31KwxMYq1u13aQL9YuO3GeQCQ3gvdlJ
+  TSd7zoGgLwrMGmXqgd392Psr29yp+WBLcvhFUJnNPDV8nlph/cqmRzoIewP1kdPq
+  pEIUIJQdyKJU7gmFlJ1FurarkuT0a2Rgs99WokCoXLxuPmRWQRN1sH2nHL70jgAR
+  UuvyXEtyALHoCn3VqBR7ZvpfDblUzfANQDhBgwIDAQABo3EwbzAJBgNVHRMEAjAA
+  MAsGA1UdDwQEAwIEsDAdBgNVHQ4EFgQUa7gxxSE4SO2Ors4B+y3qANdMpo4wGgYD
+  VR0RBBMwEYEPbWVAYWRhbWNvb2tlLmlvMBoGA1UdEgQTMBGBD21lQGFkYW1jb29r
+  ZS5pbzANBgkqhkiG9w0BAQsFAAOCAYEAkbz/AJwBsRKwgt2BhWqgr/egf/37IS3s
+  utVox7feYutKyFDHXYvCjm64XUJNioG7ipbRwOOGs5bEYfwgkabcAQnxSlkdNjc4
+  JIgL/cF4YRg8uJG7DH+LwpydXHqr7RneDiONuiHlEN/1EZZ8tjwXypdwzhQ2/6ot
+  YOxdSi/mXdoDoFlIebsLyInUZjqnm7dQ9nTTUNSB+1LoOD8ARNhTIPnKCnxwZd56
+  giOxoHuJIOhgi6U2zicZJHv8lUj2Lc3bcirQk5eeOFRPVGQSpLLoqA7dtS7Jy4cv
+  3c5m+HyxSxzlrcVHMAgJYemK0uhVQD9Y6JwHKDroWDH+MPALjlScw8ui1jmNuH31
+  n5JOH/07C4gYcwTjJmtoRSov46Z6Gn5cc6NFkQpA185pbRLqEDKzusXvBOQlAOLh
+  iyQrH6PJ0xgVJNYx+DLq3eFmo2hYJkw/lVhYAK+MdajtYJbD5VvCIEHO0d5RRgV+
+  qnCNZoPPy0UtRmGKZTMZvVJEZiw4g0fY
+  -----END CERTIFICATE-----
+date: 2018-03-06 00:00:00.000000000 Z
+dependencies: []
+description: An easy way to verify IPs are on authorized networkjs.
+email:
+- me@adamcooke.io
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- lib/authorized_networks.rb
+- lib/authorized_networks/config.rb
+- lib/authorized_networks/controller_extension.rb
+- lib/authorized_networks/error.rb
+- lib/authorized_networks/instance.rb
+- lib/authorized_networks/railtie.rb
+- lib/authorized_networks/version.rb
+homepage: https://github.com/adamcooke/authorized_networks
+licenses:
+- MIT
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.7.4
+signing_key: 
+specification_version: 4
+summary: This gem provides tooling to allow for IP addresses to be verified as belonging
+  to authorized networks.
+test_files: []