authorized_networks 1.0.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +7 -0
- checksums.yaml.gz.sig +1 -0
- data.tar.gz.sig +0 -0
- data/lib/authorized_networks.rb +49 -0
- data/lib/authorized_networks/config.rb +44 -0
- data/lib/authorized_networks/controller_extension.rb +11 -0
- data/lib/authorized_networks/error.rb +10 -0
- data/lib/authorized_networks/instance.rb +74 -0
- data/lib/authorized_networks/railtie.rb +12 -0
- data/lib/authorized_networks/version.rb +3 -0
- metadata +79 -0
- metadata.gz.sig +0 -0
checksums.yaml
ADDED
@@ -0,0 +1,7 @@
|
|
1
|
+
---
|
2
|
+
SHA256:
|
3
|
+
metadata.gz: f566c1e34f168c5114387ed6d83898eebde38521ed2968e0905475a7fdae9838
|
4
|
+
data.tar.gz: 2b6347ee201917c2bff2bd5453014c67e4160ab742a59f99d10518c02f2ac9e2
|
5
|
+
SHA512:
|
6
|
+
metadata.gz: 26900b8f10c3843cd8570a2f2f206324c8ff6705c0996a1faa3229f0a80285f826e6a27566530e49195cec2de0dddda217218eb5d0b3a935ff18597a93840edd
|
7
|
+
data.tar.gz: 5de810d467c3666a7f7137c0044e31b373ba7bb4e053f2c1375dac327b396ae435569201c213c6518d37c9d782764cb70008ccef9a99d4a41b0b515ca8ddc239
|
checksums.yaml.gz.sig
ADDED
@@ -0,0 +1 @@
|
|
1
|
+
�O�%|�T�́Ҏ�ڊ��N��5}�(9��)�g�5�l8���5ˊ ���"fūWe����Y����(�5��b���"���d�!�~��%�Y��>G�ߕ�䳟E���D:t�G1�m�����/fk�q/¨�;� ��9˼ٶ"�c�\�)�y�\�H�&�l��,j�6Ӌd�/F<�+.O~�W�}ظ��G�~�����^�қ���-:���A�i�Ѥ��slW�L9�f�m&���H��9yZ{,s_{3x���kp���Nw��+��'�q,�}Y��Qo�b��
|
data.tar.gz.sig
ADDED
Binary file
|
@@ -0,0 +1,49 @@
|
|
1
|
+
require 'ipaddr'
|
2
|
+
require 'yaml'
|
3
|
+
require 'authorized_networks/error'
|
4
|
+
require 'authorized_networks/config'
|
5
|
+
require 'authorized_networks/instance'
|
6
|
+
|
7
|
+
if defined?(Rails)
|
8
|
+
require 'authorized_networks/railtie'
|
9
|
+
end
|
10
|
+
|
11
|
+
module AuthorizedNetworks
|
12
|
+
|
13
|
+
# Provide a configuration
|
14
|
+
#
|
15
|
+
def self.config
|
16
|
+
@config ||= Config.new
|
17
|
+
end
|
18
|
+
|
19
|
+
# Provide a configuration object to the given block and reteurn the config
|
20
|
+
#
|
21
|
+
# @return [AuthorizedNetworks::Config]
|
22
|
+
def self.configure(&block)
|
23
|
+
block.call(config)
|
24
|
+
config
|
25
|
+
end
|
26
|
+
|
27
|
+
# Provide an instance for global use
|
28
|
+
#
|
29
|
+
# @return [AuthorizedNetwork::Instance]
|
30
|
+
def self.instance
|
31
|
+
@instance ||= Instance.new(config)
|
32
|
+
end
|
33
|
+
|
34
|
+
# Is the given IP a valid IP on the global instance?
|
35
|
+
#
|
36
|
+
# @return [Boolean]
|
37
|
+
def self.valid_ip?(ip, options = {})
|
38
|
+
instance.valid_ip?(ip, options)
|
39
|
+
end
|
40
|
+
|
41
|
+
# Is the given IP a valid IP? Raises an error if not
|
42
|
+
#
|
43
|
+
# @raises [AuthorizedNetworks::UnauthorizedNetworkError]
|
44
|
+
# @return [True]
|
45
|
+
def self.valid_ip!(ip, options = {})
|
46
|
+
instance.valid_ip!(ip, options)
|
47
|
+
end
|
48
|
+
|
49
|
+
end
|
@@ -0,0 +1,44 @@
|
|
1
|
+
module AuthorizedNetworks
|
2
|
+
class Config
|
3
|
+
|
4
|
+
# The path where the networks file can be found.
|
5
|
+
#
|
6
|
+
# @return [String]
|
7
|
+
def networks_file_path
|
8
|
+
@networks_file_path || ENV['AUTHORIZED_NETWORKS_CONFIG_PATH'] || find_default_networks_file_path
|
9
|
+
end
|
10
|
+
attr_writer :networks_file_path
|
11
|
+
|
12
|
+
# Return an array of groups that are allowed by default when using the `AuthorizedNetworks.valid?`
|
13
|
+
#
|
14
|
+
# @return [Array<Symbol>]
|
15
|
+
def default_groups
|
16
|
+
@default_groups ||= [:default]
|
17
|
+
end
|
18
|
+
|
19
|
+
# Set a networks hash directly in the configuration rather than using a config file file
|
20
|
+
#
|
21
|
+
# @return [Hash<Symbol, Array>]
|
22
|
+
attr_accessor :networks
|
23
|
+
|
24
|
+
# The length of time networks should be cached in the instance before being loaded
|
25
|
+
# again. This is in seconds.
|
26
|
+
#
|
27
|
+
# @return [Integer]
|
28
|
+
def network_list_cache_ttl
|
29
|
+
@network_list_cache_ttl || 3600
|
30
|
+
end
|
31
|
+
attr_writer :network_list_cache_ttl
|
32
|
+
|
33
|
+
private
|
34
|
+
|
35
|
+
def find_default_networks_file_path
|
36
|
+
if defined?(Rails)
|
37
|
+
Rails.root.join('config', 'authorized_networks.yml')
|
38
|
+
else
|
39
|
+
"/etc/authorized_networks.yml"
|
40
|
+
end
|
41
|
+
end
|
42
|
+
|
43
|
+
end
|
44
|
+
end
|
@@ -0,0 +1,11 @@
|
|
1
|
+
module AuthorizedNetworks
|
2
|
+
module ControllerExtension
|
3
|
+
|
4
|
+
def require_authorized_network(options = {})
|
5
|
+
unless AuthorizedNetworks.valid_ip?(request.ip, options)
|
6
|
+
raise AuthorizedNetworks::UnauthorizedNetworkError, "#{request.ip} does not have access to this resource"
|
7
|
+
end
|
8
|
+
end
|
9
|
+
|
10
|
+
end
|
11
|
+
end
|
@@ -0,0 +1,74 @@
|
|
1
|
+
require 'authorized_networks/config'
|
2
|
+
|
3
|
+
module AuthorizedNetworks
|
4
|
+
class Instance
|
5
|
+
|
6
|
+
def initialize(config = nil, &block)
|
7
|
+
@config = config || Config.new
|
8
|
+
block.call(@config) if block_given?
|
9
|
+
end
|
10
|
+
|
11
|
+
# Return a hash of all configured network groups
|
12
|
+
#
|
13
|
+
# @return [Hash<Symbol,Array>]
|
14
|
+
def networks
|
15
|
+
if @networks && @networks_cached_at && (@networks_cached_at + @config.network_list_cache_ttl) >= Time.now.utc
|
16
|
+
# If we have cached some networks and it has expired, clear the
|
17
|
+
# cache so we can get a new copy of the networks list.
|
18
|
+
@networks = nil
|
19
|
+
end
|
20
|
+
|
21
|
+
@networks ||= begin
|
22
|
+
if @config.networks
|
23
|
+
normalize_ips(@config.networks)
|
24
|
+
elsif File.exist?(@config.networks_file_path)
|
25
|
+
@networks_cached_at = Time.now.utc
|
26
|
+
normalize_ips(YAML.safe_load(File.read(@config.networks_file_path)))
|
27
|
+
else
|
28
|
+
raise NetworksConfigFileNotFoundError, "No config file was found at #{@config.networks_file_path}"
|
29
|
+
end
|
30
|
+
end
|
31
|
+
end
|
32
|
+
|
33
|
+
# Is the given IP a valid IP?
|
34
|
+
#
|
35
|
+
# @return [Boolean]
|
36
|
+
def valid_ip?(ip, options = {})
|
37
|
+
ip = IPAddr.new(ip.to_s) rescue nil
|
38
|
+
return false unless ip.is_a?(IPAddr)
|
39
|
+
groups = options[:groups] || @config.default_groups
|
40
|
+
groups.each do |group|
|
41
|
+
if group_ips = networks[group.to_sym]
|
42
|
+
if group_ips.any? { |gip| gip.include?(ip) }
|
43
|
+
return true
|
44
|
+
end
|
45
|
+
end
|
46
|
+
end
|
47
|
+
return false
|
48
|
+
end
|
49
|
+
|
50
|
+
# Is the given IP a valid IP? Raises an error if not
|
51
|
+
#
|
52
|
+
# @raises [AuthorizedNetworks::UnauthorizedNetworkError]
|
53
|
+
# @return [True]
|
54
|
+
def valid_ip!(ip, options = {})
|
55
|
+
valid_ip?(ip, options) || raise(AuthorizedNetworks::UnauthorizedNetworkError, "#{ip} is not a valid IP")
|
56
|
+
end
|
57
|
+
|
58
|
+
private
|
59
|
+
|
60
|
+
def normalize_ips(hash)
|
61
|
+
hash.each_with_object({}) do |(group_name, networks), hash|
|
62
|
+
networks = [networks.to_s] unless networks.is_a?(Array)
|
63
|
+
hash[group_name.to_sym] = networks.map do |network|
|
64
|
+
begin
|
65
|
+
IPAddr.new(network.to_s)
|
66
|
+
rescue IPAddr::InvalidAddressError
|
67
|
+
nil
|
68
|
+
end
|
69
|
+
end.compact
|
70
|
+
end
|
71
|
+
end
|
72
|
+
|
73
|
+
end
|
74
|
+
end
|
@@ -0,0 +1,12 @@
|
|
1
|
+
module AuthorizedNetworks
|
2
|
+
class Railtie < Rails::Railtie
|
3
|
+
|
4
|
+
initializer 'authorized_networks.initialize' do
|
5
|
+
ActiveSupport.on_load(:action_controller) do
|
6
|
+
require 'authorized_networks/controller_extension'
|
7
|
+
include AuthorizedNetworks::ControllerExtension
|
8
|
+
end
|
9
|
+
end
|
10
|
+
|
11
|
+
end
|
12
|
+
end
|
metadata
ADDED
@@ -0,0 +1,79 @@
|
|
1
|
+
--- !ruby/object:Gem::Specification
|
2
|
+
name: authorized_networks
|
3
|
+
version: !ruby/object:Gem::Version
|
4
|
+
version: 1.0.0
|
5
|
+
platform: ruby
|
6
|
+
authors:
|
7
|
+
- Adam Cooke
|
8
|
+
autorequire:
|
9
|
+
bindir: bin
|
10
|
+
cert_chain:
|
11
|
+
- |
|
12
|
+
-----BEGIN CERTIFICATE-----
|
13
|
+
MIIEZDCCAsygAwIBAgIBATANBgkqhkiG9w0BAQsFADA8MQswCQYDVQQDDAJtZTEZ
|
14
|
+
MBcGCgmSJomT8ixkARkWCWFkYW1jb29rZTESMBAGCgmSJomT8ixkARkWAmlvMB4X
|
15
|
+
DTE4MDMwNTE3MzAwNVoXDTE5MDMwNTE3MzAwNVowPDELMAkGA1UEAwwCbWUxGTAX
|
16
|
+
BgoJkiaJk/IsZAEZFglhZGFtY29va2UxEjAQBgoJkiaJk/IsZAEZFgJpbzCCAaIw
|
17
|
+
DQYJKoZIhvcNAQEBBQADggGPADCCAYoCggGBAOH6HpXwjmVYrUQxUHm25mLm9qYK
|
18
|
+
WS66Me1IfMUX3ZREZ/GzqiJZdV6itPuaaaKpbcm2A/KjgGSPOi9FZBneZ5KvbIeK
|
19
|
+
/GsixL98kxB06q9DZwJbFz7Inklxkd/S0anm+PxtWkQP1TLkMsviRcBPEAqSLON9
|
20
|
+
dCKC7+3kibhatdlsbqIQaeEhSoCUipYMi7ZyFHu5Qz+zMwc8JwHvQ4yi8cMa/QZ+
|
21
|
+
s1tN4mkp/6vWWj4G4lF3YjFYyt2txJcK5ELDtyBy7a3vbMImPy9pplFx1/M6SNpn
|
22
|
+
7Pck0LqDprRzJXsGjq3CbC0nUaudFjUPr31KwxMYq1u13aQL9YuO3GeQCQ3gvdlJ
|
23
|
+
TSd7zoGgLwrMGmXqgd392Psr29yp+WBLcvhFUJnNPDV8nlph/cqmRzoIewP1kdPq
|
24
|
+
pEIUIJQdyKJU7gmFlJ1FurarkuT0a2Rgs99WokCoXLxuPmRWQRN1sH2nHL70jgAR
|
25
|
+
UuvyXEtyALHoCn3VqBR7ZvpfDblUzfANQDhBgwIDAQABo3EwbzAJBgNVHRMEAjAA
|
26
|
+
MAsGA1UdDwQEAwIEsDAdBgNVHQ4EFgQUa7gxxSE4SO2Ors4B+y3qANdMpo4wGgYD
|
27
|
+
VR0RBBMwEYEPbWVAYWRhbWNvb2tlLmlvMBoGA1UdEgQTMBGBD21lQGFkYW1jb29r
|
28
|
+
ZS5pbzANBgkqhkiG9w0BAQsFAAOCAYEAkbz/AJwBsRKwgt2BhWqgr/egf/37IS3s
|
29
|
+
utVox7feYutKyFDHXYvCjm64XUJNioG7ipbRwOOGs5bEYfwgkabcAQnxSlkdNjc4
|
30
|
+
JIgL/cF4YRg8uJG7DH+LwpydXHqr7RneDiONuiHlEN/1EZZ8tjwXypdwzhQ2/6ot
|
31
|
+
YOxdSi/mXdoDoFlIebsLyInUZjqnm7dQ9nTTUNSB+1LoOD8ARNhTIPnKCnxwZd56
|
32
|
+
giOxoHuJIOhgi6U2zicZJHv8lUj2Lc3bcirQk5eeOFRPVGQSpLLoqA7dtS7Jy4cv
|
33
|
+
3c5m+HyxSxzlrcVHMAgJYemK0uhVQD9Y6JwHKDroWDH+MPALjlScw8ui1jmNuH31
|
34
|
+
n5JOH/07C4gYcwTjJmtoRSov46Z6Gn5cc6NFkQpA185pbRLqEDKzusXvBOQlAOLh
|
35
|
+
iyQrH6PJ0xgVJNYx+DLq3eFmo2hYJkw/lVhYAK+MdajtYJbD5VvCIEHO0d5RRgV+
|
36
|
+
qnCNZoPPy0UtRmGKZTMZvVJEZiw4g0fY
|
37
|
+
-----END CERTIFICATE-----
|
38
|
+
date: 2018-03-06 00:00:00.000000000 Z
|
39
|
+
dependencies: []
|
40
|
+
description: An easy way to verify IPs are on authorized networkjs.
|
41
|
+
email:
|
42
|
+
- me@adamcooke.io
|
43
|
+
executables: []
|
44
|
+
extensions: []
|
45
|
+
extra_rdoc_files: []
|
46
|
+
files:
|
47
|
+
- lib/authorized_networks.rb
|
48
|
+
- lib/authorized_networks/config.rb
|
49
|
+
- lib/authorized_networks/controller_extension.rb
|
50
|
+
- lib/authorized_networks/error.rb
|
51
|
+
- lib/authorized_networks/instance.rb
|
52
|
+
- lib/authorized_networks/railtie.rb
|
53
|
+
- lib/authorized_networks/version.rb
|
54
|
+
homepage: https://github.com/adamcooke/authorized_networks
|
55
|
+
licenses:
|
56
|
+
- MIT
|
57
|
+
metadata: {}
|
58
|
+
post_install_message:
|
59
|
+
rdoc_options: []
|
60
|
+
require_paths:
|
61
|
+
- lib
|
62
|
+
required_ruby_version: !ruby/object:Gem::Requirement
|
63
|
+
requirements:
|
64
|
+
- - ">="
|
65
|
+
- !ruby/object:Gem::Version
|
66
|
+
version: '0'
|
67
|
+
required_rubygems_version: !ruby/object:Gem::Requirement
|
68
|
+
requirements:
|
69
|
+
- - ">="
|
70
|
+
- !ruby/object:Gem::Version
|
71
|
+
version: '0'
|
72
|
+
requirements: []
|
73
|
+
rubyforge_project:
|
74
|
+
rubygems_version: 2.7.4
|
75
|
+
signing_key:
|
76
|
+
specification_version: 4
|
77
|
+
summary: This gem provides tooling to allow for IP addresses to be verified as belonging
|
78
|
+
to authorized networks.
|
79
|
+
test_files: []
|
metadata.gz.sig
ADDED
Binary file
|