castle-rb 4.2.1 → 7.0.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/README.md +160 -45
- data/lib/castle.rb +49 -28
- data/lib/castle/api.rb +21 -14
- data/lib/castle/api/approve_device.rb +20 -0
- data/lib/castle/api/authenticate.rb +37 -0
- data/lib/castle/api/end_impersonation.rb +24 -0
- data/lib/castle/api/filter.rb +37 -0
- data/lib/castle/api/get_device.rb +20 -0
- data/lib/castle/api/get_devices_for_user.rb +20 -0
- data/lib/castle/api/log.rb +37 -0
- data/lib/castle/api/report_device.rb +20 -0
- data/lib/castle/api/risk.rb +37 -0
- data/lib/castle/api/start_impersonation.rb +24 -0
- data/lib/castle/api/track.rb +21 -0
- data/lib/castle/client.rb +78 -51
- data/lib/castle/{extractors/client_id.rb → client_id/extract.rb} +2 -2
- data/lib/castle/commands/approve_device.rb +17 -0
- data/lib/castle/commands/authenticate.rb +13 -13
- data/lib/castle/commands/end_impersonation.rb +25 -0
- data/lib/castle/commands/filter.rb +23 -0
- data/lib/castle/commands/get_device.rb +17 -0
- data/lib/castle/commands/get_devices_for_user.rb +17 -0
- data/lib/castle/commands/log.rb +23 -0
- data/lib/castle/commands/report_device.rb +17 -0
- data/lib/castle/commands/risk.rb +23 -0
- data/lib/castle/commands/start_impersonation.rb +25 -0
- data/lib/castle/commands/track.rb +12 -13
- data/lib/castle/configuration.rb +57 -32
- data/lib/castle/context/{default.rb → get_default.rb} +5 -6
- data/lib/castle/context/{merger.rb → merge.rb} +3 -3
- data/lib/castle/context/prepare.rb +18 -0
- data/lib/castle/context/{sanitizer.rb → sanitize.rb} +1 -1
- data/lib/castle/core/get_connection.rb +27 -0
- data/lib/castle/{api/response.rb → core/process_response.rb} +8 -3
- data/lib/castle/core/process_webhook.rb +25 -0
- data/lib/castle/core/send_request.rb +42 -0
- data/lib/castle/errors.rb +38 -12
- data/lib/castle/failover/prepare_response.rb +18 -0
- data/lib/castle/failover/strategy.rb +23 -0
- data/lib/castle/headers/extract.rb +47 -0
- data/lib/castle/headers/filter.rb +40 -0
- data/lib/castle/headers/format.rb +24 -0
- data/lib/castle/{extractors/ip.rb → ips/extract.rb} +31 -9
- data/lib/castle/logger.rb +19 -0
- data/lib/castle/payload/prepare.rb +26 -0
- data/lib/castle/secure_mode.rb +7 -2
- data/lib/castle/session.rb +18 -0
- data/lib/castle/singleton_configuration.rb +9 -0
- data/lib/castle/support/hanami.rb +2 -6
- data/lib/castle/support/rails.rb +1 -3
- data/lib/castle/utils/clean_invalid_chars.rb +22 -0
- data/lib/castle/utils/clone.rb +15 -0
- data/lib/castle/utils/deep_symbolize_keys.rb +45 -0
- data/lib/castle/utils/get_timestamp.rb +15 -0
- data/lib/castle/utils/{merger.rb → merge.rb} +3 -3
- data/lib/castle/utils/secure_compare.rb +22 -0
- data/lib/castle/validators/not_supported.rb +1 -0
- data/lib/castle/validators/present.rb +1 -0
- data/lib/castle/verdict.rb +15 -0
- data/lib/castle/version.rb +1 -1
- data/lib/castle/webhooks/verify.rb +45 -0
- data/spec/integration/rails/rails_spec.rb +42 -14
- data/spec/integration/rails/support/application.rb +3 -1
- data/spec/integration/rails/support/home_controller.rb +50 -6
- data/spec/lib/castle/api/approve_device_spec.rb +21 -0
- data/spec/lib/castle/api/authenticate_spec.rb +136 -0
- data/spec/lib/castle/api/end_impersonation_spec.rb +65 -0
- data/spec/lib/castle/api/filter_spec.rb +5 -0
- data/spec/lib/castle/api/get_device_spec.rb +19 -0
- data/spec/lib/castle/api/get_devices_for_user_spec.rb +19 -0
- data/spec/lib/castle/api/log_spec.rb +5 -0
- data/spec/lib/castle/api/report_device_spec.rb +21 -0
- data/spec/lib/castle/api/risk_spec.rb +5 -0
- data/spec/lib/castle/api/start_impersonation_spec.rb +65 -0
- data/spec/lib/castle/api/track_spec.rb +72 -0
- data/spec/lib/castle/api_spec.rb +14 -15
- data/spec/lib/castle/{extractors/client_id_spec.rb → client_id/extract_spec.rb} +6 -15
- data/spec/lib/castle/client_spec.rb +108 -93
- data/spec/lib/castle/commands/approve_device_spec.rb +24 -0
- data/spec/lib/castle/commands/authenticate_spec.rb +15 -31
- data/spec/lib/castle/commands/end_impersonation_spec.rb +79 -0
- data/spec/lib/castle/commands/filter_spec.rb +99 -0
- data/spec/lib/castle/commands/get_device_spec.rb +24 -0
- data/spec/lib/castle/commands/{review_spec.rb → get_devices_for_user_spec.rb} +7 -7
- data/spec/lib/castle/commands/log_spec.rb +100 -0
- data/spec/lib/castle/commands/report_device_spec.rb +24 -0
- data/spec/lib/castle/commands/risk_spec.rb +100 -0
- data/spec/lib/castle/commands/start_impersonation_spec.rb +79 -0
- data/spec/lib/castle/commands/track_spec.rb +14 -34
- data/spec/lib/castle/configuration_spec.rb +8 -141
- data/spec/lib/castle/context/{default_spec.rb → get_default_spec.rb} +9 -10
- data/spec/lib/castle/context/{merger_spec.rb → merge_spec.rb} +1 -1
- data/spec/lib/castle/context/prepare_spec.rb +43 -0
- data/spec/lib/castle/context/{sanitizer_spec.rb → sanitize_spec.rb} +1 -1
- data/spec/lib/castle/core/get_connection_spec.rb +43 -0
- data/spec/lib/castle/{api/response_spec.rb → core/process_response_spec.rb} +49 -1
- data/spec/lib/castle/core/process_webhook_spec.rb +46 -0
- data/spec/lib/castle/core/send_request_spec.rb +77 -0
- data/spec/lib/castle/failover/strategy_spec.rb +12 -0
- data/spec/lib/castle/{extractors/headers_spec.rb → headers/extract_spec.rb} +18 -20
- data/spec/lib/castle/headers/filter_spec.rb +39 -0
- data/spec/lib/castle/headers/format_spec.rb +25 -0
- data/spec/lib/castle/{extractors/ip_spec.rb → ips/extract_spec.rb} +27 -8
- data/spec/lib/castle/logger_spec.rb +38 -0
- data/spec/lib/castle/payload/prepare_spec.rb +55 -0
- data/spec/lib/castle/session_spec.rb +65 -0
- data/spec/lib/castle/singleton_configuration_spec.rb +14 -0
- data/spec/lib/castle/utils/clean_invalid_chars_spec.rb +69 -0
- data/spec/lib/castle/utils/{cloner_spec.rb → clone_spec.rb} +3 -3
- data/spec/lib/castle/utils/deep_symbolize_keys_spec.rb +50 -0
- data/spec/lib/castle/utils/{timestamp_spec.rb → get_timestamp_spec.rb} +1 -1
- data/spec/lib/castle/utils/merge_spec.rb +15 -0
- data/spec/lib/castle/validators/present_spec.rb +5 -6
- data/spec/lib/castle/verdict_spec.rb +9 -0
- data/spec/lib/castle/webhooks/verify_spec.rb +53 -0
- data/spec/lib/castle_spec.rb +4 -10
- data/spec/spec_helper.rb +3 -3
- data/spec/support/shared_examples/action_request.rb +152 -0
- data/spec/support/shared_examples/configuration.rb +101 -0
- metadata +146 -64
- data/lib/castle/api/request.rb +0 -42
- data/lib/castle/api/session.rb +0 -39
- data/lib/castle/commands/identify.rb +0 -23
- data/lib/castle/commands/impersonate.rb +0 -26
- data/lib/castle/commands/review.rb +0 -14
- data/lib/castle/events.rb +0 -49
- data/lib/castle/extractors/headers.rb +0 -45
- data/lib/castle/failover_auth_response.rb +0 -21
- data/lib/castle/headers_filter.rb +0 -35
- data/lib/castle/headers_formatter.rb +0 -22
- data/lib/castle/review.rb +0 -11
- data/lib/castle/utils.rb +0 -55
- data/lib/castle/utils/cloner.rb +0 -11
- data/lib/castle/utils/timestamp.rb +0 -12
- data/spec/lib/castle/api/request_spec.rb +0 -72
- data/spec/lib/castle/commands/identify_spec.rb +0 -88
- data/spec/lib/castle/commands/impersonate_spec.rb +0 -107
- data/spec/lib/castle/events_spec.rb +0 -5
- data/spec/lib/castle/headers_filter_spec.rb +0 -37
- data/spec/lib/castle/headers_formatter_spec.rb +0 -25
- data/spec/lib/castle/review_spec.rb +0 -19
- data/spec/lib/castle/utils/merger_spec.rb +0 -13
- data/spec/lib/castle/utils_spec.rb +0 -156
@@ -1,9 +1,9 @@
|
|
1
1
|
# frozen_string_literal: true
|
2
2
|
|
3
3
|
module Castle
|
4
|
-
module
|
4
|
+
module ClientId
|
5
5
|
# used for extraction of cookies and headers from the request
|
6
|
-
class
|
6
|
+
class Extract
|
7
7
|
# @param headers [Hash]
|
8
8
|
# @param cookies [NilClass|Hash]
|
9
9
|
def initialize(headers, cookies)
|
@@ -0,0 +1,17 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
module Castle
|
4
|
+
module Commands
|
5
|
+
# Generates the payload for the PUT devices/#{device_token}/approve request
|
6
|
+
class ApproveDevice
|
7
|
+
class << self
|
8
|
+
# @param options [Hash]
|
9
|
+
# @return [Castle::Command]
|
10
|
+
def build(options = {})
|
11
|
+
Castle::Validators::Present.call(options, %i[device_token])
|
12
|
+
Castle::Command.new("devices/#{options[:device_token]}/approve", nil, :put)
|
13
|
+
end
|
14
|
+
end
|
15
|
+
end
|
16
|
+
end
|
17
|
+
end
|
@@ -2,21 +2,21 @@
|
|
2
2
|
|
3
3
|
module Castle
|
4
4
|
module Commands
|
5
|
+
# Generates the payload for the authenticate request
|
5
6
|
class Authenticate
|
6
|
-
|
7
|
-
@
|
8
|
-
|
9
|
-
|
10
|
-
|
11
|
-
|
12
|
-
context = Castle::Context::Merger.call(@context, options[:context])
|
13
|
-
context = Castle::Context::Sanitizer.call(context)
|
7
|
+
class << self
|
8
|
+
# @param options [Hash]
|
9
|
+
# @return [Castle::Command]
|
10
|
+
def build(options = {})
|
11
|
+
Castle::Validators::Present.call(options, %i[event])
|
12
|
+
context = Castle::Context::Sanitize.call(options[:context])
|
14
13
|
|
15
|
-
|
16
|
-
|
17
|
-
|
18
|
-
|
19
|
-
|
14
|
+
Castle::Command.new(
|
15
|
+
'authenticate',
|
16
|
+
options.merge(context: context, sent_at: Castle::Utils::GetTimestamp.call),
|
17
|
+
:post
|
18
|
+
)
|
19
|
+
end
|
20
20
|
end
|
21
21
|
end
|
22
22
|
end
|
@@ -0,0 +1,25 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
module Castle
|
4
|
+
module Commands
|
5
|
+
# builder for impersonate command
|
6
|
+
class EndImpersonation
|
7
|
+
class << self
|
8
|
+
# @param options [Hash]
|
9
|
+
# @return [Castle::Command]
|
10
|
+
def build(options = {})
|
11
|
+
Castle::Validators::Present.call(options, %i[user_id])
|
12
|
+
context = Castle::Context::Sanitize.call(options[:context])
|
13
|
+
|
14
|
+
Castle::Validators::Present.call(context, %i[user_agent ip])
|
15
|
+
|
16
|
+
Castle::Command.new(
|
17
|
+
'impersonate',
|
18
|
+
options.merge(context: context, sent_at: Castle::Utils::GetTimestamp.call),
|
19
|
+
:delete
|
20
|
+
)
|
21
|
+
end
|
22
|
+
end
|
23
|
+
end
|
24
|
+
end
|
25
|
+
end
|
@@ -0,0 +1,23 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
module Castle
|
4
|
+
module Commands
|
5
|
+
# Generates the payload for the filter request
|
6
|
+
class Filter
|
7
|
+
class << self
|
8
|
+
# @param options [Hash]
|
9
|
+
# @return [Castle::Command]
|
10
|
+
def build(options = {})
|
11
|
+
Castle::Validators::Present.call(options, %i[event])
|
12
|
+
context = Castle::Context::Sanitize.call(options[:context])
|
13
|
+
|
14
|
+
Castle::Command.new(
|
15
|
+
'filter',
|
16
|
+
options.merge(context: context, sent_at: Castle::Utils::GetTimestamp.call),
|
17
|
+
:post
|
18
|
+
)
|
19
|
+
end
|
20
|
+
end
|
21
|
+
end
|
22
|
+
end
|
23
|
+
end
|
@@ -0,0 +1,17 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
module Castle
|
4
|
+
module Commands
|
5
|
+
# Generates the payload for the GET devices/#{device_token} request
|
6
|
+
class GetDevice
|
7
|
+
class << self
|
8
|
+
# @param options [Hash]
|
9
|
+
# @return [Castle::Command]
|
10
|
+
def build(options = {})
|
11
|
+
Castle::Validators::Present.call(options, %i[device_token])
|
12
|
+
Castle::Command.new("devices/#{options[:device_token]}", nil, :get)
|
13
|
+
end
|
14
|
+
end
|
15
|
+
end
|
16
|
+
end
|
17
|
+
end
|
@@ -0,0 +1,17 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
module Castle
|
4
|
+
module Commands
|
5
|
+
# Generates the payload for the GET users/#{user_id}/devices request
|
6
|
+
class GetDevicesForUser
|
7
|
+
class << self
|
8
|
+
# @param options [Hash]
|
9
|
+
# @return [Castle::Command]
|
10
|
+
def build(options = {})
|
11
|
+
Castle::Validators::Present.call(options, %i[user_id])
|
12
|
+
Castle::Command.new("users/#{options[:user_id]}/devices", nil, :get)
|
13
|
+
end
|
14
|
+
end
|
15
|
+
end
|
16
|
+
end
|
17
|
+
end
|
@@ -0,0 +1,23 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
module Castle
|
4
|
+
module Commands
|
5
|
+
# Generates the payload for the log request
|
6
|
+
class Log
|
7
|
+
class << self
|
8
|
+
# @param options [Hash]
|
9
|
+
# @return [Castle::Command]
|
10
|
+
def build(options = {})
|
11
|
+
Castle::Validators::Present.call(options, %i[event])
|
12
|
+
context = Castle::Context::Sanitize.call(options[:context])
|
13
|
+
|
14
|
+
Castle::Command.new(
|
15
|
+
'log',
|
16
|
+
options.merge(context: context, sent_at: Castle::Utils::GetTimestamp.call),
|
17
|
+
:post
|
18
|
+
)
|
19
|
+
end
|
20
|
+
end
|
21
|
+
end
|
22
|
+
end
|
23
|
+
end
|
@@ -0,0 +1,17 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
module Castle
|
4
|
+
module Commands
|
5
|
+
# Generates the payload for the PUT devices/#{device_token}/report request
|
6
|
+
class ReportDevice
|
7
|
+
class << self
|
8
|
+
# @param options [Hash]
|
9
|
+
# @return [Castle::Command]
|
10
|
+
def build(options = {})
|
11
|
+
Castle::Validators::Present.call(options, %i[device_token])
|
12
|
+
Castle::Command.new("devices/#{options[:device_token]}/report", nil, :put)
|
13
|
+
end
|
14
|
+
end
|
15
|
+
end
|
16
|
+
end
|
17
|
+
end
|
@@ -0,0 +1,23 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
module Castle
|
4
|
+
module Commands
|
5
|
+
# Generates the payload for the risk request
|
6
|
+
class Risk
|
7
|
+
class << self
|
8
|
+
# @param options [Hash]
|
9
|
+
# @return [Castle::Command]
|
10
|
+
def build(options = {})
|
11
|
+
Castle::Validators::Present.call(options, %i[event])
|
12
|
+
context = Castle::Context::Sanitize.call(options[:context])
|
13
|
+
|
14
|
+
Castle::Command.new(
|
15
|
+
'risk',
|
16
|
+
options.merge(context: context, sent_at: Castle::Utils::GetTimestamp.call),
|
17
|
+
:post
|
18
|
+
)
|
19
|
+
end
|
20
|
+
end
|
21
|
+
end
|
22
|
+
end
|
23
|
+
end
|
@@ -0,0 +1,25 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
module Castle
|
4
|
+
module Commands
|
5
|
+
# builder for impersonate command
|
6
|
+
class StartImpersonation
|
7
|
+
class << self
|
8
|
+
# @param options [Hash]
|
9
|
+
# @return [Castle::Command]
|
10
|
+
def build(options = {})
|
11
|
+
Castle::Validators::Present.call(options, %i[user_id])
|
12
|
+
context = Castle::Context::Sanitize.call(options[:context])
|
13
|
+
|
14
|
+
Castle::Validators::Present.call(context, %i[user_agent ip])
|
15
|
+
|
16
|
+
Castle::Command.new(
|
17
|
+
'impersonate',
|
18
|
+
options.merge(context: context, sent_at: Castle::Utils::GetTimestamp.call),
|
19
|
+
:post
|
20
|
+
)
|
21
|
+
end
|
22
|
+
end
|
23
|
+
end
|
24
|
+
end
|
25
|
+
end
|
@@ -3,20 +3,19 @@
|
|
3
3
|
module Castle
|
4
4
|
module Commands
|
5
5
|
class Track
|
6
|
-
|
7
|
-
@
|
8
|
-
|
9
|
-
|
10
|
-
|
11
|
-
|
12
|
-
context = Castle::Context::Merger.call(@context, options[:context])
|
13
|
-
context = Castle::Context::Sanitizer.call(context)
|
6
|
+
class << self
|
7
|
+
# @param options [Hash]
|
8
|
+
# @return [Castle::Command]
|
9
|
+
def build(options = {})
|
10
|
+
Castle::Validators::Present.call(options, %i[event])
|
11
|
+
context = Castle::Context::Sanitize.call(options[:context])
|
14
12
|
|
15
|
-
|
16
|
-
|
17
|
-
|
18
|
-
|
19
|
-
|
13
|
+
Castle::Command.new(
|
14
|
+
'track',
|
15
|
+
options.merge(context: context, sent_at: Castle::Utils::GetTimestamp.call),
|
16
|
+
:post
|
17
|
+
)
|
18
|
+
end
|
20
19
|
end
|
21
20
|
end
|
22
21
|
end
|
data/lib/castle/configuration.rb
CHANGED
@@ -1,31 +1,29 @@
|
|
1
1
|
# frozen_string_literal: true
|
2
2
|
|
3
|
-
require '
|
3
|
+
require 'uri'
|
4
4
|
|
5
5
|
module Castle
|
6
6
|
# manages configuration variables
|
7
7
|
class Configuration
|
8
|
-
|
9
|
-
|
10
|
-
|
11
|
-
|
12
|
-
URL_PREFIX = '/v1'
|
13
|
-
FAILOVER_STRATEGY = :allow
|
14
|
-
REQUEST_TIMEOUT = 500 # in milliseconds
|
15
|
-
FAILOVER_STRATEGIES = %i[allow deny challenge throw].freeze
|
8
|
+
# API endpoint
|
9
|
+
BASE_URL = 'https://api.castle.io/v1'
|
10
|
+
REQUEST_TIMEOUT = 1000 # in milliseconds
|
11
|
+
|
16
12
|
# regexp of trusted proxies which is always appended to the trusted proxy list
|
17
|
-
TRUSTED_PROXIES = [
|
13
|
+
TRUSTED_PROXIES = [
|
14
|
+
/
|
18
15
|
\A127\.0\.0\.1\Z|
|
19
16
|
\A(10|172\.(1[6-9]|2[0-9]|30|31)|192\.168)\.|
|
20
17
|
\A::1\Z|\Afd[0-9a-f]{2}:.+|
|
21
18
|
\Alocalhost\Z|
|
22
19
|
\Aunix\Z|
|
23
20
|
\Aunix:
|
24
|
-
/ix
|
21
|
+
/ix
|
22
|
+
].freeze
|
25
23
|
|
26
|
-
# @note this value is not assigned as we don't recommend using a
|
24
|
+
# @note this value is not assigned as we don't recommend using a allowlist. If you need to use
|
27
25
|
# one, this constant is provided as a good default.
|
28
|
-
|
26
|
+
DEFAULT_ALLOWLIST = %w[
|
29
27
|
Accept
|
30
28
|
Accept-Charset
|
31
29
|
Accept-Datetime
|
@@ -35,46 +33,65 @@ module Castle
|
|
35
33
|
Connection
|
36
34
|
Content-Length
|
37
35
|
Content-Type
|
36
|
+
Dnt
|
38
37
|
Host
|
39
38
|
Origin
|
40
39
|
Pragma
|
41
40
|
Referer
|
42
|
-
|
41
|
+
Sec-Fetch-Dest
|
42
|
+
Sec-Fetch-Mode
|
43
|
+
Sec-Fetch-Site
|
44
|
+
Sec-Fetch-User
|
45
|
+
Te
|
43
46
|
Upgrade-Insecure-Requests
|
47
|
+
User-Agent
|
44
48
|
X-Castle-Client-Id
|
49
|
+
X-Requested-With
|
45
50
|
].freeze
|
46
51
|
|
47
|
-
attr_accessor :
|
48
|
-
attr_reader :api_secret,
|
52
|
+
attr_accessor :request_timeout, :trust_proxy_chain, :logger
|
53
|
+
attr_reader :api_secret,
|
54
|
+
:allowlisted,
|
55
|
+
:denylisted,
|
56
|
+
:failover_strategy,
|
57
|
+
:ip_headers,
|
58
|
+
:trusted_proxies,
|
59
|
+
:trusted_proxy_depth,
|
60
|
+
:base_url
|
49
61
|
|
50
62
|
def initialize
|
51
|
-
@
|
63
|
+
@header_format = Castle::Headers::Format
|
52
64
|
@request_timeout = REQUEST_TIMEOUT
|
53
65
|
reset
|
54
66
|
end
|
55
67
|
|
56
68
|
def reset
|
57
|
-
self.failover_strategy =
|
58
|
-
self.
|
59
|
-
self.
|
60
|
-
self.
|
61
|
-
self.whitelisted = [].freeze
|
62
|
-
self.blacklisted = [].freeze
|
69
|
+
self.failover_strategy = Castle::Failover::Strategy::ALLOW
|
70
|
+
self.base_url = BASE_URL
|
71
|
+
self.allowlisted = [].freeze
|
72
|
+
self.denylisted = [].freeze
|
63
73
|
self.api_secret = ENV.fetch('CASTLE_API_SECRET', '')
|
64
74
|
self.ip_headers = [].freeze
|
65
75
|
self.trusted_proxies = [].freeze
|
76
|
+
self.trust_proxy_chain = false
|
77
|
+
self.trusted_proxy_depth = nil
|
78
|
+
self.logger = nil
|
79
|
+
end
|
80
|
+
|
81
|
+
def base_url=(value)
|
82
|
+
@base_url = URI(value)
|
66
83
|
end
|
67
84
|
|
68
85
|
def api_secret=(value)
|
69
86
|
@api_secret = value.to_s
|
70
87
|
end
|
71
88
|
|
72
|
-
def
|
73
|
-
@
|
89
|
+
def allowlisted=(value)
|
90
|
+
@allowlisted = (value ? value.map { |header| @header_format.call(header) } : []).freeze
|
74
91
|
end
|
75
92
|
|
76
|
-
def
|
77
|
-
@
|
93
|
+
def denylisted=(value)
|
94
|
+
@denylisted = (value ? value.map { |header| @header_format.call(header) } : []).freeze
|
78
95
|
end
|
79
96
|
|
80
97
|
# sets ip headers
|
@@ -82,23 +99,31 @@ module Castle
|
|
82
99
|
def ip_headers=(value)
|
83
100
|
raise Castle::ConfigurationError, 'ip headers must be an Array' unless value.is_a?(Array)
|
84
101
|
|
85
|
-
@ip_headers = value.map { |header| @
|
102
|
+
@ip_headers = value.map { |header| @header_format.call(header) }.freeze
|
86
103
|
end
|
87
104
|
|
88
105
|
# sets trusted proxies
|
89
|
-
# @param value [Array<String
|
106
|
+
# @param value [Array<String,Regexp>]
|
90
107
|
def trusted_proxies=(value)
|
91
|
-
|
108
|
+
unless value.is_a?(Array)
|
109
|
+
raise Castle::ConfigurationError, 'trusted proxies must be an Array'
|
110
|
+
end
|
92
111
|
|
93
112
|
@trusted_proxies = value
|
94
113
|
end
|
95
114
|
|
115
|
+
# @param value [String,Number,NilClass]
|
116
|
+
def trusted_proxy_depth=(value)
|
117
|
+
@trusted_proxy_depth = value.to_i
|
118
|
+
end
|
119
|
+
|
96
120
|
def valid?
|
97
|
-
!api_secret.to_s.empty? && !host.to_s.empty? && !port.to_s.empty?
|
121
|
+
!api_secret.to_s.empty? && !base_url.host.to_s.empty? && !base_url.port.to_s.empty?
|
98
122
|
end
|
99
123
|
|
100
124
|
def failover_strategy=(value)
|
101
|
-
@failover_strategy =
|
125
|
+
@failover_strategy =
|
126
|
+
Castle::Failover::STRATEGIES.detect { |strategy| strategy == value.to_sym }
|
102
127
|
raise Castle::ConfigurationError, 'unrecognized failover strategy' if @failover_strategy.nil?
|
103
128
|
end
|
104
129
|
|
@@ -2,9 +2,9 @@
|
|
2
2
|
|
3
3
|
module Castle
|
4
4
|
module Context
|
5
|
-
class
|
5
|
+
class GetDefault
|
6
6
|
def initialize(request, cookies = nil)
|
7
|
-
@pre_headers =
|
7
|
+
@pre_headers = Castle::Headers::Filter.new(request).call
|
8
8
|
@cookies = cookies || request.cookies
|
9
9
|
@request = request
|
10
10
|
end
|
@@ -13,7 +13,6 @@ module Castle
|
|
13
13
|
{
|
14
14
|
client_id: client_id,
|
15
15
|
active: true,
|
16
|
-
origin: 'web',
|
17
16
|
headers: headers,
|
18
17
|
ip: ip,
|
19
18
|
library: {
|
@@ -40,18 +39,18 @@ module Castle
|
|
40
39
|
|
41
40
|
# @return [String]
|
42
41
|
def ip
|
43
|
-
|
42
|
+
Castle::IPs::Extract.new(@pre_headers).call
|
44
43
|
end
|
45
44
|
|
46
45
|
# @return [String]
|
47
46
|
def client_id
|
48
|
-
|
47
|
+
Castle::ClientId::Extract.new(@pre_headers, @cookies).call
|
49
48
|
end
|
50
49
|
|
51
50
|
# formatted and filtered headers
|
52
51
|
# @return [Hash]
|
53
52
|
def headers
|
54
|
-
|
53
|
+
Castle::Headers::Extract.new(@pre_headers).call
|
55
54
|
end
|
56
55
|
end
|
57
56
|
end
|