cohesive_marketplace_middleware 0.1.3 → 0.1.5
Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 7f25619e09f201a527087188d66b5f91ceb0a7070c76cfca92db3a39c6c5d4b8
|
4
|
+
data.tar.gz: 4624f274f1b9f529af6dd91de378dc193f70c1784c253a1d8a20698eb4913e2e
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 05fc7672e47b2245f696d5422a5477c889694a7e1fafedfe091299f480b4ed51275fe08b4df6b09a2d6adc08b4cc58d56a8ad6607440b794d849d06af0f427a4
|
7
|
+
data.tar.gz: e838506ef7409bbe62797c21dc7dc3cd373f6d8ef0261236dd97d080b723a91ce66e48f7bd5e7ef53030cfd434f9532b45165aacd2b8492abacd20a1d97b6abe
|
data/CHANGELOG.md
CHANGED
data/Gemfile.lock
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
PATH
|
2
2
|
remote: .
|
3
3
|
specs:
|
4
|
-
cohesive_marketplace_middleware (0.1.
|
4
|
+
cohesive_marketplace_middleware (0.1.5)
|
5
5
|
cohesive_marketplace_sdk (~> 0.1.1, >= 0.1.1)
|
6
6
|
jwt (~> 1.5, >= 1.5.0)
|
7
7
|
|
@@ -44,7 +44,7 @@ GEM
|
|
44
44
|
rubocop-ast (>= 1.24.1, < 2.0)
|
45
45
|
ruby-progressbar (~> 1.7)
|
46
46
|
unicode-display_width (>= 2.4.0, < 3.0)
|
47
|
-
rubocop-ast (1.
|
47
|
+
rubocop-ast (1.27.0)
|
48
48
|
parser (>= 3.2.1.0)
|
49
49
|
rubocop-performance (1.15.2)
|
50
50
|
rubocop (>= 1.7.0, < 2.0)
|
@@ -1,9 +1,10 @@
|
|
1
|
-
require
|
1
|
+
require "cohesive_marketplace_middleware"
|
2
2
|
|
3
3
|
module AuthMiddleware
|
4
4
|
class Railtie < Rails::Railtie
|
5
5
|
initializer "cohesive_marketplace_middleware.configure_rails_initialization" do |app|
|
6
6
|
app.middleware.use AuthMiddleware
|
7
|
+
app.middleware.use CookieAuthMiddleware
|
7
8
|
end
|
8
9
|
end
|
9
10
|
end
|
@@ -3,29 +3,112 @@
|
|
3
3
|
require_relative "cohesive_marketplace_middleware/version"
|
4
4
|
require "cohesive_marketplace_sdk"
|
5
5
|
|
6
|
+
AUTH_DETAILS_ENV_KEY = "auth_details"
|
7
|
+
COHESIVE_MIDDLEWARE_IGNORE_PATH_PREFIX = "COHESIVE_MIDDLEWARE_IGNORE_PATH_PREFIX"
|
8
|
+
COHESIVE_MIDDLEWARE_LOGIN_PATH = "COHESIVE_MIDDLEWARE_LOGIN_PATH"
|
9
|
+
COHESIVE_MIDDLEWARE_LOGIN_PATH_DEFAULT = "/cohesive_login"
|
10
|
+
|
6
11
|
module CohesiveMarketplaceMiddleware
|
7
|
-
|
12
|
+
def self.get_cohesive_auth_details(env)
|
13
|
+
env[AUTH_DETAILS_ENV_KEY]
|
14
|
+
end
|
15
|
+
|
16
|
+
def self.collect_ignore_paths
|
17
|
+
# Get the path prefixes to ignore from an environment variable.
|
18
|
+
ignore_path_prefix_string = ENV[COHESIVE_MIDDLEWARE_IGNORE_PATH_PREFIX]
|
19
|
+
result = []
|
20
|
+
if ignore_path_prefix_string && ignore_path_prefix_string != "nil"
|
21
|
+
# Split the prefixes into an array.
|
22
|
+
result = ignore_path_prefix_string.split(",")
|
23
|
+
end
|
24
|
+
|
25
|
+
# Output some information for debugging.
|
26
|
+
puts("Cohesive middleware ignoring paths: ", result)
|
27
|
+
result
|
28
|
+
end
|
8
29
|
|
9
30
|
class AuthMiddleware
|
31
|
+
# Initializes a new instance of the middleware.
|
32
|
+
#
|
33
|
+
# @param app [Object] The application object.
|
34
|
+
#
|
35
|
+
# @return [void]
|
10
36
|
def initialize(app)
|
11
37
|
@app = app
|
12
|
-
|
38
|
+
@ignore_paths = CohesiveMarketplaceMiddleware.collect_ignore_paths
|
13
39
|
end
|
14
40
|
|
15
41
|
def call(env)
|
16
|
-
|
17
|
-
if
|
18
|
-
|
19
|
-
|
20
|
-
|
21
|
-
|
22
|
-
|
23
|
-
|
42
|
+
# Check if the current path should be ignored.
|
43
|
+
if !(@ignore_paths.any? { |prefix| env["REQUEST_PATH"] && env["REQUEST_PATH"].start_with?(prefix) })
|
44
|
+
authorization_header = env["HTTP_AUTHORIZATION"]
|
45
|
+
if authorization_header&.start_with?("Bearer ")
|
46
|
+
token = authorization_header.sub("Bearer ", "")
|
47
|
+
begin
|
48
|
+
env[AUTH_DETAILS_ENV_KEY] = CohesiveMarketplaceSDK.validate_jwt token
|
49
|
+
rescue => exception
|
50
|
+
puts exception
|
51
|
+
return [401, {"Content-Type" => "text/plain"}, [exception.message]]
|
52
|
+
end
|
53
|
+
else
|
54
|
+
return [401, {"Content-Type" => "text/plain"}, ["No Token in auth header"]]
|
24
55
|
end
|
25
|
-
else
|
26
|
-
return [401, {"Content-Type" => "text/plain"}, ["No Token"]]
|
27
56
|
end
|
57
|
+
@app.call(env)
|
58
|
+
end
|
59
|
+
end
|
60
|
+
|
61
|
+
class CookieAuthMiddleware
|
62
|
+
# Initializes a new instance of the middleware.
|
63
|
+
#
|
64
|
+
# @param app [Object] The application object.
|
65
|
+
#
|
66
|
+
# @return [void]
|
67
|
+
def initialize(app)
|
68
|
+
@app = app
|
69
|
+
@ignore_paths = CohesiveMarketplaceMiddleware.collect_ignore_paths
|
70
|
+
|
71
|
+
# Get the login redirect URI from an environment variable.
|
72
|
+
@redirect_uri = ENV[COHESIVE_MIDDLEWARE_LOGIN_PATH]
|
73
|
+
# Set a default URI if the environment variable is not set.
|
74
|
+
if !@redirect_uri || @redirect_uri == ""
|
75
|
+
@redirect_uri = COHESIVE_MIDDLEWARE_LOGIN_PATH_DEFAULT
|
76
|
+
end
|
77
|
+
|
78
|
+
# Add the login redirect URI to the list of ignored paths.
|
79
|
+
@ignore_paths = @ignore_paths.append(@redirect_uri)
|
28
80
|
|
81
|
+
# Output some information for debugging.
|
82
|
+
puts("Cohesive middleware login redirect: ", @redirect_uri)
|
83
|
+
end
|
84
|
+
|
85
|
+
# Processes a request and authenticates the user if necessary.
|
86
|
+
#
|
87
|
+
# @param env [Hash] The Rack environment hash.
|
88
|
+
#
|
89
|
+
# @return [Array] A Rack-compatible response triplet.
|
90
|
+
def call(env)
|
91
|
+
# Check if the current path should be ignored.
|
92
|
+
if !(@ignore_paths.any? { |prefix| env["REQUEST_PATH"] && prefix && env["REQUEST_PATH"].start_with?(prefix) })
|
93
|
+
# Create a new request object.
|
94
|
+
request = ActionDispatch::Request.new(env)
|
95
|
+
# Get the authentication token from the cookie.
|
96
|
+
token = request.cookie_jar[:chAppToken]
|
97
|
+
if token
|
98
|
+
begin
|
99
|
+
# Validate the JWT token and store the result in the environment hash.
|
100
|
+
env[AUTH_DETAILS_ENV_KEY] = CohesiveMarketplaceSDK.validate_jwt token
|
101
|
+
rescue => exception
|
102
|
+
# Return a 401 Unauthorized response if the token is invalid.
|
103
|
+
puts exception
|
104
|
+
return [401, {"Content-Type" => "text/plain"}, [exception.message]]
|
105
|
+
end
|
106
|
+
else
|
107
|
+
# Redirect the user to the login page if the token is missing.
|
108
|
+
return [301, {"Location" => COHESIVE_MIDDLEWARE_LOGIN_PATH_DEFAULT, "Content-Type" => "text/plain"}, ["token not in cookie"]]
|
109
|
+
end
|
110
|
+
end
|
111
|
+
# Call the next middleware or application in the chain.
|
29
112
|
@app.call(env)
|
30
113
|
end
|
31
114
|
end
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: cohesive_marketplace_middleware
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.1.
|
4
|
+
version: 0.1.5
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Chinmay Relkar
|
8
8
|
autorequire:
|
9
9
|
bindir: exe
|
10
10
|
cert_chain: []
|
11
|
-
date: 2023-
|
11
|
+
date: 2023-03-01 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: jwt
|