escher-rack_middleware 0.2.0 → 0.3.5

checksums.yaml

@@ -1,7 +1,7 @@
 ---
-SHA1:
-  metadata.gz: f4a7bc5b0a47c5fbe29fbbdf6559e7376e5ff512
-  data.tar.gz: 69aa7a6cb082ce00306d5eb61b378a48aa003203
+SHA256:
+  metadata.gz: 4fe1a4b005e669aabacc968e9a4c2bede89226e1c889dde27c5b0e8dd8c75800
+  data.tar.gz: 742476caf0195c8f029389e722ebc67fb9fa921db13821910b0eaa843dc50508
 SHA512:
-  metadata.gz: 2025d9067746de935c0773cc2975a91b44069ec6d1a2ec1c192e4b4b173c15adb3d4c6bb635ca17f6f742394c2db54a7d224263d7a2ef9d4ff4a0451eb4eec3c
-  data.tar.gz: a129eb14e73cca9846969f9f6307f6eb720b39e90f84fa85acc813f45f5ebdb4d845540714d6a00bc2e5db1165753100605cfa83d2645d677e6d988e1ff9213a
+  metadata.gz: 13e0241e6ac3cf762d74736368d43a77862b2cc4644906004fa5f9ad197a6b61fddcdc55c7604bc3c4b528991f6470a56b0ba72a114afc8d04ac7f615595750c
+  data.tar.gz: 66ceef3fbc365063cc57cb797baf147e71a84fbc94b87f9b33e2c9be02ca90254e0ecc528e464333521428bf322e02d59eb71925d994a20e06ab4ebfc448942a

data/.gitignore

@@ -20,3 +20,4 @@ tmp
 *.o
 *.a
 mkmf.log
+.ruby-version

data/README.md

@@ -33,9 +33,18 @@ Escher::RackMiddleware.config do |c|
   # this will be triggered every time a request hit your appication
   c.add_credential_updater{ Escher::Keypool.new.get_key_db }
 
+  # autorization defaults to all paths
   # this help you exclude path(s) if you dont want require authorization for every endpoint
   c.add_exclude_path(/^\/*monitoring\//)
 
+  # Alternatively, you can just authorize some paths:
+  # this help you just include certain paths for authorization
+  # c.add_include_path(/^\/*integrations\//)
+
+  # NOTE: You can either use excluded paths or included_paths, using both will throw an
+  #       exception.
+
+
 end
 
 use Escher::RackMiddleware

data/VERSION

@@ -0,0 +1 @@
+0.3.5

data/escher-rack_middleware.gemspec

@@ -1,12 +1,8 @@
 # coding: utf-8
-lib = File.expand_path('../lib', __FILE__)
-$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
-require 'escher/rack_middleware/version'
-
 Gem::Specification.new do |spec|
 
   spec.name          = 'escher-rack_middleware'
-  spec.version       = Escher::RackMiddleware::VERSION
+  spec.version       = File.read(File.join(File.dirname(__FILE__),'VERSION'))
   spec.authors       = ['Adam Luzsi']
   spec.email         = ['aluzsi@emarsys.com']
   spec.summary       = %q{Escher authorization for rack based http servers}
@@ -19,10 +15,11 @@ Gem::Specification.new do |spec|
   spec.test_files    = spec.files.grep(%r{^(test|spec|features)/})
   spec.require_paths = ['lib']
 
-  spec.add_development_dependency 'bundler', '>= 1.6'
+  spec.add_development_dependency 'bundler', '>= 2.2.20'
   spec.add_development_dependency 'rake'
-  spec.add_development_dependency 'spec'
+  spec.add_development_dependency 'rspec'
 
+  spec.add_dependency 'rack'
   spec.add_dependency 'escher', '>= 0.3.3'
 
 end

data/lib/escher/rack_middleware.rb

@@ -1,29 +1,32 @@
 require 'escher'
-class Escher::RackMiddleware
 
+class Escher::RackMiddleware
   require 'escher/rack_middleware/version'
   require 'escher/rack_middleware/logging'
   require 'escher/rack_middleware/credential'
   require 'escher/rack_middleware/exclude_path'
+  require 'escher/rack_middleware/include_path'
   require 'escher/rack_middleware/authenticator'
+  require 'escher/rack_middleware/default_options'
 
   extend Logging
   extend Credential
   extend ExcludePath
+  extend IncludePath
   extend Authenticator
+  include DefaultOptions
 
-  def initialize(app)
+  def initialize(app, options = {})
     @app = app
+    @options = options
   end
 
   def call(request_env)
-
-    unless excluded_path?(request_env['REQUEST_URI'])
+    if authorize_path?(::Rack::Utils.clean_path_info(request_env[::Rack::PATH_INFO]))
       return unauthorized_response unless authorized?(request_env)
     end
 
     @app.call(request_env)
-
   end
 
   protected
@@ -35,13 +38,37 @@ class Escher::RackMiddleware
     response.finish
   end
 
-  def env_dump_string(request_env)
-    require 'yaml' unless defined?(YAML)
-    YAML.dump(request_env)
-  end
-
   def self.config(&block)
     block.call(self)
   end
 
-end
+  def authorize_path?(path)
+    case true
+
+    when paths_of(:included_paths, include: path)
+      true
+
+    when paths_of(:excluded_paths, include: path)
+      false
+
+    else
+      true
+
+    end
+  end
+
+  def paths_of(option_key, h)
+    path = h[:include]
+    final_options[option_key].any? do |matcher|
+      if matcher.is_a?(Regexp)
+        !!(path =~ matcher)
+      else
+        path == matcher.to_s
+      end
+    end
+  end
+
+  def final_options
+    @final_options ||= default_options.merge(@options)
+  end
+end

data/lib/escher/rack_middleware/authenticator/helper.rb

@@ -5,6 +5,7 @@ module Escher::RackMiddleware::Authenticator::Helper
   end
 
   def authorized?(request_env)
+    logger.warn('No Escher authenticator was found. Check your config!') if escher_authenticators.empty?
     escher_authenticators.any? { |instance_init| authorized_with?(instance_init.call, request_env) }
   end
 
@@ -25,6 +26,11 @@ module Escher::RackMiddleware::Authenticator::Helper
 
     false
 
+  rescue => ex
+    # escher fails, bad implementations
+    logger.warn(ex)
+
+    false
   end
 
-end
+end

data/lib/escher/rack_middleware/default_options.rb

@@ -0,0 +1,15 @@
+module Escher::RackMiddleware::DefaultOptions
+
+  protected
+
+  def default_options
+    {
+        :logger => Escher::RackMiddleware.logger,
+        :excluded_paths => Escher::RackMiddleware.excluded_paths,
+        :included_paths => Escher::RackMiddleware.included_paths,
+        :escher_authenticators => Escher::RackMiddleware.escher_authenticators,
+        :credentials => Escher::RackMiddleware.credentials
+    }
+  end
+
+end

data/lib/escher/rack_middleware/include_path.rb

@@ -0,0 +1,18 @@
+module Escher::RackMiddleware::IncludePath
+
+  require 'escher/rack_middleware/include_paths/helper'
+  def self.extended(klass)
+    klass.__send__(:include, self::Helper)
+  end
+
+  def add_include_paths(*paths)
+    included_paths.push(*paths)
+  end
+
+  alias add_include_path add_include_paths
+
+  def included_paths
+    @included_paths ||= []
+  end
+
+end

data/lib/escher/rack_middleware/include_paths/helper.rb

@@ -0,0 +1,17 @@
+module Escher::RackMiddleware::IncludePath::Helper
+
+  def included_paths
+    @included_paths ||= self.class.included_paths.dup
+  end
+
+  def included_path?(path)
+    included_paths.any? do |matcher|
+      if matcher.is_a?(Regexp)
+        !!(path =~ matcher)
+      else
+        path == matcher.to_s
+      end
+    end
+  end
+
+end

data/lib/escher/rack_middleware/version.rb

@@ -1,2 +1,3 @@
 require 'escher/rack_middleware'
-Escher::RackMiddleware::VERSION = '0.2.0'
+version_file_path = File.join(File.dirname(File.dirname(File.dirname(File.dirname(__FILE__)))),'VERSION')
+Escher::RackMiddleware::VERSION = File.read(version_file_path).strip

data/spec/escher/rack_middleware_spec.rb

@@ -0,0 +1,29 @@
+require 'spec_helper'
+
+describe Escher::RackMiddleware do
+
+  let(:escher_rack_middleware) { described_class }
+
+  it 'serves correct, Escher signed requests only' do
+    expect(get('/any_path').status).to eq 401
+  end
+
+  it 'allow pass on valid request' do
+    expect(escher_signed_get('/').status).to eq 200
+  end
+
+  it 'should exclude the excluded paths' do
+    expect(get('/not_protected').status).to eq 200
+  end
+
+  it 'should include the included paths alike' do
+    expect(get('/protected').status).to eq 401
+    expect(escher_signed_get('/protected').status).to eq 200
+  end
+
+  it 'should include the included paths even on partial matching with exclude paths' do
+    expect(get('/unprotected_namespace/except_this_endpoint_which_is_included').status).to eq 401
+    expect(escher_signed_get('/unprotected_namespace/except_this_endpoint_which_is_included').status).to eq 200
+  end
+
+end

data/spec/spec_helper.rb

@@ -0,0 +1,100 @@
+require 'rspec'
+require 'rack'
+$LOAD_PATH.unshift(File.join(File.dirname(File.dirname(__FILE__)), 'lib'))
+require 'escher/rack_middleware'
+
+CREDENTIAL_SCOPE = 'a/b/c'
+
+AUTH_OPTIONS = {
+    algo_prefix: 'AWS',
+    vendor_key: 'AWS',
+    auth_header_name: 'X-AWS-Auth',
+    date_header_name: 'X-AWS-Date'
+}
+
+require 'logger'
+SPEC_LOGGER = Logger.new($stdout)
+SPEC_LOGGER.level= Logger::Severity::UNKNOWN
+
+Escher::RackMiddleware.config do |global_settings|
+
+  global_settings.logger = SPEC_LOGGER
+
+  global_settings.add_exclude_path '/not_protected', '/endpoint', /^\/unprotected_namespace/
+  global_settings.add_include_path '/protected', '/endpoint_path', '/unprotected_namespace/except_this_endpoint_which_is_included'
+
+  global_settings.add_credential_updater { {"a_b_v1" => "development_secret"} }
+  global_settings.add_escher_authenticator { Escher::Auth.new(CREDENTIAL_SCOPE, AUTH_OPTIONS) }
+
+end
+
+
+module SpecRackHelpers
+
+  def escher_signed_get(uri, opts={})
+
+    request_hash = {}
+    request_hash[:method] = 'GET'
+    request_hash[:uri] = uri
+    request_hash[:headers] = ({'host' => 'localhost'}.merge(opts[:headers] || {})).to_a
+    request_hash[:body] = opts[:body]
+
+    client = {:api_key_id => "a_b_v1", :api_secret => "development_secret"}
+    escher.sign!(request_hash, client)
+
+    env = {}
+    request_hash[:headers].each do |key, value|
+      env["HTTP_#{key.to_s.upcase}"]= value
+    end
+
+    env[:input]= request_hash[:body]
+    env['REQUEST_URI'] = uri
+    env['REQUEST_PATH'] = uri
+    env['REQUEST_METHOD'] = 'GET'
+
+    get(uri, env)
+
+  end
+
+  def escher
+    Escher::Auth.new(CREDENTIAL_SCOPE, AUTH_OPTIONS)
+  end
+
+  def get(*args)
+    ::Rack::MockRequest.new(app).get(*args)
+  end
+
+  def app
+    builder = Rack::Builder.new
+    builder.use(escher_rack_middleware)
+    builder.run(rack_app)
+    builder.to_app
+  end
+
+  def rack_app
+    Proc.new do |env|
+
+      resp = Rack::Response.new
+      case env[::Rack::PATH_INFO]
+
+        when '/'
+          resp.write('default')
+
+        when '/protected', '/endpoint_path', '/unprotected_namespace/except_this_endpoint_which_is_included'
+          resp.write('included')
+
+        when '/not_protected', '/endpoint', /^\/unprotected_namespace/
+          resp.write('excluded')
+
+        else
+          resp.status = 404
+
+      end
+      resp.finish
+
+    end
+  end
+
+end
+
+RSpec.configuration.include(SpecRackHelpers)

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: escher-rack_middleware
 version: !ruby/object:Gem::Version
-  version: 0.2.0
+  version: 0.3.5
 platform: ruby
 authors:
 - Adam Luzsi
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2015-04-15 00:00:00.000000000 Z
+date: 2021-06-22 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler
@@ -16,14 +16,14 @@ dependencies:
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: '1.6'
+        version: 2.2.20
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: '1.6'
+        version: 2.2.20
 - !ruby/object:Gem::Dependency
   name: rake
   requirement: !ruby/object:Gem::Requirement
@@ -39,7 +39,7 @@ dependencies:
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
-  name: spec
+  name: rspec
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
@@ -52,6 +52,20 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: '0'
+- !ruby/object:Gem::Dependency
+  name: rack
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
 - !ruby/object:Gem::Dependency
   name: escher
   requirement: !ruby/object:Gem::Requirement
@@ -79,17 +93,23 @@ files:
 - LICENSE.txt
 - README.md
 - Rakefile
+- VERSION
 - escher-rack_middleware.gemspec
 - lib/escher/rack_middleware.rb
 - lib/escher/rack_middleware/authenticator.rb
 - lib/escher/rack_middleware/authenticator/helper.rb
 - lib/escher/rack_middleware/credential.rb
 - lib/escher/rack_middleware/credential/helper.rb
+- lib/escher/rack_middleware/default_options.rb
 - lib/escher/rack_middleware/exclude_path.rb
 - lib/escher/rack_middleware/exclude_paths/helper.rb
+- lib/escher/rack_middleware/include_path.rb
+- lib/escher/rack_middleware/include_paths/helper.rb
 - lib/escher/rack_middleware/logging.rb
 - lib/escher/rack_middleware/logging/helper.rb
 - lib/escher/rack_middleware/version.rb
+- spec/escher/rack_middleware_spec.rb
+- spec/spec_helper.rb
 homepage: https://github.com/emartech/escher-rack_middleware-ruby
 licenses:
 - MIT
@@ -109,9 +129,10 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubyforge_project: 
-rubygems_version: 2.2.2
+rubygems_version: 3.1.2
 signing_key: 
 specification_version: 4
 summary: Escher authorization for rack based http servers
-test_files: []
+test_files:
+- spec/escher/rack_middleware_spec.rb
+- spec/spec_helper.rb