escher-rack_middleware 0.2.0 → 0.3.5

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
- SHA1:
3
- metadata.gz: f4a7bc5b0a47c5fbe29fbbdf6559e7376e5ff512
4
- data.tar.gz: 69aa7a6cb082ce00306d5eb61b378a48aa003203
2
+ SHA256:
3
+ metadata.gz: 4fe1a4b005e669aabacc968e9a4c2bede89226e1c889dde27c5b0e8dd8c75800
4
+ data.tar.gz: 742476caf0195c8f029389e722ebc67fb9fa921db13821910b0eaa843dc50508
5
5
  SHA512:
6
- metadata.gz: 2025d9067746de935c0773cc2975a91b44069ec6d1a2ec1c192e4b4b173c15adb3d4c6bb635ca17f6f742394c2db54a7d224263d7a2ef9d4ff4a0451eb4eec3c
7
- data.tar.gz: a129eb14e73cca9846969f9f6307f6eb720b39e90f84fa85acc813f45f5ebdb4d845540714d6a00bc2e5db1165753100605cfa83d2645d677e6d988e1ff9213a
6
+ metadata.gz: 13e0241e6ac3cf762d74736368d43a77862b2cc4644906004fa5f9ad197a6b61fddcdc55c7604bc3c4b528991f6470a56b0ba72a114afc8d04ac7f615595750c
7
+ data.tar.gz: 66ceef3fbc365063cc57cb797baf147e71a84fbc94b87f9b33e2c9be02ca90254e0ecc528e464333521428bf322e02d59eb71925d994a20e06ab4ebfc448942a
data/.gitignore CHANGED
@@ -20,3 +20,4 @@ tmp
20
20
  *.o
21
21
  *.a
22
22
  mkmf.log
23
+ .ruby-version
data/README.md CHANGED
@@ -33,9 +33,18 @@ Escher::RackMiddleware.config do |c|
33
33
  # this will be triggered every time a request hit your appication
34
34
  c.add_credential_updater{ Escher::Keypool.new.get_key_db }
35
35
 
36
+ # autorization defaults to all paths
36
37
  # this help you exclude path(s) if you dont want require authorization for every endpoint
37
38
  c.add_exclude_path(/^\/*monitoring\//)
38
39
 
40
+ # Alternatively, you can just authorize some paths:
41
+ # this help you just include certain paths for authorization
42
+ # c.add_include_path(/^\/*integrations\//)
43
+
44
+ # NOTE: You can either use excluded paths or included_paths, using both will throw an
45
+ # exception.
46
+
47
+
39
48
  end
40
49
 
41
50
  use Escher::RackMiddleware
data/VERSION ADDED
@@ -0,0 +1 @@
1
+ 0.3.5
@@ -1,12 +1,8 @@
1
1
  # coding: utf-8
2
- lib = File.expand_path('../lib', __FILE__)
3
- $LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
4
- require 'escher/rack_middleware/version'
5
-
6
2
  Gem::Specification.new do |spec|
7
3
 
8
4
  spec.name = 'escher-rack_middleware'
9
- spec.version = Escher::RackMiddleware::VERSION
5
+ spec.version = File.read(File.join(File.dirname(__FILE__),'VERSION'))
10
6
  spec.authors = ['Adam Luzsi']
11
7
  spec.email = ['aluzsi@emarsys.com']
12
8
  spec.summary = %q{Escher authorization for rack based http servers}
@@ -19,10 +15,11 @@ Gem::Specification.new do |spec|
19
15
  spec.test_files = spec.files.grep(%r{^(test|spec|features)/})
20
16
  spec.require_paths = ['lib']
21
17
 
22
- spec.add_development_dependency 'bundler', '>= 1.6'
18
+ spec.add_development_dependency 'bundler', '>= 2.2.20'
23
19
  spec.add_development_dependency 'rake'
24
- spec.add_development_dependency 'spec'
20
+ spec.add_development_dependency 'rspec'
25
21
 
22
+ spec.add_dependency 'rack'
26
23
  spec.add_dependency 'escher', '>= 0.3.3'
27
24
 
28
25
  end
@@ -1,29 +1,32 @@
1
1
  require 'escher'
2
- class Escher::RackMiddleware
3
2
 
3
+ class Escher::RackMiddleware
4
4
  require 'escher/rack_middleware/version'
5
5
  require 'escher/rack_middleware/logging'
6
6
  require 'escher/rack_middleware/credential'
7
7
  require 'escher/rack_middleware/exclude_path'
8
+ require 'escher/rack_middleware/include_path'
8
9
  require 'escher/rack_middleware/authenticator'
10
+ require 'escher/rack_middleware/default_options'
9
11
 
10
12
  extend Logging
11
13
  extend Credential
12
14
  extend ExcludePath
15
+ extend IncludePath
13
16
  extend Authenticator
17
+ include DefaultOptions
14
18
 
15
- def initialize(app)
19
+ def initialize(app, options = {})
16
20
  @app = app
21
+ @options = options
17
22
  end
18
23
 
19
24
  def call(request_env)
20
-
21
- unless excluded_path?(request_env['REQUEST_URI'])
25
+ if authorize_path?(::Rack::Utils.clean_path_info(request_env[::Rack::PATH_INFO]))
22
26
  return unauthorized_response unless authorized?(request_env)
23
27
  end
24
28
 
25
29
  @app.call(request_env)
26
-
27
30
  end
28
31
 
29
32
  protected
@@ -35,13 +38,37 @@ class Escher::RackMiddleware
35
38
  response.finish
36
39
  end
37
40
 
38
- def env_dump_string(request_env)
39
- require 'yaml' unless defined?(YAML)
40
- YAML.dump(request_env)
41
- end
42
-
43
41
  def self.config(&block)
44
42
  block.call(self)
45
43
  end
46
44
 
47
- end
45
+ def authorize_path?(path)
46
+ case true
47
+
48
+ when paths_of(:included_paths, include: path)
49
+ true
50
+
51
+ when paths_of(:excluded_paths, include: path)
52
+ false
53
+
54
+ else
55
+ true
56
+
57
+ end
58
+ end
59
+
60
+ def paths_of(option_key, h)
61
+ path = h[:include]
62
+ final_options[option_key].any? do |matcher|
63
+ if matcher.is_a?(Regexp)
64
+ !!(path =~ matcher)
65
+ else
66
+ path == matcher.to_s
67
+ end
68
+ end
69
+ end
70
+
71
+ def final_options
72
+ @final_options ||= default_options.merge(@options)
73
+ end
74
+ end
@@ -5,6 +5,7 @@ module Escher::RackMiddleware::Authenticator::Helper
5
5
  end
6
6
 
7
7
  def authorized?(request_env)
8
+ logger.warn('No Escher authenticator was found. Check your config!') if escher_authenticators.empty?
8
9
  escher_authenticators.any? { |instance_init| authorized_with?(instance_init.call, request_env) }
9
10
  end
10
11
 
@@ -25,6 +26,11 @@ module Escher::RackMiddleware::Authenticator::Helper
25
26
 
26
27
  false
27
28
 
29
+ rescue => ex
30
+ # escher fails, bad implementations
31
+ logger.warn(ex)
32
+
33
+ false
28
34
  end
29
35
 
30
- end
36
+ end
@@ -0,0 +1,15 @@
1
+ module Escher::RackMiddleware::DefaultOptions
2
+
3
+ protected
4
+
5
+ def default_options
6
+ {
7
+ :logger => Escher::RackMiddleware.logger,
8
+ :excluded_paths => Escher::RackMiddleware.excluded_paths,
9
+ :included_paths => Escher::RackMiddleware.included_paths,
10
+ :escher_authenticators => Escher::RackMiddleware.escher_authenticators,
11
+ :credentials => Escher::RackMiddleware.credentials
12
+ }
13
+ end
14
+
15
+ end
@@ -0,0 +1,18 @@
1
+ module Escher::RackMiddleware::IncludePath
2
+
3
+ require 'escher/rack_middleware/include_paths/helper'
4
+ def self.extended(klass)
5
+ klass.__send__(:include, self::Helper)
6
+ end
7
+
8
+ def add_include_paths(*paths)
9
+ included_paths.push(*paths)
10
+ end
11
+
12
+ alias add_include_path add_include_paths
13
+
14
+ def included_paths
15
+ @included_paths ||= []
16
+ end
17
+
18
+ end
@@ -0,0 +1,17 @@
1
+ module Escher::RackMiddleware::IncludePath::Helper
2
+
3
+ def included_paths
4
+ @included_paths ||= self.class.included_paths.dup
5
+ end
6
+
7
+ def included_path?(path)
8
+ included_paths.any? do |matcher|
9
+ if matcher.is_a?(Regexp)
10
+ !!(path =~ matcher)
11
+ else
12
+ path == matcher.to_s
13
+ end
14
+ end
15
+ end
16
+
17
+ end
@@ -1,2 +1,3 @@
1
1
  require 'escher/rack_middleware'
2
- Escher::RackMiddleware::VERSION = '0.2.0'
2
+ version_file_path = File.join(File.dirname(File.dirname(File.dirname(File.dirname(__FILE__)))),'VERSION')
3
+ Escher::RackMiddleware::VERSION = File.read(version_file_path).strip
@@ -0,0 +1,29 @@
1
+ require 'spec_helper'
2
+
3
+ describe Escher::RackMiddleware do
4
+
5
+ let(:escher_rack_middleware) { described_class }
6
+
7
+ it 'serves correct, Escher signed requests only' do
8
+ expect(get('/any_path').status).to eq 401
9
+ end
10
+
11
+ it 'allow pass on valid request' do
12
+ expect(escher_signed_get('/').status).to eq 200
13
+ end
14
+
15
+ it 'should exclude the excluded paths' do
16
+ expect(get('/not_protected').status).to eq 200
17
+ end
18
+
19
+ it 'should include the included paths alike' do
20
+ expect(get('/protected').status).to eq 401
21
+ expect(escher_signed_get('/protected').status).to eq 200
22
+ end
23
+
24
+ it 'should include the included paths even on partial matching with exclude paths' do
25
+ expect(get('/unprotected_namespace/except_this_endpoint_which_is_included').status).to eq 401
26
+ expect(escher_signed_get('/unprotected_namespace/except_this_endpoint_which_is_included').status).to eq 200
27
+ end
28
+
29
+ end
@@ -0,0 +1,100 @@
1
+ require 'rspec'
2
+ require 'rack'
3
+ $LOAD_PATH.unshift(File.join(File.dirname(File.dirname(__FILE__)), 'lib'))
4
+ require 'escher/rack_middleware'
5
+
6
+ CREDENTIAL_SCOPE = 'a/b/c'
7
+
8
+ AUTH_OPTIONS = {
9
+ algo_prefix: 'AWS',
10
+ vendor_key: 'AWS',
11
+ auth_header_name: 'X-AWS-Auth',
12
+ date_header_name: 'X-AWS-Date'
13
+ }
14
+
15
+ require 'logger'
16
+ SPEC_LOGGER = Logger.new($stdout)
17
+ SPEC_LOGGER.level= Logger::Severity::UNKNOWN
18
+
19
+ Escher::RackMiddleware.config do |global_settings|
20
+
21
+ global_settings.logger = SPEC_LOGGER
22
+
23
+ global_settings.add_exclude_path '/not_protected', '/endpoint', /^\/unprotected_namespace/
24
+ global_settings.add_include_path '/protected', '/endpoint_path', '/unprotected_namespace/except_this_endpoint_which_is_included'
25
+
26
+ global_settings.add_credential_updater { {"a_b_v1" => "development_secret"} }
27
+ global_settings.add_escher_authenticator { Escher::Auth.new(CREDENTIAL_SCOPE, AUTH_OPTIONS) }
28
+
29
+ end
30
+
31
+
32
+ module SpecRackHelpers
33
+
34
+ def escher_signed_get(uri, opts={})
35
+
36
+ request_hash = {}
37
+ request_hash[:method] = 'GET'
38
+ request_hash[:uri] = uri
39
+ request_hash[:headers] = ({'host' => 'localhost'}.merge(opts[:headers] || {})).to_a
40
+ request_hash[:body] = opts[:body]
41
+
42
+ client = {:api_key_id => "a_b_v1", :api_secret => "development_secret"}
43
+ escher.sign!(request_hash, client)
44
+
45
+ env = {}
46
+ request_hash[:headers].each do |key, value|
47
+ env["HTTP_#{key.to_s.upcase}"]= value
48
+ end
49
+
50
+ env[:input]= request_hash[:body]
51
+ env['REQUEST_URI'] = uri
52
+ env['REQUEST_PATH'] = uri
53
+ env['REQUEST_METHOD'] = 'GET'
54
+
55
+ get(uri, env)
56
+
57
+ end
58
+
59
+ def escher
60
+ Escher::Auth.new(CREDENTIAL_SCOPE, AUTH_OPTIONS)
61
+ end
62
+
63
+ def get(*args)
64
+ ::Rack::MockRequest.new(app).get(*args)
65
+ end
66
+
67
+ def app
68
+ builder = Rack::Builder.new
69
+ builder.use(escher_rack_middleware)
70
+ builder.run(rack_app)
71
+ builder.to_app
72
+ end
73
+
74
+ def rack_app
75
+ Proc.new do |env|
76
+
77
+ resp = Rack::Response.new
78
+ case env[::Rack::PATH_INFO]
79
+
80
+ when '/'
81
+ resp.write('default')
82
+
83
+ when '/protected', '/endpoint_path', '/unprotected_namespace/except_this_endpoint_which_is_included'
84
+ resp.write('included')
85
+
86
+ when '/not_protected', '/endpoint', /^\/unprotected_namespace/
87
+ resp.write('excluded')
88
+
89
+ else
90
+ resp.status = 404
91
+
92
+ end
93
+ resp.finish
94
+
95
+ end
96
+ end
97
+
98
+ end
99
+
100
+ RSpec.configuration.include(SpecRackHelpers)
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: escher-rack_middleware
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.2.0
4
+ version: 0.3.5
5
5
  platform: ruby
6
6
  authors:
7
7
  - Adam Luzsi
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2015-04-15 00:00:00.000000000 Z
11
+ date: 2021-06-22 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: bundler
@@ -16,14 +16,14 @@ dependencies:
16
16
  requirements:
17
17
  - - ">="
18
18
  - !ruby/object:Gem::Version
19
- version: '1.6'
19
+ version: 2.2.20
20
20
  type: :development
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - ">="
25
25
  - !ruby/object:Gem::Version
26
- version: '1.6'
26
+ version: 2.2.20
27
27
  - !ruby/object:Gem::Dependency
28
28
  name: rake
29
29
  requirement: !ruby/object:Gem::Requirement
@@ -39,7 +39,7 @@ dependencies:
39
39
  - !ruby/object:Gem::Version
40
40
  version: '0'
41
41
  - !ruby/object:Gem::Dependency
42
- name: spec
42
+ name: rspec
43
43
  requirement: !ruby/object:Gem::Requirement
44
44
  requirements:
45
45
  - - ">="
@@ -52,6 +52,20 @@ dependencies:
52
52
  - - ">="
53
53
  - !ruby/object:Gem::Version
54
54
  version: '0'
55
+ - !ruby/object:Gem::Dependency
56
+ name: rack
57
+ requirement: !ruby/object:Gem::Requirement
58
+ requirements:
59
+ - - ">="
60
+ - !ruby/object:Gem::Version
61
+ version: '0'
62
+ type: :runtime
63
+ prerelease: false
64
+ version_requirements: !ruby/object:Gem::Requirement
65
+ requirements:
66
+ - - ">="
67
+ - !ruby/object:Gem::Version
68
+ version: '0'
55
69
  - !ruby/object:Gem::Dependency
56
70
  name: escher
57
71
  requirement: !ruby/object:Gem::Requirement
@@ -79,17 +93,23 @@ files:
79
93
  - LICENSE.txt
80
94
  - README.md
81
95
  - Rakefile
96
+ - VERSION
82
97
  - escher-rack_middleware.gemspec
83
98
  - lib/escher/rack_middleware.rb
84
99
  - lib/escher/rack_middleware/authenticator.rb
85
100
  - lib/escher/rack_middleware/authenticator/helper.rb
86
101
  - lib/escher/rack_middleware/credential.rb
87
102
  - lib/escher/rack_middleware/credential/helper.rb
103
+ - lib/escher/rack_middleware/default_options.rb
88
104
  - lib/escher/rack_middleware/exclude_path.rb
89
105
  - lib/escher/rack_middleware/exclude_paths/helper.rb
106
+ - lib/escher/rack_middleware/include_path.rb
107
+ - lib/escher/rack_middleware/include_paths/helper.rb
90
108
  - lib/escher/rack_middleware/logging.rb
91
109
  - lib/escher/rack_middleware/logging/helper.rb
92
110
  - lib/escher/rack_middleware/version.rb
111
+ - spec/escher/rack_middleware_spec.rb
112
+ - spec/spec_helper.rb
93
113
  homepage: https://github.com/emartech/escher-rack_middleware-ruby
94
114
  licenses:
95
115
  - MIT
@@ -109,9 +129,10 @@ required_rubygems_version: !ruby/object:Gem::Requirement
109
129
  - !ruby/object:Gem::Version
110
130
  version: '0'
111
131
  requirements: []
112
- rubyforge_project:
113
- rubygems_version: 2.2.2
132
+ rubygems_version: 3.1.2
114
133
  signing_key:
115
134
  specification_version: 4
116
135
  summary: Escher authorization for rack based http servers
117
- test_files: []
136
+ test_files:
137
+ - spec/escher/rack_middleware_spec.rb
138
+ - spec/spec_helper.rb