graphql_authorizer 0.2.3 → 1.0.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/Gemfile.lock +1 -5
- data/README.md +82 -6
- data/graphql_authorizer.gemspec +3 -4
- data/lib/generators/graphql_authorizer/install_generator.rb +20 -9
- data/lib/generators/graphql_authorizer/templates/graphql_authorizer.rb +4 -0
- data/lib/generators/graphql_authorizer/templates/rack_attack.rb +1 -0
- data/lib/graphql_authorizer/version.rb +1 -1
- data/lib/graphql_authorizer.rb +3 -3
- metadata +5 -19
- data/lib/generators/graphql_authorizer/templates/graphql_authorization.rb +0 -3
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 686bf1bf26471f700bc0cbf1187529aec7909a35d47cfe6e008e35202f343c8d
|
4
|
+
data.tar.gz: eaaecb01b4df704600d16d4cac6fd52c125a474ddfb1d7922dc8b608b552318c
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 10a5b233aa63bb16208a2b28f833aee425a42169dd58b2ba4ff0029b21883b7025fb3ccc3e99945bad173a7c9da450b98643276e393f5f6259f53f135adc3b9f
|
7
|
+
data.tar.gz: 63d7763556382ce209de0f33a9d606201a6c546dcdda3370a1aeb691a5dbeea2de01c27db4cb1fa0ee64889425888b0fdafaae027b6e7072606c2d8b1e0727dd
|
data/Gemfile.lock
CHANGED
@@ -1,10 +1,9 @@
|
|
1
1
|
PATH
|
2
2
|
remote: .
|
3
3
|
specs:
|
4
|
-
graphql_authorizer (0.2.
|
4
|
+
graphql_authorizer (0.2.5)
|
5
5
|
activesupport (~> 5.1.3, >= 5.1.3)
|
6
6
|
openssl (~> 2.1.1, >= 2.1.1)
|
7
|
-
rack-attack (~> 5.4)
|
8
7
|
|
9
8
|
GEM
|
10
9
|
remote: https://rubygems.org/
|
@@ -25,9 +24,6 @@ GEM
|
|
25
24
|
pry (0.11.3)
|
26
25
|
coderay (~> 1.1.0)
|
27
26
|
method_source (~> 0.9.0)
|
28
|
-
rack (2.0.5)
|
29
|
-
rack-attack (5.4.0)
|
30
|
-
rack (>= 1.0, < 3)
|
31
27
|
rake (10.5.0)
|
32
28
|
thread_safe (0.3.6)
|
33
29
|
tzinfo (1.2.5)
|
data/README.md
CHANGED
@@ -1,15 +1,18 @@
|
|
1
1
|
# GraphQLAuthorizer
|
2
2
|
|
3
|
-
|
4
|
-
|
5
|
-
TODO: Delete this and the text above, and describe your gem
|
3
|
+
GraphqlAuthorizer is built to provide simple access authorization in Graphql
|
4
|
+
Endpoints by encrypting `Access Key` and request `Timestamp`.
|
6
5
|
|
7
6
|
## Installation
|
8
7
|
|
9
8
|
Add this line to your application's Gemfile:
|
10
9
|
|
11
10
|
```ruby
|
12
|
-
gem '
|
11
|
+
gem 'graphql_authorizer'
|
12
|
+
|
13
|
+
# or with git source
|
14
|
+
|
15
|
+
gem "graphql_authorizer", git: "git@bitbucket.org:gorated/graphql-authorizer.git"
|
13
16
|
```
|
14
17
|
|
15
18
|
And then execute:
|
@@ -18,11 +21,84 @@ And then execute:
|
|
18
21
|
|
19
22
|
Or install it yourself as:
|
20
23
|
|
21
|
-
$ gem install
|
24
|
+
$ gem install graphql_authorizer
|
22
25
|
|
23
26
|
## Usage
|
24
27
|
|
25
|
-
|
28
|
+
run generator:
|
29
|
+
|
30
|
+
$ rails g graphql_authorizer:install
|
31
|
+
|
32
|
+
This will generate initializer configuration files for:
|
33
|
+
|
34
|
+
- [GraphQLAuthorizer](https://bitbucket.org/gorated/graphql-authorizer/src/master/lib/generators/graphql_authorizer/templates/graphql_authorizer.rb)
|
35
|
+
|
36
|
+
- [Rack-Attack](https://bitbucket.org/gorated/graphql-authorizer/src/master/lib/generators/graphql_authorizer/templates/rack_attack.rb).
|
37
|
+
|
38
|
+
note: `Rack Attack` initializer file contains basic configurations to `allow`,
|
39
|
+
`block` and `throttle` client's access based on defined conditions.
|
40
|
+
|
41
|
+
For more configuration options please check [rack-attack](https://github.com/kickstarter/rack-attack)
|
42
|
+
|
43
|
+
note: you need to supply shared access key for `client` and `application` in
|
44
|
+
`initializers/graphql_authorizer.rb`
|
45
|
+
|
46
|
+
GraphQLAuthorizer provides helper methods for validating if the request is
|
47
|
+
valid, by initializing the `GraphQLAuthorization::Request` class and providing
|
48
|
+
`timestamp` and `signature` as arguments.
|
49
|
+
|
50
|
+
```
|
51
|
+
timestamp = Time.zone.now.to_i.to_s
|
52
|
+
sig = SecureRandom.hex(8)
|
53
|
+
request_validator = GraphQLAuthorizer::Request.new(timestamp: timestamp, sig: sig)
|
54
|
+
|
55
|
+
request_validator.valid? # returns boolean `true` or `false`
|
56
|
+
request_validator.erros # returns array of error messages if request validator
|
57
|
+
returns `false` otherwise returns `nil`
|
58
|
+
```
|
59
|
+
|
60
|
+
note:
|
61
|
+
|
62
|
+
- GraphQLAuthorizer use `OpenSSL::Digest` and `OpenSSL::HMAC` to validate
|
63
|
+
request by encrypting `timestamp` and `access_key`.
|
64
|
+
|
65
|
+
- Client's must provide encrypted signature by encrypting `access_key` and
|
66
|
+
`timestamp` upon request.
|
67
|
+
|
68
|
+
Sample Client Request Configuration with [graphql-client](https://github.com/github/graphql-client)
|
69
|
+
|
70
|
+
```
|
71
|
+
require "graphql/client"
|
72
|
+
require "graphql/client/http"
|
73
|
+
|
74
|
+
class Queries::SWAPI
|
75
|
+
# Configure GraphQL endpoint using the basic HTTP network adapter.
|
76
|
+
endpoint = ENV.fetch("APP_ENDPOINT")
|
77
|
+
HTTP = GraphQL::Client::HTTP.new(endpoint) do
|
78
|
+
def headers(context)
|
79
|
+
# Optionally set any HTTP headers
|
80
|
+
timestamp = Time.now.to_i.to_s
|
81
|
+
token = generate_token(timestamp: timestamp)
|
82
|
+
{
|
83
|
+
"Request-Signature" => token, # Required for signature validation
|
84
|
+
"Request-Timestamp" => timestamp, # Required for request timestamp
|
85
|
+
validation
|
86
|
+
"Authorization" => context
|
87
|
+
}
|
88
|
+
end
|
89
|
+
|
90
|
+
def generate_token(timestamp:)
|
91
|
+
access_key = ENV.fetch("GRAPHQL_ACCESS_KEY")
|
92
|
+
digest = OpenSSL::Digest.new("sha256")
|
93
|
+
OpenSSL::HMAC.hexdigest(digest, access_key, timestamp)
|
94
|
+
end
|
95
|
+
end
|
96
|
+
|
97
|
+
Schema = GraphQL::Client.load_schema("schema.json")
|
98
|
+
|
99
|
+
Client = GraphQL::Client.new(schema: Schema, execute: HTTP)
|
100
|
+
end
|
101
|
+
```
|
26
102
|
|
27
103
|
## Development
|
28
104
|
|
data/graphql_authorizer.gemspec
CHANGED
@@ -8,10 +8,10 @@ Gem::Specification.new do |spec|
|
|
8
8
|
spec.authors = ["Peter John Alvarado"]
|
9
9
|
spec.email = ["redjoker011@gmail.com"]
|
10
10
|
|
11
|
-
spec.summary = "
|
11
|
+
spec.summary = "GraphQL Authorizer provides simple authorization for"\
|
12
12
|
"GraphQL endpoints."
|
13
|
-
spec.description = "
|
14
|
-
"
|
13
|
+
spec.description = "GraphQL Authorizer is built to provide request signature, timestamp validation, endpoint blocking and throttling using `rack-attack` gem."\
|
14
|
+
""
|
15
15
|
spec.homepage = "https://www.gorated.ph"
|
16
16
|
spec.license = "MIT"
|
17
17
|
|
@@ -24,7 +24,6 @@ Gem::Specification.new do |spec|
|
|
24
24
|
spec.executables = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
|
25
25
|
spec.require_paths = ["lib"]
|
26
26
|
|
27
|
-
spec.add_dependency "rack-attack", "~> 5.4"
|
28
27
|
spec.add_dependency "openssl", "~> 2.1.1", ">= 2.1.1"
|
29
28
|
spec.add_dependency "activesupport", "~> 5.1.3", ">= 5.1.3"
|
30
29
|
|
@@ -1,8 +1,7 @@
|
|
1
|
-
require "rails/generators
|
2
|
-
require_relative "core"
|
1
|
+
require "rails/generators"
|
3
2
|
|
4
|
-
module
|
5
|
-
module
|
3
|
+
module GraphqlAuthorizer
|
4
|
+
module Generators
|
6
5
|
# Add GraphQLAuthorizer to a Rails app with `rails g graphql_authorizer:install`.
|
7
6
|
#
|
8
7
|
# Setup a initializer file Rack Attack and GraphQLAuhtorizer
|
@@ -16,17 +15,29 @@ module Generators
|
|
16
15
|
# ```
|
17
16
|
class InstallGenerator < Rails::Generators::Base
|
18
17
|
desc "Copy Rack Attack Template into App's Initializer"
|
19
|
-
source_root File.expand_path('
|
18
|
+
source_root File.expand_path('templates', __dir__)
|
20
19
|
|
21
|
-
def
|
22
|
-
file = "
|
20
|
+
def copy_graphql_authorizer
|
21
|
+
file = "graphql_authorizer.rb"
|
23
22
|
template(file, "config/initializers/#{file}")
|
24
23
|
end
|
25
24
|
|
26
|
-
def
|
27
|
-
|
25
|
+
def inject_rack_attack_in_gemfile
|
26
|
+
gem("rack-attack")
|
27
|
+
print "\nGemfile has been modified, make sure you `bundle install\n`"
|
28
|
+
end
|
29
|
+
|
30
|
+
def copy_rack_attack
|
31
|
+
file = "rack_attack.rb"
|
28
32
|
template(file, "config/initializers/#{file}")
|
29
33
|
end
|
34
|
+
|
35
|
+
private
|
36
|
+
|
37
|
+
def gem(*args)
|
38
|
+
print "\nAdding Gem into Gemfile\n"
|
39
|
+
super(*args)
|
40
|
+
end
|
30
41
|
end
|
31
42
|
end
|
32
43
|
end
|
data/lib/graphql_authorizer.rb
CHANGED
@@ -1,6 +1,6 @@
|
|
1
|
-
|
2
|
-
|
3
|
-
|
1
|
+
require "graphql_authorizer/version"
|
2
|
+
require "graphql_authorizer/configuration"
|
3
|
+
require "graphql_authorizer/request"
|
4
4
|
|
5
5
|
# Main Module
|
6
6
|
module GraphQLAuthorizer
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: graphql_authorizer
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.
|
4
|
+
version: 1.0.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Peter John Alvarado
|
@@ -10,20 +10,6 @@ bindir: exe
|
|
10
10
|
cert_chain: []
|
11
11
|
date: 2018-09-03 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
|
-
- !ruby/object:Gem::Dependency
|
14
|
-
name: rack-attack
|
15
|
-
requirement: !ruby/object:Gem::Requirement
|
16
|
-
requirements:
|
17
|
-
- - "~>"
|
18
|
-
- !ruby/object:Gem::Version
|
19
|
-
version: '5.4'
|
20
|
-
type: :runtime
|
21
|
-
prerelease: false
|
22
|
-
version_requirements: !ruby/object:Gem::Requirement
|
23
|
-
requirements:
|
24
|
-
- - "~>"
|
25
|
-
- !ruby/object:Gem::Version
|
26
|
-
version: '5.4'
|
27
13
|
- !ruby/object:Gem::Dependency
|
28
14
|
name: openssl
|
29
15
|
requirement: !ruby/object:Gem::Requirement
|
@@ -146,8 +132,8 @@ dependencies:
|
|
146
132
|
- - ">="
|
147
133
|
- !ruby/object:Gem::Version
|
148
134
|
version: 0.11.3
|
149
|
-
description:
|
150
|
-
|
135
|
+
description: GraphQL Authorizer is built to provide request signature, timestamp validation,
|
136
|
+
endpoint blocking and throttling using `rack-attack` gem.
|
151
137
|
email:
|
152
138
|
- redjoker011@gmail.com
|
153
139
|
executables: []
|
@@ -167,7 +153,7 @@ files:
|
|
167
153
|
- graphql_authorizer.gemspec
|
168
154
|
- lib/errors/configuration.rb
|
169
155
|
- lib/generators/graphql_authorizer/install_generator.rb
|
170
|
-
- lib/generators/graphql_authorizer/templates/
|
156
|
+
- lib/generators/graphql_authorizer/templates/graphql_authorizer.rb
|
171
157
|
- lib/generators/graphql_authorizer/templates/rack_attack.rb
|
172
158
|
- lib/graphql_authorizer.rb
|
173
159
|
- lib/graphql_authorizer/configuration.rb
|
@@ -198,5 +184,5 @@ rubyforge_project:
|
|
198
184
|
rubygems_version: 2.7.3
|
199
185
|
signing_key:
|
200
186
|
specification_version: 4
|
201
|
-
summary:
|
187
|
+
summary: GraphQL Authorizer provides simple authorization forGraphQL endpoints.
|
202
188
|
test_files: []
|