graphql_authorizer 0.2.3 → 1.0.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/Gemfile.lock +1 -5
- data/README.md +82 -6
- data/graphql_authorizer.gemspec +3 -4
- data/lib/generators/graphql_authorizer/install_generator.rb +20 -9
- data/lib/generators/graphql_authorizer/templates/graphql_authorizer.rb +4 -0
- data/lib/generators/graphql_authorizer/templates/rack_attack.rb +1 -0
- data/lib/graphql_authorizer/version.rb +1 -1
- data/lib/graphql_authorizer.rb +3 -3
- metadata +5 -19
- data/lib/generators/graphql_authorizer/templates/graphql_authorization.rb +0 -3
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 686bf1bf26471f700bc0cbf1187529aec7909a35d47cfe6e008e35202f343c8d
|
|
4
|
+
data.tar.gz: eaaecb01b4df704600d16d4cac6fd52c125a474ddfb1d7922dc8b608b552318c
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 10a5b233aa63bb16208a2b28f833aee425a42169dd58b2ba4ff0029b21883b7025fb3ccc3e99945bad173a7c9da450b98643276e393f5f6259f53f135adc3b9f
|
|
7
|
+
data.tar.gz: 63d7763556382ce209de0f33a9d606201a6c546dcdda3370a1aeb691a5dbeea2de01c27db4cb1fa0ee64889425888b0fdafaae027b6e7072606c2d8b1e0727dd
|
data/Gemfile.lock
CHANGED
|
@@ -1,10 +1,9 @@
|
|
|
1
1
|
PATH
|
|
2
2
|
remote: .
|
|
3
3
|
specs:
|
|
4
|
-
graphql_authorizer (0.2.
|
|
4
|
+
graphql_authorizer (0.2.5)
|
|
5
5
|
activesupport (~> 5.1.3, >= 5.1.3)
|
|
6
6
|
openssl (~> 2.1.1, >= 2.1.1)
|
|
7
|
-
rack-attack (~> 5.4)
|
|
8
7
|
|
|
9
8
|
GEM
|
|
10
9
|
remote: https://rubygems.org/
|
|
@@ -25,9 +24,6 @@ GEM
|
|
|
25
24
|
pry (0.11.3)
|
|
26
25
|
coderay (~> 1.1.0)
|
|
27
26
|
method_source (~> 0.9.0)
|
|
28
|
-
rack (2.0.5)
|
|
29
|
-
rack-attack (5.4.0)
|
|
30
|
-
rack (>= 1.0, < 3)
|
|
31
27
|
rake (10.5.0)
|
|
32
28
|
thread_safe (0.3.6)
|
|
33
29
|
tzinfo (1.2.5)
|
data/README.md
CHANGED
|
@@ -1,15 +1,18 @@
|
|
|
1
1
|
# GraphQLAuthorizer
|
|
2
2
|
|
|
3
|
-
|
|
4
|
-
|
|
5
|
-
TODO: Delete this and the text above, and describe your gem
|
|
3
|
+
GraphqlAuthorizer is built to provide simple access authorization in Graphql
|
|
4
|
+
Endpoints by encrypting `Access Key` and request `Timestamp`.
|
|
6
5
|
|
|
7
6
|
## Installation
|
|
8
7
|
|
|
9
8
|
Add this line to your application's Gemfile:
|
|
10
9
|
|
|
11
10
|
```ruby
|
|
12
|
-
gem '
|
|
11
|
+
gem 'graphql_authorizer'
|
|
12
|
+
|
|
13
|
+
# or with git source
|
|
14
|
+
|
|
15
|
+
gem "graphql_authorizer", git: "git@bitbucket.org:gorated/graphql-authorizer.git"
|
|
13
16
|
```
|
|
14
17
|
|
|
15
18
|
And then execute:
|
|
@@ -18,11 +21,84 @@ And then execute:
|
|
|
18
21
|
|
|
19
22
|
Or install it yourself as:
|
|
20
23
|
|
|
21
|
-
$ gem install
|
|
24
|
+
$ gem install graphql_authorizer
|
|
22
25
|
|
|
23
26
|
## Usage
|
|
24
27
|
|
|
25
|
-
|
|
28
|
+
run generator:
|
|
29
|
+
|
|
30
|
+
$ rails g graphql_authorizer:install
|
|
31
|
+
|
|
32
|
+
This will generate initializer configuration files for:
|
|
33
|
+
|
|
34
|
+
- [GraphQLAuthorizer](https://bitbucket.org/gorated/graphql-authorizer/src/master/lib/generators/graphql_authorizer/templates/graphql_authorizer.rb)
|
|
35
|
+
|
|
36
|
+
- [Rack-Attack](https://bitbucket.org/gorated/graphql-authorizer/src/master/lib/generators/graphql_authorizer/templates/rack_attack.rb).
|
|
37
|
+
|
|
38
|
+
note: `Rack Attack` initializer file contains basic configurations to `allow`,
|
|
39
|
+
`block` and `throttle` client's access based on defined conditions.
|
|
40
|
+
|
|
41
|
+
For more configuration options please check [rack-attack](https://github.com/kickstarter/rack-attack)
|
|
42
|
+
|
|
43
|
+
note: you need to supply shared access key for `client` and `application` in
|
|
44
|
+
`initializers/graphql_authorizer.rb`
|
|
45
|
+
|
|
46
|
+
GraphQLAuthorizer provides helper methods for validating if the request is
|
|
47
|
+
valid, by initializing the `GraphQLAuthorization::Request` class and providing
|
|
48
|
+
`timestamp` and `signature` as arguments.
|
|
49
|
+
|
|
50
|
+
```
|
|
51
|
+
timestamp = Time.zone.now.to_i.to_s
|
|
52
|
+
sig = SecureRandom.hex(8)
|
|
53
|
+
request_validator = GraphQLAuthorizer::Request.new(timestamp: timestamp, sig: sig)
|
|
54
|
+
|
|
55
|
+
request_validator.valid? # returns boolean `true` or `false`
|
|
56
|
+
request_validator.erros # returns array of error messages if request validator
|
|
57
|
+
returns `false` otherwise returns `nil`
|
|
58
|
+
```
|
|
59
|
+
|
|
60
|
+
note:
|
|
61
|
+
|
|
62
|
+
- GraphQLAuthorizer use `OpenSSL::Digest` and `OpenSSL::HMAC` to validate
|
|
63
|
+
request by encrypting `timestamp` and `access_key`.
|
|
64
|
+
|
|
65
|
+
- Client's must provide encrypted signature by encrypting `access_key` and
|
|
66
|
+
`timestamp` upon request.
|
|
67
|
+
|
|
68
|
+
Sample Client Request Configuration with [graphql-client](https://github.com/github/graphql-client)
|
|
69
|
+
|
|
70
|
+
```
|
|
71
|
+
require "graphql/client"
|
|
72
|
+
require "graphql/client/http"
|
|
73
|
+
|
|
74
|
+
class Queries::SWAPI
|
|
75
|
+
# Configure GraphQL endpoint using the basic HTTP network adapter.
|
|
76
|
+
endpoint = ENV.fetch("APP_ENDPOINT")
|
|
77
|
+
HTTP = GraphQL::Client::HTTP.new(endpoint) do
|
|
78
|
+
def headers(context)
|
|
79
|
+
# Optionally set any HTTP headers
|
|
80
|
+
timestamp = Time.now.to_i.to_s
|
|
81
|
+
token = generate_token(timestamp: timestamp)
|
|
82
|
+
{
|
|
83
|
+
"Request-Signature" => token, # Required for signature validation
|
|
84
|
+
"Request-Timestamp" => timestamp, # Required for request timestamp
|
|
85
|
+
validation
|
|
86
|
+
"Authorization" => context
|
|
87
|
+
}
|
|
88
|
+
end
|
|
89
|
+
|
|
90
|
+
def generate_token(timestamp:)
|
|
91
|
+
access_key = ENV.fetch("GRAPHQL_ACCESS_KEY")
|
|
92
|
+
digest = OpenSSL::Digest.new("sha256")
|
|
93
|
+
OpenSSL::HMAC.hexdigest(digest, access_key, timestamp)
|
|
94
|
+
end
|
|
95
|
+
end
|
|
96
|
+
|
|
97
|
+
Schema = GraphQL::Client.load_schema("schema.json")
|
|
98
|
+
|
|
99
|
+
Client = GraphQL::Client.new(schema: Schema, execute: HTTP)
|
|
100
|
+
end
|
|
101
|
+
```
|
|
26
102
|
|
|
27
103
|
## Development
|
|
28
104
|
|
data/graphql_authorizer.gemspec
CHANGED
|
@@ -8,10 +8,10 @@ Gem::Specification.new do |spec|
|
|
|
8
8
|
spec.authors = ["Peter John Alvarado"]
|
|
9
9
|
spec.email = ["redjoker011@gmail.com"]
|
|
10
10
|
|
|
11
|
-
spec.summary = "
|
|
11
|
+
spec.summary = "GraphQL Authorizer provides simple authorization for"\
|
|
12
12
|
"GraphQL endpoints."
|
|
13
|
-
spec.description = "
|
|
14
|
-
"
|
|
13
|
+
spec.description = "GraphQL Authorizer is built to provide request signature, timestamp validation, endpoint blocking and throttling using `rack-attack` gem."\
|
|
14
|
+
""
|
|
15
15
|
spec.homepage = "https://www.gorated.ph"
|
|
16
16
|
spec.license = "MIT"
|
|
17
17
|
|
|
@@ -24,7 +24,6 @@ Gem::Specification.new do |spec|
|
|
|
24
24
|
spec.executables = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
|
|
25
25
|
spec.require_paths = ["lib"]
|
|
26
26
|
|
|
27
|
-
spec.add_dependency "rack-attack", "~> 5.4"
|
|
28
27
|
spec.add_dependency "openssl", "~> 2.1.1", ">= 2.1.1"
|
|
29
28
|
spec.add_dependency "activesupport", "~> 5.1.3", ">= 5.1.3"
|
|
30
29
|
|
|
@@ -1,8 +1,7 @@
|
|
|
1
|
-
require "rails/generators
|
|
2
|
-
require_relative "core"
|
|
1
|
+
require "rails/generators"
|
|
3
2
|
|
|
4
|
-
module
|
|
5
|
-
module
|
|
3
|
+
module GraphqlAuthorizer
|
|
4
|
+
module Generators
|
|
6
5
|
# Add GraphQLAuthorizer to a Rails app with `rails g graphql_authorizer:install`.
|
|
7
6
|
#
|
|
8
7
|
# Setup a initializer file Rack Attack and GraphQLAuhtorizer
|
|
@@ -16,17 +15,29 @@ module Generators
|
|
|
16
15
|
# ```
|
|
17
16
|
class InstallGenerator < Rails::Generators::Base
|
|
18
17
|
desc "Copy Rack Attack Template into App's Initializer"
|
|
19
|
-
source_root File.expand_path('
|
|
18
|
+
source_root File.expand_path('templates', __dir__)
|
|
20
19
|
|
|
21
|
-
def
|
|
22
|
-
file = "
|
|
20
|
+
def copy_graphql_authorizer
|
|
21
|
+
file = "graphql_authorizer.rb"
|
|
23
22
|
template(file, "config/initializers/#{file}")
|
|
24
23
|
end
|
|
25
24
|
|
|
26
|
-
def
|
|
27
|
-
|
|
25
|
+
def inject_rack_attack_in_gemfile
|
|
26
|
+
gem("rack-attack")
|
|
27
|
+
print "\nGemfile has been modified, make sure you `bundle install\n`"
|
|
28
|
+
end
|
|
29
|
+
|
|
30
|
+
def copy_rack_attack
|
|
31
|
+
file = "rack_attack.rb"
|
|
28
32
|
template(file, "config/initializers/#{file}")
|
|
29
33
|
end
|
|
34
|
+
|
|
35
|
+
private
|
|
36
|
+
|
|
37
|
+
def gem(*args)
|
|
38
|
+
print "\nAdding Gem into Gemfile\n"
|
|
39
|
+
super(*args)
|
|
40
|
+
end
|
|
30
41
|
end
|
|
31
42
|
end
|
|
32
43
|
end
|
data/lib/graphql_authorizer.rb
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
|
-
|
|
2
|
-
|
|
3
|
-
|
|
1
|
+
require "graphql_authorizer/version"
|
|
2
|
+
require "graphql_authorizer/configuration"
|
|
3
|
+
require "graphql_authorizer/request"
|
|
4
4
|
|
|
5
5
|
# Main Module
|
|
6
6
|
module GraphQLAuthorizer
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: graphql_authorizer
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 1.0.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Peter John Alvarado
|
|
@@ -10,20 +10,6 @@ bindir: exe
|
|
|
10
10
|
cert_chain: []
|
|
11
11
|
date: 2018-09-03 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
|
-
- !ruby/object:Gem::Dependency
|
|
14
|
-
name: rack-attack
|
|
15
|
-
requirement: !ruby/object:Gem::Requirement
|
|
16
|
-
requirements:
|
|
17
|
-
- - "~>"
|
|
18
|
-
- !ruby/object:Gem::Version
|
|
19
|
-
version: '5.4'
|
|
20
|
-
type: :runtime
|
|
21
|
-
prerelease: false
|
|
22
|
-
version_requirements: !ruby/object:Gem::Requirement
|
|
23
|
-
requirements:
|
|
24
|
-
- - "~>"
|
|
25
|
-
- !ruby/object:Gem::Version
|
|
26
|
-
version: '5.4'
|
|
27
13
|
- !ruby/object:Gem::Dependency
|
|
28
14
|
name: openssl
|
|
29
15
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -146,8 +132,8 @@ dependencies:
|
|
|
146
132
|
- - ">="
|
|
147
133
|
- !ruby/object:Gem::Version
|
|
148
134
|
version: 0.11.3
|
|
149
|
-
description:
|
|
150
|
-
|
|
135
|
+
description: GraphQL Authorizer is built to provide request signature, timestamp validation,
|
|
136
|
+
endpoint blocking and throttling using `rack-attack` gem.
|
|
151
137
|
email:
|
|
152
138
|
- redjoker011@gmail.com
|
|
153
139
|
executables: []
|
|
@@ -167,7 +153,7 @@ files:
|
|
|
167
153
|
- graphql_authorizer.gemspec
|
|
168
154
|
- lib/errors/configuration.rb
|
|
169
155
|
- lib/generators/graphql_authorizer/install_generator.rb
|
|
170
|
-
- lib/generators/graphql_authorizer/templates/
|
|
156
|
+
- lib/generators/graphql_authorizer/templates/graphql_authorizer.rb
|
|
171
157
|
- lib/generators/graphql_authorizer/templates/rack_attack.rb
|
|
172
158
|
- lib/graphql_authorizer.rb
|
|
173
159
|
- lib/graphql_authorizer/configuration.rb
|
|
@@ -198,5 +184,5 @@ rubyforge_project:
|
|
|
198
184
|
rubygems_version: 2.7.3
|
|
199
185
|
signing_key:
|
|
200
186
|
specification_version: 4
|
|
201
|
-
summary:
|
|
187
|
+
summary: GraphQL Authorizer provides simple authorization forGraphQL endpoints.
|
|
202
188
|
test_files: []
|