heimdall_auth 1.8.0 → 1.9.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/README.md +15 -4
- data/lib/heimdall_auth/rails/routes.rb +8 -5
- data/lib/heimdall_auth/route_constraint.rb +13 -1
- data/lib/heimdall_auth/version.rb +1 -1
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: '0904885207b67efe16aefc1bd5c37a57490f412c199bdf0275a22b56a3f90b84'
|
|
4
|
+
data.tar.gz: 278819290094fa8e3ae2e7640e423c48dbdbc926343c1896ca2ac9eb84b36e37
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: ddb292841b5c583e820fecec2162263d8dd34fb125681bad493e80c73f00fcb242026b649d924b57a9abc5f2003b65bf918bb90c9d07816242831bc019bf0080
|
|
7
|
+
data.tar.gz: 6150a29eaab129ce489f897ab36106de8e46da278f14db29438a607bfe077f481527492d0089903b9df1e25fc0fdff52f24a87932326a326bdb3b891e4d25250
|
data/README.md
CHANGED
|
@@ -5,6 +5,11 @@ This makes it easy to equip an empty rails application with our Heimdall Auth fe
|
|
|
5
5
|
Use it like so in `config/routes.rb`:
|
|
6
6
|
```
|
|
7
7
|
mount_heimdall_auth_secured Sidekiq::Web => '/sidekiq', :manage => :sidekiq
|
|
8
|
+
|
|
9
|
+
or
|
|
10
|
+
|
|
11
|
+
# The /sidekiq/stats path gets available for services like Datadog
|
|
12
|
+
mount_heimdall_auth_secured Sidekiq::Web => '/sidekiq', :manage => :sidekiq, accessible_via_token: {'/sidekiq/stats': ENV['SIDEKIQ_STATS_TOKEN_FOR_WATCHDOG']}
|
|
8
13
|
```
|
|
9
14
|
instead of the known:
|
|
10
15
|
```
|
|
@@ -18,11 +23,17 @@ if user.is_admin
|
|
|
18
23
|
end
|
|
19
24
|
```
|
|
20
25
|
|
|
26
|
+
and the password in `.env` and `.env.example` if you used it:
|
|
27
|
+
```
|
|
28
|
+
SIDEKIQ_STATS_TOKEN_FOR_WATCHDOG=halloweltrandomstring
|
|
29
|
+
```
|
|
30
|
+
|
|
21
31
|
Options:
|
|
22
|
-
- mount_heimdall_auth_secured ENGINE => PATH, ACTION => RESOURCE
|
|
23
|
-
- ENGINE - any mountable Engine like `Sidekiq::Web`
|
|
24
|
-
- PATH - where to mount the engine
|
|
25
|
-
- ACTION & RESOURCE - like any action and resource in cancancan
|
|
32
|
+
- mount_heimdall_auth_secured ENGINE => PATH, ACTION => RESOURCE, accessible_via_token: {EXCEPTION_PATH: EXCEPTION_PASSWORD, EXCEPTION_PATH2: EXCEPTION_PASSWORD2}
|
|
33
|
+
- ENGINE - any mountable Engine like `Sidekiq::Web`
|
|
34
|
+
- PATH - where to mount the engine
|
|
35
|
+
- ACTION & RESOURCE - like any action and resource in cancancan
|
|
36
|
+
- :accessible_via_token -> Defines paths that are available via a particular token. e.g. for Watchdog services like Datadog
|
|
26
37
|
|
|
27
38
|
## Installation and Usage
|
|
28
39
|
|
|
@@ -12,16 +12,19 @@ module HeimdallAuth
|
|
|
12
12
|
|
|
13
13
|
|
|
14
14
|
def mount_heimdall_auth_secured(options = {}, &block)
|
|
15
|
-
|
|
16
|
-
|
|
15
|
+
accessible_via_token = options.extract!(:accessible_via_token)[:accessible_via_token]
|
|
16
|
+
|
|
17
|
+
engine = options.keys.first #Syntax sugar ENGINE => PATH, ACTION => RESOURCE
|
|
18
|
+
path = options.values.first #Syntax sugar ENGINE => PATH, ACTION => RESOURCE
|
|
19
|
+
|
|
20
|
+
action = options.keys.second #Syntax sugar ENGINE => PATH, ACTION => RESOURCE
|
|
21
|
+
resource = options.values.second #Syntax sugar ENGINE => PATH, ACTION => RESOURCE
|
|
17
22
|
|
|
18
|
-
action = options.keys.second
|
|
19
|
-
resource = options.values.second
|
|
20
23
|
if action.nil? || resource.nil?
|
|
21
24
|
puts "WARNING: It seems you missed the cancancan rights. Use: `mount_heimdall_auth_secured Sidekiq::Web => '/sidekiq', :manage => :sidekiq`"
|
|
22
25
|
end
|
|
23
26
|
|
|
24
|
-
mount
|
|
27
|
+
mount engine => path, constraints: HeimdallAuth::RouteConstraint.new(action, resource, accessible_via_token)
|
|
25
28
|
get "#{path}", to: redirect('/signin')
|
|
26
29
|
get "#{path}/*rest", to: redirect('/signin')
|
|
27
30
|
end
|
|
@@ -32,12 +32,24 @@ module HeimdallAuth
|
|
|
32
32
|
|
|
33
33
|
class RouteConstraint
|
|
34
34
|
|
|
35
|
-
def initialize(action, resource)
|
|
35
|
+
def initialize(action, resource, accessible_via_token)
|
|
36
36
|
@action = action
|
|
37
37
|
@resource = resource
|
|
38
|
+
@accessible_via_token = accessible_via_token
|
|
38
39
|
end
|
|
39
40
|
|
|
40
41
|
def matches?(matching_request)
|
|
42
|
+
if @accessible_via_token && matching_request.query_parameters["token"]
|
|
43
|
+
@accessible_via_token.keys.each do |path|
|
|
44
|
+
if path.to_s == matching_request.path.to_s
|
|
45
|
+
expected_token = @accessible_via_token[path]
|
|
46
|
+
if expected_token && ActiveSupport::SecurityUtils.secure_compare(matching_request.query_parameters["token"], expected_token)
|
|
47
|
+
return true
|
|
48
|
+
end
|
|
49
|
+
end
|
|
50
|
+
end
|
|
51
|
+
end
|
|
52
|
+
|
|
41
53
|
AuthenticationChecker.new(matching_request).can?(@action, @resource)
|
|
42
54
|
end
|
|
43
55
|
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: heimdall_auth
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 1.
|
|
4
|
+
version: 1.9.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- René Meye
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2023-
|
|
11
|
+
date: 2023-02-02 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: rails
|