heimdall_auth 1.8.0 → 1.9.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/README.md +15 -4
- data/lib/heimdall_auth/rails/routes.rb +8 -5
- data/lib/heimdall_auth/route_constraint.rb +13 -1
- data/lib/heimdall_auth/version.rb +1 -1
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: '0904885207b67efe16aefc1bd5c37a57490f412c199bdf0275a22b56a3f90b84'
|
|
4
|
+
data.tar.gz: 278819290094fa8e3ae2e7640e423c48dbdbc926343c1896ca2ac9eb84b36e37
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: ddb292841b5c583e820fecec2162263d8dd34fb125681bad493e80c73f00fcb242026b649d924b57a9abc5f2003b65bf918bb90c9d07816242831bc019bf0080
|
|
7
|
+
data.tar.gz: 6150a29eaab129ce489f897ab36106de8e46da278f14db29438a607bfe077f481527492d0089903b9df1e25fc0fdff52f24a87932326a326bdb3b891e4d25250
|
data/README.md
CHANGED
|
@@ -5,6 +5,11 @@ This makes it easy to equip an empty rails application with our Heimdall Auth fe
|
|
|
5
5
|
Use it like so in `config/routes.rb`:
|
|
6
6
|
```
|
|
7
7
|
mount_heimdall_auth_secured Sidekiq::Web => '/sidekiq', :manage => :sidekiq
|
|
8
|
+
|
|
9
|
+
or
|
|
10
|
+
|
|
11
|
+
# The /sidekiq/stats path gets available for services like Datadog
|
|
12
|
+
mount_heimdall_auth_secured Sidekiq::Web => '/sidekiq', :manage => :sidekiq, accessible_via_token: {'/sidekiq/stats': ENV['SIDEKIQ_STATS_TOKEN_FOR_WATCHDOG']}
|
|
8
13
|
```
|
|
9
14
|
instead of the known:
|
|
10
15
|
```
|
|
@@ -18,11 +23,17 @@ if user.is_admin
|
|
|
18
23
|
end
|
|
19
24
|
```
|
|
20
25
|
|
|
26
|
+
and the password in `.env` and `.env.example` if you used it:
|
|
27
|
+
```
|
|
28
|
+
SIDEKIQ_STATS_TOKEN_FOR_WATCHDOG=halloweltrandomstring
|
|
29
|
+
```
|
|
30
|
+
|
|
21
31
|
Options:
|
|
22
|
-
- mount_heimdall_auth_secured ENGINE => PATH, ACTION => RESOURCE
|
|
23
|
-
- ENGINE - any mountable Engine like `Sidekiq::Web`
|
|
24
|
-
- PATH - where to mount the engine
|
|
25
|
-
- ACTION & RESOURCE - like any action and resource in cancancan
|
|
32
|
+
- mount_heimdall_auth_secured ENGINE => PATH, ACTION => RESOURCE, accessible_via_token: {EXCEPTION_PATH: EXCEPTION_PASSWORD, EXCEPTION_PATH2: EXCEPTION_PASSWORD2}
|
|
33
|
+
- ENGINE - any mountable Engine like `Sidekiq::Web`
|
|
34
|
+
- PATH - where to mount the engine
|
|
35
|
+
- ACTION & RESOURCE - like any action and resource in cancancan
|
|
36
|
+
- :accessible_via_token -> Defines paths that are available via a particular token. e.g. for Watchdog services like Datadog
|
|
26
37
|
|
|
27
38
|
## Installation and Usage
|
|
28
39
|
|
|
@@ -12,16 +12,19 @@ module HeimdallAuth
|
|
|
12
12
|
|
|
13
13
|
|
|
14
14
|
def mount_heimdall_auth_secured(options = {}, &block)
|
|
15
|
-
|
|
16
|
-
|
|
15
|
+
accessible_via_token = options.extract!(:accessible_via_token)[:accessible_via_token]
|
|
16
|
+
|
|
17
|
+
engine = options.keys.first #Syntax sugar ENGINE => PATH, ACTION => RESOURCE
|
|
18
|
+
path = options.values.first #Syntax sugar ENGINE => PATH, ACTION => RESOURCE
|
|
19
|
+
|
|
20
|
+
action = options.keys.second #Syntax sugar ENGINE => PATH, ACTION => RESOURCE
|
|
21
|
+
resource = options.values.second #Syntax sugar ENGINE => PATH, ACTION => RESOURCE
|
|
17
22
|
|
|
18
|
-
action = options.keys.second
|
|
19
|
-
resource = options.values.second
|
|
20
23
|
if action.nil? || resource.nil?
|
|
21
24
|
puts "WARNING: It seems you missed the cancancan rights. Use: `mount_heimdall_auth_secured Sidekiq::Web => '/sidekiq', :manage => :sidekiq`"
|
|
22
25
|
end
|
|
23
26
|
|
|
24
|
-
mount
|
|
27
|
+
mount engine => path, constraints: HeimdallAuth::RouteConstraint.new(action, resource, accessible_via_token)
|
|
25
28
|
get "#{path}", to: redirect('/signin')
|
|
26
29
|
get "#{path}/*rest", to: redirect('/signin')
|
|
27
30
|
end
|
|
@@ -32,12 +32,24 @@ module HeimdallAuth
|
|
|
32
32
|
|
|
33
33
|
class RouteConstraint
|
|
34
34
|
|
|
35
|
-
def initialize(action, resource)
|
|
35
|
+
def initialize(action, resource, accessible_via_token)
|
|
36
36
|
@action = action
|
|
37
37
|
@resource = resource
|
|
38
|
+
@accessible_via_token = accessible_via_token
|
|
38
39
|
end
|
|
39
40
|
|
|
40
41
|
def matches?(matching_request)
|
|
42
|
+
if @accessible_via_token && matching_request.query_parameters["token"]
|
|
43
|
+
@accessible_via_token.keys.each do |path|
|
|
44
|
+
if path.to_s == matching_request.path.to_s
|
|
45
|
+
expected_token = @accessible_via_token[path]
|
|
46
|
+
if expected_token && ActiveSupport::SecurityUtils.secure_compare(matching_request.query_parameters["token"], expected_token)
|
|
47
|
+
return true
|
|
48
|
+
end
|
|
49
|
+
end
|
|
50
|
+
end
|
|
51
|
+
end
|
|
52
|
+
|
|
41
53
|
AuthenticationChecker.new(matching_request).can?(@action, @resource)
|
|
42
54
|
end
|
|
43
55
|
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: heimdall_auth
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 1.
|
|
4
|
+
version: 1.9.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- René Meye
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2023-
|
|
11
|
+
date: 2023-02-02 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: rails
|