katalyst-basic-auth 0.3.2 → 0.5.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (8) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGELOG.md +8 -0
  3. data/README.md +2 -1
  4. data/lib/katalyst/basic/auth/config.rb +61 -15
  5. data/lib/katalyst/basic/auth/middleware.rb +1 -0
  6. data/lib/katalyst/basic/auth.rb +11 -3
  7. metadata +21 -8
  8. data/lib/katalyst/basic/auth/version.rb +0 -9
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 42a7c271d2cff6d64ef648d0137bf97aa0bad05304140dca22cf0eca7540e721
4
- data.tar.gz: cff3c9af52be2633129eb88b26ae7afd82eefe2f0f5631caa48adf7678882ee7
3
+ metadata.gz: 41f54ddbd66ceccb23388677ecf248089a03302ec1bf0a000c93d0e5d4ec251a
4
+ data.tar.gz: 4183373946dd4df7848c0988b00beb95f144b1341d58cff5f3024458ec935dc7
5
5
  SHA512:
6
- metadata.gz: 0ca93649e6378df0b81d42799226fc3609137abcb0ae97224866bae219905e7395cc62012c34ac07fa0e8ee8431688fd7a86538ddcaa87b1e509df79b31775d6
7
- data.tar.gz: 9035f91c1b3655a51fe8353ef535147c687a68b6582c659f4eb09a048da3ee2994ae782d605596befdad112eff4c507b24d762bba02fa15edd1f8312775cd32f
6
+ metadata.gz: 334cf7d8ab929fa675f2179e85743423f9fa50e15f528c403b1e8b627ce6a4b1816bbce85a69a99bdbd40163f2ba0c1c9889f370d6390a6322abaf7f1e4fe6e3
7
+ data.tar.gz: 7b4d85c560cebf72d748e9e65bae30ce9216e5292a80913aa86919bb24b2b250404199ad960dfa4bb8a1fe20d5e2c7efecb8bede9b18fdbdfe66be8eccbb5ad1
data/CHANGELOG.md CHANGED
@@ -1,3 +1,11 @@
1
+ ## [0.5.0] - 2024-04-26
2
+
3
+ - Add `/up` as a default allowed path (Rails 7.1+ health check)
4
+
5
+ ## [0.4.0] - 2022-06-10
6
+
7
+ - Add support for IP address allowlists
8
+
1
9
  ## [0.3.2] - 2022-03-25
2
10
 
3
11
  - Publish to RubyGems
data/README.md CHANGED
@@ -32,6 +32,7 @@ The following environment variables can optionally be defined to configure the g
32
32
  | KATALYST_BASIC_AUTH_ENABLED | If "yes" or "true", the middleware will be enabled. By default, the middleware is enabled on staging and uat Rails environments |
33
33
  | KATALYST_BASIC_AUTH_USER | The username for basic authentication. Default is the Rails application name in lowercase. |
34
34
  | KATALYST_BASIC_AUTH_PASS | The password for basic authentication. A password will be generated if not set. |
35
+ | KATALYST_BASIC_AUTH_IP_ALLOWLIST | Comma or space separated list of IP addresses or CIDR ranges to allow without basic auth |
35
36
 
36
37
  The gem provides a rake task that can be used to query basic auth settings:
37
38
 
@@ -55,7 +56,7 @@ To install this gem onto your local machine, run `bundle exec rake install`. To
55
56
 
56
57
  ## Contributing
57
58
 
58
- Bug reports and pull requests are welcome on GitHub at https://github.com/katalyst/katalyst-basic-auth. This project is intended to be a safe, welcoming space for collaboration, and contributors are expected to adhere to the [code of conduct](https://github.com/[USERNAME]/katalyst-basic-auth/blob/master/CODE_OF_CONDUCT.md).
59
+ Bug reports and pull requests are welcome on GitHub at https://github.com/katalyst/basic-auth. This project is intended to be a safe, welcoming space for collaboration, and contributors are expected to adhere to the [code of conduct](https://github.com/[USERNAME]/katalyst-basic-auth/blob/master/CODE_OF_CONDUCT.md).
59
60
 
60
61
  ## License
61
62
 
data/lib/katalyst/basic/auth/config.rb CHANGED
@@ -1,11 +1,13 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  require "digest"
4
+ require "ipaddr"
5
+ require "rack"
4
6
 
5
7
  module Katalyst
6
8
  module Basic
7
9
  module Auth
8
- class Config
10
+ class Config # rubocop:disable Metrics/ClassLength
9
11
  DEFAULT_USERNAME = "katalyst"
10
12
  ROOT_PATH = "/"
11
13
 
@@ -26,19 +28,34 @@ module Katalyst
26
28
  all[0]
27
29
  end
28
30
 
29
- def add(path:, username: nil, password: nil, enabled: nil)
30
- config = new(path: path, username: username, password: password, enabled: enabled)
31
+ # @param path [String] Relative path
32
+ # @param username [String] Basic auth user name
33
+ # @param password [String] Basic auth password
34
+ # @param enabled [Boolean] True to enable basic auth for this path
35
+ # @param ip_allowlist [Array<String>] List of IP addresses or network ranges to allow without basic auth
36
+ def add(path:, username: nil, password: nil, enabled: nil, ip_allowlist: nil)
37
+ config = new(
38
+ path: path,
39
+ username: username,
40
+ password: password,
41
+ enabled: enabled,
42
+ ip_allowlist: ip_allowlist
43
+ )
31
44
  all.delete(all.detect { |i| i.path == config.path })
32
45
  all << config
33
46
  config
34
47
  end
35
48
 
49
+ def up(path = "/up")
50
+ new(path: path, enabled: false)
51
+ end
52
+
36
53
  def all
37
- @all ||= [new]
54
+ @all ||= [new, up]
38
55
  end
39
56
 
40
57
  def reset!
41
- @all = [new]
58
+ @all = [new, up]
42
59
  end
43
60
 
44
61
  def each(&block)
@@ -48,10 +65,7 @@ module Katalyst
48
65
  def description
49
66
  output = ["Basic auth settings:", ""]
50
67
  all.each do |config|
51
- output << "path: #{config.root_path? ? "(global)" : config.path}"
52
- output << "enabled: #{config.enabled?}"
53
- output << "username: #{config.username}"
54
- output << "password: #{config.password}"
68
+ output << config.description
55
69
  output << ""
56
70
  end
57
71
  output.join("\n")
@@ -96,9 +110,13 @@ module Katalyst
96
110
  ENV["SECRET_KEY_BASE"]
97
111
  end
98
112
  end
113
+
114
+ def default_ip_allowlist
115
+ ENV.fetch("KATALYST_BASIC_AUTH_IP_ALLOWLIST", "").split(/[\s,]+/)
116
+ end
99
117
  end
100
118
 
101
- attr_reader :path, :username, :password
119
+ attr_reader :path, :username, :password, :ip_allowlist
102
120
 
103
121
  def enabled?
104
122
  @enabled
@@ -108,13 +126,37 @@ module Katalyst
108
126
  path == ROOT_PATH
109
127
  end
110
128
 
129
+ def allow_ip?(env)
130
+ request = ::Rack::Request.new(env)
131
+ return false unless request.ip
132
+
133
+ remote_ip = IPAddr.new(request.ip)
134
+ ip_allowlist.any? { |i| i.include?(remote_ip) }
135
+ end
136
+
137
+ def description
138
+ output = []
139
+ output << "path: #{root_path? ? "(global)" : path}"
140
+ output << "enabled: #{enabled?}"
141
+ output << "username: #{username}"
142
+ output << "password: #{password}"
143
+ output << "ip allowlist: #{ip_allowlist.inspect}"
144
+ output.join("\n")
145
+ end
146
+
111
147
  private
112
148
 
113
- def initialize(path: nil, username: nil, password: nil, enabled: nil)
114
- @path = sanitize_path(path)
115
- @username = username || self.class.default_username
116
- @password = password || self.class.default_password(@username)
117
- @enabled = enabled.nil? ? (!root_path? || self.class.enabled?) : enabled
149
+ # @param path [String] Relative path
150
+ # @param username [String] Basic auth user name
151
+ # @param password [String] Basic auth password
152
+ # @param enabled [Boolean] True to enable basic auth for this path
153
+ # @param ip_allowlist [Array<String>] List of IP addresses or network ranges to allow without basic auth
154
+ def initialize(path: nil, username: nil, password: nil, enabled: nil, ip_allowlist: nil)
155
+ @path = sanitize_path(path)
156
+ @username = username || self.class.default_username
157
+ @password = password || self.class.default_password(@username)
158
+ @enabled = enabled.nil? ? (!root_path? || self.class.enabled?) : enabled
159
+ @ip_allowlist = initialize_ip_allowlist(ip_allowlist)
118
160
  end
119
161
 
120
162
  def sanitize_path(path)
@@ -123,6 +165,10 @@ module Katalyst
123
165
  path = "/#{path}" unless path.start_with?("/")
124
166
  path
125
167
  end
168
+
169
+ def initialize_ip_allowlist(ip_allowlist)
170
+ (ip_allowlist || self.class.default_ip_allowlist).map { |i| IPAddr.new(i) }
171
+ end
126
172
  end
127
173
  end
128
174
  end
data/lib/katalyst/basic/auth/middleware.rb CHANGED
@@ -13,6 +13,7 @@ module Katalyst
13
13
  def call(env)
14
14
  config = Config.for_path(env["PATH_INFO"])
15
15
  return @app.call(env) unless config.enabled?
16
+ return @app.call(env) if config.allow_ip?(env)
16
17
 
17
18
  auth = Rack::Auth::Basic.new(app) do |u, p|
18
19
  u == config.username && p == config.password
data/lib/katalyst/basic/auth.rb CHANGED
@@ -1,6 +1,5 @@
1
1
  # frozen_string_literal: true
2
2
 
3
- require_relative "auth/version"
4
3
  require_relative "auth/config"
5
4
  require_relative "auth/middleware"
6
5
  require_relative "auth/rails" if defined?(Rails)
@@ -10,11 +9,20 @@ module Katalyst
10
9
  module Auth
11
10
  class << self
12
11
  # Add a path to be protected by basic authentication
13
- def add(path, username: nil, password: nil)
14
- Config.add(path: path, username: username, password: password)
12
+ # @param path [String] Relative path
13
+ # @param username [String] Basic auth user name
14
+ # @param password [String] Basic auth password
15
+ # @param ip_allowlist [Array<String>] List of IP addresses or network ranges to allow without basic auth
16
+ def add(path, username: nil, password: nil, ip_allowlist: nil)
17
+ Config.add(path: path,
18
+ username: username,
19
+ password: password,
20
+ enabled: true,
21
+ ip_allowlist: ip_allowlist)
15
22
  end
16
23
 
17
24
  # Add a path to be excluded from basic authentication
25
+ # @param path [String] Relative path
18
26
  def exclude(path)
19
27
  Config.add(path: path, enabled: false)
20
28
  end
metadata CHANGED
@@ -1,18 +1,32 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: katalyst-basic-auth
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.3.2
4
+ version: 0.5.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Katalyst Interactive
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2022-03-25 00:00:00.000000000 Z
12
- dependencies: []
11
+ date: 2024-04-26 00:00:00.000000000 Z
12
+ dependencies:
13
+ - !ruby/object:Gem::Dependency
14
+ name: rack
15
+ requirement: !ruby/object:Gem::Requirement
16
+ requirements:
17
+ - - ">="
18
+ - !ruby/object:Gem::Version
19
+ version: '0'
20
+ type: :runtime
21
+ prerelease: false
22
+ version_requirements: !ruby/object:Gem::Requirement
23
+ requirements:
24
+ - - ">="
25
+ - !ruby/object:Gem::Version
26
+ version: '0'
13
27
  description: Makes it easy to add basic auth on staging and development apps.
14
28
  email:
15
- - admin@katalyst.com.au
29
+ - developers@katalyst.com.au
16
30
  executables: []
17
31
  extensions: []
18
32
  extra_rdoc_files: []
@@ -25,7 +39,6 @@ files:
25
39
  - lib/katalyst/basic/auth/middleware.rb
26
40
  - lib/katalyst/basic/auth/rails.rb
27
41
  - lib/katalyst/basic/auth/tasks/auth.rake
28
- - lib/katalyst/basic/auth/version.rb
29
42
  homepage: https://github.com/katalyst/katalyst-basic-auth
30
43
  licenses:
31
44
  - MIT
@@ -33,8 +46,8 @@ metadata:
33
46
  allowed_push_host: https://rubygems.org
34
47
  rubygems_mfa_required: 'true'
35
48
  homepage_uri: https://github.com/katalyst/katalyst-basic-auth
36
- source_code_uri: https://github.com/katalyst/katalyst-basic-auth
37
- changelog_uri: https://github.com/katalyst/katalyst-basic-auth/blob/main/CHANGELOG.md
49
+ source_code_uri: https://github.com/katalyst/basic-auth
50
+ changelog_uri: https://github.com/katalyst/basic-auth/blob/main/CHANGELOG.md
38
51
  post_install_message:
39
52
  rdoc_options: []
40
53
  require_paths:
@@ -50,7 +63,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
50
63
  - !ruby/object:Gem::Version
51
64
  version: '0'
52
65
  requirements: []
53
- rubygems_version: 3.2.32
66
+ rubygems_version: 3.4.19
54
67
  signing_key:
55
68
  specification_version: 4
56
69
  summary: Gem to add basic auth on staging websites
data/lib/katalyst/basic/auth/version.rb DELETED
@@ -1,9 +0,0 @@
1
- # frozen_string_literal: true
2
-
3
- module Katalyst
4
- module Basic
5
- module Auth
6
- VERSION = "0.3.2"
7
- end
8
- end
9
- end