katalyst-basic-auth 0.3.2 → 0.5.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (8) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGELOG.md +8 -0
  3. data/README.md +2 -1
  4. data/lib/katalyst/basic/auth/config.rb +61 -15
  5. data/lib/katalyst/basic/auth/middleware.rb +1 -0
  6. data/lib/katalyst/basic/auth.rb +11 -3
  7. metadata +21 -8
  8. data/lib/katalyst/basic/auth/version.rb +0 -9
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 42a7c271d2cff6d64ef648d0137bf97aa0bad05304140dca22cf0eca7540e721
4
- data.tar.gz: cff3c9af52be2633129eb88b26ae7afd82eefe2f0f5631caa48adf7678882ee7
3
+ metadata.gz: 41f54ddbd66ceccb23388677ecf248089a03302ec1bf0a000c93d0e5d4ec251a
4
+ data.tar.gz: 4183373946dd4df7848c0988b00beb95f144b1341d58cff5f3024458ec935dc7
5
5
  SHA512:
6
- metadata.gz: 0ca93649e6378df0b81d42799226fc3609137abcb0ae97224866bae219905e7395cc62012c34ac07fa0e8ee8431688fd7a86538ddcaa87b1e509df79b31775d6
7
- data.tar.gz: 9035f91c1b3655a51fe8353ef535147c687a68b6582c659f4eb09a048da3ee2994ae782d605596befdad112eff4c507b24d762bba02fa15edd1f8312775cd32f
6
+ metadata.gz: 334cf7d8ab929fa675f2179e85743423f9fa50e15f528c403b1e8b627ce6a4b1816bbce85a69a99bdbd40163f2ba0c1c9889f370d6390a6322abaf7f1e4fe6e3
7
+ data.tar.gz: 7b4d85c560cebf72d748e9e65bae30ce9216e5292a80913aa86919bb24b2b250404199ad960dfa4bb8a1fe20d5e2c7efecb8bede9b18fdbdfe66be8eccbb5ad1
data/CHANGELOG.md CHANGED
@@ -1,3 +1,11 @@
1
+ ## [0.5.0] - 2024-04-26
2
+
3
+ - Add `/up` as a default allowed path (Rails 7.1+ health check)
4
+
5
+ ## [0.4.0] - 2022-06-10
6
+
7
+ - Add support for IP address allowlists
8
+
1
9
  ## [0.3.2] - 2022-03-25
2
10
 
3
11
  - Publish to RubyGems
data/README.md CHANGED
@@ -32,6 +32,7 @@ The following environment variables can optionally be defined to configure the g
32
32
  | KATALYST_BASIC_AUTH_ENABLED | If "yes" or "true", the middleware will be enabled. By default, the middleware is enabled on staging and uat Rails environments |
33
33
  | KATALYST_BASIC_AUTH_USER | The username for basic authentication. Default is the Rails application name in lowercase. |
34
34
  | KATALYST_BASIC_AUTH_PASS | The password for basic authentication. A password will be generated if not set. |
35
+ | KATALYST_BASIC_AUTH_IP_ALLOWLIST | Comma or space separated list of IP addresses or CIDR ranges to allow without basic auth |
35
36
 
36
37
  The gem provides a rake task that can be used to query basic auth settings:
37
38
 
@@ -55,7 +56,7 @@ To install this gem onto your local machine, run `bundle exec rake install`. To
55
56
 
56
57
  ## Contributing
57
58
 
58
- Bug reports and pull requests are welcome on GitHub at https://github.com/katalyst/katalyst-basic-auth. This project is intended to be a safe, welcoming space for collaboration, and contributors are expected to adhere to the [code of conduct](https://github.com/[USERNAME]/katalyst-basic-auth/blob/master/CODE_OF_CONDUCT.md).
59
+ Bug reports and pull requests are welcome on GitHub at https://github.com/katalyst/basic-auth. This project is intended to be a safe, welcoming space for collaboration, and contributors are expected to adhere to the [code of conduct](https://github.com/[USERNAME]/katalyst-basic-auth/blob/master/CODE_OF_CONDUCT.md).
59
60
 
60
61
  ## License
61
62
 
data/lib/katalyst/basic/auth/config.rb CHANGED
@@ -1,11 +1,13 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  require "digest"
4
+ require "ipaddr"
5
+ require "rack"
4
6
 
5
7
  module Katalyst
6
8
  module Basic
7
9
  module Auth
8
- class Config
10
+ class Config # rubocop:disable Metrics/ClassLength
9
11
  DEFAULT_USERNAME = "katalyst"
10
12
  ROOT_PATH = "/"
11
13
 
@@ -26,19 +28,34 @@ module Katalyst
26
28
  all[0]
27
29
  end
28
30
 
29
- def add(path:, username: nil, password: nil, enabled: nil)
30
- config = new(path: path, username: username, password: password, enabled: enabled)
31
+ # @param path [String] Relative path
32
+ # @param username [String] Basic auth user name
33
+ # @param password [String] Basic auth password
34
+ # @param enabled [Boolean] True to enable basic auth for this path
35
+ # @param ip_allowlist [Array<String>] List of IP addresses or network ranges to allow without basic auth
36
+ def add(path:, username: nil, password: nil, enabled: nil, ip_allowlist: nil)
37
+ config = new(
38
+ path: path,
39
+ username: username,
40
+ password: password,
41
+ enabled: enabled,
42
+ ip_allowlist: ip_allowlist
43
+ )
31
44
  all.delete(all.detect { |i| i.path == config.path })
32
45
  all << config
33
46
  config
34
47
  end
35
48
 
49
+ def up(path = "/up")
50
+ new(path: path, enabled: false)
51
+ end
52
+
36
53
  def all
37
- @all ||= [new]
54
+ @all ||= [new, up]
38
55
  end
39
56
 
40
57
  def reset!
41
- @all = [new]
58
+ @all = [new, up]
42
59
  end
43
60
 
44
61
  def each(&block)
@@ -48,10 +65,7 @@ module Katalyst
48
65
  def description
49
66
  output = ["Basic auth settings:", ""]
50
67
  all.each do |config|
51
- output << "path: #{config.root_path? ? "(global)" : config.path}"
52
- output << "enabled: #{config.enabled?}"
53
- output << "username: #{config.username}"
54
- output << "password: #{config.password}"
68
+ output << config.description
55
69
  output << ""
56
70
  end
57
71
  output.join("\n")
@@ -96,9 +110,13 @@ module Katalyst
96
110
  ENV["SECRET_KEY_BASE"]
97
111
  end
98
112
  end
113
+
114
+ def default_ip_allowlist
115
+ ENV.fetch("KATALYST_BASIC_AUTH_IP_ALLOWLIST", "").split(/[\s,]+/)
116
+ end
99
117
  end
100
118
 
101
- attr_reader :path, :username, :password
119
+ attr_reader :path, :username, :password, :ip_allowlist
102
120
 
103
121
  def enabled?
104
122
  @enabled
@@ -108,13 +126,37 @@ module Katalyst
108
126
  path == ROOT_PATH
109
127
  end
110
128
 
129
+ def allow_ip?(env)
130
+ request = ::Rack::Request.new(env)
131
+ return false unless request.ip
132
+
133
+ remote_ip = IPAddr.new(request.ip)
134
+ ip_allowlist.any? { |i| i.include?(remote_ip) }
135
+ end
136
+
137
+ def description
138
+ output = []
139
+ output << "path: #{root_path? ? "(global)" : path}"
140
+ output << "enabled: #{enabled?}"
141
+ output << "username: #{username}"
142
+ output << "password: #{password}"
143
+ output << "ip allowlist: #{ip_allowlist.inspect}"
144
+ output.join("\n")
145
+ end
146
+
111
147
  private
112
148
 
113
- def initialize(path: nil, username: nil, password: nil, enabled: nil)
114
- @path = sanitize_path(path)
115
- @username = username || self.class.default_username
116
- @password = password || self.class.default_password(@username)
117
- @enabled = enabled.nil? ? (!root_path? || self.class.enabled?) : enabled
149
+ # @param path [String] Relative path
150
+ # @param username [String] Basic auth user name
151
+ # @param password [String] Basic auth password
152
+ # @param enabled [Boolean] True to enable basic auth for this path
153
+ # @param ip_allowlist [Array<String>] List of IP addresses or network ranges to allow without basic auth
154
+ def initialize(path: nil, username: nil, password: nil, enabled: nil, ip_allowlist: nil)
155
+ @path = sanitize_path(path)
156
+ @username = username || self.class.default_username
157
+ @password = password || self.class.default_password(@username)
158
+ @enabled = enabled.nil? ? (!root_path? || self.class.enabled?) : enabled
159
+ @ip_allowlist = initialize_ip_allowlist(ip_allowlist)
118
160
  end
119
161
 
120
162
  def sanitize_path(path)
@@ -123,6 +165,10 @@ module Katalyst
123
165
  path = "/#{path}" unless path.start_with?("/")
124
166
  path
125
167
  end
168
+
169
+ def initialize_ip_allowlist(ip_allowlist)
170
+ (ip_allowlist || self.class.default_ip_allowlist).map { |i| IPAddr.new(i) }
171
+ end
126
172
  end
127
173
  end
128
174
  end
data/lib/katalyst/basic/auth/middleware.rb CHANGED
@@ -13,6 +13,7 @@ module Katalyst
13
13
  def call(env)
14
14
  config = Config.for_path(env["PATH_INFO"])
15
15
  return @app.call(env) unless config.enabled?
16
+ return @app.call(env) if config.allow_ip?(env)
16
17
 
17
18
  auth = Rack::Auth::Basic.new(app) do |u, p|
18
19
  u == config.username && p == config.password
data/lib/katalyst/basic/auth.rb CHANGED
@@ -1,6 +1,5 @@
1
1
  # frozen_string_literal: true
2
2
 
3
- require_relative "auth/version"
4
3
  require_relative "auth/config"
5
4
  require_relative "auth/middleware"
6
5
  require_relative "auth/rails" if defined?(Rails)
@@ -10,11 +9,20 @@ module Katalyst
10
9
  module Auth
11
10
  class << self
12
11
  # Add a path to be protected by basic authentication
13
- def add(path, username: nil, password: nil)
14
- Config.add(path: path, username: username, password: password)
12
+ # @param path [String] Relative path
13
+ # @param username [String] Basic auth user name
14
+ # @param password [String] Basic auth password
15
+ # @param ip_allowlist [Array<String>] List of IP addresses or network ranges to allow without basic auth
16
+ def add(path, username: nil, password: nil, ip_allowlist: nil)
17
+ Config.add(path: path,
18
+ username: username,
19
+ password: password,
20
+ enabled: true,
21
+ ip_allowlist: ip_allowlist)
15
22
  end
16
23
 
17
24
  # Add a path to be excluded from basic authentication
25
+ # @param path [String] Relative path
18
26
  def exclude(path)
19
27
  Config.add(path: path, enabled: false)
20
28
  end
metadata CHANGED
@@ -1,18 +1,32 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: katalyst-basic-auth
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.3.2
4
+ version: 0.5.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Katalyst Interactive
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2022-03-25 00:00:00.000000000 Z
12
- dependencies: []
11
+ date: 2024-04-26 00:00:00.000000000 Z
12
+ dependencies:
13
+ - !ruby/object:Gem::Dependency
14
+ name: rack
15
+ requirement: !ruby/object:Gem::Requirement
16
+ requirements:
17
+ - - ">="
18
+ - !ruby/object:Gem::Version
19
+ version: '0'
20
+ type: :runtime
21
+ prerelease: false
22
+ version_requirements: !ruby/object:Gem::Requirement
23
+ requirements:
24
+ - - ">="
25
+ - !ruby/object:Gem::Version
26
+ version: '0'
13
27
  description: Makes it easy to add basic auth on staging and development apps.
14
28
  email:
15
- - admin@katalyst.com.au
29
+ - developers@katalyst.com.au
16
30
  executables: []
17
31
  extensions: []
18
32
  extra_rdoc_files: []
@@ -25,7 +39,6 @@ files:
25
39
  - lib/katalyst/basic/auth/middleware.rb
26
40
  - lib/katalyst/basic/auth/rails.rb
27
41
  - lib/katalyst/basic/auth/tasks/auth.rake
28
- - lib/katalyst/basic/auth/version.rb
29
42
  homepage: https://github.com/katalyst/katalyst-basic-auth
30
43
  licenses:
31
44
  - MIT
@@ -33,8 +46,8 @@ metadata:
33
46
  allowed_push_host: https://rubygems.org
34
47
  rubygems_mfa_required: 'true'
35
48
  homepage_uri: https://github.com/katalyst/katalyst-basic-auth
36
- source_code_uri: https://github.com/katalyst/katalyst-basic-auth
37
- changelog_uri: https://github.com/katalyst/katalyst-basic-auth/blob/main/CHANGELOG.md
49
+ source_code_uri: https://github.com/katalyst/basic-auth
50
+ changelog_uri: https://github.com/katalyst/basic-auth/blob/main/CHANGELOG.md
38
51
  post_install_message:
39
52
  rdoc_options: []
40
53
  require_paths:
@@ -50,7 +63,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
50
63
  - !ruby/object:Gem::Version
51
64
  version: '0'
52
65
  requirements: []
53
- rubygems_version: 3.2.32
66
+ rubygems_version: 3.4.19
54
67
  signing_key:
55
68
  specification_version: 4
56
69
  summary: Gem to add basic auth on staging websites
data/lib/katalyst/basic/auth/version.rb DELETED
@@ -1,9 +0,0 @@
1
- # frozen_string_literal: true
2
-
3
- module Katalyst
4
- module Basic
5
- module Auth
6
- VERSION = "0.3.2"
7
- end
8
- end
9
- end