katalyst-basic-auth 0.3.2 → 0.4.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG.md +4 -0
- data/README.md +1 -0
- data/lib/katalyst/basic/auth/config.rb +55 -13
- data/lib/katalyst/basic/auth/middleware.rb +1 -0
- data/lib/katalyst/basic/auth/version.rb +1 -1
- data/lib/katalyst/basic/auth.rb +11 -2
- metadata +21 -7
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 2ba4ca13e4d93df610df02a04c6282aa5320c47ffe44cf15b17ee9484ff7ec4b
|
4
|
+
data.tar.gz: 0fab877c0d5f4cd3dda28b2cd169c2339fda404e4d0033efbf202e4ed583c8ea
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 30d91927431d0f6c1a823ca25876c6995614f66e676fd3d4f83a4607becc6edb861ae1c52e5afb7ff247ce375e3f5401c4c0b12abecb94f166542ddb7595a925
|
7
|
+
data.tar.gz: 730907dfaca349496752303bee3778fabff379255ef6255a1db9e8c5ae39889040e22f69a112e291fc507c95bb28cf42bf1b6e7f161c00f4e2c5452ca27cc718
|
data/CHANGELOG.md
CHANGED
data/README.md
CHANGED
@@ -32,6 +32,7 @@ The following environment variables can optionally be defined to configure the g
|
|
32
32
|
| KATALYST_BASIC_AUTH_ENABLED | If "yes" or "true", the middleware will be enabled. By default, the middleware is enabled on staging and uat Rails environments |
|
33
33
|
| KATALYST_BASIC_AUTH_USER | The username for basic authentication. Default is the Rails application name in lowercase. |
|
34
34
|
| KATALYST_BASIC_AUTH_PASS | The password for basic authentication. A password will be generated if not set. |
|
35
|
+
| KATALYST_BASIC_AUTH_IP_ALLOWLIST | Comma or space separated list of IP addresses or CIDR ranges to allow without basic auth |
|
35
36
|
|
36
37
|
The gem provides a rake task that can be used to query basic auth settings:
|
37
38
|
|
@@ -1,11 +1,13 @@
|
|
1
1
|
# frozen_string_literal: true
|
2
2
|
|
3
3
|
require "digest"
|
4
|
+
require "ipaddr"
|
5
|
+
require "rack"
|
4
6
|
|
5
7
|
module Katalyst
|
6
8
|
module Basic
|
7
9
|
module Auth
|
8
|
-
class Config
|
10
|
+
class Config # rubocop:disable Metrics/ClassLength
|
9
11
|
DEFAULT_USERNAME = "katalyst"
|
10
12
|
ROOT_PATH = "/"
|
11
13
|
|
@@ -26,8 +28,19 @@ module Katalyst
|
|
26
28
|
all[0]
|
27
29
|
end
|
28
30
|
|
29
|
-
|
30
|
-
|
31
|
+
# @param path [String] Relative path
|
32
|
+
# @param username [String] Basic auth user name
|
33
|
+
# @param password [String] Basic auth password
|
34
|
+
# @param enabled [Boolean] True to enable basic auth for this path
|
35
|
+
# @param ip_allowlist [Array<String>] List of IP addresses or network ranges to allow without basic auth
|
36
|
+
def add(path:, username: nil, password: nil, enabled: nil, ip_allowlist: nil)
|
37
|
+
config = new(
|
38
|
+
path: path,
|
39
|
+
username: username,
|
40
|
+
password: password,
|
41
|
+
enabled: enabled,
|
42
|
+
ip_allowlist: ip_allowlist
|
43
|
+
)
|
31
44
|
all.delete(all.detect { |i| i.path == config.path })
|
32
45
|
all << config
|
33
46
|
config
|
@@ -48,10 +61,7 @@ module Katalyst
|
|
48
61
|
def description
|
49
62
|
output = ["Basic auth settings:", ""]
|
50
63
|
all.each do |config|
|
51
|
-
output <<
|
52
|
-
output << "enabled: #{config.enabled?}"
|
53
|
-
output << "username: #{config.username}"
|
54
|
-
output << "password: #{config.password}"
|
64
|
+
output << config.description
|
55
65
|
output << ""
|
56
66
|
end
|
57
67
|
output.join("\n")
|
@@ -96,9 +106,13 @@ module Katalyst
|
|
96
106
|
ENV["SECRET_KEY_BASE"]
|
97
107
|
end
|
98
108
|
end
|
109
|
+
|
110
|
+
def default_ip_allowlist
|
111
|
+
ENV.fetch("KATALYST_BASIC_AUTH_IP_ALLOWLIST", "").split(/[\s,]+/)
|
112
|
+
end
|
99
113
|
end
|
100
114
|
|
101
|
-
attr_reader :path, :username, :password
|
115
|
+
attr_reader :path, :username, :password, :ip_allowlist
|
102
116
|
|
103
117
|
def enabled?
|
104
118
|
@enabled
|
@@ -108,13 +122,37 @@ module Katalyst
|
|
108
122
|
path == ROOT_PATH
|
109
123
|
end
|
110
124
|
|
125
|
+
def allow_ip?(env)
|
126
|
+
request = ::Rack::Request.new(env)
|
127
|
+
return false unless request.ip
|
128
|
+
|
129
|
+
remote_ip = IPAddr.new(request.ip)
|
130
|
+
ip_allowlist.any? { |i| i.include?(remote_ip) }
|
131
|
+
end
|
132
|
+
|
133
|
+
def description
|
134
|
+
output = []
|
135
|
+
output << "path: #{root_path? ? "(global)" : path}"
|
136
|
+
output << "enabled: #{enabled?}"
|
137
|
+
output << "username: #{username}"
|
138
|
+
output << "password: #{password}"
|
139
|
+
output << "ip allowlist: #{ip_allowlist.inspect}"
|
140
|
+
output.join("\n")
|
141
|
+
end
|
142
|
+
|
111
143
|
private
|
112
144
|
|
113
|
-
|
114
|
-
|
115
|
-
|
116
|
-
|
117
|
-
|
145
|
+
# @param path [String] Relative path
|
146
|
+
# @param username [String] Basic auth user name
|
147
|
+
# @param password [String] Basic auth password
|
148
|
+
# @param enabled [Boolean] True to enable basic auth for this path
|
149
|
+
# @param ip_allowlist [Array<String>] List of IP addresses or network ranges to allow without basic auth
|
150
|
+
def initialize(path: nil, username: nil, password: nil, enabled: nil, ip_allowlist: nil)
|
151
|
+
@path = sanitize_path(path)
|
152
|
+
@username = username || self.class.default_username
|
153
|
+
@password = password || self.class.default_password(@username)
|
154
|
+
@enabled = enabled.nil? ? (!root_path? || self.class.enabled?) : enabled
|
155
|
+
@ip_allowlist = initialize_ip_allowlist(ip_allowlist)
|
118
156
|
end
|
119
157
|
|
120
158
|
def sanitize_path(path)
|
@@ -123,6 +161,10 @@ module Katalyst
|
|
123
161
|
path = "/#{path}" unless path.start_with?("/")
|
124
162
|
path
|
125
163
|
end
|
164
|
+
|
165
|
+
def initialize_ip_allowlist(ip_allowlist)
|
166
|
+
(ip_allowlist || self.class.default_ip_allowlist).map { |i| IPAddr.new(i) }
|
167
|
+
end
|
126
168
|
end
|
127
169
|
end
|
128
170
|
end
|
@@ -13,6 +13,7 @@ module Katalyst
|
|
13
13
|
def call(env)
|
14
14
|
config = Config.for_path(env["PATH_INFO"])
|
15
15
|
return @app.call(env) unless config.enabled?
|
16
|
+
return @app.call(env) if config.allow_ip?(env)
|
16
17
|
|
17
18
|
auth = Rack::Auth::Basic.new(app) do |u, p|
|
18
19
|
u == config.username && p == config.password
|
data/lib/katalyst/basic/auth.rb
CHANGED
@@ -10,11 +10,20 @@ module Katalyst
|
|
10
10
|
module Auth
|
11
11
|
class << self
|
12
12
|
# Add a path to be protected by basic authentication
|
13
|
-
|
14
|
-
|
13
|
+
# @param path [String] Relative path
|
14
|
+
# @param username [String] Basic auth user name
|
15
|
+
# @param password [String] Basic auth password
|
16
|
+
# @param ip_allowlist [Array<String>] List of IP addresses or network ranges to allow without basic auth
|
17
|
+
def add(path, username: nil, password: nil, ip_allowlist: nil)
|
18
|
+
Config.add(path: path,
|
19
|
+
username: username,
|
20
|
+
password: password,
|
21
|
+
enabled: true,
|
22
|
+
ip_allowlist: ip_allowlist)
|
15
23
|
end
|
16
24
|
|
17
25
|
# Add a path to be excluded from basic authentication
|
26
|
+
# @param path [String] Relative path
|
18
27
|
def exclude(path)
|
19
28
|
Config.add(path: path, enabled: false)
|
20
29
|
end
|
metadata
CHANGED
@@ -1,15 +1,29 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: katalyst-basic-auth
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.
|
4
|
+
version: 0.4.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Katalyst Interactive
|
8
|
-
autorequire:
|
8
|
+
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2022-
|
12
|
-
dependencies:
|
11
|
+
date: 2022-06-14 00:00:00.000000000 Z
|
12
|
+
dependencies:
|
13
|
+
- !ruby/object:Gem::Dependency
|
14
|
+
name: rack
|
15
|
+
requirement: !ruby/object:Gem::Requirement
|
16
|
+
requirements:
|
17
|
+
- - ">="
|
18
|
+
- !ruby/object:Gem::Version
|
19
|
+
version: '0'
|
20
|
+
type: :runtime
|
21
|
+
prerelease: false
|
22
|
+
version_requirements: !ruby/object:Gem::Requirement
|
23
|
+
requirements:
|
24
|
+
- - ">="
|
25
|
+
- !ruby/object:Gem::Version
|
26
|
+
version: '0'
|
13
27
|
description: Makes it easy to add basic auth on staging and development apps.
|
14
28
|
email:
|
15
29
|
- admin@katalyst.com.au
|
@@ -35,7 +49,7 @@ metadata:
|
|
35
49
|
homepage_uri: https://github.com/katalyst/katalyst-basic-auth
|
36
50
|
source_code_uri: https://github.com/katalyst/katalyst-basic-auth
|
37
51
|
changelog_uri: https://github.com/katalyst/katalyst-basic-auth/blob/main/CHANGELOG.md
|
38
|
-
post_install_message:
|
52
|
+
post_install_message:
|
39
53
|
rdoc_options: []
|
40
54
|
require_paths:
|
41
55
|
- lib
|
@@ -50,8 +64,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
50
64
|
- !ruby/object:Gem::Version
|
51
65
|
version: '0'
|
52
66
|
requirements: []
|
53
|
-
rubygems_version: 3.
|
54
|
-
signing_key:
|
67
|
+
rubygems_version: 3.3.15
|
68
|
+
signing_key:
|
55
69
|
specification_version: 4
|
56
70
|
summary: Gem to add basic auth on staging websites
|
57
71
|
test_files: []
|