keycard 0.1.1 → 0.1.2

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 04e5999db1a74c237714b9c8afae5bca2ac11c0c33bc8d56c174967082331ee7
-  data.tar.gz: db2486afcc74b2777fb74f0ce02fd6f6c3499c69823d39af9db7bd4403d31bb7
+  metadata.gz: 5ba441d104509e55f853e1003f6dd2d8c39f362e5e93ee619b0dd9378f8c13b8
+  data.tar.gz: 0d503c7e8c4682348e2c6d1ba9d9d0425fdf61429a278882368bad5cb19c4823
 SHA512:
-  metadata.gz: 671cff5c7be3e97ff2b4325ff94786f3dbb3d82ffb03e5efd015bf95a8e73a1d9c92a34ca47aa8c2eaf124bea691d0560f765ee854db4fa2e5127b3e4484f160
-  data.tar.gz: 7ebe3ac9d5019acd351fc63f430e65c52e7d711db036713db96fc9be5b8c962013d7808bb4f3f5c1993b7f2526ad95719ab3733b628abf9c33b2d6ede48f8fdc
+  metadata.gz: 578ff3eb3e114a3060b0236f6c471fabf45e947b1f2184828f68206eab35071bfa182482cfbab4e9a1750a48e2e127d1aa4e4feda050a11e53c1937ad0778837
+  data.tar.gz: a268b75e7207d0de7626b8f675567eddce0c070158343e2f55d424c6868c06837bfcd03c0be68a3ff8b1edc42aa5798df7d3b59cbadb5b00bea1173a0e855e6d

data/README.md

@@ -37,9 +37,44 @@ And then execute:
 
     $ bundle
 
-Or install it yourself as:
+## Configuration
 
-    $ gem install keycard
+There are two aspects of Keycard that are configurable: the database for IP
+ranges as they map to institutions (IP blocks map to networks, and networks are
+associated with institutions), and the access mode (whether your application is
+served directly or behind a reverse proxy). These will be unified eventually,
+but for now, they are configured separately.
+
+## For the Database
+
+For the database, there is a Railtie that, when running in a Rails app,
+attempts to use the same connection information as ActiveRecord. If you are
+running in this configuration, you will need to run a `rake db:migrate` to
+create the Keycard tables and add them to your `db/schema.rb`. From there forward,
+running `db:setup` or `db:schema:load` will create these tables for you. There is
+a `keycard:migrate` Rake task if you want to run it separately, but it hooks into
+the Rails `db:migrate` by default for convenience.
+
+If you need to customize the database configuration, which will be typical for
+at least the production environment, the easiest way is to define an
+initializer. In a multi-application environment, the database may be read-only,
+which will require the `Keycard::DB.config` to have its `readonly` property set
+to `true`. You can also set either the `Keycard::DB.config.opts` to the options
+to pass to the Sequel connection or set `Keycard::DB.config.url` to use a
+connction string. The latter is equivalent to setting the `KEYCARD_DATABASE_URL`
+environment variable.
+
+## For the Access Mode
+
+To extract the username and client IP from each request, Keycard must be
+configured for an "access mode". This can be set in an initializer, under the
+`Keycard.config.access` property, and should be either `:direct` if clients
+will make HTTP requests directly to the Ruby webserver, or `:proxy` if a
+reverse proxy will be used.
+
+Under the hood, these modes amount to using either `REMOTE_USER` and
+`REMOTE_ADDR` in the environment set by the Ruby webserver for direct mode or
+the `X-Forwarded-User` and `X-Forwarded-For` headers set by a reverse proxy.
 
 ## License
 

data/keycard.gemspec

@@ -25,7 +25,6 @@ Gem::Specification.new do |spec|
   spec.executables   = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
   spec.require_paths = ["lib"]
 
-  spec.add_dependency "mysql2"
   spec.add_dependency "sequel"
 
   spec.add_development_dependency "bundler", "~> 1.16"

data/lib/keycard/direct_request.rb

@@ -0,0 +1,19 @@
+# frozen_string_literal: true
+
+module Keycard
+  # This request wrapper should be used when the application will serve HTTP
+  # requests directly or through a proxy that sets up the usual environment.
+  class DirectRequest < SimpleDelegator
+    def self.for(request)
+      new(request)
+    end
+
+    def username
+      env['REMOTE_USER'] || ''
+    end
+
+    def client_ip
+      (env['REMOTE_ADDR'] || '').split(',').first || ''
+    end
+  end
+end

data/lib/keycard/institution_finder.rb

@@ -26,7 +26,7 @@ module Keycard
     end
 
     def attributes_for(request)
-      return {} unless (numeric_ip = numeric_ip(request.remote_ip))
+      return {} unless (numeric_ip = numeric_ip(request.client_ip))
 
       insts = insts_for_ip(numeric_ip)
 

data/lib/keycard/proxied_request.rb

@@ -0,0 +1,24 @@
+# frozen_string_literal: true
+
+module Keycard
+  # This request wrapper should be used when the application will be served
+  # behind a reverse proxy. It relies on the trusted relationship with the
+  # proxy to use HTTP headers for forwarded values.
+  #
+  # The typical headers forwarded are X-Forwarded-User and X-Forwarded-For,
+  # which, somewhat confusingly, are transposed into HTTP_X_REMOTE_USER and
+  # HTTP_X_FORWARDED_FOR once the Rack request is assembled.
+  class ProxiedRequest < SimpleDelegator
+    def self.for(request)
+      new(request)
+    end
+
+    def username
+      env['HTTP_X_REMOTE_USER'] || ''
+    end
+
+    def client_ip
+      (env['HTTP_X_FORWARDED_FOR'] || '').split(',').first || ''
+    end
+  end
+end

data/lib/keycard/railtie.rb

@@ -66,9 +66,14 @@ module Keycard
     initializer "keycard.before_initializers", before: :load_config_initializers do
       config = Keycard::DB.config
       unless config.url
-        opts = ActiveRecord::Base.connection.instance_variable_get(:@config).dup
-        opts.delete(:flags)
-        config[:opts] = opts
+        case Rails.env
+        when "development"
+          config[:opts] = { adapter: 'sqlite', database: "db/keycard_development.sqlite3" }
+        when "test"
+          config[:opts] = { adapter: 'sqlite' }
+        else 
+          raise "Keycard::DB.config must be configured"
+        end
       end
 
       Railtie.before_blocks.each do |block|

data/lib/keycard/request_attributes.rb

@@ -5,9 +5,10 @@ module Keycard
   # complete set of things that determine the user's #identity), given a Rack
   # request.
   class RequestAttributes
-    def initialize(request, finder: InstitutionFinder.new)
-      @finder = finder
-      @request = request
+    def initialize(request, finder: InstitutionFinder.new, request_factory: default_factory)
+      @request  = request
+      @finder   = finder
+      @request_factory = request_factory
     end
 
     def [](attr)
@@ -15,12 +16,34 @@ module Keycard
     end
 
     def all
-      finder.attributes_for(request)
+      user_attributes.merge(finder.attributes_for(request))
     end
 
     private
 
+    def user_attributes
+      { username: request.username }
+    end
+
+    def request
+      request_factory.for(@request)
+    end
+
+    def default_factory
+      access = Keycard.config.access.to_sym
+      case access
+      when :direct
+        DirectRequest
+      when :proxy
+        ProxiedRequest
+      else
+        # TODO: Warn about this once to the appropriate log; probably in a config check, not here.
+        # puts "Keycard does not recognize the '#{access}' access mode, using 'direct'."
+        DirectRequest
+      end
+    end
+
     attr_reader :finder
-    attr_reader :request
+    attr_reader :request_factory
   end
 end

data/lib/keycard/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module Keycard
-  VERSION = "0.1.1"
+  VERSION = "0.1.2"
 end

data/lib/keycard.rb

@@ -2,12 +2,20 @@
 
 require "keycard/version"
 require "sequel"
+require "ostruct"
 
 # All of the Keycard components are contained within this top-level module.
 module Keycard
+  def self.config
+    @config ||= OpenStruct.new(
+      access: :direct
+    )
+  end
 end
 
 require "keycard/db"
 require "keycard/railtie" if defined?(Rails)
 require "keycard/request_attributes"
 require "keycard/institution_finder"
+require "keycard/direct_request"
+require "keycard/proxied_request"

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: keycard
 version: !ruby/object:Gem::Version
-  version: 0.1.1
+  version: 0.1.2
 platform: ruby
 authors:
 - Noah Botimer
@@ -9,22 +9,8 @@ authors:
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2018-03-23 00:00:00.000000000 Z
+date: 2018-06-08 00:00:00.000000000 Z
 dependencies:
-- !ruby/object:Gem::Dependency
-  name: mysql2
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '0'
-  type: :runtime
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '0'
 - !ruby/object:Gem::Dependency
   name: sequel
   requirement: !ruby/object:Gem::Requirement
@@ -202,7 +188,9 @@ files:
 - keycard.gemspec
 - lib/keycard.rb
 - lib/keycard/db.rb
+- lib/keycard/direct_request.rb
 - lib/keycard/institution_finder.rb
+- lib/keycard/proxied_request.rb
 - lib/keycard/railtie.rb
 - lib/keycard/request_attributes.rb
 - lib/keycard/version.rb