keycloak_rack 1.0.0

data/lib/keycloak_rack/skip_authentication.rb

@@ -0,0 +1,44 @@
+# frozen_string_literal: true
+
+module KeycloakRack
+  # Check if the request should be skipped based on the request method and path.
+  #
+  # @api private
+  # @!visibility private
+  class SkipAuthentication
+    include Dry::Monads[:result]
+
+    include Import[config: "keycloak-rack.config"]
+
+    delegate :skip_paths, to: :config
+
+    # @return [Dry::Monads::Success(Boolean)]
+    def call(env)
+      method = env["REQUEST_METHOD"].to_s.downcase
+      path   = env["PATH_INFO"]
+
+      return Success(true) if preflight?(method, env)
+      return Success(true) if should_skip?(method, path)
+
+      Success(false)
+    end
+
+    private
+
+    def should_skip?(method, path)
+      method_paths = skip_paths.fetch(method, [])
+
+      method_paths.any? do |path_pattern|
+        if path_pattern.kind_of?(Regexp)
+          path_pattern.match? path
+        else
+          path_pattern == path
+        end
+      end
+    end
+
+    def preflight?(method, headers)
+      method == "options" && headers["HTTP_ACCESS_CONTROL_REQUEST_METHOD"].present?
+    end
+  end
+end

data/lib/keycloak_rack/types.rb

@@ -0,0 +1,42 @@
+# frozen_string_literal: true
+
+module KeycloakRack
+  # dry-rb types for this gem.
+  #
+  # @see https://dry-rb.org/gems/dry-types
+  # @api private
+  # @!visibility private
+  module Types
+    include Dry.Types
+
+    # A type to make indifferent hashes
+    #
+    # @api private
+    IndifferentHash = Types.Constructor(::ActiveSupport::HashWithIndifferentAccess) do |value|
+      Types::Coercible::Hash[value].with_indifferent_access
+    end
+
+    # A type to validate skip paths
+    #
+    # @api private
+    SkipPaths = Types::Hash.map(
+      Types::Coercible::String,
+      Types::Array.of(Types::String | Types.Instance(Regexp))
+    )
+
+    # A type to make arrays of strings
+    StringList = Types::Array.of(Types::String).default { [] }
+
+    # A type to parse timestamps
+    # @api private
+    Timestamp = Types.Constructor(::Time) do |value|
+      # :nocov:
+      case value
+      when Integer then ::Time.at(value)
+      when ::Time then value
+      when Types.Interface(:to_time) then value.to_time
+      end
+      # :nocov:
+    end.optional
+  end
+end

data/lib/keycloak_rack/version.rb

@@ -0,0 +1,6 @@
+# frozen_string_literal: true
+
+module KeycloakRack
+  # Gem version
+  VERSION = "1.0.0"
+end

data/lib/keycloak_rack/with_config.rb

@@ -0,0 +1,15 @@
+# frozen_string_literal: true
+
+module KeycloakRack
+  # Adds `config` as a property without using {KeycloakRack::Import},
+  # for instances where dependency injection doesn't make sense.
+  #
+  # @!visibility private
+  module WithConfig
+    # @!attribute [r] config
+    # @return [KeycloakRack::Config]
+    def config
+      KeycloakRack::Container["keycloak-rack.config"]
+    end
+  end
+end

data/spec/dummy/.ruby-version

@@ -0,0 +1 @@
+2.7.2

data/spec/dummy/README.md

@@ -0,0 +1,24 @@
+# README
+
+This README would normally document whatever steps are necessary to get the
+application up and running.
+
+Things you may want to cover:
+
+* Ruby version
+
+* System dependencies
+
+* Configuration
+
+* Database creation
+
+* Database initialization
+
+* How to run the test suite
+
+* Services (job queues, cache servers, search engines, etc.)
+
+* Deployment instructions
+
+* ...

data/spec/dummy/Rakefile

@@ -0,0 +1,8 @@
+# frozen_string_literal: true
+
+# Add your own tasks in files placed in lib/tasks ending in .rake,
+# for example lib/tasks/capistrano.rake, and they will automatically be available to Rake.
+
+require_relative "config/application"
+
+Rails.application.load_tasks

data/spec/dummy/app/controllers/application_controller.rb

@@ -0,0 +1,22 @@
+# frozen_string_literal: true
+
+class ApplicationController < ActionController::API
+  before_action :authenticate_user!
+
+  # @return [void]
+  def authenticate_user!
+    request.env["keycloak:session"].authenticate! do |m|
+      m.success(:authenticated) do |_, token|
+        @current_user = { keycloak_id: token.keycloak_id }
+      end
+
+      m.success do
+        @current_user = { anonymous: true }
+      end
+
+      m.failure do |code, reason|
+        render json: { errors: [{ message: "Auth Failure" }] }, status: :forbidden
+      end
+    end
+  end
+end

data/spec/dummy/app/controllers/test_controller.rb

@@ -0,0 +1,9 @@
+# frozen_string_literal: true
+
+class TestController < ApplicationController
+  def root
+    render json: @current_user
+  rescue StandardError => e
+    render json: { error: e, backtrace: e.backtrace }, status: :internal_server_error
+  end
+end

data/spec/dummy/config.ru

@@ -0,0 +1,8 @@
+# frozen_string_literal: true
+
+# This file is used by Rack-based servers to start the application.
+
+require_relative "config/environment"
+
+run Rails.application
+Rails.application.load_server

data/spec/dummy/config/application.rb

@@ -0,0 +1,52 @@
+# frozen_string_literal: true
+
+require_relative "boot"
+
+require "rails"
+# Pick the frameworks you want:
+require "active_model/railtie"
+require "active_job/railtie"
+# require "active_record/railtie"
+# require "active_storage/engine"
+require "action_controller/railtie"
+# require "action_mailer/railtie"
+# require "action_mailbox/engine"
+# require "action_text/engine"
+require "action_view/railtie"
+# require "action_cable/engine"
+# require "sprockets/railtie"
+# require "rails/test_unit/railtie"
+
+require "keycloak_rack"
+
+# Require the gems listed in Gemfile, including any gems
+# you've limited to :test, :development, or :production.
+Bundler.require(*Rails.groups)
+
+module Dummy
+  class Application < Rails::Application
+    # Initialize configuration defaults for originally generated Rails version.
+
+    case ENV["BUNDLE_GEMFILE"]
+    when /rails_6_0/
+      config.load_defaults 6.0
+      config.hosts << "www.example.com"
+    when /rails_6_1/
+      config.load_defaults 6.1
+      config.hosts << "www.example.com"
+    end
+
+    # Configuration for the application, engines, and railties goes here.
+    #
+    # These settings can be overridden in specific environments using the files
+    # in config/environments, which are processed later.
+    #
+    # config.time_zone = "Central Time (US & Canada)"
+    # config.eager_load_paths << Rails.root.join("extras")
+
+    # Only loads a smaller set of middleware suitable for API only apps.
+    # Middleware like session, flash, cookies can be added back manually.
+    # Skip views, helpers and assets when generating a new resource.
+    config.api_only = true
+  end
+end

data/spec/dummy/config/boot.rb

@@ -0,0 +1,3 @@
+# frozen_string_literal: true
+
+require "bundler/setup"

data/spec/dummy/config/environment.rb

@@ -0,0 +1,7 @@
+# frozen_string_literal: true
+
+# Load the Rails application.
+require_relative "application"
+
+# Initialize the Rails application.
+Rails.application.initialize!

data/spec/dummy/config/environments/development.rb

@@ -0,0 +1,51 @@
+# frozen_string_literal: true
+
+require "active_support/core_ext/integer/time"
+
+# The test environment is used exclusively to run your application's
+# test suite. You never need to work with it otherwise. Remember that
+# your test database is "scratch space" for the test suite and is wiped
+# and recreated between test runs. Don't rely on the data there!
+
+Rails.application.configure do
+  # Settings specified here will take precedence over those in config/application.rb.
+
+  config.cache_classes = true
+
+  # Do not eager load code on boot. This avoids loading your whole application
+  # just for the purpose of running a single test. If you are using a tool that
+  # preloads Rails for running tests, you may have to set it to true.
+  config.eager_load = false
+
+  # Configure public file server for tests with Cache-Control for performance.
+  config.public_file_server.enabled = true
+  config.public_file_server.headers = {
+    'Cache-Control' => "public, max-age=#{1.hour.to_i}"
+  }
+
+  # Show full error reports and disable caching.
+  config.consider_all_requests_local       = true
+  config.action_controller.perform_caching = false
+  config.cache_store = :null_store
+
+  # Raise exceptions instead of rendering exception templates.
+  config.action_dispatch.show_exceptions = false
+
+  # Disable request forgery protection in test environment.
+  config.action_controller.allow_forgery_protection = false
+
+  # Print deprecation notices to the stderr.
+  config.active_support.deprecation = :stderr
+
+  # Raise exceptions for disallowed deprecations.
+  config.active_support.disallowed_deprecation = :raise
+
+  # Tell Active Support which deprecation messages to disallow.
+  config.active_support.disallowed_deprecation_warnings = []
+
+  # Raises error for missing translations.
+  # config.i18n.raise_on_missing_translations = true
+
+  # Annotate rendered view with file names.
+  # config.action_view.annotate_rendered_view_with_filenames = true
+end

data/spec/dummy/config/environments/test.rb

@@ -0,0 +1,51 @@
+# frozen_string_literal: true
+
+require "active_support/core_ext/integer/time"
+
+# The test environment is used exclusively to run your application's
+# test suite. You never need to work with it otherwise. Remember that
+# your test database is "scratch space" for the test suite and is wiped
+# and recreated between test runs. Don't rely on the data there!
+
+Rails.application.configure do
+  # Settings specified here will take precedence over those in config/application.rb.
+
+  config.cache_classes = true
+
+  # Do not eager load code on boot. This avoids loading your whole application
+  # just for the purpose of running a single test. If you are using a tool that
+  # preloads Rails for running tests, you may have to set it to true.
+  config.eager_load = false
+
+  # Configure public file server for tests with Cache-Control for performance.
+  config.public_file_server.enabled = true
+  config.public_file_server.headers = {
+    'Cache-Control' => "public, max-age=#{1.hour.to_i}"
+  }
+
+  # Show full error reports and disable caching.
+  config.consider_all_requests_local       = true
+  config.action_controller.perform_caching = false
+  config.cache_store = :null_store
+
+  # Raise exceptions instead of rendering exception templates.
+  config.action_dispatch.show_exceptions = false
+
+  # Disable request forgery protection in test environment.
+  config.action_controller.allow_forgery_protection = false
+
+  # Print deprecation notices to the stderr.
+  config.active_support.deprecation = :stderr
+
+  # Raise exceptions for disallowed deprecations.
+  config.active_support.disallowed_deprecation = :raise
+
+  # Tell Active Support which deprecation messages to disallow.
+  config.active_support.disallowed_deprecation_warnings = []
+
+  # Raises error for missing translations.
+  # config.i18n.raise_on_missing_translations = true
+
+  # Annotate rendered view with file names.
+  # config.action_view.annotate_rendered_view_with_filenames = true
+end

data/spec/dummy/config/initializers/application_controller_renderer.rb

@@ -0,0 +1,9 @@
+# frozen_string_literal: true
+# Be sure to restart your server when you modify this file.
+
+# ActiveSupport::Reloader.to_prepare do
+#   ApplicationController.renderer.defaults.merge!(
+#     http_host: 'example.org',
+#     https: false
+#   )
+# end

data/spec/dummy/config/initializers/backtrace_silencers.rb

@@ -0,0 +1,10 @@
+# frozen_string_literal: true
+
+# Be sure to restart your server when you modify this file.
+
+# You can add backtrace silencers for libraries that you're using but don't wish to see in your backtraces.
+# Rails.backtrace_cleaner.add_silencer { |line| /my_noisy_library/.match?(line) }
+
+# You can also remove all the silencers if you're trying to debug a problem that might stem from framework code
+# by setting BACKTRACE=1 before calling your invocation, like "BACKTRACE=1 ./bin/rails runner 'MyClass.perform'".
+Rails.backtrace_cleaner.remove_silencers! if ENV["BACKTRACE"]

data/spec/dummy/config/initializers/cors.rb

@@ -0,0 +1,17 @@
+# frozen_string_literal: true
+# Be sure to restart your server when you modify this file.
+
+# Avoid CORS issues when API is called from the frontend app.
+# Handle Cross-Origin Resource Sharing (CORS) in order to accept cross-origin AJAX requests.
+
+# Read more: https://github.com/cyu/rack-cors
+
+# Rails.application.config.middleware.insert_before 0, Rack::Cors do
+#   allow do
+#     origins 'example.com'
+#
+#     resource '*',
+#       headers: :any,
+#       methods: [:get, :post, :put, :patch, :delete, :options, :head]
+#   end
+# end

data/spec/dummy/config/initializers/filter_parameter_logging.rb

@@ -0,0 +1,8 @@
+# frozen_string_literal: true
+
+# Be sure to restart your server when you modify this file.
+
+# Configure sensitive parameters which will be filtered from the log file.
+Rails.application.config.filter_parameters += [
+  :passw, :secret, :token, :_key, :crypt, :salt, :certificate, :otp, :ssn
+]

data/spec/dummy/config/initializers/inflections.rb

@@ -0,0 +1,17 @@
+# frozen_string_literal: true
+# Be sure to restart your server when you modify this file.
+
+# Add new inflection rules using the following format. Inflections
+# are locale specific, and you may define rules for as many different
+# locales as you wish. All of these examples are active by default:
+# ActiveSupport::Inflector.inflections(:en) do |inflect|
+#   inflect.plural /^(ox)$/i, '\1en'
+#   inflect.singular /^(ox)en/i, '\1'
+#   inflect.irregular 'person', 'people'
+#   inflect.uncountable %w( fish sheep )
+# end
+
+# These inflection rules are supported but not enabled by default:
+# ActiveSupport::Inflector.inflections(:en) do |inflect|
+#   inflect.acronym 'RESTful'
+# end

data/spec/dummy/config/initializers/mime_types.rb

@@ -0,0 +1,5 @@
+# frozen_string_literal: true
+# Be sure to restart your server when you modify this file.
+
+# Add new mime types for use in respond_to blocks:
+# Mime::Type.register "text/richtext", :rtf