menace 0.1.0

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml ADDED
@@ -0,0 +1,7 @@
1
+ ---
2
+ SHA256:
3
+ metadata.gz: 9939131b0ccff4f7ff5e8e3b08c9272f12698fe3d484bf0944f1f955cfb863b2
4
+ data.tar.gz: eb392879b3f953057fba89eed9eeaaf30bb9c0e45e48f4004d40252d11730dcd
5
+ SHA512:
6
+ metadata.gz: d92023450db743544b519adb9dd893cf19e37fa46f52e3eb13540184d3c8262c5fb45e5d60d8d31ba8af8dae4a9a157d360b65407b9b919dc94dcba0742d9523
7
+ data.tar.gz: f64c36fb613e5c812fb57fc2e22204f17b4f8388299f3353503a184da1e6fd3beb5f922fa48c7b6c7fd8117db5ef3e4dbade337406337226ab3b741628c95618
data/MIT-LICENSE ADDED
@@ -0,0 +1,20 @@
1
+ Copyright 2023 Haroon Ahmed
2
+
3
+ Permission is hereby granted, free of charge, to any person obtaining
4
+ a copy of this software and associated documentation files (the
5
+ "Software"), to deal in the Software without restriction, including
6
+ without limitation the rights to use, copy, modify, merge, publish,
7
+ distribute, sublicense, and/or sell copies of the Software, and to
8
+ permit persons to whom the Software is furnished to do so, subject to
9
+ the following conditions:
10
+
11
+ The above copyright notice and this permission notice shall be
12
+ included in all copies or substantial portions of the Software.
13
+
14
+ THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
15
+ EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
16
+ MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
17
+ NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
18
+ LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
19
+ OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
20
+ WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
data/README.md ADDED
@@ -0,0 +1,97 @@
1
+ # Menace
2
+
3
+ POC for Active Storage blob authentication that's real simple to set up.
4
+
5
+ Credit https://github.com/rails/rails/pull/41505#issuecomment-782782926
6
+
7
+ ## Usage
8
+
9
+ First define the `Menace::Current.resource` a Current attribute, inside your controller. This object is passed into the authorize_blob to authenticate the resource.
10
+
11
+ Setup your active storage model, for example:
12
+
13
+ ```ruby
14
+ class User < ApplicationRecord
15
+ has_one_attached :avatar
16
+ has_one_attached :cover_photo
17
+ has_many_attached :documents
18
+ end
19
+ ```
20
+
21
+ Then define your authorization for the entire User class or for each attachment.
22
+
23
+ ```ruby
24
+ class User < ApplicationRecord
25
+ has_one_attached :avatar
26
+ has_one_attached :cover_photo
27
+ has_many_attached :documents
28
+
29
+ def authorize_blob?(accessor)
30
+ # your logic here or return true
31
+ true
32
+ end
33
+ end
34
+ ```
35
+
36
+ When a blob of any of the types (avatar, cover_photo of documents) is accessed, it will be authorized.
37
+
38
+ To setup different authorization for different attachment types:
39
+
40
+
41
+ ```ruby
42
+ class User < ApplicationRecord
43
+ has_one_attached :avatar
44
+ has_one_attached :cover_photo
45
+ has_many_attached :documents
46
+
47
+ def authorize_blob_avatar?(accessor)
48
+ true
49
+ end
50
+ end
51
+ ```
52
+
53
+ Or mix and match, note the fallback method is `authorize_blob?` which is used in case a specific attachment method is not defined.
54
+
55
+
56
+ ```ruby
57
+ class User < ApplicationRecord
58
+ has_one_attached :avatar
59
+ has_one_attached :cover_photo
60
+ has_many_attached :documents
61
+
62
+ def authorize_blob_avatar?(accessor)
63
+ true
64
+ end
65
+
66
+ def authorize_blob_documents?(accessor)
67
+ false
68
+ end
69
+
70
+ def authorize_blob?(accessor)
71
+ true
72
+ end
73
+ end
74
+ ```
75
+
76
+ ## Installation
77
+ Add this line to your application's Gemfile:
78
+
79
+ ```ruby
80
+ gem "menace"
81
+ ```
82
+
83
+ And then execute:
84
+ ```bash
85
+ $ bundle
86
+ ```
87
+
88
+ Or install it yourself as:
89
+ ```bash
90
+ $ gem install menace
91
+ ```
92
+
93
+ ## Contributing
94
+ Contribution directions go here.
95
+
96
+ ## License
97
+ The gem is available as open source under the terms of the [MIT License](https://opensource.org/licenses/MIT).
data/Rakefile ADDED
@@ -0,0 +1,8 @@
1
+ require "bundler/setup"
2
+
3
+ APP_RAKEFILE = File.expand_path("test/dummy/Rakefile", __dir__)
4
+ load "rails/tasks/engine.rake"
5
+
6
+ load "rails/tasks/statistics.rake"
7
+
8
+ require "bundler/gem_tasks"
@@ -0,0 +1,26 @@
1
+ # frozen_string_literal: true
2
+
3
+ module Authorize
4
+ extend ActiveSupport::Concern
5
+
6
+ included do
7
+ before_action :require_authorization
8
+ end
9
+
10
+ private
11
+ def require_authorization
12
+ head :forbidden unless authorized?
13
+ end
14
+
15
+ def authorized?
16
+ if resource
17
+ @blob.authorize_blob?(resource)
18
+ else
19
+ true
20
+ end
21
+ end
22
+
23
+ def resource
24
+ Menace::Current.resource
25
+ end
26
+ end
@@ -0,0 +1,21 @@
1
+ # frozen_string_literal: true
2
+
3
+ module AttachmentAuthorization
4
+ def authorize_blob?(object = nil)
5
+ if record.respond_to?(override_authentication_name)
6
+ record.try(override_authentication_name, object)
7
+ else
8
+ fallback_authorization(object)
9
+ end
10
+ end
11
+
12
+ private
13
+
14
+ def fallback_authorization(object)
15
+ record.try(:authorize_blob?, object)
16
+ end
17
+
18
+ def override_authentication_name
19
+ @_override_authentication_name ||= "authorize_blob_#{name}?".to_sym
20
+ end
21
+ end
@@ -0,0 +1,7 @@
1
+ # frozen_string_literal: true
2
+
3
+ module BlobAuthorization
4
+ def authorize_blob?(object = nil)
5
+ attachments.includes(:record).any? { |attachment| attachment.authorize_blob?(object) } || attachments.none?
6
+ end
7
+ end
@@ -0,0 +1,5 @@
1
+ # frozen_string_literal: true
2
+
3
+ class Menace::Current < ActiveSupport::CurrentAttributes # :nodoc:
4
+ attr_accessor :resource
5
+ end
@@ -0,0 +1,8 @@
1
+ Rails.application.config.to_prepare do
2
+ ActiveStorage::Blob.include BlobAuthorization
3
+ ActiveStorage::Attachment.include AttachmentAuthorization
4
+ ActiveStorage::Blobs::RedirectController.include Authorize
5
+ ActiveStorage::Blobs::ProxyController.include Authorize
6
+ ActiveStorage::Representations::RedirectController.include Authorize
7
+ ActiveStorage::Representations::ProxyController.include Authorize
8
+ end
data/config/routes.rb ADDED
@@ -0,0 +1,2 @@
1
+ Rails.application.routes.draw do
2
+ end
@@ -0,0 +1,4 @@
1
+ module Menace
2
+ class Engine < ::Rails::Engine
3
+ end
4
+ end
@@ -0,0 +1,3 @@
1
+ module Menace
2
+ VERSION = "0.1.0"
3
+ end
data/lib/menace.rb ADDED
@@ -0,0 +1,5 @@
1
+ require "menace/version"
2
+ require "menace/engine"
3
+
4
+ module Menace
5
+ end
metadata ADDED
@@ -0,0 +1,100 @@
1
+ --- !ruby/object:Gem::Specification
2
+ name: menace
3
+ version: !ruby/object:Gem::Version
4
+ version: 0.1.0
5
+ platform: ruby
6
+ authors:
7
+ - Haroon Ahmed
8
+ autorequire:
9
+ bindir: bin
10
+ cert_chain: []
11
+ date: 2023-02-23 00:00:00.000000000 Z
12
+ dependencies:
13
+ - !ruby/object:Gem::Dependency
14
+ name: rails
15
+ requirement: !ruby/object:Gem::Requirement
16
+ requirements:
17
+ - - ">="
18
+ - !ruby/object:Gem::Version
19
+ version: 7.0.4
20
+ type: :runtime
21
+ prerelease: false
22
+ version_requirements: !ruby/object:Gem::Requirement
23
+ requirements:
24
+ - - ">="
25
+ - !ruby/object:Gem::Version
26
+ version: 7.0.4
27
+ - !ruby/object:Gem::Dependency
28
+ name: sqlite3
29
+ requirement: !ruby/object:Gem::Requirement
30
+ requirements:
31
+ - - "~>"
32
+ - !ruby/object:Gem::Version
33
+ version: '1.4'
34
+ type: :development
35
+ prerelease: false
36
+ version_requirements: !ruby/object:Gem::Requirement
37
+ requirements:
38
+ - - "~>"
39
+ - !ruby/object:Gem::Version
40
+ version: '1.4'
41
+ - !ruby/object:Gem::Dependency
42
+ name: mocha
43
+ requirement: !ruby/object:Gem::Requirement
44
+ requirements:
45
+ - - "~>"
46
+ - !ruby/object:Gem::Version
47
+ version: '2.0'
48
+ type: :development
49
+ prerelease: false
50
+ version_requirements: !ruby/object:Gem::Requirement
51
+ requirements:
52
+ - - "~>"
53
+ - !ruby/object:Gem::Version
54
+ version: '2.0'
55
+ description: Make it easier to authenticate Active Storage blobs.
56
+ email:
57
+ - haroon.ahmed25@gmail.com
58
+ executables: []
59
+ extensions: []
60
+ extra_rdoc_files: []
61
+ files:
62
+ - MIT-LICENSE
63
+ - README.md
64
+ - Rakefile
65
+ - app/controllers/concerns/authorize.rb
66
+ - app/models/concerns/attachment_authorization.rb
67
+ - app/models/concerns/blob_authorization.rb
68
+ - app/models/menace/current.rb
69
+ - config/initializers/active_storage_blob_auth.rb
70
+ - config/routes.rb
71
+ - lib/menace.rb
72
+ - lib/menace/engine.rb
73
+ - lib/menace/version.rb
74
+ homepage: https://github.com/hahmed/menace
75
+ licenses:
76
+ - MIT
77
+ metadata:
78
+ homepage_uri: https://github.com/hahmed/menace
79
+ source_code_uri: https://github.com/hahmed/menace
80
+ changelog_uri: https://github.com/hahmed/menace
81
+ post_install_message:
82
+ rdoc_options: []
83
+ require_paths:
84
+ - lib
85
+ required_ruby_version: !ruby/object:Gem::Requirement
86
+ requirements:
87
+ - - ">="
88
+ - !ruby/object:Gem::Version
89
+ version: 2.7.0
90
+ required_rubygems_version: !ruby/object:Gem::Requirement
91
+ requirements:
92
+ - - ">="
93
+ - !ruby/object:Gem::Version
94
+ version: '0'
95
+ requirements: []
96
+ rubygems_version: 3.4.3
97
+ signing_key:
98
+ specification_version: 4
99
+ summary: Menace is an Active Storage blob authentication gem.
100
+ test_files: []