RubyGems - menace - Versions diffs - 0.1.0 - Mend

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (14) hide show

checksums.yaml +7 -0
data/MIT-LICENSE +20 -0
data/README.md +97 -0
data/Rakefile +8 -0
data/app/controllers/concerns/authorize.rb +26 -0
data/app/models/concerns/attachment_authorization.rb +21 -0
data/app/models/concerns/blob_authorization.rb +7 -0
data/app/models/menace/current.rb +5 -0
data/config/initializers/active_storage_blob_auth.rb +8 -0
data/config/routes.rb +2 -0
data/lib/menace/engine.rb +4 -0
data/lib/menace/version.rb +3 -0
data/lib/menace.rb +5 -0
metadata +100 -0

checksums.yaml ADDED Viewed

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: 9939131b0ccff4f7ff5e8e3b08c9272f12698fe3d484bf0944f1f955cfb863b2
+  data.tar.gz: eb392879b3f953057fba89eed9eeaaf30bb9c0e45e48f4004d40252d11730dcd
+SHA512:
+  metadata.gz: d92023450db743544b519adb9dd893cf19e37fa46f52e3eb13540184d3c8262c5fb45e5d60d8d31ba8af8dae4a9a157d360b65407b9b919dc94dcba0742d9523
+  data.tar.gz: f64c36fb613e5c812fb57fc2e22204f17b4f8388299f3353503a184da1e6fd3beb5f922fa48c7b6c7fd8117db5ef3e4dbade337406337226ab3b741628c95618

data/MIT-LICENSE ADDED Viewed

@@ -0,0 +1,20 @@
+Copyright 2023 Haroon Ahmed
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.md ADDED Viewed

@@ -0,0 +1,97 @@
+# Menace
+POC for Active Storage blob authentication that's real simple to set up.
+Credit https://github.com/rails/rails/pull/41505#issuecomment-782782926
+## Usage
+First define the `Menace::Current.resource` a Current attribute, inside your controller. This object is passed into the authorize_blob to authenticate the resource.
+Setup your active storage model, for example:
+```ruby
+class User < ApplicationRecord
+  has_one_attached :avatar
+  has_one_attached :cover_photo
+  has_many_attached :documents
+end
+```
+Then define your authorization for the entire User class or for each attachment.
+```ruby
+class User < ApplicationRecord
+  has_one_attached :avatar
+  has_one_attached :cover_photo
+  has_many_attached :documents
+  def authorize_blob?(accessor)
+    # your logic here or return true
+    true
+  end
+end
+```
+When a blob of any of the types (avatar, cover_photo of documents) is accessed, it will be authorized.
+To setup different authorization for different attachment types:
+```ruby
+class User < ApplicationRecord
+  has_one_attached :avatar
+  has_one_attached :cover_photo
+  has_many_attached :documents
+  def authorize_blob_avatar?(accessor)
+    true
+  end
+end
+```
+Or mix and match, note the fallback method is `authorize_blob?` which is used in case a specific attachment method is not defined.
+```ruby
+class User < ApplicationRecord
+  has_one_attached :avatar
+  has_one_attached :cover_photo
+  has_many_attached :documents
+  def authorize_blob_avatar?(accessor)
+    true
+  end
+  def authorize_blob_documents?(accessor)
+    false
+  end
+  def authorize_blob?(accessor)
+    true
+  end
+end
+```
+## Installation
+Add this line to your application's Gemfile:
+```ruby
+gem "menace"
+```
+And then execute:
+```bash
+$ bundle
+```
+Or install it yourself as:
+```bash
+$ gem install menace
+```
+## Contributing
+Contribution directions go here.
+## License
+The gem is available as open source under the terms of the [MIT License](https://opensource.org/licenses/MIT).

data/Rakefile ADDED Viewed

@@ -0,0 +1,8 @@
+require "bundler/setup"
+APP_RAKEFILE = File.expand_path("test/dummy/Rakefile", __dir__)
+load "rails/tasks/engine.rake"
+load "rails/tasks/statistics.rake"
+require "bundler/gem_tasks"

data/app/controllers/concerns/authorize.rb ADDED Viewed

@@ -0,0 +1,26 @@
+# frozen_string_literal: true
+module Authorize
+  extend ActiveSupport::Concern
+  included do
+    before_action :require_authorization
+  end
+  private
+    def require_authorization
+      head :forbidden unless authorized?
+    end
+    def authorized?
+      if resource
+        @blob.authorize_blob?(resource)
+      else
+        true
+      end
+    end
+    def resource
+      Menace::Current.resource
+    end
+end

data/app/models/concerns/attachment_authorization.rb ADDED Viewed

@@ -0,0 +1,21 @@
+# frozen_string_literal: true
+module AttachmentAuthorization
+  def authorize_blob?(object = nil)
+    if record.respond_to?(override_authentication_name)
+      record.try(override_authentication_name, object)
+    else
+      fallback_authorization(object)
+    end
+  end
+  private
+  def fallback_authorization(object)
+    record.try(:authorize_blob?, object)
+  end
+  def override_authentication_name
+    @_override_authentication_name ||= "authorize_blob_#{name}?".to_sym
+  end
+end

data/app/models/concerns/blob_authorization.rb ADDED Viewed

@@ -0,0 +1,7 @@
+# frozen_string_literal: true
+module BlobAuthorization
+  def authorize_blob?(object = nil)
+    attachments.includes(:record).any? { |attachment| attachment.authorize_blob?(object) } || attachments.none?
+  end
+end

data/app/models/menace/current.rb ADDED Viewed

@@ -0,0 +1,5 @@
+# frozen_string_literal: true
+class Menace::Current < ActiveSupport::CurrentAttributes # :nodoc:
+  attr_accessor :resource
+end

data/config/initializers/active_storage_blob_auth.rb ADDED Viewed

@@ -0,0 +1,8 @@
+Rails.application.config.to_prepare do
+  ActiveStorage::Blob.include BlobAuthorization
+  ActiveStorage::Attachment.include AttachmentAuthorization
+  ActiveStorage::Blobs::RedirectController.include Authorize
+  ActiveStorage::Blobs::ProxyController.include Authorize
+  ActiveStorage::Representations::RedirectController.include Authorize
+  ActiveStorage::Representations::ProxyController.include Authorize
+end

data/config/routes.rb ADDED Viewed

	@@ -0,0 +1,2 @@
1	+ Rails.application.routes.draw do
2	+ end

data/lib/menace/engine.rb ADDED Viewed

@@ -0,0 +1,4 @@
+module Menace
+  class Engine < ::Rails::Engine
+  end
+end

data/lib/menace/version.rb ADDED Viewed

@@ -0,0 +1,3 @@
+module Menace
+  VERSION = "0.1.0"
+end

data/lib/menace.rb ADDED Viewed

@@ -0,0 +1,5 @@
+require "menace/version"
+require "menace/engine"
+module Menace
+end

metadata ADDED Viewed

@@ -0,0 +1,100 @@
+--- !ruby/object:Gem::Specification
+name: menace
+version: !ruby/object:Gem::Version
+  version: 0.1.0
+platform: ruby
+authors:
+- Haroon Ahmed
+autorequire:
+bindir: bin
+cert_chain: []
+date: 2023-02-23 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: rails
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 7.0.4
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 7.0.4
+- !ruby/object:Gem::Dependency
+  name: sqlite3
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.4'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.4'
+- !ruby/object:Gem::Dependency
+  name: mocha
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.0'
+description: Make it easier to authenticate Active Storage blobs.
+email:
+- haroon.ahmed25@gmail.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- MIT-LICENSE
+- README.md
+- Rakefile
+- app/controllers/concerns/authorize.rb
+- app/models/concerns/attachment_authorization.rb
+- app/models/concerns/blob_authorization.rb
+- app/models/menace/current.rb
+- config/initializers/active_storage_blob_auth.rb
+- config/routes.rb
+- lib/menace.rb
+- lib/menace/engine.rb
+- lib/menace/version.rb
+homepage: https://github.com/hahmed/menace
+licenses:
+- MIT
+metadata:
+  homepage_uri: https://github.com/hahmed/menace
+  source_code_uri: https://github.com/hahmed/menace
+  changelog_uri: https://github.com/hahmed/menace
+post_install_message:
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: 2.7.0
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubygems_version: 3.4.3
+signing_key:
+specification_version: 4
+summary: Menace is an Active Storage blob authentication gem.
+test_files: []

menace 0.1.0