RubyGems - menace - Versions diffs - 0.1.0 - Mend

Files changed (14) hide show

checksums.yaml +7 -0
data/MIT-LICENSE +20 -0
data/README.md +97 -0
data/Rakefile +8 -0
data/app/controllers/concerns/authorize.rb +26 -0
data/app/models/concerns/attachment_authorization.rb +21 -0
data/app/models/concerns/blob_authorization.rb +7 -0
data/app/models/menace/current.rb +5 -0
data/config/initializers/active_storage_blob_auth.rb +8 -0
data/config/routes.rb +2 -0
data/lib/menace/engine.rb +4 -0
data/lib/menace/version.rb +3 -0
data/lib/menace.rb +5 -0
metadata +100 -0

checksums.yaml ADDED Viewed

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: 9939131b0ccff4f7ff5e8e3b08c9272f12698fe3d484bf0944f1f955cfb863b2
+  data.tar.gz: eb392879b3f953057fba89eed9eeaaf30bb9c0e45e48f4004d40252d11730dcd
+SHA512:
+  metadata.gz: d92023450db743544b519adb9dd893cf19e37fa46f52e3eb13540184d3c8262c5fb45e5d60d8d31ba8af8dae4a9a157d360b65407b9b919dc94dcba0742d9523
+  data.tar.gz: f64c36fb613e5c812fb57fc2e22204f17b4f8388299f3353503a184da1e6fd3beb5f922fa48c7b6c7fd8117db5ef3e4dbade337406337226ab3b741628c95618

data/MIT-LICENSE ADDED Viewed

@@ -0,0 +1,20 @@
+Copyright 2023 Haroon Ahmed
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.md ADDED Viewed

@@ -0,0 +1,97 @@
+# Menace
+POC for Active Storage blob authentication that's real simple to set up.
+Credit https://github.com/rails/rails/pull/41505#issuecomment-782782926
+## Usage
+First define the `Menace::Current.resource` a Current attribute, inside your controller. This object is passed into the authorize_blob to authenticate the resource.
+Setup your active storage model, for example:
+```ruby
+class User < ApplicationRecord
+  has_one_attached :avatar
+  has_one_attached :cover_photo
+  has_many_attached :documents
+end
+```
+Then define your authorization for the entire User class or for each attachment.
+```ruby
+class User < ApplicationRecord
+  has_one_attached :avatar
+  has_one_attached :cover_photo
+  has_many_attached :documents
+  def authorize_blob?(accessor)
+    # your logic here or return true
+    true
+  end
+end
+```
+When a blob of any of the types (avatar, cover_photo of documents) is accessed, it will be authorized.
+To setup different authorization for different attachment types:
+```ruby
+class User < ApplicationRecord
+  has_one_attached :avatar
+  has_one_attached :cover_photo
+  has_many_attached :documents
+  def authorize_blob_avatar?(accessor)
+    true
+  end
+end
+```
+Or mix and match, note the fallback method is `authorize_blob?` which is used in case a specific attachment method is not defined.
+```ruby
+class User < ApplicationRecord
+  has_one_attached :avatar
+  has_one_attached :cover_photo
+  has_many_attached :documents
+  def authorize_blob_avatar?(accessor)
+    true
+  end
+  def authorize_blob_documents?(accessor)
+    false
+  end
+  def authorize_blob?(accessor)
+    true
+  end
+end
+```
+## Installation
+Add this line to your application's Gemfile:
+```ruby
+gem "menace"
+```
+And then execute:
+```bash
+$ bundle
+```
+Or install it yourself as:
+```bash
+$ gem install menace
+```
+## Contributing
+Contribution directions go here.
+## License
+The gem is available as open source under the terms of the [MIT License](https://opensource.org/licenses/MIT).

data/Rakefile ADDED Viewed

@@ -0,0 +1,8 @@
+require "bundler/setup"
+APP_RAKEFILE = File.expand_path("test/dummy/Rakefile", __dir__)
+load "rails/tasks/engine.rake"
+load "rails/tasks/statistics.rake"
+require "bundler/gem_tasks"

data/app/controllers/concerns/authorize.rb ADDED Viewed

@@ -0,0 +1,26 @@
+# frozen_string_literal: true
+module Authorize
+  extend ActiveSupport::Concern
+  included do
+    before_action :require_authorization
+  end
+  private
+    def require_authorization
+      head :forbidden unless authorized?
+    end
+    def authorized?
+      if resource
+        @blob.authorize_blob?(resource)
+      else
+        true
+      end
+    end
+    def resource
+      Menace::Current.resource
+    end
+end

data/app/models/concerns/attachment_authorization.rb ADDED Viewed

@@ -0,0 +1,21 @@
+# frozen_string_literal: true
+module AttachmentAuthorization
+  def authorize_blob?(object = nil)
+    if record.respond_to?(override_authentication_name)
+      record.try(override_authentication_name, object)
+    else
+      fallback_authorization(object)
+    end
+  end
+  private
+  def fallback_authorization(object)
+    record.try(:authorize_blob?, object)
+  end
+  def override_authentication_name
+    @_override_authentication_name ||= "authorize_blob_#{name}?".to_sym
+  end
+end

data/app/models/concerns/blob_authorization.rb ADDED Viewed

@@ -0,0 +1,7 @@
+# frozen_string_literal: true
+module BlobAuthorization
+  def authorize_blob?(object = nil)
+    attachments.includes(:record).any? { |attachment| attachment.authorize_blob?(object) } || attachments.none?
+  end
+end

data/app/models/menace/current.rb ADDED Viewed

@@ -0,0 +1,5 @@
+# frozen_string_literal: true
+class Menace::Current < ActiveSupport::CurrentAttributes # :nodoc:
+  attr_accessor :resource
+end

data/config/initializers/active_storage_blob_auth.rb ADDED Viewed

@@ -0,0 +1,8 @@
+Rails.application.config.to_prepare do
+  ActiveStorage::Blob.include BlobAuthorization
+  ActiveStorage::Attachment.include AttachmentAuthorization
+  ActiveStorage::Blobs::RedirectController.include Authorize
+  ActiveStorage::Blobs::ProxyController.include Authorize
+  ActiveStorage::Representations::RedirectController.include Authorize
+  ActiveStorage::Representations::ProxyController.include Authorize
+end

data/config/routes.rb ADDED Viewed

	@@ -0,0 +1,2 @@
1	+ Rails.application.routes.draw do
2	+ end

data/lib/menace/engine.rb ADDED Viewed

@@ -0,0 +1,4 @@
+module Menace
+  class Engine < ::Rails::Engine
+  end
+end

data/lib/menace/version.rb ADDED Viewed

@@ -0,0 +1,3 @@
+module Menace
+  VERSION = "0.1.0"
+end

data/lib/menace.rb ADDED Viewed

@@ -0,0 +1,5 @@
+require "menace/version"
+require "menace/engine"
+module Menace
+end

metadata ADDED Viewed

@@ -0,0 +1,100 @@
+--- !ruby/object:Gem::Specification
+name: menace
+version: !ruby/object:Gem::Version
+  version: 0.1.0
+platform: ruby
+authors:
+- Haroon Ahmed
+autorequire:
+bindir: bin
+cert_chain: []
+date: 2023-02-23 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: rails
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 7.0.4
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 7.0.4
+- !ruby/object:Gem::Dependency
+  name: sqlite3
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.4'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.4'
+- !ruby/object:Gem::Dependency
+  name: mocha
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.0'
+description: Make it easier to authenticate Active Storage blobs.
+email:
+- haroon.ahmed25@gmail.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- MIT-LICENSE
+- README.md
+- Rakefile
+- app/controllers/concerns/authorize.rb
+- app/models/concerns/attachment_authorization.rb
+- app/models/concerns/blob_authorization.rb
+- app/models/menace/current.rb
+- config/initializers/active_storage_blob_auth.rb
+- config/routes.rb
+- lib/menace.rb
+- lib/menace/engine.rb
+- lib/menace/version.rb
+homepage: https://github.com/hahmed/menace
+licenses:
+- MIT
+metadata:
+  homepage_uri: https://github.com/hahmed/menace
+  source_code_uri: https://github.com/hahmed/menace
+  changelog_uri: https://github.com/hahmed/menace
+post_install_message:
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: 2.7.0
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubygems_version: 3.4.3
+signing_key:
+specification_version: 4
+summary: Menace is an Active Storage blob authentication gem.
+test_files: []

menace 0.1.0