RubyGems - moesif_rack - Versions diffs - 1.4.19 → 1.5.1 - Mend

moesif_rack 1.4.19 → 1.5.1

Files changed (16) hide show

checksums.yaml +4 -4
data/lib/moesif_rack/app_config.rb +87 -120
data/lib/moesif_rack/client_ip.rb +61 -102
data/lib/moesif_rack/governance_rules.rb +483 -0
data/lib/moesif_rack/moesif_helpers.rb +57 -6
data/lib/moesif_rack/moesif_middleware.rb +168 -142
data/lib/moesif_rack/regex_config_helper.rb +96 -104
data/lib/moesif_rack/update_company.rb +44 -48
data/lib/moesif_rack/update_user.rb +44 -48
data/moesif_capture_outgoing/httplog/adapters/net_http.rb +18 -21
data/moesif_capture_outgoing/httplog/http_log.rb +54 -85
data/moesif_capture_outgoing/httplog.rb +2 -2
data/test/config_example.json +1477 -0
data/test/govrule_example.json +20 -0
data/test/test_governance_rules.rb +212 -0
metadata +8 -4

data/test/govrule_example.json ADDED Viewed

@@ -0,0 +1,20 @@
+{
+  "_id": "647e8bd1b80b4f10945463c9",
+  "type": "user",
+  "block": true,
+  "name": "test",
+  "appliedTo": "matching",
+  "appliedToUnidentified": false,
+  "regex_config": [],
+  "cohorts": [{ "id": "647e8bbbed26fe10468dfe55", "type": "user" }],
+  "state": 2,
+  "response": {
+    "status": 100,
+    "headers": { "test": "{{1}}" },
+    "body": { "test": "{{0}}" }
+  },
+  "variables": [
+    { "name": "0", "path": "cohort_names" },
+    { "name": "1", "path": "first_seen_time" }
+  ]
+}

data/test/test_governance_rules.rb ADDED Viewed

@@ -0,0 +1,212 @@
+require 'moesif_api'
+require 'test/unit'
+require 'rack'
+require 'net/http'
+require_relative '../lib/moesif_rack/app_config'
+require_relative '../lib/moesif_rack'
+require_relative '../lib/moesif_rack/governance_rules'
+class GovernanceRulesTest < Test::Unit::TestCase
+  self.test_order = :defined
+  def setup
+    return if @already_setup
+    @goverance_rule_manager = GovernanceRules.new(true)
+    @api_client = MoesifApi::MoesifAPIClient.new('Your Moesif Application Id')
+    @goverance_rule_manager.load_rules(@api_client.api)
+    @already_setup = true
+  end
+  def test_get_applicable_regex_rules
+    request_fields = {
+      'request.verb' => 'GET',
+      'request.ip_address' => '125.2.3.2',
+      'request.route' => "",
+      'request.body.operationName' => "operator name"
+    }
+    request_body = {
+      "subject" => "should_block"
+    }
+    applicable_rules = @goverance_rule_manager.get_applicable_regex_rules(request_fields, request_body)
+    print "\nFound #{applicable_rules.length} applicable rule for regex only rules-------\n"
+    print applicable_rules.to_s
+    print "\n-------------\n"
+    assert(applicable_rules.length === 1, "expect to get at least one regex rule")
+  end
+  def test_get_applicable_user_rules_for_unidentified_user
+    request_fields = {
+      'request.route' => "test/no_italy",
+    }
+    request_body = {
+      "subject" => "should_block"
+    }
+    applicable_rules = @goverance_rule_manager.get_applicable_user_rules_for_unidentified_user(request_fields, request_body)
+    print "\nFound #{applicable_rules.length} applicable rule for anonymous user-------\n"
+    print applicable_rules.to_s
+    print "\n-------------\n"
+    assert(applicable_rules.length === 1, "expect to get 1 unidentified user rules")
+  end
+  def test_get_applicable_user_rules_for_matching
+    request_fields = {
+      'request.route' => "test/no_italy",
+    }
+    request_body = {
+      "subject" => "should_block"
+    }
+    user_id = 'rome1'
+    #for user id matched rules it depends on getting from config_rules_values
+    #for that particular user id.
+    # for this test case I will use this rule as fake input
+    #https://www.moesif.com/wrap/app/88:210-1051:5/governance-rule/64a5b8f9aca3042266d36ebc
+    config_user_rules_values = [
+      {
+        "rules" => "64a5b8f9aca3042266d36ebc",
+        "values" => {
+          "0" => "rome",
+          "1" => "some value for 1",
+          "2" => "some value for 2",
+        }
+      }
+    ]
+    applicable_rules = @goverance_rule_manager.get_applicable_user_rules(request_fields, request_body, config_user_rules_values)
+    print "\nFound #{applicable_rules.length} applicable rule for identified user based on event and config user rule values-------\n"
+    print applicable_rules.to_s
+    print "\n-------------\n"
+    assert(applicable_rules.length === 1, "expect 1 rules")
+    fake_response = {
+      status: 200,
+      headers: {
+        "original-header" => "should be preserved"
+      },
+      body: {
+        "foo_bar" => "if not blocked this would show"
+      }
+    }
+    new_response = @goverance_rule_manager.apply_rules_list(applicable_rules, fake_response, config_user_rules_values);
+    print "new resposne is: \n"
+    print new_response.to_s
+    print "\n------------------\n"
+  end
+  def test_get_applicable_user_rules_in_cohort_but_rule_is_apply_to_not_in_cohort
+    request_fields = {
+      'request.route' => "hello/canada",
+    }
+    request_body = {
+      "from_location" => "canada"
+    }
+    user_id = 'vancouver1'
+    config_user_rules_values = [
+      {
+        "rules" => "64a5b8fa3660b60f7c7662fc",
+        "values" => {
+          "0" => "city",
+          "1" => "some value for 1",
+          "2" => "some value for 2",
+        }
+      }
+    ]
+    applicable_rules = @goverance_rule_manager.get_applicable_user_rules(request_fields, request_body, config_user_rules_values)
+    print "\nFound #{applicable_rules.length} applicable rule for identified user in cohort rule rule apply to not in cohort-------\n"
+    print applicable_rules.to_s
+    print "\n-------------\n"
+    assert(applicable_rules.length === 0, "expect 0 rules, since user is in cohort, the rule is apply to users not in cohort")
+    fake_response = {
+      status: 200,
+      headers: {
+        "original-header" => "should be preserved"
+      },
+      body: {
+        "foo_bar" => "if not blocked this would show"
+      }
+    }
+    new_response = @goverance_rule_manager.apply_rules_list(applicable_rules, fake_response, config_user_rules_values);
+    print "new response is: \n"
+    print new_response.to_s
+    print "\n------------------\n"
+  end
+  def test_get_applicable_user_not_in_any_cohort_but_regex_matched
+    request_fields = {
+      'request.route' => "hello/canada",
+    }
+    request_body = {
+      "from_location" => "canada"
+    }
+    user_id = 'some_random_user'
+    # since user didn't match any cohort, the config_user_rule_values is nil
+    config_user_rules_values = nil;
+    applicable_rules = @goverance_rule_manager.get_applicable_user_rules(request_fields, request_body, config_user_rules_values)
+    print "\nFound #{applicable_rules.length} applicable rule for identified user no in any cohort, but rule apply to not in cohort-------\n"
+    print applicable_rules.to_json
+    print "\n-------------\n"
+    assert(applicable_rules.length === 1, "expect 1 rules, since user is not in cohort, there is a apply to not in cohort rule with same regex maching")
+    fake_response = {
+      status: 200,
+      headers: {
+        "original-header" => "should be preserved"
+      },
+      body: {
+        "foo_bar" => "if not blocked this would show"
+      }
+    }
+    new_response = @goverance_rule_manager.apply_rules_list(applicable_rules, fake_response, config_user_rules_values)
+    print "new resposne is: \n"
+    print new_response.to_json
+    print "\n------------------\n"
+  end
+  def test_apply_multiple_rules
+    # this should match regex from one rule
+    request_fields = {
+      'request.route' => "hello/canada",
+    }
+    # this should match regex from another rule
+    request_body = {
+      "from_location" => "cairo"
+    }
+        # since user didn't match any cohort, the config_user_rule_values is nil
+    config_user_rules_values = nil;
+    applicable_rules = @goverance_rule_manager.get_applicable_user_rules(request_fields, request_body, config_user_rules_values)
+    print "\nFound #{applicable_rules.length} applicable rule for in cohort rule rule apply to not in cohort-------\n"
+    print applicable_rules.to_json
+    print "\n-------------\n"
+    assert(applicable_rules.length === 2, "expect 2 rules, since user is not in cohort, regex should match 2 rules")
+    fake_response = {
+      status: 200,
+      headers: {
+        "original-header" => "should be preserved"
+      },
+      body: {
+        "foo_bar" => "if not blocked this would show"
+      }
+    }
+    new_response = @goverance_rule_manager.apply_rules_list(applicable_rules, fake_response, config_user_rules_values)
+    print "new resposne is: \n"
+    print new_response.to_json
+    print "\n------------------\n"
+  end
+end

metadata CHANGED Viewed

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: moesif_rack
 version: !ruby/object:Gem::Version
-  version: 1.4.19
+  version: 1.5.1
 platform: ruby
 authors:
 - Moesif, Inc
@@ -9,7 +9,7 @@ authors:
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2023-02-22 00:00:00.000000000 Z
+date: 2023-07-10 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: test-unit
@@ -37,14 +37,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 1.2.14
+        version: 1.2.17
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 1.2.14
+        version: 1.2.17
 description: Rack/Rails middleware to log API calls to Moesif API analytics and monitoring
 email: xing@moesif.com
 executables: []
@@ -56,6 +56,7 @@ files:
 - lib/moesif_rack.rb
 - lib/moesif_rack/app_config.rb
 - lib/moesif_rack/client_ip.rb
+- lib/moesif_rack/governance_rules.rb
 - lib/moesif_rack/moesif_helpers.rb
 - lib/moesif_rack/moesif_middleware.rb
 - lib/moesif_rack/regex_config_helper.rb
@@ -64,7 +65,10 @@ files:
 - moesif_capture_outgoing/httplog.rb
 - moesif_capture_outgoing/httplog/adapters/net_http.rb
 - moesif_capture_outgoing/httplog/http_log.rb
+- test/config_example.json
+- test/govrule_example.json
 - test/moesif_rack_test.rb
+- test/test_governance_rules.rb
 homepage: https://moesif.com
 licenses:
 - Apache-2.0