nginx_omniauth_adapter 1.0.0 → 1.1.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
-SHA1:
-  metadata.gz: a96ef0739bfef47af1b4a8fb09debc9c19993268
-  data.tar.gz: 44aabb34e2c339f88e49db0bee0d4e192b150466
+SHA256:
+  metadata.gz: 66f14d6c854ca770e18ee0898ed71488b40d74dca518e543035cef0940d9f228
+  data.tar.gz: 23e54318a5efbd0f6dd2b020b4454d16b8e6f847982d9a379256244e48edbdc9
 SHA512:
-  metadata.gz: 261454c8ab6c76b725ea4eae8e14f4db6166c5d13e5aefa5f8208014c07c960b970eb941b2a916de39da700e314fedacaf17bd9ff9e13f9e4d4e722eb81be046
-  data.tar.gz: 02419d04c5c6a591088fe8c79834d5571bf341e47b91f9d993626b0a5e05b03f3d2349dcd5a2ae661b5758fac43d38c159904d342e204859c4306a21ec8cc7ae
+  metadata.gz: f893093f330d8b3cbacec6d3a1366f44da12cc0fe9eb75b68f0c2ff075ba7cdeb6c0a71a52e4d4283642562e8c6b4b79f7378b490bc78d2eea1668374617fbc8
+  data.tar.gz: bb19421a7885cfa989da7fdb84ee88246efa55662fd05438aeb17c608631a018445eb9e98d500434e41f0fff9f9f3e4275af053a556bf7c3ad9a9c14a1bc5c95

data/.github/workflows/ci.yml

@@ -0,0 +1,78 @@
+name: ci
+on: 
+  pull_request:
+    branches: [master]
+  push:
+    branches: [master, ci-test]
+
+env:
+  DOCKER_REPO: 'sorah/acmesmith'
+
+jobs:
+  test:
+    name: rspec
+    runs-on: ubuntu-latest
+    strategy:
+      fail-fast: false
+      matrix:
+        ruby-version: ['2.7', '3.0', '3.1']
+    container:
+      image: public.ecr.aws/sorah/ruby:${{ matrix.ruby-version }}-dev
+    steps:
+      - name: Cache bundled gems
+        uses: actions/cache@v3
+        id: rspec-bundle
+        with:
+          path: ~/bundle
+          key: ${{ runner.os }}-${{ matrix.ruby-version }}
+      - uses: actions/checkout@v3
+      - run: 'apt-get update && apt-get install -y --no-install-recommends nginx'
+      - run: 'bundle install --path ~/bundle'
+      - run: 'bundle exec rspec -fd'
+
+        #docker-build:
+        #  name: docker-build
+        #  runs-on: ubuntu-latest
+        #  steps:
+        #    - uses: actions/checkout@master
+        #    - run: 'echo $GITHUB_SHA > REVISION'
+
+        #    - run: "docker pull ${DOCKER_REPO}:latest || :"
+        #    - name: "docker tag ${DOCKER_REPO}:${TAG} ${DOCKER_REPO}:latest"
+        #      run: |
+        #        TAG=$(basename "${{ github.ref }}")
+        #        docker pull ${DOCKER_REPO}:${TAG} || :
+        #        docker tag ${DOCKER_REPO}:${TAG} ${DOCKER_REPO}:latest || :
+        #      if: "${{ startsWith(github.ref, 'refs/tags/v') }}"
+
+        #    - run: "docker pull ${DOCKER_REPO}:builder || :"
+
+        #    - run: "docker build --pull --cache-from ${DOCKER_REPO}:builder --target builder -t ${DOCKER_REPO}:builder -f Dockerfile ."
+        #    - run: "docker build --pull --cache-from ${DOCKER_REPO}:builder --cache-from ${DOCKER_REPO}:latest -t ${DOCKER_REPO}:${GITHUB_SHA} -f Dockerfile ."
+
+        #    - run: "echo ${{ secrets.DOCKERHUB_TOKEN }} | docker login -u sorah --password-stdin"
+        #      if: "${{ github.event_name != 'pull_request' }}"
+
+        #    - run: "docker push ${DOCKER_REPO}:builder"
+        #      if: "${{ github.ref == 'refs/heads/master' }}"
+        #    - run: "docker push ${DOCKER_REPO}:${GITHUB_SHA}"
+        #      if: "${{ github.event_name != 'pull_request' }}"
+
+        #docker-push:
+        #  name: docker-push
+        #  needs: [test, integration-pebble, docker-build]
+        #  if: "${{ github.event_name == 'push' || github.event_name == 'create' }}"
+        #  runs-on: ubuntu-latest
+        #  steps:
+        #    - run: "echo ${{ secrets.DOCKERHUB_TOKEN }} | docker login -u sorah --password-stdin"
+        #    - run: "docker pull ${DOCKER_REPO}:${GITHUB_SHA}"
+
+        #    - run: |
+        #        docker tag ${DOCKER_REPO}:${GITHUB_SHA} ${DOCKER_REPO}:latest
+        #        docker push ${DOCKER_REPO}:latest
+        #      if: "${{ github.ref == 'refs/heads/master' }}"
+        #    - run: |
+        #        TAG=$(basename "${{ github.ref }}")
+        #        docker tag ${DOCKER_REPO}:${GITHUB_SHA} ${DOCKER_REPO}:${TAG}
+        #        docker push ${DOCKER_REPO}:${TAG}
+        #      if: "${{ startsWith(github.ref, 'refs/tags/v') }}"

data/Dockerfile

@@ -12,6 +12,7 @@ RUN cd /tmp && bundle install -j4 --path vendor/bundle --without 'development te
 WORKDIR /app
 ADD . /app
 RUN cp -a /tmp/.bundle /tmp/vendor /app/
+RUN rm -f /app/.ruby-version
 
 EXPOSE 8080
 ENV RACK_ENV=production

data/Gemfile

@@ -4,6 +4,5 @@ source 'https://rubygems.org'
 gemspec
 
 gem 'omniauth-github'
-gem 'omniauth-google-oauth2'
-
+gem 'omniauth-google-oauth2', '>= 0.3.1'
 gem 'unicorn'

data/README.md

@@ -1,6 +1,6 @@
 # NginxOmniauthAdapter - Use omniauth for nginx `auth_request` 
 
-[![Circle CI](https://circleci.com/gh/sorah/nginx_omniauth_adapter.svg?style=svg)](https://circleci.com/gh/sorah/nginx_omniauth_adapter)
+[![ci](https://github.com/sorah/nginx_omniauth_adapter/actions/workflows/ci.yml/badge.svg)](https://github.com/sorah/nginx_omniauth_adapter/actions/workflows/ci.yml)
 
 Use [omniauth](https://github.com/intridea/omniauth) for your nginx's authentication via ngx_http_auth_request_module.
 
@@ -19,7 +19,7 @@ $ cd example/
 $ foreman start
 ```
 
-http://ngx-auth-test.127.0.0.1.xip.io:18080/
+http://ngx-auth-test.lo.nkmiusercontent.com:18080/
 
 (make sure to have nginx on your PATH)
 
@@ -54,6 +54,7 @@ Then write `config.ru` then deploy it. (see ./config.ru for example)
 environment variable is available only on included config.ru (or Docker image).
 
 - `:providers`: omniauth provider names.
+- `:provider_http_header` `$NGX_OMNIAUTH_PROVIDER_HTTP_HEADER` (string): Name of HTTP header to specify OmniAuth provider to be used (see below). Defaults to 'x-ngx-omniauth-provider`.
 - `:secret` `$NGX_OMNIAUTH_SESSION_SECRET`: Rack session secret. Should be set when not on dev mode
 - `:host` `$NGX_OMNIAUTH_HOST`: URL of adapter. This is used for redirection. Should include protocol (e.g. `http://example.com`.)
   - If this is not specified, adapter will perform redirect using given `Host` header.
@@ -62,6 +63,11 @@ environment variable is available only on included config.ru (or Docker image).
 - `:app_refresh_interval` `NGX_OMNIAUTH_APP_REFRESH_INTERVAL` (integer): Interval to require refresh session cookie on app domain (in second, default 1 day).
 - `:adapter_refresh_interval` `NGX_OMNIAUTH_ADAPTER_REFRESH_INTERVAL` (integer): Interval to require re-logging in on adapter domain (in second, default 3 days).
 
+### Working with multiple OmniAuth providers
+
+When multiple providers are passed to `:providers`, nginx_omniauth_adapter defaults to the first one in list.
+Other providers in list will only be activated for requests with `x-ngx-omniauth-provider` header (key is configurable via `:provider_http_header`).
+
 ### Included config.ru (or Docker)
 
 You can set configuration via environment variables.

data/config.ru

@@ -74,6 +74,7 @@ end
 
 run NginxOmniauthAdapter.app(
   providers: providers,
+  provider_http_header: ENV['NGX_OMNIAUTH_PROVIDER_HTTP_HEADER'] || 'x-ngx-omniauth-provider',
   secret: ENV['NGX_OMNIAUTH_SECRET'],
   host: ENV['NGX_OMNIAUTH_HOST'],
   allowed_app_callback_url: allowed_app_callback_url,

data/example/Procfile

@@ -1,3 +1,3 @@
 nginx: nginx -c `pwd`/nginx.conf
-adapter: bundle exec env RACK_ENV=development NGX_OMNIAUTH_HOST=http://ngx-auth.127.0.0.1.xip.io:18080 rackup -p 18081 -o 127.0.0.1 ../config.ru
+adapter: bundle exec env RACK_ENV=development NGX_OMNIAUTH_HOST=http://ngx-auth.lo.nkmiusercontent.com:18080 rackup -p 18081 -o 127.0.0.1 ../config.ru
 app: bundle exec ruby test_backend.rb -p 18082 -o 127.0.0.1

data/example/nginx-site.conf

@@ -6,7 +6,7 @@ upstream auth_adapter {
 }
 server {
   listen 127.0.0.1:18080;
-  server_name ngx-auth.127.0.0.1.xip.io;
+  server_name ngx-auth.lo.nkmiusercontent.com;
 
   location / {
     proxy_pass http://auth_adapter;
@@ -20,7 +20,7 @@ upstream app {
 }
 server {
   listen 127.0.0.1:18080;
-  server_name ngx-auth-test.127.0.0.1.xip.io;
+  server_name ngx-auth-test.lo.nkmiusercontent.com;
 
   # Restricted area
   location / {

data/example/test_backend.rb

@@ -7,7 +7,7 @@ get '/' do
   {
     provider: request.env['HTTP_X_NGX_OMNIAUTH_PROVIDER'],
     user: request.env['HTTP_X_NGX_OMNIAUTH_USER'],
-    info: JSON.parse(request.env['HTTP_X_NGX_OMNIAUTH_INFO'].unpack('m*')[0]),
+    info: JSON.parse(request.env['HTTP_X_NGX_OMNIAUTH_INFO'].unpack('m0')[0]),
   }.to_json
 end
 

data/lib/nginx_omniauth_adapter/app.rb

@@ -45,6 +45,10 @@ module NginxOmniauthAdapter
         adapter_config[:providers]
       end
 
+      def provider_http_header
+        adapter_config[:provider_http_header] || 'x-ngx-omniauth-provider'
+      end
+
       def allowed_back_to_url
         adapter_config[:allowed_back_to_url] || /./
       end
@@ -259,7 +263,7 @@ module NginxOmniauthAdapter
       headers(
         'x-ngx-omniauth-provider' => current_user[:provider],
         'x-ngx-omniauth-user' => current_user[:uid],
-        'x-ngx-omniauth-info' => [current_user[:info].to_json].pack('m*'),
+        'x-ngx-omniauth-info' => [current_user[:info].to_json].pack('m0'),
       )
 
       content_type :text
@@ -283,7 +287,18 @@ module NginxOmniauthAdapter
     get '/auth' do
       set_flow_id!
 
-      # TODO: choose provider
+      provider_requested = request.env["HTTP_#{provider_http_header.gsub('-', '_').upcase}"]
+      if provider_requested
+        if providers.include?(provider_requested.to_sym)
+          provider = provider_requested.to_sym
+        else
+          halt 401, {'Content-Type' => 'text/plain'}, 'requested provider not available'
+        end
+      else
+        # default to the first provider in list
+        provider = providers[0]
+      end
+
       session[:back_to] = sanitized_back_to_param
       session[:app_callback] = sanitized_app_callback_param
 
@@ -296,8 +311,8 @@ module NginxOmniauthAdapter
         log(message: 'auth_refresh_app', back_to: params[:back_to], callback: params[:callback])
         update_session!
       else
-        log(message: 'auth', provider: providers[0], back_to: params[:back_to], callback: params[:callback])
-        redirect "#{adapter_host}/auth/#{providers[0]}"
+        log(message: 'auth', provider: provider, back_to: params[:back_to], callback: params[:callback])
+        redirect "#{adapter_host}/auth/#{provider}"
       end
     end
 

data/lib/nginx_omniauth_adapter/version.rb

@@ -1,3 +1,3 @@
 module NginxOmniauthAdapter
-  VERSION = "1.0.0"
+  VERSION = "1.1.0"
 end

data/nginx_omniauth_adapter.gemspec

@@ -19,7 +19,7 @@ Gem::Specification.new do |spec|
   spec.require_paths = ["lib"]
 
   spec.add_dependency "sinatra"
-  spec.add_dependency "omniauth"
+  spec.add_dependency "omniauth", '< 2'
 
   spec.add_development_dependency "bundler"
   spec.add_development_dependency "rake"

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: nginx_omniauth_adapter
 version: !ruby/object:Gem::Version
-  version: 1.0.0
+  version: 1.1.0
 platform: ruby
 authors:
 - Shota Fukumori (sora_h)
-autorequire: 
+autorequire:
 bindir: bin
 cert_chain: []
-date: 2015-10-13 00:00:00.000000000 Z
+date: 2022-10-16 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: sinatra
@@ -28,16 +28,16 @@ dependencies:
   name: omniauth
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - "<"
       - !ruby/object:Gem::Version
-        version: '0'
+        version: '2'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - "<"
       - !ruby/object:Gem::Version
-        version: '0'
+        version: '2'
 - !ruby/object:Gem::Dependency
   name: bundler
   requirement: !ruby/object:Gem::Requirement
@@ -108,13 +108,14 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: '0'
-description: 
+description:
 email:
 - her@sorah.jp
 executables: []
 extensions: []
 extra_rdoc_files: []
 files:
+- ".github/workflows/ci.yml"
 - ".gitignore"
 - ".rspec"
 - ".travis.yml"
@@ -123,7 +124,6 @@ files:
 - LICENSE.txt
 - README.md
 - Rakefile
-- circle.yml
 - config.ru
 - example/Procfile
 - example/nginx-site.conf
@@ -139,7 +139,7 @@ homepage: https://github.com/sorah/nginx_omniauth_adapter
 licenses:
 - MIT
 metadata: {}
-post_install_message: 
+post_install_message:
 rdoc_options: []
 require_paths:
 - lib
@@ -154,9 +154,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubyforge_project: 
-rubygems_version: 2.5.0
-signing_key: 
+rubygems_version: 3.4.0.dev
+signing_key:
 specification_version: 4
 summary: omniauth adapter for ngx_http_auth_request_module
 test_files: []

data/circle.yml

@@ -1,35 +0,0 @@
-machine:
-  services:
-    - docker
-  ruby:
-    version: 2.2.3
-
-dependencies:
-  cache_directories:
-    - bin
-    - ~/docker
-  pre:
-    - sudo apt-get install nginx
-    - if [ ! -d bin ]; then mkdir bin; fi
-    - if [ ! -x bin/git-set-mtime ]; then curl -o bin/git-set-mtime https://drone.io/github.com/rosylilly/git-set-mtime/files/artifacts/bin/linux_amd64/git-set-mtime && chmod +x bin/git-set-mtime; fi
-    - docker login -u "${DOCKER_USER}" -p "${DOCKER_PASSWORD}" -e "${DOCKER_EMAIL}" https://quay.io
-    - bin/git-set-mtime
-    - mkdir -p ~/docker
-    - if [[ -e ~/docker/cache.tar ]]; then docker load -i ~/docker/cache.tar; fi
-    - docker pull quay.io/sorah/rbenv:2.2
-    - BASE_ID="$(docker inspect -f '{{.Id}}' quay.io/sorah/rbenv:2.2)"; if [[ "_${BASE_ID}" != "_$(cat ~/docker/cache.id)" ]]; then docker save quay.io/sorah/rbenv:2.2 > ~/docker/cache.tar && echo "${BASE_ID}" > ~/docker/cache.id; fi
-    - docker pull quay.io/sorah/nginx_omniauth_adapter:latest
-    - docker build -t quay.io/sorah/nginx_omniauth_adapter:${CIRCLE_SHA1} .
-
-test:
-  override:
-    - bundle exec env ADAPTER_DOCKER=quay.io/sorah/nginx_omniauth_adapter:${CIRCLE_SHA1} rspec spec/integration_spec.rb
-    - "echo '==== LOG ====' && cat /tmp/nginx_omniauth_helper.spec.log"
-
-deployment:
-  production:
-    branch: master
-    commands:
-      - docker tag -f quay.io/sorah/nginx_omniauth_adapter:${CIRCLE_SHA1} quay.io/sorah/nginx_omniauth_adapter:latest
-      - docker push quay.io/sorah/nginx_omniauth_adapter:${CIRCLE_SHA1}
-      - docker push quay.io/sorah/nginx_omniauth_adapter:latest