pg_rails 7.6.28 → 7.6.29

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 774db48c26f0aeb3fd091956f27d32ccde51494853c6ecd82c61ccdd90dfe5a1
-  data.tar.gz: 938d4df455ebfc0e61fe200fd08139914b9da512307d10d0f533741a2a2591d8
+  metadata.gz: 1fcc25eb9f5bfd935e0f470855b7ad4ac689fc5142a31ff4ef862daafc26a289
+  data.tar.gz: 82969f474062c70b3ba94bf11313ca0606f3f00f1e0106af7525ab39b7c48d7b
 SHA512:
-  metadata.gz: 41c6353df109a853aee9f8230efabd2f51383eff814b8631bbb60b501576a0aab5d5d39cda27505506e26a8e44672b00ac1957f4131107eb77f400b06de9ab8e
-  data.tar.gz: c8cb6d6d87be289911ff9db57849153db8cb3438088ca8adc2408f38e6aca75d687a5b8334b593d90ba16fb8458fe5026d6a770734b11df03febf65ca2b33e3a
+  metadata.gz: 725997c33ad64427b695321bc271c3c85f74e838238c0d250c0078ef2b3a0c8e69384fe47e92e720af2d2b62bf38983251b05a83e16c9200d63d2e8dd0609f2a
+  data.tar.gz: ae85d535f09c48c99c8311d19218f897c04ee6f8178ef3741bb23652923dfa2d4590801d7de858a2afeba0c8def2a1f7cb9b4f116cef59be69b25835d2c824ab

data/pg_engine/app/controllers/pg_engine/health_controller.rb

@@ -10,9 +10,7 @@ module PgEngine
       check_redis
       check_postgres
       check_websocket
-      PgEngine.config.health_ssl_urls.each do |url|
-        check_ssl(url)
-      end
+      check_ssl
       render_up
     end
 
@@ -59,41 +57,25 @@ module PgEngine
     end
     # rubocop:enable Metrics/MethodLength
 
-    def check_ssl(url)
-      uri = URI.parse(url)
-      http_session = Net::HTTP.new(uri.host, uri.port)
-
-      # Use SSL/TLS
-      http_session.use_ssl = true
+    def check_ssl
+      raise PgEngine::Error, 'no ssl log file' unless File.exist?(PgEngine::SslVerifier::OUTPUT_PATH)
 
-      # Create a request
-      request = Net::HTTP::Get.new(uri.request_uri)
-
-      begin
-        # Start the HTTP session
-        http_session.start do |http|
-          http.request(request)
+      sites = JSON.parse(File.read(PgEngine::SslVerifier::OUTPUT_PATH))
+      PgEngine.config.health_ssl_urls.each do |url|
+        check_site_ssl(sites, url)
+      end
+    end
 
-          # Check the response code
+    def check_site_ssl(sites, url)
+      raise PgEngine::Error, "SSL record not present: #{url}" if sites[url].blank?
 
-          # Get the SSL certificate
-          cert = http.peer_cert
+      if Time.zone.parse(sites[url]['verified_at']) < 2.days.ago
+        raise PgEngine::Error, "The SSL info is outdated: #{url}"
+      end
 
-          raise PgEngine::Error, "#{url}: No SSL certificate found." unless cert
-          # puts "Certificate Subject: #{cert.subject}"
-          # puts "Certificate Issuer: #{cert.issuer}"
-          # puts "Certificate Valid From: #{cert.not_before}"
-          # puts "Certificate Valid Until: #{cert.not_after}"
+      return unless Time.zone.parse(sites[url]['expires_at']) < 7.days.from_now
 
-          if cert.not_after < 7.days.from_now
-            raise PgEngine::Error, "#{url}: The SSL certificate is expired (or about to expire)."
-          end
-        end
-      rescue OpenSSL::SSL::SSLError => e
-        raise PgEngine::Error, "#{url}: SSL Error: #{e.message}"
-      rescue StandardError => e
-        raise PgEngine::Error, "#{url}: An error occurred: #{e.message}"
-      end
+      raise PgEngine::Error, "The SSL certificate is expired (or about to expire): #{url}"
     end
 
     def render_up

data/pg_engine/lib/pg_engine/utils/ssl_verifier.rb

@@ -0,0 +1,65 @@
+# :nocov:
+module PgEngine
+  class SslVerifier
+    OUTPUT_PATH = 'tmp/ssl_verifier.json'.freeze
+
+    def run
+      PgEngine.config.health_ssl_urls.each do |url|
+        check_ssl(url)
+      end
+    end
+
+    def check_ssl(url)
+      uri = URI.parse(url)
+      http_session = Net::HTTP.new(uri.host, uri.port)
+
+      # Use SSL/TLS
+      http_session.use_ssl = true
+
+      # Create a request
+      request = Net::HTTP::Get.new(uri.request_uri)
+
+      begin
+        # Start the HTTP session
+        http_session.start do |http|
+          http.request(request)
+
+          # Check the response code
+
+          # Get the SSL certificate
+          cert = http.peer_cert
+
+          raise PgEngine::Error, "#{url}: No SSL certificate found." unless cert
+          # puts "Certificate Subject: #{cert.subject}"
+          # puts "Certificate Issuer: #{cert.issuer}"
+          # puts "Certificate Valid From: #{cert.not_before}"
+          # puts "Certificate Valid Until: #{cert.not_after}"
+
+          if cert.not_after < 7.days.from_now
+            raise PgEngine::Error, "#{url}: The SSL certificate is expired (or about to expire)."
+          end
+
+          log_output(url, cert.not_after)
+        end
+      rescue OpenSSL::SSL::SSLError => e
+        raise PgEngine::Error, "#{url}: SSL Error: #{e.message}"
+      rescue StandardError => e
+        raise PgEngine::Error, "#{url}: An error occurred: #{e.message}"
+      end
+    end
+
+    def log_output(url, expires_at)
+      current_content =
+        if File.exist?(OUTPUT_PATH)
+          JSON.parse(File.read(OUTPUT_PATH))
+        else
+          {}
+        end
+
+      current_content[url] = { verified_at: Time.current, expires_at: }
+
+      File.write(OUTPUT_PATH, current_content.to_json)
+    end
+  end
+end
+# :nocov:

data/pg_engine/lib/pg_engine.rb

@@ -11,6 +11,7 @@ require_relative 'pg_engine/email_observer'
 require_relative 'pg_engine/mailgun/log_sync'
 require_relative 'pg_engine/route_helpers'
 require_relative 'pg_engine/utils/pg_logger'
+require_relative 'pg_engine/utils/ssl_verifier'
 require_relative 'pg_engine/utils/pdf_preview_generator'
 
 require_relative '../app/helpers/pg_engine/print_helper'

data/pg_engine/spec/lib/pg_engine/utils/ssl_verifier_spec.rb

@@ -0,0 +1,18 @@
+# require 'rails_helper'
+#
+# describe PgEngine::SslVerifier do
+#   describe 'check_ssl' do
+#     subject do
+#       described_class.new.check_ssl(url)
+#     end
+#
+#     let(:url) { 'https://factura.bien.com.ar' }
+#     let(:output_file) { File.read(PgEngine::SslVerifier::OUTPUT_PATH) }
+#     let(:output_json) { JSON.parse(output_file) }
+#
+#     it 'checks the SSL certificate and saves the file' do
+#       expect { subject }.not_to raise_error
+#       expect(output_json.keys).to include 'https://bien.com.ar'
+#     end
+#   end
+# end

data/pg_rails/lib/version.rb

@@ -2,6 +2,6 @@
 
 # :nocov:
 module PgRails
-  VERSION = '7.6.28'
+  VERSION = '7.6.29'
 end
 # :nocov:

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: pg_rails
 version: !ruby/object:Gem::Version
-  version: 7.6.28
+  version: 7.6.29
 platform: ruby
 authors:
 - Martín Rosso
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2025-01-22 00:00:00.000000000 Z
+date: 2025-02-04 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rails
@@ -893,6 +893,7 @@ files:
 - pg_engine/lib/pg_engine/utils/pdf_preview_generator.rb
 - pg_engine/lib/pg_engine/utils/pg_logger.rb
 - pg_engine/lib/pg_engine/utils/resource_reports.rb
+- pg_engine/lib/pg_engine/utils/ssl_verifier.rb
 - pg_engine/lib/tasks/auto_anotar_modelos.rake
 - pg_engine/spec/components/alert_component_spec.rb
 - pg_engine/spec/components/internal_error_component_spec.rb
@@ -930,6 +931,7 @@ files:
 - pg_engine/spec/lib/pg_engine/form_helper_spec.rb
 - pg_engine/spec/lib/pg_engine/mailgun/log_sync_spec.rb
 - pg_engine/spec/lib/pg_engine/utils/pg_engine/pg_logger_spec.rb
+- pg_engine/spec/lib/pg_engine/utils/ssl_verifier_spec.rb
 - pg_engine/spec/lib/pg_form_builder_spec.rb
 - pg_engine/spec/mailers/pg_engine/base_mailer_spec.rb
 - pg_engine/spec/mailers/previews/devise_preview.rb