pg_rls 0.0.2.6.5 → 0.0.2.6.7

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 5f40a0bb6bad0d0b90f53d41c806c63aaafcf889151d91242ed16b6eb590babf
-  data.tar.gz: 27c5acfd0cad8367fe6328d2dc744bbfa5b5c4b7b39c1c30d1b700cd4f4b1f0e
+  metadata.gz: 6783ec3471dcba6dbad4e13ab33933d5f02e4ea336956f1a88d568a0ac4f7943
+  data.tar.gz: 72d651c7863a7fc8de7df9441b849b58894e37833334d445df814aad402cf8e1
 SHA512:
-  metadata.gz: d0002c973722db8b26d7ce59f2196a0bbfc2a7f771d5066c0b7d05f499ef5d36e97a828564fd0be6b1976ccc03f86f0505db0b971a49ba8f7cb78f15b46c8351
-  data.tar.gz: f8a722d17ee0282b9e91df0c27b7ece20fff16387d7bffa80eb1b7032e1562b0c16a2ab42f3ee2171068aefc04bf0fef9a2ca116727742d1202927a520fdfeda
+  metadata.gz: ef6b9d2c986f307fe286e7289fd6059a1255f029c1bc4c88d47da7547d5e2a30d1e43fa0bf7161dfbd307e78f996527f015800fc9c1ce44c80ecb2e7720f36fb
+  data.tar.gz: 15f5f316a234d82bbc6712ba78aaa33edc329ac7e7027d228fddd9aa6ea750a66c2585921e31b83d48e4906ae5ed36169ad57954c49e3ae52dc9158cc17dee34

data/lib/generators/templates/pg_rls.rb.tt

@@ -26,4 +26,19 @@ PgRls.setup do |config|
   ## data structure across many project, Solo mode create a hidden tenant table
   ## which is autopopulated on each request
   # config.solo_mode = true
+
+  ##
+  ## After installing the PgRls gem, you can add the `PgRls::Middleware::SetResetConnection`
+  ## middleware to your Rails application to secure all database connections using Row Level Security.
+  ## To add the middleware using the `middleware.use` method, add the following
+  ## lines to your `config/application.rb` file:
+  ## require 'pg_rls/middleware/set_reset_connection'
+  ## config.middleware.use PgRls::Middleware::SetResetConnection
+  ## Note: Be sure to add the `PgRls::Middleware::SetResetConnection` middleware after any
+  ## middleware that sets up the Rails session, since the RLS middleware depends
+  ## on the presence of the session to work correctly.
+  ## Additionally, you will need to manually require the `PgRls::Middleware::SetResetConnection`
+  ## file in your application, as shown in the first line of the code snippet above.
+  # config.session_key = '_hub_sessions'
+  # config.session_prefix = '_session_id:2::'
 end

data/lib/pg_rls/database/tasks/admin_database.rake

@@ -1,12 +1,10 @@
 # frozen_string_literal: true
 
 # OVERIDE RAILS TASK
-PG_RLS_TASKS = ['db:grant_usage', 'db:test:grant_usage']
-
 Rake::TaskManager.class_eval do
   def alias_task(fq_name)
     new_name = "#{fq_name}:original"
-    @tasks[new_name] = @tasks.delete(fq_name) unless @tasks[new_name].nil?
+    @tasks[new_name] = @tasks.delete(fq_name) unless @tasks[fq_name].nil?
   end
 end
 
@@ -114,12 +112,30 @@ namespace :db do
       end
     end
 
+    override_task create: :load_config do
+      admin_connection_test_db do
+        Rake::Task['db:test:create:original'].invoke
+      end
+    end
+
+    override_task drop: :load_config do
+      admin_connection_test_db do
+        Rake::Task['db:test:drop:original'].invoke
+      end
+    end
+
     override_task prepare: :load_config do
       admin_connection_test_db do
         Rake::Task['db:test:prepare:original'].invoke
       end
     end
 
+    override_task setup: :load_config do
+      admin_connection_test_db do
+        Rake::Task['db:test:setup:original'].invoke
+      end
+    end
+
     override_task purge: :load_config do
       admin_connection_test_db do
         Rake::Task['db:test:purge:original'].invoke

data/lib/pg_rls/middleware/set_reset_connection.rb

@@ -0,0 +1,46 @@
+# frozen_string_literal: true
+
+module PgRls
+  module Middleware
+    # Set RLS if sessions present.
+    class SetResetConnection
+      def initialize(app)
+        @app = app
+      end
+
+      def call(env)
+        tenant = load_tenant_thought_session(env)
+
+        return @app.call(env) if tenant.blank?
+
+        PgRls::Tenant.with_tenant(tenant) { @app.call(env) }
+      rescue ActiveRecord::RecordNotFound => e
+        raise e unless rails_active_storage_request?(env)
+
+        [404, { 'Content-Type' => 'text/plain' }, ['Could not find asset']]
+      end
+
+      def load_session_cookie_value(env)
+        cookie_string = env['HTTP_COOKIE']
+        return if cookie_string.nil?
+
+        cookie_regex = /#{PgRls.session_key}=([^;]+)/
+        match = cookie_regex.match(cookie_string)
+        match[1] if match
+      end
+
+      def load_tenant_thought_session(env)
+        cookie = load_session_cookie_value(env)
+
+        return if cookie.blank?
+
+        sessions = Rails.cache.read("#{PgRls.session_prefix}#{Digest::SHA256.hexdigest(cookie)}")
+        sessions['_tenant']
+      end
+
+      def rails_active_storage_request?(env)
+        env['PATH_INFO'].start_with?('/rails/active_storage/')
+      end
+    end
+  end
+end

data/lib/pg_rls/tenant.rb

@@ -25,9 +25,9 @@ module PgRls
         raise e
       end
 
-      def find_each(&block)
+      def find_each(&)
         PgRls.main_model.find_each do |tenant|
-          with_tenant(tenant, &block)
+          with_tenant(tenant, &)
         end
       end
 
@@ -41,12 +41,12 @@ module PgRls
 
       def fetch
         fetch!
-      rescue ActiveRecord::StatementInvalid
-        'no tenant is selected'
+      rescue ActiveRecord::StatementInvalid, ActiveRecord::RecordNotFound
+        nil
       end
 
       def fetch!
-        @fetch ||= PgRls.main_model.find_by!(
+        @tenant ||= PgRls.main_model.find_by!(
           tenant_id: PgRls.connection_class.connection.execute(
             "SELECT current_setting('rls.tenant_id')"
           ).getvalue(0, 0)
@@ -63,7 +63,6 @@ module PgRls
       end
 
       def reset_rls!
-        @fetch = nil
         @tenant = nil
         PgRls.connection_class.connection.execute('RESET rls.tenant_id')
       end
@@ -80,7 +79,7 @@ module PgRls
 
         connection_adapter.connection.transaction do
           connection_adapter.connection.execute(format('SET rls.tenant_id = %s',
-                                                      connection_adapter.connection.quote(tenant.tenant_id)))
+                                                       connection_adapter.connection.quote(tenant.tenant_id)))
         end
 
         tenant

data/lib/pg_rls/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module PgRls
-  VERSION = '0.0.2.6.5'
+  VERSION = '0.0.2.6.7'
 end

data/lib/pg_rls.rb

@@ -148,6 +148,12 @@ module PgRls
   mattr_accessor :test_inline_tenant
   @@test_inline_tenant = false
 
+  mattr_accessor :session_key
+  @@session_key = '_hub_sessions'
+
+  mattr_accessor :session_prefix
+  @@session_prefix = '_session_id:2::'
+
   mattr_accessor :search_methods
   @@search_methods = %i[subdomain id tenant_id]
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: pg_rls
 version: !ruby/object:Gem::Version
-  version: 0.0.2.6.5
+  version: 0.0.2.6.7
 platform: ruby
 authors:
 - Daniel Laloush
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2023-02-17 00:00:00.000000000 Z
+date: 2023-02-19 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler
@@ -65,6 +65,7 @@ files:
 - lib/pg_rls/database/tasks/admin_database.rake
 - lib/pg_rls/errors/tenant_not_found.rb
 - lib/pg_rls/middleware.rb
+- lib/pg_rls/middleware/set_reset_connection.rb
 - lib/pg_rls/middleware/sidekiq.rb
 - lib/pg_rls/middleware/sidekiq/client.rb
 - lib/pg_rls/middleware/sidekiq/server.rb