pg_rls 0.0.2.6.6 → 0.0.2.6.7

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 9d98899addad2a4073a53c1d4fde443400f610241e98d99a66374dff394b540f
-  data.tar.gz: 1c00e5b91791beb5c2bcd6f16bcb6952a707662a4004d64f680792af6e97d06f
+  metadata.gz: 6783ec3471dcba6dbad4e13ab33933d5f02e4ea336956f1a88d568a0ac4f7943
+  data.tar.gz: 72d651c7863a7fc8de7df9441b849b58894e37833334d445df814aad402cf8e1
 SHA512:
-  metadata.gz: 8f32e29c43be16ff844c7208cb28c45fbc0835076030bf792c0e31b7564513d8c96834a2bc3d84f4c13bd914f8855f60333f529d343bb41d24e66d73f5444e10
-  data.tar.gz: 29f4c7a3ad8194b8a80611c07e8965b6329e1e7b5831b01e3dddde17e0c00b5630345b2d7d6e7d15decab07c7c4d9c5ba9602f88bf3745b084163a7d641f890f
+  metadata.gz: ef6b9d2c986f307fe286e7289fd6059a1255f029c1bc4c88d47da7547d5e2a30d1e43fa0bf7161dfbd307e78f996527f015800fc9c1ce44c80ecb2e7720f36fb
+  data.tar.gz: 15f5f316a234d82bbc6712ba78aaa33edc329ac7e7027d228fddd9aa6ea750a66c2585921e31b83d48e4906ae5ed36169ad57954c49e3ae52dc9158cc17dee34

data/lib/generators/templates/pg_rls.rb.tt

@@ -26,4 +26,19 @@ PgRls.setup do |config|
   ## data structure across many project, Solo mode create a hidden tenant table
   ## which is autopopulated on each request
   # config.solo_mode = true
+
+  ##
+  ## After installing the PgRls gem, you can add the `PgRls::Middleware::SetResetConnection`
+  ## middleware to your Rails application to secure all database connections using Row Level Security.
+  ## To add the middleware using the `middleware.use` method, add the following
+  ## lines to your `config/application.rb` file:
+  ## require 'pg_rls/middleware/set_reset_connection'
+  ## config.middleware.use PgRls::Middleware::SetResetConnection
+  ## Note: Be sure to add the `PgRls::Middleware::SetResetConnection` middleware after any
+  ## middleware that sets up the Rails session, since the RLS middleware depends
+  ## on the presence of the session to work correctly.
+  ## Additionally, you will need to manually require the `PgRls::Middleware::SetResetConnection`
+  ## file in your application, as shown in the first line of the code snippet above.
+  # config.session_key = '_hub_sessions'
+  # config.session_prefix = '_session_id:2::'
 end

data/lib/pg_rls/middleware/set_reset_connection.rb

@@ -0,0 +1,46 @@
+# frozen_string_literal: true
+
+module PgRls
+  module Middleware
+    # Set RLS if sessions present.
+    class SetResetConnection
+      def initialize(app)
+        @app = app
+      end
+
+      def call(env)
+        tenant = load_tenant_thought_session(env)
+
+        return @app.call(env) if tenant.blank?
+
+        PgRls::Tenant.with_tenant(tenant) { @app.call(env) }
+      rescue ActiveRecord::RecordNotFound => e
+        raise e unless rails_active_storage_request?(env)
+
+        [404, { 'Content-Type' => 'text/plain' }, ['Could not find asset']]
+      end
+
+      def load_session_cookie_value(env)
+        cookie_string = env['HTTP_COOKIE']
+        return if cookie_string.nil?
+
+        cookie_regex = /#{PgRls.session_key}=([^;]+)/
+        match = cookie_regex.match(cookie_string)
+        match[1] if match
+      end
+
+      def load_tenant_thought_session(env)
+        cookie = load_session_cookie_value(env)
+
+        return if cookie.blank?
+
+        sessions = Rails.cache.read("#{PgRls.session_prefix}#{Digest::SHA256.hexdigest(cookie)}")
+        sessions['_tenant']
+      end
+
+      def rails_active_storage_request?(env)
+        env['PATH_INFO'].start_with?('/rails/active_storage/')
+      end
+    end
+  end
+end

data/lib/pg_rls/tenant.rb

@@ -25,9 +25,9 @@ module PgRls
         raise e
       end
 
-      def find_each(&block)
+      def find_each(&)
         PgRls.main_model.find_each do |tenant|
-          with_tenant(tenant, &block)
+          with_tenant(tenant, &)
         end
       end
 
@@ -41,12 +41,12 @@ module PgRls
 
       def fetch
         fetch!
-      rescue ActiveRecord::StatementInvalid
-        'no tenant is selected'
+      rescue ActiveRecord::StatementInvalid, ActiveRecord::RecordNotFound
+        nil
       end
 
       def fetch!
-        @fetch ||= PgRls.main_model.find_by!(
+        @tenant ||= PgRls.main_model.find_by!(
           tenant_id: PgRls.connection_class.connection.execute(
             "SELECT current_setting('rls.tenant_id')"
           ).getvalue(0, 0)
@@ -63,7 +63,6 @@ module PgRls
       end
 
       def reset_rls!
-        @fetch = nil
         @tenant = nil
         PgRls.connection_class.connection.execute('RESET rls.tenant_id')
       end
@@ -80,7 +79,7 @@ module PgRls
 
         connection_adapter.connection.transaction do
           connection_adapter.connection.execute(format('SET rls.tenant_id = %s',
-                                                      connection_adapter.connection.quote(tenant.tenant_id)))
+                                                       connection_adapter.connection.quote(tenant.tenant_id)))
         end
 
         tenant

data/lib/pg_rls/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module PgRls
-  VERSION = '0.0.2.6.6'
+  VERSION = '0.0.2.6.7'
 end

data/lib/pg_rls.rb

@@ -148,6 +148,12 @@ module PgRls
   mattr_accessor :test_inline_tenant
   @@test_inline_tenant = false
 
+  mattr_accessor :session_key
+  @@session_key = '_hub_sessions'
+
+  mattr_accessor :session_prefix
+  @@session_prefix = '_session_id:2::'
+
   mattr_accessor :search_methods
   @@search_methods = %i[subdomain id tenant_id]
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: pg_rls
 version: !ruby/object:Gem::Version
-  version: 0.0.2.6.6
+  version: 0.0.2.6.7
 platform: ruby
 authors:
 - Daniel Laloush
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2023-02-17 00:00:00.000000000 Z
+date: 2023-02-19 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler
@@ -65,6 +65,7 @@ files:
 - lib/pg_rls/database/tasks/admin_database.rake
 - lib/pg_rls/errors/tenant_not_found.rb
 - lib/pg_rls/middleware.rb
+- lib/pg_rls/middleware/set_reset_connection.rb
 - lib/pg_rls/middleware/sidekiq.rb
 - lib/pg_rls/middleware/sidekiq/client.rb
 - lib/pg_rls/middleware/sidekiq/server.rb