proxes 0.6.1 → 0.7.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 4785a97b631eeb52cc78cba8244574f786bceb47
-  data.tar.gz: 16c51704657319e518ab24bbecfd55cb3c91217d
+  metadata.gz: 3b182884ae9246085097e7ff89d204d225b050b8
+  data.tar.gz: 5a22e671d4ec358da74d05525bdad867a95b810a
 SHA512:
-  metadata.gz: c7202970ccb85ff8780f269423115508545f31bb353c98d5b2cd672bff2ee0116a55536d52a1e698278fef43dfdc21eaa6f4b07c3269b0d9bb8286fe6b78e696
-  data.tar.gz: eb3141d296c473bcd49f49c941b5050d5e04ac4b5375dfe55b337284c2f9e6f748c824c724589fa49d0674ae64e5f79135d34e8b541a87914e8257bdcbb2d295
+  metadata.gz: 77202113968d066c205ebb136ab95a6ede2264f0633f33574f2b9f26dd32da272ea2479c471e4a8781eddf0248a99f4648f33a21fb18d67e55e85447803fa4fa
+  data.tar.gz: a46f43c312ad5fa68d794fe642bdef660e20c1970824e7393ec227a068904fda447b896d761d3d6972f38a0b78617a55afce8772cdf317c44cec12a8639dcd99

data/Vagrantfile

@@ -44,7 +44,3 @@ Vagrant.configure(2) do |config|
     # npm install --no-bin-links
   SHELL
 end
-
-# create user proxes with password 'somethingrandom';
-# create database proxes;
-# grant all privileges on database proxes to proxes;

data/lib/proxes/controllers/app.rb

@@ -4,37 +4,41 @@ require 'proxes/controllers/application'
 
 module ProxES
   class App < Application
+    def find_template(views, name, engine, &block)
+      super(views, name, engine, &block) # Root
+      super(::ProxES::ProxES.view_folder, name, engine, &block) # Basic Plugin
+    end
+
     # Home Page
     get '/' do
       authenticate!
-      redirect '/_proxes/dashboards/offline' if cluster_health.nil?
-      redirect "/_proxes/dashboards/#{cluster_health['status']}"
+      haml :index, locals: { title: 'Home' }
     end
 
     # OmniAuth Identity Stuff
     # Log in Page
-    get '/_proxes/auth/identity' do
+    get '/auth/identity' do
       haml :'identity/login', locals: { title: 'Log In' }
     end
 
-    # Successful Login
     post '/auth/identity/callback' do
-      user = User.find(email: env['omniauth.auth']['info']['email'])
-      self.current_user = user
-      log_action(:identity_login, user: user)
-      flash[:success] = 'Logged In'
-      redirect '/_proxes'
-    end
-
-    # Failed Login
-    post '/_proxes/auth/identity/callback' do
-      broadcast(:identity_failed_login)
-      flash[:warning] = 'Invalid credentials. Please try again.'
-      redirect '/_proxes/auth/identity'
+      if env['omniauth.auth']
+        # Successful Login
+        user = User.find(email: env['omniauth.auth']['info']['email'])
+        self.current_user = user
+        log_action(:identity_login, user: user)
+        flash[:success] = 'Logged In'
+        redirect '/_proxes'
+      else
+        # Failed Login
+        broadcast(:identity_failed_login)
+        flash[:warning] = 'Invalid credentials. Please try again.'
+        redirect '/_proxes/auth/identity'
+      end
     end
 
     # Register Page
-    get '/_proxes/auth/identity/register' do
+    get '/auth/identity/register' do
       identity = Identity.new
       haml :'identity/register', locals: { title: 'Register', identity: identity }
     end
@@ -46,6 +50,10 @@ module ProxES
         user = User.find_or_create(email: identity.username)
         user.add_identity identity
 
+        # Create the SA user if none is present
+        sa = Role.find_or_create(name: 'super_admin')
+        user.add_role sa if User.where(roles: sa).count == 0
+
         log_action(:identity_register, user: user)
         flash[:info] = 'Successfully Registered. Please log in'
         redirect '/_proxes/auth/identity'
@@ -56,7 +64,7 @@ module ProxES
     end
 
     # Logout Action
-    delete '/_proxes/auth/identity' do
+    delete '/auth/identity' do
       log_action(:identity_logout)
       logout
       flash[:info] = 'Logged Out'
@@ -65,7 +73,7 @@ module ProxES
     end
 
     # Unauthenticated
-    get '/_proxes/unauthenticated' do
+    get '/unauthenticated' do
       redirect '/_proxes/auth/identity'
     end
   end

data/lib/proxes/controllers/application.rb

@@ -14,7 +14,7 @@ require 'elasticsearch'
 
 module ProxES
   class Application < Sinatra::Base
-    set :root, ::File.expand_path(::File.dirname(__FILE__) + '/../../../')
+    set :root, ENV['APP_ROOT'] || ::File.expand_path(::File.dirname(__FILE__) + '/../../../')
     set :view_location, nil
     set :model_class, nil
     # The order here is important, since Wisper has a deprecated method respond_with method

data/lib/proxes/controllers/audit_logs.rb

@@ -8,6 +8,11 @@ module ProxES
   class AuditLogs < Component
     set model_class: AuditLog
 
+    def find_template(views, name, engine, &block)
+      super(views, name, engine, &block) # Root
+      super(::ProxES::ProxES.view_folder, name, engine, &block) # Basic Plugin
+    end
+
     def list
       super.order(:created_at).reverse
     end

data/lib/proxes/controllers/component.rb

@@ -2,6 +2,7 @@
 
 require 'proxes/controllers/application'
 require 'proxes/helpers/component'
+require 'sinatra/json'
 
 module ProxES
   class Component < Application
@@ -12,8 +13,9 @@ module ProxES
     set view_location: nil
     set track_actions: false
 
-    before do
-      check_basic
+    def find_template(views, name, engine, &block)
+      super(views, name, engine, &block) # Root
+      super(::ProxES::ProxES.view_folder, name, engine, &block) # Basic Plugin
     end
 
     # List
@@ -31,12 +33,12 @@ module ProxES
         end
         format.json do
           # TODO: Add links defined by actions (New #{heading})
-          {
+          json(
             'items' => list.map(&:for_json),
             'page' => params[:page],
             'count' => list.count,
             'total' => dataset.count
-          }.to_json
+          )
         end
       end
     end
@@ -68,7 +70,11 @@ module ProxES
         end
         format.json do
           headers 'Content-Type' => 'application/json'
-          redirect "#{base_path}/#{entity.id}", 201 if success
+          if success
+            redirect "#{base_path}/#{entity.id}", 201
+          else
+            400
+          end
         end
       end
     end
@@ -90,7 +96,7 @@ module ProxES
         end
         format.json do
           # TODO: Add links defined by actions (Edit #{heading})
-          entity.for_json.to_json
+          json entity.for_json
         end
       end
     end
@@ -121,10 +127,8 @@ module ProxES
             redirect "#{base_path}/#{entity.id}"
           end
           format.json do
-            content_type 'application/json'
             headers 'Location' => "#{base_path}/#{entity.id}"
-            body entity.to_hash.to_json
-            status 200
+            json body entity.for_json
           end
         end
       else
@@ -132,6 +136,9 @@ module ProxES
           format.html do
             haml :"#{view_location}/edit", locals: { entity: entity, title: heading(:edit) }
           end
+          format.json do
+            400
+          end
         end
       end
     end

data/lib/proxes/controllers/permissions.rb

@@ -7,5 +7,10 @@ require 'proxes/policies/permission_policy'
 module ProxES
   class Permissions < Component
     set model_class: Permission
+
+    def find_template(views, name, engine, &block)
+      super(views, name, engine, &block) # Root
+      super(::ProxES::ProxES.view_folder, name, engine, &block) # Basic Plugin
+    end
   end
 end

data/lib/proxes/controllers/roles.rb

@@ -7,5 +7,10 @@ require 'proxes/policies/role_policy'
 module ProxES
   class Roles < Component
     set model_class: Role
+
+    def find_template(views, name, engine, &block)
+      super(views, name, engine, &block) # Root
+      super(::ProxES::ProxES.view_folder, name, engine, &block) # Basic Plugin
+    end
   end
 end

data/lib/proxes/controllers/users.rb

@@ -11,6 +11,11 @@ module ProxES
     set model_class: User
     set track_actions: true
 
+    def find_template(views, name, engine, &block)
+      super(views, name, engine, &block) # Root
+      super(::ProxES::ProxES.view_folder, name, engine, &block) # Basic Plugin
+    end
+
     # New
     get '/new' do
       authorize settings.model_class, :create

data/lib/proxes/db.rb

@@ -7,6 +7,8 @@ require 'proxes/services/logger'
 # passed to subprocesses.  DATABASE_URL may contain passwords.
 DB = Sequel.connect(ENV['RACK_ENV'] == 'production' ? ENV.delete('DATABASE_URL') : ENV['DATABASE_URL'])
 
+log_level = (ENV['SEQUEL_LOGGING_LEVEL'] || :debug).to_sym
+DB.sql_log_level = log_level
 DB.loggers << ProxES::Services::Logger.instance
 
 DB.extension(:pagination)

data/lib/proxes/forwarder.rb

@@ -10,16 +10,24 @@ module ProxES
       @backend = URI(opts[:backend]) if opts[:backend]
     end
 
+    def body(request)
+      return nil unless request.body
+      return nil if request.body.is_a? Puma::NullIO
+      return request.body.string if request.body.is_a? StringIO
+      return request.body.read if request.body.is_a? Tempfile
+      request.body
+    end
+
     def call(env)
       source_request = Rack::Request.new(env)
       full_path = source_request.fullpath == '' ? URI.parse(env['REQUEST_URI']).request_uri : source_request.fullpath
       target_request = Net::HTTP.const_get(source_request.request_method.capitalize).new(full_path)
 
-      if source_request.body
-        target_request.body_stream    = source_request.body
-        target_request.content_length = source_request.content_length.to_i
+      request_body = body(source_request)
+      if request_body
+        target_request.body = request_body
+        target_request.content_length = request_body.length
         target_request.content_type   = source_request.content_type if source_request.content_type
-        target_request.body_stream.rewind
       end
 
       http = Net::HTTP.new(backend.host, backend.port)

data/lib/proxes/helpers/authentication.rb

@@ -4,13 +4,16 @@ module ProxES
   module Helpers
     module Authentication
       def current_user
-        return nil unless env['rack.session'] && env['rack.session']['user_id']
+        if env['rack.session'].nil? || env['rack.session']['user_id'].nil?
+          self.current_user = anonymous_user
+        end
         @users ||= Hash.new { |h, k| h[k] = User[k] }
         @users[env['rack.session']['user_id']]
       end
 
       def current_user=(user)
-        env['rack.session']['user_id'] = user.id
+        env['rack.session'] = {} if env['rack.session'].nil?
+        env['rack.session']['user_id'] = user.id if user
       end
 
       def authenticate
@@ -18,11 +21,11 @@ module ProxES
       end
 
       def authenticated?
-        current_user.nil?
+        current_user && !current_user.role?('anonymous')
       end
 
       def authenticate!
-        raise NotAuthenticated unless current_user
+        raise NotAuthenticated unless authenticated?
         true
       end
 
@@ -30,16 +33,23 @@ module ProxES
         env['rack.session'].delete('user_id')
       end
 
-      def check_basic
-        auth = Rack::Auth::Basic::Request.new(env)
-        return unless auth.provided?
-        return unless auth.basic?
+      def check_basic(request)
+        auth = Rack::Auth::Basic::Request.new(request.env)
+        return false unless auth.provided? && auth.basic?
 
         identity = ::ProxES::Identity.find(username: auth.credentials[0])
         identity = ::ProxES::Identity.find(username: URI.unescape(auth.credentials[0])) unless identity
-        raise NotAuthenticated unless identity
+        return false unless identity
         self.current_user = identity.user if identity.authenticate(auth.credentials[1])
       end
+
+      def anonymous_user
+        return @anonymous_user if defined? @anonymous_user
+        @anonymous_user ||= begin
+          role = ::ProxES::Role.where(name: 'anonymous').first
+          ::ProxES::User.where(roles: role).first unless role.nil?
+        end
+      end
     end
 
     class NotAuthenticated < StandardError

data/lib/proxes/helpers/indices.rb

@@ -10,7 +10,7 @@ module ProxES
         against.each do |pattern|
           answer.concat(asked.select { |idx| idx =~ /#{pattern}/ })
         end
-        answer.count > 0 ? answer : against
+        answer
       end
     end
   end

data/lib/proxes/models/user.rb

@@ -49,8 +49,8 @@ module ProxES
     end
 
     def check_roles
+      return if role?('anonymous')
       add_role Role.find_or_create(name: 'user') unless role?('user')
-      add_role Role.find_or_create(name: 'super_admin') if id == 1 && ENV['RACK_ENV'] != 'test' && !role?('super_admin')
     end
 
     def index_prefix

data/lib/proxes/policies/request/cat_policy.rb

@@ -1,10 +1,14 @@
 # frozen_string_literal: true
 
+require 'proxes/policies/request_policy'
+
 module ProxES
   class Request
     class CatPolicy < RequestPolicy
       class Scope < RequestPolicy::Scope
         def resolve
+          return [] if user.nil?
+
           patterns = Permission.for_user(user, 'INDEX').map do |permission|
             permission.pattern.gsub(/\{user.(.*)\}/) { |_match| user.send(Regexp.last_match[1].to_sym) }
           end

data/lib/proxes/policies/request/create_policy.rb

@@ -0,0 +1,20 @@
+# frozen_string_literal: true
+
+require 'proxes/policies/request_policy'
+
+module ProxES
+  class Request
+    class CreatePolicy < RequestPolicy
+      class Scope < RequestPolicy::Scope
+        def resolve
+          return [] if user.nil?
+
+          patterns = Permission.for_user(user, 'INDEX').map do |permission|
+            permission.pattern.gsub(/\{user.(.*)\}/) { |_match| user.send(Regexp.last_match[1].to_sym) }
+          end
+          filter(scope.index, patterns).count > 0 ? scope.index : []
+        end
+      end
+    end
+  end
+end

data/lib/proxes/policies/request/index_policy.rb

@@ -0,0 +1,24 @@
+# frozen_string_literal: true
+
+require 'proxes/db'
+require 'proxes/models/permission'
+require 'proxes/policies/request_policy'
+
+module ProxES
+  class Request
+    class IndexPolicy < RequestPolicy
+      class Scope < RequestPolicy::Scope
+        def resolve
+          return [] if user.nil?
+
+          patterns = Permission.for_user(user, 'INDEX').map do |permission|
+            permission.pattern.gsub(/\{user.(.*)\}/) { |_match| user.send(Regexp.last_match[1].to_sym) }
+          end
+          result = filter(scope.index, patterns)
+          return [] unless result.count > 0
+          %w[POST PUT].include?(scope.request_method) ? scope.index : result
+        end
+      end
+    end
+  end
+end

data/lib/proxes/policies/request/search_policy.rb

@@ -1,10 +1,14 @@
 # frozen_string_literal: true
 
+require 'proxes/policies/request_policy'
+
 module ProxES
   class Request
     class SearchPolicy < RequestPolicy
       class Scope < RequestPolicy::Scope
         def resolve
+          return false if user.nil?
+
           patterns = Permission.for_user(user, 'INDEX').map do |permission|
             permission.pattern.gsub(/\{user.(.*)\}/) { |_match| user.send(Regexp.last_match[1].to_sym) }
           end

data/lib/proxes/policies/request/snapshot_policy.rb

@@ -1,5 +1,7 @@
 # frozen_string_literal: true
 
+require 'proxes/policies/request_policy'
+
 module ProxES
   class Request
     class SnapshotPolicy < RequestPolicy

data/lib/proxes/policies/request/stats_policy.rb

@@ -1,10 +1,14 @@
 # frozen_string_literal: true
 
+require 'proxes/policies/request_policy'
+
 module ProxES
   class Request
     class StatsPolicy < RequestPolicy
       class Scope < RequestPolicy::Scope
         def resolve
+          return [] if user.nil?
+
           patterns = Permission.for_user(user, 'INDEX').map do |permission|
             permission.pattern.gsub(/\{user.(.*)\}/) { |_match| user.send(Regexp.last_match[1].to_sym) }
           end

data/lib/proxes/policies/request_policy.rb

@@ -19,13 +19,16 @@ module ProxES
     def method_missing(method_sym, *arguments, &block)
       return super if method_sym.to_s[-1] != '?'
 
-      return false if user.nil?
       return true if record.indices? && index_allowed?
       action_allowed? method_sym[0..-2].upcase
     end
 
+    def respond_to_missing?(name, _include_private = false)
+      name[-1] == '?'
+    end
+
     def index_allowed?
-      patterns = Permission.for_user(user, 'INDEX').map do |permission|
+      patterns = patterns_for('INDEX').map do |permission|
         permission.pattern.gsub(/\{user.(.*)\}/) { |_match| user.send(Regexp.last_match[1].to_sym) }
       end
       filter(record.index, patterns).count > 0
@@ -33,14 +36,15 @@ module ProxES
 
     def action_allowed?(action)
       # Give me all the user's permissions that match the verb
-      Permission.for_user(user, action).each do |permission|
+      patterns_for(action).each do |permission|
         return true if record.path =~ /#{permission.pattern}/
       end
       false
     end
 
-    def respond_to_missing?(name, _include_private = false)
-      name[-1] == '?'
+    def patterns_for(action)
+      return Permission.for_user(user, action) if user
+      []
     end
 
     def logger
@@ -60,12 +64,10 @@ module ProxES
       def logger
         @logger ||= ProxES::Services::Logger.instance
       end
+
+      def resolve
+        scope
+      end
     end
   end
 end
-
-require 'proxes/policies/request/cat_policy'
-require 'proxes/policies/request/root_policy'
-require 'proxes/policies/request/stats_policy'
-require 'proxes/policies/request/search_policy'
-require 'proxes/policies/request/snapshot_policy'

data/lib/proxes/proxes.rb

@@ -6,12 +6,15 @@ module ProxES
       File.expand_path('../../../migrate', __FILE__)
     end
 
+    def self.view_folder
+      File.expand_path('../../../views', __FILE__)
+    end
+
     def self.route_mappings
       controllers = File.expand_path('../controllers', __FILE__)
       Dir.glob("#{controllers}/*.rb").each { |f| require f }
       {
         '/' => ::ProxES::App,
-        '/dashboards' => ::ProxES::Dashboards,
         '/users' => ::ProxES::Users,
         '/roles' => ::ProxES::Roles,
         '/permissions' => ::ProxES::Permissions,
@@ -24,17 +27,40 @@ module ProxES
         { order: 0, link: '/users/', text: 'Users', target: User, icon: 'user' },
         { order: 1, link: '/roles/', text: 'Roles', target: Role, icon: 'group' },
         { order: 2, link: '/permissions/', text: 'Permissions', target: Permission, icon: 'check-square' },
-        { order: 3, link: '/audit-logs/', text: 'Audit Logs', target: AuditLog, icon: 'history' },
+        { order: 3, link: '/audit-logs/', text: 'Audit Logs', target: AuditLog, icon: 'history' }
       ]
     end
 
     def self.seeder
       proc do
-        ::ProxES::Role.find_or_create(name: 'user')
+        require 'proxes/models/user'
+        require 'proxes/models/role'
+
         sa = ::ProxES::Role.find_or_create(name: 'super_admin')
         %w[GET POST PUT DELETE HEAD OPTIONS INDEX].each do |verb|
           ::ProxES::Permission.find_or_create(role: sa, verb: verb, pattern: '.*')
         end
+        ::ProxES::Role.find_or_create(name: 'admin')
+        user_role = ::ProxES::Role.find_or_create(name: 'user')
+
+        # Kibana Specific
+        anon = ::ProxES::User.find_or_create(email: 'anonymous@proxes.io')
+        anon.remove_role user_role
+        anon_role = ::ProxES::Role.find_or_create(name: 'anonymous')
+        anon.add_role anon_role unless anon.role?('anonymous')
+        ::ProxES::Permission.find_or_create(role: anon_role, verb: 'GET', pattern: '/.kibana/config/*')
+        ::ProxES::Permission.find_or_create(role: anon_role, verb: 'INDEX', pattern: '.kibana')
+
+        kibana = ::ProxES::Role.find_or_create(name: 'kibana')
+        ::ProxES::Permission.find_or_create(role: kibana, verb: 'INDEX', pattern: '.kibana')
+        ::ProxES::Permission.find_or_create(role: kibana, verb: 'HEAD', pattern: '/')
+        ::ProxES::Permission.find_or_create(role: kibana, verb: 'GET', pattern: '/_nodes*')
+        ::ProxES::Permission.find_or_create(role: kibana, verb: 'GET', pattern: '/_cluster/health*')
+        ::ProxES::Permission.find_or_create(role: kibana, verb: 'GET', pattern: '/_cluster/settings*')
+        ::ProxES::Permission.find_or_create(role: kibana, verb: 'POST', pattern: '/_mget')
+        ::ProxES::Permission.find_or_create(role: kibana, verb: 'POST', pattern: '/_search')
+        ::ProxES::Permission.find_or_create(role: kibana, verb: 'POST', pattern: '/_msearch')
+        ::ProxES::Permission.find_or_create(role: kibana, verb: 'POST', pattern: '/_refresh')
       end
     end
   end

data/lib/proxes/request.rb

@@ -4,12 +4,12 @@ require 'rack'
 
 module ProxES
   class Request < Rack::Request
-    ID_ENDPOINTS = %w[_create _explain _mlt _percolate _source _termvector _update]
+    ID_ENDPOINTS = %w[_create _explain _mlt _percolate _source _termvector _update].freeze
+    WRITE_METHODS = %w[POST PUT DELETE].freeze
 
     def self.from_env(env)
       endpoint = path_endpoint(env['REQUEST_PATH'])
-      return new(env) if endpoint.nil?
-      endpoint_class = endpoint[1..-1]
+      endpoint_class = endpoint.nil? ? 'index' : endpoint[1..-1]
       begin
         require 'proxes/request/' + endpoint_class.downcase
         Request.const_get(endpoint_class.titlecase).new(env)
@@ -36,7 +36,6 @@ module ProxES
       path_parts[0]
     end
 
-
     def parse
       path_parts
     end
@@ -53,7 +52,7 @@ module ProxES
 
     def check_part(val)
       return val if val.nil?
-      return [] if [endpoint, '_all'].include? val
+      return [] if ([endpoint, '_all'].include?(val) && !WRITE_METHODS.include?(request_method))
       val.split(',')
     end
   end

data/lib/proxes/request/cat.rb

@@ -1,16 +1,16 @@
 # frozen_string_literal: true
 
-require 'rack'
 require 'proxes/request'
+require 'proxes/policies/request/cat_policy'
 
 module ProxES
   class Request
     class Cat < Request
-      attr_reader :index, :type, :id
+      attr_reader :index, :type
 
       def index=(idx)
         @index = idx
-        self.path_info = '/' + [endpoint, type, index]
+        self.path_info = '/' + [endpoint, type, index].compact
                          .map { |v| v.is_a?(Array) ? v.join(',') : v }
                          .select { |v| !v.nil? && v != '' }.join('/')
       end

data/lib/proxes/request/create.rb

@@ -0,0 +1,33 @@
+# frozen_string_literal: true
+
+require 'proxes/request'
+require 'proxes/policies/request/create_policy'
+
+module ProxES
+  class Request
+    class Create < Request
+      attr_reader :index, :type, :id
+
+      def index=(idx)
+        @index = idx
+        self.path_info = '/' + [index, type, id, endpoint].compact
+                                                          .map { |v| v.is_a?(Array) ? v.join(',') : v }
+                                                          .select { |v| !v.nil? && v != '' }.join('/')
+      end
+
+      def endpoint
+        '_create'
+      end
+
+      def parse
+        @index ||= check_part(path_parts[0])
+        @type ||= check_part(path_parts[1])
+        @id ||= check_part(path_parts[2])
+      end
+
+      def indices?
+        true
+      end
+    end
+  end
+end

data/lib/proxes/request/index.rb

@@ -0,0 +1,29 @@
+# frozen_string_literal: true
+
+require 'proxes/request'
+require 'proxes/policies/request/index_policy'
+
+module ProxES
+  class Request
+    class Index < Request
+      attr_reader :index, :type, :id
+
+      def index=(idx)
+        @index = idx
+        self.path_info = '/' + [index, type, id].compact
+                         .map { |v| v.is_a?(Array) ? v.join(',') : v }
+                         .select { |v| !v.nil? && v != '' }.join('/')
+      end
+
+      def parse
+        @index ||= check_part(path_parts[0])
+        @type ||= check_part(path_parts[1])
+        @id ||= check_part(path_parts[2])
+      end
+
+      def indices?
+        true
+      end
+    end
+  end
+end

data/lib/proxes/request/root.rb

@@ -1,7 +1,7 @@
 # frozen_string_literal: true
 
-require 'rack'
 require 'proxes/request'
+require 'proxes/policies/request/root_policy'
 
 module ProxES
   class Request

data/lib/proxes/request/search.rb

@@ -1,7 +1,7 @@
 # frozen_string_literal: true
 
-require 'rack'
 require 'proxes/request'
+require 'proxes/policies/request/search_policy'
 
 module ProxES
   class Request
@@ -10,9 +10,9 @@ module ProxES
 
       def index=(idx)
         @index = idx
-        self.path_info = '/' + [index, type, id, endpoint]
-                         .map { |v| v.is_a?(Array) ? v.join(',') : v }
-                         .select { |v| !v.nil? && v != '' }.join('/')
+        self.path_info = '/' + [index, type, id, endpoint].compact
+                                                          .map { |v| v.is_a?(Array) ? v.join(',') : v }
+                                                          .select { |v| !v.nil? && v != '' }.join('/')
       end
 
       def endpoint
@@ -20,9 +20,9 @@ module ProxES
       end
 
       def parse
-        @index ||= check_part(path_parts[0])
-        @type  ||= check_part(path_parts[1])
-        @id    ||= check_part(path_parts[2])
+        @index ||= check_part(path_parts[0]) unless path_parts[0] == endpoint
+        @type  ||= check_part(path_parts[1]) unless path_parts[1] == endpoint
+        @id    ||= check_part(path_parts[2]) unless path_parts[2] == endpoint
       end
 
       def id

data/lib/proxes/request/snapshot.rb

@@ -1,7 +1,7 @@
 # frozen_string_literal: true
 
-require 'rack'
 require 'proxes/request'
+require 'proxes/policies/request/snapshot_policy'
 
 module ProxES
   class Request

data/lib/proxes/request/stats.rb

@@ -1,7 +1,7 @@
 # frozen_string_literal: true
 
-require 'rack'
 require 'proxes/request'
+require 'proxes/policies/request/stats_policy'
 
 module ProxES
   class Request
@@ -10,9 +10,9 @@ module ProxES
 
       def index=(idx)
         @index = idx
-        self.path_info = '/' + [index, endpoint]
-                         .map { |v| v.is_a?(Array) ? v.join(',') : v }
-                         .select { |v| !v.nil? && v != '' }.join('/')
+        self.path_info = '/' + [index, endpoint].compact
+                                                .map { |v| v.is_a?(Array) ? v.join(',') : v }
+                                                .select { |v| !v.nil? && v != '' }.join('/')
       end
 
       def endpoint

data/lib/proxes/security.rb

@@ -1,5 +1,6 @@
 # frozen_string_literal: true
 
+require 'proxes/models/identity'
 require 'proxes/services/logger'
 require 'proxes/request'
 require 'proxes/policies/request_policy'
@@ -23,44 +24,63 @@ module ProxES
     end
 
     def error(message, code = 500)
-      [code, { 'Content-Type' => 'application/json' }, ['{"error":"' + message + '"}']]
+      headers = { 'Content-Type' => 'application/json' }
+      headers['WWW-Authenticate'] = 'Basic realm="security"' if code == 401
+      [code, headers, ['{"error":"' + message + '"}']]
+    end
+
+    def check(request)
+      check_basic request
+      authorize request
+    rescue Pundit::NotAuthorizedError
+      log_action(:es_request_denied, details: "#{request.request_method.upcase} #{request.fullpath} (#{request.class.name})")
+      logger.debug "Access denied for #{current_user ? current_user.email : 'Anonymous User'} by security layer: #{request.request_method.upcase} #{request.fullpath} (#{request.class.name})"
+      error 'Not Authorized', 401
+    rescue ::ProxES::Helpers::NotAuthenticated
+      logger.warn "Access denied for unauthenticated request by security layer: #{request.request_method.upcase} #{request.fullpath} (#{request.class.name})"
+      error 'Not Authenticated', 401
+    rescue StandardError => e
+      raise e if env['RACK_ENV'] != 'production'
+      logger.error "Access denied for #{current_user ? current_user.email : 'Anonymous User'} by security exception: #{request.request_method.upcase} #{request.fullpath} (#{request.class.name})"
+      logger.error e
+      error 'Forbidden', 403
+    end
+
+    def forward(request)
+      start = Time.now.to_f
+      result = @app.call request.env
+      broadcast(:call_completed, endpoint: request.endpoint, duration: Time.now.to_f - start)
+      result
+    rescue Errno::EHOSTUNREACH
+      error 'Could not reach Elasticsearch at ' + env['ELASTICSEARCH_URL']
+    rescue Errno::ECONNREFUSED
+      error 'Elasticsearch not listening at ' + env['ELASTICSEARCH_URL']
     end
 
     def call(env)
       @env = env
 
       request = Request.from_env(env)
+      broadcast(:call_started, request)
 
       logger.debug '==========================BEFORE================================================'
-      logger.debug '= ' + "Request: #{request.request_method} #{request.fullpath}".ljust(76) + ' ='
+      logger.debug '= ' + "Request: #{request.request_method} #{request.fullpath} (#{request.class.name})".ljust(76) + ' ='
       logger.debug '= ' + "Endpoint: #{request.endpoint}".ljust(76) + ' ='
       logger.debug '================================================================================'
 
-      begin
-        check_basic
-        authorize request
-      rescue StandardError
-        log_action(:es_request_denied, details: "#{request.request_method.upcase} #{request.fullpath} (#{request.class.name})")
-        logger.debug "Access denied for #{current_user ? current_user.email : 'Anonymous User'} by security layer: #{request.request_method.upcase} #{request.fullpath} (#{request.class.name})"
-        return error 'Forbidden', 403
+      unless env['PROXES_PASSTHROUGH']
+        result = check(request)
+        return result if result.is_a?(Array) # Rack Response
+
+        request.index = policy_scope(request) if request.indices?
       end
-      request.index = policy_scope(request) if request.indices?
 
       logger.debug '==========================AFTER================================================='
-      logger.debug '= ' + "Request: #{request.request_method} #{request.fullpath}".ljust(76) + ' ='
+      logger.debug '= ' + "Request: #{request.request_method} #{request.fullpath} (#{request.class.name})".ljust(76) + ' ='
       logger.debug '= ' + "Endpoint: #{request.endpoint}".ljust(76) + ' ='
       logger.debug '================================================================================'
 
-      begin
-        start = Time.now.to_f
-        result = @app.call request.env
-        broadcast(:call_completed, endpoint: request.endpoint, duration: Time.now.to_f - start)
-        result
-      rescue Errno::EHOSTUNREACH
-        error 'Could not reach Elasticsearch at ' + ENV['ELASTICSEARCH_URL']
-      rescue Errno::ECONNREFUSED
-        error 'Elasticsearch not listening at ' + ENV['ELASTICSEARCH_URL']
-      end
+      forward request
     end
   end
 end

data/lib/proxes/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module ProxES
-  VERSION = '0.6.1'.freeze
+  VERSION = '0.7.0'.freeze
 end

data/views/partials/navbar.haml

@@ -9,7 +9,7 @@
       %span.icon-bar.bar1
       %span.icon-bar.bar2
       %span.icon-bar.bar3
-  -if current_user
+  -if authenticated?
     %form.nav.navbar-top-links.navbar-form.navbar-right{ action: '/_proxes/auth/identity', method: 'post' }
       %a.btn.btn-default{ href: "/_proxes/users/profile" } My Account
       %input{ name: '_method', value: 'DELETE', type: 'hidden' }

data/views/partials/sidebar.haml

@@ -1,5 +1,5 @@
 %ul.nav.nav-pills.nav-stacked
-  - if defined?(current_user) && current_user
+  - if authenticated?
     %li
       %a{ href: '/_proxes' }
         %i.fa.fa-dashboard.fa-fw
@@ -20,7 +20,7 @@
         %i.fa.fa-pencil-square-o.fa-fw
         Register
 
-- if defined?(current_user) && current_user
+- if authenticated?
   - if cluster_health
     %table.table
       %tbody

data/views/users/display.haml

@@ -20,7 +20,7 @@
         %p.description
           %label Signed up:
           = entity.created_at.strftime('%Y-%m-%d %H:%M:%S')
-  
+
         .row
           .col-md-6
             %a.btn.btn-default{ href: "#{base_path}/#{entity.id}/edit" } Edit
@@ -50,19 +50,20 @@
             %td{ colspan: 2 } No Permissions
   .col-md-2
 
-.row
-  .col-md-2
-  .col-md-8
-    .panel.panel-default
-      .panel-heading
-        %h4 Change Password
-      .panel-body
-        %form.form-horizontal{ method: 'post', action: "#{base_path}/#{entity.id}/identity" }
-          %input{ name: '_method', value: 'PUT', type: 'hidden' }
-          = form_control(:password, entity.identity.first, type: 'password', placeholder: 'Your password', group: 'identity')
-          = form_control(:password_confirmation, entity.identity.first, type: 'password', label: 'Confirm Password', placeholder: 'Confirm your password', group: 'identity')
-          %button.btn.btn-primary{ type: 'submit' }
-            Change Password
-  .col-md-2
+- if entity.identity.first
+  .row
+    .col-md-2
+    .col-md-8
+      .panel.panel-default
+        .panel-heading
+          %h4 Change Password
+        .panel-body
+          %form.form-horizontal{ method: 'post', action: "#{base_path}/#{entity.id}/identity" }
+            %input{ name: '_method', value: 'PUT', type: 'hidden' }
+            = form_control(:password, entity.identity.first, type: 'password', placeholder: 'Your password', group: 'identity')
+            = form_control(:password_confirmation, entity.identity.first, type: 'password', label: 'Confirm Password', placeholder: 'Confirm your password', group: 'identity')
+            %button.btn.btn-primary{ type: 'submit' }
+              Change Password
+    .col-md-2
 
 

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: proxes
 version: !ruby/object:Gem::Version
-  version: 0.6.1
+  version: 0.7.0
 platform: ruby
 authors:
 - Jurgens du Toit
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2017-07-09 00:00:00.000000000 Z
+date: 2017-07-22 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler
@@ -419,6 +419,8 @@ files:
 - lib/proxes/policies/identity_policy.rb
 - lib/proxes/policies/permission_policy.rb
 - lib/proxes/policies/request/cat_policy.rb
+- lib/proxes/policies/request/create_policy.rb
+- lib/proxes/policies/request/index_policy.rb
 - lib/proxes/policies/request/root_policy.rb
 - lib/proxes/policies/request/search_policy.rb
 - lib/proxes/policies/request/snapshot_policy.rb
@@ -431,6 +433,8 @@ files:
 - lib/proxes/rake_tasks.rb
 - lib/proxes/request.rb
 - lib/proxes/request/cat.rb
+- lib/proxes/request/create.rb
+- lib/proxes/request/index.rb
 - lib/proxes/request/root.rb
 - lib/proxes/request/search.rb
 - lib/proxes/request/snapshot.rb