proxes 0.7.1 → 0.8.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/.gitignore +1 -0
- data/.rubocop.yml +1 -1
- data/.travis.yml +0 -3
- data/Gemfile.ci +5 -2
- data/README.md +12 -9
- data/Rakefile +10 -5
- data/Vagrantfile +1 -4
- data/config.ru +32 -24
- data/lib/{proxes → ditty/components}/proxes.rb +26 -33
- data/lib/proxes/controllers/permissions.rb +4 -3
- data/lib/proxes/models/permission.rb +7 -5
- data/lib/proxes/policies/permission_policy.rb +4 -4
- data/lib/proxes/policies/request/index_policy.rb +1 -1
- data/lib/proxes/policies/request_policy.rb +3 -4
- data/lib/proxes/policies/token_policy.rb +1 -1
- data/lib/proxes/request/cat.rb +2 -2
- data/lib/proxes/request/index.rb +2 -2
- data/lib/proxes/request.rb +1 -1
- data/lib/proxes/security.rb +10 -12
- data/lib/proxes/version.rb +1 -1
- data/lib/proxes.rb +1 -3
- data/migrate/20170207_base_tables.rb +2 -1
- data/migrate/20170208_audit_log.rb +1 -0
- data/proxes.gemspec +15 -14
- data/public/js/bundle.js +44683 -23940
- data/public/js/vendors.js +1 -0
- data/views/permissions/form.haml +2 -2
- data/views/permissions/index.haml +14 -9
- metadata +69 -108
- data/lib/proxes/container.rb +0 -135
- data/lib/proxes/controllers/app.rb +0 -80
- data/lib/proxes/controllers/application.rb +0 -80
- data/lib/proxes/controllers/audit_logs.rb +0 -44
- data/lib/proxes/controllers/component.rb +0 -167
- data/lib/proxes/controllers/roles.rb +0 -16
- data/lib/proxes/controllers/users.rb +0 -183
- data/lib/proxes/db.rb +0 -18
- data/lib/proxes/helpers/authentication.rb +0 -58
- data/lib/proxes/helpers/component.rb +0 -49
- data/lib/proxes/helpers/pundit.rb +0 -40
- data/lib/proxes/helpers/views.rb +0 -42
- data/lib/proxes/helpers/wisper.rb +0 -15
- data/lib/proxes/listener.rb +0 -23
- data/lib/proxes/models/audit_log.rb +0 -14
- data/lib/proxes/models/base.rb +0 -9
- data/lib/proxes/models/identity.rb +0 -70
- data/lib/proxes/models/role.rb +0 -17
- data/lib/proxes/models/user.rb +0 -64
- data/lib/proxes/omniauth.rb +0 -4
- data/lib/proxes/policies/application_policy.rb +0 -21
- data/lib/proxes/policies/audit_log_policy.rb +0 -41
- data/lib/proxes/policies/identity_policy.rb +0 -25
- data/lib/proxes/policies/role_policy.rb +0 -37
- data/lib/proxes/policies/user_policy.rb +0 -43
- data/lib/proxes/rake_tasks.rb +0 -219
- data/lib/proxes/seed.rb +0 -5
- data/lib/proxes/services/logger.rb +0 -51
- data/views/404.haml +0 -1
- data/views/audit_logs/index.haml +0 -26
- data/views/error.haml +0 -4
- data/views/getting_started.haml +0 -16
- data/views/identity/login.haml +0 -19
- data/views/identity/register.haml +0 -14
- data/views/index.haml +0 -3
- data/views/layout.haml +0 -58
- data/views/partials/delete_form.haml +0 -4
- data/views/partials/form_control.haml +0 -20
- data/views/partials/navbar.haml +0 -25
- data/views/partials/notifications.haml +0 -24
- data/views/partials/pager.haml +0 -12
- data/views/partials/sidebar.haml +0 -54
- data/views/roles/display.haml +0 -38
- data/views/roles/edit.haml +0 -11
- data/views/roles/form.haml +0 -1
- data/views/roles/index.haml +0 -20
- data/views/roles/new.haml +0 -10
- data/views/users/display.haml +0 -69
- data/views/users/edit.haml +0 -11
- data/views/users/identity.haml +0 -3
- data/views/users/index.haml +0 -23
- data/views/users/new.haml +0 -11
- data/views/users/profile.haml +0 -39
- data/views/users/user.haml +0 -3
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 110bfadb9580417402ed8e47ae66a39c2d2347ac
|
4
|
+
data.tar.gz: 48eb4c42bf8de55da0dea02bf8607ba6540c7d52
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 2fffacb9260796bff10b93befcb696e0e4bbd65a4759b0cbd7a69f09b0c81b7c72618cecf4ebc0fc9c11cc0981b2ce194a99e757db40fd55ffd3e6da7a2cb8ca
|
7
|
+
data.tar.gz: befa0e27737533a6a1d50c3a0c5070ecb85931a582c735ce41c0993ad9fed5d3a4f803b729e8a1aff39b491b6a7b4baa877623e8559a4c899c6a3c01acc38f59
|
data/.gitignore
CHANGED
data/.rubocop.yml
CHANGED
data/.travis.yml
CHANGED
data/Gemfile.ci
CHANGED
@@ -3,9 +3,12 @@ source 'https://rubygems.org'
|
|
3
3
|
|
4
4
|
gemspec
|
5
5
|
|
6
|
-
gem 'sqlite3'
|
7
|
-
gem 'simplecov', '~> 0.13.0'
|
8
6
|
gem 'codeclimate-test-reporter', '~> 1.0.0'
|
7
|
+
gem 'dotenv'
|
8
|
+
gem 'rspec'
|
9
|
+
gem 'rubocop'
|
10
|
+
gem 'simplecov', '~> 0.13.0'
|
11
|
+
gem 'sqlite3'
|
9
12
|
|
10
13
|
if RUBY_VERSION < '2.1'
|
11
14
|
gem 'sidekiq', '3.0.0'
|
data/README.md
CHANGED
@@ -6,13 +6,6 @@
|
|
6
6
|
|
7
7
|
ProxES provides a management interface and security layer for Elasticsearch.
|
8
8
|
|
9
|
-
## Getting Started
|
10
|
-
|
11
|
-
This is a full application that requires some setup. The following complete setup
|
12
|
-
scripts are available:
|
13
|
-
|
14
|
-
* [Ubuntu](https://gist.github.com/jrgns/979a6d3ea7cc94db671551227fd6469a#file-setup-ubuntu-sh)
|
15
|
-
|
16
9
|
## Installation
|
17
10
|
|
18
11
|
Add this line to your application's Gemfile:
|
@@ -41,12 +34,22 @@ gem install proxes
|
|
41
34
|
4. Create and populate the DB and secret tokens:
|
42
35
|
|
43
36
|
```bash
|
37
|
+
bundle exec rake proxes:prep
|
38
|
+
bundle exec rake proxes:generate_tokens
|
44
39
|
bundle exec rake proxes:migrate
|
45
40
|
bundle exec rake proxes:seed
|
46
|
-
bundle exec
|
41
|
+
bundle exec whenever --update-crontab
|
42
|
+
```
|
43
|
+
|
44
|
+
5. Create the necessary folders:
|
45
|
+
|
46
|
+
```bash
|
47
|
+
mkdir tmp
|
48
|
+
mkdir logs
|
49
|
+
mkdir config
|
47
50
|
```
|
48
51
|
|
49
|
-
|
52
|
+
6. Start up the web app: `bundle exec rackup`
|
50
53
|
|
51
54
|
## Components
|
52
55
|
|
data/Rakefile
CHANGED
@@ -1,10 +1,15 @@
|
|
1
1
|
# frozen_string_literal: true
|
2
2
|
|
3
|
+
require 'dotenv/load'
|
4
|
+
|
3
5
|
require 'rake'
|
4
|
-
require '
|
5
|
-
require 'rspec/core/rake_task'
|
6
|
-
require 'proxes/rake_tasks'
|
6
|
+
require 'proxes'
|
7
7
|
|
8
|
-
|
8
|
+
begin
|
9
|
+
require 'rspec/core/rake_task'
|
10
|
+
RSpec::Core::RakeTask.new(:spec)
|
11
|
+
task default: :spec
|
12
|
+
rescue LoadError
|
13
|
+
end
|
9
14
|
|
10
|
-
|
15
|
+
require 'ditty/rake_tasks'
|
data/Vagrantfile
CHANGED
@@ -1,4 +1,5 @@
|
|
1
1
|
# frozen_string_literal: true
|
2
|
+
|
2
3
|
# -*- mode: ruby -*-
|
3
4
|
# vi: set ft=ruby :
|
4
5
|
|
@@ -44,7 +45,3 @@ Vagrant.configure(2) do |config|
|
|
44
45
|
# npm install --no-bin-links
|
45
46
|
SHELL
|
46
47
|
end
|
47
|
-
|
48
|
-
# create user proxes with password 'somethingrandom';
|
49
|
-
# create database proxes;
|
50
|
-
# grant all privileges on database proxes to proxes;
|
data/config.ru
CHANGED
@@ -1,42 +1,50 @@
|
|
1
1
|
# frozen_string_literal: true
|
2
|
+
|
2
3
|
libdir = File.expand_path(File.dirname(__FILE__) + '/lib')
|
3
4
|
$LOAD_PATH.unshift(libdir) unless $LOAD_PATH.include?(libdir)
|
4
5
|
|
5
|
-
|
6
|
-
|
6
|
+
require 'dotenv/load'
|
7
7
|
require 'proxes'
|
8
|
-
require 'proxes/
|
8
|
+
require 'proxes/proxes'
|
9
|
+
require 'rack/protection'
|
10
|
+
ProxES::Container.plugin(:proxes)
|
11
|
+
|
9
12
|
use Rack::Session::Cookie,
|
10
13
|
key: '_ProxES_session',
|
11
|
-
|
14
|
+
# :secure=>!TEST_MODE, # Uncomment if only allowing https:// access
|
12
15
|
secret: File.read('.session_secret')
|
16
|
+
use Rack::Protection::RemoteToken
|
17
|
+
use Rack::Protection::SessionHijacking
|
13
18
|
|
14
|
-
|
15
|
-
|
16
|
-
provider :identity,
|
17
|
-
fields: [:username],
|
18
|
-
callback_path: '/_proxes/auth/identity/callback',
|
19
|
-
model: ProxES::Identity,
|
20
|
-
on_login: ProxES::AuthIdentity,
|
21
|
-
on_registration: ProxES::AuthIdentity,
|
22
|
-
locate_conditions: ->(req) { { username: req['username'] } }
|
23
|
-
end
|
24
|
-
OmniAuth.config.on_failure = ProxES::AuthIdentity
|
19
|
+
map '/_proxes' do
|
20
|
+
require 'proxes/omniauth'
|
25
21
|
|
26
|
-
|
27
|
-
|
28
|
-
|
22
|
+
use OmniAuth::Builder do
|
23
|
+
configure do |config|
|
24
|
+
config.path_prefix = '/auth'
|
25
|
+
config.on_failure = ProxES::App
|
26
|
+
end
|
29
27
|
|
30
|
-
|
31
|
-
|
28
|
+
# The identity provider is used by the App.
|
29
|
+
provider :identity,
|
30
|
+
fields: [:username],
|
31
|
+
callback_path: '/auth/identity/callback',
|
32
|
+
model: ProxES::Identity,
|
33
|
+
on_login: ProxES::App,
|
34
|
+
on_registration: ProxES::App,
|
35
|
+
locate_conditions: ->(req) { { username: req['username'] } }
|
36
|
+
end
|
37
|
+
|
38
|
+
run Rack::URLMap.new Ditty.routes
|
32
39
|
end
|
33
40
|
|
34
|
-
# Proxy all Elasticsearch requests
|
35
|
-
require 'proxes/security'
|
36
|
-
require 'proxes/forwarder'
|
37
41
|
map '/' do
|
42
|
+
# Proxy all Elasticsearch requests
|
43
|
+
require 'proxes/security'
|
44
|
+
require 'proxes/forwarder'
|
45
|
+
|
38
46
|
# Security
|
39
|
-
use ProxES::Security,
|
47
|
+
use ProxES::Security, Ditty::Services::Logger.instance
|
40
48
|
use Rack::ContentLength
|
41
49
|
|
42
50
|
# Forward requests to ES
|
@@ -1,66 +1,59 @@
|
|
1
1
|
# frozen_string_literal: true
|
2
2
|
|
3
|
-
|
3
|
+
require 'ditty'
|
4
|
+
|
5
|
+
module Ditty
|
4
6
|
class ProxES
|
5
|
-
def self.
|
6
|
-
File.expand_path('
|
7
|
+
def self.migrations
|
8
|
+
File.expand_path('../../../../migrate', __FILE__)
|
7
9
|
end
|
8
10
|
|
9
11
|
def self.view_folder
|
10
|
-
File.expand_path('
|
12
|
+
File.expand_path('../../../../views', __FILE__)
|
11
13
|
end
|
12
14
|
|
13
15
|
def self.public_folder
|
14
|
-
File.expand_path('
|
16
|
+
File.expand_path('../../../../public', __FILE__)
|
15
17
|
end
|
16
18
|
|
17
|
-
def self.
|
18
|
-
controllers = File.expand_path('
|
19
|
+
def self.routes
|
20
|
+
controllers = File.expand_path('../../../proxes/controllers', __FILE__)
|
19
21
|
Dir.glob("#{controllers}/*.rb").each { |f| require f }
|
20
22
|
{
|
21
|
-
'/' => ::ProxES::
|
22
|
-
'/users' => ::ProxES::Users,
|
23
|
-
'/roles' => ::ProxES::Roles,
|
24
|
-
'/permissions' => ::ProxES::Permissions,
|
25
|
-
'/audit-logs' => ::ProxES::AuditLogs
|
23
|
+
'/permissions' => ::ProxES::Permissions
|
26
24
|
}
|
27
25
|
end
|
28
26
|
|
29
|
-
def self.
|
30
|
-
|
31
|
-
|
32
|
-
|
33
|
-
icon: '
|
34
|
-
|
35
|
-
{ order: 0, link: '/users/', text: 'Users', target: User, icon: 'user' },
|
36
|
-
{ order: 1, link: '/roles/', text: 'Roles', target: Role, icon: 'group' },
|
37
|
-
{ order: 2, link: '/permissions/', text: 'Permissions', target: Permission, icon: 'check-square' },
|
38
|
-
{ order: 3, link: '/audit-logs/', text: 'Audit Logs', target: AuditLog, icon: 'history' }
|
39
|
-
]
|
40
|
-
}
|
27
|
+
def self.navigation
|
28
|
+
require 'proxes/models/permission'
|
29
|
+
|
30
|
+
[
|
31
|
+
{ order: 2, link: '/permissions/', text: 'Permissions', target: ::ProxES::Permission, icon: 'check-square' }
|
32
|
+
]
|
41
33
|
end
|
42
34
|
|
43
35
|
def self.seeder
|
44
36
|
proc do
|
45
|
-
require '
|
46
|
-
require '
|
37
|
+
require 'ditty/models/user'
|
38
|
+
require 'ditty/models/role'
|
39
|
+
require 'proxes/models/permission'
|
47
40
|
|
48
|
-
sa = ::
|
41
|
+
sa = ::Ditty::Role.find_or_create(name: 'super_admin')
|
49
42
|
%w[GET POST PUT DELETE HEAD OPTIONS INDEX].each do |verb|
|
50
43
|
::ProxES::Permission.find_or_create(role: sa, verb: verb, pattern: '.*')
|
51
44
|
end
|
52
|
-
::
|
53
|
-
user_role = ::
|
45
|
+
::Ditty::Role.find_or_create(name: 'admin')
|
46
|
+
user_role = ::Ditty::Role.find_or_create(name: 'user')
|
54
47
|
|
55
48
|
# Kibana Specific
|
56
|
-
anon = ::
|
49
|
+
anon = ::Ditty::User.find_or_create(email: 'anonymous@proxes.io')
|
57
50
|
anon.remove_role user_role
|
58
|
-
anon_role = ::
|
51
|
+
anon_role = ::Ditty::Role.find_or_create(name: 'anonymous')
|
59
52
|
anon.add_role anon_role unless anon.role?('anonymous')
|
60
53
|
::ProxES::Permission.find_or_create(role: anon_role, verb: 'GET', pattern: '/.kibana/config/*')
|
61
54
|
::ProxES::Permission.find_or_create(role: anon_role, verb: 'INDEX', pattern: '.kibana')
|
62
55
|
|
63
|
-
kibana = ::
|
56
|
+
kibana = ::Ditty::Role.find_or_create(name: 'kibana')
|
64
57
|
::ProxES::Permission.find_or_create(role: kibana, verb: 'INDEX', pattern: '.kibana')
|
65
58
|
::ProxES::Permission.find_or_create(role: kibana, verb: 'HEAD', pattern: '/')
|
66
59
|
::ProxES::Permission.find_or_create(role: kibana, verb: 'GET', pattern: '/_nodes*')
|
@@ -75,4 +68,4 @@ module ProxES
|
|
75
68
|
end
|
76
69
|
end
|
77
70
|
|
78
|
-
|
71
|
+
Ditty::Components.register_component(:proxes, Ditty::ProxES)
|
@@ -1,16 +1,17 @@
|
|
1
1
|
# frozen_string_literal: true
|
2
2
|
|
3
|
-
require '
|
3
|
+
require 'ditty/controllers/component'
|
4
4
|
require 'proxes/models/permission'
|
5
5
|
require 'proxes/policies/permission_policy'
|
6
6
|
|
7
7
|
module ProxES
|
8
|
-
class Permissions < Component
|
8
|
+
class Permissions < Ditty::Component
|
9
9
|
set model_class: Permission
|
10
10
|
|
11
11
|
def find_template(views, name, engine, &block)
|
12
12
|
super(views, name, engine, &block) # Root
|
13
|
-
super(::
|
13
|
+
super(::Ditty::ProxES.view_folder, name, engine, &block) # This Component
|
14
|
+
super(::Ditty::App.view_folder, name, engine, &block) # Ditty
|
14
15
|
end
|
15
16
|
end
|
16
17
|
end
|
@@ -1,13 +1,15 @@
|
|
1
1
|
# frozen_string_literal: true
|
2
2
|
|
3
|
-
require '
|
3
|
+
require 'ditty/models/base'
|
4
|
+
require 'ditty/models/user'
|
5
|
+
require 'ditty/models/role'
|
4
6
|
|
5
7
|
module ProxES
|
6
8
|
class Permission < Sequel::Model
|
7
|
-
include ::
|
9
|
+
include ::Ditty::Base
|
8
10
|
|
9
|
-
many_to_one :role
|
10
|
-
many_to_one :user
|
11
|
+
many_to_one :role, class: ::Ditty::Role
|
12
|
+
many_to_one :user, class: ::Ditty::User
|
11
13
|
|
12
14
|
dataset_module do
|
13
15
|
def for_user(a_user, action)
|
@@ -16,7 +18,7 @@ module ProxES
|
|
16
18
|
end
|
17
19
|
|
18
20
|
def validate
|
19
|
-
validates_presence [
|
21
|
+
validates_presence %i[verb pattern]
|
20
22
|
validates_presence :role_id unless user_id
|
21
23
|
validates_presence :user_id unless role_id
|
22
24
|
validates_includes self.class.verbs, :verb
|
@@ -1,9 +1,9 @@
|
|
1
1
|
# frozen_string_literal: true
|
2
2
|
|
3
|
-
require '
|
3
|
+
require 'ditty/policies/application_policy'
|
4
4
|
|
5
5
|
module ProxES
|
6
|
-
class PermissionPolicy < ApplicationPolicy
|
6
|
+
class PermissionPolicy < Ditty::ApplicationPolicy
|
7
7
|
def create?
|
8
8
|
user && user.super_admin?
|
9
9
|
end
|
@@ -25,10 +25,10 @@ module ProxES
|
|
25
25
|
end
|
26
26
|
|
27
27
|
def permitted_attributes
|
28
|
-
[
|
28
|
+
%i[verb pattern role_id user_id]
|
29
29
|
end
|
30
30
|
|
31
|
-
class Scope < ApplicationPolicy::Scope
|
31
|
+
class Scope < Ditty::ApplicationPolicy::Scope
|
32
32
|
def resolve
|
33
33
|
user && user.super_admin? ? scope : scope.where(id: -1)
|
34
34
|
end
|
@@ -1,9 +1,8 @@
|
|
1
1
|
# frozen_string_literal: true
|
2
2
|
|
3
|
-
require 'proxes/db'
|
4
3
|
require 'proxes/models/permission'
|
5
|
-
require 'proxes/services/logger'
|
6
4
|
require 'proxes/helpers/indices'
|
5
|
+
require 'ditty/services/logger'
|
7
6
|
|
8
7
|
module ProxES
|
9
8
|
class RequestPolicy
|
@@ -48,7 +47,7 @@ module ProxES
|
|
48
47
|
end
|
49
48
|
|
50
49
|
def logger
|
51
|
-
@logger ||=
|
50
|
+
@logger ||= Ditty::Services::Logger.instance
|
52
51
|
end
|
53
52
|
|
54
53
|
class Scope
|
@@ -62,7 +61,7 @@ module ProxES
|
|
62
61
|
end
|
63
62
|
|
64
63
|
def logger
|
65
|
-
@logger ||=
|
64
|
+
@logger ||= Ditty::Services::Logger.instance
|
66
65
|
end
|
67
66
|
|
68
67
|
def resolve
|
data/lib/proxes/request/cat.rb
CHANGED
@@ -11,8 +11,8 @@ module ProxES
|
|
11
11
|
def index=(idx)
|
12
12
|
@index = idx
|
13
13
|
self.path_info = '/' + [endpoint, type, index].compact
|
14
|
-
|
15
|
-
|
14
|
+
.map { |v| v.is_a?(Array) ? v.join(',') : v }
|
15
|
+
.select { |v| !v.nil? && v != '' }.join('/')
|
16
16
|
end
|
17
17
|
|
18
18
|
def endpoint
|
data/lib/proxes/request/index.rb
CHANGED
@@ -11,8 +11,8 @@ module ProxES
|
|
11
11
|
def index=(idx)
|
12
12
|
@index = idx
|
13
13
|
self.path_info = '/' + [index, type, id].compact
|
14
|
-
|
15
|
-
|
14
|
+
.map { |v| v.is_a?(Array) ? v.join(',') : v }
|
15
|
+
.select { |v| !v.nil? && v != '' }.join('/')
|
16
16
|
end
|
17
17
|
|
18
18
|
def parse
|
data/lib/proxes/request.rb
CHANGED
@@ -52,7 +52,7 @@ module ProxES
|
|
52
52
|
|
53
53
|
def check_part(val)
|
54
54
|
return val if val.nil?
|
55
|
-
return [] if
|
55
|
+
return [] if [endpoint, '_all'].include?(val) && !WRITE_METHODS.include?(request_method)
|
56
56
|
val.split(',')
|
57
57
|
end
|
58
58
|
end
|
data/lib/proxes/security.rb
CHANGED
@@ -1,26 +1,24 @@
|
|
1
1
|
# frozen_string_literal: true
|
2
2
|
|
3
|
-
require 'proxes/models/identity'
|
4
|
-
require 'proxes/services/logger'
|
5
3
|
require 'proxes/request'
|
6
4
|
require 'proxes/policies/request_policy'
|
7
|
-
require '
|
8
|
-
require '
|
9
|
-
require '
|
10
|
-
require '
|
5
|
+
require 'ditty/services/logger'
|
6
|
+
require 'ditty/helpers/pundit'
|
7
|
+
require 'ditty/helpers/authentication'
|
8
|
+
require 'ditty/helpers/wisper'
|
11
9
|
|
12
10
|
module ProxES
|
13
11
|
class Security
|
14
12
|
attr_reader :env, :logger
|
15
13
|
|
16
|
-
include Helpers::Authentication
|
17
|
-
include Helpers::Pundit
|
18
|
-
include Helpers::Wisper
|
14
|
+
include Ditty::Helpers::Authentication
|
15
|
+
include Ditty::Helpers::Pundit
|
16
|
+
include Ditty::Helpers::Wisper
|
19
17
|
include Wisper::Publisher
|
20
18
|
|
21
19
|
def initialize(app, logger = nil)
|
22
20
|
@app = app
|
23
|
-
@logger = logger || Services::Logger.instance
|
21
|
+
@logger = logger || ::Ditty::Services::Logger.instance
|
24
22
|
end
|
25
23
|
|
26
24
|
def error(message, code = 500)
|
@@ -31,12 +29,12 @@ module ProxES
|
|
31
29
|
|
32
30
|
def check(request)
|
33
31
|
check_basic request
|
34
|
-
authorize request
|
32
|
+
authorize request, request.request_method.downcase
|
35
33
|
rescue Pundit::NotAuthorizedError
|
36
34
|
log_action(:es_request_denied, details: "#{request.request_method.upcase} #{request.fullpath} (#{request.class.name})")
|
37
35
|
logger.debug "Access denied for #{current_user ? current_user.email : 'Anonymous User'} by security layer: #{request.request_method.upcase} #{request.fullpath} (#{request.class.name})"
|
38
36
|
error 'Not Authorized', 401
|
39
|
-
rescue ::
|
37
|
+
rescue ::Ditty::Helpers::NotAuthenticated
|
40
38
|
logger.warn "Access denied for unauthenticated request by security layer: #{request.request_method.upcase} #{request.fullpath} (#{request.class.name})"
|
41
39
|
error 'Not Authenticated', 401
|
42
40
|
rescue StandardError => e
|
data/lib/proxes/version.rb
CHANGED
data/lib/proxes.rb
CHANGED
@@ -1,4 +1,5 @@
|
|
1
1
|
# frozen_string_literal: true
|
2
|
+
|
2
3
|
Sequel.migration do
|
3
4
|
change do
|
4
5
|
create_table :users do
|
@@ -41,7 +42,7 @@ Sequel.migration do
|
|
41
42
|
DateTime :created_at
|
42
43
|
foreign_key :user_id, :users
|
43
44
|
foreign_key :role_id, :roles
|
44
|
-
unique [
|
45
|
+
unique %i[user_id role_id]
|
45
46
|
end
|
46
47
|
end
|
47
48
|
end
|
data/proxes.gemspec
CHANGED
@@ -1,5 +1,5 @@
|
|
1
|
-
# coding: utf-8
|
2
1
|
# frozen_string_literal: true
|
2
|
+
|
3
3
|
lib = File.expand_path('../lib', __FILE__)
|
4
4
|
$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
|
5
5
|
require 'proxes/version'
|
@@ -13,7 +13,7 @@ Gem::Specification.new do |spec|
|
|
13
13
|
spec.summary = 'Rack wrapper around Elasticsearch to provide security and management features'
|
14
14
|
spec.description = 'Rack wrapper around Elasticsearch to provide security and management features'
|
15
15
|
spec.homepage = 'https://github.com/eagerelk/proxes'
|
16
|
-
spec.license = '
|
16
|
+
spec.license = 'LGPL-3.0'
|
17
17
|
|
18
18
|
spec.files = `git ls-files -z`.split("\x0").reject { |f| f.match(%r{^(test|spec|features)/}) }
|
19
19
|
spec.bindir = 'exe'
|
@@ -28,22 +28,23 @@ Gem::Specification.new do |spec|
|
|
28
28
|
spec.add_development_dependency 'factory_girl'
|
29
29
|
spec.add_development_dependency 'timecop'
|
30
30
|
|
31
|
+
spec.add_dependency 'ditty', '>= 0.2'
|
31
32
|
spec.add_dependency 'activesupport', '>= 3'
|
32
|
-
spec.add_dependency '
|
33
|
-
spec.add_dependency 'rack-contrib', '~> 1.4'
|
34
|
-
spec.add_dependency 'sinatra', '~> 1.0'
|
35
|
-
spec.add_dependency 'sinatra-flash', '~> 0.3'
|
36
|
-
spec.add_dependency 'sinatra-contrib', '~> 1.0'
|
33
|
+
spec.add_dependency 'bcrypt', '~> 3.0'
|
37
34
|
spec.add_dependency 'elasticsearch', '>= 2'
|
35
|
+
spec.add_dependency 'haml', '~> 5.0'
|
36
|
+
spec.add_dependency 'highline', '~> 1.7'
|
38
37
|
spec.add_dependency 'logger', '~> 1.0'
|
39
|
-
spec.add_dependency 'pundit', '~> 1.0'
|
40
|
-
spec.add_dependency 'sequel', '~> 4.0'
|
41
|
-
spec.add_dependency 'bcrypt', '~> 3.0'
|
42
38
|
spec.add_dependency 'omniauth', '~> 1.0'
|
43
|
-
spec.add_dependency 'omniauth-identity', '~> 1.0'
|
44
39
|
spec.add_dependency 'omniauth-http-basic', '~> 1.0'
|
45
|
-
spec.add_dependency '
|
46
|
-
spec.add_dependency '
|
47
|
-
spec.add_dependency '
|
40
|
+
spec.add_dependency 'omniauth-identity', '~> 1.0'
|
41
|
+
spec.add_dependency 'pundit', '~> 1.0'
|
42
|
+
spec.add_dependency 'rack-contrib', '~> 1.0'
|
43
|
+
spec.add_dependency 'rake', '~> 12.0'
|
44
|
+
spec.add_dependency 'sequel', '~> 4.0'
|
45
|
+
spec.add_dependency 'sinatra', '~> 2.0'
|
46
|
+
spec.add_dependency 'sinatra-contrib', '~> 2.0'
|
47
|
+
spec.add_dependency 'sinatra-flash', '~> 0.3'
|
48
48
|
spec.add_dependency 'tilt', '>= 2'
|
49
|
+
spec.add_dependency 'wisper', '~> 2.0'
|
49
50
|
end
|