proxes 0.9.12 → 0.9.13
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 95d76307001a88f8c450617ba32a844f2b572d221590971d3d2e78648d437c86
|
|
4
|
+
data.tar.gz: 58d82f430b8c22f1999bc488db50422e0f57045579c4951488c32bb4be02ec18
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 5cfc7eb05f037be6502e5f15dc8e2add30c14579489bdcf382b6fda300859b910585ba0c94df82221f8e611d87050f8ea1693fa4812b4c15307b5cd1b9f93178
|
|
7
|
+
data.tar.gz: 918a2bcc7730276a8e9cd27c532bdef62da8e5f1509b330da0cc4f5ffe6afa912a4a230dff464fa3eb7dc184c502a3cd61ed4b9ceefb34c4496e8245285d4662
|
|
@@ -61,20 +61,21 @@ module Ditty
|
|
|
61
61
|
::ProxES::Permission.find_or_create(role: user_role, verb: 'GET', pattern: '/_nodes')
|
|
62
62
|
::ProxES::Permission.find_or_create(role: user_role, verb: 'GET', pattern: '/_nodes/stats')
|
|
63
63
|
::ProxES::Permission.find_or_create(role: user_role, verb: 'GET', pattern: '/_stats')
|
|
64
|
-
::ProxES::Permission.find_or_create(role: user_role, verb: 'INDEX', pattern: 'user-{user.id}')
|
|
64
|
+
::ProxES::Permission.find_or_create(role: user_role, verb: 'INDEX', pattern: 'user-{user.id}.*')
|
|
65
65
|
|
|
66
66
|
# Kibana Specific
|
|
67
|
+
# actions: ["indices:data/read/field_stats", "indices:admin/mappings/fields/get", "indices:admin/get", "indices:data/read/msearch"]
|
|
67
68
|
anon_role = ::Ditty::Role.find_or_create(name: 'anonymous')
|
|
68
69
|
::Ditty::User.create_anonymous_user('anonymous@proxes.io')
|
|
69
|
-
::ProxES::Permission.find_or_create(role: anon_role, verb: 'GET', pattern: '/.kibana/config
|
|
70
|
+
::ProxES::Permission.find_or_create(role: anon_role, verb: 'GET', pattern: '/.kibana/config/.*')
|
|
70
71
|
::ProxES::Permission.find_or_create(role: anon_role, verb: 'INDEX', pattern: '.kibana')
|
|
71
72
|
|
|
72
73
|
kibana = ::Ditty::Role.find_or_create(name: 'kibana')
|
|
73
74
|
::ProxES::Permission.find_or_create(role: kibana, verb: 'INDEX', pattern: '.kibana')
|
|
74
75
|
::ProxES::Permission.find_or_create(role: kibana, verb: 'HEAD', pattern: '/')
|
|
75
76
|
::ProxES::Permission.find_or_create(role: kibana, verb: 'GET', pattern: '/_nodes*')
|
|
76
|
-
::ProxES::Permission.find_or_create(role: kibana, verb: 'GET', pattern: '/_cluster/health
|
|
77
|
-
::ProxES::Permission.find_or_create(role: kibana, verb: 'GET', pattern: '/_cluster/settings
|
|
77
|
+
::ProxES::Permission.find_or_create(role: kibana, verb: 'GET', pattern: '/_cluster/health.*')
|
|
78
|
+
::ProxES::Permission.find_or_create(role: kibana, verb: 'GET', pattern: '/_cluster/settings.*')
|
|
78
79
|
::ProxES::Permission.find_or_create(role: kibana, verb: 'POST', pattern: '/_mget')
|
|
79
80
|
::ProxES::Permission.find_or_create(role: kibana, verb: 'POST', pattern: '/_search')
|
|
80
81
|
::ProxES::Permission.find_or_create(role: kibana, verb: 'POST', pattern: '/_msearch')
|
|
@@ -28,13 +28,13 @@ module ProxES
|
|
|
28
28
|
rescue Pundit::NotAuthorizedError, Ditty::Helpers::NotAuthenticated => e
|
|
29
29
|
broadcast(:es_request_denied, request, e)
|
|
30
30
|
log_not_authorized request
|
|
31
|
-
raise e if
|
|
31
|
+
raise e if ENV['APP_ENV'] == 'development'
|
|
32
32
|
return [401, {}, []] if request.head?
|
|
33
33
|
request.html? && request.user.nil? ? login_and_redirect(request) : error('Not Authorized', 401)
|
|
34
34
|
rescue StandardError => e
|
|
35
35
|
broadcast(:es_request_denied, request, e)
|
|
36
36
|
log_not_authorized request
|
|
37
|
-
raise e if
|
|
37
|
+
raise e if ENV['APP_ENV'] == 'development'
|
|
38
38
|
return [403, {}. []] if request.head?
|
|
39
39
|
error 'Forbidden', 403
|
|
40
40
|
end
|
|
@@ -9,10 +9,7 @@ require 'ditty/helpers/authentication'
|
|
|
9
9
|
module ProxES
|
|
10
10
|
module Middleware
|
|
11
11
|
class Security
|
|
12
|
-
attr_reader :
|
|
13
|
-
|
|
14
|
-
include Ditty::Helpers::Authentication
|
|
15
|
-
include Ditty::Helpers::Pundit
|
|
12
|
+
attr_reader :logger
|
|
16
13
|
|
|
17
14
|
def initialize(app, logger = nil)
|
|
18
15
|
@app = app
|
|
@@ -20,7 +17,6 @@ module ProxES
|
|
|
20
17
|
end
|
|
21
18
|
|
|
22
19
|
def call(env)
|
|
23
|
-
@env = env
|
|
24
20
|
request = ProxES::Request.from_env(env)
|
|
25
21
|
log(request, 'BEFORE')
|
|
26
22
|
|
|
@@ -48,6 +44,10 @@ module ProxES
|
|
|
48
44
|
Pundit.authorize(request.user, request, request.request_method.downcase + '?')
|
|
49
45
|
end
|
|
50
46
|
|
|
47
|
+
def policy_scope(request)
|
|
48
|
+
Pundit.policy_scope(request.user, request)
|
|
49
|
+
end
|
|
50
|
+
|
|
51
51
|
def log(request, stage)
|
|
52
52
|
logger.debug '============' + stage.ljust(56) + '============'
|
|
53
53
|
logger.debug '= ' + "Request: #{request.detail}".ljust(76) + ' ='
|
data/lib/proxes/version.rb
CHANGED
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: proxes
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.9.
|
|
4
|
+
version: 0.9.13
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Jurgens du Toit
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: exe
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2018-09-
|
|
11
|
+
date: 2018-09-06 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: bundler
|