proxes 0.9.12 → 0.9.13

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: daa368238a056af49baf95e92dc664489f80b44e0146508e4006d8b454f79e37
4
- data.tar.gz: 4cc6c9716a2101d1b7bba50bce22392772bb80124f6e959d525faaf1f2a43d56
3
+ metadata.gz: 95d76307001a88f8c450617ba32a844f2b572d221590971d3d2e78648d437c86
4
+ data.tar.gz: 58d82f430b8c22f1999bc488db50422e0f57045579c4951488c32bb4be02ec18
5
5
  SHA512:
6
- metadata.gz: 5384c2901a06e83e904f2444f30b2b410b67f6e09e69271390b2298ee29b7762e294cee00a11ed466b869a32c66f0f48f229df3823496ca9520cdfa1682d9241
7
- data.tar.gz: cd8c9489ae8593f5e9cab925a00e27f07da849d0eb2b3f16002e9a0b836ce9c0ec0263dc8c260d5205ca95b7dd27c6bdd4e8bb867185c74000ae6478c436a680
6
+ metadata.gz: 5cfc7eb05f037be6502e5f15dc8e2add30c14579489bdcf382b6fda300859b910585ba0c94df82221f8e611d87050f8ea1693fa4812b4c15307b5cd1b9f93178
7
+ data.tar.gz: 918a2bcc7730276a8e9cd27c532bdef62da8e5f1509b330da0cc4f5ffe6afa912a4a230dff464fa3eb7dc184c502a3cd61ed4b9ceefb34c4496e8245285d4662
@@ -61,20 +61,21 @@ module Ditty
61
61
  ::ProxES::Permission.find_or_create(role: user_role, verb: 'GET', pattern: '/_nodes')
62
62
  ::ProxES::Permission.find_or_create(role: user_role, verb: 'GET', pattern: '/_nodes/stats')
63
63
  ::ProxES::Permission.find_or_create(role: user_role, verb: 'GET', pattern: '/_stats')
64
- ::ProxES::Permission.find_or_create(role: user_role, verb: 'INDEX', pattern: 'user-{user.id}')
64
+ ::ProxES::Permission.find_or_create(role: user_role, verb: 'INDEX', pattern: 'user-{user.id}.*')
65
65
 
66
66
  # Kibana Specific
67
+ # actions: ["indices:data/read/field_stats", "indices:admin/mappings/fields/get", "indices:admin/get", "indices:data/read/msearch"]
67
68
  anon_role = ::Ditty::Role.find_or_create(name: 'anonymous')
68
69
  ::Ditty::User.create_anonymous_user('anonymous@proxes.io')
69
- ::ProxES::Permission.find_or_create(role: anon_role, verb: 'GET', pattern: '/.kibana/config/*')
70
+ ::ProxES::Permission.find_or_create(role: anon_role, verb: 'GET', pattern: '/.kibana/config/.*')
70
71
  ::ProxES::Permission.find_or_create(role: anon_role, verb: 'INDEX', pattern: '.kibana')
71
72
 
72
73
  kibana = ::Ditty::Role.find_or_create(name: 'kibana')
73
74
  ::ProxES::Permission.find_or_create(role: kibana, verb: 'INDEX', pattern: '.kibana')
74
75
  ::ProxES::Permission.find_or_create(role: kibana, verb: 'HEAD', pattern: '/')
75
76
  ::ProxES::Permission.find_or_create(role: kibana, verb: 'GET', pattern: '/_nodes*')
76
- ::ProxES::Permission.find_or_create(role: kibana, verb: 'GET', pattern: '/_cluster/health*')
77
- ::ProxES::Permission.find_or_create(role: kibana, verb: 'GET', pattern: '/_cluster/settings*')
77
+ ::ProxES::Permission.find_or_create(role: kibana, verb: 'GET', pattern: '/_cluster/health.*')
78
+ ::ProxES::Permission.find_or_create(role: kibana, verb: 'GET', pattern: '/_cluster/settings.*')
78
79
  ::ProxES::Permission.find_or_create(role: kibana, verb: 'POST', pattern: '/_mget')
79
80
  ::ProxES::Permission.find_or_create(role: kibana, verb: 'POST', pattern: '/_search')
80
81
  ::ProxES::Permission.find_or_create(role: kibana, verb: 'POST', pattern: '/_msearch')
@@ -28,13 +28,13 @@ module ProxES
28
28
  rescue Pundit::NotAuthorizedError, Ditty::Helpers::NotAuthenticated => e
29
29
  broadcast(:es_request_denied, request, e)
30
30
  log_not_authorized request
31
- raise e if env['APP_ENV'] == 'development'
31
+ raise e if ENV['APP_ENV'] == 'development'
32
32
  return [401, {}, []] if request.head?
33
33
  request.html? && request.user.nil? ? login_and_redirect(request) : error('Not Authorized', 401)
34
34
  rescue StandardError => e
35
35
  broadcast(:es_request_denied, request, e)
36
36
  log_not_authorized request
37
- raise e if env['APP_ENV'] == 'development'
37
+ raise e if ENV['APP_ENV'] == 'development'
38
38
  return [403, {}. []] if request.head?
39
39
  error 'Forbidden', 403
40
40
  end
@@ -9,10 +9,7 @@ require 'ditty/helpers/authentication'
9
9
  module ProxES
10
10
  module Middleware
11
11
  class Security
12
- attr_reader :env, :logger
13
-
14
- include Ditty::Helpers::Authentication
15
- include Ditty::Helpers::Pundit
12
+ attr_reader :logger
16
13
 
17
14
  def initialize(app, logger = nil)
18
15
  @app = app
@@ -20,7 +17,6 @@ module ProxES
20
17
  end
21
18
 
22
19
  def call(env)
23
- @env = env
24
20
  request = ProxES::Request.from_env(env)
25
21
  log(request, 'BEFORE')
26
22
 
@@ -48,6 +44,10 @@ module ProxES
48
44
  Pundit.authorize(request.user, request, request.request_method.downcase + '?')
49
45
  end
50
46
 
47
+ def policy_scope(request)
48
+ Pundit.policy_scope(request.user, request)
49
+ end
50
+
51
51
  def log(request, stage)
52
52
  logger.debug '============' + stage.ljust(56) + '============'
53
53
  logger.debug '= ' + "Request: #{request.detail}".ljust(76) + ' ='
@@ -55,7 +55,8 @@ module ProxES
55
55
  end
56
56
 
57
57
  def resolve
58
- return [] if user.nil?
58
+ current_user = user || Ditty::User.anonymous_user
59
+ return [] if current_user.nil?
59
60
  filter request.index, patterns
60
61
  end
61
62
  end
@@ -1,5 +1,5 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  module ProxES
4
- VERSION = '0.9.12'.freeze
4
+ VERSION = '0.9.13'.freeze
5
5
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: proxes
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.9.12
4
+ version: 0.9.13
5
5
  platform: ruby
6
6
  authors:
7
7
  - Jurgens du Toit
8
8
  autorequire:
9
9
  bindir: exe
10
10
  cert_chain: []
11
- date: 2018-09-03 00:00:00.000000000 Z
11
+ date: 2018-09-06 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: bundler