rack-auditor 0.2.1 → 1.0.0
Sign up to get free protection for your applications and to get access to all the features.
- data/lib/rack/auditor.rb +26 -8
- data/rack-auditor.gemspec +1 -1
- metadata +9 -3
- checksums.yaml +0 -15
data/lib/rack/auditor.rb
CHANGED
|
@@ -3,19 +3,28 @@ require 'httparty'
|
|
|
3
3
|
module Rack
|
|
4
4
|
class Auditor
|
|
5
5
|
def initialize(app, options = {})
|
|
6
|
-
@app
|
|
7
|
-
@root_uri
|
|
8
|
-
@dev_mode
|
|
6
|
+
@app = app
|
|
7
|
+
@root_uri = options[:root_uri] || 'http://snowflake.dev/'
|
|
8
|
+
@dev_mode = options[:dev_mode] || false
|
|
9
|
+
@api_prefix = options[:api_prefix] || ''
|
|
10
|
+
@access_method = options[:access_method] || :key #key or token
|
|
9
11
|
end
|
|
10
12
|
|
|
11
13
|
def call(env)
|
|
12
|
-
unless @dev_mode
|
|
13
|
-
|
|
14
|
-
|
|
14
|
+
unless @dev_mode && inappropriate_request(env)
|
|
15
|
+
case @access_method
|
|
16
|
+
when :key
|
|
17
|
+
key = env['HTTP_X_API_KEY']
|
|
18
|
+
secret = env['HTTP_X_API_SECRET']
|
|
15
19
|
|
|
16
|
-
|
|
20
|
+
return forbidden unless key && secret
|
|
21
|
+
response = HTTParty.get "#{@root_uri}?api_key=#{key}&api_secret=#{secret}"
|
|
22
|
+
when :token
|
|
23
|
+
token = env['HTTP_X_ACCESS_TOKEN']
|
|
17
24
|
|
|
18
|
-
|
|
25
|
+
return forbidden unless token
|
|
26
|
+
response = HTTParty.get "#{@root_uri}?acess_token=#{token}"
|
|
27
|
+
end
|
|
19
28
|
|
|
20
29
|
case response.code
|
|
21
30
|
when 403
|
|
@@ -42,5 +51,14 @@ module Rack
|
|
|
42
51
|
def error_code(code, message)
|
|
43
52
|
[code, {'Content-Type' => 'text/plain'}, [message]]
|
|
44
53
|
end
|
|
54
|
+
|
|
55
|
+
def inappropriate_request(env)
|
|
56
|
+
return false if @api_prefix == ''
|
|
57
|
+
|
|
58
|
+
namespace = env['REQUEST_URI'].split('/')[0]
|
|
59
|
+
return false if namespace == @api_prefix
|
|
60
|
+
|
|
61
|
+
true
|
|
62
|
+
end
|
|
45
63
|
end
|
|
46
64
|
end
|
data/rack-auditor.gemspec
CHANGED
metadata
CHANGED
|
@@ -1,7 +1,8 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: rack-auditor
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 1.0.0
|
|
5
|
+
prerelease:
|
|
5
6
|
platform: ruby
|
|
6
7
|
authors:
|
|
7
8
|
- Patrick Robertson
|
|
@@ -13,6 +14,7 @@ dependencies:
|
|
|
13
14
|
- !ruby/object:Gem::Dependency
|
|
14
15
|
name: rack
|
|
15
16
|
requirement: !ruby/object:Gem::Requirement
|
|
17
|
+
none: false
|
|
16
18
|
requirements:
|
|
17
19
|
- - ! '>='
|
|
18
20
|
- !ruby/object:Gem::Version
|
|
@@ -20,6 +22,7 @@ dependencies:
|
|
|
20
22
|
type: :runtime
|
|
21
23
|
prerelease: false
|
|
22
24
|
version_requirements: !ruby/object:Gem::Requirement
|
|
25
|
+
none: false
|
|
23
26
|
requirements:
|
|
24
27
|
- - ! '>='
|
|
25
28
|
- !ruby/object:Gem::Version
|
|
@@ -27,6 +30,7 @@ dependencies:
|
|
|
27
30
|
- !ruby/object:Gem::Dependency
|
|
28
31
|
name: httparty
|
|
29
32
|
requirement: !ruby/object:Gem::Requirement
|
|
33
|
+
none: false
|
|
30
34
|
requirements:
|
|
31
35
|
- - ! '>='
|
|
32
36
|
- !ruby/object:Gem::Version
|
|
@@ -34,6 +38,7 @@ dependencies:
|
|
|
34
38
|
type: :runtime
|
|
35
39
|
prerelease: false
|
|
36
40
|
version_requirements: !ruby/object:Gem::Requirement
|
|
41
|
+
none: false
|
|
37
42
|
requirements:
|
|
38
43
|
- - ! '>='
|
|
39
44
|
- !ruby/object:Gem::Version
|
|
@@ -50,24 +55,25 @@ files:
|
|
|
50
55
|
homepage: http://github.com/patricksrobertson/rack-auditor
|
|
51
56
|
licenses:
|
|
52
57
|
- MIT
|
|
53
|
-
metadata: {}
|
|
54
58
|
post_install_message:
|
|
55
59
|
rdoc_options: []
|
|
56
60
|
require_paths:
|
|
57
61
|
- lib
|
|
58
62
|
required_ruby_version: !ruby/object:Gem::Requirement
|
|
63
|
+
none: false
|
|
59
64
|
requirements:
|
|
60
65
|
- - ! '>='
|
|
61
66
|
- !ruby/object:Gem::Version
|
|
62
67
|
version: '0'
|
|
63
68
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
|
69
|
+
none: false
|
|
64
70
|
requirements:
|
|
65
71
|
- - ! '>='
|
|
66
72
|
- !ruby/object:Gem::Version
|
|
67
73
|
version: '0'
|
|
68
74
|
requirements: []
|
|
69
75
|
rubyforge_project:
|
|
70
|
-
rubygems_version:
|
|
76
|
+
rubygems_version: 1.8.23
|
|
71
77
|
signing_key:
|
|
72
78
|
specification_version: 3
|
|
73
79
|
summary: Middleware for ICIS identity provider verification
|
checksums.yaml
DELETED
|
@@ -1,15 +0,0 @@
|
|
|
1
|
-
---
|
|
2
|
-
!binary "U0hBMQ==":
|
|
3
|
-
metadata.gz: !binary |-
|
|
4
|
-
NzQ4NTRlM2QwYTllMzk5OWY2YWQxZDliMzMxNzkyMmVkZTgyYmM0YQ==
|
|
5
|
-
data.tar.gz: !binary |-
|
|
6
|
-
NmI4NDhiZDEzZTEwNTg4MWU3ZjI2ZmI2NDlkNjFjYmVjMGQwNjIzZA==
|
|
7
|
-
SHA512:
|
|
8
|
-
metadata.gz: !binary |-
|
|
9
|
-
YWQ4ZTYyMGYzNTM5NTU4ODEyODE0MDFiYzJkODhjNTViZWVlMjBmOWEzMWEy
|
|
10
|
-
NzE3MDc4MzMyMWMwMzMzYTQwMDBlYTdhYzBhZjZiNDhmODRmYjEzMDA3YzRl
|
|
11
|
-
NTI1YzY5YTRjNWMxMjQ4YTRmYjlkZTY3ZDNiODM4YzRhYjNhZTE=
|
|
12
|
-
data.tar.gz: !binary |-
|
|
13
|
-
NWQ3OWM0ZWE0MzU4YzQzYTBjNzk0NTA3Y2Q1NWQ2YzRmNjVhYzQ2OGJjMGZi
|
|
14
|
-
MTY3OTdmYmFjNzI1YzA3ODljOWU4NTEzZjI5ZTBmMjM2ZTI4YWZkN2JiMTAw
|
|
15
|
-
MTIxMzZjNDRlNmE3ODUwMzM3Y2VjYzEzMDU5NzdkYTZmNDJmODQ=
|