rack-forward-auth 0.1.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +7 -0
- data/Rakefile +11 -0
- data/lib/rack/forward_auth/middleware.rb +61 -0
- data/lib/rack/forward_auth/test_stub.rb +41 -0
- data/lib/rack/forward_auth/version.rb +7 -0
- data/lib/rack/forward_auth/version.rb.erb +7 -0
- data/lib/rack_forward_auth.rb +19 -0
- metadata +48 -0
checksums.yaml
ADDED
|
@@ -0,0 +1,7 @@
|
|
|
1
|
+
---
|
|
2
|
+
SHA256:
|
|
3
|
+
metadata.gz: 9b6993db0bada29f5dc632c204127b2c0d1e67d6ad3c6527fc009ff511a78cc5
|
|
4
|
+
data.tar.gz: 6c32e2a9ff3a086ec54e7d2cbaf4fb8f8bd70a90884303c4e72b368188cab096
|
|
5
|
+
SHA512:
|
|
6
|
+
metadata.gz: 43675eed58c75857f7f7f65e0817c5c1438218f11465c3b0e68b24f8d30ecd02e97cbf72487d6f4a9d9b47cd9c39ccdb1b2314f993ee4a07071023b142682481
|
|
7
|
+
data.tar.gz: 609bafb9ec9f80ca256227dff0de937b44189ac617fa147854b86e6d6e91c9ad45df2d67eefaf4d5c85c1053f2fc05f7ca7fc820b432d7cd02c307632614654c
|
data/Rakefile
ADDED
|
@@ -0,0 +1,61 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
module Rack
|
|
4
|
+
module ForwardAuth
|
|
5
|
+
# Production middleware that reads forward-auth headers set by a reverse
|
|
6
|
+
# proxy (Authelia, Authentik, Caddy, Traefik, etc.) and exposes parsed
|
|
7
|
+
# user attributes in the Rack env.
|
|
8
|
+
#
|
|
9
|
+
# By default, attributes are stored in env["forward_auth.user"] as a Hash:
|
|
10
|
+
#
|
|
11
|
+
# { uid: "nathan", email: "nathan@example.com",
|
|
12
|
+
# display_name: "Nathan", groups: ["admin", "users"] }
|
|
13
|
+
#
|
|
14
|
+
# You can provide an optional +on_user+ callback (proc/lambda) that
|
|
15
|
+
# receives the attributes hash and returns whatever object you want
|
|
16
|
+
# stored in the env key. This is how the host app hooks in its own
|
|
17
|
+
# User model upsert logic:
|
|
18
|
+
#
|
|
19
|
+
# use Rack::ForwardAuth::Middleware, on_user: ->(attrs) {
|
|
20
|
+
# User.find_or_initialize_by(uid: attrs[:uid]).tap { |u|
|
|
21
|
+
# u.assign_attributes(attrs.except(:uid))
|
|
22
|
+
# u.save! if u.changed?
|
|
23
|
+
# }
|
|
24
|
+
# }
|
|
25
|
+
#
|
|
26
|
+
class Middleware
|
|
27
|
+
def initialize(app, env_key: ForwardAuth::ENV_KEY, on_user: nil)
|
|
28
|
+
@app = app
|
|
29
|
+
@env_key = env_key
|
|
30
|
+
@on_user = on_user
|
|
31
|
+
end
|
|
32
|
+
|
|
33
|
+
def call(env)
|
|
34
|
+
uid = env[ForwardAuth::REMOTE_USER]
|
|
35
|
+
|
|
36
|
+
if uid && !uid.empty?
|
|
37
|
+
attrs = {
|
|
38
|
+
uid: uid,
|
|
39
|
+
email: env[ForwardAuth::REMOTE_EMAIL],
|
|
40
|
+
display_name: env[ForwardAuth::REMOTE_NAME],
|
|
41
|
+
groups: parse_groups(env[ForwardAuth::REMOTE_GROUPS]),
|
|
42
|
+
}
|
|
43
|
+
|
|
44
|
+
env[@env_key] = @on_user ? @on_user.call(attrs) : attrs
|
|
45
|
+
end
|
|
46
|
+
|
|
47
|
+
# Also set under the legacy key for backwards compat
|
|
48
|
+
env["authelia.user"] = env[@env_key] if @env_key != "authelia.user"
|
|
49
|
+
|
|
50
|
+
@app.call(env)
|
|
51
|
+
end
|
|
52
|
+
|
|
53
|
+
private
|
|
54
|
+
|
|
55
|
+
def parse_groups(raw)
|
|
56
|
+
return [] if raw.nil? || raw.empty?
|
|
57
|
+
raw.split(",").map(&:strip).reject(&:empty?)
|
|
58
|
+
end
|
|
59
|
+
end
|
|
60
|
+
end
|
|
61
|
+
end
|
|
@@ -0,0 +1,41 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
module Rack
|
|
4
|
+
module ForwardAuth
|
|
5
|
+
# Development/test middleware that injects default forward-auth headers
|
|
6
|
+
# so you don't need an actual auth proxy running locally.
|
|
7
|
+
#
|
|
8
|
+
# Wraps Rack::ForwardAuth::Middleware — injects defaults then delegates.
|
|
9
|
+
#
|
|
10
|
+
# use Rack::ForwardAuth::TestStub, on_user: ->(attrs) { ... }
|
|
11
|
+
#
|
|
12
|
+
# Customize defaults:
|
|
13
|
+
#
|
|
14
|
+
# use Rack::ForwardAuth::TestStub, defaults: {
|
|
15
|
+
# "HTTP_REMOTE_USER" => "testdev",
|
|
16
|
+
# "HTTP_REMOTE_EMAIL" => "testdev@localhost",
|
|
17
|
+
# }
|
|
18
|
+
#
|
|
19
|
+
class TestStub
|
|
20
|
+
DEFAULT_HEADERS = {
|
|
21
|
+
ForwardAuth::REMOTE_USER => "dev",
|
|
22
|
+
ForwardAuth::REMOTE_EMAIL => "dev@localhost",
|
|
23
|
+
ForwardAuth::REMOTE_GROUPS => "lldap_admin",
|
|
24
|
+
ForwardAuth::REMOTE_NAME => "Dev User",
|
|
25
|
+
}.freeze
|
|
26
|
+
|
|
27
|
+
def initialize(app, defaults: DEFAULT_HEADERS, **middleware_opts)
|
|
28
|
+
@defaults = defaults
|
|
29
|
+
@middleware = Middleware.new(app, **middleware_opts)
|
|
30
|
+
end
|
|
31
|
+
|
|
32
|
+
def call(env)
|
|
33
|
+
@defaults.each do |key, value|
|
|
34
|
+
env[key] ||= value
|
|
35
|
+
end
|
|
36
|
+
|
|
37
|
+
@middleware.call(env)
|
|
38
|
+
end
|
|
39
|
+
end
|
|
40
|
+
end
|
|
41
|
+
end
|
|
@@ -0,0 +1,19 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
require 'rack/forward_auth/version'
|
|
4
|
+
require 'rack/forward_auth/middleware'
|
|
5
|
+
|
|
6
|
+
module Rack
|
|
7
|
+
module ForwardAuth
|
|
8
|
+
# Default env key where parsed user attributes are stored.
|
|
9
|
+
ENV_KEY = 'forward_auth.user'
|
|
10
|
+
|
|
11
|
+
# Header constants (as Rack env keys).
|
|
12
|
+
REMOTE_USER = 'HTTP_REMOTE_USER'
|
|
13
|
+
REMOTE_EMAIL = 'HTTP_REMOTE_EMAIL'
|
|
14
|
+
REMOTE_GROUPS = 'HTTP_REMOTE_GROUPS'
|
|
15
|
+
REMOTE_NAME = 'HTTP_REMOTE_NAME'
|
|
16
|
+
end
|
|
17
|
+
end
|
|
18
|
+
|
|
19
|
+
require 'rack/forward_auth/test_stub'
|
metadata
ADDED
|
@@ -0,0 +1,48 @@
|
|
|
1
|
+
--- !ruby/object:Gem::Specification
|
|
2
|
+
name: rack-forward-auth
|
|
3
|
+
version: !ruby/object:Gem::Version
|
|
4
|
+
version: 0.1.0
|
|
5
|
+
platform: ruby
|
|
6
|
+
authors:
|
|
7
|
+
- Nathan Kidd
|
|
8
|
+
bindir: bin
|
|
9
|
+
cert_chain: []
|
|
10
|
+
date: 1980-01-01 00:00:00.000000000 Z
|
|
11
|
+
dependencies: []
|
|
12
|
+
description: Pure Rack middleware that reads forward-auth headers (Remote-User, Remote-Email,
|
|
13
|
+
Remote-Groups, Remote-Name) and exposes parsed user attributes in the Rack env.
|
|
14
|
+
Includes a test stub for development environments. No Rails dependency.
|
|
15
|
+
email:
|
|
16
|
+
- nathankidd@hey.com
|
|
17
|
+
executables: []
|
|
18
|
+
extensions: []
|
|
19
|
+
extra_rdoc_files: []
|
|
20
|
+
files:
|
|
21
|
+
- Rakefile
|
|
22
|
+
- lib/rack/forward_auth/middleware.rb
|
|
23
|
+
- lib/rack/forward_auth/test_stub.rb
|
|
24
|
+
- lib/rack/forward_auth/version.rb
|
|
25
|
+
- lib/rack/forward_auth/version.rb.erb
|
|
26
|
+
- lib/rack_forward_auth.rb
|
|
27
|
+
homepage: https://github.com/n-at-han-k/rack-forward-auth
|
|
28
|
+
licenses:
|
|
29
|
+
- Apache-2.0
|
|
30
|
+
metadata: {}
|
|
31
|
+
rdoc_options: []
|
|
32
|
+
require_paths:
|
|
33
|
+
- lib
|
|
34
|
+
required_ruby_version: !ruby/object:Gem::Requirement
|
|
35
|
+
requirements:
|
|
36
|
+
- - ">="
|
|
37
|
+
- !ruby/object:Gem::Version
|
|
38
|
+
version: '3.2'
|
|
39
|
+
required_rubygems_version: !ruby/object:Gem::Requirement
|
|
40
|
+
requirements:
|
|
41
|
+
- - ">="
|
|
42
|
+
- !ruby/object:Gem::Version
|
|
43
|
+
version: '0'
|
|
44
|
+
requirements: []
|
|
45
|
+
rubygems_version: 3.7.2
|
|
46
|
+
specification_version: 4
|
|
47
|
+
summary: Rack middleware for forward-auth proxies (Authelia, Authentik, etc.)
|
|
48
|
+
test_files: []
|