rack-ip-authorizer 0.0.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +7 -0
- data/LICENSE.txt +22 -0
- data/README.md +50 -0
- data/lib/rack-ip-authorizer.rb +21 -0
- data/lib/rack/ip_authorizer.rb +39 -0
- data/lib/rack/version.rb +3 -0
- data/spec/rake_ip_authorizer_spec.rb +52 -0
- metadata +107 -0
checksums.yaml
ADDED
@@ -0,0 +1,7 @@
|
|
1
|
+
---
|
2
|
+
SHA1:
|
3
|
+
metadata.gz: 993db83818bbc2e86eea1a34d2e7cc95df985c54
|
4
|
+
data.tar.gz: f2fc88991a8a11152171af536ec2ec4c29b35912
|
5
|
+
SHA512:
|
6
|
+
metadata.gz: 45726c05a235d93659029324833ecac8bbc5fffdf8ee66e9a6c7525e06c28fd724cc1fba81cb61d2e2dde7bb2dfbecff1586752561f6717108160554630b04cb
|
7
|
+
data.tar.gz: bcc60a36e4e451cbf53fcaf54f28bad1f27ab47dbe799cc06b5c48df9b3935e6d096568f45b1a7a1a3ec15a97ee32521baee8647226e1197388c6e3a52739a1a
|
data/LICENSE.txt
ADDED
@@ -0,0 +1,22 @@
|
|
1
|
+
Copyright (c) 2014 telzamek
|
2
|
+
|
3
|
+
MIT License
|
4
|
+
|
5
|
+
Permission is hereby granted, free of charge, to any person obtaining
|
6
|
+
a copy of this software and associated documentation files (the
|
7
|
+
"Software"), to deal in the Software without restriction, including
|
8
|
+
without limitation the rights to use, copy, modify, merge, publish,
|
9
|
+
distribute, sublicense, and/or sell copies of the Software, and to
|
10
|
+
permit persons to whom the Software is furnished to do so, subject to
|
11
|
+
the following conditions:
|
12
|
+
|
13
|
+
The above copyright notice and this permission notice shall be
|
14
|
+
included in all copies or substantial portions of the Software.
|
15
|
+
|
16
|
+
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
|
17
|
+
EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
|
18
|
+
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
|
19
|
+
NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
|
20
|
+
LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
|
21
|
+
OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
|
22
|
+
WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
|
data/README.md
ADDED
@@ -0,0 +1,50 @@
|
|
1
|
+
# Rack::Ip::Authorizer
|
2
|
+
|
3
|
+
Basic Rack middleware for checking Rails3 request remote IP
|
4
|
+
|
5
|
+
## Installation
|
6
|
+
|
7
|
+
Add this line to your application's Gemfile:
|
8
|
+
|
9
|
+
gem 'rack-ip-authorizer'
|
10
|
+
|
11
|
+
And then execute:
|
12
|
+
|
13
|
+
$ bundle
|
14
|
+
|
15
|
+
Or install it yourself as:
|
16
|
+
|
17
|
+
$ gem install rack-ip-authorizer
|
18
|
+
|
19
|
+
## Usage
|
20
|
+
|
21
|
+
### Rails 3 apps
|
22
|
+
|
23
|
+
1. Create a file named "ip_authorizations.yml" in the config directory
|
24
|
+
2. Fill it with key as path and values as IPs:
|
25
|
+
|
26
|
+
```yaml
|
27
|
+
admin:
|
28
|
+
- 192.168.0.1
|
29
|
+
- 192.168.0.2
|
30
|
+
- 192.168.0.3
|
31
|
+
superadmin:
|
32
|
+
- 192.168.0.1
|
33
|
+
- 192.168.0.2
|
34
|
+
```
|
35
|
+
|
36
|
+
Environment filter
|
37
|
+
|
38
|
+
Create an initializer and fill it with:
|
39
|
+
|
40
|
+
```ruby
|
41
|
+
Rack::IpAuthorizer.env_to_check = ['staging','development']
|
42
|
+
```
|
43
|
+
|
44
|
+
## Contributing
|
45
|
+
|
46
|
+
1. Fork it
|
47
|
+
2. Create your feature branch
|
48
|
+
3. Commit your changes
|
49
|
+
4. Push to the branch
|
50
|
+
5. Create new Pull Request
|
@@ -0,0 +1,21 @@
|
|
1
|
+
require File.join(File.expand_path(File.dirname(__FILE__)), 'rack/ip_authorizer')
|
2
|
+
require 'yaml'
|
3
|
+
|
4
|
+
if defined? Rails
|
5
|
+
case Rails::VERSION::MAJOR
|
6
|
+
when 3
|
7
|
+
path = File.join(File.expand_path('config'), '/ip_authorizations.yml')
|
8
|
+
|
9
|
+
if File.exists?(path)
|
10
|
+
ip_authorizations_by_path = YAML.load_file(path)
|
11
|
+
else
|
12
|
+
raise "config/ip_authorizations.yml is missing"
|
13
|
+
end
|
14
|
+
|
15
|
+
class Rack::IpAuthorizer::Railtie < Rails::Railtie
|
16
|
+
initializer('rack-ip-authorizer.append') { |app|
|
17
|
+
app.config.middleware.insert_after(ActionDispatch::RemoteIp, Rack::IpAuthorizer, ip_authorizations_by_path)
|
18
|
+
}
|
19
|
+
end
|
20
|
+
end
|
21
|
+
end
|
@@ -0,0 +1,39 @@
|
|
1
|
+
require "rack/version"
|
2
|
+
|
3
|
+
module Rack
|
4
|
+
class IpAuthorizer
|
5
|
+
@env_to_check = ["production"]
|
6
|
+
class << self
|
7
|
+
attr_accessor :env_to_check
|
8
|
+
end
|
9
|
+
|
10
|
+
def initialize(app, ip_authorizations_by_path)
|
11
|
+
@app, @ip_authorizations_by_path = app, ip_authorizations_by_path
|
12
|
+
end
|
13
|
+
|
14
|
+
def call(env)
|
15
|
+
if Rack::IpAuthorizer.env_to_check.include? Rails.env
|
16
|
+
req = Rack::Request.new(env)
|
17
|
+
|
18
|
+
@ip_authorizations_by_path.each do |protected_url, authorized_ips|
|
19
|
+
if req.path.start_with?("/#{protected_url}") && !authorized_ips.include?(req.env['REMOTE_ADDR'])
|
20
|
+
return forbidden
|
21
|
+
end
|
22
|
+
end
|
23
|
+
end
|
24
|
+
|
25
|
+
@app.call(env)
|
26
|
+
end
|
27
|
+
|
28
|
+
private
|
29
|
+
|
30
|
+
def forbidden
|
31
|
+
[403,
|
32
|
+
{'Content-Type' => 'text/plain',
|
33
|
+
'Content-Length' => '0'},
|
34
|
+
[]
|
35
|
+
]
|
36
|
+
end
|
37
|
+
|
38
|
+
end
|
39
|
+
end
|
data/lib/rack/version.rb
ADDED
@@ -0,0 +1,52 @@
|
|
1
|
+
lib = File.expand_path('../../lib', __FILE__)
|
2
|
+
$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
|
3
|
+
|
4
|
+
require 'rack/test'
|
5
|
+
require 'minitest/autorun'
|
6
|
+
require 'rack/ip_authorizer'
|
7
|
+
|
8
|
+
class Rails
|
9
|
+
def self.env
|
10
|
+
end
|
11
|
+
end
|
12
|
+
|
13
|
+
class IpAuthorizerTest < MiniTest::Unit::TestCase
|
14
|
+
include Rack::Test::Methods
|
15
|
+
|
16
|
+
def app
|
17
|
+
inner_app = lambda { |env| [200, {'Content-Type' => 'text/plain'}, ['Hello']] }
|
18
|
+
Rack::IpAuthorizer.new(inner_app, {'test' => ['1.1.1.1', '1.1.1.2'], 'admin' => ['2.2.2.2']})
|
19
|
+
end
|
20
|
+
|
21
|
+
def setup
|
22
|
+
Rack::IpAuthorizer.env_to_check = ['development']
|
23
|
+
end
|
24
|
+
|
25
|
+
def check_ip_for_path(path, ip, expected_result = 200, env = 'development')
|
26
|
+
Rails.stub :env, env do
|
27
|
+
get path, {}, {'REMOTE_ADDR' => ip}
|
28
|
+
assert last_response.status == expected_result
|
29
|
+
end
|
30
|
+
end
|
31
|
+
|
32
|
+
def test_env_checked
|
33
|
+
check_ip_for_path('/test', '1.1.1.1')
|
34
|
+
end
|
35
|
+
|
36
|
+
def test_env_ignored
|
37
|
+
Rack::IpAuthorizer.env_to_check = ['staging']
|
38
|
+
check_ip_for_path('/test', '1.1.1.1', 200, 'staging')
|
39
|
+
end
|
40
|
+
|
41
|
+
def test_ip_allowed
|
42
|
+
check_ip_for_path('/test', '1.1.1.1')
|
43
|
+
check_ip_for_path('/test', '1.1.1.2')
|
44
|
+
check_ip_for_path('/admin', '2.2.2.2')
|
45
|
+
end
|
46
|
+
|
47
|
+
def test_ip_refused
|
48
|
+
check_ip_for_path('/test', '2.2.2.2', 403)
|
49
|
+
check_ip_for_path('/admin', '1.1.1.1', 403)
|
50
|
+
check_ip_for_path('/admin', '1.1.1.2', 403)
|
51
|
+
end
|
52
|
+
end
|
metadata
ADDED
@@ -0,0 +1,107 @@
|
|
1
|
+
--- !ruby/object:Gem::Specification
|
2
|
+
name: rack-ip-authorizer
|
3
|
+
version: !ruby/object:Gem::Version
|
4
|
+
version: 0.0.1
|
5
|
+
platform: ruby
|
6
|
+
authors:
|
7
|
+
- Thibault El Zamek, Cédric Darné, Lionel Oto
|
8
|
+
autorequire:
|
9
|
+
bindir: bin
|
10
|
+
cert_chain: []
|
11
|
+
date: 2014-05-26 00:00:00.000000000 Z
|
12
|
+
dependencies:
|
13
|
+
- !ruby/object:Gem::Dependency
|
14
|
+
name: rack
|
15
|
+
requirement: !ruby/object:Gem::Requirement
|
16
|
+
requirements:
|
17
|
+
- - '>='
|
18
|
+
- !ruby/object:Gem::Version
|
19
|
+
version: '1.0'
|
20
|
+
type: :runtime
|
21
|
+
prerelease: false
|
22
|
+
version_requirements: !ruby/object:Gem::Requirement
|
23
|
+
requirements:
|
24
|
+
- - '>='
|
25
|
+
- !ruby/object:Gem::Version
|
26
|
+
version: '1.0'
|
27
|
+
- !ruby/object:Gem::Dependency
|
28
|
+
name: bundler
|
29
|
+
requirement: !ruby/object:Gem::Requirement
|
30
|
+
requirements:
|
31
|
+
- - ~>
|
32
|
+
- !ruby/object:Gem::Version
|
33
|
+
version: '1.3'
|
34
|
+
type: :development
|
35
|
+
prerelease: false
|
36
|
+
version_requirements: !ruby/object:Gem::Requirement
|
37
|
+
requirements:
|
38
|
+
- - ~>
|
39
|
+
- !ruby/object:Gem::Version
|
40
|
+
version: '1.3'
|
41
|
+
- !ruby/object:Gem::Dependency
|
42
|
+
name: rake
|
43
|
+
requirement: !ruby/object:Gem::Requirement
|
44
|
+
requirements:
|
45
|
+
- - '>='
|
46
|
+
- !ruby/object:Gem::Version
|
47
|
+
version: '1.0'
|
48
|
+
type: :development
|
49
|
+
prerelease: false
|
50
|
+
version_requirements: !ruby/object:Gem::Requirement
|
51
|
+
requirements:
|
52
|
+
- - '>='
|
53
|
+
- !ruby/object:Gem::Version
|
54
|
+
version: '1.0'
|
55
|
+
- !ruby/object:Gem::Dependency
|
56
|
+
name: rack-test
|
57
|
+
requirement: !ruby/object:Gem::Requirement
|
58
|
+
requirements:
|
59
|
+
- - ~>
|
60
|
+
- !ruby/object:Gem::Version
|
61
|
+
version: 0.6.2
|
62
|
+
type: :development
|
63
|
+
prerelease: false
|
64
|
+
version_requirements: !ruby/object:Gem::Requirement
|
65
|
+
requirements:
|
66
|
+
- - ~>
|
67
|
+
- !ruby/object:Gem::Version
|
68
|
+
version: 0.6.2
|
69
|
+
description: Basic Rack middleware for checking Rails3 request remote ip
|
70
|
+
email:
|
71
|
+
- thibault.elzamek@c4mprod.com, cedric.darne@c4mprod.com, lionel.oto@c4mprod.com
|
72
|
+
executables: []
|
73
|
+
extensions: []
|
74
|
+
extra_rdoc_files: []
|
75
|
+
files:
|
76
|
+
- LICENSE.txt
|
77
|
+
- README.md
|
78
|
+
- lib/rack/version.rb
|
79
|
+
- lib/rack/ip_authorizer.rb
|
80
|
+
- lib/rack-ip-authorizer.rb
|
81
|
+
- spec/rake_ip_authorizer_spec.rb
|
82
|
+
homepage: ''
|
83
|
+
licenses:
|
84
|
+
- MIT
|
85
|
+
metadata: {}
|
86
|
+
post_install_message:
|
87
|
+
rdoc_options: []
|
88
|
+
require_paths:
|
89
|
+
- lib
|
90
|
+
required_ruby_version: !ruby/object:Gem::Requirement
|
91
|
+
requirements:
|
92
|
+
- - '>='
|
93
|
+
- !ruby/object:Gem::Version
|
94
|
+
version: '0'
|
95
|
+
required_rubygems_version: !ruby/object:Gem::Requirement
|
96
|
+
requirements:
|
97
|
+
- - '>='
|
98
|
+
- !ruby/object:Gem::Version
|
99
|
+
version: '0'
|
100
|
+
requirements: []
|
101
|
+
rubyforge_project:
|
102
|
+
rubygems_version: 2.1.11
|
103
|
+
signing_key:
|
104
|
+
specification_version: 4
|
105
|
+
summary: Basic Rack middleware for checking Rails3 request remote ip
|
106
|
+
test_files:
|
107
|
+
- spec/rake_ip_authorizer_spec.rb
|