RubyGems - rails_keycloak_authorization - Versions diffs - 0.0.1 → 0.0.3 - Mend

rails_keycloak_authorization 0.0.1 → 0.0.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (10) hide show

checksums.yaml +4 -4
data/README.md +19 -8
data/app/controllers/concerns/rails_keycloak_authorization/with_keycloak_admin.rb +10 -13
data/app/controllers/rails_keycloak_authorization/policies_controller.rb +1 -1
data/app/services/rails_keycloak_authorization/keycloak_admin_ruby_agent.rb +9 -9
data/app/views/rails_keycloak_authorization/policies/index.html.erb +24 -13
data/lib/rails_keycloak_authorization/engine.rb +4 -0
data/lib/rails_keycloak_authorization/version.rb +1 -1
data/lib/rails_keycloak_authorization.rb +8 -6
metadata +5 -5

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 473a44e0abf7c0db82ad24417b0e20a546219e28967dc41cdee8753a954b0c3a
-  data.tar.gz: d2d21f2d7c7c291fcfc267ed9e7b83c66684714d952341b875d46ac2db2bdad8
+  metadata.gz: 8124610067e4109acd7ffb0921aeb2aa24493a0ce221048ffe2bec0ca5858a1f
+  data.tar.gz: 6984ea42b2cc5992825a5ed8dadacf2c39edcb18c14a5937911f42e7514bbd26
 SHA512:
-  metadata.gz: dccfd5e98b565f2c1da1911ab0d588b08a96a15790b0c6147e868c57b7f4f4e7fd444a9a1fa2280ccb4ca1d303d6a4601db8475931e511e2d6bcd8a0170417a7
-  data.tar.gz: f8175f8a52eb1e2bac762fe7e3ba4e2cac8ffdc322291e667901f958781c551d06920e3f80bcdb4c25f2430069e6e50f1a13f3153b5c9681117aef07d9e1a817
+  metadata.gz: 91ecddf3280a977f7f0833b19eb200faa5b611353cae969cbb48742f2b6d5c80ee86e3d94f5566a97cd0871b797325b68813033a0436da6428eb489bdd72b245
+  data.tar.gz: 89c50534873d123a6942b868118ec805b33ac16d9ce7430a5879e266945d6907a1910e1ec73d183343316588325d93a78c390bd0de745902f783c5daeceb1aa9

data/README.md CHANGED Viewed

@@ -1,5 +1,8 @@
 # Rails Keycloak Authorization
+![Github Actions CI workflow](https://github.com/tillawy/rails_keycloak_authorization/actions/workflows/ruby.yml/badge.svg)
 Rails middleware to authorize requests using [Keycloak](https://www.keycloak.org) and gem [keycloak-admin-ruby](https://github.com/looorent/keycloak-admin-ruby).
 This gem uses JWT token to authorize requests.
@@ -50,20 +53,28 @@ sequenceDiagram
 In order to use this gem, you need to configure it in an initializer file. You can create a new file in `config/initializers/rails_keycloak_authorization.rb` with the following content:
 ```ruby
-# The Keycloak realm
-RailsKeycloakAuthorization.keycloak_realm = ENV.fetch("KEYCLOAK_AUTH_CLIENT_REALM_NAME", "dummy")
-# The client id in the realm
-RailsKeycloakAuthorization.client_id = ENV.fetch("KEYCLOAK_AUTH_CLIENT_ID", "dummy-client")
-# Keycloak server url
-RailsKeycloakAuthorization.keycloak_server_url = ENV.fetch("KEYCLOAK_SERVER_URL", "http://localhost:8080")
-# Patterns that are protected by the middleware, Array of regular-expressions.
-RailsKeycloakAuthorization.match_patterns = [
+RailsKeycloakAuthorization.keycloak_auth_client_realm_name = ENV.fetch("KEYCLOAK_AUTH_CLIENT_REALM_NAME", "dummy")
+RailsKeycloakAuthorization.keycloak_auth_client_id         = ENV.fetch("KEYCLOAK_AUTH_CLIENT_ID", "dummy-client")
+RailsKeycloakAuthorization.keycloak_server_url             = ENV.fetch("KEYCLOAK_SERVER_URL", "http://localhost:8080")
+RailsKeycloakAuthorization.keycloak_server_domain          = ENV.fetch("KEYCLOAK_ADMIN_SERVER_DOMAIN", "localhost")
+RailsKeycloakAuthorization.keycloak_admin_realm_name       = ENV.fetch("KEYCLOAK_ADMIN_REALM_NAME", "master")
+RailsKeycloakAuthorization.keycloak_admin_client_id        = ENV.fetch("KEYCLOAK_ADMIN_CLIENT_ID", "keycloak-admin")
+RailsKeycloakAuthorization.keycloak_admin_client_secret    = ENV.fetch("KEYCLOAK_ADMIN_CLIENT_SECRET", "keycloak-admin-client-secret-xxx")
+RailsKeycloakAuthorization.match_patterns                  = [
   /^\/organizations(\.json)?/,
   /^\/api/,
   /internal/
 ]
 ```
+Add the route to the UI helper `config/routes.rb`:
+```
+# make sure to change the constraint to suite your security
+mount RailsKeycloakAuthorization::Engine, at: "/rka", constraints: lambda { |request| request.remote_ip == "127.0.0.1" }
+```
 ## How to easily test it?
 Create development environment with Keycloak and Tofu:

data/app/controllers/concerns/rails_keycloak_authorization/with_keycloak_admin.rb CHANGED Viewed

@@ -5,28 +5,25 @@ module RailsKeycloakAuthorization
       before_action :keycloak_admin_configure
     end
-    private
     def realm_name
-      ENV.fetch('KEYCLOAK_AUTH_CLIENT_REALM_NAME')
+      RailsKeycloakAuthorization.keycloak_auth_client_realm_name
     end
+    private
     def openid_client
-      KeycloakAdmin.realm(realm_name).clients.find_by_client_id(ENV["KEYCLOAK_AUTH_CLIENT_ID"])
+      KeycloakAdmin.realm(realm_name).clients.find_by_client_id(RailsKeycloakAuthorization.keycloak_auth_client_id)
     end
     def keycloak_admin_configure
       KeycloakAdmin.configure do |config|
         config.use_service_account = true
-        config.server_url          = ENV["KEYCLOAK_SERVER_URL"]
-        config.server_domain       = ENV["KEYCLOAK_SERVER_DOMAIN"]
-        config.client_id           = ENV["KEYCLOAK_ADMIN_CLIENT_ID"]
-        config.client_realm_name   = ENV["KEYCLOAK_ADMIN_REALM_NAME"]
-        config.client_secret       = ENV["KEYCLOAK_ADMIN_CLIENT_SECRET"]
+        config.server_url          = RailsKeycloakAuthorization.keycloak_server_url
+        config.server_domain       = RailsKeycloakAuthorization.keycloak_server_domain
+        config.client_realm_name   = RailsKeycloakAuthorization.keycloak_admin_realm_name
+        config.client_id           = RailsKeycloakAuthorization.keycloak_admin_client_id
+        config.client_secret       = RailsKeycloakAuthorization.keycloak_admin_client_secret
         config.logger              = Rails.logger
         config.rest_client_options = { timeout: 3, verify_ssl: Rails.env.production? }
       end

data/app/controllers/rails_keycloak_authorization/policies_controller.rb CHANGED Viewed

@@ -12,7 +12,7 @@ module RailsKeycloakAuthorization
     end
     def create
-      KeycloakAdminRubyAgent.create_keycloak_policy(params[:keycloak_realm_role_id])
+      KeycloakAdminRubyAgent.create_keycloak_policy(params[:keycloak_realm_role_id], params[:keycloak_policy_name])
       redirect_to policies_path
     end
   end

data/app/services/rails_keycloak_authorization/keycloak_admin_ruby_agent.rb CHANGED Viewed

@@ -35,11 +35,11 @@ module RailsKeycloakAuthorization
                      .find_by(POLICY_NAME, "role")
       end
-      def create_keycloak_policy(keycloak_realm_role_id)
+      def create_keycloak_policy(keycloak_realm_role_id, policy_name)
         KeycloakAdmin
           .realm(realm_name)
           .authz_policies(openid_client.id, 'role')
-          .create!("#{POLICY_NAME}",
+          .create!(policy_name,
                    "#{POLICY_NAME} default policy",
                    "role",
                    "POSITIVE",
@@ -124,13 +124,13 @@ module RailsKeycloakAuthorization
       def keycloak_admin_configure
         KeycloakAdmin.configure do |config|
           config.use_service_account = true
-          config.server_url = ENV.fetch("KEYCLOAK_SERVER_URL")
-          config.server_domain = ENV.fetch("KEYCLOAK_SERVER_DOMAIN")
-          config.client_id = ENV.fetch("KEYCLOAK_ADMIN_CLIENT_ID")
-          config.client_realm_name = ENV.fetch("KEYCLOAK_ADMIN_REALM_NAME")
-          config.client_secret = ENV.fetch("KEYCLOAK_ADMIN_CLIENT_SECRET")
-          config.logger = Rails.logger
-          config.rest_client_options = { timeout: 5, verify_ssl: Rails.env.production? }
+          config.server_url          = RailsKeycloakAuthorization.keycloak_server_url
+          config.server_domain       = RailsKeycloakAuthorization.keycloak_server_domain
+          config.client_realm_name   = RailsKeycloakAuthorization.keycloak_admin_realm_name
+          config.client_id           = RailsKeycloakAuthorization.keycloak_admin_client_id
+          config.client_secret       = RailsKeycloakAuthorization.keycloak_admin_client_secret
+          config.logger              = Rails.logger
+          config.rest_client_options = { timeout: 3, verify_ssl: Rails.env.production? }
         end
       end
     end

data/app/views/rails_keycloak_authorization/policies/index.html.erb CHANGED Viewed

@@ -1,23 +1,34 @@
-<h1 class="text-center text-gray-500">Policies</h1>
-<% if @policies.empty? %>
-  <p class="inline">Default Policy for </p>
-  <form class="inline" hx-post="<%= policies_path %>">
+<div id="policies">
+  <h1 class="text-center text-gray-500">Policies</h1>
+  <% @policies.map do |policy| %>
+    <div class="mt-2">
+      <p>Policy Name: <%= policy.name %></p>
+      <p>Policy Roles:</p>
+      <% policy.roles.map do |role| %>
+        <% realm_role = @realm_roles.first{|rr| rr.id == rold.id } %>
+        <ul class="list-disc list-inside">
+          <li><%= realm_role.name %></li>
+        </ul>
+      <% end %>
+    </div>
+  <% end %>
+  <hr class="mb-6 mt-6"/>
+  <form class="inline" hx-post="<%= policies_path %>" hx-target="#policies">
+    <label for="keycloak_policy_name">Name</label>
     <input id="keycloak_policy_name" name="keycloak_policy_name" value="<%= @default_policy_name %>" type="text">
     <label for="keycloak_realm_role">Role</label>
     <select name="keycloak_realm_role_id" hx-indicator=".htmx-indicator">
       <% @realm_roles.map do |role| %>
         <option value="<%= role.id %>" <%= role.name.include?("default") ? "selected=selected" : "" %>>
-          <%= role.name %>
+        <%= role.name %>
         </option>
       <% end %>
     </select>
     <button
-      class="bg-blue-500 hover:bg-blue-700 text-white font-bold py-1 px-3 rounded"
-      type="submit">Create</button>
+        class="bg-blue-500 hover:bg-blue-700 text-white font-bold py-1 px-3 rounded"
+        type="submit">Create</button>
   </form>
-<% else %>
-    <div class="text-gray-500">Current Policy</div>
-    <% @policies.map do |policy| %>
-     <p><%= policy.name %></p>
-    <% end %>
-<% end %>
+</div>

data/lib/rails_keycloak_authorization/engine.rb CHANGED Viewed

@@ -1,8 +1,12 @@
 module RailsKeycloakAuthorization
   class Engine < ::Rails::Engine
+    require 'keycloak-admin'
     isolate_namespace RailsKeycloakAuthorization
     initializer "rails_keycloak_authorization.middleware" do |app|
       app.middleware.use RailsKeycloakAuthorization::Middleware
     end
+    initializer "rails_keycloak_authorization.assets.precompile" do |app|
+      app.config.assets.precompile += %w( rails_keycloak_authorization/application.css )
+    end
   end
 end

data/lib/rails_keycloak_authorization/version.rb CHANGED Viewed

@@ -1,3 +1,3 @@
 module RailsKeycloakAuthorization
-  VERSION = "0.0.1"
+  VERSION = "0.0.3"
 end

data/lib/rails_keycloak_authorization.rb CHANGED Viewed

@@ -2,12 +2,14 @@ require "rails_keycloak_authorization/version"
 require "rails_keycloak_authorization/engine"
 module RailsKeycloakAuthorization
-  mattr_accessor :keycloak_realm
   mattr_accessor :keycloak_server_url
-  mattr_accessor :keycloak_admin_username
-  mattr_accessor :keycloak_admin_password
+  mattr_accessor :keycloak_server_domain
+  mattr_accessor :keycloak_admin_realm_name
+  mattr_accessor :keycloak_admin_client_id
+  mattr_accessor :keycloak_admin_client_secret
+  mattr_accessor :keycloak_auth_client_id
+  mattr_accessor :keycloak_auth_client_realm_name
   mattr_accessor :match_patterns
-  mattr_accessor :client_id
   class Middleware
     def initialize(app)
@@ -36,7 +38,7 @@ module RailsKeycloakAuthorization
     def authorize!(request_uri, http_authorization)
       route = Rails.application.routes.recognize_path(request_uri)
-      uri = uri(RailsKeycloakAuthorization.keycloak_server_url, RailsKeycloakAuthorization.keycloak_realm)
+      uri = uri(RailsKeycloakAuthorization.keycloak_server_url, RailsKeycloakAuthorization.keycloak_auth_client_realm_name)
       request = http_request(uri, http_authorization, route)
       response = http_client(uri).request(request)
       response.is_a?(Net::HTTPSuccess)
@@ -49,7 +51,7 @@ module RailsKeycloakAuthorization
       })
       permission = "#{route[:controller]}_controller##{route[:action]}"
       request.body = URI.encode_www_form({
-                                           audience: "#{RailsKeycloakAuthorization.client_id}",
+                                           audience: "#{RailsKeycloakAuthorization.keycloak_auth_client_id}",
                                            grant_type: grant_type,
                                            permission: permission,
                                            response_mode: "permissions",

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: rails_keycloak_authorization
 version: !ruby/object:Gem::Version
-  version: 0.0.1
+  version: 0.0.3
 platform: ruby
 authors:
 - Mohammed O. Tillawy
-autorequire:
+autorequire:
 bindir: bin
 cert_chain: []
-date: 1980-01-01 00:00:00.000000000 Z
+date: 2024-08-17 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rails
@@ -106,7 +106,7 @@ metadata:
   homepage_uri: https://github.com/tillawy/rails_keycloak_authorization.git
   source_code_uri: https://github.com/tillawy/rails_keycloak_authorization.git
   changelog_uri: https://github.com/tillawy/rails_keycloak_authorization.git
-post_install_message:
+post_install_message:
 rdoc_options: []
 require_paths:
 - lib
@@ -122,7 +122,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubygems_version: 3.5.11
-signing_key:
+signing_key:
 specification_version: 4
 summary: RailsKeycloakAuthorization, Rack Based, Policy Enforcement Point (PEP) implementation
 test_files: []