rockstart 0.1.0 → 0.1.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/README.md +6 -0
- data/lib/generators/rockstart/authorization/USAGE +9 -0
- data/lib/generators/rockstart/authorization/auth0/USAGE +10 -0
- data/lib/generators/rockstart/authorization/auth0/auth0_generator.rb +49 -0
- data/lib/generators/rockstart/authorization/auth0/templates/app/controllers/auth_controller.rb.tt +47 -0
- data/lib/generators/rockstart/authorization/auth0/templates/app/controllers/concerns/session_auth.rb +23 -0
- data/lib/generators/rockstart/authorization/auth0/templates/app/models/user.rb.tt +82 -0
- data/lib/generators/rockstart/authorization/auth0/templates/app/views/auth/new.html.erb +3 -0
- data/lib/generators/rockstart/authorization/auth0/templates/app/views/auth/sign_out.html.erb +1 -0
- data/lib/generators/rockstart/authorization/auth0/templates/auth0.en.yml +5 -0
- data/lib/generators/rockstart/authorization/auth0/templates/auth0_initializer.rb +27 -0
- data/lib/generators/rockstart/authorization/auth0/templates/auth0_util.rb.tt +38 -0
- data/lib/generators/rockstart/authorization/auth0/templates/auth0_util_spec.rb +21 -0
- data/lib/generators/rockstart/authorization/auth0/templates/spec/factories/users.rb.tt +32 -0
- data/lib/generators/rockstart/authorization/auth0/templates/spec/models/user_spec.rb.tt +91 -0
- data/lib/generators/rockstart/authorization/auth0/templates/spec/requests/auth_spec.rb +94 -0
- data/lib/generators/rockstart/authorization/auth0/templates/spec/support/auth_request_helper.rb +27 -0
- data/lib/generators/rockstart/authorization/authorization_generator.rb +29 -0
- data/lib/generators/rockstart/{devise → authorization/devise}/USAGE +3 -1
- data/lib/generators/rockstart/authorization/devise/devise_generator.rb +208 -0
- data/lib/generators/rockstart/authorization/devise/templates/add_devise_to_users_migration.rb.tt +50 -0
- data/lib/generators/rockstart/{devise → authorization/devise}/templates/controllers/passwords_controller.rb +0 -0
- data/lib/generators/rockstart/{devise → authorization/devise}/templates/controllers/registrations_controller.rb +0 -0
- data/lib/generators/rockstart/{devise → authorization/devise}/templates/controllers/sessions_controller.rb +0 -0
- data/lib/generators/rockstart/{devise → authorization/devise}/templates/create_user_migration.rb.tt +0 -0
- data/lib/generators/rockstart/{devise → authorization/devise}/templates/models/user.rb +14 -2
- data/lib/generators/rockstart/{devise → authorization/devise}/templates/spec/factories/users.rb +0 -0
- data/lib/generators/rockstart/{devise → authorization/devise}/templates/spec/models/user_spec.rb +9 -21
- data/lib/generators/rockstart/{devise → authorization/devise}/templates/spec/requests/users/passwords_spec.rb +0 -0
- data/lib/generators/rockstart/{devise → authorization/devise}/templates/spec/requests/users/registrations_spec.rb +2 -11
- data/lib/generators/rockstart/{devise → authorization/devise}/templates/spec/requests/users/sessions_spec.rb +1 -38
- data/lib/generators/rockstart/{devise → authorization/devise}/templates/spec/support/devise_request_spec_helper.rb +0 -0
- data/lib/generators/rockstart/{devise → authorization/devise}/templates/translations.en.yml +0 -0
- data/lib/generators/rockstart/{pundit → authorization/pundit}/USAGE +1 -1
- data/lib/generators/rockstart/authorization/pundit/pundit_generator.rb +41 -0
- data/lib/generators/rockstart/{pundit → authorization/pundit}/templates/app/controllers/concerns/pundit_error_handling.rb +0 -0
- data/lib/generators/rockstart/{pundit → authorization/pundit}/templates/app/policies/application_policy.rb +0 -0
- data/lib/generators/rockstart/{pundit/templates/app/policies/user_policy.rb → authorization/pundit/templates/app/policies/user_policy.rb.tt} +4 -0
- data/lib/generators/rockstart/{pundit → authorization/pundit}/templates/config/locales/pundit.en.yml +0 -0
- data/lib/generators/rockstart/authorization/pundit/templates/lib/admin_constraint.rb +11 -0
- data/lib/generators/rockstart/{pundit/templates/lib/templates/pundit/policy/policy.rb → authorization/pundit/templates/scaffold/policy.rb.tt} +0 -0
- data/lib/generators/rockstart/{pundit/templates/lib/templates/rspec/policy/policy_spec.rb → authorization/pundit/templates/scaffold/policy_spec.rb.tt} +0 -0
- data/lib/generators/rockstart/{pundit/templates/spec/policies/user_policy_spec.rb → authorization/pundit/templates/spec/policies/user_policy_spec.rb.tt} +43 -5
- data/lib/generators/rockstart/{pundit → authorization/pundit}/templates/spec/support/pundit_matchers.rb +0 -0
- data/lib/generators/rockstart/deployment/USAGE +8 -0
- data/lib/generators/rockstart/deployment/deployment_generator.rb +78 -0
- data/lib/generators/rockstart/{docker → deployment/docker}/USAGE +0 -0
- data/lib/generators/rockstart/deployment/docker/docker_generator.rb +70 -0
- data/lib/generators/rockstart/{docker → deployment/docker}/templates/app/Dockerfile-app +6 -5
- data/lib/generators/rockstart/{docker → deployment/docker}/templates/docker-compose.test.yml +5 -2
- data/lib/generators/rockstart/deployment/docker/templates/docker-compose.yml +74 -0
- data/lib/generators/rockstart/{docker → deployment/docker}/templates/dockerignore +0 -0
- data/lib/generators/rockstart/deployment/docker/templates/dotenv.docker-db.tt +3 -0
- data/lib/generators/rockstart/deployment/docker/templates/dotenv.docker.tt +20 -0
- data/lib/generators/rockstart/{docker → deployment/docker}/templates/web/Dockerfile-web +0 -0
- data/lib/generators/rockstart/{docker → deployment/docker}/templates/web/nginx.conf +24 -1
- data/lib/generators/rockstart/deployment/heroku/USAGE +9 -0
- data/lib/generators/rockstart/deployment/heroku/heroku_generator.rb +50 -0
- data/lib/generators/rockstart/deployment/heroku/templates/Procfile.tt +5 -0
- data/lib/generators/rockstart/deployment/heroku/templates/app.json.tt +50 -0
- data/lib/generators/rockstart/deployment/heroku/templates/deploy-heroku.tt +42 -0
- data/lib/generators/rockstart/deployment/heroku/templates/heroku.rake.tt +25 -0
- data/lib/generators/rockstart/deployment/heroku/templates/slugignore +3 -0
- data/lib/generators/rockstart/deployment/nginx/USAGE +8 -0
- data/lib/generators/rockstart/deployment/nginx/nginx_generator.rb +20 -0
- data/lib/generators/rockstart/deployment/templates/hooks-postdeploy.tt +22 -0
- data/lib/generators/rockstart/deployment/templates/hooks-release.tt +17 -0
- data/lib/generators/rockstart/deployment/templates/rack_deflater_spec.rb +28 -0
- data/lib/generators/rockstart/deployment/templates/web.tt +3 -0
- data/lib/generators/rockstart/deployment/templates/worker.tt +3 -0
- data/lib/generators/rockstart/development/USAGE +10 -0
- data/lib/generators/rockstart/development/audited/USAGE +10 -0
- data/lib/generators/rockstart/development/audited/audited_generator.rb +35 -0
- data/lib/generators/rockstart/development/audited/templates/audit.rb.tt +35 -0
- data/lib/generators/rockstart/development/audited/templates/audit_spec.rb.tt +54 -0
- data/lib/generators/rockstart/development/audited/templates/audited_initializer.rb +5 -0
- data/lib/generators/rockstart/development/audited/templates/audited_support.rb +3 -0
- data/lib/generators/rockstart/development/audited/templates/install_audited.rb.tt +45 -0
- data/lib/generators/rockstart/development/development_generator.rb +42 -0
- data/lib/generators/rockstart/development/env/USAGE +8 -0
- data/lib/generators/rockstart/development/env/env_generator.rb +17 -0
- data/lib/generators/rockstart/development/env/templates/dotenv.development.tt +4 -0
- data/lib/generators/rockstart/development/friendly_id/USAGE +8 -0
- data/lib/generators/rockstart/development/friendly_id/friendly_id_generator.rb +15 -0
- data/lib/generators/rockstart/development/friendly_id/templates/friendly_id_initializer.rb +52 -0
- data/lib/generators/rockstart/development/generator_overrides/USAGE +8 -0
- data/lib/generators/rockstart/development/generator_overrides/generator_overrides_generator.rb +31 -0
- data/lib/generators/rockstart/development/generator_overrides/templates/resource_route_generator.rb.tt +54 -0
- data/lib/generators/rockstart/development/localhost_setup/USAGE +8 -0
- data/lib/generators/rockstart/development/localhost_setup/localhost_setup_generator.rb +34 -0
- data/lib/generators/rockstart/{docker → development/localhost_setup}/templates/localhost_domains.ext.tt +0 -0
- data/lib/generators/rockstart/{docker → development/localhost_setup}/templates/setup-localhost.tt +5 -5
- data/lib/generators/rockstart/development/readme/USAGE +8 -0
- data/lib/generators/rockstart/development/readme/readme_generator.rb +18 -0
- data/lib/generators/rockstart/development/readme/templates/README.md +74 -0
- data/lib/generators/rockstart/development/rebuild/USAGE +8 -0
- data/lib/generators/rockstart/development/rebuild/rebuild_generator.rb +21 -0
- data/lib/generators/rockstart/development/rebuild/templates/rockstart.tt +28 -0
- data/lib/generators/rockstart/{scaffold_templates → development/scaffolds}/USAGE +1 -1
- data/lib/generators/rockstart/development/scaffolds/scaffolds_generator.rb +46 -0
- data/lib/generators/rockstart/{scaffold_templates → development/scaffolds}/templates/api_controller.rb.tt +15 -7
- data/lib/generators/rockstart/{scaffold_templates → development/scaffolds}/templates/controller.rb.tt +18 -9
- data/lib/generators/rockstart/development/scaffolds/templates/factory_bot/factories.erb +8 -0
- data/lib/generators/rockstart/development/scaffolds/templates/model.rb.tt +61 -0
- data/lib/generators/rockstart/development/scaffolds/templates/rspec/api_request_spec.rb.tt +142 -0
- data/lib/generators/rockstart/development/scaffolds/templates/rspec/model_spec.rb.tt +35 -0
- data/lib/generators/rockstart/development/scaffolds/templates/rspec/request_spec.rb.tt +492 -0
- data/lib/generators/rockstart/frontend_app/USAGE +10 -0
- data/lib/generators/rockstart/frontend_app/application_urls/USAGE +8 -0
- data/lib/generators/rockstart/frontend_app/application_urls/application_urls_generator.rb +28 -0
- data/lib/generators/rockstart/{frontend_helpers → frontend_app/application_urls}/templates/application_urls.rb +0 -0
- data/lib/generators/rockstart/{frontend_helpers → frontend_app/application_urls}/templates/application_urls_helper.rb +0 -0
- data/lib/generators/rockstart/frontend_app/assets/USAGE +8 -0
- data/lib/generators/rockstart/frontend_app/assets/assets_generator.rb +11 -0
- data/lib/generators/rockstart/frontend_app/assets/templates/assets.rake +22 -0
- data/lib/generators/rockstart/frontend_app/frontend_app_generator.rb +38 -0
- data/lib/generators/rockstart/frontend_app/simple_form/USAGE +8 -0
- data/lib/generators/rockstart/frontend_app/simple_form/simple_form_generator.rb +9 -0
- data/lib/generators/rockstart/frontend_app/titles/USAGE +8 -0
- data/lib/generators/rockstart/{frontend_helpers → frontend_app/titles}/templates/titles.en.yml.tt +0 -0
- data/lib/generators/rockstart/frontend_app/titles/titles_generator.rb +22 -0
- data/lib/generators/rockstart/gemset/USAGE +8 -0
- data/lib/generators/rockstart/gemset/gemset_generator.rb +129 -0
- data/lib/generators/rockstart/mailers/USAGE +8 -0
- data/lib/generators/rockstart/mailers/mailers_generator.rb +7 -0
- data/lib/generators/rockstart/{smtp_mailer → mailers/smtp_mailer}/USAGE +0 -0
- data/lib/generators/rockstart/mailers/smtp_mailer/smtp_mailer_generator.rb +36 -0
- data/lib/generators/rockstart/{smtp_mailer/templates/config/initializers/action_mailer.rb → mailers/smtp_mailer/templates/action_mailer_initializer.rb} +0 -0
- data/lib/generators/rockstart/monitoring/USAGE +8 -0
- data/lib/generators/rockstart/{logging → monitoring/lograge}/USAGE +1 -1
- data/lib/generators/rockstart/monitoring/lograge/lograge_generator.rb +19 -0
- data/lib/generators/rockstart/monitoring/lograge/templates/lograge_initializer.rb +44 -0
- data/lib/generators/rockstart/monitoring/lograge/templates/lograge_util.rb +42 -0
- data/lib/generators/rockstart/monitoring/monitoring_generator.rb +35 -0
- data/lib/generators/rockstart/monitoring/okcomputer/USAGE +8 -0
- data/lib/generators/rockstart/monitoring/okcomputer/okcomputer_generator.rb +28 -0
- data/lib/generators/rockstart/monitoring/okcomputer/templates/okcomputer.en.yml +5 -0
- data/lib/generators/rockstart/monitoring/okcomputer/templates/okcomputer_initializer.rb.tt +34 -0
- data/lib/generators/rockstart/monitoring/okcomputer/templates/okcomputer_spec.rb +62 -0
- data/lib/generators/rockstart/monitoring/rollbar/USAGE +8 -0
- data/lib/generators/rockstart/monitoring/rollbar/rollbar_generator.rb +20 -0
- data/lib/generators/rockstart/monitoring/rollbar/templates/rollbar_initializer.rb.tt +80 -0
- data/lib/generators/rockstart/monitoring/sidekiq_ui/USAGE +8 -0
- data/lib/generators/rockstart/monitoring/sidekiq_ui/sidekiq_ui_generator.rb +38 -0
- data/lib/generators/rockstart/monitoring/sidekiq_ui/templates/sidekiq_spec.rb +32 -0
- data/lib/generators/rockstart/quality/quality_generator.rb +5 -16
- data/lib/generators/rockstart/quality/rubocop/USAGE +11 -0
- data/lib/generators/rockstart/quality/rubocop/rubocop_generator.rb +23 -0
- data/lib/generators/rockstart/quality/rubocop/templates/rubocop.rake +19 -0
- data/lib/generators/rockstart/quality/{templates → rubocop/templates}/rubocop.yml +0 -0
- data/lib/generators/rockstart/rockstart_generator.rb +13 -65
- data/lib/generators/rockstart/run/USAGE +17 -0
- data/lib/generators/rockstart/run/run_generator.rb +73 -0
- data/lib/generators/rockstart/security/brakeman/USAGE +9 -0
- data/lib/generators/rockstart/security/brakeman/brakeman_generator.rb +15 -0
- data/lib/generators/rockstart/security/{templates → brakeman/templates}/brakeman.rake +1 -1
- data/lib/generators/rockstart/security/bundler_audit/USAGE +8 -0
- data/lib/generators/rockstart/security/bundler_audit/bundler_audit_generator.rb +11 -0
- data/lib/generators/rockstart/security/bundler_audit/templates/bundler_audit.rake +14 -0
- data/lib/generators/rockstart/security/content_security/USAGE +8 -0
- data/lib/generators/rockstart/security/content_security/content_security_generator.rb +41 -0
- data/lib/generators/rockstart/security/{templates → content_security/templates}/content_security_policy_initializer.rb.tt +2 -2
- data/lib/generators/rockstart/security/{templates → content_security/templates}/content_security_spec.rb.tt +12 -13
- data/lib/generators/rockstart/security/{templates/csp_violations_controller.rb → content_security/templates/csp_violations_controller.rb.tt} +14 -6
- data/lib/generators/rockstart/security/{templates → content_security/templates}/session_store_initializer.rb.tt +1 -2
- data/lib/generators/rockstart/security/rack_attack/USAGE +8 -0
- data/lib/generators/rockstart/security/rack_attack/rack_attack_generator.rb +37 -0
- data/lib/generators/rockstart/security/{templates → rack_attack/templates}/cache_support.rb +1 -1
- data/lib/generators/rockstart/security/{templates/rack_attack.rb → rack_attack/templates/rack_attack_initializer.rb.tt} +34 -1
- data/lib/generators/rockstart/security/rack_attack/templates/rack_attack_spec.rb.tt +116 -0
- data/lib/generators/rockstart/security/security_generator.rb +20 -84
- data/lib/generators/rockstart/storage/USAGE +8 -0
- data/lib/generators/rockstart/storage/active_storage/USAGE +8 -0
- data/lib/generators/rockstart/storage/active_storage/active_storage_generator.rb +59 -0
- data/lib/generators/rockstart/storage/active_storage/templates/active_storage_initializer.rb +9 -0
- data/lib/generators/rockstart/storage/active_storage/templates/better_s3_service.rb +27 -0
- data/lib/generators/rockstart/storage/active_storage/templates/cloudcube_util.rb +30 -0
- data/lib/generators/rockstart/storage/active_storage/templates/cloudcube_util_spec.rb +73 -0
- data/lib/generators/rockstart/storage/active_storage/templates/storage.yml.tt +15 -0
- data/lib/generators/rockstart/storage/memcached/USAGE +8 -0
- data/lib/generators/rockstart/storage/memcached/memcached_generator.rb +27 -0
- data/lib/generators/rockstart/{postgres → storage/postgres}/USAGE +1 -1
- data/lib/generators/rockstart/storage/postgres/postgres_generator.rb +20 -0
- data/lib/generators/rockstart/{postgres → storage/postgres}/templates/config/database.yml.tt +6 -0
- data/lib/generators/rockstart/{postgres → storage/postgres}/templates/migration.rb.tt +0 -0
- data/lib/generators/rockstart/storage/storage_generator.rb +26 -0
- data/lib/generators/rockstart/testing/USAGE +9 -0
- data/lib/generators/rockstart/testing/env/USAGE +8 -0
- data/lib/generators/rockstart/testing/env/env_generator.rb +24 -0
- data/lib/generators/rockstart/testing/env/templates/climate_control_helpers_support.rb +14 -0
- data/lib/generators/rockstart/testing/env/templates/dotenv.test.tt +8 -0
- data/lib/generators/rockstart/{rspec → testing/rspec}/USAGE +1 -1
- data/lib/generators/rockstart/testing/rspec/rspec_generator.rb +52 -0
- data/lib/generators/rockstart/{rspec → testing/rspec}/templates/support/factory_bot.rb +0 -0
- data/lib/generators/rockstart/{rspec → testing/rspec}/templates/support/shoulda_matchers.rb +0 -0
- data/lib/generators/rockstart/{rspec → testing/rspec}/templates/support/test_helpers.rb +0 -0
- data/lib/generators/rockstart/testing/rspec/templates/support/vcr.rb +11 -0
- data/lib/generators/rockstart/testing/simplecov/USAGE +9 -0
- data/lib/generators/rockstart/testing/simplecov/simplecov_generator.rb +11 -0
- data/lib/generators/rockstart/testing/testing_generator.rb +24 -0
- data/lib/generators/rockstart/workers/USAGE +8 -0
- data/lib/generators/rockstart/workers/sidekiq/USAGE +9 -0
- data/lib/generators/rockstart/workers/sidekiq/sidekiq_generator.rb +29 -0
- data/lib/generators/rockstart/workers/sidekiq/templates/sidekiq.yml.tt +5 -0
- data/lib/generators/rockstart/workers/sidekiq/templates/sidekiq_initializer.rb +5 -0
- data/lib/generators/rockstart/workers/workers_generator.rb +18 -0
- data/lib/rockstart/base_generator.rb +4 -5
- data/lib/rockstart/env.rb +3 -1
- data/lib/rockstart/generators/class_option_helpers.rb +154 -0
- data/lib/rockstart/generators/content_security_options.rb +61 -0
- data/lib/rockstart/generators/migration_helpers.rb +30 -0
- data/lib/rockstart/generators/system_helpers.rb +14 -0
- data/lib/rockstart/generators/template_helpers.rb +27 -0
- data/lib/rockstart/version.rb +1 -1
- metadata +212 -83
- data/lib/generators/rockstart/devise/devise_generator.rb +0 -258
- data/lib/generators/rockstart/docker/docker_generator.rb +0 -86
- data/lib/generators/rockstart/docker/templates/docker-compose.yml +0 -47
- data/lib/generators/rockstart/docker/templates/dotenv.docker.tt +0 -4
- data/lib/generators/rockstart/frontend_helpers/USAGE +0 -8
- data/lib/generators/rockstart/frontend_helpers/frontend_helpers_generator.rb +0 -65
- data/lib/generators/rockstart/logging/logging_generator.rb +0 -12
- data/lib/generators/rockstart/logging/templates/rockstart/lograge_initializer.rb +0 -50
- data/lib/generators/rockstart/postgres/postgres_generator.rb +0 -32
- data/lib/generators/rockstart/pundit/pundit_generator.rb +0 -32
- data/lib/generators/rockstart/quality/templates/rubocop.rake +0 -4
- data/lib/generators/rockstart/rspec/rspec_generator.rb +0 -70
- data/lib/generators/rockstart/rspec/templates/dotenv.development +0 -1
- data/lib/generators/rockstart/rspec/templates/dotenv.test +0 -1
- data/lib/generators/rockstart/rspec/templates/rspec_templates/model/model_spec.rb +0 -13
- data/lib/generators/rockstart/scaffold_templates/scaffold_templates_generator.rb +0 -39
- data/lib/generators/rockstart/scaffold_templates/templates/rspec/scaffold/api_request_spec.rb +0 -139
- data/lib/generators/rockstart/scaffold_templates/templates/rspec/scaffold/request_spec.rb +0 -408
- data/lib/generators/rockstart/security/templates/bundler_audit.rake +0 -4
- data/lib/generators/rockstart/smtp_mailer/smtp_mailer_generator.rb +0 -30
- data/lib/generators/rockstart/tailwindcss/USAGE +0 -8
- data/lib/generators/rockstart/tailwindcss/tailwindcss_generator.rb +0 -30
- data/lib/generators/rockstart/tailwindcss/templates/application.css +0 -3
- data/lib/generators/rockstart/tailwindcss/templates/postcss.config.js +0 -32
@@ -0,0 +1,37 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
require "rockstart/generators/class_option_helpers"
|
4
|
+
require "rockstart/generators/template_helpers"
|
5
|
+
|
6
|
+
module Rockstart::Security
|
7
|
+
class RackAttackGenerator < Rails::Generators::Base
|
8
|
+
include Rockstart::Generators::ClassOptionHelpers
|
9
|
+
include Rockstart::Generators::TemplateHelpers
|
10
|
+
|
11
|
+
source_root File.expand_path("templates", __dir__)
|
12
|
+
|
13
|
+
devise_class_option
|
14
|
+
|
15
|
+
def add_initializer
|
16
|
+
initializer_template "rack_attack"
|
17
|
+
end
|
18
|
+
|
19
|
+
def add_request_spec
|
20
|
+
template "rack_attack_spec.rb", "spec/requests/rack_attack_spec.rb"
|
21
|
+
end
|
22
|
+
|
23
|
+
def add_rspec_support
|
24
|
+
copy_file "cache_support.rb", "spec/support/cache.rb"
|
25
|
+
end
|
26
|
+
|
27
|
+
def enable_cache_store_for_all_environments
|
28
|
+
application do
|
29
|
+
<<~CACHE
|
30
|
+
# Use memory_store cache for testing and default configurations
|
31
|
+
config.cache_store = :memory_store
|
32
|
+
CACHE
|
33
|
+
end
|
34
|
+
comment_lines "config/environments/test.rb", "config.cache_store = "
|
35
|
+
end
|
36
|
+
end
|
37
|
+
end
|
@@ -3,10 +3,12 @@
|
|
3
3
|
require "digest/md5"
|
4
4
|
|
5
5
|
# Configuration for rack_attack
|
6
|
-
class Rack::Attack
|
6
|
+
class Rack::Attack # rubocop:disable Style/ClassAndModuleChildren
|
7
|
+
<%- if devise? -%>
|
7
8
|
LOGIN_PATH = "/users/sign_in"
|
8
9
|
REGISTRATION_PATH = "/users"
|
9
10
|
|
11
|
+
<%- end -%>
|
10
12
|
### Configure Cache ###
|
11
13
|
|
12
14
|
# If you don't want to use Rails.cache (Rack::Attack's default), then
|
@@ -33,6 +35,26 @@ class Rack::Attack
|
|
33
35
|
# Key: "rack::attack:#{Time.now.to_i/:period}:req/ip:#{req.ip}"
|
34
36
|
throttle("req/ip", limit: 300, period: 5.minutes, &:ip)
|
35
37
|
|
38
|
+
def self.pentesting_request?(path, query_string)
|
39
|
+
CGI.unescape(query_string) =~ %r{/etc/passwd} ||
|
40
|
+
path.include?("/etc/passwd") ||
|
41
|
+
path.include?("wp-admin") ||
|
42
|
+
path.include?("wp-login") ||
|
43
|
+
/\.php$/.match?(path)
|
44
|
+
end
|
45
|
+
|
46
|
+
# Block suspicious requests for '/etc/passwd' or wordpress specific paths.
|
47
|
+
# After 3 blocked requests in 10 minutes, block all requests from that IP for 5 minutes.
|
48
|
+
blocklist("fail2ban/pentesters") do |req|
|
49
|
+
# `filter` returns truthy value if request fails, or if it's from a previously banned IP
|
50
|
+
# so the request is blocked
|
51
|
+
Rack::Attack::Fail2Ban.filter("pentesters-#{req.ip}", maxretry: 3, findtime: 10.minutes, bantime: 5.minutes) do
|
52
|
+
# The count for the IP is incremented if the return value is truthy
|
53
|
+
pentesting_request?(req.path, req.query_string)
|
54
|
+
end
|
55
|
+
end
|
56
|
+
|
57
|
+
<%- if devise? -%>
|
36
58
|
### Prevent Brute-Force Login Attacks ###
|
37
59
|
|
38
60
|
# The most common brute-force login attack is a brute-force password
|
@@ -82,6 +104,17 @@ class Rack::Attack
|
|
82
104
|
req.ip if req.path == REGISTRATION_PATH && (req.post? || req.put? || req.patch?)
|
83
105
|
end
|
84
106
|
|
107
|
+
<%- end -%>
|
108
|
+
### Custom Blocklist Response ###
|
109
|
+
|
110
|
+
self.blocklisted_response = lambda do |request|
|
111
|
+
if pentesting_request?(request.fetch("PATH_INFO"), request.fetch("QUERY_STRING"))
|
112
|
+
[301, { "Location" => "/" }, []]
|
113
|
+
else
|
114
|
+
[302, { "Location" => "https://www.youtube.com/watch?v=dQw4w9WgXcQ" }, []]
|
115
|
+
end
|
116
|
+
end
|
117
|
+
|
85
118
|
### Custom Throttle Response ###
|
86
119
|
|
87
120
|
# By default, Rack::Attack returns an HTTP 429 for throttled responses,
|
@@ -0,0 +1,116 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
require "rails_helper"
|
4
|
+
|
5
|
+
RSpec.describe "Rack::Attack", type: :request do
|
6
|
+
describe "req/ip throttle" do
|
7
|
+
it "rate limits requests from spammy clients" do
|
8
|
+
300.times do
|
9
|
+
get root_url
|
10
|
+
expect(response).not_to have_http_status(:too_many_requests)
|
11
|
+
end
|
12
|
+
|
13
|
+
get root_url
|
14
|
+
expect(response).to have_http_status(:too_many_requests)
|
15
|
+
end
|
16
|
+
end
|
17
|
+
<%- if devise? -%>
|
18
|
+
|
19
|
+
describe "logins/ip throttle" do
|
20
|
+
it "rate limits login requests based off ip address" do
|
21
|
+
5.times do
|
22
|
+
post new_user_session_path, params: {
|
23
|
+
user: {
|
24
|
+
email: Faker::Internet.email,
|
25
|
+
password: Faker::Internet.password
|
26
|
+
}
|
27
|
+
}
|
28
|
+
end
|
29
|
+
|
30
|
+
post new_user_session_path, params: {
|
31
|
+
user: {
|
32
|
+
email: Faker::Internet.email,
|
33
|
+
password: Faker::Internet.password
|
34
|
+
}
|
35
|
+
}
|
36
|
+
expect(response).to have_http_status(:too_many_requests)
|
37
|
+
end
|
38
|
+
end
|
39
|
+
|
40
|
+
describe "logins/email throttle" do
|
41
|
+
it "rate limits login requests based off email address" do
|
42
|
+
valid_email_parameters = {
|
43
|
+
user: {
|
44
|
+
email: Faker::Internet.email,
|
45
|
+
password: Faker::Internet.password
|
46
|
+
}
|
47
|
+
}
|
48
|
+
|
49
|
+
5.times do |n|
|
50
|
+
post new_user_session_path, params: valid_email_parameters, headers: {
|
51
|
+
"REMOTE_ADDR" => format("120.0.1.%<n>d", n: n)
|
52
|
+
}
|
53
|
+
end
|
54
|
+
|
55
|
+
post new_user_session_path, params: valid_email_parameters
|
56
|
+
expect(response).to have_http_status(:too_many_requests)
|
57
|
+
end
|
58
|
+
end
|
59
|
+
|
60
|
+
describe "registrations/ip throttle" do
|
61
|
+
it "rate limits regstration requests based off ip address" do
|
62
|
+
5.times do
|
63
|
+
put user_registration_path, params: update_user_email_params
|
64
|
+
end
|
65
|
+
|
66
|
+
put user_registration_path, params: update_user_email_params
|
67
|
+
expect(response).to have_http_status(:too_many_requests)
|
68
|
+
end
|
69
|
+
end
|
70
|
+
<%- end -%>
|
71
|
+
|
72
|
+
describe "fail2ban/pentesters blocklist" do
|
73
|
+
PENTESTING_PATHS = %w[
|
74
|
+
/etc/passwd
|
75
|
+
/bad_endpoint?secret_file=/etc/passwd
|
76
|
+
/wp-admin
|
77
|
+
/wp-login
|
78
|
+
/example.php
|
79
|
+
].freeze
|
80
|
+
|
81
|
+
DENIAL_URL = "https://www.youtube.com/watch?v=dQw4w9WgXcQ"
|
82
|
+
|
83
|
+
PENTESTING_PATHS.each do |pentesting_path|
|
84
|
+
it "blocks clients after repeat visits to #{pentesting_path}" do
|
85
|
+
2.times do
|
86
|
+
get pentesting_path
|
87
|
+
expect(response).to have_http_status(:moved_permanently)
|
88
|
+
expect(response).to redirect_to(root_url)
|
89
|
+
end
|
90
|
+
|
91
|
+
get root_url
|
92
|
+
expect(response).not_to redirect_to(DENIAL_URL)
|
93
|
+
|
94
|
+
get pentesting_path
|
95
|
+
expect(response).to have_http_status(:moved_permanently)
|
96
|
+
expect(response).to redirect_to(root_url)
|
97
|
+
|
98
|
+
get root_url
|
99
|
+
expect(response).to have_http_status(:found)
|
100
|
+
expect(response).to redirect_to(DENIAL_URL)
|
101
|
+
end
|
102
|
+
end
|
103
|
+
|
104
|
+
PENTESTING_PATHS.shuffle.combination(3).to_a.sample.tap do |url_a, url_b, url_c|
|
105
|
+
it "shares the visit count between pentesting routes (e.g. #{url_a}, #{url_b}, #{url_c})" do
|
106
|
+
get url_a
|
107
|
+
get url_b
|
108
|
+
get url_c
|
109
|
+
|
110
|
+
get root_url
|
111
|
+
expect(response).to have_http_status(:found)
|
112
|
+
expect(response).to redirect_to(DENIAL_URL)
|
113
|
+
end
|
114
|
+
end
|
115
|
+
end
|
116
|
+
end
|
@@ -1,80 +1,38 @@
|
|
1
1
|
# frozen_string_literal: true
|
2
2
|
|
3
|
+
require "rockstart/generators/class_option_helpers"
|
4
|
+
require "rockstart/generators/content_security_options"
|
5
|
+
require "rockstart/generators/template_helpers"
|
6
|
+
|
3
7
|
class Rockstart::SecurityGenerator < Rails::Generators::Base
|
4
8
|
include Rails::Generators::AppName
|
5
|
-
|
6
|
-
|
7
|
-
|
8
|
-
desc: "Known third-party hosts for Fonts",
|
9
|
-
default: []
|
10
|
-
|
11
|
-
class_option :image_hosts, type: :array,
|
12
|
-
desc: "Known third-party hosts for Images",
|
13
|
-
default: []
|
14
|
-
|
15
|
-
class_option :script_hosts, type: :array,
|
16
|
-
desc: "Known third-party hosts for (Java)Scripts",
|
17
|
-
default: []
|
18
|
-
|
19
|
-
class_option :style_hosts, type: :array,
|
20
|
-
desc: "Known third-party hosts for Stylesheets",
|
21
|
-
default: []
|
22
|
-
|
23
|
-
class_option :session_name, type: :string,
|
24
|
-
desc: "Name used for Rails Sessions",
|
25
|
-
default: Rockstart::Env.default_session_name
|
26
|
-
|
27
|
-
def install_bundler_audit
|
28
|
-
gem "bundler-audit", github: "rubysec/bundler-audit"
|
29
|
-
|
30
|
-
Bundler.clean_system("bundle install --quiet")
|
9
|
+
include Rockstart::Generators::ClassOptionHelpers
|
10
|
+
include Rockstart::Generators::ContentSecurityOptions
|
11
|
+
include Rockstart::Generators::TemplateHelpers
|
31
12
|
|
32
|
-
|
33
|
-
end
|
34
|
-
|
35
|
-
def install_brakeman
|
36
|
-
gem "brakeman", group: %i[development test]
|
37
|
-
|
38
|
-
Bundler.clean_system("bundle install --quiet")
|
13
|
+
source_root File.expand_path("templates", __dir__)
|
39
14
|
|
40
|
-
|
15
|
+
devise_class_option
|
16
|
+
rollbar_class_option
|
41
17
|
|
42
|
-
|
18
|
+
def add_bundler_audit
|
19
|
+
generate "rockstart:security:bundler_audit"
|
43
20
|
end
|
44
21
|
|
45
|
-
def
|
46
|
-
|
22
|
+
def add_brakeman
|
23
|
+
generate "rockstart:security:brakeman"
|
47
24
|
end
|
48
25
|
|
49
|
-
def
|
50
|
-
|
51
|
-
|
52
|
-
Bundler.clean_system("bundle install --quiet")
|
53
|
-
|
54
|
-
copy_file "rack_attack.rb", "config/initializers/rack_attack.rb"
|
55
|
-
copy_file "cache_support.rb", "spec/support/cache.rb"
|
56
|
-
|
57
|
-
application do
|
58
|
-
<<~CACHE
|
59
|
-
# Use memory_store cache for testing and default configurations
|
60
|
-
config.cache_store = :memory_store
|
61
|
-
CACHE
|
62
|
-
end
|
63
|
-
comment_lines "config/environments/test.rb", "config.cache_store = "
|
64
|
-
end
|
65
|
-
|
66
|
-
def add_session_initializer
|
67
|
-
template "session_store_initializer.rb.tt", "config/initializers/session_store.rb"
|
26
|
+
def add_rack_attack
|
27
|
+
generate "rockstart:security:rack_attack", devise_option
|
68
28
|
end
|
69
29
|
|
70
30
|
def add_content_security_policy
|
71
|
-
|
72
|
-
|
73
|
-
|
74
|
-
copy_file "csp_violations_controller.rb", "app/controllers/csp_violations_controller.rb"
|
75
|
-
route "resources :csp_violations, only: [:create]"
|
31
|
+
generate "rockstart:security:content_security", rollbar_option, *content_security_options
|
32
|
+
end
|
76
33
|
|
77
|
-
|
34
|
+
def add_security_rake_tasks
|
35
|
+
copy_file "security.rake", "lib/tasks/security.rake"
|
78
36
|
end
|
79
37
|
|
80
38
|
def enforce_ssl
|
@@ -83,26 +41,4 @@ class Rockstart::SecurityGenerator < Rails::Generators::Base
|
|
83
41
|
'config.force_ssl = ENV["ALLOW_INSECURE_HTTP"].to_i != 1'
|
84
42
|
uncomment_lines "config/environments/production.rb", /config.force_ssl =/
|
85
43
|
end
|
86
|
-
|
87
|
-
private
|
88
|
-
|
89
|
-
def font_hosts
|
90
|
-
options[:font_hosts] || []
|
91
|
-
end
|
92
|
-
|
93
|
-
def image_hosts
|
94
|
-
options[:image_hosts] || []
|
95
|
-
end
|
96
|
-
|
97
|
-
def script_hosts
|
98
|
-
options[:script_hosts] || []
|
99
|
-
end
|
100
|
-
|
101
|
-
def style_hosts
|
102
|
-
options[:style_hosts] || []
|
103
|
-
end
|
104
|
-
|
105
|
-
def session_name
|
106
|
-
options[:session_name]
|
107
|
-
end
|
108
44
|
end
|
@@ -0,0 +1,59 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
require "rockstart/generators/template_helpers"
|
4
|
+
|
5
|
+
module Rockstart::Storage
|
6
|
+
class ActiveStorageGenerator < Rails::Generators::Base
|
7
|
+
include Rockstart::Generators::TemplateHelpers
|
8
|
+
|
9
|
+
source_root File.expand_path("templates", __dir__)
|
10
|
+
|
11
|
+
class_option :public_files, type: :boolean,
|
12
|
+
desc: "Upload files are publically available",
|
13
|
+
default: false
|
14
|
+
|
15
|
+
def create_local_storage_directory
|
16
|
+
create_file "storage/.keep", ""
|
17
|
+
end
|
18
|
+
|
19
|
+
def add_storage_configuration
|
20
|
+
template "storage.yml", "config/storage.yml"
|
21
|
+
end
|
22
|
+
|
23
|
+
def add_better_s3_service
|
24
|
+
copy_file "better_s3_service.rb", "lib/active_storage/service/better_s3_service.rb"
|
25
|
+
end
|
26
|
+
|
27
|
+
def add_cloudcube_util
|
28
|
+
copy_file "cloudcube_util.rb", "lib/utils/cloudcube.rb"
|
29
|
+
copy_file "cloudcube_util_spec.rb", "spec/utils/cloudcube_spec.rb"
|
30
|
+
end
|
31
|
+
|
32
|
+
def add_initializer
|
33
|
+
copy_initializer "active_storage"
|
34
|
+
end
|
35
|
+
|
36
|
+
def add_active_storage_migrations
|
37
|
+
rake "active_storage:install"
|
38
|
+
end
|
39
|
+
|
40
|
+
def update_cache_storage
|
41
|
+
comment_lines "config/environments/production.rb", /config\.active_storage\.service = :local$/
|
42
|
+
application(nil, env: :production) do
|
43
|
+
<<~CONFIG
|
44
|
+
config.active_storage.service = if ENV["CLOUDCUBE_ACCESS_KEY_ID"].present?
|
45
|
+
:cloudcube
|
46
|
+
else
|
47
|
+
:local # fallback option
|
48
|
+
end
|
49
|
+
CONFIG
|
50
|
+
end
|
51
|
+
end
|
52
|
+
|
53
|
+
private
|
54
|
+
|
55
|
+
def public_files?
|
56
|
+
options.fetch(:public_files)
|
57
|
+
end
|
58
|
+
end
|
59
|
+
end
|