RubyGems - satorix-rails - Versions diffs - 1.1.3 → 1.1.8 - Mend

satorix-rails 1.1.3 → 1.1.8

Files changed (10) hide show

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 0d4ef84ca0df1a11113cc1263bbf189175407c5d
-  data.tar.gz: 6a34c381ffa8b434a6f353739d9051e902caf1ad
+  metadata.gz: 0b9d6f9e7b878b946c92879ecdca57539e17b726
+  data.tar.gz: 51f759acfe38d749d2d629f9c0c2d0aaba1c4a2a
 SHA512:
-  metadata.gz: 2aa290ad8cd46ee7696287c1daf79e987c66ea8aff2d2ed6ebcb055585f1edbca268624251d11689b87b7e70308e11b095dc92819f56c70e8fafd2103ba0b663
-  data.tar.gz: a4b6cd6a753369c3e176eee0ba3b120349970ba1cde599dbc66bb7c14d2cb2a15559c0048dc93f14f0e12a652c427564afec44ea4325afb437c45c2ff967310a
+  metadata.gz: 3061312baa499d9421499caf785bb7239c6199e1d8811f6b6fb996a1e31c65cafe5485fcef62b81a6d9e785313c1428bb8dc6fb363260bc00b6cfdd4cc4ecc79
+  data.tar.gz: 98dc15e19de99dc0e7f160aa5a265b9fee5525b87a6c3f4cc7d215990dd8dad9d14f4db91fb27690c8dbc5f5d2e5b50bd2e3542031ab10223a5f96f51fd38255

data/README.md CHANGED Viewed

@@ -6,22 +6,19 @@ By [Internet Exposure](https://www.iexposure.com/)
 [![coverage](http://gitlab.iexposure.com/satorix/satorix-rails/badges/master/coverage.svg)](http://gitlab.iexposure.com/satorix/satorix-rails/pipelines)
-[Satorix](http://gitlab.iexposure.com/satorix/satorix) is a full-featured CI/CD pipeline developed by Internet Exposure.
+[Satorix](https://www.satorix.com): Get your app from local to live
-The satorix-rails gem provides a streamlined mechanism for a 12-factor capable Rails application to interact with the Satorix ecosystem.
+The `satorix-rails` gem provides a streamlined mechanism for a 12-factor capable Rails application to interact with the Satorix ecosystem.
-## Getting Started
+## Preparing your application
 Add Satorix to your Rails application by including it in your Gemfile with:
 ```ruby
-source 'https://gems.iexposure.com' do
-  gem 'satorix-rails'
-end
+gem 'satorix-rails'
 ```
-Run the bundle command to install it.
+Run the `bundle` command to install it.
 Next, run the generator from a terminal at the root of your application:
@@ -29,7 +26,7 @@ Next, run the generator from a terminal at the root of your application:
 $ rails g satorix:install
 ```
-Congratulations, your application is now suitable for deployment into Satorix.
+This creates a set of files that utilize environment variables created by default with Satorix. These include the [Phusion Passenger Rails app server](https://www.phusionpassenger.com/) and the Passenger built in Nginx web server.
 # Logging in Rails 4 and below
@@ -40,57 +37,62 @@ You will need to either:
 * add `gem 'rails_12factor', group: :production` to your Gemfile
 * Set `config.logger = Logger.new(STDOUT)` in `config/environments/production.rb`
+# Configuring your application
-## What's Included
+You can configure your application on a per-environment basis using environment variables.
+### Default environment Variables
-## Environment Variables
+The following default environment variables are used by the `satorix-rails` generated files and can be managed through the Satorix Dashboard:
-You can configure your application on a per-environment basis using environment variables.
+##### SATORIX_CANONICAL_URI_HOST
-The following environment variables are used by the generated files:
+*Optional*, a domain to rewrite all requests to by default. Setting this will make it so all requests to your site will go to the supplied domain.
-Using the Satorix Dashboard? You can relax, all of these variables are automatically configured for you.
+Common setting:
-##### SATORIX_AUTHENTICATION_USER_NAMES_AND_PASSWORDS
+* `www.domain.dom`
-Optional
+##### SATORIX_CANONICAL_URI_PROTOCOL
-Hashed usernames:passwords, newline separated
+*Optional*, the `HTTP` protocol to rewrite requests to.
-##### SATORIX_AUTHENTICATION_ALLOWED_IPS
+Valid settings:
-Optional
+* `http`
+* `https`
-Valid settings:
+##### SATORIX_PROXY_IPS
-* all (`all`)
-* single IP (`192.168.101.2`)
-* single IP range (`192.168.101.0/24`)
-* multiple IPs/ranges (`192.168.101.3 192.168.1.4`)
+*Optional*, used to define proxy IP addresses, for services like CloudFlare. This will allow you to get the actual client IP address accessing your site in the logs and accessible to your application.
-##### SATORIX_CANONICAL_URI_HOST
+Valid settings:
-Optional
+* Space separated list of IPs or network ranges (`103.21.244.0/22 103.22.200.0/22 103.31.4.0/22 104.16.0.0/12 108.162.192.0/18 131.0.72.0/22 141.101.64.0/18 162.158.0.0/15 172.64.0.0/13 173.245.48.0/20 188.114.96.0/20 190.93.240.0/20 197.234.240.0/22 198.41.128.0/17 199.27.128.0/21`)
-If specified, t
+##### SATORIX_AUTHENTICATION_HTPASSWDS
-##### SATORIX_CANONICAL_URI_PROTOCOL
+*Optional*, used to control access to your site with HTTP Basic authentication. Needs to be generated in the format created by the Apache tool `htpasswd -nb username password` or using an [online generator](http://www.htaccesstools.com/htpasswd-generator/).
-Optional
+Valid settings:
-##### SATORIX_PROXY_IPS
+* Newline separated list of username and hashed password (`username:$apr1$vAxBKb8N$m0en1zabtHktHeFyT3j9y`)
+##### SATORIX_AUTHENTICATION_ALLOWED_IPS
-was NGINX_ADDITIONAL_REAL_IPS
+*Optional*, used to control access to your site by bypassing the above HTTP Basic authentication. If set to `all` no authentication will be required. Any IP addresses or networks added here will not need to supply the username and password to access the site.
-Used to define proxy IP addresses, for services like CloudFlare.
+Valid settings:
+* All (`all`)
+* Single IP (`192.168.1.2`)
+* Network range (`192.168.1.0/24`)
+* Space separated list of multiple IPs or network ranges (`192.168.1.3 192.168.2.0/24`)
 ## Contributing
 Please coordinate contributions using the [official issue tracker](http://gitlab.iexposure.com/satorix/satorix-rails/issues).
 ## Testing
 This application is tested using [rspec](http://rspec.info/).
@@ -100,8 +102,7 @@ You can run the same tests that run during CI with:
  ```
 bundle exec rspec spec
  ```
 ## CI/CD
 Satorix is used to provide continuous integration and continuous deployment for this application.
@@ -110,9 +111,6 @@ CI is run against every push.
 CD is used to build and publish the gem for the master branch.
 ## License
 The Satorix gem is released under the terms described in the [LICENSE file](LICENSE).

data/lib/rails/generators/satorix/install_generator.rb CHANGED Viewed

@@ -13,7 +13,6 @@ module Satorix
         template 'install/config/passenger_standalone/nginx.conf.erb', 'config/passenger_standalone/nginx.conf.erb'
-        template 'install/config/passenger_standalone/includes/htpasswd_source.erb', 'config/passenger_standalone/includes/htpasswd_source.erb'
         template 'install/config/passenger_standalone/includes/authentication.erb', 'config/passenger_standalone/includes/authentication.erb'
         template 'install/config/passenger_standalone/includes/page_level_redirects.erb', 'config/passenger_standalone/includes/page_level_redirects.erb'
         template 'install/config/passenger_standalone/includes/proxy_configuration.erb', 'config/passenger_standalone/includes/proxy_configuration.erb'

data/lib/rails/generators/templates/custom_ci_job/satorix/CI/test/bare_bones.rb CHANGED Viewed

@@ -12,7 +12,7 @@ module Satorix
         # You can add your own logic to do whatever you want.
         def go
           # Uncomment the line below if you want to execute in the context of the app's buildpack.
-          # Satorix::CI::Test::Shared::Buildpack.go
+          # Satorix::CI::Test::Shared::BuildpackManager.go
           puts "\n\nRunning BareBones#go..."
         end

data/lib/rails/generators/templates/custom_ci_job/satorix/CI/test/info.rb CHANGED Viewed

@@ -13,7 +13,7 @@ module Satorix
         # You can add your own logic to do whatever you want.
         def go
           # Uncomment the line below if you want to execute in the context of the app's buildpack.
-          # Satorix::CI::Test::Shared::Buildpack.go
+          # Satorix::CI::Test::Shared::BuildpackManager.go
           log_bench('Describing logging...') do
             describe_log

data/lib/rails/generators/templates/install/config/passenger_standalone/includes/authentication.erb CHANGED Viewed

@@ -1,28 +1,41 @@
 # Authentication
-#
-#   Allow listed networks to access without auth, otherwise require password
-<%%
-  password_files = {}
-  # Write out htpasswd file(s), from source files in config/passenger_standalone/includes
-  # to allow dynamically generated htpasswd file(s), most likely from env vars.
-  %w[htpasswd].each do |password_file|
-    passenger_standalone_includes = File.expand_path(__dir__)
-    password_files[password_file] = File.join( passenger_standalone_includes, password_file )
-    contents = include_passenger_custom_template("#{ password_file }_source.erb")
-    File.open(password_files[password_file], 'w') {|f| f.write(contents) }
+<%%-
+  # The password_files hash defines which password files will be written out.
+  # The generated password files should be ignored from version control.
+  # Each desired password file should be specified as a key, with the value being a source for the file contents.
+  # The contents should include hashed username/password combinations, separated by whitespace.
+  # These can be generated using the htpasswd application, or an online tool like http://www.htaccesstools.com/htpasswd-generator/
+  # For more info, see: https://docs.nginx.com/nginx/admin-guide/security-controls/configuring-http-basic-authentication/
+  password_files = {
+    'htpasswd' => ENV['SATORIX_AUTHENTICATION_HTPASSWDS']
+  }
+  def password_file_location(filename)
+    passenger_standalone_includes_location = File.expand_path(__dir__)
+    File.join( passenger_standalone_includes_location, filename )
+  end
+  password_files.each do |filename, raw_contents|
+    contents = raw_contents.to_s.split.join("\n")
+    File.open(password_file_location(filename), 'w') {|f| f.write(contents) } unless contents.empty?
   end
-%>
+  allowed_without_auth = ENV['SATORIX_AUTHENTICATION_ALLOWED_IPS'].to_s.split
+  allowed_without_auth = ['all'] if allowed_without_auth.empty?
+-%>
+# Allow listed networks to access without auth, otherwise require password if defined
 location / {
   satisfy any;
-<%% ENV['SATORIX_AUTHENTICATION_ALLOWED_IPS'].to_s.split(' ').each do |target| -%>
+<%% allowed_without_auth.each do |target| -%>
   allow <%%= target %>;
 <%% end -%>
-  deny  all;
+  deny all;
+<%% if File.file?(password_file_location('htpasswd')) -%>
   auth_basic "Please Log In";
-  auth_basic_user_file <%%= password_files['htpasswd'] %>;
+  auth_basic_user_file <%%= password_file_location('htpasswd') %>;
+<%% end -%>
 }
 # End Authentication

data/lib/rails/generators/templates/install/config/passenger_standalone/includes/proxy_configuration.erb CHANGED Viewed

@@ -21,7 +21,7 @@
 <%% end %>
 # Use the internal Flynn network set X-Forwarded-For header for access IPs.
-set_real_ip_from 100.100.0.0/16;
+set_real_ip_from <%%= ENV['SATORIX_REAL_IP_FROM'] || '100.100.0.0/16' %>;
 real_ip_header X-Forwarded-For;
 # End Proxy Configuration

data/lib/satorix/rails/version.rb CHANGED Viewed

@@ -1,7 +1,7 @@
 module Satorix
   module Rails
     module Version
-      VERSION = '1.1.3'
+      VERSION = '1.1.8'
     end
   end
 end

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: satorix-rails
 version: !ruby/object:Gem::Version
-  version: 1.1.3
+  version: 1.1.8
 platform: ruby
 authors:
 - Internet Exposure
 autorequire:
 bindir: exe
 cert_chain: []
-date: 2019-09-11 00:00:00.000000000 Z
+date: 2019-09-16 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: passenger
@@ -93,7 +93,6 @@ files:
 - lib/rails/generators/templates/install/.gitlab-ci.yml
 - lib/rails/generators/templates/install/Procfile
 - lib/rails/generators/templates/install/config/passenger_standalone/includes/authentication.erb
-- lib/rails/generators/templates/install/config/passenger_standalone/includes/htpasswd_source.erb
 - lib/rails/generators/templates/install/config/passenger_standalone/includes/page_level_redirects.erb
 - lib/rails/generators/templates/install/config/passenger_standalone/includes/proxy_configuration.erb
 - lib/rails/generators/templates/install/config/passenger_standalone/nginx.conf.erb

data/lib/rails/generators/templates/install/config/passenger_standalone/includes/htpasswd_source.erb DELETED Viewed

@@ -1,6 +0,0 @@
-<%%# This value should include hashed username/password combinations, separated by whitespace -%>
-<%%# These can be generated using the htpasswd application, or an online tool like http://www.htaccesstools.com/htpasswd-generator/ -%>
-<%%# For more info, see: https://docs.nginx.com/nginx/admin-guide/security-controls/configuring-http-basic-authentication/ -%>
-<%%= ENV['SATORIX_AUTHENTICATION_HTPASSWDS'].to_s.split.join("\n") %>