sekisyo 0.1.0

data/lib/sekisyo/validators/array_validator.rb

@@ -0,0 +1,57 @@
+# frozen_string_literal: true
+
+module Sekisyo
+  module Validators
+    #
+    # Sekisyo Validators ArrayValidator is a validator that accepts only array value.
+    #
+    class ArrayValidator
+      def initialize(key, options = {})
+        @key = key
+        @options = options
+
+        @items_options = @options.fetch('items', {})
+        items_validator_class = Sekisyo::Validator::VALIDATORS[@items_options.delete('type')]
+        items_validator_class ||= Sekisyo::Validators::AnyValidator
+        @items_validator = items_validator_class.new(nil, @items_options)
+      end
+
+      attr_reader :key
+
+      def valid?(value)
+        type_validate(value) &&
+          presence_validate(value) &&
+          bytesize_validate(value) &&
+          min_size_validate(value) &&
+          max_size_validate(value) &&
+          items_validate(value)
+      end
+
+      private
+
+      def type_validate(value)
+        value.is_a? Array
+      end
+
+      def presence_validate(value)
+        !@options['presence'] || !(value.respond_to?(:empty?) ? !!value.empty? : !value)
+      end
+
+      def bytesize_validate(value)
+        !@options['max_bytesize'] || value.to_s.bytesize <= @options['max_bytesize'].to_i
+      end
+
+      def min_size_validate(value)
+        !@options['min_size'] || value.size >= @options['min_size'].to_i
+      end
+
+      def max_size_validate(value)
+        !@options['max_size'] || value.size <= @options['max_size'].to_i
+      end
+
+      def items_validate(value)
+        value.all? { |v| @items_validator.valid?(v) }
+      end
+    end
+  end
+end

data/lib/sekisyo/validators/boolean_validator.rb

@@ -0,0 +1,32 @@
+# frozen_string_literal: true
+
+module Sekisyo
+  module Validators
+    #
+    # Sekisyo Validators BooleanValidator is a validator that accepts only boolean value.
+    #
+    class BooleanValidator
+      def initialize(key, options = {})
+        @key = key
+        @options = options
+      end
+
+      attr_reader :key
+
+      def valid?(value)
+        type_validate(value) &&
+          presence_validate(value)
+      end
+
+      private
+
+      def type_validate(value)
+        ['true', 'false', ''].include?(value)
+      end
+
+      def presence_validate(value)
+        !@options['presence'] || !(value.respond_to?(:empty?) ? !!value.empty? : !value)
+      end
+    end
+  end
+end

data/lib/sekisyo/validators/file_validator.rb

@@ -0,0 +1,73 @@
+# frozen_string_literal: true
+
+module Sekisyo
+  module Validators
+    #
+    # Sekisyo Validators FileValidator is a validator that accepts only file params value.
+    #
+    class FileValidator
+      FILE_CONTENT_TYPES = %w[
+        text/plain
+        text/csv
+        text/html
+        text/css
+        text/javascript
+        application/octet-stream
+        application/json
+        application/pdf
+        application/vnd.ms-excel
+        application/vnd.openxmlformats-officedocument.spreadsheetml.sheet
+        application/vnd.ms-powerpoint
+        application/vnd.openxmlformats-officedocument.presentationml.presentation
+        application/msword
+        application/vnd.openxmlformats-officedocument.wordprocessingml.document
+        image/jpeg
+        image/png
+        image/gif
+        image/bmp
+        image/svg+xml
+        application/zip
+        application/x-lzh
+        application/x-tar
+        audio/mpeg
+        video/mp4
+        video/mpeg
+      ].freeze
+
+      def initialize(key, options = {})
+        @key = key
+        @options = options
+      end
+
+      attr_reader :key
+
+      def valid?(value)
+        type_validate(value) &&
+          presence_validate(value) &&
+          file_size_validate(value)
+      end
+
+      private
+
+      def type_validate(value)
+        return false unless value.is_a? Hash
+
+        allow_file_types = [@options['allow_file_types']].flatten.compact
+        content_types = if allow_file_types.empty?
+                          FILE_CONTENT_TYPES
+                        else
+                          FILE_CONTENT_TYPES & allow_file_types
+                        end
+        content_types.any? { |type| type == value[:type] }
+      end
+
+      def presence_validate(value)
+        !@options['presence'] || value[:tempfile]&.then { |file| file.size.positive? }
+      end
+
+      def file_size_validate(value)
+        !@options['max_bytesize'] || value[:tempfile]&.then { |file| file.size <= @options['max_bytesize'].to_i }
+      end
+    end
+  end
+end

data/lib/sekisyo/validators/float_validator.rb

@@ -0,0 +1,42 @@
+# frozen_string_literal: true
+
+module Sekisyo
+  module Validators
+    #
+    # Sekisyo Validators FloatValidator is a validator that accepts only float value.
+    #
+    class FloatValidator
+      def initialize(key, options = {})
+        @key = key
+        @options = options
+      end
+
+      attr_reader :key
+
+      def valid?(value)
+        type_validate(value) &&
+          presence_validate(value) &&
+          bytesize_validate(value) &&
+          enum_validate(value)
+      end
+
+      private
+
+      def type_validate(value)
+        /^\d+\.\d+$/.match?(value.to_s) || value == ''
+      end
+
+      def presence_validate(value)
+        !@options['presence'] || !(value.respond_to?(:empty?) ? !!value.empty? : !value)
+      end
+
+      def bytesize_validate(value)
+        !@options['max_bytesize'] || value.to_s.bytesize <= @options['max_bytesize'].to_i
+      end
+
+      def enum_validate(value)
+        !@options['enum'] || @options['enum'].any? { |e| e.to_s == value.to_s }
+      end
+    end
+  end
+end

data/lib/sekisyo/validators/integer_validator.rb

@@ -0,0 +1,42 @@
+# frozen_string_literal: true
+
+module Sekisyo
+  module Validators
+    #
+    # Sekisyo Validators IntegerValidator is a validator that accepts only integer value.
+    #
+    class IntegerValidator
+      def initialize(key, options = {})
+        @key = key
+        @options = options
+      end
+
+      attr_reader :key
+
+      def valid?(value)
+        type_validate(value) &&
+          presence_validate(value) &&
+          bytesize_validate(value) &&
+          enum_validate(value)
+      end
+
+      private
+
+      def type_validate(value)
+        /^\d+$/.match?(value.to_s) || value == ''
+      end
+
+      def presence_validate(value)
+        !@options['presence'] || !(value.respond_to?(:empty?) ? !!value.empty? : !value)
+      end
+
+      def bytesize_validate(value)
+        !@options['max_bytesize'] || value.to_s.bytesize <= @options['max_bytesize'].to_i
+      end
+
+      def enum_validate(value)
+        !@options['enum'] || @options['enum'].any? { |e| e.to_s == value.to_s }
+      end
+    end
+  end
+end

data/lib/sekisyo/validators/numeric_validator.rb

@@ -0,0 +1,42 @@
+# frozen_string_literal: true
+
+module Sekisyo
+  module Validators
+    #
+    # Sekisyo Validators NumericValidator is a validator that accepts only numeric value.
+    #
+    class NumericValidator
+      def initialize(key, options = {})
+        @key = key
+        @options = options
+      end
+
+      attr_reader :key
+
+      def valid?(value)
+        type_validate(value) &&
+          presence_validate(value) &&
+          bytesize_validate(value) &&
+          enum_validate(value)
+      end
+
+      private
+
+      def type_validate(value)
+        /^\d+(\.\d+)?$/.match?(value.to_s) || value == ''
+      end
+
+      def presence_validate(value)
+        !@options['presence'] || !(value.respond_to?(:empty?) ? !!value.empty? : !value)
+      end
+
+      def bytesize_validate(value)
+        !@options['max_bytesize'] || value.to_s.bytesize <= @options['max_bytesize'].to_i
+      end
+
+      def enum_validate(value)
+        !@options['enum'] || @options['enum'].any? { |e| e.to_s == value.to_s }
+      end
+    end
+  end
+end

data/lib/sekisyo/validators/object_validator.rb

@@ -0,0 +1,24 @@
+# frozen_string_literal: true
+
+module Sekisyo
+  module Validators
+    #
+    # Sekisyo Validators ObjectValidator is a validator that accepts only hash value.
+    #
+    class ObjectValidator
+      extend Forwardable
+      delegate :[] => :@properties
+
+      def initialize(key, properties = {})
+        @key = key
+        @properties = Sekisyo::WhitelistDetails::Properties.new(properties)
+      end
+
+      attr_reader :key
+
+      def valid?(value)
+        @properties.valid?(value)
+      end
+    end
+  end
+end

data/lib/sekisyo/validators/string_validator.rb

@@ -0,0 +1,47 @@
+# frozen_string_literal: true
+
+module Sekisyo
+  module Validators
+    #
+    # Sekisyo Validators StringValidator is a validator that accepts only string value.
+    #
+    class StringValidator
+      def initialize(key, options = {})
+        @key = key
+        @options = options
+      end
+
+      attr_reader :key
+
+      def valid?(value)
+        type_validate(value) &&
+          presence_validate(value) &&
+          bytesize_validate(value) &&
+          enum_validate(value) &&
+          match_validate(value)
+      end
+
+      private
+
+      def type_validate(value)
+        value.is_a? String
+      end
+
+      def presence_validate(value)
+        !@options['presence'] || !(value.respond_to?(:empty?) ? !!value.empty? : !value)
+      end
+
+      def bytesize_validate(value)
+        !@options['max_bytesize'] || value.to_s.bytesize <= @options['max_bytesize'].to_i
+      end
+
+      def enum_validate(value)
+        !@options['enum'] || @options['enum'].any? { |e| e == value }
+      end
+
+      def match_validate(value)
+        !@options['match'] || /#{@options['match']}/.match?(value)
+      end
+    end
+  end
+end

data/lib/sekisyo/version.rb

@@ -0,0 +1,5 @@
+# frozen_string_literal: true
+
+module Sekisyo
+  VERSION = '0.1.0'
+end

data/lib/sekisyo/whitelist.rb

@@ -0,0 +1,34 @@
+# frozen_string_literal: true
+
+require_relative 'whitelist_details/path'
+require_relative 'whitelist_details/method'
+require_relative 'whitelist_details/properties'
+
+module Sekisyo
+  #
+  # Sekisyo Whitelist parses the yaml file and assists in finding the corresponding whitelist.
+  #
+  class Whitelist
+    #
+    # Reads the yaml file containing the whitelist definition and converts it to a Ruby object.
+    #
+    # @param [Array<string>] file_paths Paths of the yaml file where the whitelist is defined.
+    #
+    def parse(*file_paths)
+      @hash = Hashie::Mash.new.deep_merge(*file_paths.map(&Hashie::Mash.method(:load)))
+      @paths = @hash['paths'].map do |path, object|
+        Sekisyo::WhitelistDetails::Path.new(path, object)
+      end
+      self
+    end
+
+    #
+    # @param [String] path URL string.
+    #
+    # @return [Sekisyo::WhitelistDetails::Path]
+    #
+    def find(path)
+      @paths.find { |pattern| pattern.match?(path) }
+    end
+  end
+end

data/lib/sekisyo/whitelist_details/method.rb

@@ -0,0 +1,55 @@
+# frozen_string_literal: true
+
+require_relative 'properties'
+
+module Sekisyo
+  module WhitelistDetails
+    #
+    # Sekisyo WhitelistDetails Method is a definition object for each HTTP method of a specific path in the whitelist.
+    #
+    class Method
+      #
+      # @param [Hash] object Hash object with array values with :required key and Hash values with :properties key.
+      #
+      def initialize(object = {})
+        @required = object.fetch('required', []).flat_map do |attr|
+          attr.is_a?(Hash) ? transform_required_keys(attr) : [[attr]]
+        end
+        @properties = Sekisyo::WhitelistDetails::Properties.new(object['properties'])
+      end
+
+      #
+      # @param [Hash] params Request parameters.
+      #
+      # @return [true, false]
+      #
+      def valid?(params)
+        required_validate(params) && @properties.valid?(params)
+      end
+
+      private
+
+      def required_validate(params)
+        @required.all? do |keys|
+          dig_keys = keys.dup
+          key = dig_keys.pop
+
+          if dig_keys.empty?
+            params.has_key?(key)
+          else
+            dig_params = params.dig(*dig_keys)
+            dig_params.is_a?(Hash) && dig_params.has_key?(key)
+          end
+        end
+      end
+
+      def transform_required_keys(hash)
+        hash.flat_map do |key, values|
+          values.map do |value|
+            value.is_a?(Hash) ? [key, *transform_required_keys(value)].flatten : [key, value]
+          end
+        end
+      end
+    end
+  end
+end

data/lib/sekisyo/whitelist_details/path.rb

@@ -0,0 +1,76 @@
+# frozen_string_literal: true
+
+require_relative 'method'
+
+module Sekisyo
+  module WhitelistDetails
+    #
+    # Sekisyo WhitelistDetails Path is a definition object for each path in the whitelist.
+    #
+    class Path
+      VALID_METHODS = {
+        GET: 'get',
+        POST: 'post',
+        PATCH: 'patch',
+        PUT: 'put',
+        DELETE: 'delete'
+      }.freeze
+
+      extend Forwardable
+      delegate match?: :@path_pattern
+
+      #
+      # @param [String] path Dynamic URL string. Example "/categories/{category_id}/pets/{id}".
+      # @param [hash] object Hash object with HTTP method keys.
+      #
+      # e.g.
+      #
+      #   object = {
+      #              'get' => {
+      #                'required' => ['category_id', 'id'],
+      #                'properties' => {
+      #                  'category_id' => { 'type' => 'integer', 'presence' => true }
+      #                  'id' => { 'type' => 'integer', 'presence' => true }
+      #                }
+      #              },
+      #              'post' => { ... }
+      #            }
+      #
+      #
+      def initialize(path, object)
+        @path = path
+        @path_pattern = /^#{path.gsub(/{(.+?)}/, '(?<\\1>.+?)')}(\..*)?$/
+        @methods = object.slice(*VALID_METHODS.values).transform_values do |value|
+          Sekisyo::WhitelistDetails::Method.new(value)
+        end
+      end
+
+      #
+      # Obtain the Path parameter from the dynamic URL according to the definition of the dynamic URL in the whitelist.
+      #
+      # Example
+      #
+      #   @path = "/categories/{category_id}/pets/{id}"
+      #   url = "/categories/1/pets/2"
+      #   path_params(url) #=> { 'category_id' => '1', 'id' => '2' }
+      #
+      # @param [String] url URL string.
+      #
+      # @return [Hash] Path parameters.
+      #
+      def path_params(url)
+        param_keys = @path.scan(/(?<=\{).*?(?=\})/)
+        @path_pattern =~ url
+        param_keys.to_h do |key|
+          [key, Regexp.last_match(key)]
+        end
+      end
+
+      def [](method)
+        raise 'Failed to determine HTTP method.' if VALID_METHODS[method.to_sym].nil?
+
+        @methods[VALID_METHODS[method.to_sym]]
+      end
+    end
+  end
+end

data/lib/sekisyo/whitelist_details/properties.rb

@@ -0,0 +1,33 @@
+# frozen_string_literal: true
+
+require_relative '../validator'
+
+module Sekisyo
+  module WhitelistDetails
+    #
+    # Sekisyo WhitelistDetails Path is a definition object for each properties in the whitelist.
+    #
+    class Properties
+      def initialize(properties = {})
+        @permit_keys = properties.keys
+        @properties = properties.map do |k, v|
+          Sekisyo::Validator.new(k, v || {})
+        end
+      end
+
+      #
+      # @param [Hash] params Request parameter.
+      #
+      # @return [true, false]
+      #
+      def valid?(params)
+        return false unless params.is_a? Hash
+        return false unless params == params.slice(*@permit_keys)
+
+        params.all? do |k, v|
+          @properties.find { |validator| validator.key == k }&.valid?(v)
+        end
+      end
+    end
+  end
+end

data/lib/sekisyo.rb

@@ -0,0 +1,13 @@
+# frozen_string_literal: true
+
+require 'yaml'
+require 'hashie/mash'
+require 'hashie/extensions/parsers/yaml_erb_parser'
+require_relative 'sekisyo/version'
+require_relative 'sekisyo/configuration'
+require_relative 'sekisyo/whitelist'
+require_relative 'sekisyo/middleware'
+
+module Sekisyo
+  class WhitelistDefinitionError < StandardError; end
+end

data/sekisyo.gemspec

@@ -0,0 +1,40 @@
+# frozen_string_literal: true
+
+require_relative 'lib/sekisyo/version'
+
+Gem::Specification.new do |spec|
+  spec.name = 'sekisyo'
+  spec.version = Sekisyo::VERSION
+  spec.authors = ['rhiroe']
+  spec.email = ['ride.poke@gmail.com']
+
+  spec.summary = 'Rack middleware that blocks HTTP requests that do not follow the Whitelist.'
+  spec.description = 'Whitelists can be defined in Yaml files.'
+  spec.homepage = 'https://github.com/rhiroe/sekisyo'
+  spec.license = 'MIT'
+  spec.required_ruby_version = '>= 2.6.0'
+
+  # spec.metadata["allowed_push_host"] = "TODO: Set to your gem server 'https://example.com'"
+
+  spec.metadata['homepage_uri'] = spec.homepage
+  spec.metadata['source_code_uri'] = 'https://github.com/rhiroe/sekisyo'
+  spec.metadata['changelog_uri'] = 'https://github.com/rhiroe/sekisyo/blob/master/CHANGELOG.md'
+
+  # Specify which files should be added to the gem when it is released.
+  # The `git ls-files -z` loads the files in the RubyGem that have been added into git.
+  spec.files = Dir.chdir(File.expand_path(__dir__)) do
+    `git ls-files -z`.split("\x0").reject do |f|
+      (f == __FILE__) || f.match(%r{\A(?:(?:bin|test|spec|features)/|\.(?:git|travis|circleci)|appveyor)})
+    end
+  end
+  spec.bindir = 'exe'
+  spec.executables = spec.files.grep(%r{\Aexe/}) { |f| File.basename(f) }
+  spec.require_paths = ['lib']
+
+  # Uncomment to register a new dependency of your gem
+  spec.add_dependency 'hashie', '~> 5.0'
+  spec.add_dependency 'rake', '~> 13.0'
+
+  # For more information and examples about making a new gem, check out our
+  # guide at: https://bundler.io/guides/creating_gem.html
+end

data/sig/sekisyo.rbs

@@ -0,0 +1,5 @@
+module Sekisyo
+  VERSION: String
+  # See the writing guide of rbs: https://github.com/ruby/rbs#guides
+  # TODO: add signature
+end