smart_proxy_dynflow 0.2.0 → 0.2.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +5 -5
- data/lib/smart_proxy_dynflow/api.rb +37 -2
- data/lib/smart_proxy_dynflow/version.rb +1 -1
- metadata +4 -4
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
|
-
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
2
|
+
SHA1:
|
|
3
|
+
metadata.gz: ebb495fc4f587cc0d94521bec26020bad3948109
|
|
4
|
+
data.tar.gz: 87a7ba0afc1876f92f336edbf5b38e523de11101
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 1764f5ec0797cbafa4182dd848f7faffb3aae8cdc6053cf08e127cbd0ff9a654acd6994b985caea64267cceea3cde1256bddfb3d232f359b933c0f546c34ced9
|
|
7
|
+
data.tar.gz: 65494db608d5c67aed31219afb9c289ca900ed26911b034e1bf55dcb1472f17dab1d7537539f54f28407484d94e7ed27052e0a2a5f007dbc92392662b5641ee2
|
|
@@ -6,18 +6,53 @@ module Proxy
|
|
|
6
6
|
class Dynflow
|
|
7
7
|
class Api < ::Sinatra::Base
|
|
8
8
|
helpers ::Proxy::Helpers
|
|
9
|
+
helpers ::Proxy::Log
|
|
9
10
|
helpers ::Proxy::Dynflow::Helpers
|
|
10
11
|
|
|
11
12
|
before do
|
|
12
|
-
logger = Proxy::LogBuffer::Decorator.instance
|
|
13
13
|
content_type :json
|
|
14
14
|
if request.env['HTTP_AUTHORIZATION'] && request.env['PATH_INFO'].end_with?('/done')
|
|
15
15
|
# Halt running before callbacks if a token is provided and the request is notifying about task being done
|
|
16
16
|
return
|
|
17
|
+
else
|
|
18
|
+
do_authorize_with_ssl_client
|
|
19
|
+
do_authorize_with_trusted_hosts
|
|
17
20
|
end
|
|
18
21
|
end
|
|
19
22
|
|
|
20
|
-
|
|
23
|
+
|
|
24
|
+
# TODO: move this to foreman-proxy to reduce code duplicities
|
|
25
|
+
def do_authorize_with_trusted_hosts
|
|
26
|
+
# When :trusted_hosts is given, we check the client against the list
|
|
27
|
+
# HTTPS: test the certificate CN
|
|
28
|
+
# HTTP: test the reverse DNS entry of the remote IP
|
|
29
|
+
trusted_hosts = Proxy::SETTINGS.trusted_hosts
|
|
30
|
+
if trusted_hosts
|
|
31
|
+
if [ 'yes', 'on', 1 ].include? request.env['HTTPS'].to_s
|
|
32
|
+
fqdn = https_cert_cn
|
|
33
|
+
source = 'SSL_CLIENT_CERT'
|
|
34
|
+
else
|
|
35
|
+
fqdn = remote_fqdn(Proxy::SETTINGS.forward_verify)
|
|
36
|
+
source = 'REMOTE_ADDR'
|
|
37
|
+
end
|
|
38
|
+
fqdn = fqdn.downcase
|
|
39
|
+
logger.debug "verifying remote client #{fqdn} (based on #{source}) against trusted_hosts #{trusted_hosts}"
|
|
40
|
+
|
|
41
|
+
unless Proxy::SETTINGS.trusted_hosts.include?(fqdn)
|
|
42
|
+
log_halt 403, "Untrusted client #{fqdn} attempted to access #{request.path_info}. Check :trusted_hosts: in settings.yml"
|
|
43
|
+
end
|
|
44
|
+
end
|
|
45
|
+
end
|
|
46
|
+
|
|
47
|
+
def do_authorize_with_ssl_client
|
|
48
|
+
if ['yes', 'on', '1'].include? request.env['HTTPS'].to_s
|
|
49
|
+
if request.env['SSL_CLIENT_CERT'].to_s.empty?
|
|
50
|
+
log_halt 403, "No client SSL certificate supplied"
|
|
51
|
+
end
|
|
52
|
+
else
|
|
53
|
+
logger.debug('require_ssl_client_verification: skipping, non-HTTPS request')
|
|
54
|
+
end
|
|
55
|
+
end
|
|
21
56
|
|
|
22
57
|
post "/*" do
|
|
23
58
|
relay_request
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: smart_proxy_dynflow
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.2.
|
|
4
|
+
version: 0.2.1
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Ivan Nečas
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2018-
|
|
11
|
+
date: 2018-09-20 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: bundler
|
|
@@ -116,7 +116,7 @@ files:
|
|
|
116
116
|
- settings.d/dynflow.yml.example
|
|
117
117
|
homepage: https://github.com/theforeman/smart_proxy_dynflow
|
|
118
118
|
licenses:
|
|
119
|
-
-
|
|
119
|
+
- GPL-3.0
|
|
120
120
|
metadata: {}
|
|
121
121
|
post_install_message:
|
|
122
122
|
rdoc_options: []
|
|
@@ -134,7 +134,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
134
134
|
version: '0'
|
|
135
135
|
requirements: []
|
|
136
136
|
rubyforge_project:
|
|
137
|
-
rubygems_version: 2.
|
|
137
|
+
rubygems_version: 2.6.12
|
|
138
138
|
signing_key:
|
|
139
139
|
specification_version: 4
|
|
140
140
|
summary: Dynflow runtime for Foreman smart proxy
|