stitches 5.1.1 → 5.2.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 8bd97055675ab8ddc5fead5ed4a01b73df4ecd2c8b48f6069dfaf4702077f409
4
- data.tar.gz: b6834f800f55e68dee2b361cb129aa2bad5aa730c412c0815411f64ecfd4b664
3
+ metadata.gz: 36996c8616e83953bdfe5c10a8b83ad99a0b4bc71d1778aace6149ea0860deac
4
+ data.tar.gz: 9d2db9ddabbdbbc3d5f97cf477b5a8635dfb4713426e1fb11b181b6a3fa129a2
5
5
  SHA512:
6
- metadata.gz: a6f998361c6a0ad89def9c863b6ac1e801cf1c7194b8345f37e180a66bb3e806f0d835163de541976e853c6f33c3abf3ae2c03d480dde1d5b5789b8d3218e28f
7
- data.tar.gz: 3003d37d1e6560bfe8aace38c91af4d64c3b26d065b9e0f895dd9601e908ee0bbf9a591a681e1ad56cdabfa692953dcf37191541801217f4e58e952b325a1b62
6
+ metadata.gz: a00a09939651a50e4dde80dfeb943a2840d6c5cfe39753a29df12e78f23e5ac51a18eedc0c9c9a69fc2c22495a7c168ddf6a5a3346075e725438f65e400c86c1
7
+ data.tar.gz: eb3a8f860a7a11852057f58e3f9e60c7c3be9c15823d408e9053b7b6f4dee21e0a59b868bb3f4f73056a3d774122898a204ba6401fd033abf1a886d2252036df
data/.ruby-version CHANGED
@@ -1 +1 @@
1
- ruby-3.4.9
1
+ ruby-3.4.10
data/README.md CHANGED
@@ -42,6 +42,21 @@ Stitches.configure do |config|
42
42
  end
43
43
  ```
44
44
 
45
+ You can also pass a callable (lambda, proc, or any object responding to `#call`) to make
46
+ per-request auth decisions. The callable receives the Rack `env` hash and should return a
47
+ truthy value to skip auth:
48
+
49
+ ```ruby
50
+ Stitches.configure do |config|
51
+ config.disable_api_key_support = ->(env) {
52
+ env['HTTP_HOST'].to_s.include?('.int.example.com')
53
+ }
54
+ end
55
+ ```
56
+
57
+ This is useful for services that serve both internal (no auth needed) and external (auth
58
+ required) traffic on different hostnames without requiring a separate deployment.
59
+
45
60
  ### Caller Identification
46
61
 
47
62
  When API key auth is disabled, services lose the ability to identify which
@@ -23,7 +23,9 @@ module Stitches
23
23
  protected
24
24
 
25
25
  def do_call(env)
26
- return @app.call(env) if Stitches.configuration.disable_api_key_support
26
+ disable = Stitches.configuration.disable_api_key_support
27
+ disable = disable.call(env) if disable.respond_to?(:call)
28
+ return @app.call(env) if disable
27
29
 
28
30
  authorization = env["HTTP_AUTHORIZATION"]
29
31
  if authorization
@@ -6,7 +6,7 @@ class TestHeaders
6
6
  "Accept" => full_mimetype,
7
7
  "Content-Type" => full_mimetype,
8
8
  }.tap { |headers|
9
- set_authorization_header(headers,options) unless Stitches.configuration.disable_api_key_support
9
+ set_authorization_header(headers,options) unless Stitches.configuration.disable_api_key_support == true
10
10
  }
11
11
  end
12
12
 
@@ -1,5 +1,5 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  module Stitches
4
- VERSION = '5.1.1'
4
+ VERSION = '5.2.0'
5
5
  end
@@ -56,6 +56,73 @@ RSpec.describe "/api/hellos", type: :request do
56
56
  end
57
57
  end
58
58
 
59
+ context "disable_api_key_support is a callable" do
60
+ before do
61
+ Stitches.configuration.reset_to_defaults!
62
+ Stitches.configuration.custom_http_auth_scheme = 'MyAwesomeInternalScheme'
63
+ Stitches::ApiClientAccessWrapper.clear_api_cache
64
+ end
65
+
66
+ context "when the callable always returns true" do
67
+ before do
68
+ Stitches.configuration.disable_api_key_support = ->(_env) { true }
69
+ end
70
+
71
+ it "skips auth and reaches the controller" do
72
+ execute_call(auth: nil)
73
+
74
+ expect(response.body).to include "Hello"
75
+ expect(response.status).to eq 200
76
+ end
77
+
78
+ it "does not populate api client env vars" do
79
+ execute_call(auth: nil)
80
+
81
+ expect(response.body).to include "Hello ,"
82
+ expect(response.body).to include "IdNotFound"
83
+ end
84
+ end
85
+
86
+ context "when the callable always returns false" do
87
+ before do
88
+ Stitches.configuration.disable_api_key_support = ->(_env) { false }
89
+ end
90
+
91
+ it "enforces auth and returns 401" do
92
+ execute_call(auth: nil)
93
+
94
+ expect_unauthorized
95
+ end
96
+ end
97
+
98
+ context "when the callable inspects the request hostname" do
99
+ before do
100
+ Stitches.configuration.disable_api_key_support = ->(env) {
101
+ env['HTTP_HOST'].to_s.include?(".int.")
102
+ }
103
+ end
104
+
105
+ context "request arrives on the internal hostname" do
106
+ it "skips auth" do
107
+ host! "myapp.staging.int.example.com"
108
+ execute_call(auth: nil)
109
+
110
+ expect(response.body).to include "Hello"
111
+ expect(response.status).to eq 200
112
+ end
113
+ end
114
+
115
+ context "request arrives on the public hostname" do
116
+ it "enforces auth" do
117
+ host! "myapp.staging.example.com"
118
+ execute_call(auth: nil)
119
+
120
+ expect_unauthorized
121
+ end
122
+ end
123
+ end
124
+ end
125
+
59
126
  context "enabled api key support" do
60
127
  before do
61
128
  Stitches.configuration.reset_to_defaults!
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: stitches
3
3
  version: !ruby/object:Gem::Version
4
- version: 5.1.1
4
+ version: 5.2.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Stitch Fix Engineering