stitches 5.1.1 → 5.2.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/.ruby-version +1 -1
- data/README.md +15 -0
- data/lib/stitches/api_key.rb +3 -1
- data/lib/stitches/spec/test_headers.rb +1 -1
- data/lib/stitches/version.rb +1 -1
- data/spec/api_key_middleware_spec.rb +67 -0
- metadata +1 -1
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 36996c8616e83953bdfe5c10a8b83ad99a0b4bc71d1778aace6149ea0860deac
|
|
4
|
+
data.tar.gz: 9d2db9ddabbdbbc3d5f97cf477b5a8635dfb4713426e1fb11b181b6a3fa129a2
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: a00a09939651a50e4dde80dfeb943a2840d6c5cfe39753a29df12e78f23e5ac51a18eedc0c9c9a69fc2c22495a7c168ddf6a5a3346075e725438f65e400c86c1
|
|
7
|
+
data.tar.gz: eb3a8f860a7a11852057f58e3f9e60c7c3be9c15823d408e9053b7b6f4dee21e0a59b868bb3f4f73056a3d774122898a204ba6401fd033abf1a886d2252036df
|
data/.ruby-version
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
ruby-3.4.
|
|
1
|
+
ruby-3.4.10
|
data/README.md
CHANGED
|
@@ -42,6 +42,21 @@ Stitches.configure do |config|
|
|
|
42
42
|
end
|
|
43
43
|
```
|
|
44
44
|
|
|
45
|
+
You can also pass a callable (lambda, proc, or any object responding to `#call`) to make
|
|
46
|
+
per-request auth decisions. The callable receives the Rack `env` hash and should return a
|
|
47
|
+
truthy value to skip auth:
|
|
48
|
+
|
|
49
|
+
```ruby
|
|
50
|
+
Stitches.configure do |config|
|
|
51
|
+
config.disable_api_key_support = ->(env) {
|
|
52
|
+
env['HTTP_HOST'].to_s.include?('.int.example.com')
|
|
53
|
+
}
|
|
54
|
+
end
|
|
55
|
+
```
|
|
56
|
+
|
|
57
|
+
This is useful for services that serve both internal (no auth needed) and external (auth
|
|
58
|
+
required) traffic on different hostnames without requiring a separate deployment.
|
|
59
|
+
|
|
45
60
|
### Caller Identification
|
|
46
61
|
|
|
47
62
|
When API key auth is disabled, services lose the ability to identify which
|
data/lib/stitches/api_key.rb
CHANGED
|
@@ -23,7 +23,9 @@ module Stitches
|
|
|
23
23
|
protected
|
|
24
24
|
|
|
25
25
|
def do_call(env)
|
|
26
|
-
|
|
26
|
+
disable = Stitches.configuration.disable_api_key_support
|
|
27
|
+
disable = disable.call(env) if disable.respond_to?(:call)
|
|
28
|
+
return @app.call(env) if disable
|
|
27
29
|
|
|
28
30
|
authorization = env["HTTP_AUTHORIZATION"]
|
|
29
31
|
if authorization
|
|
@@ -6,7 +6,7 @@ class TestHeaders
|
|
|
6
6
|
"Accept" => full_mimetype,
|
|
7
7
|
"Content-Type" => full_mimetype,
|
|
8
8
|
}.tap { |headers|
|
|
9
|
-
set_authorization_header(headers,options) unless Stitches.configuration.disable_api_key_support
|
|
9
|
+
set_authorization_header(headers,options) unless Stitches.configuration.disable_api_key_support == true
|
|
10
10
|
}
|
|
11
11
|
end
|
|
12
12
|
|
data/lib/stitches/version.rb
CHANGED
|
@@ -56,6 +56,73 @@ RSpec.describe "/api/hellos", type: :request do
|
|
|
56
56
|
end
|
|
57
57
|
end
|
|
58
58
|
|
|
59
|
+
context "disable_api_key_support is a callable" do
|
|
60
|
+
before do
|
|
61
|
+
Stitches.configuration.reset_to_defaults!
|
|
62
|
+
Stitches.configuration.custom_http_auth_scheme = 'MyAwesomeInternalScheme'
|
|
63
|
+
Stitches::ApiClientAccessWrapper.clear_api_cache
|
|
64
|
+
end
|
|
65
|
+
|
|
66
|
+
context "when the callable always returns true" do
|
|
67
|
+
before do
|
|
68
|
+
Stitches.configuration.disable_api_key_support = ->(_env) { true }
|
|
69
|
+
end
|
|
70
|
+
|
|
71
|
+
it "skips auth and reaches the controller" do
|
|
72
|
+
execute_call(auth: nil)
|
|
73
|
+
|
|
74
|
+
expect(response.body).to include "Hello"
|
|
75
|
+
expect(response.status).to eq 200
|
|
76
|
+
end
|
|
77
|
+
|
|
78
|
+
it "does not populate api client env vars" do
|
|
79
|
+
execute_call(auth: nil)
|
|
80
|
+
|
|
81
|
+
expect(response.body).to include "Hello ,"
|
|
82
|
+
expect(response.body).to include "IdNotFound"
|
|
83
|
+
end
|
|
84
|
+
end
|
|
85
|
+
|
|
86
|
+
context "when the callable always returns false" do
|
|
87
|
+
before do
|
|
88
|
+
Stitches.configuration.disable_api_key_support = ->(_env) { false }
|
|
89
|
+
end
|
|
90
|
+
|
|
91
|
+
it "enforces auth and returns 401" do
|
|
92
|
+
execute_call(auth: nil)
|
|
93
|
+
|
|
94
|
+
expect_unauthorized
|
|
95
|
+
end
|
|
96
|
+
end
|
|
97
|
+
|
|
98
|
+
context "when the callable inspects the request hostname" do
|
|
99
|
+
before do
|
|
100
|
+
Stitches.configuration.disable_api_key_support = ->(env) {
|
|
101
|
+
env['HTTP_HOST'].to_s.include?(".int.")
|
|
102
|
+
}
|
|
103
|
+
end
|
|
104
|
+
|
|
105
|
+
context "request arrives on the internal hostname" do
|
|
106
|
+
it "skips auth" do
|
|
107
|
+
host! "myapp.staging.int.example.com"
|
|
108
|
+
execute_call(auth: nil)
|
|
109
|
+
|
|
110
|
+
expect(response.body).to include "Hello"
|
|
111
|
+
expect(response.status).to eq 200
|
|
112
|
+
end
|
|
113
|
+
end
|
|
114
|
+
|
|
115
|
+
context "request arrives on the public hostname" do
|
|
116
|
+
it "enforces auth" do
|
|
117
|
+
host! "myapp.staging.example.com"
|
|
118
|
+
execute_call(auth: nil)
|
|
119
|
+
|
|
120
|
+
expect_unauthorized
|
|
121
|
+
end
|
|
122
|
+
end
|
|
123
|
+
end
|
|
124
|
+
end
|
|
125
|
+
|
|
59
126
|
context "enabled api key support" do
|
|
60
127
|
before do
|
|
61
128
|
Stitches.configuration.reset_to_defaults!
|