tenant_check 0.1.0 → 0.1.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/README.md +2 -2
- data/lib/tenant_check.rb +4 -0
- data/lib/tenant_check/rack.rb +55 -3
- data/lib/tenant_check/version.rb +1 -1
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 1186affdcb84a728e1e4689cee3907c517b0cd7136e02f4d96d7d299b199b11b
|
|
4
|
+
data.tar.gz: 487dc1e4c9bbd67acb6a6d98759c259dbe5ed1ef92fe9b6e21dc865188184dc5
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 776fbae20f003759b4a007666ef8e477fd50eab16071629182e53bff33c2d4b48fe394250acec492c950767d0f4b79fcabf0c14764a6cae94d4338408a1f8d1f
|
|
7
|
+
data.tar.gz: 0ddff666811b9d5193751e5eee2de26484fb2d526e8a4ca7d7ca5b197e5bcca99cf2896affff1d1af08a99090c032a1206d81e56f76045261faac5725efef394
|
data/README.md
CHANGED
|
@@ -11,7 +11,7 @@ This gem is in an early stage of development.
|
|
|
11
11
|
Add this line to your application's Gemfile:
|
|
12
12
|
|
|
13
13
|
```ruby
|
|
14
|
-
gem 'tenant_check'
|
|
14
|
+
gem 'tenant_check'
|
|
15
15
|
```
|
|
16
16
|
|
|
17
17
|
And then execute:
|
|
@@ -64,7 +64,7 @@ current_user.tasks.to_a # devise current_user is safe and the query based on it
|
|
|
64
64
|
### temporarlly disable tenant check
|
|
65
65
|
|
|
66
66
|
```ruby
|
|
67
|
-
users = TenantCheck.ignored { User.all }
|
|
67
|
+
users = TenantCheck.ignored { User.all.to_a }
|
|
68
68
|
```
|
|
69
69
|
|
|
70
70
|
## Development
|
data/lib/tenant_check.rb
CHANGED
data/lib/tenant_check/rack.rb
CHANGED
|
@@ -1,5 +1,7 @@
|
|
|
1
1
|
# frozen_string_literal: true
|
|
2
2
|
|
|
3
|
+
require 'action_dispatch'
|
|
4
|
+
|
|
3
5
|
module TenantCheck
|
|
4
6
|
class Rack
|
|
5
7
|
def initialize(app)
|
|
@@ -8,11 +10,61 @@ module TenantCheck
|
|
|
8
10
|
|
|
9
11
|
def call(env)
|
|
10
12
|
TenantCheck.start
|
|
11
|
-
|
|
12
|
-
TenantCheck.
|
|
13
|
-
|
|
13
|
+
status, headers, response = @app.call(env)
|
|
14
|
+
if TenantCheck.notification? && html_headers?(status, headers) && (body = response_body(response))
|
|
15
|
+
TenantCheck.output_notifications
|
|
16
|
+
body = append_to_html_body(body, footer_html)
|
|
17
|
+
content_length = body.bytesize.to_s
|
|
18
|
+
headers['Content-Length'] = content_length
|
|
19
|
+
# maintains compatibility with other middlewares
|
|
20
|
+
if defined?(ActionDispatch::Response::RackBody) && response.is_a?(ActionDispatch::Response::RackBody)
|
|
21
|
+
ActionDispatch::Response.new(status, headers, [body]).to_a
|
|
22
|
+
else
|
|
23
|
+
[status, headers, [body]]
|
|
24
|
+
end
|
|
25
|
+
else
|
|
26
|
+
[status, headers, response]
|
|
27
|
+
end
|
|
14
28
|
ensure
|
|
15
29
|
TenantCheck.end
|
|
16
30
|
end
|
|
31
|
+
|
|
32
|
+
private
|
|
33
|
+
|
|
34
|
+
def append_to_html_body(body, content)
|
|
35
|
+
body = body.dup
|
|
36
|
+
if body.include?('</body>')
|
|
37
|
+
position = body.rindex('</body>')
|
|
38
|
+
body.insert(position, content)
|
|
39
|
+
else
|
|
40
|
+
body << content
|
|
41
|
+
end
|
|
42
|
+
end
|
|
43
|
+
|
|
44
|
+
def footer_html
|
|
45
|
+
<<~EOS
|
|
46
|
+
<div ondblclick="this.parentNode.removeChild(this);" style="position: fixed; right: 0; bottom: 0; z-index:9999; font-size: 16px; padding: 8px 32px 8px 8px; background-color: rgb(224, 104, 15); color: white; border-style: solid; border-color: rgb(140, 69, 15); border-width: 2px 0 0 2px; border-radius: 8px 0 0 0; cursor: pointer;">
|
|
47
|
+
<div onclick='this.parentNode.remove()' style='position:absolute; right: 10px; top: 6px; font-weight: bold; color: white;'>×</div>
|
|
48
|
+
#{TenantCheck.notifications.size} tenant unsafe queries detected!
|
|
49
|
+
</div>
|
|
50
|
+
EOS
|
|
51
|
+
end
|
|
52
|
+
|
|
53
|
+
def file?(headers)
|
|
54
|
+
headers['Content-Transfer-Encoding'] == 'binary' || headers['Content-Disposition']
|
|
55
|
+
end
|
|
56
|
+
|
|
57
|
+
def html_headers?(status, headers)
|
|
58
|
+
status == 200 &&
|
|
59
|
+
headers['Content-Type'] &&
|
|
60
|
+
headers['Content-Type'].include?('text/html') &&
|
|
61
|
+
!file?(headers)
|
|
62
|
+
end
|
|
63
|
+
|
|
64
|
+
def response_body(response)
|
|
65
|
+
strings = []
|
|
66
|
+
response.each { |s| strings << s.to_s }
|
|
67
|
+
strings.join
|
|
68
|
+
end
|
|
17
69
|
end
|
|
18
70
|
end
|
data/lib/tenant_check/version.rb
CHANGED
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: tenant_check
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.1.
|
|
4
|
+
version: 0.1.1
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Shunichi Ikegami
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: exe
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2018-05-
|
|
11
|
+
date: 2018-05-10 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: bundler
|