verikloak-rails 0.3.1 → 0.3.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG.md +16 -0
- data/lib/verikloak/rails/bff_configurator.rb +112 -0
- data/lib/verikloak/rails/railtie.rb +19 -95
- data/lib/verikloak/rails/railtie_logger.rb +30 -0
- data/lib/verikloak/rails/version.rb +1 -1
- metadata +4 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: f473cac2688d575650e3c483eac520fcb910ca7a9fd3c08620337386a705ca27
|
|
4
|
+
data.tar.gz: d76e49d03d27b336e6c8727f0cf3b82bb783bbe5153051be4ad4d0c1af5cfe7f
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 6326a2ca5a86a50898ebe00094139733e3295203ec050e9c471093c1d3b21f2d161251d6ecf97ce265267718e83b570f1b9d8d82b9288855f732b557d22ac5a4
|
|
7
|
+
data.tar.gz: 874c03abffe2470e4993b64e0afdcbe42f1b1f27e8b4bbd17aa457445deffce591907a46a62f0be24801786f3e339bfd43fd89deb3d2239defcd3ad37c8410ca
|
data/CHANGELOG.md
CHANGED
|
@@ -7,6 +7,22 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
|
|
|
7
7
|
|
|
8
8
|
---
|
|
9
9
|
|
|
10
|
+
## [0.3.2] - 2026-01-01
|
|
11
|
+
|
|
12
|
+
### Changed
|
|
13
|
+
- **BFF HeaderGuard safe insertion**: Railtie now validates BFF configuration before inserting `HeaderGuard`. If `trusted_proxies` is not configured (and `disabled` is not set to `true`), insertion is skipped with a warning instead of raising an error.
|
|
14
|
+
- This allows applications to start during initial setup before BFF configuration is complete.
|
|
15
|
+
- A clear warning message guides users to configure `trusted_proxies` to enable header validation.
|
|
16
|
+
- When `disabled: true` is set, HeaderGuard is inserted but internally disabled.
|
|
17
|
+
- **Railtie refactoring**: Extracted BFF configuration logic into `BffConfigurator` module and logging utilities into `RailtieLogger` module to improve maintainability.
|
|
18
|
+
|
|
19
|
+
### Added
|
|
20
|
+
- `BffConfigurator` module for BFF-related middleware configuration.
|
|
21
|
+
- `RailtieLogger` module for consistent logging across Railtie operations.
|
|
22
|
+
- Comprehensive test coverage for `BffConfigurator.configuration_valid?` method.
|
|
23
|
+
|
|
24
|
+
---
|
|
25
|
+
|
|
10
26
|
## [0.3.1] - 2026-01-01
|
|
11
27
|
|
|
12
28
|
### Added
|
|
@@ -0,0 +1,112 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
module Verikloak
|
|
4
|
+
module Rails
|
|
5
|
+
# Handles BFF (Backend-for-Frontend) middleware configuration.
|
|
6
|
+
# Extracted from Railtie to maintain class size limits.
|
|
7
|
+
module BffConfigurator
|
|
8
|
+
module_function
|
|
9
|
+
|
|
10
|
+
# Insert the optional HeaderGuard middleware when verikloak-bff is present.
|
|
11
|
+
# Skips insertion with a warning if trusted_proxies is not configured and
|
|
12
|
+
# disabled is not explicitly set to true.
|
|
13
|
+
#
|
|
14
|
+
# @param stack [ActionDispatch::MiddlewareStackProxy]
|
|
15
|
+
# @return [void]
|
|
16
|
+
def configure_bff_guard(stack)
|
|
17
|
+
return unless Verikloak::Rails.config.auto_insert_bff_header_guard
|
|
18
|
+
return unless defined?(::Verikloak::BFF::HeaderGuard)
|
|
19
|
+
|
|
20
|
+
unless configuration_valid?
|
|
21
|
+
RailtieLogger.warn(
|
|
22
|
+
'[verikloak] Skipping BFF::HeaderGuard insertion: trusted_proxies not configured. ' \
|
|
23
|
+
'Set trusted_proxies in bff_header_guard_options to enable header validation.'
|
|
24
|
+
)
|
|
25
|
+
return
|
|
26
|
+
end
|
|
27
|
+
|
|
28
|
+
insert_header_guard(stack)
|
|
29
|
+
end
|
|
30
|
+
|
|
31
|
+
# Configure the verikloak-bff library when options are supplied.
|
|
32
|
+
#
|
|
33
|
+
# @return [void]
|
|
34
|
+
def configure_library
|
|
35
|
+
options = Verikloak::Rails.config.bff_header_guard_options
|
|
36
|
+
return if options.nil? || (options.respond_to?(:empty?) && options.empty?)
|
|
37
|
+
return unless defined?(::Verikloak::BFF) && ::Verikloak::BFF.respond_to?(:configure)
|
|
38
|
+
|
|
39
|
+
apply_configuration(::Verikloak::BFF, options)
|
|
40
|
+
rescue StandardError => e
|
|
41
|
+
RailtieLogger.warn("[verikloak] Failed to apply BFF configuration: #{e.message}")
|
|
42
|
+
end
|
|
43
|
+
|
|
44
|
+
# Check if BFF configuration is valid for middleware insertion.
|
|
45
|
+
# Returns true if:
|
|
46
|
+
# - disabled: true is set (HeaderGuard will be inserted but internally disabled), OR
|
|
47
|
+
# - trusted_proxies is configured with at least one entry
|
|
48
|
+
#
|
|
49
|
+
# @return [Boolean]
|
|
50
|
+
def configuration_valid?
|
|
51
|
+
return true unless defined?(::Verikloak::BFF)
|
|
52
|
+
return true unless ::Verikloak::BFF.respond_to?(:config)
|
|
53
|
+
|
|
54
|
+
bff_config = ::Verikloak::BFF.config
|
|
55
|
+
|
|
56
|
+
# If disabled is explicitly set to true, allow insertion
|
|
57
|
+
# (HeaderGuard will be inserted but internally disabled)
|
|
58
|
+
return true if bff_config.respond_to?(:disabled) && bff_config.disabled
|
|
59
|
+
|
|
60
|
+
# For legacy versions without trusted_proxies method, allow insertion
|
|
61
|
+
return true unless bff_config.respond_to?(:trusted_proxies)
|
|
62
|
+
|
|
63
|
+
# Require trusted_proxies to be a non-empty Array
|
|
64
|
+
proxies = bff_config.trusted_proxies
|
|
65
|
+
proxies.is_a?(Array) && !proxies.empty?
|
|
66
|
+
end
|
|
67
|
+
|
|
68
|
+
# Insert HeaderGuard middleware into the stack.
|
|
69
|
+
#
|
|
70
|
+
# @param stack [ActionDispatch::MiddlewareStackProxy]
|
|
71
|
+
# @return [void]
|
|
72
|
+
def insert_header_guard(stack)
|
|
73
|
+
guard_before = Verikloak::Rails.config.bff_header_guard_insert_before
|
|
74
|
+
guard_after = Verikloak::Rails.config.bff_header_guard_insert_after
|
|
75
|
+
|
|
76
|
+
if guard_before
|
|
77
|
+
stack.insert_before guard_before, ::Verikloak::BFF::HeaderGuard
|
|
78
|
+
elsif guard_after
|
|
79
|
+
stack.insert_after guard_after, ::Verikloak::BFF::HeaderGuard
|
|
80
|
+
else
|
|
81
|
+
stack.insert_before ::Verikloak::Middleware, ::Verikloak::BFF::HeaderGuard
|
|
82
|
+
end
|
|
83
|
+
end
|
|
84
|
+
|
|
85
|
+
# Apply configuration options to the verikloak-bff namespace.
|
|
86
|
+
# Supports hash-like and callable inputs.
|
|
87
|
+
#
|
|
88
|
+
# @param target [Module] Verikloak::BFF namespace
|
|
89
|
+
# @param options [Hash, Proc, #to_h]
|
|
90
|
+
# @return [void]
|
|
91
|
+
def apply_configuration(target, options)
|
|
92
|
+
if options.respond_to?(:call)
|
|
93
|
+
target.configure(&options)
|
|
94
|
+
return
|
|
95
|
+
end
|
|
96
|
+
|
|
97
|
+
hash = options.respond_to?(:to_h) ? options.to_h : options
|
|
98
|
+
return unless hash.respond_to?(:each)
|
|
99
|
+
|
|
100
|
+
entries = hash.transform_keys(&:to_sym)
|
|
101
|
+
return if entries.empty?
|
|
102
|
+
|
|
103
|
+
target.configure do |config|
|
|
104
|
+
entries.each do |key, value|
|
|
105
|
+
writer = "#{key}="
|
|
106
|
+
config.public_send(writer, value) if config.respond_to?(writer)
|
|
107
|
+
end
|
|
108
|
+
end
|
|
109
|
+
end
|
|
110
|
+
end
|
|
111
|
+
end
|
|
112
|
+
end
|
|
@@ -2,6 +2,8 @@
|
|
|
2
2
|
|
|
3
3
|
require 'rails/railtie'
|
|
4
4
|
require 'verikloak/middleware'
|
|
5
|
+
require_relative 'railtie_logger'
|
|
6
|
+
require_relative 'bff_configurator'
|
|
5
7
|
|
|
6
8
|
module Verikloak
|
|
7
9
|
module Rails
|
|
@@ -53,7 +55,7 @@ module Verikloak
|
|
|
53
55
|
# @return [ActionDispatch::MiddlewareStackProxy] configured middleware stack
|
|
54
56
|
def configure_middleware(app)
|
|
55
57
|
apply_configuration(app)
|
|
56
|
-
|
|
58
|
+
BffConfigurator.configure_library
|
|
57
59
|
|
|
58
60
|
unless discovery_url_present?
|
|
59
61
|
log_missing_discovery_url_warning
|
|
@@ -61,55 +63,31 @@ module Verikloak
|
|
|
61
63
|
end
|
|
62
64
|
|
|
63
65
|
stack = insert_base_middleware(app)
|
|
64
|
-
configure_bff_guard(stack) if stack
|
|
66
|
+
BffConfigurator.configure_bff_guard(stack) if stack
|
|
65
67
|
|
|
66
68
|
stack
|
|
67
69
|
end
|
|
68
70
|
|
|
69
|
-
#
|
|
71
|
+
# Check if discovery_url is present and valid.
|
|
70
72
|
#
|
|
71
|
-
# @
|
|
72
|
-
|
|
73
|
-
|
|
74
|
-
return unless
|
|
75
|
-
return unless defined?(::Verikloak::BFF::HeaderGuard)
|
|
73
|
+
# @return [Boolean] true if discovery_url is configured and not empty
|
|
74
|
+
def discovery_url_present?
|
|
75
|
+
discovery_url = Verikloak::Rails.config.discovery_url
|
|
76
|
+
return false unless discovery_url
|
|
76
77
|
|
|
77
|
-
|
|
78
|
-
|
|
79
|
-
|
|
80
|
-
|
|
81
|
-
elsif guard_after
|
|
82
|
-
stack.insert_after guard_after, ::Verikloak::BFF::HeaderGuard
|
|
83
|
-
else
|
|
84
|
-
stack.insert_before ::Verikloak::Middleware, ::Verikloak::BFF::HeaderGuard
|
|
85
|
-
end
|
|
78
|
+
return !discovery_url.blank? if discovery_url.respond_to?(:blank?)
|
|
79
|
+
return !discovery_url.empty? if discovery_url.respond_to?(:empty?)
|
|
80
|
+
|
|
81
|
+
true
|
|
86
82
|
end
|
|
87
83
|
|
|
88
|
-
#
|
|
89
|
-
#
|
|
84
|
+
# Log a warning message when discovery_url is missing.
|
|
85
|
+
# Uses Rails.logger if available, falls back to warn.
|
|
90
86
|
#
|
|
91
|
-
# @param target [Module] Verikloak::BFF or Verikloak::Bff namespace
|
|
92
|
-
# @param options [Hash, Proc, #to_h]
|
|
93
87
|
# @return [void]
|
|
94
|
-
def
|
|
95
|
-
|
|
96
|
-
|
|
97
|
-
return
|
|
98
|
-
end
|
|
99
|
-
|
|
100
|
-
hash = options.respond_to?(:to_h) ? options.to_h : options
|
|
101
|
-
return unless hash.respond_to?(:each)
|
|
102
|
-
|
|
103
|
-
entries = hash.transform_keys(&:to_sym)
|
|
104
|
-
|
|
105
|
-
return if entries.empty?
|
|
106
|
-
|
|
107
|
-
target.configure do |config|
|
|
108
|
-
entries.each do |key, value|
|
|
109
|
-
writer = "#{key}="
|
|
110
|
-
config.public_send(writer, value) if config.respond_to?(writer)
|
|
111
|
-
end
|
|
112
|
-
end
|
|
88
|
+
def log_missing_discovery_url_warning
|
|
89
|
+
message = '[verikloak] discovery_url is not configured; skipping middleware insertion.'
|
|
90
|
+
RailtieLogger.warn(message)
|
|
113
91
|
end
|
|
114
92
|
|
|
115
93
|
# Sync configuration from the Rails application into Verikloak::Rails.
|
|
@@ -126,41 +104,6 @@ module Verikloak
|
|
|
126
104
|
end
|
|
127
105
|
end
|
|
128
106
|
|
|
129
|
-
# Configure the verikloak-bff library when options are supplied.
|
|
130
|
-
#
|
|
131
|
-
# @return [void]
|
|
132
|
-
def configure_bff_library
|
|
133
|
-
options = Verikloak::Rails.config.bff_header_guard_options
|
|
134
|
-
return if options.nil? || (options.respond_to?(:empty?) && options.empty?)
|
|
135
|
-
return unless defined?(::Verikloak::BFF) && ::Verikloak::BFF.respond_to?(:configure)
|
|
136
|
-
|
|
137
|
-
apply_bff_configuration(::Verikloak::BFF, options)
|
|
138
|
-
rescue StandardError => e
|
|
139
|
-
warn_with_fallback("[verikloak] Failed to apply BFF configuration: #{e.message}")
|
|
140
|
-
end
|
|
141
|
-
|
|
142
|
-
# Check if discovery_url is present and valid.
|
|
143
|
-
#
|
|
144
|
-
# @return [Boolean] true if discovery_url is configured and not empty
|
|
145
|
-
def discovery_url_present?
|
|
146
|
-
discovery_url = Verikloak::Rails.config.discovery_url
|
|
147
|
-
return false unless discovery_url
|
|
148
|
-
|
|
149
|
-
return !discovery_url.blank? if discovery_url.respond_to?(:blank?)
|
|
150
|
-
return !discovery_url.empty? if discovery_url.respond_to?(:empty?)
|
|
151
|
-
|
|
152
|
-
true
|
|
153
|
-
end
|
|
154
|
-
|
|
155
|
-
# Log a warning message when discovery_url is missing.
|
|
156
|
-
# Uses Rails.logger if available, falls back to warn.
|
|
157
|
-
#
|
|
158
|
-
# @return [void]
|
|
159
|
-
def log_missing_discovery_url_warning
|
|
160
|
-
message = '[verikloak] discovery_url is not configured; skipping middleware insertion.'
|
|
161
|
-
warn_with_fallback(message)
|
|
162
|
-
end
|
|
163
|
-
|
|
164
107
|
# Insert the base Verikloak::Middleware into the application middleware stack.
|
|
165
108
|
# Respects the configured insertion point (before or after specified middleware).
|
|
166
109
|
#
|
|
@@ -243,26 +186,7 @@ module Verikloak
|
|
|
243
186
|
def log_middleware_insertion_warning(candidate, error)
|
|
244
187
|
candidate_name = candidate.is_a?(Class) ? candidate.name : candidate.class.name
|
|
245
188
|
message = "[verikloak] Unable to insert after #{candidate_name}: #{error.message}"
|
|
246
|
-
|
|
247
|
-
end
|
|
248
|
-
|
|
249
|
-
# Resolve the logger instance used for warnings, if present.
|
|
250
|
-
# @return [Object, nil]
|
|
251
|
-
def rails_logger
|
|
252
|
-
return unless defined?(::Rails) && ::Rails.respond_to?(:logger)
|
|
253
|
-
|
|
254
|
-
::Rails.logger
|
|
255
|
-
end
|
|
256
|
-
|
|
257
|
-
# Log a warning using Rails.logger when available, otherwise fall back to Kernel#warn.
|
|
258
|
-
# @param message [String]
|
|
259
|
-
# @return [void]
|
|
260
|
-
def warn_with_fallback(message)
|
|
261
|
-
if (logger = rails_logger)
|
|
262
|
-
logger.warn(message)
|
|
263
|
-
else
|
|
264
|
-
warn(message)
|
|
265
|
-
end
|
|
189
|
+
RailtieLogger.warn(message)
|
|
266
190
|
end
|
|
267
191
|
end
|
|
268
192
|
end
|
|
@@ -0,0 +1,30 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
module Verikloak
|
|
4
|
+
module Rails
|
|
5
|
+
# Logging utilities for Railtie operations.
|
|
6
|
+
# Provides consistent warning output across Rails versions.
|
|
7
|
+
module RailtieLogger
|
|
8
|
+
module_function
|
|
9
|
+
|
|
10
|
+
# Log a warning using Rails.logger when available, otherwise fall back to Kernel#warn.
|
|
11
|
+
# @param message [String]
|
|
12
|
+
# @return [void]
|
|
13
|
+
def warn(message)
|
|
14
|
+
if (logger = rails_logger)
|
|
15
|
+
logger.warn(message)
|
|
16
|
+
else
|
|
17
|
+
Kernel.warn(message)
|
|
18
|
+
end
|
|
19
|
+
end
|
|
20
|
+
|
|
21
|
+
# Resolve the logger instance used for warnings, if present.
|
|
22
|
+
# @return [Object, nil]
|
|
23
|
+
def rails_logger
|
|
24
|
+
return unless defined?(::Rails) && ::Rails.respond_to?(:logger)
|
|
25
|
+
|
|
26
|
+
::Rails.logger
|
|
27
|
+
end
|
|
28
|
+
end
|
|
29
|
+
end
|
|
30
|
+
end
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: verikloak-rails
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.3.
|
|
4
|
+
version: 0.3.2
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- taiyaky
|
|
@@ -82,10 +82,12 @@ files:
|
|
|
82
82
|
- lib/generators/verikloak/install/templates/initializer.rb.erb
|
|
83
83
|
- lib/verikloak-rails.rb
|
|
84
84
|
- lib/verikloak/rails.rb
|
|
85
|
+
- lib/verikloak/rails/bff_configurator.rb
|
|
85
86
|
- lib/verikloak/rails/configuration.rb
|
|
86
87
|
- lib/verikloak/rails/controller.rb
|
|
87
88
|
- lib/verikloak/rails/error_renderer.rb
|
|
88
89
|
- lib/verikloak/rails/railtie.rb
|
|
90
|
+
- lib/verikloak/rails/railtie_logger.rb
|
|
89
91
|
- lib/verikloak/rails/version.rb
|
|
90
92
|
homepage: https://github.com/taiyaky/verikloak-rails
|
|
91
93
|
licenses:
|
|
@@ -94,7 +96,7 @@ metadata:
|
|
|
94
96
|
source_code_uri: https://github.com/taiyaky/verikloak-rails
|
|
95
97
|
changelog_uri: https://github.com/taiyaky/verikloak-rails/blob/main/CHANGELOG.md
|
|
96
98
|
bug_tracker_uri: https://github.com/taiyaky/verikloak-rails/issues
|
|
97
|
-
documentation_uri: https://rubydoc.info/gems/verikloak-rails/0.3.
|
|
99
|
+
documentation_uri: https://rubydoc.info/gems/verikloak-rails/0.3.2
|
|
98
100
|
rubygems_mfa_required: 'true'
|
|
99
101
|
rdoc_options: []
|
|
100
102
|
require_paths:
|