LockBox
LockBox is a centralized API authentication service written by the DNC Innovation Lab. It lets your API users share a single identity across multiple services.
It is licensed under the New BSD License (see the LICENSE file for details).
The server is a Ruby on Rails application, while the client is pure Rack middleware (which means it integrates nicely with any modern Ruby web framework, including Rails 2.3+).
Lockbox handles things like rate limiting, API key signup and management, and supports HMAC authentication as well as plain-text key exchange.
Client Installation
gem install lockbox_middleware
Rails 2
Add the following lines to the “config/environment.rb” file:
config.gem 'lockbox_middleware'
config.middleware.use 'LockBox'
You may want to restrict the “config.middleware.use” line to the config/environments/production.rb file so that your test and development environments aren’t trying to access the LockBox server.
Rails 3
Untested.
Client Configuration
LockBox needs a configuration file named “lockbox.yml” in order to work. In a Rack app (incl. Rails), this file should be placed in app_root/config/lockbox.yml.
You should define (for each of your environments), the base_uri of your app and the relative paths you want to protect with LockBox.
Here’s an example lockbox.yml:
common: &COMMON
protected_paths:
- ^/api/
production:
<<: *COMMON
base_uri: http://lockbox.foo.org
development:
<<: *COMMON
base_uri: http://localhost:3001
cucumber:
<<: *COMMON
base_uri: http://localhost:3001
test:
<<: *COMMON
base_uri: http://localhost:3001
Graphite Integration
The lockbox-middleware gem supports sending runtime metrics to Graphite (graphite.wikidot.com/) via statsd-client. This is off by default, but can be turned on by adding the keys ‘statsd_host’, ‘statsd_port’, and ‘graphite_prefix’ to your lockbox.yml file. For example:
statsd_host: statsd.example.com
statsd_port: 8125
graphite_prefix: my.app.lockbox_middleware
Server Installation
Running your own LockBox server is pretty easy. Just clone this repository (I’d stick with the master branch) and set it up under your favorite Rails hosting environment. It has only been tested with PostgreSQL, but it’s not doing anything exotic with the DB, so it will probably work with other databases too.
The gem dependencies are generally kept up to date in the Gemfile, so you can use bundler:
gem install bundler
bundle install
Or you can use the Rails 2 gem installer:
rake gems:install
Then you should configure the database.yml for the test environment and run ‘rake spec’ in the app root to have RSpec (gem install rspec-rails) run all of the tests. If these all pass, then you’re probably good to go.
Download
Github: github.com/dnclabs/lockbox/tree/master
Authors
-
Nathan Woodhull
-
Chris Gill
-
Brian Cardarella
-
Wes Morgan
-
Dave Steinberg
Copyright 2010 Democratic National Committee, All Rights Reserved.