Class: Katalyst::Basic::Auth::Config

Inherits:
Object
  • Object
show all
Extended by:
Enumerable
Defined in:
lib/katalyst/basic/auth/config.rb

Overview

rubocop:disable Metrics/ClassLength

Constant Summary collapse

DEFAULT_USERNAME = 
"katalyst"
ROOT_PATH = 
"/"

Instance Attribute Summary collapse

Class Method Summary collapse

Instance Method Summary collapse

Instance Attribute Details

#ip_allowlistObject (readonly)

Returns the value of attribute ip_allowlist.



115
116
117
 
# File 'lib/katalyst/basic/auth/config.rb', line 115

def ip_allowlist
  @ip_allowlist
end

#passwordObject (readonly)

Returns the value of attribute password.



115
116
117
 
# File 'lib/katalyst/basic/auth/config.rb', line 115

def password
  @password
end

#pathObject (readonly)

Returns the value of attribute path.



115
116
117
 
# File 'lib/katalyst/basic/auth/config.rb', line 115

def path
  @path
end

#usernameObject (readonly)

Returns the value of attribute username.



115
116
117
 
# File 'lib/katalyst/basic/auth/config.rb', line 115

def username
  @username
end

Class Method Details

.add(path:, username: nil, password: nil, enabled: nil, ip_allowlist: nil) ⇒ Object

Parameters:

  • path (String)

    Relative path

  • username (String) (defaults to: nil)

    Basic auth user name

  • password (String) (defaults to: nil)

    Basic auth password

  • enabled (Boolean) (defaults to: nil)

    True to enable basic auth for this path

  • ip_allowlist (Array<String>) (defaults to: nil)

    List of IP addresses or network ranges to allow without basic auth



36
37
38
39
40
41
42
43
44
45
46
47
 
# File 'lib/katalyst/basic/auth/config.rb', line 36

def add(path:, username: nil, password: nil, enabled: nil, ip_allowlist: nil)
  config = new(
    path:         path,
    username:     username,
    password:     password,
    enabled:      enabled,
    ip_allowlist: ip_allowlist
  )
  all.delete(all.detect { |i| i.path == config.path })
  all << config
  config
end

.allObject 



49
50
51
 
# File 'lib/katalyst/basic/auth/config.rb', line 49

def all
  @all ||= [new]
end

.default_ip_allowlistObject 



110
111
112
 
# File 'lib/katalyst/basic/auth/config.rb', line 110

def default_ip_allowlist
  ENV.fetch("KATALYST_BASIC_AUTH_IP_ALLOWLIST", "").split(/[\s,]+/)
end

.default_password(username) ⇒ Object 



96
97
98
99
100
 
# File 'lib/katalyst/basic/auth/config.rb', line 96

def default_password(username)
  return ENV["KATALYST_BASIC_AUTH_PASS"] if ENV["KATALYST_BASIC_AUTH_PASS"]

  Digest::SHA256.hexdigest("#{default_password_salt}#{username}")[0..15]
end

.default_password_saltObject 



102
103
104
105
106
107
108
 
# File 'lib/katalyst/basic/auth/config.rb', line 102

def default_password_salt
  if rails? && Rails.application.respond_to?(:secret_key_base)
    Rails.application.secret_key_base
  else
    ENV["SECRET_KEY_BASE"]
  end
end

.default_usernameObject 



85
86
87
88
89
90
91
92
93
94
 
# File 'lib/katalyst/basic/auth/config.rb', line 85

def default_username
  return ENV["KATALYST_BASIC_AUTH_USER"] if ENV["KATALYST_BASIC_AUTH_USER"]
  return DEFAULT_USERNAME unless rails?

  if Rails::VERSION::MAJOR >= 6
    Rails.application.class.module_parent_name.underscore
  else
    Rails.application.class.parent_name.underscore
  end
end

.descriptionObject 



61
62
63
64
65
66
67
68
 
# File 'lib/katalyst/basic/auth/config.rb', line 61

def description
  output = ["Basic auth settings:", ""]
  all.each do |config|
    output << config.description
    output << ""
  end
  output.join("\n")
end

.each(&block) ⇒ Object 



57
58
59
 
# File 'lib/katalyst/basic/auth/config.rb', line 57

def each(&block)
  all.each(&block)
end

.enabled?Boolean

Returns:

  • (Boolean) 


70
71
72
73
 
# File 'lib/katalyst/basic/auth/config.rb', line 70

def enabled?
  global_enabled = ENV.fetch("KATALYST_BASIC_AUTH_ENABLED", enabled_rails_env?)
  [true, "yes", "true"].include?(global_enabled)
end

.enabled_rails_env?Boolean

Returns:

  • (Boolean) 


75
76
77
78
79
 
# File 'lib/katalyst/basic/auth/config.rb', line 75

def enabled_rails_env?
  return false unless rails?

  Rails.env.staging? || Rails.env.uat?
end

.for_path(path) ⇒ Config

Returns The config for the given path.

Parameters:

  • path (String)

    Request path

Returns:

  • (Config)

    The config for the given path



19
20
21
22
23
24
 
# File 'lib/katalyst/basic/auth/config.rb', line 19

def for_path(path)
  path ||= ROOT_PATH
  all.sort_by(&:path)
     .reverse
     .detect { |i| path.match(/^#{i.path}/) } || global
end

.globalConfig

Returns The global configuration.

Returns:

  • (Config)

    The global configuration



27
28
29
 
# File 'lib/katalyst/basic/auth/config.rb', line 27

def global
  all[0]
end

.rails?Boolean

Returns:

  • (Boolean) 


81
82
83
 
# File 'lib/katalyst/basic/auth/config.rb', line 81

def rails?
  defined?(Rails)
end

.reset!Object 



53
54
55
 
# File 'lib/katalyst/basic/auth/config.rb', line 53

def reset!
  @all = [new]
end

Instance Method Details

#allow_ip?(env) ⇒ Boolean

Returns:

  • (Boolean) 


125
126
127
128
129
130
131
 
# File 'lib/katalyst/basic/auth/config.rb', line 125

def allow_ip?(env)
  request = ::Rack::Request.new(env)
  return false unless request.ip

  remote_ip = IPAddr.new(request.ip)
  ip_allowlist.any? { |i| i.include?(remote_ip) }
end

#descriptionObject 



133
134
135
136
137
138
139
140
141
 
# File 'lib/katalyst/basic/auth/config.rb', line 133

def description
  output = []
  output << "path:         #{root_path? ? "(global)" : path}"
  output << "enabled:      #{enabled?}"
  output << "username:     #{username}"
  output << "password:     #{password}"
  output << "ip allowlist: #{ip_allowlist.inspect}"
  output.join("\n")
end

#enabled?Boolean

Returns:

  • (Boolean) 


117
118
119
 
# File 'lib/katalyst/basic/auth/config.rb', line 117

def enabled?
  @enabled
end

#root_path?Boolean

Returns:

  • (Boolean) 


121
122
123
 
# File 'lib/katalyst/basic/auth/config.rb', line 121

def root_path?
  path == ROOT_PATH
end