Class: LockBox

Inherits:
Object
  • Object
show all
Includes:
HTTPotato, LockBoxCache
Defined in:
lib/lockbox_middleware.rb

Constant Summary collapse

@@config = 
nil
@@protected_paths = 
nil

Instance Attribute Summary collapse

Class Method Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(app) ⇒ LockBox

Returns a new instance of LockBox.



37
38
39
40
 
# File 'lib/lockbox_middleware.rb', line 37

def initialize(app)
  @app = app
  @cache = LockBoxCache::Cache.new
end

Instance Attribute Details

#cacheObject

Returns the value of attribute cache.



10
11
12
 
# File 'lib/lockbox_middleware.rb', line 10

def cache
  @cache
end

Class Method Details

.configObject 



15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
 
# File 'lib/lockbox_middleware.rb', line 15

def self.config
  return @@config if @@config
  #use rails config if it's there
  if defined?(Rails) && Rails.root
    config_file = Rails.root.join('config','lockbox.yml')
    @@config = YAML.load_file(config_file)[Rails.env]
  else
    env = ENV['RACK_ENV'] || "test"
    config_file = File.join(Dir.pwd, 'config','lockbox.yml')
    all_configs = YAML.load_file(config_file)
    if !all_configs['all'].nil?
      $stderr.puts "The 'all' environment is deprecated in lockbox.yml; use built-in yaml convention instead."
      @@config = all_configs['all'].merge!(all_configs[env])
    else
      @@config = all_configs[env]
    end
  end
  return @@config
end

Instance Method Details

#auth_via_hmac(hmac_request) ⇒ Object 



92
93
94
95
96
97
98
99
 
# File 'lib/lockbox_middleware.rb', line 92

def auth_via_hmac(hmac_request)
  cached_auth = check_hmac_cache(hmac_request)
  return {:authorized => cached_auth, :headers => {}} if cached_auth
  auth_response = self.class.get("/authentication/hmac", {:headers => hmac_request.get_xreferer_auth_headers, :request => {:application_name => LockBox.config['application_name']}})
  authorized = (auth_response.code == 200)
  cache_hmac_response_if_allowed(hmac_request, auth_response) if authorized
  {:authorized => authorized, :headers => response_headers(auth_response)}
end

#auth_via_key(api_key, request) ⇒ Object 



82
83
84
85
86
87
88
89
90
 
# File 'lib/lockbox_middleware.rb', line 82

def auth_via_key(api_key, request)
  cached_auth = check_key_cache(api_key)
  # currently we don't cache forward headers
  return {:authorized => cached_auth, :headers => {}} if cached_auth
  auth_response = self.class.get("/authentication/#{api_key}", {:headers => request.get_xreferer_auth_headers, :request => {:application_name => LockBox.config['application_name']}})
  authorized = (auth_response.code == 200)
  cache_key_response_if_allowed(api_key, auth_response) if authorized
  {:authorized => authorized, :headers => response_headers(auth_response)}
end

#cache_string_for_hmac(hmac_id) ⇒ Object 



50
51
52
 
# File 'lib/lockbox_middleware.rb', line 50

def cache_string_for_hmac(hmac_id)
  "lockbox_hmac_#{hmac_id.gsub(/[^a-z0-9]/i,'_')}"
end

#cache_string_for_key(api_key) ⇒ Object 



46
47
48
 
# File 'lib/lockbox_middleware.rb', line 46

def cache_string_for_key(api_key)
  "lockbox_key_#{api_key}"
end

#call(env) ⇒ Object 



42
43
44
 
# File 'lib/lockbox_middleware.rb', line 42

def call(env)
  dup.call!(env)
end

#call!(env) ⇒ Object 



58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
 
# File 'lib/lockbox_middleware.rb', line 58

def call!(env)
  protected_path = protected_paths.detect{|path| env['PATH_INFO'] =~ path}
  #if the requested path is protected, it needs to be authenticated
  if protected_path
      request = HmacRequest.new_from_rack_env(env)
      if !request['key'].nil?
        auth = auth_via_key(request['key'], request)
      else
        auth = auth_via_hmac(request)
      end

      if auth[:authorized]
        app_response = @app.call(env)
        return [app_response[0], app_response[1].merge(auth[:headers]), app_response[2]]
      else
        message = "Access Denied"
        return [401, {'Content-Type' => 'text/plain', 'Content-Length' => "#{message.length}"}, [message]]
      end
  else
    #pass everything else straight through to app
    return @app.call(env)
  end
end

#protected_pathsObject 



54
55
56
 
# File 'lib/lockbox_middleware.rb', line 54

def protected_paths
  @@protect_paths ||= self.class.config['protect_paths'].map{ |path| Regexp.new(path) }
end