Class: LockBox
- Inherits:
-
Object
- Object
- LockBox
- Includes:
- HTTPotato, LockBoxCache
- Defined in:
- lib/lockbox_middleware.rb
Constant Summary collapse
- @@config =
nil
- @@protected_paths =
nil
Instance Attribute Summary collapse
-
#cache ⇒ Object
Returns the value of attribute cache.
Class Method Summary collapse
Instance Method Summary collapse
- #auth_via_hmac(hmac_request) ⇒ Object
- #auth_via_key(api_key, request) ⇒ Object
- #cache_string_for_hmac(hmac_id) ⇒ Object
- #cache_string_for_key(api_key) ⇒ Object
- #call(env) ⇒ Object
- #call!(env) ⇒ Object
-
#initialize(app) ⇒ LockBox
constructor
A new instance of LockBox.
- #protected_paths ⇒ Object
Constructor Details
#initialize(app) ⇒ LockBox
Returns a new instance of LockBox.
38 39 40 41 42 |
# File 'lib/lockbox_middleware.rb', line 38 def initialize(app) @app = app @cache = LockBoxCache::Cache.new @graphite = setup_graphite end |
Instance Attribute Details
#cache ⇒ Object
Returns the value of attribute cache.
11 12 13 |
# File 'lib/lockbox_middleware.rb', line 11 def cache @cache end |
Class Method Details
.config ⇒ Object
16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 |
# File 'lib/lockbox_middleware.rb', line 16 def self.config return @@config if @@config #use rails config if it's there if defined?(Rails) && Rails.root config_file = Rails.root.join('config','lockbox.yml') @@config = YAML.load_file(config_file)[Rails.env] else env = ENV['RACK_ENV'] || "test" config_file = File.join(Dir.pwd, 'config','lockbox.yml') all_configs = YAML.load_file(config_file) if !all_configs['all'].nil? $stderr.puts "The 'all' environment is deprecated in lockbox.yml; use built-in yaml convention instead." @@config = all_configs['all'].merge!(all_configs[env]) else @@config = all_configs[env] end end return @@config end |
Instance Method Details
#auth_via_hmac(hmac_request) ⇒ Object
103 104 105 106 107 108 109 110 111 112 113 114 |
# File 'lib/lockbox_middleware.rb', line 103 def auth_via_hmac(hmac_request) cached_auth = check_hmac_cache(hmac_request) return {:authorized => cached_auth, :headers => {}} if cached_auth auth_response = time_it("hmac.http_request") { self.class.get("/authentication/hmac", {:headers => hmac_request.get_xreferer_auth_headers, :request => {:application_name => LockBox.config['application_name']}}) } = (auth_response.code == 200) cache_hmac_response_if_allowed(hmac_request, auth_response) if {:authorized => , :headers => response_headers(auth_response)} end |
#auth_via_key(api_key, request) ⇒ Object
89 90 91 92 93 94 95 96 97 98 99 100 101 |
# File 'lib/lockbox_middleware.rb', line 89 def auth_via_key(api_key, request) cached_auth = check_key_cache(api_key) # currently we don't cache forward headers return {:authorized => cached_auth, :headers => {}} if cached_auth auth_response = time_it("key.http_request") { self.class.get("/authentication/#{api_key}", {:headers => request.get_xreferer_auth_headers, :request => {:application_name => LockBox.config['application_name']}}) } = (auth_response.code == 200) cache_key_response_if_allowed(api_key, auth_response) if {:authorized => , :headers => response_headers(auth_response)} end |
#cache_string_for_hmac(hmac_id) ⇒ Object
52 53 54 |
# File 'lib/lockbox_middleware.rb', line 52 def cache_string_for_hmac(hmac_id) "lockbox_hmac_#{hmac_id.gsub(/[^a-z0-9]/i,'_')}" end |
#cache_string_for_key(api_key) ⇒ Object
48 49 50 |
# File 'lib/lockbox_middleware.rb', line 48 def cache_string_for_key(api_key) "lockbox_key_#{api_key}" end |
#call(env) ⇒ Object
44 45 46 |
# File 'lib/lockbox_middleware.rb', line 44 def call(env) time_it("call") { dup.call!(env) } end |
#call!(env) ⇒ Object
60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 |
# File 'lib/lockbox_middleware.rb', line 60 def call!(env) protected_path = protected_paths.detect{|path| env['PATH_INFO'] =~ path} #if the requested path is protected, it needs to be authenticated if protected_path request = HmacRequest.new_from_rack_env(env) if !request['key'].nil? auth_type = 'key' auth = auth_via_key(request['key'], request) else auth_type = 'hmac' auth = auth_via_hmac(request) end if auth[:authorized] record_it("#{auth_type}.authorized") app_response = @app.call(env) return [app_response[0], app_response[1].merge(auth[:headers]), app_response[2]] else record_it("#{auth_type}.denied") = "Access Denied" return [401, {'Content-Type' => 'text/plain', 'Content-Length' => "#{.length}"}, []] end else #pass everything else straight through to app record_it("unprotected") return @app.call(env) end end |
#protected_paths ⇒ Object
56 57 58 |
# File 'lib/lockbox_middleware.rb', line 56 def protected_paths @@protect_paths ||= self.class.config['protect_paths'].map{ |path| Regexp.new(path) } end |