Class: LockBox

Inherits:
Object
  • Object
show all
Includes:
HTTPotato, LockBoxCache
Defined in:
lib/lockbox_middleware.rb

Constant Summary collapse

@@config =
nil
@@protected_paths =
nil

Instance Attribute Summary collapse

Class Method Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(app) ⇒ LockBox

Returns a new instance of LockBox.



38
39
40
41
42
# File 'lib/lockbox_middleware.rb', line 38

def initialize(app)
  @app = app
  @cache = LockBoxCache::Cache.new
  @graphite = setup_graphite
end

Instance Attribute Details

#cacheObject

Returns the value of attribute cache.



11
12
13
# File 'lib/lockbox_middleware.rb', line 11

def cache
  @cache
end

Class Method Details

.configObject



16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
# File 'lib/lockbox_middleware.rb', line 16

def self.config
  return @@config if @@config
  #use rails config if it's there
  if defined?(Rails) && Rails.root
    config_file = Rails.root.join('config','lockbox.yml')
    @@config = YAML.load_file(config_file)[Rails.env]
  else
    env = ENV['RACK_ENV'] || "test"
    config_file = File.join(Dir.pwd, 'config','lockbox.yml')
    all_configs = YAML.load_file(config_file)
    if !all_configs['all'].nil?
      $stderr.puts "The 'all' environment is deprecated in lockbox.yml; use built-in yaml convention instead."
      @@config = all_configs['all'].merge!(all_configs[env])
    else
      @@config = all_configs[env]
    end
  end
  return @@config
end

Instance Method Details

#auth_via_hmac(hmac_request) ⇒ Object



103
104
105
106
107
108
109
110
111
112
113
114
# File 'lib/lockbox_middleware.rb', line 103

def auth_via_hmac(hmac_request)
  cached_auth = check_hmac_cache(hmac_request)
  return {:authorized => cached_auth, :headers => {}} if cached_auth

  auth_response = time_it("hmac.http_request") {
    self.class.get("/authentication/hmac", {:headers => hmac_request.get_xreferer_auth_headers, :request => {:application_name => LockBox.config['application_name']}})
  }

  authorized = (auth_response.code == 200)
  cache_hmac_response_if_allowed(hmac_request, auth_response) if authorized
  {:authorized => authorized, :headers => response_headers(auth_response)}
end

#auth_via_key(api_key, request) ⇒ Object



89
90
91
92
93
94
95
96
97
98
99
100
101
# File 'lib/lockbox_middleware.rb', line 89

def auth_via_key(api_key, request)
  cached_auth = check_key_cache(api_key)
  # currently we don't cache forward headers
  return {:authorized => cached_auth, :headers => {}} if cached_auth

  auth_response = time_it("key.http_request") { 
    self.class.get("/authentication/#{api_key}", {:headers => request.get_xreferer_auth_headers, :request => {:application_name => LockBox.config['application_name']}})
  }

  authorized = (auth_response.code == 200)
  cache_key_response_if_allowed(api_key, auth_response) if authorized
  {:authorized => authorized, :headers => response_headers(auth_response)}
end

#cache_string_for_hmac(hmac_id) ⇒ Object



52
53
54
# File 'lib/lockbox_middleware.rb', line 52

def cache_string_for_hmac(hmac_id)
  "lockbox_hmac_#{hmac_id.gsub(/[^a-z0-9]/i,'_')}"
end

#cache_string_for_key(api_key) ⇒ Object



48
49
50
# File 'lib/lockbox_middleware.rb', line 48

def cache_string_for_key(api_key)
  "lockbox_key_#{api_key}"
end

#call(env) ⇒ Object



44
45
46
# File 'lib/lockbox_middleware.rb', line 44

def call(env)
  time_it("call") { dup.call!(env) }
end

#call!(env) ⇒ Object



60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
# File 'lib/lockbox_middleware.rb', line 60

def call!(env)
  protected_path = protected_paths.detect{|path| env['PATH_INFO'] =~ path}
  #if the requested path is protected, it needs to be authenticated
  if protected_path
      request = HmacRequest.new_from_rack_env(env)
      if !request['key'].nil?
        auth_type = 'key'
        auth = auth_via_key(request['key'], request)
      else
        auth_type = 'hmac'
        auth = auth_via_hmac(request)
      end

      if auth[:authorized]
        record_it("#{auth_type}.authorized")
        app_response = @app.call(env)
        return [app_response[0], app_response[1].merge(auth[:headers]), app_response[2]]
      else
        record_it("#{auth_type}.denied")
        message = "Access Denied"
        return [401, {'Content-Type' => 'text/plain', 'Content-Length' => "#{message.length}"}, [message]]
      end
  else
    #pass everything else straight through to app
    record_it("unprotected")
    return @app.call(env)
  end
end

#protected_pathsObject



56
57
58
# File 'lib/lockbox_middleware.rb', line 56

def protected_paths
  @@protect_paths ||= self.class.config['protect_paths'].map{ |path| Regexp.new(path) }
end