Class: RoninSecurity

Inherits:
Object
  • Object
show all
Defined in:
lib/ronin_security.rb

Class Method Summary collapse

Class Method Details

.enforce(url, request) ⇒ Object 



4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
 
# File 'lib/ronin_security.rb', line 4

def self.enforce(url, request)
  puts request
  response = HTTParty.get(url)
  authorizationResponse = JSON.parse(response.body)
  puts authorizationResponse["authorized"]
  otp = request.headers["HTTP_OTP"]
  humantoken = request.headers["HTTP_HUMANTOKEN"]
  devicetoken = request.headers["HTTP_DEVICE_TOKEN"]
  ip = request.remote_ip
  if ip == "::1" || ip == "127.0.0.1"
    realIpData = HTTParty.get("https://api.ipify.org?format=json")
    puts realIpData
    parsedIpData = JSON.parse(realIpData.body)
    ip = parsedIpData["ip"]
  end
  possibletoken = request.headers["HTTP_TOKEN"].split("Bearer ")
  token = request.headers["HTTP_TOKEN"] || possibletoken
  headers = { 
  "method"  => request.method,
  "ip" => ip,
  "token" => token,
  "api" => request.original_url.split(request.original_fullpath)[0],
  "action" => request.original_fullpath,
  "fullActionPath" => request.original_url 
  }

  if devicetoken != nil 
    headers["device_token"] = devicetoken
  end

  if otp != nil 
    headers["otp"] = otp
  end

  if humantoken != nil
    headers["humantoken"] = humantoken
  end
  authorizedMessage = HTTParty.get(url, :headers => headers)
  authorizationResult = JSON.parse(authorizedMessage.body)
  return authorizationResult
end