Class: Sekisyo::Middleware

Inherits:

Object

• Object
• Sekisyo::Middleware

Defined in:

lib/sekisyo/middleware.rb

Overview

Sekisyo Middleware is rack middleware for input validation.

Class Method Summary

• .configuration ⇒ Sekisyo::Configuration

  Configuration object, wrapper for Hashie::Mash.

• .configure(**options) ⇒ void

  Options * :file_paths(Array<String>) — Whitelist yml file paths.

• .option(name, value = nil) ⇒ void
• .whitelist ⇒ Sekisyo::Whitelist

  Whitelist of parameters to be received per request.

Instance Method Summary

• #call(env) ⇒ Object
• #initialize(app) ⇒ Middleware constructor

  A new instance of Middleware.

Constructor Details

#initialize(app) ⇒ Middleware

Returns a new instance of Middleware.

# File 'lib/sekisyo/middleware.rb', line 58

def initialize(app)
  @app = app
  @configuration = self.class.configuration.dup
  @whitelist = self.class.whitelist.dup
  @logger = @configuration.logger
  @allow_keys = @configuration.allow_keys.map(&:to_s)
end

Class Method Details

.configuration ⇒ Sekisyo::Configuration

Returns Configuration object, wrapper for Hashie::Mash.

Returns:

• (Sekisyo::Configuration) —

  Configuration object, wrapper for Hashie::Mash.

# File 'lib/sekisyo/middleware.rb', line 12

def configuration
  @configuration ||= Sekisyo::Configuration.new
end

.configure(**options) ⇒ void

This method returns an undefined value.

Options

• :file_paths(Array<String>) — Whitelist yml file paths.

• :undefined_request(Symbol, nil) — Specifies what to do with the validation results if whitelist does not contain a description. Available values are nil(default), :warning, :failure

• :logger(Logger) — Specify log class instances.

• :allow_keys(Array<Symbol, String>) — Specifies the top-level key of the parameter to be exempt from validation.

Yield

• (Sekisyo::Configuration)

Parameters:

• options (Hash) —

  Override configuration with this value.

# File 'lib/sekisyo/middleware.rb', line 39

def configure(**options)
  if block_given?
    yield configuration
  else
    configuration.deep_merge!(options)
  end
end

.option(name, value = nil) ⇒ void

This method returns an undefined value.

Parameters:

• name (Symbol) —

  Configuration key

• value (Any) (defaults to: nil) —

  Configuration value

# File 'lib/sekisyo/middleware.rb', line 53

def option(name, value = nil)
  configuration[name] = value
end

.whitelist ⇒ Sekisyo::Whitelist

Returns Whitelist of parameters to be received per request.

Returns:

• (Sekisyo::Whitelist) —

  Whitelist of parameters to be received per request

# File 'lib/sekisyo/middleware.rb', line 19

def whitelist
  @whitelist ||= Sekisyo::Whitelist.new.parse(*configuration.file_paths)
end

Instance Method Details

#call(env) ⇒ Object

# File 'lib/sekisyo/middleware.rb', line 71

def call(env)
  return @app.call(env) if valid?(env)

  code   = 400
  body   = ['Bad request']
  header = { 'Content-Type' => 'text/html;charset=utf-8',
             'Content-Length' => body.sum(&:bytesize).to_s,
             'X-XSS-Protection' => '1;mode=block',
             'X-Content-Type-Options' => 'nosniff',
             'X-Frame-Options' => 'SAMEORIGIN' }
  [code, header, body]
end