Class: Katalyst::Basic::Auth::Config

Inherits:

Object

• Object
• Katalyst::Basic::Auth::Config

Extended by:

Enumerable

Defined in:

lib/katalyst/basic/auth/config.rb

Overview

rubocop:disable Metrics/ClassLength

Constant Summary

DEFAULT_USERNAME =

"katalyst"

ROOT_PATH =

"/"

Instance Attribute Summary

• #ip_allowlist ⇒ Object readonly

  Returns the value of attribute ip_allowlist.

• #password ⇒ Object readonly

  Returns the value of attribute password.

• #path ⇒ Object readonly

  Returns the value of attribute path.

• #username ⇒ Object readonly

  Returns the value of attribute username.

Class Method Summary

• .add(path:, username: nil, password: nil, enabled: nil, ip_allowlist: nil) ⇒ Object
• .all ⇒ Object
• .default_ip_allowlist ⇒ Object
• .default_password(username) ⇒ Object
• .default_password_salt ⇒ Object
• .default_username ⇒ Object
• .description ⇒ Object
• .each ⇒ Object
• .enabled? ⇒ Boolean
• .enabled_rails_env? ⇒ Boolean
• .for_path(path) ⇒ Config

  The config for the given path.

• .global ⇒ Config

  The global configuration.

• .rails? ⇒ Boolean
• .reset! ⇒ Object
• .up(path = "/up") ⇒ Object

Instance Method Summary

• #allow_ip?(env) ⇒ Boolean
• #description ⇒ Object
• #enabled? ⇒ Boolean
• #root_path? ⇒ Boolean

Instance Attribute Details

#ip_allowlist ⇒ Object (readonly)

Returns the value of attribute ip_allowlist.

# File 'lib/katalyst/basic/auth/config.rb', line 119

def ip_allowlist
  @ip_allowlist
end

#password ⇒ Object (readonly)

Returns the value of attribute password.

# File 'lib/katalyst/basic/auth/config.rb', line 119

def password
  @password
end

#path ⇒ Object (readonly)

Returns the value of attribute path.

# File 'lib/katalyst/basic/auth/config.rb', line 119

def path
  @path
end

#username ⇒ Object (readonly)

Returns the value of attribute username.

# File 'lib/katalyst/basic/auth/config.rb', line 119

def username
  @username
end

Class Method Details

.add(path:, username: nil, password: nil, enabled: nil, ip_allowlist: nil) ⇒ Object

Parameters:

• path (String) —

  Relative path

• username (String) (defaults to: nil) —

  Basic auth user name

• password (String) (defaults to: nil) —

  Basic auth password

• enabled (Boolean) (defaults to: nil) —

  True to enable basic auth for this path

• ip_allowlist (Array<String>) (defaults to: nil) —

  List of IP addresses or network ranges to allow without basic auth

# File 'lib/katalyst/basic/auth/config.rb', line 36

def add(path:, username: nil, password: nil, enabled: nil, ip_allowlist: nil)
  config = new(
    path:         path,
    username:     username,
    password:     password,
    enabled:      enabled,
    ip_allowlist: ip_allowlist,
  )
  all.delete(all.detect { |i| i.path == config.path })
  all << config
  config
end

.all ⇒ Object

# File 'lib/katalyst/basic/auth/config.rb', line 53

def all
  @all ||= [new, up]
end

.default_ip_allowlist ⇒ Object

# File 'lib/katalyst/basic/auth/config.rb', line 114

def default_ip_allowlist
  ENV.fetch("KATALYST_BASIC_AUTH_IP_ALLOWLIST", "").split(/[\s,]+/)
end

.default_password(username) ⇒ Object

# File 'lib/katalyst/basic/auth/config.rb', line 100

def default_password(username)
  return ENV["KATALYST_BASIC_AUTH_PASS"] if ENV["KATALYST_BASIC_AUTH_PASS"]

  Digest::SHA256.hexdigest("#{default_password_salt}#{username}")[0..15]
end

.default_password_salt ⇒ Object

# File 'lib/katalyst/basic/auth/config.rb', line 106

def default_password_salt
  if rails? && Rails.application.respond_to?(:secret_key_base)
    Rails.application.secret_key_base
  else
    ENV.fetch("SECRET_KEY_BASE", nil)
  end
end

.default_username ⇒ Object

# File 'lib/katalyst/basic/auth/config.rb', line 89

def default_username
  return ENV["KATALYST_BASIC_AUTH_USER"] if ENV["KATALYST_BASIC_AUTH_USER"]
  return DEFAULT_USERNAME unless rails?

  if Rails::VERSION::MAJOR >= 6
    Rails.application.class.module_parent_name.underscore
  else
    Rails.application.class.parent_name.underscore
  end
end

.description ⇒ Object

# File 'lib/katalyst/basic/auth/config.rb', line 65

def description
  output = ["Basic auth settings:", ""]
  all.each do |config|
    output << config.description
    output << ""
  end
  output.join("\n")
end

.each ⇒ Object

# File 'lib/katalyst/basic/auth/config.rb', line 61

def each(&)
  all.each(&)
end

.enabled? ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/katalyst/basic/auth/config.rb', line 74

def enabled?
  global_enabled = ENV.fetch("KATALYST_BASIC_AUTH_ENABLED", enabled_rails_env?)
  [true, "yes", "true"].include?(global_enabled)
end

.enabled_rails_env? ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/katalyst/basic/auth/config.rb', line 79

def enabled_rails_env?
  return false unless rails?

  %w[staging uat].include?(Rails.env)
end

.for_path(path) ⇒ Config

Returns The config for the given path.

Parameters:

• path (String) —

  Request path

Returns:

• (Config) —

  The config for the given path

# File 'lib/katalyst/basic/auth/config.rb', line 19

def for_path(path)
  path ||= ROOT_PATH
  all.sort_by(&:path)
    .reverse
    .detect { |i| path.match(/^#{i.path}/) } || global
end

.global ⇒ Config

Returns The global configuration.

Returns:

• (Config) —

  The global configuration

# File 'lib/katalyst/basic/auth/config.rb', line 27

def global
  all[0]
end

.rails? ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/katalyst/basic/auth/config.rb', line 85

def rails?
  defined?(Rails)
end

.reset! ⇒ Object

# File 'lib/katalyst/basic/auth/config.rb', line 57

def reset!
  @all = [new, up]
end

.up(path = "/up") ⇒ Object

# File 'lib/katalyst/basic/auth/config.rb', line 49

def up(path = "/up")
  new(path: path, enabled: false)
end

Instance Method Details

#allow_ip?(env) ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/katalyst/basic/auth/config.rb', line 129

def allow_ip?(env)
  request = ::Rack::Request.new(env)
  return false unless request.ip

  remote_ip = IPAddr.new(request.ip)
  ip_allowlist.any? { |i| i.include?(remote_ip) }
end

#description ⇒ Object

# File 'lib/katalyst/basic/auth/config.rb', line 137

def description
  output = []
  output << "path:         #{root_path? ? '(global)' : path}"
  output << "enabled:      #{enabled?}"
  output << "username:     #{username}"
  output << "password:     #{password}"
  output << "ip allowlist: #{ip_allowlist.inspect}"
  output.join("\n")
end

#enabled? ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/katalyst/basic/auth/config.rb', line 121

def enabled?
  @enabled
end

#root_path? ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/katalyst/basic/auth/config.rb', line 125

def root_path?
  path == ROOT_PATH
end