Class: ProxES::Security

Inherits:
Object
  • Object
show all
Includes:
Helpers::Authentication, Helpers::Pundit, Helpers::Wisper, Wisper::Publisher
Defined in:
lib/proxes/security.rb

Instance Attribute Summary collapse

Instance Method Summary collapse

Methods included from Helpers::Wisper

#log_action

Methods included from Helpers::Pundit

#authorize, #permitted_attributes, #pundit_user

Methods included from Helpers::Authentication

#authenticate, #authenticate!, #authenticated?, #check_basic, #current_user, #current_user=, #logout

Constructor Details

#initialize(app, logger = nil) ⇒ Security

Returns a new instance of Security.



20
21
22
23
 
# File 'lib/proxes/security.rb', line 20

def initialize(app, logger = nil)
  @app = app
  @logger = logger || Services::Logger.instance
end

Instance Attribute Details

#envObject (readonly)

Returns the value of attribute env.



13
14
15
 
# File 'lib/proxes/security.rb', line 13

def env
  @env
end

#loggerObject (readonly)

Returns the value of attribute logger.



13
14
15
 
# File 'lib/proxes/security.rb', line 13

def logger
  @logger
end

Instance Method Details

#call(env) ⇒ Object 



29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
 
# File 'lib/proxes/security.rb', line 29

def call(env)
  @env = env

  request = Request.from_env(env)

  logger.debug '==========================BEFORE================================================'
  logger.debug '= ' + "Request: #{request.fullpath}".ljust(76) + ' ='
  logger.debug '= ' + "Endpoint: #{request.endpoint}".ljust(76) + ' ='
  logger.debug '================================================================================'

  begin
    check_basic
    authorize request
  rescue StandardError
    log_action(:es_request_denied, details: "#{request.request_method.upcase} #{request.fullpath} (#{request.class.name})")
    logger.debug "Access denied for #{current_user ? current_user.email : 'Anonymous User'} by security layer: #{request.request_method.upcase} #{request.fullpath} (#{request.class.name})"
    return error 'Forbidden', 403
  end
  request.index = policy_scope(request) if request.indices?

  logger.debug '==========================AFTER================================================='
  logger.debug '= ' + "Request: #{request.fullpath}".ljust(76) + ' ='
  logger.debug '= ' + "Endpoint: #{request.endpoint}".ljust(76) + ' ='
  logger.debug '================================================================================'

  begin
    @app.call request.env
  rescue Errno::EHOSTUNREACH
    error 'Could not reach Elasticsearch at ' + ENV['ELASTICSEARCH_URL']
  rescue Errno::ECONNREFUSED
    error 'Elasticsearch not listening at ' + ENV['ELASTICSEARCH_URL']
  end
end

#error(message, code = 500) ⇒ Object 



25
26
27
 
# File 'lib/proxes/security.rb', line 25

def error(message, code = 500)
  [code, { 'Content-Type' => 'application/json' }, ['{"error":"' + message + '}']]
end