Module: Webhookdb::Apps

Defined in:
lib/webhookdb/apps.rb

Defined Under Namespace

Classes: API, AdminAPI

Constant Summary collapse

SidekiqWeb = 
Rack::Builder.new do
  use Sentry::Rack::CaptureExceptions if Webhookdb::Sentry.enabled?
  use Rack::Auth::Basic, "Protected Area" do |username, password|
    # Protect against timing attacks: (https://codahale.com/a-lesson-in-timing-attacks/)
    # - Use & (do not use &&) so that it doesn't short circuit.
    # - Use digests to stop length information leaking
    Rack::Utils.secure_compare(
      ::Digest::SHA256.hexdigest(username),
      ::Digest::SHA256.hexdigest(Webhookdb::Async.web_username),
    ) & Rack::Utils.secure_compare(
      ::Digest::SHA256.hexdigest(password),
      ::Digest::SHA256.hexdigest(Webhookdb::Async.web_password),
    )
  end
  use Rack::Session::Cookie, secret: Webhookdb::Service.session_secret, same_site: true, max_age: 86_400
  run Sidekiq::Web
end
Webterm = 
Rack::Builder.new do
  use(Rack::SslEnforcer, {redirect_html: false}) if Webhookdb::Webterm.enforce_ssl
  use Rack::Deflater
  use Rack::ConditionalGet
  use Rack::ETag
  map "/" do
    use Webhookdb::Webterm::RedirectIndexHtmlToRoot
    use Webhookdb::Webterm::ServeIndexHtmlFromRoot
    run Webhookdb::Webterm::Files
  end
end