Module: Webhookdb::Service::Middleware

Defined in:

lib/webhookdb/service/middleware.rb

Defined Under Namespace

Classes: CopyCookieToExplicitHeader, RequestLogger, SessionLength, SessionReader

Class Method Summary

• .add_common_middleware(builder) ⇒ Object
• .add_cors_middleware(builder) ⇒ Object
• .add_dev_middleware(builder) ⇒ Object
• .add_middlewares(builder) ⇒ Object
• .add_security_middleware(_builder) ⇒ Object

  Add security middleware to builder.

• .add_session_middleware(builder) ⇒ Object

  Add middleware for maintaining sessions to builder.

• .add_ssl_middleware(builder) ⇒ Object

Class Method Details

.add_common_middleware(builder) ⇒ Object

# File 'lib/webhookdb/service/middleware.rb', line 36

def self.add_common_middleware(builder)
  builder.use(Rack::ContentLength)
  builder.use(Rack::Chunked)
  builder.use(Sentry::Rack::CaptureExceptions)
end

.add_cors_middleware(builder) ⇒ Object

# File 'lib/webhookdb/service/middleware.rb', line 23

def self.add_cors_middleware(builder)
  builder.use(Rack::Cors) do
    allow do
      origins(*Webhookdb::Service.cors_origins)
      resource "*",
               headers: :any,
               methods: :any,
               credentials: true,
               expose: ["ETag", Webhookdb::Service::AUTH_TOKEN_HEADER]
    end
  end
end

.add_dev_middleware(builder) ⇒ Object

# File 'lib/webhookdb/service/middleware.rb', line 42

def self.add_dev_middleware(builder)
  builder.use(Rack::ShowExceptions)
  builder.use(Rack::Lint)
end

.add_middlewares(builder) ⇒ Object

# File 'lib/webhookdb/service/middleware.rb', line 12

def self.add_middlewares(builder)
  self.add_cors_middleware(builder)
  self.add_common_middleware(builder)
  self.add_dev_middleware(builder) if Webhookdb::Service.devmode
  self.add_ssl_middleware(builder) if Webhookdb::Service.enforce_ssl
  self.add_session_middleware(builder)
  self.add_security_middleware(builder)
  Webhookdb::Service::Auth.add_warden_middleware(builder)
  builder.use(RequestLogger)
end

.add_security_middleware(_builder) ⇒ Object

Add security middleware to builder.

# File 'lib/webhookdb/service/middleware.rb', line 60

def self.add_security_middleware(_builder)
  # session_hijacking causes issues in integration tests...?
  # builder.use Rack::Protection, except: :session_hijacking
end

.add_session_middleware(builder) ⇒ Object

Add middleware for maintaining sessions to builder.

# File 'lib/webhookdb/service/middleware.rb', line 52

def self.add_session_middleware(builder)
  builder.use CopyCookieToExplicitHeader
  builder.use Rack::Session::Cookie, Webhookdb::Service.cookie_config
  builder.use SessionLength
  builder.use(SessionReader)
end

.add_ssl_middleware(builder) ⇒ Object

# File 'lib/webhookdb/service/middleware.rb', line 47

def self.add_ssl_middleware(builder)
  builder.use(Rack::SslEnforcer, redirect_html: false)
end