RubygemsResearch

Sha256: 42631558d0a16f499864e7d03fbb0e243868fd5a3e94091bd080efe4005b2dc2

Contents?: true

Size: 982 Bytes

Versions: 6

Compression:

Stored size: 982 Bytes

# frozen_string_literal: true

require 'rails/auth/rack'

class TransportACL < Rails::Auth::ErrorPage::Middleware
  class X509Matcher
    def initialize(options)
      @options = options.freeze
    end

    def match(env)
      certificate = Rails::Auth::X509::Certificate.new(env['puma.peercert'])
      # This can be extended fairly easily to search OpenSSL::X509::Certificate#extensions for subjectAltNames.
      @options.all? { |name, value| certificate[name] == value }
    end
  end

  def initialize(app, whitelist)
    acls = []
    whitelist.each do |entry|
      acls << {
        'resources' => [
          {
            'method' => 'ALL',
            'path' => '/.*'
          }
        ],
        'allow_x509_subject' => {
          'cn' => entry
        }
      }
    end
    acl = Rails::Auth::ACL.new(acls, matchers: { allow_x509_subject: X509Matcher })
    mid = Rails::Auth::ACL::Middleware.new(app, acl: acl)
    super(mid, page_body: 'Access denied')
  end
end

Version data entries

6 entries across 6 versions & 1 rubygems

Version	Path
bolt-1.1.0	lib/bolt_ext/server_acl.rb
bolt-1.0.0	lib/bolt_ext/server_acl.rb
bolt-0.25.0	lib/bolt_ext/server_acl.rb
bolt-0.24.0	lib/bolt_ext/server_acl.rb
bolt-0.23.0	lib/bolt_ext/server_acl.rb
bolt-0.22.0	lib/bolt_ext/server_acl.rb