Module: Auth::Centric::Firewall

Defined in:
lib/auth/centric/firewall.rb,
lib/auth/centric/firewall/version.rb,
lib/auth/centric/firewall/constants.rb,
lib/auth/centric/firewall/capture_request.rb

Overview

Client firewall module

Defined Under Namespace

Classes: CaptureRequest, Error

Constant Summary collapse

VERSION = 
'0.1.0'
IGNORE_HEADER_KEYS = 
%w[
  HTTP_HOST
  HTTP_REFERER
  HTTP_IF_NONE_MATCH
  HTTP_CACHE_CONTROL
  ORIGINAL_FULLPATH
  PATH_INFO
  QUERY_STRING
  REMOTE_ADDR
  REQUEST_URI
  REQUEST_PATH
  REQUEST_METHOD
  SERVER_NAME
  SERVER_SOFTWARE
  warden
].freeze
IGNORE_IP = 
%w[
  0.0.0.0
  127.0.0.1
  127.0.0.2
].freeze
IGNORE_REQUEST = 
%w[/ delayed_job favicon.ico robots.txt ads.txt humans.txt].freeze

Instance Method Summary collapse

Instance Method Details

#log_firewall(request, forced: false, exception: nil) ⇒ Object 



16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
 
# File 'lib/auth/centric/firewall.rb', line 16

def log_firewall(request, forced: false, exception: nil)
  return true unless enabled?

  unless forced
    return true if IGNORE_IP.include?(request.remote_ip)
    return true if IGNORE_REQUEST.include?(request.original_fullpath)
  end

  cr = CaptureRequest.new(request)
  payload = { request: cr.as_json, exception: }

  http = HTTP
         .timeout(timeout_seconds)
         .headers(apikey:)
         .post(capture_path, json: payload)

  http.status == 200
rescue HTTP::TimeoutError
  true
end

#valid_ip?(request, forced: false) ⇒ Boolean

Returns:

  • (Boolean) 


37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
 
# File 'lib/auth/centric/firewall.rb', line 37

def valid_ip?(request, forced: false)
  return true unless enabled?

  ip_address = request.env['HTTP_X_FORWARDED_FOR'] || request.remote_ip
  return true if !forced && IGNORE_IP.include?(ip_address)

  http = HTTP
         .timeout(timeout_seconds)
         .headers(apikey:)
         .get(ip_status_path(ip_address))

  case http.status
    when 200, 202
      true
    when 403
      false
    else
      raise Error, "#{http.status}: #{http.body}"
  end
rescue HTTP::TimeoutError
  true
end