require 'rack/auth/basic'
require 'hws_settings'
require 'cloud/auth'
module Auth
# We setup our middleware to generally require Basic authentication that
# indicates our Perforce login and ticket.
#
# This should be applied *after* HWSSettings, since we might not know which
# server we are connecting to.
class Middleware
def initialize(app, options = {})
@app = app
@unauthenticated_paths = []
if options[:unauthenticated_paths]
@unauthenticated_paths.concat(options[:unauthenticated_paths])
end
end
def call(env)
return @app.call(env) if unauthenticated_path?(env)
auth = Rack::Auth::Basic::Request.new(env)
if auth.provided? && auth.basic?
Cloud::Settings.cloud_enabled? ?
begin
return unauthenticated_error unless Cloud::Auth::valid_session?(env, auth)
rescue Exception => e
env['AUTH_CREDENTIALS'] = nil
env['p4'] = nil
return unauthenticated_error
end :
begin
check_and_establish_p4_session(env, auth)
rescue P4Exception
env['AUTH_CREDENTIALS'] = nil
env['p4'] = nil
return unauthenticated_error
end
return @app.call(env)
end
unauthenticated_error
end
def check_and_establish_p4_session(env, auth)
env['AUTH_CREDENTIALS'] = auth.credentials
p4 = P4Util.open_from_env(env)
p4.connect
results = p4.run_user('-o')
env['p4.user'] = results.first
env['p4'] = p4
end
def unauthenticated_path?(env)
@unauthenticated_paths.any? do |pathspec|
(env['REQUEST_METHOD'] == pathspec[:method]) &&
((pathspec[:path].is_a?(String) && pathspec[:path] == env['PATH_INFO']) ||
(pathspec[:path].is_a?(Regexp) && pathspec[:path].match(env['PATH_INFO'])))
end
end
def unauthenticated_error
[
403,
{ 'Content-Type' => 'text/plain',
'Content-Length' => '0',
'WWW-Authenticate' => 'Basic realm="Perforce Web API"' },
[]
]
end
end
end | # | Change | User | Description | Committed | |
|---|---|---|---|---|---|
| #4 | 16148 | Doug Scheirer | Merge from main | ||
| #3 | 15872 | Doug Scheirer |
More tweaks for Cloud environment, still have HVE_... nil issues in client test env |
||
| #2 | 15854 | Doug Scheirer |
Cloud auth and projects Still getting 2 extra project errors even thought nothing is configured to be cloud enabled |
||
| #1 | 15688 | Doug Scheirer |
Populate -o //guest/perforce_software/helix-web-services/... //guest/doug_scheirer/helix-web-services/.... |
||
| //guest/perforce_software/helix-web-services/main/source/helix_web_services/lib/auth/middleware.rb | |||||
| #1 | 15622 | tjuricek |
Move source code to 'source/' subdirectory of branch. build/ will remain where it is. |
||
| //guest/perforce_software/helix-web-services/main/helix_web_services/lib/auth/middleware.rb | |||||
| #4 | 15545 | tjuricek | Place in config and hooks for Helix Cloud authentication. | ||
| #3 | 15073 | tjuricek | Update Auth::Middleware and add spec | ||
| #2 | 15032 | tjuricek |
Starting config and doc revisions. System is now broken while revisions underway. Configuration of the p4d connection is now done via a single HWSSettings middleware object injected into the Rack env. The HWSP4Cleanup middleware now cleans up any p4 injected into the Rack env. The Auth::App class now mostly just contains one method to generate a p4 ticket. /auth/v1/login. Added yard documentation for the main project. Yard docs have been reconfigured to dump into build/ directories. This should probably be done with each release. Hm... The top level rake file contains a task, 'all:doc', to update our documentation. This should probably be run for each checkin. Hm... Specs are now using Rack::Test on top of a 'live' p4d. I'd suggest you still use the p4util mechanism, which now dumps to a /tmp folder, so we can safely add P4IGNORE rules back into your local .p4config file. Old 'perforce' application now called 'helix_versioning_engine'. Removing cache data. Helix Sync may be slow. It may also get axed. We'll see. |
||
| #1 | 13799 | tjuricek |
Start with branch specs hosting in a new monolithic 'helix web services' project. Converting from a microservice to a monolithic architecture due to resource constraints at getting a deployable system running. Additionally, since it's not expected that people will upgrade often, the major benefit of microservices - being able to add services individually without affecting others - is not really a major benefit. The Ruby SDK will be consolidated into a single 'helix web services client' project. It may end up being distributed via Rubygems. This only runs branch specs at the moment. I want to get a CD pipeline setup for the monolithic server before revising more methods. |
||