From f44db58512885240d90f8a8786d5a68ac8ddce80 Mon Sep 17 00:00:00 2001 From: Beth Skurrie Date: Wed, 14 Sep 2022 12:08:20 +1000 Subject: [PATCH] feat: allow rack protection use and except options to be configured --- lib/pact_broker/app.rb | 9 ++++++++- lib/pact_broker/config/runtime_configuration.rb | 10 ++++++++++ .../config/runtime_configuration_documentation_spec.rb | 2 ++ 3 files changed, 20 insertions(+), 1 deletion(-) diff --git a/lib/pact_broker/app.rb b/lib/pact_broker/app.rb index 8106a309e..af8730558 100644 --- a/lib/pact_broker/app.rb +++ b/lib/pact_broker/app.rb @@ -217,7 +217,14 @@ def configure_basic_auth def configure_rack_protection if configuration.use_rack_protection - @app_builder.use Rack::Protection, except: [:path_traversal, :remote_token, :session_hijacking, :http_origin] + rack_protection_options = { + logger: logger, + use: configuration.rack_protection_use, + except: configuration.rack_protection_except + }.compact + + logger.info("Configuring Rack::Protection", payload: rack_protection_options) + @app_builder.use Rack::Protection, rack_protection_options is_hal_browser = ->(env) { env["PATH_INFO"] == "/hal-browser/browser.html" } not_hal_browser = ->(env) { env["PATH_INFO"] != "/hal-browser/browser.html" } diff --git a/lib/pact_broker/config/runtime_configuration.rb b/lib/pact_broker/config/runtime_configuration.rb index b49b39fcc..e2a3a7152 100644 --- a/lib/pact_broker/config/runtime_configuration.rb +++ b/lib/pact_broker/config/runtime_configuration.rb @@ -68,6 +68,8 @@ class RuntimeConfiguration < Anyway::Config use_hal_browser: true, enable_diagnostic_endpoints: true, use_rack_protection: true, + rack_protection_use: nil, + rack_protection_except: [:path_traversal, :remote_token, :session_hijacking, :http_origin], # Beth: not sure why these are disabled badge_provider_mode: :redirect, enable_public_badge_access: false, shields_io_base_url: "https://img.shields.io", @@ -180,6 +182,14 @@ def features= features super(value_to_string_array(features, "features").collect(&:downcase)) end + def rack_protection_use= rack_protection_use + super(value_to_string_array(rack_protection_use, "rack_protection_use")&.collect(&:to_sym)) + end + + def rack_protection_except= rack_protection_except + super(value_to_string_array(rack_protection_except, "rack_protection_except")&.collect(&:to_sym)) + end + def webhook_certificates= webhook_certificates if webhook_certificates.is_a?(Array) super(webhook_certificates.collect(&:symbolize_keys)) diff --git a/spec/lib/pact_broker/config/runtime_configuration_documentation_spec.rb b/spec/lib/pact_broker/config/runtime_configuration_documentation_spec.rb index cdb14ebdc..6388aef7f 100644 --- a/spec/lib/pact_broker/config/runtime_configuration_documentation_spec.rb +++ b/spec/lib/pact_broker/config/runtime_configuration_documentation_spec.rb @@ -10,6 +10,8 @@ module Config :warning_error_class_names, :log_configuration_on_startup, :use_rack_protection, + :rack_protection_use, + :rack_protection_except, :use_case_sensitive_resource_names, :order_versions_by_date, :base_equality_only_on_content_that_affects_verification_results,