Skip to content

gnab/sinatra-authorize

BranchesTags

Repository files navigation

sinatra-authorize

Authentication-agnostic rule-based authorization extension for Sinatra

Provides a flexible rule-based authorization framework:

  • Define authorize block for evaluating rules
  • Set default rule for all routes
  • Override default rule per route

Choice of authentication approach is entirely up to the application.

Installation

gem install sinatra-authorize

Usage

Define authorize block for evaluating rules, and optionally set the default rule:

authorize :deny => :all do |rule, args|
  # evaluate rule 
end

Omitting a default rule when defining the authorize block makes :allow => [] the default rule.

Override default rule per route:

get '/', :allow => :all do
  # :allow => :all rule overrides default :deny => :all rule
end

Authorization is performed just before the route is evaluated, after the pattern has been matched and any other conditions have been evaluated.

Usage scenario

Simple scenario with default :allow rule, which is overriden for protected routes:

require 'sinatra'
require 'sinatra/authorize'

enable :sessions

authorize do |rule, args|
  if args == [:user]
    session[:user] != nil
  elsif args == [:admin]
    session[:admin] != nil
  end
end

# Availabe to all, as default rule is :allow => []
get '/' do
end

# Availabe to all, as default rule is :allow => []
post '/authenticate' do
  if params[:username] == 'username' && params[:password] == 'password'
    session[:user] = params[:username]

    if session[:user] == 'admin'
      session[:admin] = true
    end
  end
end

# Only run for authorized user requests, because of override rule 
get '/content/:id', :allow => :user do
end

# Only run for authorized admin requests, because of override rule 
get '/admin/content/:id', :allow => :admin do
end

The authorize block only needs to handle the :allow rules present in the scenario. Also, only the rule arguments used, :user and :admin, are accounted for. No default rule is set when defining the authorize block, thus making :allow => [] the default rule. The routes / and /authenticate is evaluated using the default :allow rule, whereas the /content/:id and /admin/content:id routes override the default rule.

License

sinatra-authorize is licensed under the MIT license. See LICENCE for further details.

About

Smooth authentication-agnostic rule-based authorization extension for Sinatra.

github.com/gnab/sinatra-authorize

Resources

Readme

License

MIT license
Activity

Stars

10 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

2 tags

Packages

No packages published

Languages