Class: Sentiero::Web::BaseApp
- Inherits:
-
Object
- Object
- Sentiero::Web::BaseApp
- Includes:
- Escaping, Formatting
- Defined in:
- lib/sentiero/web/base_app.rb
Overview
Shared, non-routing machinery for the dashboard UI Rack apps (DashboardApp, AnalyticsApp, MonitoringApp): auth, CSRF, escaping, security headers, asset serving, the routing combinators, and the render_page view-rendering entry point. Subclasses implement their own #call routing.
Direct Known Subclasses
Constant Summary collapse
- ASSETS_DIR =
File.("assets", __dir__).freeze
- CSP_POLICY =
[ "default-src 'self'", "script-src 'self'", "style-src 'self' 'unsafe-inline'", "img-src 'self' data:", "frame-src 'self' blob:" ].join("; ").freeze
- CONTENT_TYPES =
{ ".css" => "text/css", ".js" => "application/javascript", ".html" => "text/html", ".png" => "image/png", ".svg" => "image/svg+xml" }.freeze
- AUTH_WARNING_LOCK =
Warn at most once per process: the Roda plugin and /analytics delegation construct apps per request, so a per-construction warning would spam.
Mutex.new
Constants included from Escaping
Escaping::HTML_UNSAFE_IN_SCRIPT, Escaping::HTML_UNSAFE_IN_SCRIPT_PATTERN
Class Method Summary collapse
- .reset_auth_warning! ⇒ Object
-
.warn_unauthenticated_once ⇒ Object
With no auth configured the dashboard fails closed (403) unless allow_insecure_dashboard is set, in which case it serves unauthenticated and we warn once.
Methods included from Formatting
#format_duration, #format_vital, #parse_browser, #parse_device
Methods included from Escaping
#escape_html, #escape_js_string, #escape_json
Class Method Details
.reset_auth_warning! ⇒ Object
70 71 72 |
# File 'lib/sentiero/web/base_app.rb', line 70 def reset_auth_warning! @auth_warning_emitted = false end |
.warn_unauthenticated_once ⇒ Object
With no auth configured the dashboard fails closed (403) unless allow_insecure_dashboard is set, in which case it serves unauthenticated and we warn once. Called on BaseApp so both subclasses share one flag (class ivars aren't inherited).
53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 |
# File 'lib/sentiero/web/base_app.rb', line 53 def warn_unauthenticated_once config = Sentiero.configuration return if config.basic_auth || config.auth_callback return unless config.allow_insecure_dashboard AUTH_WARNING_LOCK.synchronize do return if @auth_warning_emitted @auth_warning_emitted = true end warn "[Sentiero] dashboard mounted with allow_insecure_dashboard and no " \ "authentication (config.basic_auth and config.auth_callback both unset); " \ "session recordings and analytics are publicly accessible to anyone who " \ "can reach this mount. Set config.basic_auth or config.auth_callback to " \ "protect it." end |