{"id":13777048,"url":"https://github.com/gnab/sinatra-authorize","last_synced_at":"2025-05-11T10:31:33.952Z","repository":{"id":62558787,"uuid":"1623121","full_name":"gnab/sinatra-authorize","owner":"gnab","description":"Smooth authentication-agnostic rule-based authorization extension for Sinatra.","archived":false,"fork":false,"pushed_at":"2011-05-21T18:59:30.000Z","size":100,"stargazers_count":10,"open_issues_count":0,"forks_count":0,"subscribers_count":3,"default_branch":"master","last_synced_at":"2025-04-25T09:55:36.517Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"https://github.com/gnab/sinatra-authorize","language":"Ruby","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/gnab.png","metadata":{"files":{"readme":"README.md","changelog":"HISTORY.md","contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2011-04-16T14:28:31.000Z","updated_at":"2023-09-02T20:16:10.000Z","dependencies_parsed_at":"2022-11-03T10:00:21.067Z","dependency_job_id":null,"html_url":"https://github.com/gnab/sinatra-authorize","commit_stats":null,"previous_names":[],"tags_count":2,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/gnab%2Fsinatra-authorize","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/gnab%2Fsinatra-authorize/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/gnab%2Fsinatra-authorize/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/gnab%2Fsinatra-authorize/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/gnab","download_url":"https://codeload.github.com/gnab/sinatra-authorize/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":253551815,"owners_count":21926368,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-08-03T18:00:36.812Z","updated_at":"2025-05-11T10:31:32.615Z","avatar_url":"https://github.com/gnab.png","language":"Ruby","funding_links":[],"categories":["Authroization"],"sub_categories":[],"readme":"# sinatra-authorize\n\n### Authentication-agnostic rule-based authorization extension for Sinatra\n\nProvides a flexible rule-based authorization framework:\n\n* Define `authorize` block for evaluating rules\n* Set default rule for all routes\n* Override default rule per route\n\nChoice of authentication approach is entirely up to the application.\n\n### Installation\n\n    gem install sinatra-authorize\n\n### Usage\n\nDefine `authorize` block for evaluating rules, and optionally set the default rule:\n\n    authorize :deny =\u003e :all do |rule, args|\n      # evaluate rule \n    end\n\nOmitting a default rule when defining the `authorize` block makes \n`:allow =\u003e []` the default rule.\n\nOverride default rule per route:\n\n    get '/', :allow =\u003e :all do\n      # :allow =\u003e :all rule overrides default :deny =\u003e :all rule\n    end\n\nAuthorization is performed just before the route is evaluated, after the\npattern has been matched and any other conditions have been evaluated.\n\n#### Usage scenario\n\nSimple scenario with default `:allow` rule, which is overriden for protected \nroutes:\n\n    require 'sinatra'\n    require 'sinatra/authorize'\n\n    enable :sessions\n\n    authorize do |rule, args|\n      if args == [:user]\n        session[:user] != nil\n      elsif args == [:admin]\n        session[:admin] != nil\n      end\n    end\n\n    # Availabe to all, as default rule is :allow =\u003e []\n    get '/' do\n    end\n\n    # Availabe to all, as default rule is :allow =\u003e []\n    post '/authenticate' do\n      if params[:username] == 'username' \u0026\u0026 params[:password] == 'password'\n        session[:user] = params[:username]\n\n        if session[:user] == 'admin'\n          session[:admin] = true\n        end\n      end\n    end\n\n    # Only run for authorized user requests, because of override rule \n    get '/content/:id', :allow =\u003e :user do\n    end\n\n    # Only run for authorized admin requests, because of override rule \n    get '/admin/content/:id', :allow =\u003e :admin do\n    end\n\nThe `authorize` block only needs to handle the `:allow` rules present in the \nscenario. Also, only the rule arguments used, `:user` and `:admin`, are \naccounted for. No default rule is set when defining the `authorize` block, \nthus making `:allow =\u003e []` the default rule. The routes `/` and `/authenticate` \nis evaluated using the default `:allow` rule, whereas the `/content/:id` and \n`/admin/content:id` routes override the default rule.\n\n### License \n\nsinatra-authorize is licensed under the MIT license. See LICENCE for further \ndetails.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fgnab%2Fsinatra-authorize","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fgnab%2Fsinatra-authorize","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fgnab%2Fsinatra-authorize/lists"}