
Security News
Open Source CAI Framework Handles Pen Testing Tasks up to 3,600× Faster Than Humans
CAI is a new open source AI framework that automates penetration testing tasks like scanning and exploitation up to 3,600× faster than humans.
A dead simple rack middleware for cookie authentication. This middleware enhances an existing auth solution by providing access to multiple apps (which may have their own authentication code) from a single cookie. This was originally created to prevent access to a set of staging apps. We use our own key/secret and cookie here so that the staging apps can maintain their own cookie secrets and authentication solutions.
For rails, create an initializer file with something like:
MyApp::Application.config.middleware.use Rack::SimpleAuth,
key: 'your_cookie_key', # required
secret: 'my_long_secret', # required
login_url: 'http://url_where_user_will_be_redirected_to_authenticate.com', # required
authenticated_with: Proc.new { |value| true }, # optional: must return a boolean
except: Proc.new { |request| request.path.match(/exclude_path/) } # optional
By default, the middleware doesn't actually check the value of the cookie, only that the correct key exists and hasn't been tampered with. You can add more complex rules by passing the authenticated_with
option with a proc that takes the cookie value as its only argument.
For example:
# assuming you had a User model and the cookie value is a user_id
authenticated_with: Proc.new { |value| user = User.find(value) && user.admin? }
To bypass rack-simple-auth on certain conditions, you can pass in the except option a Proc to determine whether a page should be publicly viewable. The Proc will receive as an argument the request object.
For example:
# allow public viewing of a single page
except: Proc.new { |request| request.path == '/everyone' }
# allow public viewing of a particular domain
except: Proc.new { |request| request.host == 'public.example.com' }
The middleware relies on you creating a custom cookie with your own authentication code. Your authentication cookie code can decide which domain this cookie applies to, allowing you to create a universal access token for all apps on a particular subdomain.
Example cookie code:
# called after a user has authenticated
def save_auth_cookie
packed_data = [my_cookie_data.to_s].pack('m*')
hmac = OpenSSL::HMAC.hexdigest(OpenSSL::Digest::SHA1.new, YOUR_SECRET, packed_data)
cookies[YOUR_KEY] = { domain: '.yourdomain.com', value: "#{packed_data}--#{hmac}" }
end
If cookie authentication fails in the middleware, it will redirect the user to the url provided in the login_url
option. The middleware will also send the requested url in the return_to param so that you may redirect the user back to the requested url once they have authenticated.
FAQs
Unknown package
We found that rack-simple-auth demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
CAI is a new open source AI framework that automates penetration testing tasks like scanning and exploitation up to 3,600× faster than humans.
Security News
Deno 2.4 brings back bundling, improves dependency updates and telemetry, and makes the runtime more practical for real-world JavaScript projects.
Security News
CVEForecast.org uses machine learning to project a record-breaking surge in vulnerability disclosures in 2025.