Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Rack から見るミドルウェアの世界

Avatar for otomi otomi
April 23, 2021
0
780

Rack から見るミドルウェアの世界

「omniauth を使って GitHub 認証を実装する」のプラクティスをやっているときに読んだパーフェクト Ruby on Rails に以下のような記述があり興味を持ったので、Rack とたわむれてみてミドルウェアの世界を覗き見してみます。
Avatar for otomi

otomi

April 23, 2021
Tweet

More Decks by otomi

See All by otomi
ロリポップ!のメール送信の信頼性向上についての取り組み
Avatar for otomi ot0m1
0
1.3k

Featured

See All Featured
Exploring the Power of Turbo Streams & Action Cable | RailsConf2023
Avatar for Kevin Liebholz kevinliebholz
33
5.9k
Being A Developer After 40
Avatar for Adrian Kosmaczewski akosma
90
590k
How to Create Impact in a Changing Tech Landscape [PerfNow 2023]
Avatar for Tammy Everts tammyeverts
53
2.8k
Embracing the Ebb and Flow
Avatar for Simon Collison colly
86
4.7k
Reflections from 52 weeks, 52 projects
Avatar for Jefferson Lam jeffersonlam
351
20k
Facilitating Awesome Meetings
Avatar for Lara Hogan lara
54
6.4k
Why You Should Never Use an ORM
Avatar for John Nunemaker jnunemaker
PRO
56
9.4k
JavaScript: Past, Present, and Future - NDC Porto 2020
Avatar for David Neal reverentgeek
48
5.4k
Design and Strategy: How to Deal with People Who Don’t "Get" Design
Avatar for Morgane Peng morganepeng
130
19k
How to Ace a Technical Interview
Avatar for Jacob Kaplan-Moss jacobian
277
23k
Bash Introduction
Avatar for André Augusto Costa Santos 62gerente
614
210k
Visualization
Avatar for Eitan Lees eitanlees
146
16k

Transcript

  1. Rack ͔ΒݟΔϛυϧ΢ΣΞͷੈք @ot0m1 https://github.com/ot0m1/

  2. ͳͥ Rack Λ৮Ζ͏ͱࢥ͔ͬͨ ʮomniauth Λ࢖ͬͯ GitHub ೝূΛ࣮૷͢ΔʯͷϓϥΫςΟεΛ΍͍ͬͯΔͱ͖ʹಡΜͩύʔϑΣΫτ Ruby on Rails

    ʹҎԼͷΑ͏ͳهड़͕͋ΓڵຯΛ࣋ͬͨͨΊɻ ΞΫηεΛड͚औΔͱ͸ʁͲΜͳಈ͖Λ͍ͯ͠Δͷ͔ͱ͍͏ͱ͜ΖΛௐ΂͔ͨͬͨɻ “ OmniAuth͸Rackϛυϧ΢ΣΞͱͯ͠ಈ࡞͠ɺʮ/auth/:providerʯͱ͍͏URLͷϧʔϧʹϚον ͢ΔΞΫηεΛड͚औΔͱೝূॲཧΛ։࢝͢ΔΑ͏ʹͳ͍ͬͯ·͢ ”

  3. Rack ͱ͸ WEB αʔόͱ WEB ΞϓϦέʔγϣϯʗϑϨʔϜϫʔΫ ؒͷΠϯλʔϑΣʔεͷ໾ׂΛՌͨ͢ϥΠϒϥϦ https://gihyo.jp/dev/serial/01/ruby/0023

  4. Rack ͕Ͱ͖ͨഎܠ • WSGI ͱ͍͏ɺPython ͷͨΊͷ Web αʔόͱ Web ΞϓϦέʔγϣϯ/ϑϨʔϜϫʔΫؒͷඪ४ΠϯλʔϑΣʔεΛఆΊΔ

    ࢓༷͕͋ΓɺRack ͸͜ͷ WSGI ʹӨڹ͞Εͯ։ൃ͞Εͨ
 • WSGI ͕ఏএ͞Εͨഎܠ͸ɼ౰࣌ Python ੡ͷϑϨʔϜϫʔΫ͸ଟ਺ଘࡏ͍ͯͨ͠΋ͷͷɼ֤ϑϨʔϜϫʔΫͷ࣮૷͸ಛఆ ͷ Web αʔόʹґଘ͍ͯ͠Δ͜ͱ͕ଟ͘ɼ࢖༻͍ͨ͠ϑϨʔϜϫʔΫͷҝʹ؀ڥΛ੍ݶ͞ΕΔͱ͍͏͜ͱ͕͋ͬͨͨΊ
 • ༷ʑͳ Web αʔό΍ϑϨʔϜϫʔΫ͕։ൃ͞Εͯ΋ɼ૒ํ͕ Rack Λ࢖༻ͯ͠ΠϯλʔϑΣʔε෦෼Λ࣮૷͍ͯ͑͢͠͞ Ε͹ɺαʔόͱΞϓϦέʔγϣϯͷ૊Έ߹ΘͤΛؾʹ͠ͳͯ͘Α͘ͳΔ ཁ͸ Web ΞϓϦέʔγϣϯ/ϑϨʔϜϫʔΫ ͱ Web αʔόͷ૊Έ߹ΘͤΛؾʹ͠ͳͯ͘Α͍΋ͷΒ͍͠Ͱ͢ɻ

  5. ΈΜͳ࢖͍ͬͯΔ Rack Sinatora ΍ Ruby on Rails Ͱ΋͜ͷ Rack ͸࢖ΘΕ͍ͯ

    ΔΈ͍ͨʂ

  6. ͬͦ͘͞৮ͬͯΈΔ ࠷ॳʹ؆୯ͳΞϓϦέʔγϣϯΛ࡞ͬͯ Rack ͷΠϯλʔϑΣʔεʹ৮ΕͯΈΔɻ Rack ΞϓϦέʔγϣϯͱͯ͠࠷௿ݶඞཁͳͷ͜ͱ͸࣍ͷ௨Γɻ • call ͱ͍͏ϝιουΛ͍࣋ͬͯΔ͜ͱ
 •

    call ϝιουͷҾ਺ͱͯ͠ Web αʔό͔ΒͷϦΫΤετΛड͚Δ͜ͱ
 • callϝιου͸ɼ࣍ͷཁૉΛؚΉϨεϙϯεΛฦ͢Δ͜ͱ ◦ εςʔλείʔυ ◦ ϨεϙϯεϔομʢHashʣ ◦ ϨεϙϯεϘσΟʢArrayʣ

  7. Ͱ͖·ͨ͠ https://github.com/ot0m1/sibatora GET ϦΫΤετͰϑΥʔϜΛඳըͯ͠ɺPOST ͰϑΥʔϜʹॻ͔Εͨ಺༰Λදࣔ͢Δɻ Rack ͕৭ʑ΍ͬͯ͘ΕΔͷͰ Web αʔόͷ͜ͱΛॻ͔ͳͯ͘΋ɺrackup ͢Ε͹ࣗಈͰαʔόΛىಈ

    ͯ͠ɺϒϥ΢βͰΞΫηεͰ͖ΔΑ͏ʹͯ͘͠ΕΔɻ

  8. ͞Βʹ Rack Ͱϛυϧ΢ΣΞ΋࡞ͬͯΈΔ ΠϯλʔϑΣΠεʹ৮ͬͨͷͰɺࠓ౓͸ϛυϧ΢ΣΞͱͯ͠ͷ Rack ʹ৮Δɻ Web ΞϓϦέʔγϣϯΛ࡞͍ͬͯΔͱɼϦΫΤετ΍ϨεϙϯεΛΞϓϦέʔγϣϯʹߦ͘લ΍ΞϓϦέʔ γϣϯͷॲཧͷޙʹՃ޻ͨ͘͠ͳΔ͜ͱ͕͋Δɻ ྫ͑͹ɼ৚݅ʹԠͯ͡

    URL ͷॻ͖׵͑Λͨ͠ΓɼΤϯίʔσΟϯάͷม׵Λͨ͠ΓɺCookie ͷॲཧΛͨ͠Γɻ ͦ͏͍ͬͨՃ޻ॲཧΛɼαʔόͱΞϓϦέʔγϣϯͷதؒͰߦͳ͏ͷ͕ϛυϧ΢ΣΞɻ ๯಄Ͱ Rack ʹڵຯΛ͖͔͚࣋ͬͨͬͱͳΔ OmniAuth ΋͜ͷΑ͏ͳՃ޻ॲཧΛ͍ͯ͠ΔΒ͍͠ɻ

  9. WAF Λ࡞Δ ͱ͍͏Θ͚Ͱɺ΢ΣϒΞϓϦέʔγϣϯϑϨʔϜ͡Όͳ͍΄͏ͷ WAFʢ΢ΣϒΞϓϦέʔγϣϯϑΝ ΠΞ΢ΥʔϧʣΛ࡞ͬͯΈͨɻ ͖ͬ͞ͷΞϓϦέʔγϣϯʹ URL ͕ॻ͖ࠐ·ΕͨΒܯࠂจͱεςʔλείʔυ 403 Λฦ͢Α͏ʹΑ

    ͏ʹ͢Δɻ

  10. Ͱ͖·ͨ͠ ϑΥʔϜʹ URL Λೖྗͨ͠৔߹ɺϛυϧ΢ΣΞͱͯ͠؆қ΢ΣϒΞϓϦέʔγϣϯϑΝΠΞ΢Υʔϧ ͕࣮ߦ͞Ε 403 ͷϨεϙϯείʔυͱܯࠂจΛදࣔ͠·͢ɻ -> % curl

    http://127.0.0.1:9292/ -X POST -d 'hello' -i HTTP/1.1 200 OK Content-Type: text/html;charset=utf-8 Content-Length: 31 <html><body>hello</body></html>% -> % curl http://127.0.0.1:9292/ -X POST -d 'https://example.com' -i HTTP/1.1 403 Forbidden Content-Type: text/html;charset=utf-8 Content-Length: 68 <html><body>URLΛؚΉจষ͸౤ߘͰ͖·ͤΜ</body></html>%

  11. ϛυϧ΢ΣΞͱͯ͠ಈ͍͍ͯΔ͜ͱ͕֬ೝͰ͖Δ ΞϓϦέʔγϣϯͱͯ͠ͷίʔυ͕ॻ͔Ε͍ͯΔ shibatora.rb ʹ͸Ұ੾ WAF ͷ͜ͱ͕ॻ͔Ε͍ͯͳ͍ ͠ɺshibatora.rb ͸ৗʹϨεϙϯείʔυ 200 Λฦ͢Α͏ʹ͍ͯ͠Δͷʹ

    403 ͕ฦ͞Ε͍ͯΔɻ shibatora_waf.rb ͕ϛυϧ΢ΣΞͱͯ͠ৼΔ෣ͬͯ͘ΕɺαʔόͱΞϓϦέʔγϣϯͷؒͷ௨৴ʹׂΓ ࠐΜͰ͍Δɻ ͱ͍͏Θ͚Ͱ๯಄ͷ OmniAuth ͷৼΔ෣͍ΛͳΜͱͳ͘ΠϝʔδͰ͖·ͨ͠ɻ “ OmniAuth͸Rackϛυϧ΢ΣΞͱͯ͠ಈ࡞͠ɺʮ/auth/:providerʯͱ͍͏URLͷϧʔϧʹϚον ͢ΔΞΫηεΛड͚औΔͱೝূॲཧΛ։࢝͢ΔΑ͏ʹͳ͍ͬͯ·͢ ”

  12. ࠓ೔ͷίʔυ͸ҎԼͷϦϙδτϦʹஔ͍͍ͯ·͢ Ϋϩʔϯͯ͠༡ΜͰΈ͍ͯͩ͘͞ɻ https://github.com/ot0m1/sibatora