Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Rack から見るミドルウェアの世界

Avatar for otomi otomi
April 23, 2021
0
780

Rack から見るミドルウェアの世界

「omniauth を使って GitHub 認証を実装する」のプラクティスをやっているときに読んだパーフェクト Ruby on Rails に以下のような記述があり興味を持ったので、Rack とたわむれてみてミドルウェアの世界を覗き見してみます。
Avatar for otomi

otomi

April 23, 2021
Tweet

More Decks by otomi

See All by otomi
ロリポップ!のメール送信の信頼性向上についての取り組み
Avatar for otomi ot0m1
0
1.3k

Featured

See All Featured
Imperfection Machines: The Place of Print at Facebook
Avatar for Scott Boms scottboms
267
13k
[Rails World 2023 - Day 1 Closing Keynote] - The Magic of Rails
Avatar for Eileen M. Uchitelle eileencodes
35
2.3k
Building Adaptive Systems
Avatar for Chris Keathley keathley
43
2.6k
The Language of Interfaces
Avatar for Des Traynor destraynor
158
25k
Chrome DevTools: State of the Union 2024 - Debugging React & Beyond
Avatar for Addy Osmani addyosmani
7
700
Site-Speed That Sticks
Avatar for Harry Roberts csswizardry
10
660
ReactJS: Keep Simple. Everything can be a component!
Avatar for Pedro Nauck pedronauck
667
120k
Raft: Consensus for Rubyists
Avatar for Patrick Van Stee vanstee
140
7k
Large-scale JavaScript Application Architecture
Avatar for Addy Osmani addyosmani
512
110k
Designing for Performance
Avatar for Lara Hogan lara
609
69k
Build your cross-platform service in a week with App Engine
Avatar for Jose L jlugia
231
18k
The Illustrated Children's Guide to Kubernetes
Avatar for Chris Short chrisshort
48
50k

Transcript

  1. Rack ͔ΒݟΔϛυϧ΢ΣΞͷੈք @ot0m1 https://github.com/ot0m1/

  2. ͳͥ Rack Λ৮Ζ͏ͱࢥ͔ͬͨ ʮomniauth Λ࢖ͬͯ GitHub ೝূΛ࣮૷͢ΔʯͷϓϥΫςΟεΛ΍͍ͬͯΔͱ͖ʹಡΜͩύʔϑΣΫτ Ruby on Rails

    ʹҎԼͷΑ͏ͳهड़͕͋ΓڵຯΛ࣋ͬͨͨΊɻ ΞΫηεΛड͚औΔͱ͸ʁͲΜͳಈ͖Λ͍ͯ͠Δͷ͔ͱ͍͏ͱ͜ΖΛௐ΂͔ͨͬͨɻ “ OmniAuth͸Rackϛυϧ΢ΣΞͱͯ͠ಈ࡞͠ɺʮ/auth/:providerʯͱ͍͏URLͷϧʔϧʹϚον ͢ΔΞΫηεΛड͚औΔͱೝূॲཧΛ։࢝͢ΔΑ͏ʹͳ͍ͬͯ·͢ ”

  3. Rack ͱ͸ WEB αʔόͱ WEB ΞϓϦέʔγϣϯʗϑϨʔϜϫʔΫ ؒͷΠϯλʔϑΣʔεͷ໾ׂΛՌͨ͢ϥΠϒϥϦ https://gihyo.jp/dev/serial/01/ruby/0023

  4. Rack ͕Ͱ͖ͨഎܠ • WSGI ͱ͍͏ɺPython ͷͨΊͷ Web αʔόͱ Web ΞϓϦέʔγϣϯ/ϑϨʔϜϫʔΫؒͷඪ४ΠϯλʔϑΣʔεΛఆΊΔ

    ࢓༷͕͋ΓɺRack ͸͜ͷ WSGI ʹӨڹ͞Εͯ։ൃ͞Εͨ
 • WSGI ͕ఏএ͞Εͨഎܠ͸ɼ౰࣌ Python ੡ͷϑϨʔϜϫʔΫ͸ଟ਺ଘࡏ͍ͯͨ͠΋ͷͷɼ֤ϑϨʔϜϫʔΫͷ࣮૷͸ಛఆ ͷ Web αʔόʹґଘ͍ͯ͠Δ͜ͱ͕ଟ͘ɼ࢖༻͍ͨ͠ϑϨʔϜϫʔΫͷҝʹ؀ڥΛ੍ݶ͞ΕΔͱ͍͏͜ͱ͕͋ͬͨͨΊ
 • ༷ʑͳ Web αʔό΍ϑϨʔϜϫʔΫ͕։ൃ͞Εͯ΋ɼ૒ํ͕ Rack Λ࢖༻ͯ͠ΠϯλʔϑΣʔε෦෼Λ࣮૷͍ͯ͑͢͠͞ Ε͹ɺαʔόͱΞϓϦέʔγϣϯͷ૊Έ߹ΘͤΛؾʹ͠ͳͯ͘Α͘ͳΔ ཁ͸ Web ΞϓϦέʔγϣϯ/ϑϨʔϜϫʔΫ ͱ Web αʔόͷ૊Έ߹ΘͤΛؾʹ͠ͳͯ͘Α͍΋ͷΒ͍͠Ͱ͢ɻ

  5. ΈΜͳ࢖͍ͬͯΔ Rack Sinatora ΍ Ruby on Rails Ͱ΋͜ͷ Rack ͸࢖ΘΕ͍ͯ

    ΔΈ͍ͨʂ

  6. ͬͦ͘͞৮ͬͯΈΔ ࠷ॳʹ؆୯ͳΞϓϦέʔγϣϯΛ࡞ͬͯ Rack ͷΠϯλʔϑΣʔεʹ৮ΕͯΈΔɻ Rack ΞϓϦέʔγϣϯͱͯ͠࠷௿ݶඞཁͳͷ͜ͱ͸࣍ͷ௨Γɻ • call ͱ͍͏ϝιουΛ͍࣋ͬͯΔ͜ͱ
 •

    call ϝιουͷҾ਺ͱͯ͠ Web αʔό͔ΒͷϦΫΤετΛड͚Δ͜ͱ
 • callϝιου͸ɼ࣍ͷཁૉΛؚΉϨεϙϯεΛฦ͢Δ͜ͱ ◦ εςʔλείʔυ ◦ ϨεϙϯεϔομʢHashʣ ◦ ϨεϙϯεϘσΟʢArrayʣ

  7. Ͱ͖·ͨ͠ https://github.com/ot0m1/sibatora GET ϦΫΤετͰϑΥʔϜΛඳըͯ͠ɺPOST ͰϑΥʔϜʹॻ͔Εͨ಺༰Λදࣔ͢Δɻ Rack ͕৭ʑ΍ͬͯ͘ΕΔͷͰ Web αʔόͷ͜ͱΛॻ͔ͳͯ͘΋ɺrackup ͢Ε͹ࣗಈͰαʔόΛىಈ

    ͯ͠ɺϒϥ΢βͰΞΫηεͰ͖ΔΑ͏ʹͯ͘͠ΕΔɻ

  8. ͞Βʹ Rack Ͱϛυϧ΢ΣΞ΋࡞ͬͯΈΔ ΠϯλʔϑΣΠεʹ৮ͬͨͷͰɺࠓ౓͸ϛυϧ΢ΣΞͱͯ͠ͷ Rack ʹ৮Δɻ Web ΞϓϦέʔγϣϯΛ࡞͍ͬͯΔͱɼϦΫΤετ΍ϨεϙϯεΛΞϓϦέʔγϣϯʹߦ͘લ΍ΞϓϦέʔ γϣϯͷॲཧͷޙʹՃ޻ͨ͘͠ͳΔ͜ͱ͕͋Δɻ ྫ͑͹ɼ৚݅ʹԠͯ͡

    URL ͷॻ͖׵͑Λͨ͠ΓɼΤϯίʔσΟϯάͷม׵Λͨ͠ΓɺCookie ͷॲཧΛͨ͠Γɻ ͦ͏͍ͬͨՃ޻ॲཧΛɼαʔόͱΞϓϦέʔγϣϯͷதؒͰߦͳ͏ͷ͕ϛυϧ΢ΣΞɻ ๯಄Ͱ Rack ʹڵຯΛ͖͔͚࣋ͬͨͬͱͳΔ OmniAuth ΋͜ͷΑ͏ͳՃ޻ॲཧΛ͍ͯ͠ΔΒ͍͠ɻ

  9. WAF Λ࡞Δ ͱ͍͏Θ͚Ͱɺ΢ΣϒΞϓϦέʔγϣϯϑϨʔϜ͡Όͳ͍΄͏ͷ WAFʢ΢ΣϒΞϓϦέʔγϣϯϑΝ ΠΞ΢ΥʔϧʣΛ࡞ͬͯΈͨɻ ͖ͬ͞ͷΞϓϦέʔγϣϯʹ URL ͕ॻ͖ࠐ·ΕͨΒܯࠂจͱεςʔλείʔυ 403 Λฦ͢Α͏ʹΑ

    ͏ʹ͢Δɻ

  10. Ͱ͖·ͨ͠ ϑΥʔϜʹ URL Λೖྗͨ͠৔߹ɺϛυϧ΢ΣΞͱͯ͠؆қ΢ΣϒΞϓϦέʔγϣϯϑΝΠΞ΢Υʔϧ ͕࣮ߦ͞Ε 403 ͷϨεϙϯείʔυͱܯࠂจΛදࣔ͠·͢ɻ -> % curl

    http://127.0.0.1:9292/ -X POST -d 'hello' -i HTTP/1.1 200 OK Content-Type: text/html;charset=utf-8 Content-Length: 31 <html><body>hello</body></html>% -> % curl http://127.0.0.1:9292/ -X POST -d 'https://example.com' -i HTTP/1.1 403 Forbidden Content-Type: text/html;charset=utf-8 Content-Length: 68 <html><body>URLΛؚΉจষ͸౤ߘͰ͖·ͤΜ</body></html>%

  11. ϛυϧ΢ΣΞͱͯ͠ಈ͍͍ͯΔ͜ͱ͕֬ೝͰ͖Δ ΞϓϦέʔγϣϯͱͯ͠ͷίʔυ͕ॻ͔Ε͍ͯΔ shibatora.rb ʹ͸Ұ੾ WAF ͷ͜ͱ͕ॻ͔Ε͍ͯͳ͍ ͠ɺshibatora.rb ͸ৗʹϨεϙϯείʔυ 200 Λฦ͢Α͏ʹ͍ͯ͠Δͷʹ

    403 ͕ฦ͞Ε͍ͯΔɻ shibatora_waf.rb ͕ϛυϧ΢ΣΞͱͯ͠ৼΔ෣ͬͯ͘ΕɺαʔόͱΞϓϦέʔγϣϯͷؒͷ௨৴ʹׂΓ ࠐΜͰ͍Δɻ ͱ͍͏Θ͚Ͱ๯಄ͷ OmniAuth ͷৼΔ෣͍ΛͳΜͱͳ͘ΠϝʔδͰ͖·ͨ͠ɻ “ OmniAuth͸Rackϛυϧ΢ΣΞͱͯ͠ಈ࡞͠ɺʮ/auth/:providerʯͱ͍͏URLͷϧʔϧʹϚον ͢ΔΞΫηεΛड͚औΔͱೝূॲཧΛ։࢝͢ΔΑ͏ʹͳ͍ͬͯ·͢ ”

  12. ࠓ೔ͷίʔυ͸ҎԼͷϦϙδτϦʹஔ͍͍ͯ·͢ Ϋϩʔϯͯ͠༡ΜͰΈ͍ͯͩ͘͞ɻ https://github.com/ot0m1/sibatora