Slide 1
Slide 1 text
Rack ͔ΒݟΔϛυϧΣΞͷੈք
@ot0m1
https://github.com/ot0m1/
Slide 2
Slide 2 text
ͳͥ Rack Λ৮Ζ͏ͱࢥ͔ͬͨ
ʮomniauth Λͬͯ GitHub ೝূΛ࣮͢ΔʯͷϓϥΫςΟεΛ͍ͬͯΔͱ͖ʹಡΜͩύʔϑΣΫτ
Ruby on Rails ʹҎԼͷΑ͏ͳهड़͕͋ΓڵຯΛ࣋ͬͨͨΊɻ
ΞΫηεΛड͚औΔͱʁͲΜͳಈ͖Λ͍ͯ͠Δͷ͔ͱ͍͏ͱ͜ΖΛௐ͔ͨͬͨɻ
“ OmniAuthRackϛυϧΣΞͱͯ͠ಈ࡞͠ɺʮ/auth/:providerʯͱ͍͏URLͷϧʔϧʹϚον
͢ΔΞΫηεΛड͚औΔͱೝূॲཧΛ։࢝͢ΔΑ͏ʹͳ͍ͬͯ·͢ ”
Slide 3
Slide 3 text
Rack ͱ
WEB αʔόͱ WEB ΞϓϦέʔγϣϯʗϑϨʔϜϫʔΫ
ؒͷΠϯλʔϑΣʔεͷׂΛՌͨ͢ϥΠϒϥϦ
https://gihyo.jp/dev/serial/01/ruby/0023
Slide 4
Slide 4 text
Rack ͕Ͱ͖ͨഎܠ
● WSGI ͱ͍͏ɺPython ͷͨΊͷ Web αʔόͱ Web ΞϓϦέʔγϣϯ/ϑϨʔϜϫʔΫؒͷඪ४ΠϯλʔϑΣʔεΛఆΊΔ
༷͕͋ΓɺRack ͜ͷ WSGI ʹӨڹ͞Εͯ։ൃ͞Εͨ
● WSGI ͕ఏএ͞Εͨഎܠɼ࣌ Python ͷϑϨʔϜϫʔΫଟଘࡏ͍ͯͨ͠ͷͷɼ֤ϑϨʔϜϫʔΫͷ࣮ಛఆ
ͷ Web αʔόʹґଘ͍ͯ͠Δ͜ͱ͕ଟ͘ɼ༻͍ͨ͠ϑϨʔϜϫʔΫͷҝʹڥΛ੍ݶ͞ΕΔͱ͍͏͜ͱ͕͋ͬͨͨΊ
● ༷ʑͳ Web αʔόϑϨʔϜϫʔΫ͕։ൃ͞Εͯɼํ͕ Rack Λ༻ͯ͠ΠϯλʔϑΣʔε෦Λ࣮͍ͯ͑͢͠͞
ΕɺαʔόͱΞϓϦέʔγϣϯͷΈ߹ΘͤΛؾʹ͠ͳͯ͘Α͘ͳΔ
ཁ Web ΞϓϦέʔγϣϯ/ϑϨʔϜϫʔΫ ͱ Web αʔόͷΈ߹ΘͤΛؾʹ͠ͳͯ͘Α͍ͷΒ͍͠Ͱ͢ɻ
Slide 5
Slide 5 text
ΈΜͳ͍ͬͯΔ Rack
Sinatora Ruby on Rails Ͱ͜ͷ Rack ΘΕ͍ͯ
ΔΈ͍ͨʂ
Slide 6
Slide 6 text
ͬͦ͘͞৮ͬͯΈΔ
࠷ॳʹ؆୯ͳΞϓϦέʔγϣϯΛ࡞ͬͯ Rack ͷΠϯλʔϑΣʔεʹ৮ΕͯΈΔɻ
Rack ΞϓϦέʔγϣϯͱͯ͠࠷ݶඞཁͳͷ͜ͱ࣍ͷ௨Γɻ
● call ͱ͍͏ϝιουΛ͍࣋ͬͯΔ͜ͱ
● call ϝιουͷҾͱͯ͠ Web αʔό͔ΒͷϦΫΤετΛड͚Δ͜ͱ
● callϝιουɼ࣍ͷཁૉΛؚΉϨεϙϯεΛฦ͢Δ͜ͱ
○ εςʔλείʔυ
○ ϨεϙϯεϔομʢHashʣ
○ ϨεϙϯεϘσΟʢArrayʣ
Slide 7
Slide 7 text
Ͱ͖·ͨ͠
https://github.com/ot0m1/sibatora
GET ϦΫΤετͰϑΥʔϜΛඳըͯ͠ɺPOST ͰϑΥʔϜʹॻ͔Εͨ༰Λදࣔ͢Δɻ
Rack ͕৭ʑͬͯ͘ΕΔͷͰ Web αʔόͷ͜ͱΛॻ͔ͳͯ͘ɺrackup ͢ΕࣗಈͰαʔόΛىಈ
ͯ͠ɺϒϥβͰΞΫηεͰ͖ΔΑ͏ʹͯ͘͠ΕΔɻ
Slide 8
Slide 8 text
͞Βʹ Rack ͰϛυϧΣΞ࡞ͬͯΈΔ
ΠϯλʔϑΣΠεʹ৮ͬͨͷͰɺࠓϛυϧΣΞͱͯ͠ͷ Rack ʹ৮Δɻ
Web ΞϓϦέʔγϣϯΛ࡞͍ͬͯΔͱɼϦΫΤετϨεϙϯεΛΞϓϦέʔγϣϯʹߦ͘લΞϓϦέʔ
γϣϯͷॲཧͷޙʹՃͨ͘͠ͳΔ͜ͱ͕͋Δɻ
ྫ͑ɼ݅ʹԠͯ͡ URL ͷॻ͖͑Λͨ͠ΓɼΤϯίʔσΟϯάͷมΛͨ͠ΓɺCookie ͷॲཧΛͨ͠Γɻ
ͦ͏͍ͬͨՃॲཧΛɼαʔόͱΞϓϦέʔγϣϯͷதؒͰߦͳ͏ͷ͕ϛυϧΣΞɻ
಄Ͱ Rack ʹڵຯΛ͖͔͚࣋ͬͨͬͱͳΔ OmniAuth ͜ͷΑ͏ͳՃॲཧΛ͍ͯ͠ΔΒ͍͠ɻ
Slide 9
Slide 9 text
WAF Λ࡞Δ
ͱ͍͏Θ͚ͰɺΣϒΞϓϦέʔγϣϯϑϨʔϜ͡Όͳ͍΄͏ͷ WAFʢΣϒΞϓϦέʔγϣϯϑΝ
ΠΞΥʔϧʣΛ࡞ͬͯΈͨɻ
͖ͬ͞ͷΞϓϦέʔγϣϯʹ URL ͕ॻ͖ࠐ·ΕͨΒܯࠂจͱεςʔλείʔυ 403 Λฦ͢Α͏ʹΑ
͏ʹ͢Δɻ
Slide 10
Slide 10 text
Ͱ͖·ͨ͠
ϑΥʔϜʹ URL Λೖྗͨ͠߹ɺϛυϧΣΞͱͯ͠؆қΣϒΞϓϦέʔγϣϯϑΝΠΞΥʔϧ
͕࣮ߦ͞Ε 403 ͷϨεϙϯείʔυͱܯࠂจΛදࣔ͠·͢ɻ
-> % curl http://127.0.0.1:9292/ -X POST -d 'hello' -i
HTTP/1.1 200 OK
Content-Type: text/html;charset=utf-8
Content-Length: 31
hello%
-> % curl http://127.0.0.1:9292/ -X POST -d 'https://example.com' -i
HTTP/1.1 403 Forbidden
Content-Type: text/html;charset=utf-8
Content-Length: 68
URLΛؚΉจষߘͰ͖·ͤΜ%
Slide 11
Slide 11 text
ϛυϧΣΞͱͯ͠ಈ͍͍ͯΔ͜ͱ͕֬ೝͰ͖Δ
ΞϓϦέʔγϣϯͱͯ͠ͷίʔυ͕ॻ͔Ε͍ͯΔ shibatora.rb ʹҰ WAF ͷ͜ͱ͕ॻ͔Ε͍ͯͳ͍
͠ɺshibatora.rb ৗʹϨεϙϯείʔυ 200 Λฦ͢Α͏ʹ͍ͯ͠Δͷʹ 403 ͕ฦ͞Ε͍ͯΔɻ
shibatora_waf.rb ͕ϛυϧΣΞͱͯ͠ৼΔͬͯ͘ΕɺαʔόͱΞϓϦέʔγϣϯͷؒͷ௨৴ʹׂΓ
ࠐΜͰ͍Δɻ
ͱ͍͏Θ͚Ͱ಄ͷ OmniAuth ͷৼΔ͍ΛͳΜͱͳ͘ΠϝʔδͰ͖·ͨ͠ɻ
“ OmniAuthRackϛυϧΣΞͱͯ͠ಈ࡞͠ɺʮ/auth/:providerʯͱ͍͏URLͷϧʔϧʹϚον
͢ΔΞΫηεΛड͚औΔͱೝূॲཧΛ։࢝͢ΔΑ͏ʹͳ͍ͬͯ·͢ ”
Slide 12
Slide 12 text
ࠓͷίʔυҎԼͷϦϙδτϦʹஔ͍͍ͯ·͢
Ϋϩʔϯͯ͠༡ΜͰΈ͍ͯͩ͘͞ɻ
https://github.com/ot0m1/sibatora