云主机>> securenative-ruby>> 返回
项目作者: securenative

项目描述 :
SecureNative SDK for Ruby
高级语言: Ruby
项目地址: git://github.com/securenative/securenative-ruby.git
创建时间: 2019-07-24T11:04:19Z
项目社区:https://github.com/securenative/securenative-ruby
开源协议:MIT License
下载



SecureNative Logo


A Cloud-Native Security Monitoring and Protection for Modern Applications



Github Actions




Gem Version


Documentation |
Quick Start |
Blog |
Chat with us on Slack!

SecureNative performs user monitoring by analyzing user interactions with your application and various factors such as network, devices, locations and access patterns to stop and prevent account takeover attacks.

Install the SDK

Add this line to your application’s Gemfile:

  1. gem 'securenative'

Then execute:

  1. $ bundle install

Or install it yourself as:

  1. $ gem install securenative

Initialize the SDK

To get your API KEY, login to your SecureNative account and go to project settings page:

Option 1: Initialize via Config file

SecureNative can automatically load your config from securenative.yml file or from the file that is specified in your SECURENATIVE_CONFIG_FILE env variable:

  1. require 'securenative'
  4. secureative =  SecureNative::Client.init

Option 2: Initialize via API Key

  1. require 'securenative'
  4. securenative =  SecureNative::Client.init_with_api_key('YOUR_API_KEY')

Option 3: Initialize via ConfigurationBuilder

  1. require 'securenative'
  4. options = SecureNative::Config::ConfigurationBuilder.new(api_key: 'API_KEY', max_events: 10, log_level: 'ERROR')
  5. SecureNative::Client.init_with_options(options)

Getting SecureNative instance

Once initialized, sdk will create a singleton instance which you can get: 

  1. require 'securenative'
  4. secureNative = SecureNative::Client.instance

Tracking events

Once the SDK has been initialized, tracking requests sent through the SDK
instance. Make sure you build event with the EventBuilder:

  1. require 'securenative'
  4. def track
  5.     securenative = SecureNative::Client.instance
  6.     context = SecureNative::Context.new(client_token: 'SECURED_CLIENT_TOKEN', ip: '127.0.0.1',
  7.                                        headers: { 'user-agent' => 'Mozilla: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:47.0) Gecko/20100101 Firefox/47.3 Mozilla/5.0 (Macintosh; Intel Mac OS X x.y; rv:42.0) Gecko/20100101 Firefox/43.4' })
  9.     event_options = SecureNative::EventOptions.new(event: SecureNative::EventTypes::LOG_IN, user_id: '1234', context: context,
  10.                                      user_traits: SecureNative::UserTraits.new(name: 'Your Name', email: 'name@gmail.com', phone: '+1234567890'),
  11.                                      properties: { custom_param1: 'CUSTOM_PARAM_VALUE', custom_param2: true, custom_param3: 3 })
  13.     securenative.track(event_options)
  15.     @message = 'tracked'
  16. end

You can also create request securenative.context from requests:

  1. require 'securenative'
  4. def track(request)
  5.     securenative = SecureNative::Client.instance
  6.     context = securenative.from_http_request(request)
  8.     event_options = SecureNative::EventOptions.new(event: SecureNative::EventTypes::LOG_IN, user_id: '1234', context: context,
  9.                                      user_traits: SecureNative::UserTraits.new(name: 'Your Name', email: 'name@gmail.com', phone: '+1234567890'),
  10.                                      properties: { custom_param1: 'CUSTOM_PARAM_VALUE', custom_param2: true, custom_param3: 3 })
  12.     securenative.track(event_options)
  14.     @message = 'tracked'
  15. end

Verify events

Example

  1. require 'securenative'
  4. def verify(request)
  5.     securenative = SecureNative::Client.instance
  6.     context = securenative.from_http_request(request)
  8.     event_options = SecureNative::EventOptions.new(event: SecureNative::EventTypes::LOG_IN, user_id: '1234', context: context,
  9.                                          user_traits: SecureNative::UserTraits.new(name: 'Your Name', email: 'name@gmail.com', phone: '+1234567890'),
  10.                                          properties: { custom_param1: 'CUSTOM_PARAM_VALUE', custom_param2: true, custom_param3: 3 })
  12.     verify_result = securenative.verify(event_options)
  13.     verify_result.risk_level  # Low, Medium, High
  14.     verify_result.score  # Risk score: 0 -1 (0 - Very Low, 1 - Very High)
  15.     verify_result.triggers  # ["TOR", "New IP", "New City"]
  16. end

Webhook signature verification

Apply our filter to verify the request is from us, for example:

  1. require 'securenative'
  4. def webhook_endpoint(request)
  5.     securenative = SecureNative::Client.instance
  7.     # Checks if request is verified
  8.     is_verified = securenative.verify_request_payload(request)
  9. end

Extract proxy headers from cloud providers

You can specify custom header keys to allow extraction of client ip from different providers.
This example demonstrates the usage of proxy headers for ip extraction from Cloudflare.

Option 1: Using config file

  1. SECURENATIVE_API_KEY: YOUR_API_KEY
  2. SECURENATIVE_PROXY_HEADERS: ["CF-Connecting-IP"]

Initialize sdk as shown above.

Options 2: Using ConfigurationBuilder

  1. require 'securenative'
  3. options = SecureNative::Options.new(api_key: 'API_KEY', max_events: 10, log_level: 'ERROR', proxy_headers: ['CF-Connecting-IP'])
  5. SecureNative::Client.init_with_options(options)