LockBox is a centralized API authentication service written by the DNC Innovation Lab. It lets your API users share a single identity across multiple services.
It is licensed under the New BSD License (see the LICENSE file for details).
The server is a Ruby on Rails application, while the client is pure Rack middleware (which means it integrates nicely with any modern Ruby web framework, including Rails 2.3+).
Lockbox handles things like rate limiting, API key signup and management, and supports HMAC authentication as well as plain-text key exchange.
gem install lockbox_middleware
Add the following lines to the “config/environment.rb” file:
config.gem 'lockbox_middleware' config.middleware.use 'LockBox'
You may want to restrict the “config.middleware.use” line to the config/environments/production.rb file so that your test and development environments aren’t trying to access the LockBox server.
Untested.
LockBox needs a configuration file named “lockbox.yml” in order to work. In a Rack app (incl. Rails), this file should be placed in app_root/config/lockbox.yml.
You should define (for each of your environments), the base_uri of your app and the relative paths you want to protect with LockBox.
Here’s an example lockbox.yml:
common: &COMMON protected_paths: - ^/api/ production: <<: *COMMON base_uri: http://lockbox.foo.org development: <<: *COMMON base_uri: http://localhost:3001 cucumber: <<: *COMMON base_uri: http://localhost:3001 test: <<: *COMMON base_uri: http://localhost:3001
The lockbox-middleware gem supports sending runtime metrics to Graphite (graphite.wikidot.com/) via statsd-client. This is off by default, but can be turned on by adding the keys ‘statsd_host’, ‘statsd_port’, and ‘graphite_prefix’ to your lockbox.yml file. For example:
statsd_host: statsd.example.com statsd_port: 8125 graphite_prefix: my.app.lockbox_middleware
Running your own LockBox server is pretty easy. Just clone this repository (I’d stick with the master branch) and set it up under your favorite Rails hosting environment. It has only been tested with PostgreSQL, but it’s not doing anything exotic with the DB, so it will probably work with other databases too.
The gem dependencies are generally kept up to date in the Gemfile, so you can use bundler:
gem install bundler bundle install
Or you can use the Rails 2 gem installer:
rake gems:install
Then you should configure the database.yml for the test environment and run ‘rake spec’ in the app root to have RSpec (gem install rspec-rails) run all of the tests. If these all pass, then you’re probably good to go.
Github: github.com/dnclabs/lockbox/tree/master
-
Nathan Woodhull
-
Chris Gill
-
Brian Cardarella
-
Wes Morgan
-
Dave Steinberg
Copyright 2010 Democratic National Committee, All Rights Reserved.