actionpack-cloudfront_viewer_address 1.0.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +7 -0
- data/.rspec +3 -0
- data/.rubocop.yml +25 -0
- data/CHANGELOG.md +5 -0
- data/LICENSE.txt +21 -0
- data/README.md +71 -0
- data/Rakefile +12 -0
- data/lib/action_pack/cloudfront_viewer_address/railtie.rb +13 -0
- data/lib/action_pack/cloudfront_viewer_address/remote_ip.rb +27 -0
- data/lib/action_pack/cloudfront_viewer_address/version.rb +7 -0
- data/lib/action_pack/cloudfront_viewer_address.rb +11 -0
- data/lib/actionpack/cloudfront_viewer_address.rb +3 -0
- metadata +74 -0
checksums.yaml
ADDED
|
@@ -0,0 +1,7 @@
|
|
|
1
|
+
---
|
|
2
|
+
SHA256:
|
|
3
|
+
metadata.gz: 34e070576256e4c00774f58897bd6a5aebf0be15128138d7357aec5e9df40bab
|
|
4
|
+
data.tar.gz: 3a4bad860e9118c8f398d4720231375292303a791f554f463b87330f2e08db4c
|
|
5
|
+
SHA512:
|
|
6
|
+
metadata.gz: 5ed5990d238e93abc38b0909d254111b18f793219819d5f3edd97e37f1320f100a7748ce2c8189131811ef3e6452efb5c721314021989c238067f5302ad5a017
|
|
7
|
+
data.tar.gz: 33b93f477e26eb7562d9e5dfb331e46cf19289c8941abb462ae0c2ddef5eb503e8ec781b92d67fb68fdc824d40e356e9d1693277d7e0bf9222edde27b82f9d03
|
data/.rspec
ADDED
data/.rubocop.yml
ADDED
|
@@ -0,0 +1,25 @@
|
|
|
1
|
+
require:
|
|
2
|
+
- rubocop-performance
|
|
3
|
+
- rubocop-rails
|
|
4
|
+
- rubocop-rake
|
|
5
|
+
- rubocop-rspec
|
|
6
|
+
- rubocop-rspec_rails
|
|
7
|
+
|
|
8
|
+
AllCops:
|
|
9
|
+
TargetRubyVersion: 3.1
|
|
10
|
+
NewCops: enable
|
|
11
|
+
|
|
12
|
+
Layout/LineLength:
|
|
13
|
+
Enabled: false
|
|
14
|
+
|
|
15
|
+
RSpec/MultipleExpectations:
|
|
16
|
+
Enabled: false
|
|
17
|
+
|
|
18
|
+
Style/Documentation:
|
|
19
|
+
Enabled: false
|
|
20
|
+
|
|
21
|
+
Style/StringLiterals:
|
|
22
|
+
EnforcedStyle: double_quotes
|
|
23
|
+
|
|
24
|
+
Style/StringLiteralsInInterpolation:
|
|
25
|
+
EnforcedStyle: double_quotes
|
data/CHANGELOG.md
ADDED
data/LICENSE.txt
ADDED
|
@@ -0,0 +1,21 @@
|
|
|
1
|
+
The MIT License (MIT)
|
|
2
|
+
|
|
3
|
+
Copyright (c) 2024 Tomohiko Mimura
|
|
4
|
+
|
|
5
|
+
Permission is hereby granted, free of charge, to any person obtaining a copy
|
|
6
|
+
of this software and associated documentation files (the "Software"), to deal
|
|
7
|
+
in the Software without restriction, including without limitation the rights
|
|
8
|
+
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
|
|
9
|
+
copies of the Software, and to permit persons to whom the Software is
|
|
10
|
+
furnished to do so, subject to the following conditions:
|
|
11
|
+
|
|
12
|
+
The above copyright notice and this permission notice shall be included in
|
|
13
|
+
all copies or substantial portions of the Software.
|
|
14
|
+
|
|
15
|
+
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
|
16
|
+
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
|
17
|
+
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
|
|
18
|
+
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
|
19
|
+
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
|
|
20
|
+
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
|
|
21
|
+
THE SOFTWARE.
|
data/README.md
ADDED
|
@@ -0,0 +1,71 @@
|
|
|
1
|
+
# ActionPack::CloudfrontViewerAddress
|
|
2
|
+
|
|
3
|
+
Calculate the remote IP ( `request.remote_ip` ) using `CloudFront-Viewer-Address`.
|
|
4
|
+
|
|
5
|
+
> [!CAUTION]
|
|
6
|
+
> Be sure to configure security groups and other settings so that HTTP requests go through Amazon CloudFront.
|
|
7
|
+
> Otherwise, the `CloudFront-Viewer-Address` will be freely modified and IP spoofing.
|
|
8
|
+
|
|
9
|
+
## Why do you need this Gem?
|
|
10
|
+
|
|
11
|
+
If you use 'Amazon CloudFront' as the Proxy for Rails App, the remote IP ( `request.remote_ip` ) will be set to the CloudFront IP.
|
|
12
|
+
To work around this problem, it was necessary to calculate the remote IP address using a combination of `X-Forwarded-For` and the 'IP address of a trusted Proxy'.
|
|
13
|
+
Like these Gem...
|
|
14
|
+
|
|
15
|
+
* https://github.com/dinks/cloudfront-rails
|
|
16
|
+
* https://github.com/customink/actionpack-cloudfront
|
|
17
|
+
|
|
18
|
+
However, CloudFront provides a more concise solution to this problem with `CloudFront-Viewer-Address`.
|
|
19
|
+
This Gem is intended to make this functionality more concise for use in Rails applications.
|
|
20
|
+
|
|
21
|
+
## Usage
|
|
22
|
+
|
|
23
|
+
### Step1. Amazon CloudFront Setup
|
|
24
|
+
|
|
25
|
+
Before using this Gem, modify your Amazon CloudFront configuration to enable `CloudFront-Viewer-Address`.
|
|
26
|
+
Please refer to the following for details on how to set up.
|
|
27
|
+
|
|
28
|
+
* https://aws.amazon.com/about-aws/whats-new/2021/10/amazon-cloudfront-client-ip-address-connection-port-header/
|
|
29
|
+
* https://dev.classmethod.jp/articles/amazon-cloudfront-client-ip-address-connection-port-header/ (written in Japanese)
|
|
30
|
+
|
|
31
|
+
### Step2. This `ActionPack::CloudfrontViewerAddress` Gem Install
|
|
32
|
+
|
|
33
|
+
Install the gem and add to the application's Gemfile by executing:
|
|
34
|
+
|
|
35
|
+
$ bundle add actionpack-cloudfront_viewer_address
|
|
36
|
+
|
|
37
|
+
If bundler is not being used to manage dependencies, install the gem by executing:
|
|
38
|
+
|
|
39
|
+
$ gem install actionpack-cloudfront_viewer_address
|
|
40
|
+
|
|
41
|
+
### Step3. Rack middleware
|
|
42
|
+
|
|
43
|
+
**If you are using Rails, omit this as it will be set automatically.**
|
|
44
|
+
Otherwise, set the middleware as `middleware.insert_after ActionDispatch::RemoteIp, ActionPack::CloudfrontViewerAddress::RemoteIp`.
|
|
45
|
+
|
|
46
|
+
### Step4. Use `request.remote_ip`
|
|
47
|
+
|
|
48
|
+
Otherwise, no special processing is required.
|
|
49
|
+
The client's IP address can be obtained by referring to `request.remote_ip` as usual.
|
|
50
|
+
|
|
51
|
+
## About IP spoofing
|
|
52
|
+
|
|
53
|
+
This Gem only references the `CloudFront-Viewer-Address` request header.
|
|
54
|
+
The `CloudFront-Viewer-Address` header is not improved if the request is made to a Rails application via Amazon CloudFront.
|
|
55
|
+
However, if the request is made to a Rails application without going through Amazon CloudFront, the `CloudFront-Viewer-Address` can be freely rewritten and there is a risk of IP spoofing.
|
|
56
|
+
|
|
57
|
+
**Please keep this in mind.**
|
|
58
|
+
|
|
59
|
+
## Development
|
|
60
|
+
|
|
61
|
+
After checking out the repo, run `bin/setup` to install dependencies. Then, run `rake spec` to run the tests. You can also run `bin/console` for an interactive prompt that will allow you to experiment.
|
|
62
|
+
|
|
63
|
+
To install this gem onto your local machine, run `bundle exec rake install`. To release a new version, update the version number in `version.rb`, and then run `bundle exec rake release`, which will create a git tag for the version, push git commits and the created tag, and push the `.gem` file to [rubygems.org](https://rubygems.org).
|
|
64
|
+
|
|
65
|
+
## Contributing
|
|
66
|
+
|
|
67
|
+
Bug reports and pull requests are welcome on GitHub at https://github.com/tmimura39/actionpack-cloudfront_viewer_address.
|
|
68
|
+
|
|
69
|
+
## License
|
|
70
|
+
|
|
71
|
+
The gem is available as open source under the terms of the [MIT License](https://opensource.org/licenses/MIT).
|
data/Rakefile
ADDED
|
@@ -0,0 +1,13 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
require_relative "remote_ip"
|
|
4
|
+
|
|
5
|
+
module ActionPack
|
|
6
|
+
module CloudfrontViewerAddress
|
|
7
|
+
class Railtie < ::Rails::Railtie
|
|
8
|
+
initializer "actionpack_cloudfront_viewer_address.configure_rails_initialization" do |app|
|
|
9
|
+
app.config.middleware.insert_after ActionDispatch::RemoteIp, ActionPack::CloudfrontViewerAddress::RemoteIp
|
|
10
|
+
end
|
|
11
|
+
end
|
|
12
|
+
end
|
|
13
|
+
end
|
|
@@ -0,0 +1,27 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
require "action_dispatch"
|
|
4
|
+
|
|
5
|
+
module ActionPack
|
|
6
|
+
module CloudfrontViewerAddress
|
|
7
|
+
class RemoteIp
|
|
8
|
+
def initialize(app)
|
|
9
|
+
@app = app
|
|
10
|
+
end
|
|
11
|
+
|
|
12
|
+
def call(env)
|
|
13
|
+
req = ::ActionDispatch::Request.new(env)
|
|
14
|
+
if env["HTTP_CLOUDFRONT_VIEWER_ADDRESS"].present?
|
|
15
|
+
# IPv4 "HTTP_CLOUDFRONT_VIEWER_ADDRESS" = "1.1.1.1:3000"
|
|
16
|
+
# IPV6 "HTTP_CLOUDFRONT_VIEWER_ADDRESS" = "0000:0000:0000:0000:0000:0000:0000:0000:3000"
|
|
17
|
+
req.remote_ip = req.env["HTTP_CLOUDFRONT_VIEWER_ADDRESS"].sub(/:\d+\z/, "") # remove `port(:0000)` part
|
|
18
|
+
end
|
|
19
|
+
app.call(req.env)
|
|
20
|
+
end
|
|
21
|
+
|
|
22
|
+
private
|
|
23
|
+
|
|
24
|
+
attr_reader :app
|
|
25
|
+
end
|
|
26
|
+
end
|
|
27
|
+
end
|
|
@@ -0,0 +1,11 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
require_relative "cloudfront_viewer_address/version"
|
|
4
|
+
require_relative "cloudfront_viewer_address/remote_ip"
|
|
5
|
+
|
|
6
|
+
require_relative "cloudfront_viewer_address/railtie" if defined?(Rails::Railtie)
|
|
7
|
+
|
|
8
|
+
module ActionPack
|
|
9
|
+
module CloudfrontViewerAddress
|
|
10
|
+
end
|
|
11
|
+
end
|
metadata
ADDED
|
@@ -0,0 +1,74 @@
|
|
|
1
|
+
--- !ruby/object:Gem::Specification
|
|
2
|
+
name: actionpack-cloudfront_viewer_address
|
|
3
|
+
version: !ruby/object:Gem::Version
|
|
4
|
+
version: 1.0.0
|
|
5
|
+
platform: ruby
|
|
6
|
+
authors:
|
|
7
|
+
- Tomohiko Mimura
|
|
8
|
+
autorequire:
|
|
9
|
+
bindir: exe
|
|
10
|
+
cert_chain: []
|
|
11
|
+
date: 2024-09-30 00:00:00.000000000 Z
|
|
12
|
+
dependencies:
|
|
13
|
+
- !ruby/object:Gem::Dependency
|
|
14
|
+
name: actionpack
|
|
15
|
+
requirement: !ruby/object:Gem::Requirement
|
|
16
|
+
requirements:
|
|
17
|
+
- - ">="
|
|
18
|
+
- !ruby/object:Gem::Version
|
|
19
|
+
version: '0'
|
|
20
|
+
type: :runtime
|
|
21
|
+
prerelease: false
|
|
22
|
+
version_requirements: !ruby/object:Gem::Requirement
|
|
23
|
+
requirements:
|
|
24
|
+
- - ">="
|
|
25
|
+
- !ruby/object:Gem::Version
|
|
26
|
+
version: '0'
|
|
27
|
+
description: Utilize `CloudFront-Viewer-Address`, a custom CloudFront header, to calculate
|
|
28
|
+
RemoteIp more simply
|
|
29
|
+
email:
|
|
30
|
+
- mito.5525@gmail.com
|
|
31
|
+
executables: []
|
|
32
|
+
extensions: []
|
|
33
|
+
extra_rdoc_files: []
|
|
34
|
+
files:
|
|
35
|
+
- ".rspec"
|
|
36
|
+
- ".rubocop.yml"
|
|
37
|
+
- CHANGELOG.md
|
|
38
|
+
- LICENSE.txt
|
|
39
|
+
- README.md
|
|
40
|
+
- Rakefile
|
|
41
|
+
- lib/action_pack/cloudfront_viewer_address.rb
|
|
42
|
+
- lib/action_pack/cloudfront_viewer_address/railtie.rb
|
|
43
|
+
- lib/action_pack/cloudfront_viewer_address/remote_ip.rb
|
|
44
|
+
- lib/action_pack/cloudfront_viewer_address/version.rb
|
|
45
|
+
- lib/actionpack/cloudfront_viewer_address.rb
|
|
46
|
+
homepage: https://github.com/tmimura39/actionpack-cloudfront_viewer_address
|
|
47
|
+
licenses:
|
|
48
|
+
- MIT
|
|
49
|
+
metadata:
|
|
50
|
+
allowed_push_host: https://rubygems.org
|
|
51
|
+
homepage_uri: https://github.com/tmimura39/actionpack-cloudfront_viewer_address
|
|
52
|
+
source_code_uri: https://github.com/tmimura39/actionpack-cloudfront_viewer_address
|
|
53
|
+
changelog_uri: https://github.com/tmimura39/actionpack-cloudfront_viewer_address/tree/main/CHANGELOG.md
|
|
54
|
+
rubygems_mfa_required: 'true'
|
|
55
|
+
post_install_message:
|
|
56
|
+
rdoc_options: []
|
|
57
|
+
require_paths:
|
|
58
|
+
- lib
|
|
59
|
+
required_ruby_version: !ruby/object:Gem::Requirement
|
|
60
|
+
requirements:
|
|
61
|
+
- - ">="
|
|
62
|
+
- !ruby/object:Gem::Version
|
|
63
|
+
version: 3.1.0
|
|
64
|
+
required_rubygems_version: !ruby/object:Gem::Requirement
|
|
65
|
+
requirements:
|
|
66
|
+
- - ">="
|
|
67
|
+
- !ruby/object:Gem::Version
|
|
68
|
+
version: '0'
|
|
69
|
+
requirements: []
|
|
70
|
+
rubygems_version: 3.5.18
|
|
71
|
+
signing_key:
|
|
72
|
+
specification_version: 4
|
|
73
|
+
summary: Calculate RemoteIp based on `CloudFront-Viewer-Address` Header
|
|
74
|
+
test_files: []
|