apill 2.3.2 → 2.3.3
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/apill/configuration.rb +12 -6
- data/lib/apill/matchers/subdomain_matcher.rb +21 -6
- data/lib/apill/middleware/api_request.rb +6 -2
- data/lib/apill/version.rb +1 -1
- data/spec/apill/matchers/subdomain_matcher_spec.rb +34 -12
- data/spec/apill/middleware/api_request_spec.rb +22 -5
- metadata +2 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 84cdbb1edbe6823c31603457adf4e28647ae92d4
|
4
|
+
data.tar.gz: ce3b2f2cd39ab8c954bb8f969dce56ee632a82c3
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 14ac59381e4af74ed3712e93eaecdcd4b3ddb0ca45e625726020e8151e71ccba9e5ec442a3c1a67bf0680b38343929c3da6a437399899dc855d4edfe2381935c
|
7
|
+
data.tar.gz: cea48add76380d77070d4ca115d29910a495e13d50a0d0bb2399dec04131b7393ecee3fd294eb2939091d079f2efaa51395cb0883d1da4fb98c9416997da36ab
|
data/lib/apill/configuration.rb
CHANGED
@@ -2,20 +2,26 @@ module Apill
|
|
2
2
|
class Configuration
|
3
3
|
attr_accessor \
|
4
4
|
:allowed_subdomains,
|
5
|
+
:allowed_api_subdomains,
|
5
6
|
:application_name,
|
6
7
|
:default_api_version
|
7
8
|
|
8
9
|
def to_h
|
9
10
|
{
|
10
|
-
allowed_subdomains:
|
11
|
-
|
12
|
-
|
11
|
+
allowed_subdomains: allowed_subdomains,
|
12
|
+
allowed_api_subdomains: allowed_api_subdomains,
|
13
|
+
application_name: application_name,
|
14
|
+
default_api_version: default_api_version,
|
13
15
|
}
|
14
16
|
end
|
15
|
-
end
|
16
17
|
|
17
|
-
|
18
|
-
|
18
|
+
def allowed_subdomains
|
19
|
+
@allowed_subdomains || ['api']
|
20
|
+
end
|
21
|
+
|
22
|
+
def allowed_api_subdomains
|
23
|
+
@allowed_api_subdomains || ['api']
|
24
|
+
end
|
19
25
|
end
|
20
26
|
|
21
27
|
def self.configure
|
@@ -1,19 +1,34 @@
|
|
1
1
|
module Apill
|
2
2
|
module Matchers
|
3
3
|
class SubdomainMatcher
|
4
|
-
def initialize(allowed_subdomains:
|
5
|
-
|
6
|
-
|
4
|
+
def initialize(allowed_subdomains: Apill.configuration.allowed_subdomains,
|
5
|
+
allowed_api_subdomains: Apill.configuration.allowed_api_subdomains,
|
6
|
+
request:)
|
7
7
|
|
8
|
-
|
9
|
-
|
8
|
+
self.allowed_subdomains = Array(allowed_subdomains)
|
9
|
+
self.allowed_api_subdomains = Array(allowed_api_subdomains)
|
10
|
+
self.request = request
|
11
|
+
end
|
10
12
|
|
13
|
+
def matches?
|
11
14
|
allowed_subdomains.include? request_subdomain
|
12
15
|
end
|
13
16
|
|
17
|
+
def matches_api_subdomain?
|
18
|
+
allowed_api_subdomains.include? request_subdomain
|
19
|
+
end
|
20
|
+
|
14
21
|
protected
|
15
22
|
|
16
|
-
attr_accessor :allowed_subdomains
|
23
|
+
attr_accessor :allowed_subdomains,
|
24
|
+
:allowed_api_subdomains,
|
25
|
+
:request
|
26
|
+
|
27
|
+
private
|
28
|
+
|
29
|
+
def request_subdomain
|
30
|
+
@request_subdomain ||= request['HTTP_HOST'][/\A([a-z\-]+)/i, 1]
|
31
|
+
end
|
17
32
|
end
|
18
33
|
end
|
19
34
|
end
|
@@ -14,8 +14,12 @@ class ApiRequest
|
|
14
14
|
def call(env)
|
15
15
|
env['HTTP_X_APPLICATION_NAME'] = Apill.configuration.application_name
|
16
16
|
|
17
|
-
|
18
|
-
|
17
|
+
subdomain_matcher = Matchers::SubdomainMatcher.new(request: env)
|
18
|
+
|
19
|
+
if subdomain_matcher.matches?
|
20
|
+
if !subdomain_matcher.matches_api_subdomain? ||
|
21
|
+
Matchers::AcceptHeaderMatcher.new.matches?(env)
|
22
|
+
|
19
23
|
@app.call(env)
|
20
24
|
else
|
21
25
|
Responses::InvalidApiRequestResponse.call(env)
|
data/lib/apill/version.rb
CHANGED
@@ -1,49 +1,71 @@
|
|
1
1
|
require 'rspectacular'
|
2
2
|
require 'apill/matchers/subdomain_matcher'
|
3
|
+
require 'apill/configuration'
|
3
4
|
|
4
5
|
module Apill
|
5
6
|
module Matchers
|
6
7
|
describe SubdomainMatcher do
|
7
8
|
before(:each) do
|
8
|
-
Apill.configuration.allowed_subdomains
|
9
|
+
Apill.configuration.allowed_subdomains = %w{api}
|
10
|
+
Apill.configuration.allowed_api_subdomains = %w{api}
|
9
11
|
end
|
10
12
|
|
11
13
|
it 'matches if the subdomain is API' do
|
12
|
-
matcher = SubdomainMatcher.new
|
13
14
|
request = { 'HTTP_HOST' => 'api.example.com' }
|
15
|
+
matcher = SubdomainMatcher.new(request: request)
|
14
16
|
|
15
|
-
expect(matcher.matches?
|
17
|
+
expect(matcher.matches?).to be_a TrueClass
|
16
18
|
end
|
17
19
|
|
18
20
|
it 'matches if the first subdomain is API' do
|
19
|
-
matcher = SubdomainMatcher.new
|
20
21
|
request = { 'HTTP_HOST' => 'api.matrix.example.com' }
|
22
|
+
matcher = SubdomainMatcher.new(request: request)
|
21
23
|
|
22
|
-
expect(matcher.matches?
|
24
|
+
expect(matcher.matches?).to be_a TrueClass
|
23
25
|
end
|
24
26
|
|
25
27
|
it 'does not match if the first subdomain is not API' do
|
26
|
-
matcher = SubdomainMatcher.new
|
27
28
|
request = { 'HTTP_HOST' => 'matrix.example.com' }
|
29
|
+
matcher = SubdomainMatcher.new(request: request)
|
28
30
|
|
29
|
-
expect(matcher.matches?
|
31
|
+
expect(matcher.matches?).to be_a FalseClass
|
30
32
|
end
|
31
33
|
|
32
34
|
it 'allows the matched subdomain to be specified' do
|
33
|
-
matcher = SubdomainMatcher.new(allowed_subdomains: 'matrix')
|
34
35
|
request = { 'HTTP_HOST' => 'matrix.example.com' }
|
36
|
+
matcher = SubdomainMatcher.new(allowed_subdomains: 'matrix',
|
37
|
+
request: request)
|
35
38
|
|
36
|
-
expect(matcher.matches?
|
39
|
+
expect(matcher.matches?).to be_a TrueClass
|
37
40
|
end
|
38
41
|
|
39
42
|
it 'allows more than one subdomain to be matched' do
|
40
|
-
|
43
|
+
request = { 'HTTP_HOST' => 'matrix.example.com' }
|
44
|
+
matcher = SubdomainMatcher.new(allowed_subdomains: %w{api matrix},
|
45
|
+
request: request)
|
46
|
+
|
47
|
+
expect(matcher.matches?).to be_a TrueClass
|
41
48
|
|
49
|
+
request = { 'HTTP_HOST' => 'api.example.com' }
|
50
|
+
matcher = SubdomainMatcher.new(allowed_subdomains: %w{api matrix},
|
51
|
+
request: request)
|
52
|
+
|
53
|
+
expect(matcher.matches?).to be_a TrueClass
|
54
|
+
end
|
55
|
+
|
56
|
+
it 'can match only the api subdomain' do
|
42
57
|
request = { 'HTTP_HOST' => 'matrix.example.com' }
|
43
|
-
|
58
|
+
matcher = SubdomainMatcher.new(allowed_api_subdomains: %w{matrix},
|
59
|
+
request: request)
|
60
|
+
|
61
|
+
expect(matcher.matches_api_subdomain?).to be_a TrueClass
|
62
|
+
end
|
44
63
|
|
64
|
+
it 'matches "api" as an api subdomain by default' do
|
45
65
|
request = { 'HTTP_HOST' => 'api.example.com' }
|
46
|
-
|
66
|
+
matcher = SubdomainMatcher.new(request: request)
|
67
|
+
|
68
|
+
expect(matcher.matches_api_subdomain?).to be_a TrueClass
|
47
69
|
end
|
48
70
|
end
|
49
71
|
end
|
@@ -14,11 +14,28 @@ describe ApiRequest do
|
|
14
14
|
end
|
15
15
|
|
16
16
|
Apill.configure do |config|
|
17
|
-
config.allowed_subdomains
|
18
|
-
config.
|
17
|
+
config.allowed_subdomains = %w{api matrix}
|
18
|
+
config.allowed_api_subdomains = %w{api}
|
19
|
+
config.application_name = 'matrix'
|
19
20
|
end
|
20
21
|
end
|
21
22
|
|
23
|
+
it 'allows requests for allowed subdomains without accept headers' do
|
24
|
+
api_request_middleware = ApiRequest.new(app)
|
25
|
+
|
26
|
+
request = {
|
27
|
+
'HTTP_HOST' => 'matrix.example.com',
|
28
|
+
'HTTP_ACCEPT' => '',
|
29
|
+
'QUERY_STRING' => '',
|
30
|
+
}
|
31
|
+
|
32
|
+
status, headers, response = api_request_middleware.call(request)
|
33
|
+
|
34
|
+
expect(status).to eql 200
|
35
|
+
expect(headers).to eql({})
|
36
|
+
expect(response).to eql 'response'
|
37
|
+
end
|
38
|
+
|
22
39
|
it 'does not allow requests if they are not for an allowed subdomain' do
|
23
40
|
api_request_middleware = ApiRequest.new(app)
|
24
41
|
|
@@ -31,7 +48,7 @@ describe ApiRequest do
|
|
31
48
|
status, headers, response = api_request_middleware.call(request)
|
32
49
|
|
33
50
|
expect(status).to eql 404
|
34
|
-
expect(headers).to eql
|
51
|
+
expect(headers).to eql({})
|
35
52
|
expect(response).to eql(
|
36
53
|
[
|
37
54
|
'{' \
|
@@ -72,7 +89,7 @@ describe ApiRequest do
|
|
72
89
|
status, headers, response = api_request_middleware.call(request)
|
73
90
|
|
74
91
|
expect(status).to eql 400
|
75
|
-
expect(headers).to eql
|
92
|
+
expect(headers).to eql({})
|
76
93
|
expect(response).to eql(
|
77
94
|
[
|
78
95
|
'{' \
|
@@ -111,7 +128,7 @@ describe ApiRequest do
|
|
111
128
|
status, headers, response = api_request_middleware.call(request)
|
112
129
|
|
113
130
|
expect(status).to eql 200
|
114
|
-
expect(headers).to eql
|
131
|
+
expect(headers).to eql({})
|
115
132
|
expect(response).to eql 'response'
|
116
133
|
end
|
117
134
|
end
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: apill
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 2.3.
|
4
|
+
version: 2.3.3
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- jfelchner
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2015-02-
|
11
|
+
date: 2015-02-24 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: human_error
|