castle-rb 3.6.2 → 4.0.0

data/lib/castle/extractors/ip.rb

@@ -4,14 +4,58 @@ module Castle
   module Extractors
     # used for extraction of ip from the request
     class IP
-      def initialize(request)
-        @request = request
+      # ordered list of ip headers for ip extraction
+      DEFAULT = %w[X-Forwarded-For Client-Ip Remote-Addr].freeze
+      # default header fallback when ip is not found
+      FALLBACK = 'Remote-Addr'
+
+      private_constant :FALLBACK, :DEFAULT
+
+      # @param headers [Hash]
+      def initialize(headers)
+        @headers = headers
+        @ip_headers = Castle.config.ip_headers + DEFAULT
+        @proxies = Castle.config.trusted_proxies + Castle::Configuration::TRUSTED_PROXIES
       end
 
+      # Order of headers:
+      #   .... list of headers defined by ip_headers
+      #   X-Forwarded-For
+      #   Client-Ip is
+      #   Remote-Addr
+      # @return [String]
       def call
-        return @request.env['HTTP_CF_CONNECTING_IP'] if @request.env['HTTP_CF_CONNECTING_IP']
-        return @request.remote_ip if @request.respond_to?(:remote_ip)
-        @request.ip
+        @ip_headers.each do |ip_header|
+          ip_value = calculate_ip(ip_header)
+          return ip_value if ip_value
+        end
+
+        @headers[FALLBACK]
+      end
+
+      private
+
+      # @param header [String]
+      # @return [String]
+      def calculate_ip(header)
+        ips = ips_from(header)
+        remove_proxies(ips).first
+      end
+
+      # @param ips [Array<String>]
+      # @return [Array<String>]
+      def remove_proxies(ips)
+        ips.reject { |ip| @proxies.any? { |proxy| proxy.match(ip) } }
+      end
+
+      # @param header [String]
+      # @return [Array<String>]
+      def ips_from(header)
+        value = @headers[header]
+
+        return [] unless value
+
+        value.strip.split(/[,\s]+/).reverse
       end
     end
   end

data/lib/castle/header_filter.rb

@@ -0,0 +1,35 @@
+# frozen_string_literal: true
+
+module Castle
+  # used for preparing valuable headers list
+  class HeaderFilter
+    # headers filter
+    # HTTP_ - this is how Rack prefixes incoming HTTP headers
+    # CONTENT_LENGTH - for responses without Content-Length or Transfer-Encoding header
+    # REMOTE_ADDR - ip address header returned by web server
+    VALUABLE_HEADERS = /^(
+      HTTP_.*|
+      CONTENT_LENGTH|
+      REMOTE_ADDR
+    )$/x.freeze
+
+    private_constant :VALUABLE_HEADERS
+
+    # @param request [Rack::Request]
+    def initialize(request)
+      @request_env = request.env
+      @formatter = HeaderFormatter.new
+    end
+
+    # Serialize HTTP headers
+    # @return [Hash]
+    def call
+      @request_env.keys.each_with_object({}) do |header_name, acc|
+        next unless header_name.match(VALUABLE_HEADERS)
+
+        formatted_name = @formatter.call(header_name)
+        acc[formatted_name] = @request_env[header_name]
+      end
+    end
+  end
+end

data/lib/castle/header_formatter.rb

@@ -1,7 +1,10 @@
 # frozen_string_literal: true
 
 module Castle
+  # formats header name
   class HeaderFormatter
+    # @param header [String]
+    # @return [String]
     def call(header)
       header.to_s.gsub(/^HTTP(?:_|-)/i, '').split(/_|-/).map(&:capitalize).join('-')
     end

data/lib/castle/validators/not_supported.rb

@@ -7,6 +7,7 @@ module Castle
         def call(options, keys)
           keys.each do |key|
             next unless options.key?(key)
+
             raise Castle::InvalidParametersError, "#{key} is/are not supported"
           end
         end

data/lib/castle/validators/present.rb

@@ -7,6 +7,7 @@ module Castle
         def call(options, keys)
           keys.each do |key|
             next unless options[key].to_s.empty?
+
             raise Castle::InvalidParametersError, "#{key} is missing or empty"
           end
         end

data/lib/castle/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module Castle
-  VERSION = '3.6.2'
+  VERSION = '4.0.0'
 end

data/spec/integration/rails/rails_spec.rb

@@ -0,0 +1,61 @@
+# frozen_string_literal: true
+
+require 'spec_helper'
+require_relative 'support/all'
+
+RSpec.describe HomeController, type: :request do
+  describe '#index' do
+    let(:request) do
+      {
+        'event' => '$login.succeeded',
+        'user_id' => '123',
+        'properties' => { 'key' => 'value' },
+        'user_traits' => { 'key' => 'value' },
+        'timestamp' => now.utc.iso8601(3),
+        'sent_at' => now.utc.iso8601(3),
+        'context' => {
+          'client_id' => '',
+          'active' => true,
+          'origin' => 'web',
+          'headers' => {
+            'Accept' => 'text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5',
+            'Authorization' => true,
+            'Content-Length' => '0',
+            'Cookie' => true,
+            'Host' => 'www.example.com',
+            'X-Forwarded-For' => '5.5.5.5, 1.2.3.4',
+            'Remote-Addr' => '127.0.0.1'
+          },
+          'ip' => '1.2.3.4',
+          'library' => {
+            'name' => 'castle-rb',
+            'version' => Castle::VERSION
+          }
+        }
+      }
+    end
+    let(:now) { Time.now }
+    let(:headers) do
+      {
+        'HTTP_AUTHORIZATION' => 'Basic 123',
+        'HTTP_X_FORWARDED_FOR' => '5.5.5.5, 1.2.3.4'
+      }
+    end
+
+    before do
+      Timecop.freeze(now)
+      stub_request(:post, 'https://api.castle.io/v1/track')
+      get '/', headers: headers
+    end
+
+    after { Timecop.return }
+
+    it do
+      assert_requested :post, 'https://api.castle.io/v1/track', times: 1 do |req|
+        JSON.parse(req.body) == request
+      end
+    end
+
+    it { expect(response).to be_successful }
+  end
+end

data/spec/integration/rails/support/all.rb

@@ -0,0 +1,6 @@
+# frozen_string_literal: true
+
+ENV['RAILS_ENV'] = 'test'
+require_relative 'application'
+require_relative 'home_controller'
+require 'rspec/rails'

data/spec/integration/rails/support/application.rb

@@ -0,0 +1,15 @@
+# frozen_string_literal: true
+
+require 'action_controller/railtie'
+
+class TestApp < Rails::Application
+  secrets.secret_token = 'secret_token'
+  secrets.secret_key_base = 'secret_key_base'
+
+  config.logger = Logger.new($stdout)
+  Rails.logger = config.logger
+
+  routes.draw do
+    get '/' => 'home#index'
+  end
+end

data/spec/integration/rails/support/home_controller.rb

@@ -0,0 +1,21 @@
+# frozen_string_literal: true
+
+class HomeController < ActionController::Base
+  def index
+    request_context = ::Castle::Client.to_context(request)
+    track_options = ::Castle::Client.to_options(
+      event: '$login.succeeded',
+      user_id: '123',
+      properties: {
+        key: 'value'
+      },
+      user_traits: {
+        key: 'value'
+      }
+    )
+    client = ::Castle::Client.new(request_context)
+    client.track(track_options)
+
+    render inline: 'hello'
+  end
+end

data/spec/lib/castle/api/request/build_spec.rb

@@ -21,11 +21,13 @@ describe Castle::API::Request::Build do
 
     context 'when post' do
       let(:time) { Time.now.utc.iso8601(3) }
-      let(:command) { Castle::Commands::Track.new({}).build(event: '$login.succeeded', name: "\xC4") }
+      let(:command) do
+        Castle::Commands::Track.new({}).build(event: '$login.succeeded', name: "\xC4")
+      end
       let(:expected_body) do
         {
           event: '$login.succeeded',
-          name: "�",
+          name: '�',
           context: {},
           sent_at: time
         }

data/spec/lib/castle/api/request_spec.rb

@@ -24,6 +24,7 @@ describe Castle::API::Request do
       expect(Castle::API::Request::Build).to have_received(:call)
         .with(command, expected_headers, api_secret)
     end
+
     it { expect(http).to have_received(:request).with(request_build) }
   end
 

data/spec/lib/castle/client_spec.rb

@@ -244,11 +244,13 @@ describe Castle::Client do
       it { expect(request_response[:action]).to be_eql('allow') }
       it { expect(request_response[:user_id]).to be_eql('1234') }
       it { expect(request_response[:failover]).to be true }
-      it { expect(request_response[:failover_reason]).to be_eql('Castle set to do not track.') }
+      it { expect(request_response[:failover_reason]).to be_eql('Castle is set to do not track.') }
     end
 
     context 'when request with fail' do
-      before { allow(Castle::API).to receive(:request).and_raise(Castle::RequestError.new(Timeout::Error)) }
+      before do
+        allow(Castle::API).to receive(:request).and_raise(Castle::RequestError.new(Timeout::Error))
+      end
 
       context 'with request error and throw strategy' do
         before { allow(Castle.config).to receive(:failover_strategy).and_return(:throw) }
@@ -274,7 +276,7 @@ describe Castle::Client do
         it { expect { request_response }.to raise_error(Castle::InternalServerError) }
       end
 
-      context 'not throw on eg deny strategy' do
+      describe 'not throw on eg deny strategy' do
         it { assert_not_requested :post, 'https://:secret@api.castle.io/v1/authenticate' }
         it { expect(request_response[:action]).to be_eql('allow') }
         it { expect(request_response[:user_id]).to be_eql('1234') }

data/spec/lib/castle/commands/authenticate_spec.rb

@@ -10,6 +10,7 @@ describe Castle::Commands::Authenticate do
   let(:time_auto) { time_now.utc.iso8601(3) }
 
   before { Timecop.freeze(time_now) }
+
   after { Timecop.return }
 
   describe '.build' do

data/spec/lib/castle/commands/identify_spec.rb

@@ -10,6 +10,7 @@ describe Castle::Commands::Identify do
   let(:time_auto) { time_now.utc.iso8601(3) }
 
   before { Timecop.freeze(time_now) }
+
   after { Timecop.return }
 
   describe '.build' do

data/spec/lib/castle/commands/impersonate_spec.rb

@@ -11,6 +11,7 @@ describe Castle::Commands::Impersonate do
   let(:time_auto) { time_now.utc.iso8601(3) }
 
   before { Timecop.freeze(time_now) }
+
   after { Timecop.return }
 
   describe '.build' do

data/spec/lib/castle/commands/track_spec.rb

@@ -10,6 +10,7 @@ describe Castle::Commands::Track do
   let(:time_auto) { time_now.utc.iso8601(3) }
 
   before { Timecop.freeze(time_now) }
+
   after { Timecop.return }
 
   describe '#build' do

data/spec/lib/castle/configuration_spec.rb

@@ -31,14 +31,25 @@ describe Castle::Configuration do
 
   describe 'api_secret' do
     context 'with env' do
+      let(:secret_key_env) { 'secret_key_env' }
+      let(:secret_key) { 'secret_key' }
+
       before do
         allow(ENV).to receive(:fetch).with(
           'CASTLE_API_SECRET', ''
-        ).and_return('secret_key')
+        ).and_return(secret_key_env)
       end
 
       it do
-        expect(config.api_secret).to be_eql('secret_key')
+        expect(config.api_secret).to be_eql(secret_key_env)
+      end
+
+      context 'when key is overwritten' do
+        before { config.api_secret = secret_key }
+
+        it do
+          expect(config.api_secret).to be_eql(secret_key)
+        end
       end
     end
 
@@ -48,6 +59,7 @@ describe Castle::Configuration do
       before do
         config.api_secret = value
       end
+
       it do
         expect(config.api_secret).to be_eql(value)
       end
@@ -69,6 +81,7 @@ describe Castle::Configuration do
       before do
         config.request_timeout = value
       end
+
       it do
         expect(config.request_timeout).to be_eql(value)
       end
@@ -84,6 +97,7 @@ describe Castle::Configuration do
       before do
         config.whitelisted = ['header']
       end
+
       it do
         expect(config.whitelisted).to be_eql(['Header'])
       end
@@ -99,6 +113,7 @@ describe Castle::Configuration do
       before do
         config.blacklisted = ['header']
       end
+
       it do
         expect(config.blacklisted).to be_eql(['Header'])
       end
@@ -114,6 +129,7 @@ describe Castle::Configuration do
       before do
         config.failover_strategy = :deny
       end
+
       it do
         expect(config.failover_strategy).to be_eql(:deny)
       end

data/spec/lib/castle/context/default_spec.rb

@@ -16,24 +16,23 @@ describe Castle::Context::Default do
   let(:request) { Rack::Request.new(env) }
   let(:default_context) { subject.call }
   let(:version) { '2.2.0' }
-
-  before do
-    stub_const('Castle::VERSION', version)
-  end
-
-  it { expect(default_context[:active]).to be_eql(true) }
-  it { expect(default_context[:origin]).to be_eql('web') }
-
-  it do
-    expect(default_context[:headers]).to be_eql(
+  let(:result_headers) do
+    {
       'X-Forwarded-For' => '1.2.3.4',
       'Accept-Language' => 'en',
       'User-Agent' => 'test',
       'Content-Length' => '0',
       'Cookie' => true
-    )
+    }
   end
 
+  before do
+    stub_const('Castle::VERSION', version)
+  end
+
+  it { expect(default_context[:active]).to be_eql(true) }
+  it { expect(default_context[:origin]).to be_eql('web') }
+  it { expect(default_context[:headers]).to be_eql(result_headers) }
   it { expect(default_context[:ip]).to be_eql(ip) }
   it { expect(default_context[:library][:name]).to be_eql('castle-rb') }
   it { expect(default_context[:library][:version]).to be_eql(version) }

data/spec/lib/castle/events_spec.rb

@@ -0,0 +1,5 @@
+# frozen_string_literal: true
+
+describe Castle::Events do
+  it { expect(described_class::LOGIN_SUCCEEDED).to eq('$login.succeeded') }
+end

data/spec/lib/castle/extractors/client_id_spec.rb

@@ -1,8 +1,9 @@
 # frozen_string_literal: true
 
 describe Castle::Extractors::ClientId do
-  subject(:extractor) { described_class.new(request, cookies) }
+  subject(:extractor) { described_class.new(formatted_headers, cookies) }
 
+  let(:formatted_headers) { Castle::HeaderFilter.new(request).call }
   let(:client_id_cookie) { 'abcd' }
   let(:client_id_header) { 'abcde' }
   let(:cookies) { request.cookies }