castle-rb 4.0.0 → 5.0.0

data/lib/castle/context/default.rb

@@ -4,7 +4,7 @@ module Castle
   module Context
     class Default
       def initialize(request, cookies = nil)
-        @pre_headers = HeaderFilter.new(request).call
+        @pre_headers = HeadersFilter.new(request).call
         @cookies = cookies || request.cookies
         @request = request
       end

data/lib/castle/extractors/headers.rb

@@ -4,18 +4,18 @@ module Castle
   module Extractors
     # used for extraction of cookies and headers from the request
     class Headers
-      # Headers that we will never scrub, even if they land on the configuration blacklist.
-      ALWAYS_WHITELISTED = %w[User-Agent].freeze
+      # Headers that we will never scrub, even if they land on the configuration denylist.
+      ALWAYS_ALLOWLISTED = %w[User-Agent].freeze
 
-      # Headers that will always be scrubbed, even if whitelisted.
-      ALWAYS_BLACKLISTED = %w[Cookie Authorization].freeze
+      # Headers that will always be scrubbed, even if allowlisted.
+      ALWAYS_DENYLISTED = %w[Cookie Authorization].freeze
 
-      private_constant :ALWAYS_WHITELISTED, :ALWAYS_BLACKLISTED
+      private_constant :ALWAYS_ALLOWLISTED, :ALWAYS_DENYLISTED
 
       # @param headers [Hash]
       def initialize(headers)
         @headers = headers
-        @no_whitelist = Castle.config.whitelisted.empty?
+        @no_allowlist = Castle.config.allowlisted.empty?
       end
 
       # Serialize HTTP headers
@@ -33,10 +33,10 @@ module Castle
       # @param value [String]
       # @return [TrueClass | FalseClass | String]
       def header_value(name, value)
-        return true if ALWAYS_BLACKLISTED.include?(name)
-        return value if ALWAYS_WHITELISTED.include?(name)
-        return true if Castle.config.blacklisted.include?(name)
-        return value if @no_whitelist || Castle.config.whitelisted.include?(name)
+        return true if ALWAYS_DENYLISTED.include?(name)
+        return value if ALWAYS_ALLOWLISTED.include?(name)
+        return true if Castle.config.denylisted.include?(name)
+        return value if @no_allowlist || Castle.config.allowlisted.include?(name)
 
         true
       end

data/lib/castle/extractors/ip.rb

@@ -5,47 +5,56 @@ module Castle
     # used for extraction of ip from the request
     class IP
       # ordered list of ip headers for ip extraction
-      DEFAULT = %w[X-Forwarded-For Client-Ip Remote-Addr].freeze
-      # default header fallback when ip is not found
-      FALLBACK = 'Remote-Addr'
+      DEFAULT = %w[X-Forwarded-For Remote-Addr].freeze
+      # list of header which are used with proxy depth setting
+      DEPTH_RELATED = %w[X-Forwarded-For].freeze
 
-      private_constant :FALLBACK, :DEFAULT
+      private_constant :DEFAULT
 
       # @param headers [Hash]
       def initialize(headers)
         @headers = headers
-        @ip_headers = Castle.config.ip_headers + DEFAULT
+        @ip_headers = Castle.config.ip_headers.empty? ? DEFAULT : Castle.config.ip_headers
         @proxies = Castle.config.trusted_proxies + Castle::Configuration::TRUSTED_PROXIES
+        @trust_proxy_chain = Castle.config.trust_proxy_chain
+        @trusted_proxy_depth = Castle.config.trusted_proxy_depth
       end
 
       # Order of headers:
       #   .... list of headers defined by ip_headers
       #   X-Forwarded-For
-      #   Client-Ip is
       #   Remote-Addr
       # @return [String]
       def call
+        all_ips = []
+
         @ip_headers.each do |ip_header|
-          ip_value = calculate_ip(ip_header)
+          ips = ips_from(ip_header)
+          ip_value = remove_proxies(ips)
+
           return ip_value if ip_value
+
+          all_ips.push(*ips)
         end
 
-        @headers[FALLBACK]
+        # fallback to first listed ip
+        all_ips.first
       end
 
       private
 
-      # @param header [String]
-      # @return [String]
-      def calculate_ip(header)
-        ips = ips_from(header)
-        remove_proxies(ips).first
-      end
-
       # @param ips [Array<String>]
       # @return [Array<String>]
       def remove_proxies(ips)
-        ips.reject { |ip| @proxies.any? { |proxy| proxy.match(ip) } }
+        return ips.first if @trust_proxy_chain
+
+        ips.reject { |ip| proxy?(ip) }.last
+      end
+
+      # @param ip [String]
+      # @return [Boolean]
+      def proxy?(ip)
+        @proxies.any? { |proxy| proxy.match(ip) }
       end
 
       # @param header [String]
@@ -55,7 +64,18 @@ module Castle
 
         return [] unless value
 
-        value.strip.split(/[,\s]+/).reverse
+        ips = value.strip.split(/[,\s]+/)
+
+        limit_proxy_depth(ips, header)
+      end
+
+      # @param ips [Array<String>]
+      # @param ip_header [String]
+      # @return [Array<String>]
+      def limit_proxy_depth(ips, ip_header)
+        ips.pop(@trusted_proxy_depth) if DEPTH_RELATED.include?(ip_header)
+
+        ips
       end
     end
   end

data/lib/castle/{header_filter.rb → headers_filter.rb}

@@ -2,23 +2,23 @@
 
 module Castle
   # used for preparing valuable headers list
-  class HeaderFilter
+  class HeadersFilter
     # headers filter
     # HTTP_ - this is how Rack prefixes incoming HTTP headers
     # CONTENT_LENGTH - for responses without Content-Length or Transfer-Encoding header
     # REMOTE_ADDR - ip address header returned by web server
-    VALUABLE_HEADERS = /^(
-      HTTP_.*|
-      CONTENT_LENGTH|
-      REMOTE_ADDR
-    )$/x.freeze
+    VALUABLE_HEADERS = /^
+      HTTP(?:_|-).*|
+      CONTENT(?:_|-)LENGTH|
+      REMOTE(?:_|-)ADDR
+    $/xi.freeze
 
     private_constant :VALUABLE_HEADERS
 
     # @param request [Rack::Request]
     def initialize(request)
       @request_env = request.env
-      @formatter = HeaderFormatter.new
+      @formatter = HeadersFormatter
     end
 
     # Serialize HTTP headers

data/lib/castle/headers_formatter.rb

@@ -0,0 +1,22 @@
+# frozen_string_literal: true
+
+module Castle
+  # formats header name
+  class HeadersFormatter
+    class << self
+      # @param header [String]
+      # @return [String]
+      def call(header)
+        format(header.to_s.gsub(/^HTTP(?:_|-)/i, ''))
+      end
+
+      private
+
+      # @param header [String]
+      # @return [String]
+      def format(header)
+        header.split(/_|-/).map(&:capitalize).join('-')
+      end
+    end
+  end
+end

data/lib/castle/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module Castle
-  VERSION = '4.0.0'
+  VERSION = '5.0.0'
 end

data/spec/lib/castle/api/connection_spec.rb

@@ -0,0 +1,59 @@
+# frozen_string_literal: true
+
+describe Castle::API::Connection do
+  describe '.call' do
+    subject(:class_call) { described_class.call }
+
+    context 'when ssl false' do
+      let(:localhost) { 'localhost' }
+      let(:port) { 3002 }
+      let(:api_url) { '/test' }
+
+      before do
+        Castle.config.url = 'http://localhost:3002'
+
+        allow(Net::HTTP)
+          .to receive(:new)
+          .with(localhost, port)
+          .and_call_original
+      end
+
+      it do
+        class_call
+
+        expect(Net::HTTP)
+          .to have_received(:new)
+          .with(localhost, port)
+      end
+
+      it do
+        expect(class_call).to be_an_instance_of(Net::HTTP)
+      end
+    end
+
+    context 'when ssl true' do
+      let(:localhost) { 'localhost' }
+      let(:port) { 443 }
+
+      before do
+        Castle.config.url = 'https://localhost'
+      end
+
+      context 'with block' do
+        let(:api_url) { '/test' }
+        let(:request) { Net::HTTP::Get.new(api_url) }
+
+        before do
+          allow(Net::HTTP)
+            .to receive(:new)
+            .with(localhost, port)
+            .and_call_original
+        end
+
+        it do
+          expect(class_call).to be_an_instance_of(Net::HTTP)
+        end
+      end
+    end
+  end
+end

data/spec/lib/castle/api/request_spec.rb

@@ -2,59 +2,97 @@
 
 describe Castle::API::Request do
   describe '#call' do
-    subject(:call) { described_class.call(command, api_secret, headers) }
-
-    let(:http) { instance_double('Net::HTTP') }
-    let(:request_build) { instance_double('Castle::API::Request::Build') }
     let(:command) { Castle::Commands::Track.new({}).build(event: '$login.succeeded') }
     let(:headers) { {} }
     let(:api_secret) { 'secret' }
+    let(:request_build) { {} }
     let(:expected_headers) { { 'Content-Type' => 'application/json' } }
+    let(:http) { instance_double('Net::HTTP') }
 
-    before do
-      allow(described_class).to receive(:http).and_return(http)
-      allow(http).to receive(:request).with(request_build)
-      allow(Castle::API::Request::Build).to receive(:call)
-        .with(command, expected_headers, api_secret)
-        .and_return(request_build)
-      call
-    end
+    context 'without http arg provided' do
+      subject(:call) { described_class.call(command, api_secret, headers) }
 
-    it do
-      expect(Castle::API::Request::Build).to have_received(:call)
-        .with(command, expected_headers, api_secret)
-    end
+      let(:http) { instance_double('Net::HTTP') }
+      let(:command) { Castle::Commands::Track.new({}).build(event: '$login.succeeded') }
+      let(:headers) { {} }
+      let(:api_secret) { 'secret' }
+      let(:request_build) { {} }
+      let(:expected_headers) { { 'Content-Type' => 'application/json' } }
 
-    it { expect(http).to have_received(:request).with(request_build) }
-  end
+      before do
+        allow(Castle::API::Connection).to receive(:call).and_return(http)
+        allow(http).to receive(:request)
+        allow(described_class).to receive(:build).and_return(request_build)
+        call
+      end
+
+      it do
+        expect(described_class).to have_received(:build).with(command, expected_headers, api_secret)
+      end
+
+      it { expect(http).to have_received(:request).with(request_build) }
+    end
 
-  describe '#http' do
-    subject(:http) { described_class.http }
+    context 'with http arg provided' do
+      subject(:call) { described_class.call(command, api_secret, headers, http) }
 
-    context 'when ssl false' do
       before do
-        Castle.config.host = 'localhost'
-        Castle.config.port = 3002
+        allow(Castle::API::Connection).to receive(:call)
+        allow(http).to receive(:request)
+        allow(described_class).to receive(:build).and_return(request_build)
+        call
       end
 
-      after do
-        Castle.config.host = Castle::Configuration::HOST
-        Castle.config.port = Castle::Configuration::PORT
+      it { expect(Castle::API::Connection).not_to have_received(:call) }
+
+      it do
+        expect(described_class).to have_received(:build).with(command, expected_headers, api_secret)
       end
 
-      it { expect(http).to be_instance_of(Net::HTTP) }
-      it { expect(http.address).to eq(Castle.config.host) }
-      it { expect(http.port).to eq(Castle.config.port) }
-      it { expect(http.use_ssl?).to be false }
-      it { expect(http.verify_mode).to be_nil }
+      it { expect(http).to have_received(:request).with(request_build) }
+    end
+  end
+
+  describe '#build' do
+    subject(:build) { described_class.build(command, headers, api_secret) }
+
+    let(:headers) { { 'SAMPLE-HEADER' => '1' } }
+    let(:api_secret) { 'secret' }
+
+    context 'when get' do
+      let(:command) { Castle::Commands::Review.build(review_id) }
+      let(:review_id) { SecureRandom.uuid }
+
+      it { expect(build.body).to be_nil }
+      it { expect(build.method).to eql('GET') }
+      it { expect(build.path).to eql("/v1/#{command.path}") }
+      it { expect(build.to_hash).to have_key('authorization') }
+      it { expect(build.to_hash).to have_key('sample-header') }
+      it { expect(build.to_hash['sample-header']).to eql(['1']) }
     end
 
-    context 'when ssl true' do
-      it { expect(http).to be_instance_of(Net::HTTP) }
-      it { expect(http.address).to eq(Castle.config.host) }
-      it { expect(http.port).to eq(Castle.config.port) }
-      it { expect(http.use_ssl?).to be true }
-      it { expect(http.verify_mode).to eq(OpenSSL::SSL::VERIFY_PEER) }
+    context 'when post' do
+      let(:time) { Time.now.utc.iso8601(3) }
+      let(:command) do
+        Castle::Commands::Track.new({}).build(event: '$login.succeeded', name: "\xC4")
+      end
+      let(:expected_body) do
+        {
+          event: '$login.succeeded',
+          name: '�',
+          context: {},
+          sent_at: time
+        }
+      end
+
+      before { allow(Castle::Utils::Timestamp).to receive(:call).and_return(time) }
+
+      it { expect(build.body).to be_eql(expected_body.to_json) }
+      it { expect(build.method).to eql('POST') }
+      it { expect(build.path).to eql("/v1/#{command.path}") }
+      it { expect(build.to_hash).to have_key('authorization') }
+      it { expect(build.to_hash).to have_key('sample-header') }
+      it { expect(build.to_hash['sample-header']).to eql(['1']) }
     end
   end
 end

data/spec/lib/castle/api/session_spec.rb

@@ -0,0 +1,86 @@
+# frozen_string_literal: true
+
+describe Castle::API::Session do
+  describe '.call' do
+    context 'when ssl false' do
+      let(:localhost) { 'localhost' }
+      let(:port) { 3002 }
+
+      before do
+        Castle.config.url = 'http://localhost:3002'
+        stub_request(:get, 'localhost:3002/test').to_return(status: 200, body: '{}', headers: {})
+      end
+
+      context 'with block' do
+        let(:api_url) { '/test' }
+        let(:request) { Net::HTTP::Get.new(api_url) }
+
+        before do
+          allow(Net::HTTP)
+            .to receive(:new)
+            .with(localhost, port)
+            .and_call_original
+
+          described_class.call do |http|
+            http.request(request)
+          end
+        end
+
+        it do
+          expect(Net::HTTP)
+            .to have_received(:new)
+            .with(localhost, port)
+        end
+
+        it do
+          expect(a_request(:get, 'localhost:3002/test'))
+            .to have_been_made.once
+        end
+      end
+
+      context 'without block' do
+        before { described_class.call }
+
+        it do
+          expect(a_request(:get, 'localhost:3002/test'))
+            .not_to have_been_made
+        end
+      end
+    end
+
+    context 'when ssl true' do
+      let(:localhost) { 'localhost' }
+      let(:port) { 443 }
+
+      before do
+        Castle.config.url = 'https://localhost'
+        stub_request(:get, 'https://localhost/test').to_return(status: 200, body: '{}', headers: {})
+      end
+
+      context 'with block' do
+        let(:api_url) { '/test' }
+        let(:request) { Net::HTTP::Get.new(api_url) }
+
+        before do
+          allow(Net::HTTP)
+            .to receive(:new)
+            .with(localhost, port)
+            .and_call_original
+
+          allow(Net::HTTP)
+            .to receive(:start)
+
+          described_class.call do |http|
+            http.request(request)
+          end
+        end
+
+        it do
+          expect(Net::HTTP)
+            .to have_received(:new)
+            .with(localhost, port)
+        end
+      end
+    end
+  end
+end