castle-rb 4.1.0 → 4.2.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/README.md +2 -2
- data/lib/castle/extractors/ip.rb +12 -16
- data/lib/castle/version.rb +1 -1
- data/spec/lib/castle/extractors/ip_spec.rb +5 -5
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 9e257285772f0ea234bc5ffce99cfccabdd31205c9bd09c6b210f633ea691728
|
|
4
|
+
data.tar.gz: dbe175f86dc14f5e246e502452ff7e65de27dc82966428262f440e8acbfcf295
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: a25b09f89b7d0b589b215e58bfd2b3436954da93a99d141e1dc7282b8350480a289e1b852b1cd5afdcf8f0a924b0b6062771da73ba6ad6c10fd179b214de2c59
|
|
7
|
+
data.tar.gz: faa3a957367aaad5e16bb9330b7a63e7ca607468f8e46ba75f99fce05b328bccfa59d2908051b3488605cb9517c7f6f3cf4f6d1a98d7fa68df9a569a9f60d3a5
|
data/README.md
CHANGED
|
@@ -87,12 +87,12 @@ Castle.configure do |config|
|
|
|
87
87
|
config.blacklisted = ['HTTP-X-header']
|
|
88
88
|
|
|
89
89
|
# Castle needs the original IP of the client, not the IP of your proxy or load balancer.
|
|
90
|
-
# we try to fetch proper ip based on X-Forwarded-For
|
|
90
|
+
# we try to fetch proper ip based on X-Forwarded-For or Remote-Addr headers in that order
|
|
91
91
|
# but sometimes proper ip may be stored in different header or order could be different.
|
|
92
92
|
# SDK can extract ip automatically for you, but you must configure which ip_headers you would like to use
|
|
93
93
|
configuration.ip_headers = []
|
|
94
94
|
|
|
95
|
-
# Additionally to make X-Forwarded-For
|
|
95
|
+
# Additionally to make X-Forwarded-For and other headers work better discovering client ip address,
|
|
96
96
|
# and not the address of a reverse proxy server, you can define trusted proxies
|
|
97
97
|
# which will help to fetch proper ip from those headers
|
|
98
98
|
configuration.trusted_proxies = []
|
data/lib/castle/extractors/ip.rb
CHANGED
|
@@ -5,43 +5,39 @@ module Castle
|
|
|
5
5
|
# used for extraction of ip from the request
|
|
6
6
|
class IP
|
|
7
7
|
# ordered list of ip headers for ip extraction
|
|
8
|
-
DEFAULT = %w[X-Forwarded-For
|
|
9
|
-
# default header fallback when ip is not found
|
|
10
|
-
FALLBACK = 'Remote-Addr'
|
|
8
|
+
DEFAULT = %w[X-Forwarded-For Remote-Addr].freeze
|
|
11
9
|
|
|
12
|
-
private_constant :
|
|
10
|
+
private_constant :DEFAULT
|
|
13
11
|
|
|
14
12
|
# @param headers [Hash]
|
|
15
13
|
def initialize(headers)
|
|
16
14
|
@headers = headers
|
|
17
|
-
@ip_headers = Castle.config.ip_headers
|
|
15
|
+
@ip_headers = Castle.config.ip_headers.empty? ? DEFAULT : Castle.config.ip_headers
|
|
18
16
|
@proxies = Castle.config.trusted_proxies + Castle::Configuration::TRUSTED_PROXIES
|
|
19
17
|
end
|
|
20
18
|
|
|
21
19
|
# Order of headers:
|
|
22
20
|
# .... list of headers defined by ip_headers
|
|
23
21
|
# X-Forwarded-For
|
|
24
|
-
# Client-Ip is
|
|
25
22
|
# Remote-Addr
|
|
26
23
|
# @return [String]
|
|
27
24
|
def call
|
|
25
|
+
all_ips = []
|
|
26
|
+
|
|
28
27
|
@ip_headers.each do |ip_header|
|
|
29
|
-
|
|
28
|
+
ips = ips_from(ip_header)
|
|
29
|
+
ip_value = remove_proxies(ips).last
|
|
30
30
|
return ip_value if ip_value
|
|
31
|
+
|
|
32
|
+
all_ips.push(*ips)
|
|
31
33
|
end
|
|
32
34
|
|
|
33
|
-
|
|
35
|
+
# fallback to first whatever ip
|
|
36
|
+
all_ips.first
|
|
34
37
|
end
|
|
35
38
|
|
|
36
39
|
private
|
|
37
40
|
|
|
38
|
-
# @param header [String]
|
|
39
|
-
# @return [String]
|
|
40
|
-
def calculate_ip(header)
|
|
41
|
-
ips = ips_from(header)
|
|
42
|
-
remove_proxies(ips).first
|
|
43
|
-
end
|
|
44
|
-
|
|
45
41
|
# @param ips [Array<String>]
|
|
46
42
|
# @return [Array<String>]
|
|
47
43
|
def remove_proxies(ips)
|
|
@@ -61,7 +57,7 @@ module Castle
|
|
|
61
57
|
|
|
62
58
|
return [] unless value
|
|
63
59
|
|
|
64
|
-
value.strip.split(/[,\s]+/)
|
|
60
|
+
value.strip.split(/[,\s]+/)
|
|
65
61
|
end
|
|
66
62
|
end
|
|
67
63
|
end
|
data/lib/castle/version.rb
CHANGED
|
@@ -21,20 +21,20 @@ describe Castle::Extractors::IP do
|
|
|
21
21
|
end
|
|
22
22
|
|
|
23
23
|
context 'with uppercase format' do
|
|
24
|
-
before { Castle.config.ip_headers = %w[CF_CONNECTING_IP] }
|
|
24
|
+
before { Castle.config.ip_headers = %w[CF_CONNECTING_IP X-Forwarded-For] }
|
|
25
25
|
|
|
26
26
|
it { expect(extractor.call).to eql('1.2.3.4') }
|
|
27
27
|
end
|
|
28
28
|
|
|
29
29
|
context 'with regular format' do
|
|
30
|
-
before { Castle.config.ip_headers = %w[Cf-Connecting-Ip] }
|
|
30
|
+
before { Castle.config.ip_headers = %w[Cf-Connecting-Ip X-Forwarded-For] }
|
|
31
31
|
|
|
32
32
|
it { expect(extractor.call).to eql('1.2.3.4') }
|
|
33
33
|
end
|
|
34
34
|
|
|
35
|
-
context 'with value from trusted proxies' do
|
|
35
|
+
context 'with value from trusted proxies it get seconds header' do
|
|
36
36
|
before do
|
|
37
|
-
Castle.config.ip_headers = %w[Cf-Connecting-Ip]
|
|
37
|
+
Castle.config.ip_headers = %w[Cf-Connecting-Ip X-Forwarded-For]
|
|
38
38
|
Castle.config.trusted_proxies = %w[1.2.3.4]
|
|
39
39
|
end
|
|
40
40
|
|
|
@@ -49,7 +49,7 @@ describe Castle::Extractors::IP do
|
|
|
49
49
|
|
|
50
50
|
let(:headers) { { 'Remote-Addr' => '127.0.0.1', 'X-Forwarded-For' => http_x_header } }
|
|
51
51
|
|
|
52
|
-
it 'fallbacks to
|
|
52
|
+
it 'fallbacks to first available header when all headers are marked trusted proxy' do
|
|
53
53
|
expect(extractor.call).to eql('127.0.0.1')
|
|
54
54
|
end
|
|
55
55
|
end
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: castle-rb
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 4.
|
|
4
|
+
version: 4.2.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Johan Brissmyr
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2020-03-
|
|
11
|
+
date: 2020-03-31 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: appraisal
|