cloudflare-rails 0.3.0 → 1.0.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
-SHA1:
-  metadata.gz: 1225ba25a51c6f0b3d5ba48801e6527272e35d3f
-  data.tar.gz: f446b188758165beea703630fe96be0a864d90d2
+SHA256:
+  metadata.gz: fcb7d261366df6768af3b9884a18e8b782d6cf5f81f11ef14c18b017d394041f
+  data.tar.gz: 5870001e58046915a6bdd8c47f10241e5f54bf161bd5c771da685276cee2185f
 SHA512:
-  metadata.gz: 309f497551c826237d548f206854315f2d2fcca80290a543c30d6cfaa8a1f8b3e43a71a19d823e39c04447d4087cdc9d3b726d94fdbde2fa73d15a6bfcbff739
-  data.tar.gz: d8aa9f9ddd5ad98c8da10358be8338670d71ee2571a6ba5d360e61fd2aa98b17fc1c664dec28918b1cbe90313880780d6f7dea295a3fbd1d0a818deed150be09
+  metadata.gz: 014abb7c27aa87e3f30a1b9c3e0daf09597cee895e6818af203a70de0c1c87648357a4e5eb138c3e9439cd1a5406d17ae099be32652cc432b023e7642e592bb2
+  data.tar.gz: fdcfe22eddcea78cbcbac63fbb50a715715bf7de0ac9e0a3139f288b466f747e5bffb984512af4a288db70063ba78978a6f2f7bc3eab73e761a8e98483af976c

data/.circleci/config.yml

@@ -0,0 +1,49 @@
+# Ruby CircleCI 2.0 configuration file
+#
+# Check https://circleci.com/docs/2.0/language-ruby/ for more details
+#
+version: 2
+jobs:
+  build:
+    docker:
+      # specify the version you desire here
+      - image: circleci/ruby:2.7.0
+
+    working_directory: ~/repo
+
+    steps:
+      - checkout
+
+      # Download and cache dependencies
+      - restore_cache:
+          keys:
+          - v1-dependencies-{{ checksum "cloudflare-rails.gemspec" }}-{{ checksum "Appraisals" }}
+          # fallback to using the latest cache if no exact match is found
+          - v1-dependencies-
+
+      - run:
+          name: install dependencies
+          command: |
+            bundle install --jobs=4 --retry=3 --path vendor/bundle
+
+      - run:
+          name: install appraisal versions
+          command: |
+            bundle exec appraisal install
+
+      - save_cache:
+          paths:
+            - ./vendor/bundle
+          key: v1-dependencies-{{ checksum "cloudflare-rails.gemspec" }}-{{ checksum "Appraisals" }}
+
+      # run tests!
+      - run:
+          name: run tests
+          command: |
+            bundle exec appraisal rake
+      # collect reports
+      - store_test_results:
+          path: tmp/rspec
+      - store_artifacts:
+          path: tmp/rspec
+          destination: test-results

data/.github/dependabot.yml

@@ -0,0 +1,8 @@
+version: 2
+updates:
+- package-ecosystem: bundler
+  directory: "/"
+  schedule:
+    interval: daily
+    time: "13:00"
+  open-pull-requests-limit: 10

data/.gitignore

@@ -10,3 +10,6 @@
 /log/
 .ruby-gemset
 .ruby-version
+.DS_Store
+
+*.gemfile.lock

data/.rspec

@@ -1,2 +1,4 @@
---format p
+--format d
 --color
+--format RspecJunitFormatter
+--out tmp/rspec/rspec-<%= File.basename ENV['BUNDLE_GEMFILE'] %><%= ENV["RACK_ATTACK"]  ? "-rack-attack-#{ENV["RACK_ATTACK"]}" : '' %>.xml

data/.rubocop.yml

@@ -0,0 +1,5 @@
+inherit_from:
+  - .rubocop_airbnb.yml
+  - .rubocop_todo.yml
+AllCops:
+  TargetRubyVersion: 2.4

data/.rubocop_airbnb.yml

@@ -0,0 +1,2 @@
+require:
+  - rubocop-airbnb

data/.rubocop_todo.yml

@@ -0,0 +1,39 @@
+# This configuration was generated by
+# `rubocop --auto-gen-config`
+# on 2018-06-03 21:15:22 -0700 using RuboCop version 0.52.1.
+# The point is for the user to remove these configuration records
+# one by one as the offenses are removed from the code base.
+# Note that changes in the inspected code, or installation of new
+# versions of RuboCop, may require this file to be generated again.
+
+# Offense count: 4
+# Cop supports --auto-correct.
+Layout/MultilineBlockLayout:
+  Exclude:
+    - 'spec/cloudflare/rails_spec.rb'
+
+# Offense count: 4
+# Cop supports --auto-correct.
+# Configuration parameters: EnforcedStyle, EnforcedStyleForEmptyBraces, SpaceBeforeBlockParameters.
+# SupportedStyles: space, no_space
+# SupportedStylesForEmptyBraces: space, no_space
+Layout/SpaceInsideBlockBraces:
+  Exclude:
+    - 'spec/cloudflare/rails_spec.rb'
+
+# Offense count: 4
+# Cop supports --auto-correct.
+# Configuration parameters: EnforcedStyle, ProceduralMethods, FunctionalMethods, IgnoredMethods.
+# SupportedStyles: line_count_based, semantic, braces_for_chaining
+# ProceduralMethods: benchmark, bm, bmbm, create, each_with_object, measure, new, realtime, tap, with_object
+# FunctionalMethods: let, let!, subject, watch
+# IgnoredMethods: lambda, proc, it
+Style/BlockDelimiters:
+  Exclude:
+    - 'spec/cloudflare/rails_spec.rb'
+
+# Offense count: 6
+# Configuration parameters: AllowHeredoc, AllowURI, URISchemes, IgnoreCopDirectives, IgnoredPatterns.
+# URISchemes: http, https
+Metrics/LineLength:
+  Max: 126

data/Appraisals

@@ -0,0 +1,15 @@
+appraise "rails-5.0" do
+  gem "rails", "~> 5.0.0"
+end
+
+appraise "rails-5.1" do
+  gem "rails", "~> 5.1.0"
+end
+
+appraise "rails-5.2" do
+  gem "rails", "~> 5.2.0"
+end
+
+appraise "rails-6.0" do
+  gem "rails", "~> 6.0.0"
+end

data/CHANGELOG.md

@@ -0,0 +1,12 @@
+# Changelog
+All notable changes to this project will be documented in this file.
+
+The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
+and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
+
+## [Unreleased]
+
+## [1.0.0] - 2020-09-29
+### Added
+
+- Fix various [loading order issues](https://github.com/modosc/cloudflare-rails/pull/25).

data/README.md

@@ -1,12 +1,11 @@
-# Cloudflare::Rails [![Gem Version](https://badge.fury.io/rb/cloudflare-rails.svg)](https://badge.fury.io/rb/cloudflare-rails)
-
+# Cloudflare::Rails [![Gem Version](https://badge.fury.io/rb/cloudflare-rails.svg)](https://badge.fury.io/rb/cloudflare-rails) [![CircleCI](https://circleci.com/gh/modosc/cloudflare-rails/tree/master.svg?style=shield)](https://circleci.com/gh/modosc/cloudflare-rails/tree/master)
 This gem correctly configures Rails for [CloudFlare](https://www.cloudflare.com) so that `request.remote_ip` / `request.ip` both work correctly.
 
 ## Rails Compatibility
 
-For Rails 5, use 0.2.x
+For Rails 5 / 6, use >= `0.6.x`
 
-For Rails 4.2, use 0.1.x
+For Rails 4.2, use `0.1.x`
 
 ## Installation
 
@@ -24,14 +23,19 @@ And then execute:
 
     $ bundle
 
-## Usage
+## Problem
 
-This code will fetch CloudFlare's current [IPv4](https://www.cloudflare.com/ips-v4) and [IPv6](https://www.cloudflare.com/ips-v6) lists, store them in `Rails.cache`, and add them to `config.cloudflare.ips`.
+Using Cloudflare means it's hard to identify the IP address of incoming requests since all requests are proxied through Cloudflare's infrastructure. Cloudflare provides a [CF-Connecting-IP](https://support.cloudflare.com/hc/en-us/articles/200170986-How-does-Cloudflare-handle-HTTP-Request-headers-) header which can be used to identify the originating IP address of a request. However, this header alone doesn't verify a request is legitimate. If an attacker has found the actual IP address of your server they could spoof this header and masquerade as legitimate traffic. 
+
+`cloudflare-rails` mitigates this attack by checking that the originating ip address of any incoming connecting is from one of Cloudflare's ip address ranges. If so, the incoming `X-Forwarded-For` header is trusted and used as the ip address provided to `rack` and `rails` (via `request.ip` and `request.remote_ip`). If the incoming connection does not originate from a Cloudflare server then the `X-Forwarded-For` header is ignored and the actual remote ip address is used.
+
+## Usage
+This code will fetch CloudFlare's current [IPv4](https://www.cloudflare.com/ips-v4) and [IPv6](https://www.cloudflare.com/ips-v6) lists, store them in `Rails.cache`, and add them to `config.cloudflare.ips`. The `X-Forwarded-For` header will then be trusted only from those ip addresses. 
 
 You can configure the HTTP `timeout` and `expires_in` cache parameters inside of your rails config:
-```
+```ruby
 config.cloudflare.expires_in = 12.hours # default value
-config.cloudfalre.timeout = 5.seconds # default value
+config.cloudflare.timeout = 5.seconds # default value
 ```
 
 ## Alternatives

data/Rakefile

@@ -3,4 +3,22 @@ require "rspec/core/rake_task"
 
 RSpec::Core::RakeTask.new(:spec)
 
-task :default => :spec
+task :without_rack_attack do
+  ENV.delete 'RACK_ATTACK'
+  Rake::Task["spec"].reenable
+  Rake::Task["spec"].invoke
+end
+
+task :with_rack_attack_first do
+  ENV['RACK_ATTACK'] = 'first'
+  Rake::Task["spec"].reenable
+  Rake::Task["spec"].invoke
+end
+
+task :with_rack_attack_last do
+  ENV['RACK_ATTACK'] = 'last'
+  Rake::Task["spec"].reenable
+  Rake::Task["spec"].invoke
+end
+
+task :default => [:without_rack_attack, :with_rack_attack_first, :with_rack_attack_last]

data/cloudflare-rails.gemspec

@@ -1,4 +1,5 @@
 # coding: utf-8
+
 lib = File.expand_path('../lib', __FILE__)
 $LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
 require 'cloudflare/rails/version'
@@ -19,14 +20,19 @@ Gem::Specification.new do |spec|
   spec.executables   = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
   spec.require_paths = ["lib"]
 
-  spec.add_development_dependency "bundler", "~> 1.10"
-  spec.add_development_dependency "rake", "~> 10.0"
-  spec.add_development_dependency "rspec"
-  spec.add_development_dependency "rspec-rails"
-  spec.add_development_dependency "webmock"
+  spec.add_development_dependency "bundler", "~> 2.1.2"
+  spec.add_development_dependency "rake", "~> 13.0.1"
+  spec.add_development_dependency "rspec_junit_formatter", "~> 0.4.1"
+  spec.add_development_dependency "rspec-rails", "~> 4.0.0"
+  spec.add_development_dependency "rspec", "~> 3.9.0"
+  spec.add_development_dependency "rubocop-airbnb", "~> 3.0.2"
+  spec.add_development_dependency "webmock", "~> 3.9.1"
+  spec.add_development_dependency "rack-attack", "~> 6.3.0"
+  spec.add_development_dependency "pry-byebug"
+  spec.add_development_dependency "appraisal"
 
-  spec.add_dependency "rails", "~> 5.0"
-  spec.add_dependency 'httparty'
+  spec.add_dependency "httparty"
+  spec.add_dependency "rails", ">= 5.0", "< 6.1.0"
 
   # we need Module#prepend
   spec.required_ruby_version = '>= 2.0'

data/gemfiles/.bundle/config

@@ -0,0 +1,2 @@
+---
+BUNDLE_RETRY: "1"

data/gemfiles/rails_5.0.gemfile

@@ -0,0 +1,7 @@
+# This file was generated by Appraisal
+
+source "https://rubygems.org"
+
+gem "rails", "~> 5.0.0"
+
+gemspec path: "../"

data/gemfiles/rails_5.1.gemfile

@@ -0,0 +1,7 @@
+# This file was generated by Appraisal
+
+source "https://rubygems.org"
+
+gem "rails", "~> 5.1.0"
+
+gemspec path: "../"

data/gemfiles/rails_5.2.gemfile

@@ -0,0 +1,7 @@
+# This file was generated by Appraisal
+
+source "https://rubygems.org"
+
+gem "rails", "~> 5.2.0"
+
+gemspec path: "../"

data/gemfiles/rails_6.0.gemfile

@@ -0,0 +1,7 @@
+# This file was generated by Appraisal
+
+source "https://rubygems.org"
+
+gem "rails", "~> 6.0.0"
+
+gemspec path: "../"

data/lib/cloudflare/rails.rb

@@ -3,8 +3,6 @@ require "httparty"
 
 module Cloudflare
   module Rails
-  
-
   end
 end
 

data/lib/cloudflare/rails/railtie.rb

@@ -3,28 +3,22 @@ require "httparty"
 module Cloudflare
   module Rails
     class Railtie < ::Rails::Railtie
-
       # patch rack::request::helpers to use our cloudflare ips - this way request.ip is
       # correct inside of rack and rails
       module CheckTrustedProxies
         def trusted_proxy?(ip)
-          ::Rails.application.config.cloudflare.ips.any?{ |proxy| proxy === ip } || super
+          ::Rails.application.config.cloudflare.ips.any? { |proxy| proxy === ip } || super
         end
       end
 
-      Rack::Request::Helpers.prepend CheckTrustedProxies
-
       # patch ActionDispatch::RemoteIP to use our cloudflare ips - this way
       # request.remote_ip is correct inside of rails
       module RemoteIpProxies
-
         def proxies
           super + ::Rails.application.config.cloudflare.ips
         end
       end
 
-      ActionDispatch::RemoteIp.prepend RemoteIpProxies
-
       class Importer
         include HTTParty
         base_uri 'https://www.cloudflare.com'
@@ -33,8 +27,8 @@ module Cloudflare
 
         class ResponseError < HTTParty::ResponseError; end
 
-        IPS_V4_URL = '/ips-v4'
-        IPS_V6_URL = '/ips-v6'
+        IPS_V4_URL = '/ips-v4'.freeze
+        IPS_V6_URL = '/ips-v6'.freeze
 
         class << self
           def ips_v6
@@ -48,19 +42,17 @@ module Cloudflare
           def fetch(url)
             resp = get url, timeout: ::Rails.application.config.cloudflare.timeout
             if resp.success?
-              resp.body.split("\n").reject(&:blank?).map{|ip| IPAddr.new ip}
+              resp.body.split("\n").reject(&:blank?).map { |ip| IPAddr.new ip }
             else
-              raise ResponseError.new(resp.response)
+              raise ResponseError, resp.response
             end
           end
 
           def fetch_with_cache(type)
             ::Rails.cache.fetch("cloudflare-rails:#{type}", expires_in: ::Rails.application.config.cloudflare.expires_in) do
-              self.send type
+              send type
             end
           end
-
-
         end
       end
 
@@ -68,8 +60,8 @@ module Cloudflare
       DEFAULTS = {
         expires_in: 12.hours,
         timeout: 5.seconds,
-        ips: Array.new
-      }
+        ips: [],
+      }.freeze
 
       config.before_configuration do |app|
         app.config.cloudflare = ActiveSupport::OrderedOptions.new
@@ -85,11 +77,22 @@ module Cloudflare
             ::Rails.application.config.cloudflare.ips += Importer.fetch_with_cache(type)
           rescue Importer::ResponseError => e
             ::Rails.logger.error "Cloudflare::Rails: Couldn't import #{type} blocks from CloudFlare: #{e.response}"
-          rescue => e
-            ::Rails.logger.error "Cloudflare::Rails: Got exception: #{e} for type:#{type}"
+          rescue StandardError => e
+            ::Rails.logger.error "Cloudflare::Rails: Got exception: #{e} for type: #{type}"
           end
         end
+      end
+      initializer "my_railtie.configure_rails_initialization" do
+        Rack::Request::Helpers.prepend CheckTrustedProxies
+
+        ObjectSpace.each_object(Class).
+          select do |c|
+            c.included_modules.include?(Rack::Request::Helpers) &&
+            !c.included_modules.include?(CheckTrustedProxies)
+          end.
+          map { |c| c .prepend CheckTrustedProxies }
 
+        ActionDispatch::RemoteIp.prepend RemoteIpProxies
       end
     end
   end

data/lib/cloudflare/rails/version.rb

@@ -1,5 +1,5 @@
 module Cloudflare
   module Rails
-    VERSION = "0.3.0"
+    VERSION = "1.0.0".freeze
   end
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: cloudflare-rails
 version: !ruby/object:Gem::Version
-  version: 0.3.0
+  version: 1.0.0
 platform: ruby
 authors:
 - jonathan schatz
-autorequire: 
+autorequire:
 bindir: exe
 cert_chain: []
-date: 2017-09-28 00:00:00.000000000 Z
+date: 2020-09-30 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler
@@ -16,44 +16,114 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.10'
+        version: 2.1.2
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.10'
+        version: 2.1.2
 - !ruby/object:Gem::Dependency
   name: rake
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '10.0'
+        version: 13.0.1
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '10.0'
+        version: 13.0.1
 - !ruby/object:Gem::Dependency
-  name: rspec
+  name: rspec_junit_formatter
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: '0'
+        version: 0.4.1
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: '0'
+        version: 0.4.1
 - !ruby/object:Gem::Dependency
   name: rspec-rails
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 4.0.0
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 4.0.0
+- !ruby/object:Gem::Dependency
+  name: rspec
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 3.9.0
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 3.9.0
+- !ruby/object:Gem::Dependency
+  name: rubocop-airbnb
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 3.0.2
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 3.0.2
+- !ruby/object:Gem::Dependency
+  name: webmock
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 3.9.1
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 3.9.1
+- !ruby/object:Gem::Dependency
+  name: rack-attack
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 6.3.0
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 6.3.0
+- !ruby/object:Gem::Dependency
+  name: pry-byebug
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
@@ -67,7 +137,7 @@ dependencies:
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
-  name: webmock
+  name: appraisal
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
@@ -81,33 +151,39 @@ dependencies:
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
-  name: rails
+  name: httparty
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
-        version: '5.0'
+        version: '0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
-        version: '5.0'
+        version: '0'
 - !ruby/object:Gem::Dependency
-  name: httparty
+  name: rails
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: '0'
+        version: '5.0'
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: 6.1.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: '0'
+        version: '5.0'
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: 6.1.0
 description: ''
 email:
 - modosc@users.noreply.github.com
@@ -115,9 +191,16 @@ executables: []
 extensions: []
 extra_rdoc_files: []
 files:
+- ".circleci/config.yml"
+- ".github/dependabot.yml"
 - ".gitignore"
 - ".rspec"
+- ".rubocop.yml"
+- ".rubocop_airbnb.yml"
+- ".rubocop_todo.yml"
 - ".travis.yml"
+- Appraisals
+- CHANGELOG.md
 - Gemfile
 - LICENSE
 - README.md
@@ -125,6 +208,11 @@ files:
 - bin/console
 - bin/setup
 - cloudflare-rails.gemspec
+- gemfiles/.bundle/config
+- gemfiles/rails_5.0.gemfile
+- gemfiles/rails_5.1.gemfile
+- gemfiles/rails_5.2.gemfile
+- gemfiles/rails_6.0.gemfile
 - lib/cloudflare/rails.rb
 - lib/cloudflare/rails/railtie.rb
 - lib/cloudflare/rails/version.rb
@@ -132,7 +220,7 @@ homepage: https://github.com/modosc/cloudflare-rails
 licenses:
 - MIT
 metadata: {}
-post_install_message: 
+post_install_message:
 rdoc_options: []
 require_paths:
 - lib
@@ -147,9 +235,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubyforge_project: 
-rubygems_version: 2.6.11
-signing_key: 
+rubygems_version: 3.1.2
+signing_key:
 specification_version: 4
 summary: This gem configures Rails for CloudFlare so that request.ip and request.remote_ip
   and work correctly.