cloudflare-rails 0.4.0 → 1.1.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 4af88462102fa96a7026865456538d3273dbed25b27571be2a1ff35d85a571d0
-  data.tar.gz: d0822418ace7ea370d89465cfae344ee03915bde1cd1fa6509474608f2262c30
+  metadata.gz: 6060b63792255ed6aebab33986d27092b1866052db8fcf496942692f1c51508d
+  data.tar.gz: 40d72f9bfefac5cf2f64c681d8833efb807ce20b314cd0433e9e07c03917b7ae
 SHA512:
-  metadata.gz: cb376a89e2afe44c37d7dcacfa983ed7654d9be50aab5a110527003d3433a75935ed0988cea31a4b90dd6c9bbef99ee6ff080de548fe40ad511c422e1972684e
-  data.tar.gz: 16fed68fb3b86e05da7317208544bb26b51271848e93b159db064ec220264f2e8efae9de0e1fd6ad9063ed572364155e73f26860586738abb66c243a5d55dfbc
+  metadata.gz: 3a0ac66d56d0a62957c73b564e9bc5586bb9328e146598e2b342de74bcd75e1a24541ae4b22fbd17f502a5a9a40c57a0e07bcd3b348950843d17b9cee0cc8d59
+  data.tar.gz: f175720c6f4f109a3ea1bc34c1e62bf1661a60df5e83c132e3677b078c6064359ca0c5afd98c26b8962e38c5692c876094146e1de586e8461ba1dc7c25854a11

data/.circleci/config.yml

@@ -7,12 +7,7 @@ jobs:
   build:
     docker:
       # specify the version you desire here
-       - image: circleci/ruby:2.5.1
-
-      # Specify service dependencies here if necessary
-      # CircleCI maintains a library of pre-built images
-      # documented at https://circleci.com/docs/2.0/circleci-images/
-      # - image: circleci/postgres:9.4
+      - image: circleci/ruby:2.7.0
 
     working_directory: ~/repo
 
@@ -22,7 +17,7 @@ jobs:
       # Download and cache dependencies
       - restore_cache:
           keys:
-          - v1-dependencies-{{ checksum "cloudflare-rails.gemspec" }}
+          - v1-dependencies-{{ checksum "cloudflare-rails.gemspec" }}-{{ checksum "Appraisals" }}
           # fallback to using the latest cache if no exact match is found
           - v1-dependencies-
 
@@ -31,27 +26,24 @@ jobs:
           command: |
             bundle install --jobs=4 --retry=3 --path vendor/bundle
 
+      - run:
+          name: install appraisal versions
+          command: |
+            bundle exec appraisal install
+
       - save_cache:
           paths:
             - ./vendor/bundle
-          key: v1-dependencies-{{ checksum "Gemfile.lock" }}
+          key: v1-dependencies-{{ checksum "cloudflare-rails.gemspec" }}-{{ checksum "Appraisals" }}
 
       # run tests!
       - run:
           name: run tests
           command: |
-            mkdir /tmp/test-results
-            TEST_FILES="$(circleci tests glob "spec/**/*_spec.rb" | circleci tests split --split-by=timings)"
-
-            bundle exec rspec --format progress \
-                            --format RspecJunitFormatter \
-                            --out /tmp/test-results/rspec.xml \
-                            --format progress \
-                            $TEST_FILES
-
+            bundle exec appraisal rake
       # collect reports
       - store_test_results:
-          path: /tmp/test-results
+          path: tmp/rspec
       - store_artifacts:
-          path: /tmp/test-results
+          path: tmp/rspec
           destination: test-results

data/.github/dependabot.yml

@@ -0,0 +1,8 @@
+version: 2
+updates:
+- package-ecosystem: bundler
+  directory: "/"
+  schedule:
+    interval: daily
+    time: "13:00"
+  open-pull-requests-limit: 10

data/.gitignore

@@ -10,3 +10,6 @@
 /log/
 .ruby-gemset
 .ruby-version
+.DS_Store
+
+*.gemfile.lock

data/.rspec

@@ -1,2 +1,4 @@
---format p
+--format d
 --color
+--format RspecJunitFormatter
+--out tmp/rspec/rspec-<%= File.basename ENV['BUNDLE_GEMFILE'] %><%= ENV["RACK_ATTACK"]  ? "-rack-attack-#{ENV["RACK_ATTACK"]}" : '' %>.xml

data/Appraisals

@@ -0,0 +1,19 @@
+appraise "rails-5.0" do
+  gem "rails", "~> 5.0.0"
+end
+
+appraise "rails-5.1" do
+  gem "rails", "~> 5.1.0"
+end
+
+appraise "rails-5.2" do
+  gem "rails", "~> 5.2.0"
+end
+
+appraise "rails-6.0" do
+  gem "rails", "~> 6.0.0"
+end
+
+appraise "rails-6.1" do
+  gem "rails", "~> 6.1.0"
+end

data/CHANGELOG.md

@@ -0,0 +1,12 @@
+# Changelog
+All notable changes to this project will be documented in this file.
+
+The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
+and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
+
+## [Unreleased]
+
+## [1.0.0] - 2020-09-29
+### Added
+
+- Fix various [loading order issues](https://github.com/modosc/cloudflare-rails/pull/25).

data/README.md

@@ -3,9 +3,7 @@ This gem correctly configures Rails for [CloudFlare](https://www.cloudflare.com)
 
 ## Rails Compatibility
 
-For Rails 5, use >= `0.2.x`
-
-For Rails 4.2, use `0.1.x`
+This gem requires Rails >= 5. The last version that supports Rails 4.2 is `0.1.x`.
 
 ## Installation
 
@@ -23,19 +21,24 @@ And then execute:
 
     $ bundle
 
-## Usage
+## Problem
 
-This code will fetch CloudFlare's current [IPv4](https://www.cloudflare.com/ips-v4) and [IPv6](https://www.cloudflare.com/ips-v6) lists, store them in `Rails.cache`, and add them to `config.cloudflare.ips`.
+Using Cloudflare means it's hard to identify the IP address of incoming requests since all requests are proxied through Cloudflare's infrastructure. Cloudflare provides a [CF-Connecting-IP](https://support.cloudflare.com/hc/en-us/articles/200170986-How-does-Cloudflare-handle-HTTP-Request-headers-) header which can be used to identify the originating IP address of a request. However, this header alone doesn't verify a request is legitimate. If an attacker has found the actual IP address of your server they could spoof this header and masquerade as legitimate traffic.
+
+`cloudflare-rails` mitigates this attack by checking that the originating ip address of any incoming connecting is from one of Cloudflare's ip address ranges. If so, the incoming `X-Forwarded-For` header is trusted and used as the ip address provided to `rack` and `rails` (via `request.ip` and `request.remote_ip`). If the incoming connection does not originate from a Cloudflare server then the `X-Forwarded-For` header is ignored and the actual remote ip address is used.
+
+## Usage
+This code will fetch CloudFlare's current [IPv4](https://www.cloudflare.com/ips-v4) and [IPv6](https://www.cloudflare.com/ips-v6) lists, store them in `Rails.cache`, and add them to `config.cloudflare.ips`. The `X-Forwarded-For` header will then be trusted only from those ip addresses.
 
 You can configure the HTTP `timeout` and `expires_in` cache parameters inside of your rails config:
-```
+```ruby
 config.cloudflare.expires_in = 12.hours # default value
 config.cloudflare.timeout = 5.seconds # default value
 ```
 
 ## Alternatives
 
-[actionpack-cloudflare](https://github.com/customink/actionpack-cloudflare) simpler approach using the `CF-Connecting-IP` header. 
+[actionpack-cloudflare](https://github.com/customink/actionpack-cloudflare) simpler approach using the `CF-Connecting-IP` header.
 
 ## Development
 

data/Rakefile

@@ -3,4 +3,22 @@ require "rspec/core/rake_task"
 
 RSpec::Core::RakeTask.new(:spec)
 
-task :default => :spec
+task :without_rack_attack do
+  ENV.delete 'RACK_ATTACK'
+  Rake::Task["spec"].reenable
+  Rake::Task["spec"].invoke
+end
+
+task :with_rack_attack_first do
+  ENV['RACK_ATTACK'] = 'first'
+  Rake::Task["spec"].reenable
+  Rake::Task["spec"].invoke
+end
+
+task :with_rack_attack_last do
+  ENV['RACK_ATTACK'] = 'last'
+  Rake::Task["spec"].reenable
+  Rake::Task["spec"].invoke
+end
+
+task :default => [:without_rack_attack, :with_rack_attack_first, :with_rack_attack_last]

data/cloudflare-rails.gemspec

@@ -20,17 +20,19 @@ Gem::Specification.new do |spec|
   spec.executables   = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
   spec.require_paths = ["lib"]
 
-  spec.add_development_dependency "bundler", "~> 1.10"
-  spec.add_development_dependency "rake", "~> 12.3.1"
+  spec.add_development_dependency "bundler", "~> 2.1.2"
+  spec.add_development_dependency "rake", "~> 13.0.1"
   spec.add_development_dependency "rspec_junit_formatter", "~> 0.4.1"
-  spec.add_development_dependency "rspec-rails", "~> 3.7.2"
-  spec.add_development_dependency "rspec", "~> 3.7.0"
-  spec.add_development_dependency "rubocop-airbnb", "~> 1.0.0"
-  spec.add_development_dependency "webmock", "~> 3.4.2"
+  spec.add_development_dependency "rspec-rails", "~> 4.0.0"
+  spec.add_development_dependency "rspec", "~> 3.10.0"
+  spec.add_development_dependency "rubocop-airbnb", "~> 3.0.2"
+  spec.add_development_dependency "webmock", "~> 3.10.0"
+  spec.add_development_dependency "rack-attack", "~> 6.3.0"
+  spec.add_development_dependency "pry-byebug"
+  spec.add_development_dependency "appraisal"
 
   spec.add_dependency "httparty"
-  spec.add_dependency "rails", "~> 5.0"
-
+  spec.add_dependency "rails", ">= 5.0", "< 6.2.0"
 
   # we need Module#prepend
   spec.required_ruby_version = '>= 2.0'

data/gemfiles/.bundle/config

@@ -0,0 +1,2 @@
+---
+BUNDLE_RETRY: "1"

data/gemfiles/rails_5.0.gemfile

@@ -0,0 +1,7 @@
+# This file was generated by Appraisal
+
+source "https://rubygems.org"
+
+gem "rails", "~> 5.0.0"
+
+gemspec path: "../"

data/gemfiles/rails_5.1.gemfile

@@ -0,0 +1,7 @@
+# This file was generated by Appraisal
+
+source "https://rubygems.org"
+
+gem "rails", "~> 5.1.0"
+
+gemspec path: "../"

data/gemfiles/rails_5.2.gemfile

@@ -0,0 +1,7 @@
+# This file was generated by Appraisal
+
+source "https://rubygems.org"
+
+gem "rails", "~> 5.2.0"
+
+gemspec path: "../"

data/gemfiles/rails_6.0.gemfile

@@ -0,0 +1,7 @@
+# This file was generated by Appraisal
+
+source "https://rubygems.org"
+
+gem "rails", "~> 6.0.0"
+
+gemspec path: "../"

data/gemfiles/rails_6.1.gemfile

@@ -0,0 +1,7 @@
+# This file was generated by Appraisal
+
+source "https://rubygems.org"
+
+gem "rails", "~> 6.1.0"
+
+gemspec path: "../"

data/lib/cloudflare/rails/railtie.rb

@@ -11,8 +11,6 @@ module Cloudflare
         end
       end
 
-      Rack::Request::Helpers.prepend CheckTrustedProxies
-
       # patch ActionDispatch::RemoteIP to use our cloudflare ips - this way
       # request.remote_ip is correct inside of rails
       module RemoteIpProxies
@@ -21,8 +19,6 @@ module Cloudflare
         end
       end
 
-      ActionDispatch::RemoteIp.prepend RemoteIpProxies
-
       class Importer
         include HTTParty
         base_uri 'https://www.cloudflare.com'
@@ -81,11 +77,23 @@ module Cloudflare
             ::Rails.application.config.cloudflare.ips += Importer.fetch_with_cache(type)
           rescue Importer::ResponseError => e
             ::Rails.logger.error "Cloudflare::Rails: Couldn't import #{type} blocks from CloudFlare: #{e.response}"
-          rescue => e
-            ::Rails.logger.error "Cloudflare::Rails: Got exception: #{e} for type:#{type}"
+          rescue StandardError => e
+            ::Rails.logger.error "Cloudflare::Rails: Got exception: #{e} for type: #{type}"
           end
         end
       end
+      initializer "my_railtie.configure_rails_initialization" do
+        Rack::Request::Helpers.prepend CheckTrustedProxies
+
+        ObjectSpace.each_object(Class).
+          select do |c|
+            c.included_modules.include?(Rack::Request::Helpers) &&
+            !c.included_modules.include?(CheckTrustedProxies)
+          end.
+          map { |c| c .prepend CheckTrustedProxies }
+
+        ActionDispatch::RemoteIp.prepend RemoteIpProxies
+      end
     end
   end
 end

data/lib/cloudflare/rails/version.rb

@@ -1,5 +1,5 @@
 module Cloudflare
   module Rails
-    VERSION = "0.4.0".freeze
+    VERSION = "1.1.0".freeze
   end
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: cloudflare-rails
 version: !ruby/object:Gem::Version
-  version: 0.4.0
+  version: 1.1.0
 platform: ruby
 authors:
 - jonathan schatz
-autorequire: 
+autorequire:
 bindir: exe
 cert_chain: []
-date: 2018-06-05 00:00:00.000000000 Z
+date: 2020-12-09 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler
@@ -16,28 +16,28 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.10'
+        version: 2.1.2
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.10'
+        version: 2.1.2
 - !ruby/object:Gem::Dependency
   name: rake
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 12.3.1
+        version: 13.0.1
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 12.3.1
+        version: 13.0.1
 - !ruby/object:Gem::Dependency
   name: rspec_junit_formatter
   requirement: !ruby/object:Gem::Requirement
@@ -58,56 +58,98 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 3.7.2
+        version: 4.0.0
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 3.7.2
+        version: 4.0.0
 - !ruby/object:Gem::Dependency
   name: rspec
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 3.7.0
+        version: 3.10.0
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 3.7.0
+        version: 3.10.0
 - !ruby/object:Gem::Dependency
   name: rubocop-airbnb
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 1.0.0
+        version: 3.0.2
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 1.0.0
+        version: 3.0.2
 - !ruby/object:Gem::Dependency
   name: webmock
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 3.4.2
+        version: 3.10.0
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 3.4.2
+        version: 3.10.0
+- !ruby/object:Gem::Dependency
+  name: rack-attack
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 6.3.0
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 6.3.0
+- !ruby/object:Gem::Dependency
+  name: pry-byebug
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: appraisal
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
 - !ruby/object:Gem::Dependency
   name: httparty
   requirement: !ruby/object:Gem::Requirement
@@ -126,16 +168,22 @@ dependencies:
   name: rails
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
         version: '5.0'
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: 6.2.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
         version: '5.0'
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: 6.2.0
 description: ''
 email:
 - modosc@users.noreply.github.com
@@ -144,12 +192,15 @@ extensions: []
 extra_rdoc_files: []
 files:
 - ".circleci/config.yml"
+- ".github/dependabot.yml"
 - ".gitignore"
 - ".rspec"
 - ".rubocop.yml"
 - ".rubocop_airbnb.yml"
 - ".rubocop_todo.yml"
 - ".travis.yml"
+- Appraisals
+- CHANGELOG.md
 - Gemfile
 - LICENSE
 - README.md
@@ -157,6 +208,12 @@ files:
 - bin/console
 - bin/setup
 - cloudflare-rails.gemspec
+- gemfiles/.bundle/config
+- gemfiles/rails_5.0.gemfile
+- gemfiles/rails_5.1.gemfile
+- gemfiles/rails_5.2.gemfile
+- gemfiles/rails_6.0.gemfile
+- gemfiles/rails_6.1.gemfile
 - lib/cloudflare/rails.rb
 - lib/cloudflare/rails/railtie.rb
 - lib/cloudflare/rails/version.rb
@@ -164,7 +221,7 @@ homepage: https://github.com/modosc/cloudflare-rails
 licenses:
 - MIT
 metadata: {}
-post_install_message: 
+post_install_message:
 rdoc_options: []
 require_paths:
 - lib
@@ -179,9 +236,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubyforge_project: 
-rubygems_version: 2.7.6
-signing_key: 
+rubygems_version: 3.1.2
+signing_key:
 specification_version: 4
 summary: This gem configures Rails for CloudFlare so that request.ip and request.remote_ip
   and work correctly.