cloudflare-rails 0.5.0 → 1.2.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 947c819ded7dcefcfabf3ce7d6b81dd24d55e39dfbe710b4135b796b44a37f04
-  data.tar.gz: f893a0c8a4d9bcc50f4008414a48cbf8d3180bb99d000a9b47dd800ba63c28b8
+  metadata.gz: cd4b756d17197d18b6ed4daba9b3a98f4105410d95785f835013701fe372e813
+  data.tar.gz: 8be58cbbc6d6b7b32aa4280d3acc4c6c2fe8b7e77f06bc62dada0d080ca021a3
 SHA512:
-  metadata.gz: 74931a1f34f4501b5935d749d7965a3b3d95f1448d9869143674f14898cb4cc4616354ae350d1f81a0476682a6b6195a80115e9977bb39bf66d57ca06b0ec3bc
-  data.tar.gz: 7d8bd03f0cf4d724159261fab46fe0054f1b57ea0036071abc62e0de8c1e0ce04a44101d4b8e3730a512329795ecad6195996dd1d2e75a48bd8aff3b56763679
+  metadata.gz: 603165c9c4e53bcd4bbe0f608659cef70a6c2f20d6c96807d78007e7128613d13171a3126516f38c8caa181b759908321db4d2788325698392ca872a1799b4d3
+  data.tar.gz: 7e72201d4968db350b38d5f237b5a3e5931f1ec5fd921917b227e7b78dd3ed4f2fd0f641b09c5a3240d33892e980e322a4e73b4949612dc10690f7e5b1821e38

data/.circleci/config.yml

@@ -7,7 +7,7 @@ jobs:
   build:
     docker:
       # specify the version you desire here
-      - image: circleci/ruby:2.6.3
+      - image: circleci/ruby:2.7.0
 
     working_directory: ~/repo
 
@@ -17,7 +17,7 @@ jobs:
       # Download and cache dependencies
       - restore_cache:
           keys:
-          - v1-dependencies-{{ checksum "cloudflare-rails.gemspec" }}
+          - v1-dependencies-{{ checksum "cloudflare-rails.gemspec" }}-{{ checksum "Appraisals" }}
           # fallback to using the latest cache if no exact match is found
           - v1-dependencies-
 
@@ -26,16 +26,21 @@ jobs:
           command: |
             bundle install --jobs=4 --retry=3 --path vendor/bundle
 
+      - run:
+          name: install appraisal versions
+          command: |
+            bundle exec appraisal install
+
       - save_cache:
           paths:
             - ./vendor/bundle
-          key: v1-dependencies-{{ checksum "Gemfile.lock" }}
+          key: v1-dependencies-{{ checksum "cloudflare-rails.gemspec" }}-{{ checksum "Appraisals" }}
 
       # run tests!
       - run:
           name: run tests
           command: |
-            bundle exec rake
+            bundle exec appraisal rake
       # collect reports
       - store_test_results:
           path: tmp/rspec

data/.github/dependabot.yml

@@ -0,0 +1,8 @@
+version: 2
+updates:
+- package-ecosystem: bundler
+  directory: "/"
+  schedule:
+    interval: daily
+    time: "13:00"
+  open-pull-requests-limit: 10

data/.gitignore

@@ -10,4 +10,6 @@
 /log/
 .ruby-gemset
 .ruby-version
-.DS_Store
+.DS_Store
+
+*.gemfile.lock

data/.rspec

@@ -1,4 +1,4 @@
 --format d
 --color
 --format RspecJunitFormatter
---out tmp/rspec/rspec<%= ENV["RACK_ATTACK"]  ? '-rack-attack' : '' %>.xml
+--out tmp/rspec/rspec-<%= File.basename ENV['BUNDLE_GEMFILE'] %><%= ENV["RACK_ATTACK"]  ? "-rack-attack-#{ENV["RACK_ATTACK"]}" : '' %>.xml

data/Appraisals

@@ -0,0 +1,19 @@
+appraise "rails-5.0" do
+  gem "rails", "~> 5.0.0"
+end
+
+appraise "rails-5.1" do
+  gem "rails", "~> 5.1.0"
+end
+
+appraise "rails-5.2" do
+  gem "rails", "~> 5.2.0"
+end
+
+appraise "rails-6.0" do
+  gem "rails", "~> 6.0.0"
+end
+
+appraise "rails-6.1" do
+  gem "rails", "~> 6.1.0"
+end

data/CHANGELOG.md

@@ -0,0 +1,12 @@
+# Changelog
+All notable changes to this project will be documented in this file.
+
+The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
+and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
+
+## [Unreleased]
+
+## [1.0.0] - 2020-09-29
+### Added
+
+- Fix various [loading order issues](https://github.com/modosc/cloudflare-rails/pull/25).

data/README.md

@@ -3,9 +3,7 @@ This gem correctly configures Rails for [CloudFlare](https://www.cloudflare.com)
 
 ## Rails Compatibility
 
-For Rails 5, use >= `0.2.x`
-
-For Rails 4.2, use `0.1.x`
+This gem requires Rails >= 5. The last version that supports Rails 4.2 is `0.1.x`.
 
 ## Installation
 
@@ -25,22 +23,22 @@ And then execute:
 
 ## Problem
 
-Using Cloudflare means it's hard to identify the IP address of incoming requests since all requests are proxied through Cloudflare's infrastructure. Cloudflare provides a [CF-Connecting-IP](https://support.cloudflare.com/hc/en-us/articles/200170986-How-does-Cloudflare-handle-HTTP-Request-headers-) header which can be used to identify the originating IP address of a request. However, this header alone doesn't verify a request is legitimate. If an attacker has found the actual IP address of your server they could spoof this header and masquerade as legitimate traffic. 
+Using Cloudflare means it's hard to identify the IP address of incoming requests since all requests are proxied through Cloudflare's infrastructure. Cloudflare provides a [CF-Connecting-IP](https://support.cloudflare.com/hc/en-us/articles/200170986-How-does-Cloudflare-handle-HTTP-Request-headers-) header which can be used to identify the originating IP address of a request. However, this header alone doesn't verify a request is legitimate. If an attacker has found the actual IP address of your server they could spoof this header and masquerade as legitimate traffic.
 
 `cloudflare-rails` mitigates this attack by checking that the originating ip address of any incoming connecting is from one of Cloudflare's ip address ranges. If so, the incoming `X-Forwarded-For` header is trusted and used as the ip address provided to `rack` and `rails` (via `request.ip` and `request.remote_ip`). If the incoming connection does not originate from a Cloudflare server then the `X-Forwarded-For` header is ignored and the actual remote ip address is used.
 
 ## Usage
-This code will fetch CloudFlare's current [IPv4](https://www.cloudflare.com/ips-v4) and [IPv6](https://www.cloudflare.com/ips-v6) lists, store them in `Rails.cache`, and add them to `config.cloudflare.ips`. The `X-Forwarded-For` header will then be trusted only from those ip addresses. 
+This code will fetch CloudFlare's current [IPv4](https://www.cloudflare.com/ips-v4) and [IPv6](https://www.cloudflare.com/ips-v6) lists, store them in `Rails.cache`, and add them to `config.cloudflare.ips`. The `X-Forwarded-For` header will then be trusted only from those ip addresses.
 
 You can configure the HTTP `timeout` and `expires_in` cache parameters inside of your rails config:
-```
+```ruby
 config.cloudflare.expires_in = 12.hours # default value
 config.cloudflare.timeout = 5.seconds # default value
 ```
 
 ## Alternatives
 
-[actionpack-cloudflare](https://github.com/customink/actionpack-cloudflare) simpler approach using the `CF-Connecting-IP` header. 
+[actionpack-cloudflare](https://github.com/customink/actionpack-cloudflare) simpler approach using the `CF-Connecting-IP` header.
 
 ## Development
 

data/Rakefile

@@ -9,10 +9,16 @@ task :without_rack_attack do
   Rake::Task["spec"].invoke
 end
 
-task :with_rack_attack do
-  ENV['RACK_ATTACK'] = '1'
+task :with_rack_attack_first do
+  ENV['RACK_ATTACK'] = 'first'
   Rake::Task["spec"].reenable
   Rake::Task["spec"].invoke
 end
 
-task :default => [:without_rack_attack, :with_rack_attack]
+task :with_rack_attack_last do
+  ENV['RACK_ATTACK'] = 'last'
+  Rake::Task["spec"].reenable
+  Rake::Task["spec"].invoke
+end
+
+task :default => [:without_rack_attack, :with_rack_attack_first, :with_rack_attack_last]

data/cloudflare-rails.gemspec

@@ -20,18 +20,19 @@ Gem::Specification.new do |spec|
   spec.executables   = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
   spec.require_paths = ["lib"]
 
-  spec.add_development_dependency "bundler", "~> 1.10"
-  spec.add_development_dependency "rake", "~> 12.3.1"
+  spec.add_development_dependency "bundler", "~> 2.1.2"
+  spec.add_development_dependency "rake", "~> 13.0.1"
   spec.add_development_dependency "rspec_junit_formatter", "~> 0.4.1"
-  spec.add_development_dependency "rspec-rails", "~> 3.8.2"
-  spec.add_development_dependency "rspec", "~> 3.8.0"
-  spec.add_development_dependency "rubocop-airbnb", "~> 2.0.0"
-  spec.add_development_dependency "webmock", "~> 3.6.0"
-  spec.add_development_dependency "rack-attack", "~> 6.1.0"
+  spec.add_development_dependency "rspec-rails", "~> 4.0.0"
+  spec.add_development_dependency "rspec", "~> 3.10.0"
+  spec.add_development_dependency "rubocop-airbnb", "~> 3.0.2"
+  spec.add_development_dependency "webmock", "~> 3.11.0"
+  spec.add_development_dependency "rack-attack", "~> 6.4.0"
   spec.add_development_dependency "pry-byebug"
+  spec.add_development_dependency "appraisal"
 
   spec.add_dependency "httparty"
-  spec.add_dependency "rails", "~> 5.0"
+  spec.add_dependency "rails", ">= 5.0", "< 6.2.0"
 
   # we need Module#prepend
   spec.required_ruby_version = '>= 2.0'

data/gemfiles/.bundle/config

@@ -0,0 +1,2 @@
+---
+BUNDLE_RETRY: "1"

data/gemfiles/rails_5.0.gemfile

@@ -0,0 +1,7 @@
+# This file was generated by Appraisal
+
+source "https://rubygems.org"
+
+gem "rails", "~> 5.0.0"
+
+gemspec path: "../"

data/gemfiles/rails_5.1.gemfile

@@ -0,0 +1,7 @@
+# This file was generated by Appraisal
+
+source "https://rubygems.org"
+
+gem "rails", "~> 5.1.0"
+
+gemspec path: "../"

data/gemfiles/rails_5.2.gemfile

@@ -0,0 +1,7 @@
+# This file was generated by Appraisal
+
+source "https://rubygems.org"
+
+gem "rails", "~> 5.2.0"
+
+gemspec path: "../"

data/gemfiles/rails_6.0.gemfile

@@ -0,0 +1,7 @@
+# This file was generated by Appraisal
+
+source "https://rubygems.org"
+
+gem "rails", "~> 6.0.0"
+
+gemspec path: "../"

data/gemfiles/rails_6.1.gemfile

@@ -0,0 +1,7 @@
+# This file was generated by Appraisal
+
+source "https://rubygems.org"
+
+gem "rails", "~> 6.1.0"
+
+gemspec path: "../"

data/lib/cloudflare/rails/railtie.rb

@@ -1,3 +1,4 @@
+require "active_support/core_ext/integer/time"
 require "httparty"
 
 module Cloudflare
@@ -11,15 +12,6 @@ module Cloudflare
         end
       end
 
-      Rack::Request::Helpers.prepend CheckTrustedProxies
-
-      # rack-attack Rack::Request before the above is run, so if rack-attack is loaded we need to
-      # prepend our module there as well, see:
-      # https://github.com/kickstarter/rack-attack/blob/4fc4d79c9d2697ec21263109af23f11ea93a23ce/lib/rack/attack/request.rb
-      if defined? Rack::Attack::Request
-        Rack::Attack::Request.prepend CheckTrustedProxies
-      end
-
       # patch ActionDispatch::RemoteIP to use our cloudflare ips - this way
       # request.remote_ip is correct inside of rails
       module RemoteIpProxies
@@ -28,8 +20,6 @@ module Cloudflare
         end
       end
 
-      ActionDispatch::RemoteIp.prepend RemoteIpProxies
-
       class Importer
         include HTTParty
         base_uri 'https://www.cloudflare.com'
@@ -89,10 +79,22 @@ module Cloudflare
           rescue Importer::ResponseError => e
             ::Rails.logger.error "Cloudflare::Rails: Couldn't import #{type} blocks from CloudFlare: #{e.response}"
           rescue StandardError => e
-            ::Rails.logger.error "Cloudflare::Rails: Got exception: #{e} for type:#{type}"
+            ::Rails.logger.error "Cloudflare::Rails: Got exception: #{e} for type: #{type}"
           end
         end
       end
+      initializer "my_railtie.configure_rails_initialization" do
+        Rack::Request::Helpers.prepend CheckTrustedProxies
+
+        ObjectSpace.each_object(Class).
+          select do |c|
+            c.included_modules.include?(Rack::Request::Helpers) &&
+            !c.included_modules.include?(CheckTrustedProxies)
+          end.
+          map { |c| c .prepend CheckTrustedProxies }
+
+        ActionDispatch::RemoteIp.prepend RemoteIpProxies
+      end
     end
   end
 end

data/lib/cloudflare/rails/version.rb

@@ -1,5 +1,5 @@
 module Cloudflare
   module Rails
-    VERSION = "0.5.0".freeze
+    VERSION = "1.2.0".freeze
   end
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: cloudflare-rails
 version: !ruby/object:Gem::Version
-  version: 0.5.0
+  version: 1.2.0
 platform: ruby
 authors:
 - jonathan schatz
-autorequire: 
+autorequire:
 bindir: exe
 cert_chain: []
-date: 2019-08-11 00:00:00.000000000 Z
+date: 2021-02-03 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler
@@ -16,28 +16,28 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.10'
+        version: 2.1.2
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.10'
+        version: 2.1.2
 - !ruby/object:Gem::Dependency
   name: rake
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 12.3.1
+        version: 13.0.1
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 12.3.1
+        version: 13.0.1
 - !ruby/object:Gem::Dependency
   name: rspec_junit_formatter
   requirement: !ruby/object:Gem::Requirement
@@ -58,70 +58,70 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 3.8.2
+        version: 4.0.0
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 3.8.2
+        version: 4.0.0
 - !ruby/object:Gem::Dependency
   name: rspec
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 3.8.0
+        version: 3.10.0
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 3.8.0
+        version: 3.10.0
 - !ruby/object:Gem::Dependency
   name: rubocop-airbnb
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 2.0.0
+        version: 3.0.2
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 2.0.0
+        version: 3.0.2
 - !ruby/object:Gem::Dependency
   name: webmock
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 3.6.0
+        version: 3.11.0
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 3.6.0
+        version: 3.11.0
 - !ruby/object:Gem::Dependency
   name: rack-attack
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 6.1.0
+        version: 6.4.0
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 6.1.0
+        version: 6.4.0
 - !ruby/object:Gem::Dependency
   name: pry-byebug
   requirement: !ruby/object:Gem::Requirement
@@ -136,6 +136,20 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: '0'
+- !ruby/object:Gem::Dependency
+  name: appraisal
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
 - !ruby/object:Gem::Dependency
   name: httparty
   requirement: !ruby/object:Gem::Requirement
@@ -154,16 +168,22 @@ dependencies:
   name: rails
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
         version: '5.0'
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: 6.2.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
         version: '5.0'
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: 6.2.0
 description: ''
 email:
 - modosc@users.noreply.github.com
@@ -172,12 +192,15 @@ extensions: []
 extra_rdoc_files: []
 files:
 - ".circleci/config.yml"
+- ".github/dependabot.yml"
 - ".gitignore"
 - ".rspec"
 - ".rubocop.yml"
 - ".rubocop_airbnb.yml"
 - ".rubocop_todo.yml"
 - ".travis.yml"
+- Appraisals
+- CHANGELOG.md
 - Gemfile
 - LICENSE
 - README.md
@@ -185,6 +208,12 @@ files:
 - bin/console
 - bin/setup
 - cloudflare-rails.gemspec
+- gemfiles/.bundle/config
+- gemfiles/rails_5.0.gemfile
+- gemfiles/rails_5.1.gemfile
+- gemfiles/rails_5.2.gemfile
+- gemfiles/rails_6.0.gemfile
+- gemfiles/rails_6.1.gemfile
 - lib/cloudflare/rails.rb
 - lib/cloudflare/rails/railtie.rb
 - lib/cloudflare/rails/version.rb
@@ -192,7 +221,7 @@ homepage: https://github.com/modosc/cloudflare-rails
 licenses:
 - MIT
 metadata: {}
-post_install_message: 
+post_install_message:
 rdoc_options: []
 require_paths:
 - lib
@@ -207,8 +236,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.0.4
-signing_key: 
+rubygems_version: 3.1.2
+signing_key:
 specification_version: 4
 summary: This gem configures Rails for CloudFlare so that request.ip and request.remote_ip
   and work correctly.