cloudflare-rails 1.1.0 → 2.3.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.circleci/config.yml +6 -1
- data/Appraisals +4 -8
- data/CHANGELOG.md +17 -1
- data/Gemfile +4 -0
- data/README.md +7 -3
- data/cloudflare-rails.gemspec +7 -6
- data/gemfiles/rails_5.2.gemfile +4 -0
- data/gemfiles/rails_6.0.gemfile +4 -0
- data/gemfiles/rails_6.1.gemfile +4 -0
- data/gemfiles/rails_7.0.gemfile +11 -0
- data/lib/cloudflare/rails/railtie.rb +36 -10
- data/lib/cloudflare/rails/version.rb +1 -1
- data/lib/cloudflare/rails.rb +2 -1
- metadata +46 -22
- data/.travis.yml +0 -4
- data/gemfiles/rails_5.0.gemfile +0 -7
- data/gemfiles/rails_5.1.gemfile +0 -7
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: de21d6707867ee11c0af5dae9a254f95fc03e2071d07a86db0406a2c1c400fd2
|
|
4
|
+
data.tar.gz: 50ed388a769ce657b4b9b79d3244d6551aead94d74969bd8b1d4e0af6cc5b4cf
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 908b5340a7335a2e26e32290a41017c512cc67fa4124eee4ec9e92b0eb525c8221c532c27e90b12ddd2ec1e994c6af0877d5b727eb0c986d130b94fd20be6bf6
|
|
7
|
+
data.tar.gz: 95f000b7ed2033010d400d51ad4834d025286308a887da61bb315cd7e7665452f59852b92918c702fe10dbe57281cd773041c3988b2e6c856f04a2c1ad323538
|
data/.circleci/config.yml
CHANGED
|
@@ -7,7 +7,7 @@ jobs:
|
|
|
7
7
|
build:
|
|
8
8
|
docker:
|
|
9
9
|
# specify the version you desire here
|
|
10
|
-
- image: circleci/ruby:2.7.
|
|
10
|
+
- image: circleci/ruby:2.7.3
|
|
11
11
|
|
|
12
12
|
working_directory: ~/repo
|
|
13
13
|
|
|
@@ -21,6 +21,11 @@ jobs:
|
|
|
21
21
|
# fallback to using the latest cache if no exact match is found
|
|
22
22
|
- v1-dependencies-
|
|
23
23
|
|
|
24
|
+
- run:
|
|
25
|
+
name: install bundler
|
|
26
|
+
command: |
|
|
27
|
+
gem install bundler -v $(grep bundler cloudflare-rails.gemspec |awk {'print $4'}|sed 's/"//g')
|
|
28
|
+
|
|
24
29
|
- run:
|
|
25
30
|
name: install dependencies
|
|
26
31
|
command: |
|
data/Appraisals
CHANGED
|
@@ -1,11 +1,3 @@
|
|
|
1
|
-
appraise "rails-5.0" do
|
|
2
|
-
gem "rails", "~> 5.0.0"
|
|
3
|
-
end
|
|
4
|
-
|
|
5
|
-
appraise "rails-5.1" do
|
|
6
|
-
gem "rails", "~> 5.1.0"
|
|
7
|
-
end
|
|
8
|
-
|
|
9
1
|
appraise "rails-5.2" do
|
|
10
2
|
gem "rails", "~> 5.2.0"
|
|
11
3
|
end
|
|
@@ -17,3 +9,7 @@ end
|
|
|
17
9
|
appraise "rails-6.1" do
|
|
18
10
|
gem "rails", "~> 6.1.0"
|
|
19
11
|
end
|
|
12
|
+
|
|
13
|
+
appraise "rails-7.0" do
|
|
14
|
+
gem "rails", git: "https://github.com/rails/rails", branch: "main"
|
|
15
|
+
end
|
data/CHANGELOG.md
CHANGED
|
@@ -4,7 +4,23 @@ All notable changes to this project will be documented in this file.
|
|
|
4
4
|
The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
|
|
5
5
|
and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
|
|
6
6
|
|
|
7
|
-
## [
|
|
7
|
+
## [2.3.0] - 2021-10-22
|
|
8
|
+
- Better handling of malformed IP addresses (https://github.com/modosc/cloudflare-rails/pull/49)
|
|
9
|
+
|
|
10
|
+
## [2.2.0] - 2021-06-11
|
|
11
|
+
- Fix typo in `actionpack` dependency
|
|
12
|
+
|
|
13
|
+
## [2.1.0] - 2021-06-11
|
|
14
|
+
### Breaking Changes
|
|
15
|
+
- Drop support for unsupported `rails` versions (`5.0.x` and `5.1.x`)
|
|
16
|
+
|
|
17
|
+
### Added
|
|
18
|
+
- use Net::HTTP instead of httparty ([pr](https://github.com/modosc/cloudflare-rails/pull/44))
|
|
19
|
+
- Add `rails 7.0.0.alpha` support
|
|
20
|
+
|
|
21
|
+
## [2.0.0] - 2021-02-17
|
|
22
|
+
### Breaking Changes
|
|
23
|
+
- Removed broad dependency on `rails`, replaced with explicit dependencies for `railties`, `activesupport`, and `actionpack` ( [issue](https://github.com/modosc/cloudflare-rails/issues/34) and [pr](https://github.com/modosc/cloudflare-rails/pull/35))
|
|
8
24
|
|
|
9
25
|
## [1.0.0] - 2020-09-29
|
|
10
26
|
### Added
|
data/Gemfile
CHANGED
data/README.md
CHANGED
|
@@ -1,9 +1,13 @@
|
|
|
1
|
-
# Cloudflare::Rails [](https://badge.fury.io/rb/cloudflare-rails) [](https://badge.fury.io/rb/cloudflare-rails) [](https://circleci.com/gh/modosc/cloudflare-rails/tree/main)
|
|
2
2
|
This gem correctly configures Rails for [CloudFlare](https://www.cloudflare.com) so that `request.remote_ip` / `request.ip` both work correctly.
|
|
3
3
|
|
|
4
4
|
## Rails Compatibility
|
|
5
5
|
|
|
6
|
-
This gem requires
|
|
6
|
+
This gem requires `railties`, `activesupport`, and `actionpack` >= `5.2`.
|
|
7
|
+
|
|
8
|
+
For Rails `5.0` and `5.1` use `2.0.0`.
|
|
9
|
+
|
|
10
|
+
For Rails `4.2` use `0.1.x`.
|
|
7
11
|
|
|
8
12
|
## Installation
|
|
9
13
|
|
|
@@ -25,7 +29,7 @@ And then execute:
|
|
|
25
29
|
|
|
26
30
|
Using Cloudflare means it's hard to identify the IP address of incoming requests since all requests are proxied through Cloudflare's infrastructure. Cloudflare provides a [CF-Connecting-IP](https://support.cloudflare.com/hc/en-us/articles/200170986-How-does-Cloudflare-handle-HTTP-Request-headers-) header which can be used to identify the originating IP address of a request. However, this header alone doesn't verify a request is legitimate. If an attacker has found the actual IP address of your server they could spoof this header and masquerade as legitimate traffic.
|
|
27
31
|
|
|
28
|
-
`cloudflare-rails` mitigates this attack by checking that the originating ip address of any incoming
|
|
32
|
+
`cloudflare-rails` mitigates this attack by checking that the originating ip address of any incoming connection is from one of Cloudflare's ip address ranges. If so, the incoming `X-Forwarded-For` header is trusted and used as the ip address provided to `rack` and `rails` (via `request.ip` and `request.remote_ip`). If the incoming connection does not originate from a Cloudflare server then the `X-Forwarded-For` header is ignored and the actual remote ip address is used.
|
|
29
33
|
|
|
30
34
|
## Usage
|
|
31
35
|
This code will fetch CloudFlare's current [IPv4](https://www.cloudflare.com/ips-v4) and [IPv6](https://www.cloudflare.com/ips-v6) lists, store them in `Rails.cache`, and add them to `config.cloudflare.ips`. The `X-Forwarded-For` header will then be trusted only from those ip addresses.
|
data/cloudflare-rails.gemspec
CHANGED
|
@@ -20,19 +20,20 @@ Gem::Specification.new do |spec|
|
|
|
20
20
|
spec.executables = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
|
|
21
21
|
spec.require_paths = ["lib"]
|
|
22
22
|
|
|
23
|
-
spec.add_development_dependency "bundler", "
|
|
23
|
+
spec.add_development_dependency "bundler", ">= 2.1.2"
|
|
24
24
|
spec.add_development_dependency "rake", "~> 13.0.1"
|
|
25
25
|
spec.add_development_dependency "rspec_junit_formatter", "~> 0.4.1"
|
|
26
|
-
spec.add_development_dependency "rspec-rails", "~>
|
|
26
|
+
spec.add_development_dependency "rspec-rails", "~> 5.0.1"
|
|
27
27
|
spec.add_development_dependency "rspec", "~> 3.10.0"
|
|
28
28
|
spec.add_development_dependency "rubocop-airbnb", "~> 3.0.2"
|
|
29
|
-
spec.add_development_dependency "webmock", "~> 3.
|
|
30
|
-
spec.add_development_dependency "rack-attack", "~> 6.
|
|
29
|
+
spec.add_development_dependency "webmock", "~> 3.13.0"
|
|
30
|
+
spec.add_development_dependency "rack-attack", "~> 6.5.0"
|
|
31
31
|
spec.add_development_dependency "pry-byebug"
|
|
32
32
|
spec.add_development_dependency "appraisal"
|
|
33
33
|
|
|
34
|
-
spec.add_dependency "
|
|
35
|
-
spec.add_dependency "
|
|
34
|
+
spec.add_dependency "railties", ">= 5.2", "< 7.1.0"
|
|
35
|
+
spec.add_dependency "activesupport", ">= 5.2", "< 7.1.0"
|
|
36
|
+
spec.add_dependency "actionpack", ">= 5.2", "< 7.1.0"
|
|
36
37
|
|
|
37
38
|
# we need Module#prepend
|
|
38
39
|
spec.required_ruby_version = '>= 2.0'
|
data/gemfiles/rails_5.2.gemfile
CHANGED
data/gemfiles/rails_6.0.gemfile
CHANGED
data/gemfiles/rails_6.1.gemfile
CHANGED
|
@@ -0,0 +1,11 @@
|
|
|
1
|
+
# This file was generated by Appraisal
|
|
2
|
+
|
|
3
|
+
source "https://rubygems.org"
|
|
4
|
+
|
|
5
|
+
gem "rails", git: "https://github.com/rails/rails", branch: "main"
|
|
6
|
+
|
|
7
|
+
group :development do
|
|
8
|
+
gem "rspec-isolation", git: "https://github.com/modosc/rspec-isolation"
|
|
9
|
+
end
|
|
10
|
+
|
|
11
|
+
gemspec path: "../"
|
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
require "
|
|
1
|
+
require "active_support/core_ext/integer/time"
|
|
2
2
|
|
|
3
3
|
module Cloudflare
|
|
4
4
|
module Rails
|
|
@@ -7,7 +7,13 @@ module Cloudflare
|
|
|
7
7
|
# correct inside of rack and rails
|
|
8
8
|
module CheckTrustedProxies
|
|
9
9
|
def trusted_proxy?(ip)
|
|
10
|
-
::Rails.application.config.cloudflare.ips.any?
|
|
10
|
+
matching = ::Rails.application.config.cloudflare.ips.any? do |proxy|
|
|
11
|
+
begin
|
|
12
|
+
proxy === ip
|
|
13
|
+
rescue IPAddr::InvalidAddressError
|
|
14
|
+
end
|
|
15
|
+
end
|
|
16
|
+
matching || super
|
|
11
17
|
end
|
|
12
18
|
end
|
|
13
19
|
|
|
@@ -20,13 +26,23 @@ module Cloudflare
|
|
|
20
26
|
end
|
|
21
27
|
|
|
22
28
|
class Importer
|
|
23
|
-
|
|
24
|
-
|
|
25
|
-
|
|
26
|
-
|
|
29
|
+
# Exceptions contain the Net::HTTP
|
|
30
|
+
# response object accessible via the {#response} method.
|
|
31
|
+
class ResponseError < StandardError
|
|
32
|
+
# Returns the response of the last request
|
|
33
|
+
# @return [Net::HTTPResponse] A subclass of Net::HTTPResponse, e.g.
|
|
34
|
+
# Net::HTTPOK
|
|
35
|
+
attr_reader :response
|
|
27
36
|
|
|
28
|
-
|
|
37
|
+
# Instantiate an instance of ResponseError with a Net::HTTPResponse object
|
|
38
|
+
# @param [Net::HTTPResponse]
|
|
39
|
+
def initialize(response)
|
|
40
|
+
@response = response
|
|
41
|
+
super(response)
|
|
42
|
+
end
|
|
43
|
+
end
|
|
29
44
|
|
|
45
|
+
BASE_URL = 'https://www.cloudflare.com'.freeze
|
|
30
46
|
IPS_V4_URL = '/ips-v4'.freeze
|
|
31
47
|
IPS_V6_URL = '/ips-v6'.freeze
|
|
32
48
|
|
|
@@ -40,11 +56,21 @@ module Cloudflare
|
|
|
40
56
|
end
|
|
41
57
|
|
|
42
58
|
def fetch(url)
|
|
43
|
-
|
|
44
|
-
|
|
59
|
+
uri = URI("#{BASE_URL}#{url}")
|
|
60
|
+
|
|
61
|
+
resp = Net::HTTP.start(uri.host,
|
|
62
|
+
uri.port,
|
|
63
|
+
use_ssl: true,
|
|
64
|
+
read_timeout: ::Rails.application.config.cloudflare.timeout) do |http|
|
|
65
|
+
req = Net::HTTP::Get.new(uri)
|
|
66
|
+
|
|
67
|
+
http.request(req)
|
|
68
|
+
end
|
|
69
|
+
|
|
70
|
+
if resp.is_a?(Net::HTTPSuccess)
|
|
45
71
|
resp.body.split("\n").reject(&:blank?).map { |ip| IPAddr.new ip }
|
|
46
72
|
else
|
|
47
|
-
raise ResponseError, resp
|
|
73
|
+
raise ResponseError, resp
|
|
48
74
|
end
|
|
49
75
|
end
|
|
50
76
|
|
data/lib/cloudflare/rails.rb
CHANGED
metadata
CHANGED
|
@@ -1,27 +1,27 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: cloudflare-rails
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version:
|
|
4
|
+
version: 2.3.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- jonathan schatz
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: exe
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date:
|
|
11
|
+
date: 2021-10-22 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: bundler
|
|
15
15
|
requirement: !ruby/object:Gem::Requirement
|
|
16
16
|
requirements:
|
|
17
|
-
- - "
|
|
17
|
+
- - ">="
|
|
18
18
|
- !ruby/object:Gem::Version
|
|
19
19
|
version: 2.1.2
|
|
20
20
|
type: :development
|
|
21
21
|
prerelease: false
|
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
|
23
23
|
requirements:
|
|
24
|
-
- - "
|
|
24
|
+
- - ">="
|
|
25
25
|
- !ruby/object:Gem::Version
|
|
26
26
|
version: 2.1.2
|
|
27
27
|
- !ruby/object:Gem::Dependency
|
|
@@ -58,14 +58,14 @@ dependencies:
|
|
|
58
58
|
requirements:
|
|
59
59
|
- - "~>"
|
|
60
60
|
- !ruby/object:Gem::Version
|
|
61
|
-
version:
|
|
61
|
+
version: 5.0.1
|
|
62
62
|
type: :development
|
|
63
63
|
prerelease: false
|
|
64
64
|
version_requirements: !ruby/object:Gem::Requirement
|
|
65
65
|
requirements:
|
|
66
66
|
- - "~>"
|
|
67
67
|
- !ruby/object:Gem::Version
|
|
68
|
-
version:
|
|
68
|
+
version: 5.0.1
|
|
69
69
|
- !ruby/object:Gem::Dependency
|
|
70
70
|
name: rspec
|
|
71
71
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -100,28 +100,28 @@ dependencies:
|
|
|
100
100
|
requirements:
|
|
101
101
|
- - "~>"
|
|
102
102
|
- !ruby/object:Gem::Version
|
|
103
|
-
version: 3.
|
|
103
|
+
version: 3.13.0
|
|
104
104
|
type: :development
|
|
105
105
|
prerelease: false
|
|
106
106
|
version_requirements: !ruby/object:Gem::Requirement
|
|
107
107
|
requirements:
|
|
108
108
|
- - "~>"
|
|
109
109
|
- !ruby/object:Gem::Version
|
|
110
|
-
version: 3.
|
|
110
|
+
version: 3.13.0
|
|
111
111
|
- !ruby/object:Gem::Dependency
|
|
112
112
|
name: rack-attack
|
|
113
113
|
requirement: !ruby/object:Gem::Requirement
|
|
114
114
|
requirements:
|
|
115
115
|
- - "~>"
|
|
116
116
|
- !ruby/object:Gem::Version
|
|
117
|
-
version: 6.
|
|
117
|
+
version: 6.5.0
|
|
118
118
|
type: :development
|
|
119
119
|
prerelease: false
|
|
120
120
|
version_requirements: !ruby/object:Gem::Requirement
|
|
121
121
|
requirements:
|
|
122
122
|
- - "~>"
|
|
123
123
|
- !ruby/object:Gem::Version
|
|
124
|
-
version: 6.
|
|
124
|
+
version: 6.5.0
|
|
125
125
|
- !ruby/object:Gem::Dependency
|
|
126
126
|
name: pry-byebug
|
|
127
127
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -151,39 +151,65 @@ dependencies:
|
|
|
151
151
|
- !ruby/object:Gem::Version
|
|
152
152
|
version: '0'
|
|
153
153
|
- !ruby/object:Gem::Dependency
|
|
154
|
-
name:
|
|
154
|
+
name: railties
|
|
155
155
|
requirement: !ruby/object:Gem::Requirement
|
|
156
156
|
requirements:
|
|
157
157
|
- - ">="
|
|
158
158
|
- !ruby/object:Gem::Version
|
|
159
|
-
version: '
|
|
159
|
+
version: '5.2'
|
|
160
|
+
- - "<"
|
|
161
|
+
- !ruby/object:Gem::Version
|
|
162
|
+
version: 7.1.0
|
|
160
163
|
type: :runtime
|
|
161
164
|
prerelease: false
|
|
162
165
|
version_requirements: !ruby/object:Gem::Requirement
|
|
163
166
|
requirements:
|
|
164
167
|
- - ">="
|
|
165
168
|
- !ruby/object:Gem::Version
|
|
166
|
-
version: '
|
|
169
|
+
version: '5.2'
|
|
170
|
+
- - "<"
|
|
171
|
+
- !ruby/object:Gem::Version
|
|
172
|
+
version: 7.1.0
|
|
173
|
+
- !ruby/object:Gem::Dependency
|
|
174
|
+
name: activesupport
|
|
175
|
+
requirement: !ruby/object:Gem::Requirement
|
|
176
|
+
requirements:
|
|
177
|
+
- - ">="
|
|
178
|
+
- !ruby/object:Gem::Version
|
|
179
|
+
version: '5.2'
|
|
180
|
+
- - "<"
|
|
181
|
+
- !ruby/object:Gem::Version
|
|
182
|
+
version: 7.1.0
|
|
183
|
+
type: :runtime
|
|
184
|
+
prerelease: false
|
|
185
|
+
version_requirements: !ruby/object:Gem::Requirement
|
|
186
|
+
requirements:
|
|
187
|
+
- - ">="
|
|
188
|
+
- !ruby/object:Gem::Version
|
|
189
|
+
version: '5.2'
|
|
190
|
+
- - "<"
|
|
191
|
+
- !ruby/object:Gem::Version
|
|
192
|
+
version: 7.1.0
|
|
167
193
|
- !ruby/object:Gem::Dependency
|
|
168
|
-
name:
|
|
194
|
+
name: actionpack
|
|
169
195
|
requirement: !ruby/object:Gem::Requirement
|
|
170
196
|
requirements:
|
|
171
197
|
- - ">="
|
|
172
198
|
- !ruby/object:Gem::Version
|
|
173
|
-
version: '5.
|
|
199
|
+
version: '5.2'
|
|
174
200
|
- - "<"
|
|
175
201
|
- !ruby/object:Gem::Version
|
|
176
|
-
version:
|
|
202
|
+
version: 7.1.0
|
|
177
203
|
type: :runtime
|
|
178
204
|
prerelease: false
|
|
179
205
|
version_requirements: !ruby/object:Gem::Requirement
|
|
180
206
|
requirements:
|
|
181
207
|
- - ">="
|
|
182
208
|
- !ruby/object:Gem::Version
|
|
183
|
-
version: '5.
|
|
209
|
+
version: '5.2'
|
|
184
210
|
- - "<"
|
|
185
211
|
- !ruby/object:Gem::Version
|
|
186
|
-
version:
|
|
212
|
+
version: 7.1.0
|
|
187
213
|
description: ''
|
|
188
214
|
email:
|
|
189
215
|
- modosc@users.noreply.github.com
|
|
@@ -198,7 +224,6 @@ files:
|
|
|
198
224
|
- ".rubocop.yml"
|
|
199
225
|
- ".rubocop_airbnb.yml"
|
|
200
226
|
- ".rubocop_todo.yml"
|
|
201
|
-
- ".travis.yml"
|
|
202
227
|
- Appraisals
|
|
203
228
|
- CHANGELOG.md
|
|
204
229
|
- Gemfile
|
|
@@ -209,11 +234,10 @@ files:
|
|
|
209
234
|
- bin/setup
|
|
210
235
|
- cloudflare-rails.gemspec
|
|
211
236
|
- gemfiles/.bundle/config
|
|
212
|
-
- gemfiles/rails_5.0.gemfile
|
|
213
|
-
- gemfiles/rails_5.1.gemfile
|
|
214
237
|
- gemfiles/rails_5.2.gemfile
|
|
215
238
|
- gemfiles/rails_6.0.gemfile
|
|
216
239
|
- gemfiles/rails_6.1.gemfile
|
|
240
|
+
- gemfiles/rails_7.0.gemfile
|
|
217
241
|
- lib/cloudflare/rails.rb
|
|
218
242
|
- lib/cloudflare/rails/railtie.rb
|
|
219
243
|
- lib/cloudflare/rails/version.rb
|
|
@@ -236,7 +260,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
236
260
|
- !ruby/object:Gem::Version
|
|
237
261
|
version: '0'
|
|
238
262
|
requirements: []
|
|
239
|
-
rubygems_version: 3.
|
|
263
|
+
rubygems_version: 3.2.18
|
|
240
264
|
signing_key:
|
|
241
265
|
specification_version: 4
|
|
242
266
|
summary: This gem configures Rails for CloudFlare so that request.ip and request.remote_ip
|
data/.travis.yml
DELETED
data/gemfiles/rails_5.0.gemfile
DELETED