cloudflare-rails 1.2.0 → 2.3.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/.circleci/config.yml +6 -1
- data/Appraisals +4 -8
- data/CHANGELOG.md +17 -1
- data/Gemfile +4 -0
- data/README.md +7 -3
- data/cloudflare-rails.gemspec +7 -6
- data/gemfiles/rails_5.2.gemfile +4 -0
- data/gemfiles/rails_6.0.gemfile +4 -0
- data/gemfiles/rails_6.1.gemfile +4 -0
- data/gemfiles/rails_7.0.gemfile +11 -0
- data/lib/cloudflare/rails/railtie.rb +35 -10
- data/lib/cloudflare/rails/version.rb +1 -1
- data/lib/cloudflare/rails.rb +2 -1
- metadata +46 -22
- data/.travis.yml +0 -4
- data/gemfiles/rails_5.0.gemfile +0 -7
- data/gemfiles/rails_5.1.gemfile +0 -7
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: de21d6707867ee11c0af5dae9a254f95fc03e2071d07a86db0406a2c1c400fd2
|
|
4
|
+
data.tar.gz: 50ed388a769ce657b4b9b79d3244d6551aead94d74969bd8b1d4e0af6cc5b4cf
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 908b5340a7335a2e26e32290a41017c512cc67fa4124eee4ec9e92b0eb525c8221c532c27e90b12ddd2ec1e994c6af0877d5b727eb0c986d130b94fd20be6bf6
|
|
7
|
+
data.tar.gz: 95f000b7ed2033010d400d51ad4834d025286308a887da61bb315cd7e7665452f59852b92918c702fe10dbe57281cd773041c3988b2e6c856f04a2c1ad323538
|
data/.circleci/config.yml
CHANGED
|
@@ -7,7 +7,7 @@ jobs:
|
|
|
7
7
|
build:
|
|
8
8
|
docker:
|
|
9
9
|
# specify the version you desire here
|
|
10
|
-
- image: circleci/ruby:2.7.
|
|
10
|
+
- image: circleci/ruby:2.7.3
|
|
11
11
|
|
|
12
12
|
working_directory: ~/repo
|
|
13
13
|
|
|
@@ -21,6 +21,11 @@ jobs:
|
|
|
21
21
|
# fallback to using the latest cache if no exact match is found
|
|
22
22
|
- v1-dependencies-
|
|
23
23
|
|
|
24
|
+
- run:
|
|
25
|
+
name: install bundler
|
|
26
|
+
command: |
|
|
27
|
+
gem install bundler -v $(grep bundler cloudflare-rails.gemspec |awk {'print $4'}|sed 's/"//g')
|
|
28
|
+
|
|
24
29
|
- run:
|
|
25
30
|
name: install dependencies
|
|
26
31
|
command: |
|
data/Appraisals
CHANGED
|
@@ -1,11 +1,3 @@
|
|
|
1
|
-
appraise "rails-5.0" do
|
|
2
|
-
gem "rails", "~> 5.0.0"
|
|
3
|
-
end
|
|
4
|
-
|
|
5
|
-
appraise "rails-5.1" do
|
|
6
|
-
gem "rails", "~> 5.1.0"
|
|
7
|
-
end
|
|
8
|
-
|
|
9
1
|
appraise "rails-5.2" do
|
|
10
2
|
gem "rails", "~> 5.2.0"
|
|
11
3
|
end
|
|
@@ -17,3 +9,7 @@ end
|
|
|
17
9
|
appraise "rails-6.1" do
|
|
18
10
|
gem "rails", "~> 6.1.0"
|
|
19
11
|
end
|
|
12
|
+
|
|
13
|
+
appraise "rails-7.0" do
|
|
14
|
+
gem "rails", git: "https://github.com/rails/rails", branch: "main"
|
|
15
|
+
end
|
data/CHANGELOG.md
CHANGED
|
@@ -4,7 +4,23 @@ All notable changes to this project will be documented in this file.
|
|
|
4
4
|
The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
|
|
5
5
|
and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
|
|
6
6
|
|
|
7
|
-
## [
|
|
7
|
+
## [2.3.0] - 2021-10-22
|
|
8
|
+
- Better handling of malformed IP addresses (https://github.com/modosc/cloudflare-rails/pull/49)
|
|
9
|
+
|
|
10
|
+
## [2.2.0] - 2021-06-11
|
|
11
|
+
- Fix typo in `actionpack` dependency
|
|
12
|
+
|
|
13
|
+
## [2.1.0] - 2021-06-11
|
|
14
|
+
### Breaking Changes
|
|
15
|
+
- Drop support for unsupported `rails` versions (`5.0.x` and `5.1.x`)
|
|
16
|
+
|
|
17
|
+
### Added
|
|
18
|
+
- use Net::HTTP instead of httparty ([pr](https://github.com/modosc/cloudflare-rails/pull/44))
|
|
19
|
+
- Add `rails 7.0.0.alpha` support
|
|
20
|
+
|
|
21
|
+
## [2.0.0] - 2021-02-17
|
|
22
|
+
### Breaking Changes
|
|
23
|
+
- Removed broad dependency on `rails`, replaced with explicit dependencies for `railties`, `activesupport`, and `actionpack` ( [issue](https://github.com/modosc/cloudflare-rails/issues/34) and [pr](https://github.com/modosc/cloudflare-rails/pull/35))
|
|
8
24
|
|
|
9
25
|
## [1.0.0] - 2020-09-29
|
|
10
26
|
### Added
|
data/Gemfile
CHANGED
data/README.md
CHANGED
|
@@ -1,9 +1,13 @@
|
|
|
1
|
-
# Cloudflare::Rails [](https://badge.fury.io/rb/cloudflare-rails) [](https://badge.fury.io/rb/cloudflare-rails) [](https://circleci.com/gh/modosc/cloudflare-rails/tree/main)
|
|
2
2
|
This gem correctly configures Rails for [CloudFlare](https://www.cloudflare.com) so that `request.remote_ip` / `request.ip` both work correctly.
|
|
3
3
|
|
|
4
4
|
## Rails Compatibility
|
|
5
5
|
|
|
6
|
-
This gem requires
|
|
6
|
+
This gem requires `railties`, `activesupport`, and `actionpack` >= `5.2`.
|
|
7
|
+
|
|
8
|
+
For Rails `5.0` and `5.1` use `2.0.0`.
|
|
9
|
+
|
|
10
|
+
For Rails `4.2` use `0.1.x`.
|
|
7
11
|
|
|
8
12
|
## Installation
|
|
9
13
|
|
|
@@ -25,7 +29,7 @@ And then execute:
|
|
|
25
29
|
|
|
26
30
|
Using Cloudflare means it's hard to identify the IP address of incoming requests since all requests are proxied through Cloudflare's infrastructure. Cloudflare provides a [CF-Connecting-IP](https://support.cloudflare.com/hc/en-us/articles/200170986-How-does-Cloudflare-handle-HTTP-Request-headers-) header which can be used to identify the originating IP address of a request. However, this header alone doesn't verify a request is legitimate. If an attacker has found the actual IP address of your server they could spoof this header and masquerade as legitimate traffic.
|
|
27
31
|
|
|
28
|
-
`cloudflare-rails` mitigates this attack by checking that the originating ip address of any incoming
|
|
32
|
+
`cloudflare-rails` mitigates this attack by checking that the originating ip address of any incoming connection is from one of Cloudflare's ip address ranges. If so, the incoming `X-Forwarded-For` header is trusted and used as the ip address provided to `rack` and `rails` (via `request.ip` and `request.remote_ip`). If the incoming connection does not originate from a Cloudflare server then the `X-Forwarded-For` header is ignored and the actual remote ip address is used.
|
|
29
33
|
|
|
30
34
|
## Usage
|
|
31
35
|
This code will fetch CloudFlare's current [IPv4](https://www.cloudflare.com/ips-v4) and [IPv6](https://www.cloudflare.com/ips-v6) lists, store them in `Rails.cache`, and add them to `config.cloudflare.ips`. The `X-Forwarded-For` header will then be trusted only from those ip addresses.
|
data/cloudflare-rails.gemspec
CHANGED
|
@@ -20,19 +20,20 @@ Gem::Specification.new do |spec|
|
|
|
20
20
|
spec.executables = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
|
|
21
21
|
spec.require_paths = ["lib"]
|
|
22
22
|
|
|
23
|
-
spec.add_development_dependency "bundler", "
|
|
23
|
+
spec.add_development_dependency "bundler", ">= 2.1.2"
|
|
24
24
|
spec.add_development_dependency "rake", "~> 13.0.1"
|
|
25
25
|
spec.add_development_dependency "rspec_junit_formatter", "~> 0.4.1"
|
|
26
|
-
spec.add_development_dependency "rspec-rails", "~>
|
|
26
|
+
spec.add_development_dependency "rspec-rails", "~> 5.0.1"
|
|
27
27
|
spec.add_development_dependency "rspec", "~> 3.10.0"
|
|
28
28
|
spec.add_development_dependency "rubocop-airbnb", "~> 3.0.2"
|
|
29
|
-
spec.add_development_dependency "webmock", "~> 3.
|
|
30
|
-
spec.add_development_dependency "rack-attack", "~> 6.
|
|
29
|
+
spec.add_development_dependency "webmock", "~> 3.13.0"
|
|
30
|
+
spec.add_development_dependency "rack-attack", "~> 6.5.0"
|
|
31
31
|
spec.add_development_dependency "pry-byebug"
|
|
32
32
|
spec.add_development_dependency "appraisal"
|
|
33
33
|
|
|
34
|
-
spec.add_dependency "
|
|
35
|
-
spec.add_dependency "
|
|
34
|
+
spec.add_dependency "railties", ">= 5.2", "< 7.1.0"
|
|
35
|
+
spec.add_dependency "activesupport", ">= 5.2", "< 7.1.0"
|
|
36
|
+
spec.add_dependency "actionpack", ">= 5.2", "< 7.1.0"
|
|
36
37
|
|
|
37
38
|
# we need Module#prepend
|
|
38
39
|
spec.required_ruby_version = '>= 2.0'
|
data/gemfiles/rails_5.2.gemfile
CHANGED
data/gemfiles/rails_6.0.gemfile
CHANGED
data/gemfiles/rails_6.1.gemfile
CHANGED
|
@@ -0,0 +1,11 @@
|
|
|
1
|
+
# This file was generated by Appraisal
|
|
2
|
+
|
|
3
|
+
source "https://rubygems.org"
|
|
4
|
+
|
|
5
|
+
gem "rails", git: "https://github.com/rails/rails", branch: "main"
|
|
6
|
+
|
|
7
|
+
group :development do
|
|
8
|
+
gem "rspec-isolation", git: "https://github.com/modosc/rspec-isolation"
|
|
9
|
+
end
|
|
10
|
+
|
|
11
|
+
gemspec path: "../"
|
|
@@ -1,5 +1,4 @@
|
|
|
1
1
|
require "active_support/core_ext/integer/time"
|
|
2
|
-
require "httparty"
|
|
3
2
|
|
|
4
3
|
module Cloudflare
|
|
5
4
|
module Rails
|
|
@@ -8,7 +7,13 @@ module Cloudflare
|
|
|
8
7
|
# correct inside of rack and rails
|
|
9
8
|
module CheckTrustedProxies
|
|
10
9
|
def trusted_proxy?(ip)
|
|
11
|
-
::Rails.application.config.cloudflare.ips.any?
|
|
10
|
+
matching = ::Rails.application.config.cloudflare.ips.any? do |proxy|
|
|
11
|
+
begin
|
|
12
|
+
proxy === ip
|
|
13
|
+
rescue IPAddr::InvalidAddressError
|
|
14
|
+
end
|
|
15
|
+
end
|
|
16
|
+
matching || super
|
|
12
17
|
end
|
|
13
18
|
end
|
|
14
19
|
|
|
@@ -21,13 +26,23 @@ module Cloudflare
|
|
|
21
26
|
end
|
|
22
27
|
|
|
23
28
|
class Importer
|
|
24
|
-
|
|
25
|
-
|
|
26
|
-
|
|
27
|
-
|
|
29
|
+
# Exceptions contain the Net::HTTP
|
|
30
|
+
# response object accessible via the {#response} method.
|
|
31
|
+
class ResponseError < StandardError
|
|
32
|
+
# Returns the response of the last request
|
|
33
|
+
# @return [Net::HTTPResponse] A subclass of Net::HTTPResponse, e.g.
|
|
34
|
+
# Net::HTTPOK
|
|
35
|
+
attr_reader :response
|
|
28
36
|
|
|
29
|
-
|
|
37
|
+
# Instantiate an instance of ResponseError with a Net::HTTPResponse object
|
|
38
|
+
# @param [Net::HTTPResponse]
|
|
39
|
+
def initialize(response)
|
|
40
|
+
@response = response
|
|
41
|
+
super(response)
|
|
42
|
+
end
|
|
43
|
+
end
|
|
30
44
|
|
|
45
|
+
BASE_URL = 'https://www.cloudflare.com'.freeze
|
|
31
46
|
IPS_V4_URL = '/ips-v4'.freeze
|
|
32
47
|
IPS_V6_URL = '/ips-v6'.freeze
|
|
33
48
|
|
|
@@ -41,11 +56,21 @@ module Cloudflare
|
|
|
41
56
|
end
|
|
42
57
|
|
|
43
58
|
def fetch(url)
|
|
44
|
-
|
|
45
|
-
|
|
59
|
+
uri = URI("#{BASE_URL}#{url}")
|
|
60
|
+
|
|
61
|
+
resp = Net::HTTP.start(uri.host,
|
|
62
|
+
uri.port,
|
|
63
|
+
use_ssl: true,
|
|
64
|
+
read_timeout: ::Rails.application.config.cloudflare.timeout) do |http|
|
|
65
|
+
req = Net::HTTP::Get.new(uri)
|
|
66
|
+
|
|
67
|
+
http.request(req)
|
|
68
|
+
end
|
|
69
|
+
|
|
70
|
+
if resp.is_a?(Net::HTTPSuccess)
|
|
46
71
|
resp.body.split("\n").reject(&:blank?).map { |ip| IPAddr.new ip }
|
|
47
72
|
else
|
|
48
|
-
raise ResponseError, resp
|
|
73
|
+
raise ResponseError, resp
|
|
49
74
|
end
|
|
50
75
|
end
|
|
51
76
|
|
data/lib/cloudflare/rails.rb
CHANGED
metadata
CHANGED
|
@@ -1,27 +1,27 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: cloudflare-rails
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version:
|
|
4
|
+
version: 2.3.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- jonathan schatz
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: exe
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2021-
|
|
11
|
+
date: 2021-10-22 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: bundler
|
|
15
15
|
requirement: !ruby/object:Gem::Requirement
|
|
16
16
|
requirements:
|
|
17
|
-
- - "
|
|
17
|
+
- - ">="
|
|
18
18
|
- !ruby/object:Gem::Version
|
|
19
19
|
version: 2.1.2
|
|
20
20
|
type: :development
|
|
21
21
|
prerelease: false
|
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
|
23
23
|
requirements:
|
|
24
|
-
- - "
|
|
24
|
+
- - ">="
|
|
25
25
|
- !ruby/object:Gem::Version
|
|
26
26
|
version: 2.1.2
|
|
27
27
|
- !ruby/object:Gem::Dependency
|
|
@@ -58,14 +58,14 @@ dependencies:
|
|
|
58
58
|
requirements:
|
|
59
59
|
- - "~>"
|
|
60
60
|
- !ruby/object:Gem::Version
|
|
61
|
-
version:
|
|
61
|
+
version: 5.0.1
|
|
62
62
|
type: :development
|
|
63
63
|
prerelease: false
|
|
64
64
|
version_requirements: !ruby/object:Gem::Requirement
|
|
65
65
|
requirements:
|
|
66
66
|
- - "~>"
|
|
67
67
|
- !ruby/object:Gem::Version
|
|
68
|
-
version:
|
|
68
|
+
version: 5.0.1
|
|
69
69
|
- !ruby/object:Gem::Dependency
|
|
70
70
|
name: rspec
|
|
71
71
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -100,28 +100,28 @@ dependencies:
|
|
|
100
100
|
requirements:
|
|
101
101
|
- - "~>"
|
|
102
102
|
- !ruby/object:Gem::Version
|
|
103
|
-
version: 3.
|
|
103
|
+
version: 3.13.0
|
|
104
104
|
type: :development
|
|
105
105
|
prerelease: false
|
|
106
106
|
version_requirements: !ruby/object:Gem::Requirement
|
|
107
107
|
requirements:
|
|
108
108
|
- - "~>"
|
|
109
109
|
- !ruby/object:Gem::Version
|
|
110
|
-
version: 3.
|
|
110
|
+
version: 3.13.0
|
|
111
111
|
- !ruby/object:Gem::Dependency
|
|
112
112
|
name: rack-attack
|
|
113
113
|
requirement: !ruby/object:Gem::Requirement
|
|
114
114
|
requirements:
|
|
115
115
|
- - "~>"
|
|
116
116
|
- !ruby/object:Gem::Version
|
|
117
|
-
version: 6.
|
|
117
|
+
version: 6.5.0
|
|
118
118
|
type: :development
|
|
119
119
|
prerelease: false
|
|
120
120
|
version_requirements: !ruby/object:Gem::Requirement
|
|
121
121
|
requirements:
|
|
122
122
|
- - "~>"
|
|
123
123
|
- !ruby/object:Gem::Version
|
|
124
|
-
version: 6.
|
|
124
|
+
version: 6.5.0
|
|
125
125
|
- !ruby/object:Gem::Dependency
|
|
126
126
|
name: pry-byebug
|
|
127
127
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -151,39 +151,65 @@ dependencies:
|
|
|
151
151
|
- !ruby/object:Gem::Version
|
|
152
152
|
version: '0'
|
|
153
153
|
- !ruby/object:Gem::Dependency
|
|
154
|
-
name:
|
|
154
|
+
name: railties
|
|
155
155
|
requirement: !ruby/object:Gem::Requirement
|
|
156
156
|
requirements:
|
|
157
157
|
- - ">="
|
|
158
158
|
- !ruby/object:Gem::Version
|
|
159
|
-
version: '
|
|
159
|
+
version: '5.2'
|
|
160
|
+
- - "<"
|
|
161
|
+
- !ruby/object:Gem::Version
|
|
162
|
+
version: 7.1.0
|
|
160
163
|
type: :runtime
|
|
161
164
|
prerelease: false
|
|
162
165
|
version_requirements: !ruby/object:Gem::Requirement
|
|
163
166
|
requirements:
|
|
164
167
|
- - ">="
|
|
165
168
|
- !ruby/object:Gem::Version
|
|
166
|
-
version: '
|
|
169
|
+
version: '5.2'
|
|
170
|
+
- - "<"
|
|
171
|
+
- !ruby/object:Gem::Version
|
|
172
|
+
version: 7.1.0
|
|
173
|
+
- !ruby/object:Gem::Dependency
|
|
174
|
+
name: activesupport
|
|
175
|
+
requirement: !ruby/object:Gem::Requirement
|
|
176
|
+
requirements:
|
|
177
|
+
- - ">="
|
|
178
|
+
- !ruby/object:Gem::Version
|
|
179
|
+
version: '5.2'
|
|
180
|
+
- - "<"
|
|
181
|
+
- !ruby/object:Gem::Version
|
|
182
|
+
version: 7.1.0
|
|
183
|
+
type: :runtime
|
|
184
|
+
prerelease: false
|
|
185
|
+
version_requirements: !ruby/object:Gem::Requirement
|
|
186
|
+
requirements:
|
|
187
|
+
- - ">="
|
|
188
|
+
- !ruby/object:Gem::Version
|
|
189
|
+
version: '5.2'
|
|
190
|
+
- - "<"
|
|
191
|
+
- !ruby/object:Gem::Version
|
|
192
|
+
version: 7.1.0
|
|
167
193
|
- !ruby/object:Gem::Dependency
|
|
168
|
-
name:
|
|
194
|
+
name: actionpack
|
|
169
195
|
requirement: !ruby/object:Gem::Requirement
|
|
170
196
|
requirements:
|
|
171
197
|
- - ">="
|
|
172
198
|
- !ruby/object:Gem::Version
|
|
173
|
-
version: '5.
|
|
199
|
+
version: '5.2'
|
|
174
200
|
- - "<"
|
|
175
201
|
- !ruby/object:Gem::Version
|
|
176
|
-
version:
|
|
202
|
+
version: 7.1.0
|
|
177
203
|
type: :runtime
|
|
178
204
|
prerelease: false
|
|
179
205
|
version_requirements: !ruby/object:Gem::Requirement
|
|
180
206
|
requirements:
|
|
181
207
|
- - ">="
|
|
182
208
|
- !ruby/object:Gem::Version
|
|
183
|
-
version: '5.
|
|
209
|
+
version: '5.2'
|
|
184
210
|
- - "<"
|
|
185
211
|
- !ruby/object:Gem::Version
|
|
186
|
-
version:
|
|
212
|
+
version: 7.1.0
|
|
187
213
|
description: ''
|
|
188
214
|
email:
|
|
189
215
|
- modosc@users.noreply.github.com
|
|
@@ -198,7 +224,6 @@ files:
|
|
|
198
224
|
- ".rubocop.yml"
|
|
199
225
|
- ".rubocop_airbnb.yml"
|
|
200
226
|
- ".rubocop_todo.yml"
|
|
201
|
-
- ".travis.yml"
|
|
202
227
|
- Appraisals
|
|
203
228
|
- CHANGELOG.md
|
|
204
229
|
- Gemfile
|
|
@@ -209,11 +234,10 @@ files:
|
|
|
209
234
|
- bin/setup
|
|
210
235
|
- cloudflare-rails.gemspec
|
|
211
236
|
- gemfiles/.bundle/config
|
|
212
|
-
- gemfiles/rails_5.0.gemfile
|
|
213
|
-
- gemfiles/rails_5.1.gemfile
|
|
214
237
|
- gemfiles/rails_5.2.gemfile
|
|
215
238
|
- gemfiles/rails_6.0.gemfile
|
|
216
239
|
- gemfiles/rails_6.1.gemfile
|
|
240
|
+
- gemfiles/rails_7.0.gemfile
|
|
217
241
|
- lib/cloudflare/rails.rb
|
|
218
242
|
- lib/cloudflare/rails/railtie.rb
|
|
219
243
|
- lib/cloudflare/rails/version.rb
|
|
@@ -236,7 +260,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
236
260
|
- !ruby/object:Gem::Version
|
|
237
261
|
version: '0'
|
|
238
262
|
requirements: []
|
|
239
|
-
rubygems_version: 3.
|
|
263
|
+
rubygems_version: 3.2.18
|
|
240
264
|
signing_key:
|
|
241
265
|
specification_version: 4
|
|
242
266
|
summary: This gem configures Rails for CloudFlare so that request.ip and request.remote_ip
|
data/.travis.yml
DELETED
data/gemfiles/rails_5.0.gemfile
DELETED