cloudflare-rails 1.2.0 → 2.4.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.circleci/config.yml +6 -1
- data/Appraisals +4 -8
- data/CHANGELOG.md +20 -1
- data/README.md +7 -3
- data/cloudflare-rails.gemspec +7 -6
- data/gemfiles/{rails_5.0.gemfile → rails_7.0.gemfile} +1 -1
- data/lib/cloudflare/rails/railtie.rb +37 -12
- data/lib/cloudflare/rails/version.rb +1 -1
- data/lib/cloudflare/rails.rb +2 -1
- metadata +46 -22
- data/.travis.yml +0 -4
- data/gemfiles/rails_5.1.gemfile +0 -7
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 11110e82a65bdac6452690a323d9f7b834ec61d224dce3584d59244ae5150240
|
4
|
+
data.tar.gz: cbbd90760e1966e42d0ae0e59526228686222a0b2381deb3d41680d4e05d227e
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 55dad9534a826670be89601a3404d420535b92e42639e44a001e2f869711c3e7347b2d810ef00967d5f51f680e0517d0c856aa26c1caff8531988722fef00910
|
7
|
+
data.tar.gz: 45000db30d0f95515c7d69a4295a4f69d68b2285c638a24b4f1d30b79c53aa5940beb861b7dcc9c2cc75183ab039baaedc34f84510c5455abf7b68d46cc76379
|
data/.circleci/config.yml
CHANGED
@@ -7,7 +7,7 @@ jobs:
|
|
7
7
|
build:
|
8
8
|
docker:
|
9
9
|
# specify the version you desire here
|
10
|
-
- image: circleci/ruby:2.7.
|
10
|
+
- image: circleci/ruby:2.7.3
|
11
11
|
|
12
12
|
working_directory: ~/repo
|
13
13
|
|
@@ -21,6 +21,11 @@ jobs:
|
|
21
21
|
# fallback to using the latest cache if no exact match is found
|
22
22
|
- v1-dependencies-
|
23
23
|
|
24
|
+
- run:
|
25
|
+
name: install bundler
|
26
|
+
command: |
|
27
|
+
gem install bundler -v $(grep bundler cloudflare-rails.gemspec |awk {'print $4'}|sed 's/"//g')
|
28
|
+
|
24
29
|
- run:
|
25
30
|
name: install dependencies
|
26
31
|
command: |
|
data/Appraisals
CHANGED
@@ -1,11 +1,3 @@
|
|
1
|
-
appraise "rails-5.0" do
|
2
|
-
gem "rails", "~> 5.0.0"
|
3
|
-
end
|
4
|
-
|
5
|
-
appraise "rails-5.1" do
|
6
|
-
gem "rails", "~> 5.1.0"
|
7
|
-
end
|
8
|
-
|
9
1
|
appraise "rails-5.2" do
|
10
2
|
gem "rails", "~> 5.2.0"
|
11
3
|
end
|
@@ -17,3 +9,7 @@ end
|
|
17
9
|
appraise "rails-6.1" do
|
18
10
|
gem "rails", "~> 6.1.0"
|
19
11
|
end
|
12
|
+
|
13
|
+
appraise "rails-7.0" do
|
14
|
+
gem "rails", git: "https://github.com/rails/rails", branch: "main"
|
15
|
+
end
|
data/CHANGELOG.md
CHANGED
@@ -4,7 +4,26 @@ All notable changes to this project will be documented in this file.
|
|
4
4
|
The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
|
5
5
|
and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
|
6
6
|
|
7
|
-
## [
|
7
|
+
## [2.4.0] - 2022-02-22
|
8
|
+
- Add trailing slashes to reflect Cloudflare API URLs (https://github.com/modosc/cloudflare-rails/pull/53)
|
9
|
+
|
10
|
+
## [2.3.0] - 2021-10-22
|
11
|
+
- Better handling of malformed IP addresses (https://github.com/modosc/cloudflare-rails/pull/49)
|
12
|
+
|
13
|
+
## [2.2.0] - 2021-06-11
|
14
|
+
- Fix typo in `actionpack` dependency
|
15
|
+
|
16
|
+
## [2.1.0] - 2021-06-11
|
17
|
+
### Breaking Changes
|
18
|
+
- Drop support for unsupported `rails` versions (`5.0.x` and `5.1.x`)
|
19
|
+
|
20
|
+
### Added
|
21
|
+
- use Net::HTTP instead of httparty ([pr](https://github.com/modosc/cloudflare-rails/pull/44))
|
22
|
+
- Add `rails 7.0.0.alpha` support
|
23
|
+
|
24
|
+
## [2.0.0] - 2021-02-17
|
25
|
+
### Breaking Changes
|
26
|
+
- Removed broad dependency on `rails`, replaced with explicit dependencies for `railties`, `activesupport`, and `actionpack` ( [issue](https://github.com/modosc/cloudflare-rails/issues/34) and [pr](https://github.com/modosc/cloudflare-rails/pull/35))
|
8
27
|
|
9
28
|
## [1.0.0] - 2020-09-29
|
10
29
|
### Added
|
data/README.md
CHANGED
@@ -1,9 +1,13 @@
|
|
1
|
-
# Cloudflare::Rails [![Gem Version](https://badge.fury.io/rb/cloudflare-rails.svg)](https://badge.fury.io/rb/cloudflare-rails) [![CircleCI](https://circleci.com/gh/modosc/cloudflare-rails/tree/
|
1
|
+
# Cloudflare::Rails [![Gem Version](https://badge.fury.io/rb/cloudflare-rails.svg)](https://badge.fury.io/rb/cloudflare-rails) [![CircleCI](https://circleci.com/gh/modosc/cloudflare-rails/tree/main.svg?style=shield)](https://circleci.com/gh/modosc/cloudflare-rails/tree/main)
|
2
2
|
This gem correctly configures Rails for [CloudFlare](https://www.cloudflare.com) so that `request.remote_ip` / `request.ip` both work correctly.
|
3
3
|
|
4
4
|
## Rails Compatibility
|
5
5
|
|
6
|
-
This gem requires
|
6
|
+
This gem requires `railties`, `activesupport`, and `actionpack` >= `5.2`.
|
7
|
+
|
8
|
+
For Rails `5.0` and `5.1` use `2.0.0`.
|
9
|
+
|
10
|
+
For Rails `4.2` use `0.1.x`.
|
7
11
|
|
8
12
|
## Installation
|
9
13
|
|
@@ -25,7 +29,7 @@ And then execute:
|
|
25
29
|
|
26
30
|
Using Cloudflare means it's hard to identify the IP address of incoming requests since all requests are proxied through Cloudflare's infrastructure. Cloudflare provides a [CF-Connecting-IP](https://support.cloudflare.com/hc/en-us/articles/200170986-How-does-Cloudflare-handle-HTTP-Request-headers-) header which can be used to identify the originating IP address of a request. However, this header alone doesn't verify a request is legitimate. If an attacker has found the actual IP address of your server they could spoof this header and masquerade as legitimate traffic.
|
27
31
|
|
28
|
-
`cloudflare-rails` mitigates this attack by checking that the originating ip address of any incoming
|
32
|
+
`cloudflare-rails` mitigates this attack by checking that the originating ip address of any incoming connection is from one of Cloudflare's ip address ranges. If so, the incoming `X-Forwarded-For` header is trusted and used as the ip address provided to `rack` and `rails` (via `request.ip` and `request.remote_ip`). If the incoming connection does not originate from a Cloudflare server then the `X-Forwarded-For` header is ignored and the actual remote ip address is used.
|
29
33
|
|
30
34
|
## Usage
|
31
35
|
This code will fetch CloudFlare's current [IPv4](https://www.cloudflare.com/ips-v4) and [IPv6](https://www.cloudflare.com/ips-v6) lists, store them in `Rails.cache`, and add them to `config.cloudflare.ips`. The `X-Forwarded-For` header will then be trusted only from those ip addresses.
|
data/cloudflare-rails.gemspec
CHANGED
@@ -20,19 +20,20 @@ Gem::Specification.new do |spec|
|
|
20
20
|
spec.executables = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
|
21
21
|
spec.require_paths = ["lib"]
|
22
22
|
|
23
|
-
spec.add_development_dependency "bundler", "
|
23
|
+
spec.add_development_dependency "bundler", ">= 2.1.2"
|
24
24
|
spec.add_development_dependency "rake", "~> 13.0.1"
|
25
25
|
spec.add_development_dependency "rspec_junit_formatter", "~> 0.4.1"
|
26
|
-
spec.add_development_dependency "rspec-rails", "~>
|
26
|
+
spec.add_development_dependency "rspec-rails", "~> 5.0.1"
|
27
27
|
spec.add_development_dependency "rspec", "~> 3.10.0"
|
28
28
|
spec.add_development_dependency "rubocop-airbnb", "~> 3.0.2"
|
29
|
-
spec.add_development_dependency "webmock", "~> 3.
|
30
|
-
spec.add_development_dependency "rack-attack", "~> 6.
|
29
|
+
spec.add_development_dependency "webmock", "~> 3.13.0"
|
30
|
+
spec.add_development_dependency "rack-attack", "~> 6.5.0"
|
31
31
|
spec.add_development_dependency "pry-byebug"
|
32
32
|
spec.add_development_dependency "appraisal"
|
33
33
|
|
34
|
-
spec.add_dependency "
|
35
|
-
spec.add_dependency "
|
34
|
+
spec.add_dependency "railties", ">= 5.2", "< 7.1.0"
|
35
|
+
spec.add_dependency "activesupport", ">= 5.2", "< 7.1.0"
|
36
|
+
spec.add_dependency "actionpack", ">= 5.2", "< 7.1.0"
|
36
37
|
|
37
38
|
# we need Module#prepend
|
38
39
|
spec.required_ruby_version = '>= 2.0'
|
@@ -1,5 +1,4 @@
|
|
1
1
|
require "active_support/core_ext/integer/time"
|
2
|
-
require "httparty"
|
3
2
|
|
4
3
|
module Cloudflare
|
5
4
|
module Rails
|
@@ -8,7 +7,13 @@ module Cloudflare
|
|
8
7
|
# correct inside of rack and rails
|
9
8
|
module CheckTrustedProxies
|
10
9
|
def trusted_proxy?(ip)
|
11
|
-
::Rails.application.config.cloudflare.ips.any?
|
10
|
+
matching = ::Rails.application.config.cloudflare.ips.any? do |proxy|
|
11
|
+
begin
|
12
|
+
proxy === ip
|
13
|
+
rescue IPAddr::InvalidAddressError
|
14
|
+
end
|
15
|
+
end
|
16
|
+
matching || super
|
12
17
|
end
|
13
18
|
end
|
14
19
|
|
@@ -21,15 +26,25 @@ module Cloudflare
|
|
21
26
|
end
|
22
27
|
|
23
28
|
class Importer
|
24
|
-
|
25
|
-
|
26
|
-
|
27
|
-
|
29
|
+
# Exceptions contain the Net::HTTP
|
30
|
+
# response object accessible via the {#response} method.
|
31
|
+
class ResponseError < StandardError
|
32
|
+
# Returns the response of the last request
|
33
|
+
# @return [Net::HTTPResponse] A subclass of Net::HTTPResponse, e.g.
|
34
|
+
# Net::HTTPOK
|
35
|
+
attr_reader :response
|
28
36
|
|
29
|
-
|
37
|
+
# Instantiate an instance of ResponseError with a Net::HTTPResponse object
|
38
|
+
# @param [Net::HTTPResponse]
|
39
|
+
def initialize(response)
|
40
|
+
@response = response
|
41
|
+
super(response)
|
42
|
+
end
|
43
|
+
end
|
30
44
|
|
31
|
-
|
32
|
-
|
45
|
+
BASE_URL = 'https://www.cloudflare.com'.freeze
|
46
|
+
IPS_V4_URL = '/ips-v4/'.freeze
|
47
|
+
IPS_V6_URL = '/ips-v6/'.freeze
|
33
48
|
|
34
49
|
class << self
|
35
50
|
def ips_v6
|
@@ -41,11 +56,21 @@ module Cloudflare
|
|
41
56
|
end
|
42
57
|
|
43
58
|
def fetch(url)
|
44
|
-
|
45
|
-
|
59
|
+
uri = URI("#{BASE_URL}#{url}")
|
60
|
+
|
61
|
+
resp = Net::HTTP.start(uri.host,
|
62
|
+
uri.port,
|
63
|
+
use_ssl: true,
|
64
|
+
read_timeout: ::Rails.application.config.cloudflare.timeout) do |http|
|
65
|
+
req = Net::HTTP::Get.new(uri)
|
66
|
+
|
67
|
+
http.request(req)
|
68
|
+
end
|
69
|
+
|
70
|
+
if resp.is_a?(Net::HTTPSuccess)
|
46
71
|
resp.body.split("\n").reject(&:blank?).map { |ip| IPAddr.new ip }
|
47
72
|
else
|
48
|
-
raise ResponseError, resp
|
73
|
+
raise ResponseError, resp
|
49
74
|
end
|
50
75
|
end
|
51
76
|
|
data/lib/cloudflare/rails.rb
CHANGED
metadata
CHANGED
@@ -1,27 +1,27 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: cloudflare-rails
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version:
|
4
|
+
version: 2.4.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- jonathan schatz
|
8
8
|
autorequire:
|
9
9
|
bindir: exe
|
10
10
|
cert_chain: []
|
11
|
-
date:
|
11
|
+
date: 2022-02-23 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: bundler
|
15
15
|
requirement: !ruby/object:Gem::Requirement
|
16
16
|
requirements:
|
17
|
-
- - "
|
17
|
+
- - ">="
|
18
18
|
- !ruby/object:Gem::Version
|
19
19
|
version: 2.1.2
|
20
20
|
type: :development
|
21
21
|
prerelease: false
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
23
23
|
requirements:
|
24
|
-
- - "
|
24
|
+
- - ">="
|
25
25
|
- !ruby/object:Gem::Version
|
26
26
|
version: 2.1.2
|
27
27
|
- !ruby/object:Gem::Dependency
|
@@ -58,14 +58,14 @@ dependencies:
|
|
58
58
|
requirements:
|
59
59
|
- - "~>"
|
60
60
|
- !ruby/object:Gem::Version
|
61
|
-
version:
|
61
|
+
version: 5.0.1
|
62
62
|
type: :development
|
63
63
|
prerelease: false
|
64
64
|
version_requirements: !ruby/object:Gem::Requirement
|
65
65
|
requirements:
|
66
66
|
- - "~>"
|
67
67
|
- !ruby/object:Gem::Version
|
68
|
-
version:
|
68
|
+
version: 5.0.1
|
69
69
|
- !ruby/object:Gem::Dependency
|
70
70
|
name: rspec
|
71
71
|
requirement: !ruby/object:Gem::Requirement
|
@@ -100,28 +100,28 @@ dependencies:
|
|
100
100
|
requirements:
|
101
101
|
- - "~>"
|
102
102
|
- !ruby/object:Gem::Version
|
103
|
-
version: 3.
|
103
|
+
version: 3.13.0
|
104
104
|
type: :development
|
105
105
|
prerelease: false
|
106
106
|
version_requirements: !ruby/object:Gem::Requirement
|
107
107
|
requirements:
|
108
108
|
- - "~>"
|
109
109
|
- !ruby/object:Gem::Version
|
110
|
-
version: 3.
|
110
|
+
version: 3.13.0
|
111
111
|
- !ruby/object:Gem::Dependency
|
112
112
|
name: rack-attack
|
113
113
|
requirement: !ruby/object:Gem::Requirement
|
114
114
|
requirements:
|
115
115
|
- - "~>"
|
116
116
|
- !ruby/object:Gem::Version
|
117
|
-
version: 6.
|
117
|
+
version: 6.5.0
|
118
118
|
type: :development
|
119
119
|
prerelease: false
|
120
120
|
version_requirements: !ruby/object:Gem::Requirement
|
121
121
|
requirements:
|
122
122
|
- - "~>"
|
123
123
|
- !ruby/object:Gem::Version
|
124
|
-
version: 6.
|
124
|
+
version: 6.5.0
|
125
125
|
- !ruby/object:Gem::Dependency
|
126
126
|
name: pry-byebug
|
127
127
|
requirement: !ruby/object:Gem::Requirement
|
@@ -151,39 +151,65 @@ dependencies:
|
|
151
151
|
- !ruby/object:Gem::Version
|
152
152
|
version: '0'
|
153
153
|
- !ruby/object:Gem::Dependency
|
154
|
-
name:
|
154
|
+
name: railties
|
155
155
|
requirement: !ruby/object:Gem::Requirement
|
156
156
|
requirements:
|
157
157
|
- - ">="
|
158
158
|
- !ruby/object:Gem::Version
|
159
|
-
version: '
|
159
|
+
version: '5.2'
|
160
|
+
- - "<"
|
161
|
+
- !ruby/object:Gem::Version
|
162
|
+
version: 7.1.0
|
160
163
|
type: :runtime
|
161
164
|
prerelease: false
|
162
165
|
version_requirements: !ruby/object:Gem::Requirement
|
163
166
|
requirements:
|
164
167
|
- - ">="
|
165
168
|
- !ruby/object:Gem::Version
|
166
|
-
version: '
|
169
|
+
version: '5.2'
|
170
|
+
- - "<"
|
171
|
+
- !ruby/object:Gem::Version
|
172
|
+
version: 7.1.0
|
173
|
+
- !ruby/object:Gem::Dependency
|
174
|
+
name: activesupport
|
175
|
+
requirement: !ruby/object:Gem::Requirement
|
176
|
+
requirements:
|
177
|
+
- - ">="
|
178
|
+
- !ruby/object:Gem::Version
|
179
|
+
version: '5.2'
|
180
|
+
- - "<"
|
181
|
+
- !ruby/object:Gem::Version
|
182
|
+
version: 7.1.0
|
183
|
+
type: :runtime
|
184
|
+
prerelease: false
|
185
|
+
version_requirements: !ruby/object:Gem::Requirement
|
186
|
+
requirements:
|
187
|
+
- - ">="
|
188
|
+
- !ruby/object:Gem::Version
|
189
|
+
version: '5.2'
|
190
|
+
- - "<"
|
191
|
+
- !ruby/object:Gem::Version
|
192
|
+
version: 7.1.0
|
167
193
|
- !ruby/object:Gem::Dependency
|
168
|
-
name:
|
194
|
+
name: actionpack
|
169
195
|
requirement: !ruby/object:Gem::Requirement
|
170
196
|
requirements:
|
171
197
|
- - ">="
|
172
198
|
- !ruby/object:Gem::Version
|
173
|
-
version: '5.
|
199
|
+
version: '5.2'
|
174
200
|
- - "<"
|
175
201
|
- !ruby/object:Gem::Version
|
176
|
-
version:
|
202
|
+
version: 7.1.0
|
177
203
|
type: :runtime
|
178
204
|
prerelease: false
|
179
205
|
version_requirements: !ruby/object:Gem::Requirement
|
180
206
|
requirements:
|
181
207
|
- - ">="
|
182
208
|
- !ruby/object:Gem::Version
|
183
|
-
version: '5.
|
209
|
+
version: '5.2'
|
184
210
|
- - "<"
|
185
211
|
- !ruby/object:Gem::Version
|
186
|
-
version:
|
212
|
+
version: 7.1.0
|
187
213
|
description: ''
|
188
214
|
email:
|
189
215
|
- modosc@users.noreply.github.com
|
@@ -198,7 +224,6 @@ files:
|
|
198
224
|
- ".rubocop.yml"
|
199
225
|
- ".rubocop_airbnb.yml"
|
200
226
|
- ".rubocop_todo.yml"
|
201
|
-
- ".travis.yml"
|
202
227
|
- Appraisals
|
203
228
|
- CHANGELOG.md
|
204
229
|
- Gemfile
|
@@ -209,11 +234,10 @@ files:
|
|
209
234
|
- bin/setup
|
210
235
|
- cloudflare-rails.gemspec
|
211
236
|
- gemfiles/.bundle/config
|
212
|
-
- gemfiles/rails_5.0.gemfile
|
213
|
-
- gemfiles/rails_5.1.gemfile
|
214
237
|
- gemfiles/rails_5.2.gemfile
|
215
238
|
- gemfiles/rails_6.0.gemfile
|
216
239
|
- gemfiles/rails_6.1.gemfile
|
240
|
+
- gemfiles/rails_7.0.gemfile
|
217
241
|
- lib/cloudflare/rails.rb
|
218
242
|
- lib/cloudflare/rails/railtie.rb
|
219
243
|
- lib/cloudflare/rails/version.rb
|
@@ -236,7 +260,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
236
260
|
- !ruby/object:Gem::Version
|
237
261
|
version: '0'
|
238
262
|
requirements: []
|
239
|
-
rubygems_version: 3.
|
263
|
+
rubygems_version: 3.2.22
|
240
264
|
signing_key:
|
241
265
|
specification_version: 4
|
242
266
|
summary: This gem configures Rails for CloudFlare so that request.ip and request.remote_ip
|
data/.travis.yml
DELETED