cloudflare-rails 4.1.0 → 5.0.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 60ed180dedad2fcf57532cced88e34d37be0add173ab41d14265b26a19f708d8
-  data.tar.gz: 38032a3aa5e0e8050b57d46d6959a08ae3a6b8535441a1e1cd5192b53d26db50
+  metadata.gz: f4d8ab5a9f56ae053e1647298c77b9a1616834b89d72467d09938f27ea9063d6
+  data.tar.gz: 123877f4dfc33b4c276cbfa91a718e14e9d92f8244ea618e21c12b57a84b203c
 SHA512:
-  metadata.gz: 83e0c04af97a4cdd8376ab8d7fe32453b36564d23807c15b3d3e753b7e0b6ab18f161148f4817ea1c62fa48931826b2809b09bf26b1e492051399f07811b1185
-  data.tar.gz: dc2376bf386241d45c92924db349cb6c8e7716eba1c10cf04460ed48f0679ffb52d72b7e1321cce5110f4bb6e93e7b911151676b8dcea359090fb024b51dba81
+  metadata.gz: b2814703b862fd8c88e89a40fa4d84dfcf1b71e2b90d823a74d450f54a69edc3ea14e0056f0442dcca837a460d4c253b21fa6e156b21d72148b53d47723b39ab
+  data.tar.gz: 66a1dbe16f14fce0562e34b4a694fc681299014afcf4d20785ea58467cc932e382c5df57a461e2cfc928c7a7aebe7ff524b29d020d759778ca2680b5ea153655

data/.github/workflows/ruby.yml

@@ -0,0 +1,55 @@
+# This workflow uses actions that are not certified by GitHub.
+# They are provided by a third-party and are governed by
+# separate terms of service, privacy policy, and support
+# documentation.
+# This workflow will download a prebuilt Ruby version, install dependencies and run tests with Rake
+# For more information see: https://github.com/marketplace/actions/setup-ruby-jruby-and-truffleruby
+
+name: Ruby
+
+on:
+  pull_request:
+    branches: [main]
+
+jobs:
+  test:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - uses: ruby/setup-ruby@v1
+        with:
+          ruby-version: "3.2" # Not needed with a .ruby-version file
+      - uses: actions/cache@v3
+        with:
+          path: vendor/bundle
+          key: ${{ runner.os }}-gems-${{ hashFiles('**/cloudflare-rails.gemspec') }}
+          restore-keys: |
+            ${{ runner.os }}-gems-
+      - name: Bundle install
+        run: |
+          bundle config path vendor/bundle
+          bundle install --jobs 4 --retry 3
+      - name: Appraisal install
+        run: |
+          bundle exec appraisal install
+      - name: Run tests
+        run: bundle exec appraisal rake
+  lint:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - uses: ruby/setup-ruby@v1
+        with:
+          ruby-version: "3.2" # Not needed with a .ruby-version file
+      - uses: actions/cache@v3
+        with:
+          path: vendor/bundle
+          key: ${{ runner.os }}-gems-${{ hashFiles('**/cloudflare-rails.gemspec') }}
+          restore-keys: |
+            ${{ runner.os }}-gems-
+      - name: Bundle install
+        run: |
+          bundle config path vendor/bundle
+          bundle install --jobs 4 --retry 3
+      - name: Rubocop
+        run: bundle exec rubocop

data/.rubocop.yml

@@ -1,6 +1,17 @@
 inherit_from:
-  - .rubocop_airbnb.yml
   - .rubocop_todo.yml
+require:
+  - rubocop-rails
+  - rubocop-performance
+  - rubocop-rspec
+
 AllCops:
   NewCops: enable
+  TargetRubyVersion: 2.5
   SuggestExtensions: false
+
+Style/Documentation:
+  Enabled: false
+
+Gemspec/DevelopmentDependencies:
+  Enabled: false

data/.rubocop_todo.yml

@@ -1,51 +1,174 @@
 # This configuration was generated by
 # `rubocop --auto-gen-config`
-# on 2022-04-14 23:18:15 UTC using RuboCop version 0.93.1.
+# on 2023-12-11 04:03:08 UTC using RuboCop version 1.58.0.
 # The point is for the user to remove these configuration records
 # one by one as the offenses are removed from the code base.
 # Note that changes in the inspected code, or installation of new
 # versions of RuboCop, may require this file to be generated again.
 
-# Offense count: 4
-# Cop supports --auto-correct.
-Layout/MultilineBlockLayout:
+# Offense count: 1
+# Configuration parameters: AllowedMethods.
+# AllowedMethods: enums
+Lint/ConstantDefinitionInBlock:
   Exclude:
     - 'spec/cloudflare/rails_spec.rb'
 
-# Offense count: 4
-# Cop supports --auto-correct.
-# Configuration parameters: EnforcedStyleForEmptyBraces, SpaceBeforeBlockParameters.
-# SupportedStyles: space, no_space
-# SupportedStylesForEmptyBraces: space, no_space
-Layout/SpaceInsideBlockBraces:
-  EnforcedStyle: space
+# Offense count: 1
+# This cop supports unsafe autocorrection (--autocorrect-all).
+# Configuration parameters: AllowedMethods.
+# AllowedMethods: instance_of?, kind_of?, is_a?, eql?, respond_to?, equal?, presence, present?
+Lint/RedundantSafeNavigation:
+  Exclude:
+    - 'spec/cloudflare/rails_spec.rb'
+
+# Offense count: 1
+# Configuration parameters: AllowComments, AllowNil.
+Lint/SuppressedException:
+  Exclude:
+    - 'lib/cloudflare_rails/check_trusted_proxies.rb'
 
 # Offense count: 1
-# Cop supports --auto-correct.
+# Configuration parameters: AllowedMethods, AllowedPatterns, CountRepeatedAttributes.
+Metrics/AbcSize:
+  Max: 18
+
+# Offense count: 2
+# Configuration parameters: CountComments, CountAsOne, AllowedMethods, AllowedPatterns.
+Metrics/MethodLength:
+  Max: 11
+
+# Offense count: 2
+# Configuration parameters: ForbiddenDelimiters.
+# ForbiddenDelimiters: (?i-mx:(^|\s)(EO[A-Z]{1}|END)(\s|$))
+Naming/HeredocDelimiterNaming:
+  Exclude:
+    - 'lib/cloudflare_rails/fallback_ips.rb'
+
+# Offense count: 3
+RSpec/AnyInstance:
+  Exclude:
+    - 'spec/cloudflare/rails_spec.rb'
+
+# Offense count: 1
+# Configuration parameters: Prefixes, AllowedPatterns.
+# Prefixes: when, with, without
+RSpec/ContextWording:
+  Exclude:
+    - 'spec/cloudflare/rails_spec.rb'
+
+# Offense count: 2
+# This cop supports safe autocorrection (--autocorrect).
+# Configuration parameters: CustomTransform, IgnoredWords, DisallowedExamples.
+# DisallowedExamples: works
+RSpec/ExampleWording:
+  Exclude:
+    - 'spec/cloudflare/rails_spec.rb'
+
+# Offense count: 1
+# Configuration parameters: Include, CustomTransform, IgnoreMethods, SpecSuffixOnly.
+# Include: **/*_spec*rb*, **/spec/**/*
+RSpec/FilePath:
+  Exclude:
+    - 'spec/cloudflare/rails_spec.rb'
+
+# Offense count: 1
+RSpec/LeakyConstantDeclaration:
+  Exclude:
+    - 'spec/cloudflare/rails_spec.rb'
+
+# Offense count: 5
+RSpec/MultipleExpectations:
+  Max: 2
+
+# Offense count: 15
+# Configuration parameters: AllowSubject.
+RSpec/MultipleMemoizedHelpers:
+  Max: 14
+
+# Offense count: 3
+# Configuration parameters: EnforcedStyle, IgnoreSharedExamples.
+# SupportedStyles: always, named_only
+RSpec/NamedSubject:
+  Exclude:
+    - 'spec/cloudflare/rails_spec.rb'
+
+# Offense count: 16
+# Configuration parameters: AllowedGroups.
+RSpec/NestedGroups:
+  Max: 6
+
+# Offense count: 1
+# Configuration parameters: Include, CustomTransform, IgnoreMethods, IgnoreMetadata.
+# Include: **/*_spec.rb
+RSpec/SpecFilePathFormat:
+  Exclude:
+    - 'spec/cloudflare/rails_spec.rb'
+
+# Offense count: 1
+# This cop supports unsafe autocorrection (--autocorrect-all).
 Rails/ApplicationController:
   Exclude:
     - 'spec/cloudflare/rails_spec.rb'
 
 # Offense count: 1
-# Cop supports --auto-correct.
-Rails/NegateInclude:
+# This cop supports unsafe autocorrection (--autocorrect-all).
+Rails/CompactBlank:
+  Exclude:
+    - 'lib/cloudflare_rails/importer.rb'
+
+# Offense count: 3
+# This cop supports unsafe autocorrection (--autocorrect-all).
+# Configuration parameters: Include.
+# Include: **/Rakefile, **/*.rake
+Rails/RakeEnvironment:
+  Exclude:
+    - 'Rakefile'
+
+# Offense count: 1
+# This cop supports safe autocorrection (--autocorrect).
+# Configuration parameters: AllowOnConstant, AllowOnSelfClass.
+Style/CaseEquality:
   Exclude:
-    - 'lib/cloudflare/rails/railtie.rb'
+    - 'lib/cloudflare_rails/check_trusted_proxies.rb'
+
+# Offense count: 2
+# This cop supports safe autocorrection (--autocorrect).
+# Configuration parameters: MaxUnannotatedPlaceholdersAllowed, AllowedMethods, AllowedPatterns.
+# SupportedStyles: annotated, template, unannotated
+# AllowedMethods: redirect
+Style/FormatStringToken:
+  EnforcedStyle: unannotated
 
-# Offense count: 4
-# Cop supports --auto-correct.
-# Configuration parameters: EnforcedStyle, ProceduralMethods, FunctionalMethods, IgnoredMethods, AllowBracesOnProceduralOneLiners, BracesRequiredMethods.
-# SupportedStyles: line_count_based, semantic, braces_for_chaining
-# ProceduralMethods: benchmark, bm, bmbm, create, each_with_object, measure, new, realtime, tap, with_object
-# FunctionalMethods: let, let!, subject, watch
-# IgnoredMethods: lambda, proc, it
-Style/BlockDelimiters:
+# Offense count: 15
+# This cop supports unsafe autocorrection (--autocorrect-all).
+# Configuration parameters: EnforcedStyle.
+# SupportedStyles: always, always_true, never
+Style/FrozenStringLiteralComment:
   Exclude:
+    - 'Appraisals'
+    - 'Gemfile'
+    - 'Rakefile'
+    - 'cloudflare-rails.gemspec'
+    - 'gemfiles/rails_6.1.gemfile'
+    - 'gemfiles/rails_7.0.gemfile'
+    - 'gemfiles/rails_7.1.gemfile'
+    - 'lib/cloudflare_rails.rb'
+    - 'lib/cloudflare_rails/check_trusted_proxies.rb'
+    - 'lib/cloudflare_rails/importer.rb'
+    - 'lib/cloudflare_rails/railtie.rb'
+    - 'lib/cloudflare_rails/remote_ip_proxies.rb'
+    - 'lib/cloudflare_rails/version.rb'
     - 'spec/cloudflare/rails_spec.rb'
+    - 'spec/spec_helper.rb'
+
+# Offense count: 1
+Style/MultilineBlockChain:
+  Exclude:
+    - 'lib/cloudflare_rails/railtie.rb'
 
-# Offense count: 9
-# Cop supports --auto-correct.
-# Configuration parameters: AutoCorrect, AllowHeredoc, AllowURI, URISchemes, IgnoreCopDirectives, IgnoredPatterns.
+# Offense count: 2
+# This cop supports safe autocorrection (--autocorrect).
+# Configuration parameters: AllowHeredoc, AllowURI, URISchemes, IgnoreCopDirectives, AllowedPatterns.
 # URISchemes: http, https
 Layout/LineLength:
   Max: 126

data/Appraisals

@@ -1,11 +1,11 @@
-appraise "rails-6.1" do
-  gem "rails", "~> 6.1.0"
+appraise 'rails-6.1' do
+  gem 'rails', '~> 6.1.0'
 end
 
-appraise "rails-7.0" do
-  gem "rails", "~> 7.0.0"
+appraise 'rails-7.0' do
+  gem 'rails', '~> 7.0.0'
 end
 
-appraise "rails-7.1" do
-  gem "rails", "~> 7.1.0"
+appraise 'rails-7.1' do
+  gem 'rails', '~> 7.1.0'
 end

data/CHANGELOG.md

@@ -4,6 +4,14 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## [5.0.0] - 2023-12-15
+### Breaking Changes
+- Change namespace from `Cloudflare::Rails` to `CloudflareRails`. This avoids issues with the [cloudflare](https://github.com/socketry/cloudflare) gem as well as the global `Rails` namespace.
+- A static set of Cloudflare IP addresses will now be used as a fallback value in the case of Cloudflare API failures. These will not be stored in `Rails.cache` so each subsequent result will retry the Cloudflare calls. Once one suceeds the response will be cached and used.
+
+### Added
+- Use `zeitwerk` to manage file loading.
+
 ## [4.1.0] - 2023-10-06
 - Add support for `rails` version `7.1.0`
 

data/README.md

@@ -1,4 +1,4 @@
-# Cloudflare::Rails [![Gem Version](https://badge.fury.io/rb/cloudflare-rails.svg)](https://badge.fury.io/rb/cloudflare-rails) [![CircleCI](https://circleci.com/gh/modosc/cloudflare-rails/tree/main.svg?style=shield)](https://circleci.com/gh/modosc/cloudflare-rails/tree/main)
+# CloudflareRails [![Gem Version](https://badge.fury.io/rb/cloudflare-rails.svg)](https://badge.fury.io/rb/cloudflare-rails)
 This gem correctly configures Rails for [CloudFlare](https://www.cloudflare.com) so that `request.remote_ip` / `request.ip` both work correctly.
 
 ## Rails Compatibility
@@ -36,9 +36,17 @@ Using Cloudflare means it's hard to identify the IP address of incoming requests
 
 `cloudflare-rails` mitigates this attack by checking that the originating ip address of any incoming connection is from one of Cloudflare's ip address ranges. If so, the incoming `X-Forwarded-For` header is trusted and used as the ip address provided to `rack` and `rails` (via `request.ip` and `request.remote_ip`). If the incoming connection does not originate from a Cloudflare server then the `X-Forwarded-For` header is ignored and the actual remote ip address is used.
 
-## Usage
-This code will fetch CloudFlare's current [IPv4](https://www.cloudflare.com/ips-v4) and [IPv6](https://www.cloudflare.com/ips-v6) lists, store them in `Rails.cache`, and add them to `config.cloudflare.ips`. The `X-Forwarded-For` header will then be trusted only from those ip addresses.
+## How it works
+This code fetches and caches CloudFlare's current [IPv4](https://www.cloudflare.com/ips-v4) and [IPv6](https://www.cloudflare.com/ips-v6) lists. It then patches `Rack::Request::Helpers` and `ActionDispatch::RemoteIP` to treat these addresses as trusted proxies. The `X-Forwarded-For` header will then be trusted only from those ip addresses.
+
+### Why not use `config.action_dispatch.trusted_proxies` or `Rack::Request.ip_filter?`
+By default Rails includes the [ActionDispatch::RemoteIp](https://api.rubyonrails.org/classes/ActionDispatch/RemoteIp.html) middleware. This middleware uses a default list of [trusted proxies](https://github.com/rails/rails/blob/6b93fff8af32ef5e91f4ec3cfffb081d0553faf0/actionpack/lib/action_dispatch/middleware/remote_ip.rb#L36C5-L42). Any values from `config.action_dispatch.trusted_proxies` are appended to this list. If you were to set `config.action_dispatch.trusted_proxies` to the current list of Cloudflare IP addresses `request.remote_ip` would work correctly.
+
+Unfortunately this does not fix `request.ip`. This method comes from the [Rack::Request](https://github.com/rack/rack/blob/main/lib/rack/request.rb) middleware. It has a separate implementation of [trusted proxies](https://github.com/rack/rack/blob/main/lib/rack/request.rb#L48-L56) and [ip filtering](https://github.com/rack/rack/blob/main/lib/rack/request.rb#L58C1-L59C1). The only way to use a different implementation is to set `Rack::Request.ip_filter` which expects a callable value. Providing a new one will override the old one so you'd lose the default values (all of which should be there). Those values aren't exported anywhere so your callable would now have to maintain _that_ list on top of the Cloudflare IPs.
 
+These issues are why this gem patches both `Rack::Request::Helpers` and `ActionDispatch::RemoteIP` rather than using the built-in configuration methods.
+
+## Usage
 You can configure the HTTP `timeout` and `expires_in` cache parameters inside of your rails config:
 ```ruby
 config.cloudflare.expires_in = 12.hours # default value

data/Rakefile

@@ -1,24 +1,24 @@
-require "bundler/gem_tasks"
-require "rspec/core/rake_task"
+require 'bundler/gem_tasks'
+require 'rspec/core/rake_task'
 
 RSpec::Core::RakeTask.new(:spec)
 
 task :without_rack_attack do
   ENV.delete 'RACK_ATTACK'
-  Rake::Task["spec"].reenable
-  Rake::Task["spec"].invoke
+  Rake::Task['spec'].reenable
+  Rake::Task['spec'].invoke
 end
 
 task :with_rack_attack_first do
   ENV['RACK_ATTACK'] = 'first'
-  Rake::Task["spec"].reenable
-  Rake::Task["spec"].invoke
+  Rake::Task['spec'].reenable
+  Rake::Task['spec'].invoke
 end
 
 task :with_rack_attack_last do
   ENV['RACK_ATTACK'] = 'last'
-  Rake::Task["spec"].reenable
-  Rake::Task["spec"].invoke
+  Rake::Task['spec'].reenable
+  Rake::Task['spec'].invoke
 end
 
-task :default => [:without_rack_attack, :with_rack_attack_first, :with_rack_attack_last]
+task default: %i[without_rack_attack with_rack_attack_first with_rack_attack_last]

data/cloudflare-rails.gemspec

@@ -1,40 +1,42 @@
-# coding: utf-8
-
-lib = File.expand_path('../lib', __FILE__)
+lib = File.expand_path('lib', __dir__)
 $LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
-require 'cloudflare/rails/version'
+require 'cloudflare_rails/version'
 
 Gem::Specification.new do |spec|
-  spec.name          = "cloudflare-rails"
-  spec.version       = Cloudflare::Rails::VERSION
-  spec.authors       = ["jonathan schatz"]
-  spec.email         = ["modosc@users.noreply.github.com"]
-
-  spec.summary       = "This gem configures Rails for CloudFlare so that request.ip and request.remote_ip and work correctly."
-  spec.description   = ""
-  spec.homepage      = "https://github.com/modosc/cloudflare-rails"
-  spec.license       = "MIT"
+  spec.name          = 'cloudflare-rails'
+  spec.version       = CloudflareRails::VERSION
+  spec.authors       = ['jonathan schatz']
+  spec.email         = ['modosc@users.noreply.github.com']
+  spec.summary       = 'This gem configures Rails for CloudFlare so that request.ip and request.remote_ip and work correctly.'
+  spec.description   = ''
+  spec.homepage      = 'https://github.com/modosc/cloudflare-rails'
+  spec.license       = 'MIT'
 
   spec.files         = `git ls-files -z`.split("\x0").reject { |f| f.match(%r{^(test|spec|features)/}) }
-  spec.bindir        = "exe"
+  spec.bindir        = 'exe'
   spec.executables   = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
-  spec.require_paths = ["lib"]
+  spec.require_paths = ['lib']
 
-  spec.add_development_dependency "bundler", ">= 2.1.2"
-  spec.add_development_dependency "rake", "~> 13.0.1"
-  spec.add_development_dependency "rspec_junit_formatter", "~> 0.6.0"
-  spec.add_development_dependency "rspec-rails", "~> 6.0.0"
-  spec.add_development_dependency "rspec", "~> 3.12.0"
-  spec.add_development_dependency "rubocop-airbnb", "~> 6.0.0"
-  spec.add_development_dependency "webmock", "~> 3.19.1"
-  spec.add_development_dependency "rack-attack", "~> 6.7.0"
-  spec.add_development_dependency "pry-byebug"
-  spec.add_development_dependency "appraisal", "~> 2.5.0"
+  spec.add_development_dependency 'appraisal', '~> 2.5.0'
+  spec.add_development_dependency 'bundler', '>= 2.1.2'
+  spec.add_development_dependency 'pry-byebug'
+  spec.add_development_dependency 'rack-attack', '~> 6.7.0'
+  spec.add_development_dependency 'rake', '~> 13.1.0'
+  spec.add_development_dependency 'rspec', '~> 3.12.0'
+  spec.add_development_dependency 'rspec_junit_formatter', '~> 0.6.0'
+  spec.add_development_dependency 'rspec-rails', '~> 6.1.0'
+  spec.add_development_dependency 'rubocop', '~> 1.58.0'
+  spec.add_development_dependency 'rubocop-performance', '~> 1.19.1'
+  spec.add_development_dependency 'rubocop-rails', '~> 2.22.2'
+  spec.add_development_dependency 'rubocop-rspec', '~> 2.25.0'
+  spec.add_development_dependency 'webmock', '~> 3.19.1'
 
-  spec.add_dependency "railties", ">= 6.1", "< 7.2.0"
-  spec.add_dependency "activesupport", ">= 6.1", "< 7.2.0"
-  spec.add_dependency "actionpack", ">= 6.1", "< 7.2.0"
+  spec.add_dependency 'actionpack', '>= 6.1', '< 7.2.0'
+  spec.add_dependency 'activesupport', '>= 6.1', '< 7.2.0'
+  spec.add_dependency 'railties', '>= 6.1', '< 7.2.0'
+  spec.add_dependency 'zeitwerk', '>= 2.5.0'
 
-  # we need Module#prepend
-  spec.required_ruby_version = '>= 2.0'
+  # rails 6.1 lists this as the minimum
+  spec.required_ruby_version = '>= 2.5.0'
+  spec.metadata['rubygems_mfa_required'] = 'true'
 end

data/gemfiles/rails_6.1.gemfile

@@ -1,7 +1,7 @@
 # This file was generated by Appraisal
 
-source "https://rubygems.org"
+source 'https://rubygems.org'
 
-gem "rails", "~> 6.1.0"
+gem 'rails', '~> 6.1.0'
 
-gemspec path: "../"
+gemspec path: '../'

data/gemfiles/rails_7.0.gemfile

@@ -1,7 +1,7 @@
 # This file was generated by Appraisal
 
-source "https://rubygems.org"
+source 'https://rubygems.org'
 
-gem "rails", "~> 7.0.0"
+gem 'rails', '~> 7.0.0'
 
-gemspec path: "../"
+gemspec path: '../'

data/gemfiles/rails_7.1.gemfile

@@ -1,7 +1,7 @@
 # This file was generated by Appraisal
 
-source "https://rubygems.org"
+source 'https://rubygems.org'
 
-gem "rails", "~> 7.1.0"
+gem 'rails', '~> 7.1.0'
 
-gemspec path: "../"
+gemspec path: '../'

data/lib/cloudflare_rails/check_trusted_proxies.rb

@@ -0,0 +1,13 @@
+module CloudflareRails
+  # patch rack::request::helpers to use our cloudflare ips - this way request.ip is
+  # correct inside of rack and rails
+  module CheckTrustedProxies
+    def trusted_proxy?(ip)
+      matching = Importer.cloudflare_ips.any? do |proxy|
+        proxy === ip
+      rescue IPAddr::InvalidAddressError
+      end
+      matching || super
+    end
+  end
+end

data/lib/cloudflare_rails/fallback_ips.rb

@@ -0,0 +1,41 @@
+# frozen_string_literal: true
+
+module CloudflareRails
+  module FallbackIps
+    # fetched from https://www.cloudflare.com/ips-v4/ on 2023-12-10
+    IPS_V4_BODY = <<~EOM
+      173.245.48.0/20
+      103.21.244.0/22
+      103.22.200.0/22
+      103.31.4.0/22
+      141.101.64.0/18
+      108.162.192.0/18
+      190.93.240.0/20
+      188.114.96.0/20
+      197.234.240.0/22
+      198.41.128.0/17
+      162.158.0.0/15
+      104.16.0.0/13
+      104.24.0.0/14
+      172.64.0.0/13
+      131.0.72.0/22
+    EOM
+
+    # convert our body into a list of IpAddrs
+    IPS_V4 = IPS_V4_BODY.split("\n").map { |ip| IPAddr.new ip }.freeze
+
+    # from https://www.cloudflare.com/ips-v6/ on 2023-12-10
+    IPS_V6_BODY = <<~EOM
+      2400:cb00::/32
+      2606:4700::/32
+      2803:f800::/32
+      2405:b500::/32
+      2405:8100::/32
+      2a06:98c0::/29
+      2c0f:f248::/32
+    EOM
+
+    # convert our body into a list of IpAddrs
+    IPS_V6 = IPS_V6_BODY.split("\n").map { |ip| IPAddr.new ip }.freeze
+  end
+end

data/lib/cloudflare_rails/importer.rb

@@ -0,0 +1,67 @@
+require 'net/http'
+require 'uri'
+
+module CloudflareRails
+  class Importer
+    # Exceptions contain the Net::HTTP
+    # response object accessible via the {#response} method.
+    class ResponseError < StandardError
+      # Returns the response of the last request
+      # @return [Net::HTTPResponse] A subclass of Net::HTTPResponse, e.g.
+      # Net::HTTPOK
+      attr_reader :response
+
+      # Instantiate an instance of ResponseError with a Net::HTTPResponse object
+      # @param [Net::HTTPResponse]
+      def initialize(response)
+        @response = response
+        super(response)
+      end
+    end
+
+    BASE_URL = 'https://www.cloudflare.com'.freeze
+    IPS_V4_URL = '/ips-v4/'.freeze
+    IPS_V6_URL = '/ips-v6/'.freeze
+
+    class << self
+      def ips_v6
+        fetch IPS_V6_URL
+      end
+
+      def ips_v4
+        fetch IPS_V4_URL
+      end
+
+      def fetch(url)
+        uri = URI("#{BASE_URL}#{url}")
+
+        resp = Net::HTTP.start(uri.host,
+                               uri.port,
+                               use_ssl: true,
+                               read_timeout: Rails.application.config.cloudflare.timeout) do |http|
+          req = Net::HTTP::Get.new(uri)
+
+          http.request(req)
+        end
+
+        raise ResponseError, resp unless resp.is_a?(Net::HTTPSuccess)
+
+        resp.body.split("\n").reject(&:blank?).map { |ip| IPAddr.new ip }
+      end
+
+      def fetch_with_cache(type)
+        Rails.cache.fetch("cloudflare-rails:#{type}", expires_in: Rails.application.config.cloudflare.expires_in) do
+          send type
+        end
+      end
+
+      def cloudflare_ips(refresh: false)
+        @ips = nil if refresh
+        @ips ||= (Importer.fetch_with_cache(:ips_v4) + Importer.fetch_with_cache(:ips_v6)).freeze
+      rescue StandardError => e
+        Rails.logger.error "cloudflare-rails: error fetching ip addresses from Cloudflare (#{e}), falling back to defaults"
+        CloudflareRails::FallbackIps::IPS_V4 + CloudflareRails::FallbackIps::IPS_V6
+      end
+    end
+  end
+end

data/lib/cloudflare_rails/railtie.rb

@@ -0,0 +1,29 @@
+require 'active_support/core_ext/integer/time'
+
+module CloudflareRails
+  class Railtie < Rails::Railtie
+    # setup defaults before we configure our app.
+    DEFAULTS = {
+      expires_in: 12.hours,
+      timeout: 5.seconds
+    }.freeze
+
+    config.before_configuration do |app|
+      app.config.cloudflare = ActiveSupport::OrderedOptions.new
+      app.config.cloudflare.reverse_merge! DEFAULTS
+    end
+
+    initializer 'cloudflare_rails.configure_rails_initialization' do
+      Rack::Request::Helpers.prepend CheckTrustedProxies
+
+      ObjectSpace.each_object(Class)
+                 .select do |c|
+        c.included_modules.include?(Rack::Request::Helpers) &&
+          c.included_modules.exclude?(CheckTrustedProxies)
+      end
+        .map { |c| c.prepend CheckTrustedProxies }
+
+      ActionDispatch::RemoteIp.prepend RemoteIpProxies
+    end
+  end
+end

data/lib/cloudflare_rails/remote_ip_proxies.rb

@@ -0,0 +1,9 @@
+module CloudflareRails
+  # patch ActionDispatch::RemoteIP to use our cloudflare ips - this way
+  # request.remote_ip is correct inside of rails
+  module RemoteIpProxies
+    def proxies
+      super + Importer.cloudflare_ips
+    end
+  end
+end

data/lib/cloudflare_rails/version.rb

@@ -0,0 +1,3 @@
+module CloudflareRails
+  VERSION = '5.0.0'.freeze
+end

data/lib/cloudflare_rails.rb

@@ -0,0 +1,7 @@
+require 'zeitwerk'
+loader = Zeitwerk::Loader.for_gem
+loader.setup
+loader.eager_load
+
+module CloudflareRails
+end

metadata

@@ -1,15 +1,29 @@
 --- !ruby/object:Gem::Specification
 name: cloudflare-rails
 version: !ruby/object:Gem::Version
-  version: 4.1.0
+  version: 5.0.0
 platform: ruby
 authors:
 - jonathan schatz
 autorequire:
 bindir: exe
 cert_chain: []
-date: 2023-10-06 00:00:00.000000000 Z
+date: 2023-12-15 00:00:00.000000000 Z
 dependencies:
+- !ruby/object:Gem::Dependency
+  name: appraisal
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 2.5.0
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 2.5.0
 - !ruby/object:Gem::Dependency
   name: bundler
   requirement: !ruby/object:Gem::Requirement
@@ -25,47 +39,47 @@ dependencies:
       - !ruby/object:Gem::Version
         version: 2.1.2
 - !ruby/object:Gem::Dependency
-  name: rake
+  name: pry-byebug
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
-        version: 13.0.1
+        version: '0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
-        version: 13.0.1
+        version: '0'
 - !ruby/object:Gem::Dependency
-  name: rspec_junit_formatter
+  name: rack-attack
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 0.6.0
+        version: 6.7.0
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 0.6.0
+        version: 6.7.0
 - !ruby/object:Gem::Dependency
-  name: rspec-rails
+  name: rake
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 6.0.0
+        version: 13.1.0
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 6.0.0
+        version: 13.1.0
 - !ruby/object:Gem::Dependency
   name: rspec
   requirement: !ruby/object:Gem::Requirement
@@ -81,77 +95,105 @@ dependencies:
       - !ruby/object:Gem::Version
         version: 3.12.0
 - !ruby/object:Gem::Dependency
-  name: rubocop-airbnb
+  name: rspec_junit_formatter
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 6.0.0
+        version: 0.6.0
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 6.0.0
+        version: 0.6.0
 - !ruby/object:Gem::Dependency
-  name: webmock
+  name: rspec-rails
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 3.19.1
+        version: 6.1.0
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 3.19.1
+        version: 6.1.0
 - !ruby/object:Gem::Dependency
-  name: rack-attack
+  name: rubocop
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 6.7.0
+        version: 1.58.0
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 6.7.0
+        version: 1.58.0
 - !ruby/object:Gem::Dependency
-  name: pry-byebug
+  name: rubocop-performance
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: '0'
+        version: 1.19.1
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: '0'
+        version: 1.19.1
 - !ruby/object:Gem::Dependency
-  name: appraisal
+  name: rubocop-rails
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 2.5.0
+        version: 2.22.2
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 2.5.0
+        version: 2.22.2
 - !ruby/object:Gem::Dependency
-  name: railties
+  name: rubocop-rspec
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 2.25.0
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 2.25.0
+- !ruby/object:Gem::Dependency
+  name: webmock
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 3.19.1
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 3.19.1
+- !ruby/object:Gem::Dependency
+  name: actionpack
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
@@ -191,7 +233,7 @@ dependencies:
       - !ruby/object:Gem::Version
         version: 7.2.0
 - !ruby/object:Gem::Dependency
-  name: actionpack
+  name: railties
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
@@ -210,6 +252,20 @@ dependencies:
     - - "<"
       - !ruby/object:Gem::Version
         version: 7.2.0
+- !ruby/object:Gem::Dependency
+  name: zeitwerk
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 2.5.0
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 2.5.0
 description: ''
 email:
 - modosc@users.noreply.github.com
@@ -217,12 +273,11 @@ executables: []
 extensions: []
 extra_rdoc_files: []
 files:
-- ".circleci/config.yml"
 - ".github/dependabot.yml"
+- ".github/workflows/ruby.yml"
 - ".gitignore"
 - ".rspec"
 - ".rubocop.yml"
-- ".rubocop_airbnb.yml"
 - ".rubocop_todo.yml"
 - ".ruby-version"
 - Appraisals
@@ -238,13 +293,18 @@ files:
 - gemfiles/rails_6.1.gemfile
 - gemfiles/rails_7.0.gemfile
 - gemfiles/rails_7.1.gemfile
-- lib/cloudflare/rails.rb
-- lib/cloudflare/rails/railtie.rb
-- lib/cloudflare/rails/version.rb
+- lib/cloudflare_rails.rb
+- lib/cloudflare_rails/check_trusted_proxies.rb
+- lib/cloudflare_rails/fallback_ips.rb
+- lib/cloudflare_rails/importer.rb
+- lib/cloudflare_rails/railtie.rb
+- lib/cloudflare_rails/remote_ip_proxies.rb
+- lib/cloudflare_rails/version.rb
 homepage: https://github.com/modosc/cloudflare-rails
 licenses:
 - MIT
-metadata: {}
+metadata:
+  rubygems_mfa_required: 'true'
 post_install_message:
 rdoc_options: []
 require_paths:
@@ -253,7 +313,7 @@ required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
-      version: '2.0'
+      version: 2.5.0
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="

data/.circleci/config.yml

@@ -1,54 +0,0 @@
-# Ruby CircleCI 2.0 configuration file
-#
-# Check https://circleci.com/docs/2.0/language-ruby/ for more details
-#
-version: 2
-jobs:
-  build:
-    docker:
-      # specify the version you desire here
-      - image: cimg/ruby:2.7
-
-    working_directory: ~/repo
-
-    steps:
-      - checkout
-
-      # Download and cache dependencies
-      - restore_cache:
-          keys:
-          - v1-dependencies-{{ checksum "cloudflare-rails.gemspec" }}-{{ checksum "Appraisals" }}
-          # fallback to using the latest cache if no exact match is found
-          - v1-dependencies-
-
-      - run:
-          name: install bundler
-          command: |
-            gem install bundler -v $(grep bundler cloudflare-rails.gemspec |awk {'print $4'}|sed 's/"//g')
-
-      - run:
-          name: install dependencies
-          command: |
-            bundle install --jobs=4 --retry=3 --path vendor/bundle
-
-      - run:
-          name: install appraisal versions
-          command: |
-            bundle exec appraisal install
-
-      - save_cache:
-          paths:
-            - ./vendor/bundle
-          key: v1-dependencies-{{ checksum "cloudflare-rails.gemspec" }}-{{ checksum "Appraisals" }}
-
-      # run tests!
-      - run:
-          name: run tests
-          command: |
-            bundle exec appraisal rake
-      # collect reports
-      - store_test_results:
-          path: tmp/rspec
-      - store_artifacts:
-          path: tmp/rspec
-          destination: test-results

data/.rubocop_airbnb.yml

@@ -1,2 +0,0 @@
-require:
-  - rubocop-airbnb

data/lib/cloudflare/rails/railtie.rb

@@ -1,117 +0,0 @@
-require "active_support/core_ext/integer/time"
-
-module Cloudflare
-  module Rails
-    class Railtie < ::Rails::Railtie
-      # patch rack::request::helpers to use our cloudflare ips - this way request.ip is
-      # correct inside of rack and rails
-      module CheckTrustedProxies
-        def trusted_proxy?(ip)
-          matching = Importer.cloudflare_ips.any? do |proxy|
-            proxy === ip
-          rescue IPAddr::InvalidAddressError
-          end
-          matching || super
-        end
-      end
-
-      # patch ActionDispatch::RemoteIP to use our cloudflare ips - this way
-      # request.remote_ip is correct inside of rails
-      module RemoteIpProxies
-        def proxies
-          super + Importer.cloudflare_ips
-        end
-      end
-
-      class Importer
-        # Exceptions contain the Net::HTTP
-        # response object accessible via the {#response} method.
-        class ResponseError < StandardError
-          # Returns the response of the last request
-          # @return [Net::HTTPResponse] A subclass of Net::HTTPResponse, e.g.
-          # Net::HTTPOK
-          attr_reader :response
-
-          # Instantiate an instance of ResponseError with a Net::HTTPResponse object
-          # @param [Net::HTTPResponse]
-          def initialize(response)
-            @response = response
-            super(response)
-          end
-        end
-
-        BASE_URL = 'https://www.cloudflare.com'.freeze
-        IPS_V4_URL = '/ips-v4/'.freeze
-        IPS_V6_URL = '/ips-v6/'.freeze
-
-        class << self
-          def ips_v6
-            fetch IPS_V6_URL
-          end
-
-          def ips_v4
-            fetch IPS_V4_URL
-          end
-
-          def fetch(url)
-            uri = URI("#{BASE_URL}#{url}")
-
-            resp = Net::HTTP.start(uri.host,
-                                   uri.port,
-                                   use_ssl: true,
-                                   read_timeout: ::Rails.application.config.cloudflare.timeout) do |http|
-              req = Net::HTTP::Get.new(uri)
-
-              http.request(req)
-            end
-
-            if resp.is_a?(Net::HTTPSuccess)
-              resp.body.split("\n").reject(&:blank?).map { |ip| IPAddr.new ip }
-            else
-              raise ResponseError, resp
-            end
-          end
-
-          def fetch_with_cache(type)
-            ::Rails.cache.fetch("cloudflare-rails:#{type}", expires_in: ::Rails.application.config.cloudflare.expires_in) do
-              send type
-            end
-          end
-
-          def cloudflare_ips(refresh: false)
-            @ips = nil if refresh
-            @ips ||= (Importer.fetch_with_cache(:ips_v4) + Importer.fetch_with_cache(:ips_v6)).freeze
-          rescue StandardError => e
-            ::Rails.logger.error(e)
-            []
-          end
-        end
-      end
-
-      # setup defaults before we configure our app.
-      DEFAULTS = {
-        expires_in: 12.hours,
-        timeout: 5.seconds,
-        ips: [],
-      }.freeze
-
-      config.before_configuration do |app|
-        app.config.cloudflare = ActiveSupport::OrderedOptions.new
-        app.config.cloudflare.reverse_merge! DEFAULTS
-      end
-
-      initializer "cloudflare_rails.configure_rails_initialization" do
-        Rack::Request::Helpers.prepend CheckTrustedProxies
-
-        ObjectSpace.each_object(Class).
-          select do |c|
-            c.included_modules.include?(Rack::Request::Helpers) &&
-            !c.included_modules.include?(CheckTrustedProxies)
-          end.
-          map { |c| c .prepend CheckTrustedProxies }
-
-        ActionDispatch::RemoteIp.prepend RemoteIpProxies
-      end
-    end
-  end
-end

data/lib/cloudflare/rails/version.rb

@@ -1,5 +0,0 @@
-module Cloudflare
-  module Rails
-    VERSION = "4.1.0".freeze
-  end
-end

data/lib/cloudflare/rails.rb

@@ -1,10 +0,0 @@
-require "cloudflare/rails/version"
-require 'net/http'
-require 'uri'
-
-module Cloudflare
-  module Rails
-  end
-end
-
-require "cloudflare/rails/railtie"