cloudflare-rails 0.1.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: aa44d2f1afb581fda6300182a71286d900e69097
+  data.tar.gz: 3427435d477646191a2b05e289e52e7dc8a9f036
+SHA512:
+  metadata.gz: f05254ee54a69a711e7e612f7e1ee029b25186efb04f693a199dc00bc1c991799e704419674827d15fd1cf49e047e0247595f839b290121332924c5f4ff79645
+  data.tar.gz: c2e048580350035589e53e0ababdf4bed4f5d693d383564adac879d2b08a10f8f66bdc3816d2acec5cd425a03fac273ac012b695b10130a9d7df6ac96cf6268f

data/.gitignore

@@ -0,0 +1,12 @@
+/.bundle/
+/.yardoc
+/Gemfile.lock
+/_yardoc/
+/coverage/
+/doc/
+/pkg/
+/spec/reports/
+/tmp/
+/log/
+.ruby-gemset
+.ruby-version

data/.rspec

@@ -0,0 +1,2 @@
+--format p
+--color

data/.travis.yml

@@ -0,0 +1,4 @@
+language: ruby
+rvm:
+  - 2.2.3
+before_install: gem install bundler -v 1.10.6

data/Gemfile

@@ -0,0 +1,4 @@
+source 'https://rubygems.org'
+
+# Specify your gem's dependencies in cloudflare-rails.gemspec
+gemspec

data/README.md

@@ -0,0 +1,39 @@
+# Cloudflare::Rails
+
+This gem correctly configures Rails for [CloudFlare](https://www.cloudflare.com) so that `request.remote_ip` / `request.ip` both work correctly.
+
+## Installation
+
+Add this line to your application's `Gemfile`:
+
+```ruby
+group :production
+  # or :staging or :beta or whatever environments you are using cloudflare in.
+  # you probably don't want this for :test or :development
+  gem 'cloudflare-rails'
+end
+```
+
+And then execute:
+
+    $ bundle
+
+## Usage
+
+This code will fetch CloudFlare's current [IPv4](https://www.cloudflare.com/ips-v4) and [IPv6](https://www.cloudflare.com/ips-v6) lists, store them in `Rails.cache`, and add them to `config.cloudflare.ips`.
+
+You can configure the HTTP `timeout` and `expires_in` cache parameters inside of your rails config:
+```
+config.cloudflare.expires_in = 12.hours # default value
+config.cloudfalre.timeout = 5.seconds # default value
+```
+
+## Development
+
+After checking out the repo, run `bin/setup` to install dependencies. Then, run `rake spec` to run the tests. You can also run `bin/console` for an interactive prompt that will allow you to experiment.
+
+To install this gem onto your local machine, run `bundle exec rake install`. To release a new version, update the version number in `version.rb`, and then run `bundle exec rake release`, which will create a git tag for the version, push git commits and tags, and push the `.gem` file to [rubygems.org](https://rubygems.org).
+
+## Contributing
+
+Bug reports and pull requests are welcome on GitHub at https://github.com/[USERNAME]/cloudflare-rails.

data/Rakefile

@@ -0,0 +1,6 @@
+require "bundler/gem_tasks"
+require "rspec/core/rake_task"
+
+RSpec::Core::RakeTask.new(:spec)
+
+task :default => :spec

data/bin/console

@@ -0,0 +1,14 @@
+#!/usr/bin/env ruby
+
+require "bundler/setup"
+require "cloudflare/rails"
+
+# You can add fixtures and/or initialization code here to make experimenting
+# with your gem easier. You can also use a different console, if you like.
+
+# (If you use this, don't forget to add pry to your Gemfile!)
+# require "pry"
+# Pry.start
+
+require "irb"
+IRB.start

data/bin/setup

@@ -0,0 +1,7 @@
+#!/bin/bash
+set -euo pipefail
+IFS=$'\n\t'
+
+bundle install
+
+# Do any other automated setup that you need to do here

data/cloudflare-rails.gemspec

@@ -0,0 +1,35 @@
+# coding: utf-8
+lib = File.expand_path('../lib', __FILE__)
+$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
+require 'cloudflare/rails/version'
+
+Gem::Specification.new do |spec|
+  spec.name          = "cloudflare-rails"
+  spec.version       = Cloudflare::Rails::VERSION
+  spec.authors       = ["jonathan schatz"]
+  spec.email         = ["modosc@users.noreply.github.com"]
+
+  spec.summary       = "This gem configures Rails for CloudFlare so that request.ip and request.remote_ip and work correctly."
+  spec.description   = ""
+  spec.homepage      = "https://github.com/modosc/cloudflare-rails"
+
+
+  spec.files         = `git ls-files -z`.split("\x0").reject { |f| f.match(%r{^(test|spec|features)/}) }
+  spec.bindir        = "exe"
+  spec.executables   = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
+  spec.require_paths = ["lib"]
+
+  spec.add_development_dependency "bundler", "~> 1.10"
+  spec.add_development_dependency "rake", "~> 10.0"
+  spec.add_development_dependency "rspec"
+  spec.add_development_dependency "rspec-rails"
+
+  spec.add_development_dependency "webmock"
+
+  # TODO - no idea if this is 4.x specific, should test with older versions
+  spec.add_dependency "rails", "~> 4.0"
+  spec.add_dependency 'httparty'
+
+  # we need Module#prepend
+  spec.required_ruby_version = '>= 2.0'
+end

data/lib/cloudflare/rails.rb

@@ -0,0 +1,11 @@
+require "cloudflare/rails/version"
+require "httparty"
+
+module Cloudflare
+  module Rails
+  
+
+  end
+end
+
+require "cloudflare/rails/railtie"

data/lib/cloudflare/rails/railtie.rb

@@ -0,0 +1,174 @@
+require "httparty"
+
+module Cloudflare
+  module Rails
+    class Railtie < ::Rails::Railtie
+
+      # patch rack::request to use our cloudflare ips - this way request.ip is
+      # correct inside of rack and rails
+      module CheckTrustedProxies
+        def trusted_proxy?(ip)
+          ::Rails.application.config.cloudflare.ips.any?{ |proxy| proxy === ip } || super
+        end
+      end
+
+      Rack::Request.prepend CheckTrustedProxies
+
+      # patch ActionDispatch::RemoteIP to use our cloudflare ips - this way
+      # request.remote_ip is correct inside of rails
+      module RemoteIpProxies
+        def proxies
+          super + ::Rails.application.config.cloudflare.ips
+        end
+      end
+
+      ActionDispatch::RemoteIp.prepend RemoteIpProxies
+
+      class Importer
+        include HTTParty
+        base_uri 'https://www.cloudflare.com'
+        follow_redirects true
+        default_options.update(verify: true)
+
+        class ResponseError < HTTParty::ResponseError; end
+
+        IPS_V4_URL = '/ips-v4'
+        IPS_V6_URL = '/ips-v6'
+
+        class << self
+          def ips_v6
+            fetch IPS_V6_URL
+          end
+
+          def ips_v4
+            fetch IPS_V4_URL
+          end
+
+          def fetch(url)
+            resp = get url, timeout: ::Rails.application.config.cloudflare.timeout
+            if resp.success?
+              resp.body.split("\n").reject(&:blank?).map{|ip| IPAddr.new ip}
+            else
+              raise ResponseError.new(resp.response)
+            end
+          end
+
+          def fetch_with_cache(type)
+            ::Rails.cache.fetch("cloudflare-rails:#{type}", expires_in: ::Rails.application.config.cloudflare.expires_in) do
+              self.send type
+            end
+          end
+
+
+        end
+      end
+
+      # setup defaults before we configure our app. 
+      DEFAULTS = {
+        expires_in: 12.hours,
+        timeout: 5.seconds,
+        ips: Array.new
+      }
+
+      config.before_configuration do |app|
+        app.config.cloudflare = ActiveSupport::OrderedOptions.new
+        app.config.cloudflare.reverse_merge! DEFAULTS
+      end
+
+      # we set config.cloudflare.ips after_initialize so that our cache will
+      # be correctly setup. we rescue and log errors so that failures won't prevent
+      # rails from booting
+      config.after_initialize do |app|
+        [:ips_v4, :ips_v6].each do |type|
+          begin
+            ::Rails.application.config.cloudflare.ips += Importer.fetch_with_cache(type)
+          rescue Importer::ResponseError => e
+            ::Rails.logger.error "Cloudflare::Rails: Couldn't import #{type} blocks from CloudFlare: #{e.response}"
+          rescue => e
+            ::Rails.logger.error "Cloudflare::Rails: Got exception: #{e} for type:#{type}"
+          end
+        end
+
+      end
+    end
+  end
+end
+        # bail if ActionDispatch::RemoteIp isn't already loaded
+        # if app.config.middleware.middlewares.exclude? ActionDispatch::RemoteIp
+        #   ::Rails.logger.error "Couldn't find ActionDispatch::RemoteIp middleware, skipping CloudFlare::Rails initialization"
+        #   return false
+        # end
+
+
+        # change our default timeout if specified
+      #  default_timeout app.config.cloudflare.timeout if app.config.cloudflare.timeout.present?
+
+        #cf_config = app.config.cloudflare.reverse_merge Importer::DEFAULT_CONFIG
+
+#        Importer.default_timeout Config.config
+
+
+        # caching is here so that we have app.config.cloudflare in scope - i
+        # suppose we could move this into fetch and take expires_in as a
+        # param?
+
+        # cloudflare_ips += ::Rails.cache.fetch("cloudflare-rails:ip_v4", expires_in: cf_config[:expires_in]) do
+        #   ip_v4
+        # end.map{|ip| IPAddr.new ip }
+        #
+        # cloudflare_ips += ::Rails.cache.fetch("cloudflare-rails:ip_v6", expires_in: cf_config[:expires_in]) do
+        #   ip_v6
+        # end.map{|ip| IPAddr.new "[#{ip}]" }
+#
+#         [:ips_v4, :ips_v6].each do |type|
+#           begin
+#             ips = ::Rails.cache.fetch("cloudflare-rails:#{type}", expires_in: cf_config[:expires_in]) do
+#                     Importer.send type
+#                   end
+#             app.config.cloudflare.ips += ips if ips.present?
+#           rescue Importer::ResponseError => e
+#             ::Rails.logger.error "Cloudflare::Rails: Couldn't import #{type} blocks from CloudFlare: #{e.response}"
+#           rescue => e
+#             ::Rails.logger.error "Cloudflare::Rails: Got exception: #{e} for type:#{type}, cloudflare_ips: #{cloudflare_ips}"
+#           end
+#         end
+#
+#         if app.config.cloudflare.ips.present?
+#           # i don't know what uses these beyond ActionDispatch::RemoteIp (which
+#           # we are patching below) but we should go ahead and keep this in sync
+#           # anyway
+#           if app.config.action_dispatch.trusted_proxies.blank?
+#             # this behavior is copied from:
+#             #
+#             # https://github.com/rails/rails/blob/a59a9b7f729870de6c9282bd8e2a7ed7f86fc868/actionpack/lib/action_dispatch/middleware/remote_ip.rb#L76
+#             #
+#             # we want to make the addition of cloudflare_ips as transparent as
+#             # possible but by adding our array in we change the behavior of
+#             # ActionDispatch::RemoteIp
+#             app.config.action_dispatch.trusted_proxies = ActionDispatch::RemoteIp::TRUSTED_PROXIES + cloudflare_ips
+#           elsif app.config.action_dispatch.trusted_proxies.respond_to?(:any)
+#             app.config.action_dispatch.trusted_proxies += app.config.cloudflare.ips
+#           else
+#             app.config.action_dispatch.trusted_proxies = Array(app.config.action_dispatch.trusted_proxies) + ActionDispatch::RemoteIp::TRUSTED_PROXIES + app.config.cloudflare.ips
+#           end
+#
+#           # now we have to patch ActionDispatch::RemoteIp since by the time we
+#           # get here it's already been configured and initialized and we can't
+#           # easily mess around with the middleware stack.
+#           remote_ip_patch = Module.new
+#
+#           remote_ip_patch.instance_eval do
+#             define_method :proxies do
+#               @proxies + app.config.cloudflare.ips
+#             end
+#           end
+#
+#           # remote_ip_patch.const_set :CLOUDFLARE_IPS, cloudflare_ips
+#           # pp "remote_ip_patch.constants is #{remote_ip_patch.constants}"
+#           ActionDispatch::RemoteIp.prepend remote_ip_patch
+# #          pp ActionDispatch::RemoteIp::CLOUDFLARE_IPS
+#         end
+#       end
+#     end
+#   end
+# end

data/lib/cloudflare/rails/version.rb

@@ -0,0 +1,5 @@
+module Cloudflare
+  module Rails
+    VERSION = "0.1.0"
+  end
+end

metadata

@@ -0,0 +1,154 @@
+--- !ruby/object:Gem::Specification
+name: cloudflare-rails
+version: !ruby/object:Gem::Version
+  version: 0.1.0
+platform: ruby
+authors:
+- jonathan schatz
+autorequire: 
+bindir: exe
+cert_chain: []
+date: 2016-01-28 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: bundler
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.10'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.10'
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '10.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '10.0'
+- !ruby/object:Gem::Dependency
+  name: rspec
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: rspec-rails
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: webmock
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: rails
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '4.0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '4.0'
+- !ruby/object:Gem::Dependency
+  name: httparty
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+description: ''
+email:
+- modosc@users.noreply.github.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- ".gitignore"
+- ".rspec"
+- ".travis.yml"
+- Gemfile
+- README.md
+- Rakefile
+- bin/console
+- bin/setup
+- cloudflare-rails.gemspec
+- lib/cloudflare/rails.rb
+- lib/cloudflare/rails/railtie.rb
+- lib/cloudflare/rails/version.rb
+homepage: https://github.com/modosc/cloudflare-rails
+licenses: []
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '2.0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.4.8
+signing_key: 
+specification_version: 4
+summary: This gem configures Rails for CloudFlare so that request.ip and request.remote_ip
+  and work correctly.
+test_files: []