RubyGems - cloudflare-rails - Versions diffs - 6.0.0 → 6.1.0 - Mend

cloudflare-rails 6.0.0 → 6.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (15) hide show

checksums.yaml +4 -4
data/.rspec +0 -2
data/.rubocop_todo.yml +23 -40
data/Appraisals +1 -1
data/CHANGELOG.md +3 -0
data/README.md +20 -3
data/cloudflare-rails.gemspec +5 -6
data/gemfiles/rails_7.2.gemfile +1 -1
data/lib/cloudflare_rails/check_trusted_proxies.rb +22 -3
data/lib/cloudflare_rails/importer.rb +5 -3
data/lib/cloudflare_rails/railtie.rb +2 -0
data/lib/cloudflare_rails/remote_ip_proxies.rb +2 -0
data/lib/cloudflare_rails/version.rb +3 -1
data/lib/cloudflare_rails.rb +2 -0
metadata +12 -26

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: f52bcf9825a5051914653aa8b471e173896ca7b0345c88b30512a7f5ca5792ca
-  data.tar.gz: ddfe50aa060ef4971b9722658ae75dee9580ce1b2c028973f5caa877e370e7a3
+  metadata.gz: '079b27f2bb751ae57b6ba12fa77c04abe62900241146ad7163b5c1f354a6a7a5'
+  data.tar.gz: 820820c94a3e782deae3ed94d67d9cc145c976b0a82fa313ee448e8f29708e3b
 SHA512:
-  metadata.gz: ca4faedbdaf7f45af3212865abf420cdc1077bd9c0339f507425f3ce11a520101dedc9d8023b70bfe15d8c163fd6dd21d74a55f785255b95956bdb5fe6dbcc16
-  data.tar.gz: 1f7fe45788911c43bf9897e17b9a410615d8554e75cd0e6971dd81a398c0c1fa420ecb6c1c036a4b37d1604bdfcd5aa6d928c5a2ce07e7761c3628f3263c1360
+  metadata.gz: a50b5891b48031f1a8a92ebfd08d63f4196df71abb14b5b4d24ab283f81170e3a68c6e04440d27a4c6ad7180030125bbbcff94ba708590536407b72b836acf82
+  data.tar.gz: 1bbfa4fd1c77980454d38c76cb9c9ec1da912ada1460d0554d4b1da534a41c3e8e1022876b9090c6161223ecfcf61ddd1ce9868cd6654dab7eeba3b34fd81c06

data/.rspec CHANGED Viewed

@@ -1,4 +1,2 @@
 --format d
 --color
---format RspecJunitFormatter
---out tmp/rspec/rspec-<%= File.basename ENV['BUNDLE_GEMFILE'] %><%= ENV["RACK_ATTACK"]  ? "-rack-attack-#{ENV["RACK_ATTACK"]}" : '' %>.xml

data/.rubocop_todo.yml CHANGED Viewed

@@ -1,6 +1,6 @@
 # This configuration was generated by
 # `rubocop --auto-gen-config`
-# on 2023-12-16 21:20:23 UTC using RuboCop version 1.59.0.
+# on 2024-06-13 00:13:47 UTC using RuboCop version 1.64.1.
 # The point is for the user to remove these configuration records
 # one by one as the offenses are removed from the code base.
 # Note that changes in the inspected code, or installation of new
@@ -11,7 +11,7 @@
 # AllowedMethods: enums
 Lint/ConstantDefinitionInBlock:
   Exclude:
-    - 'spec/cloudflare/rails_spec.rb'
+    - "spec/cloudflare/rails_spec.rb"
 # Offense count: 1
 # This cop supports unsafe autocorrection (--autocorrect-all).
@@ -19,13 +19,13 @@ Lint/ConstantDefinitionInBlock:
 # AllowedMethods: instance_of?, kind_of?, is_a?, eql?, respond_to?, equal?, presence, present?
 Lint/RedundantSafeNavigation:
   Exclude:
-    - 'spec/cloudflare/rails_spec.rb'
+    - "spec/cloudflare/rails_spec.rb"
 # Offense count: 1
 # Configuration parameters: AllowComments, AllowNil.
 Lint/SuppressedException:
   Exclude:
-    - 'lib/cloudflare_rails/check_trusted_proxies.rb'
+    - "lib/cloudflare_rails/check_trusted_proxies.rb"
 # Offense count: 1
 # Configuration parameters: AllowedMethods, AllowedPatterns, CountRepeatedAttributes.
@@ -43,26 +43,26 @@ Metrics/MethodLength:
 # AllowedAcronyms: CLI, DSL, ACL, API, ASCII, CPU, CSS, DNS, EOF, GUID, HTML, HTTP, HTTPS, ID, IP, JSON, LHS, QPS, RAM, RHS, RPC, SLA, SMTP, SQL, SSH, TCP, TLS, TTL, UDP, UI, UID, UUID, URI, URL, UTF8, VM, XML, XMPP, XSRF, XSS
 Naming/FileName:
   Exclude:
-    - 'lib/cloudflare-rails.rb'
+    - "lib/cloudflare-rails.rb"
 # Offense count: 2
 # Configuration parameters: ForbiddenDelimiters.
 # ForbiddenDelimiters: (?i-mx:(^|\s)(EO[A-Z]{1}|END)(\s|$))
 Naming/HeredocDelimiterNaming:
   Exclude:
-    - 'lib/cloudflare_rails/fallback_ips.rb'
+    - "lib/cloudflare_rails/fallback_ips.rb"
 # Offense count: 3
 RSpec/AnyInstance:
   Exclude:
-    - 'spec/cloudflare/rails_spec.rb'
+    - "spec/cloudflare/rails_spec.rb"
 # Offense count: 1
 # Configuration parameters: Prefixes, AllowedPatterns.
 # Prefixes: when, with, without
 RSpec/ContextWording:
   Exclude:
-    - 'spec/cloudflare/rails_spec.rb'
+    - "spec/cloudflare/rails_spec.rb"
 # Offense count: 2
 # This cop supports safe autocorrection (--autocorrect).
@@ -70,19 +70,12 @@ RSpec/ContextWording:
 # DisallowedExamples: works
 RSpec/ExampleWording:
   Exclude:
-    - 'spec/cloudflare/rails_spec.rb'
-# Offense count: 1
-# Configuration parameters: Include, CustomTransform, IgnoreMethods, SpecSuffixOnly.
-# Include: **/*_spec*rb*, **/spec/**/*
-RSpec/FilePath:
-  Exclude:
-    - 'spec/cloudflare/rails_spec.rb'
+    - "spec/cloudflare/rails_spec.rb"
 # Offense count: 1
 RSpec/LeakyConstantDeclaration:
   Exclude:
-    - 'spec/cloudflare/rails_spec.rb'
+    - "spec/cloudflare/rails_spec.rb"
 # Offense count: 5
 RSpec/MultipleExpectations:
@@ -98,7 +91,7 @@ RSpec/MultipleMemoizedHelpers:
 # SupportedStyles: always, named_only
 RSpec/NamedSubject:
   Exclude:
-    - 'spec/cloudflare/rails_spec.rb'
+    - "spec/cloudflare/rails_spec.rb"
 # Offense count: 16
 # Configuration parameters: AllowedGroups.
@@ -110,19 +103,19 @@ RSpec/NestedGroups:
 # Include: **/*_spec.rb
 RSpec/SpecFilePathFormat:
   Exclude:
-    - 'spec/cloudflare/rails_spec.rb'
+    - "spec/cloudflare/rails_spec.rb"
 # Offense count: 1
 # This cop supports unsafe autocorrection (--autocorrect-all).
 Rails/ApplicationController:
   Exclude:
-    - 'spec/cloudflare/rails_spec.rb'
+    - "spec/cloudflare/rails_spec.rb"
 # Offense count: 1
 # This cop supports unsafe autocorrection (--autocorrect-all).
 Rails/CompactBlank:
   Exclude:
-    - 'lib/cloudflare_rails/importer.rb'
+    - "lib/cloudflare_rails/importer.rb"
 # Offense count: 3
 # This cop supports unsafe autocorrection (--autocorrect-all).
@@ -130,14 +123,14 @@ Rails/CompactBlank:
 # Include: **/Rakefile, **/*.rake
 Rails/RakeEnvironment:
   Exclude:
-    - 'Rakefile'
+    - "Rakefile"
 # Offense count: 1
 # This cop supports safe autocorrection (--autocorrect).
 # Configuration parameters: AllowOnConstant, AllowOnSelfClass.
 Style/CaseEquality:
   Exclude:
-    - 'lib/cloudflare_rails/check_trusted_proxies.rb'
+    - "lib/cloudflare_rails/check_trusted_proxies.rb"
 # Offense count: 2
 # This cop supports safe autocorrection (--autocorrect).
@@ -147,32 +140,22 @@ Style/CaseEquality:
 Style/FormatStringToken:
   EnforcedStyle: unannotated
-# Offense count: 15
+# Offense count: 13
 # This cop supports unsafe autocorrection (--autocorrect-all).
 # Configuration parameters: EnforcedStyle.
 # SupportedStyles: always, always_true, never
 Style/FrozenStringLiteralComment:
   Exclude:
-    - 'Appraisals'
-    - 'Gemfile'
-    - 'Rakefile'
-    - 'cloudflare-rails.gemspec'
-    - 'gemfiles/rails_6.1.gemfile'
-    - 'gemfiles/rails_7.0.gemfile'
-    - 'gemfiles/rails_7.1.gemfile'
-    - 'lib/cloudflare_rails.rb'
-    - 'lib/cloudflare_rails/check_trusted_proxies.rb'
-    - 'lib/cloudflare_rails/importer.rb'
-    - 'lib/cloudflare_rails/railtie.rb'
-    - 'lib/cloudflare_rails/remote_ip_proxies.rb'
-    - 'lib/cloudflare_rails/version.rb'
-    - 'spec/cloudflare/rails_spec.rb'
-    - 'spec/spec_helper.rb'
+    - "Appraisals"
+    - "Gemfile"
+    - "Rakefile"
+    - "cloudflare-rails.gemspec"
+    - "gemfiles/rails_7.1.gemfile"
 # Offense count: 1
 Style/MultilineBlockChain:
   Exclude:
-    - 'lib/cloudflare_rails/railtie.rb'
+    - "lib/cloudflare_rails/railtie.rb"
 # Offense count: 2
 # This cop supports safe autocorrection (--autocorrect).

data/Appraisals CHANGED Viewed

@@ -3,7 +3,7 @@ appraise 'rails-7.1' do
 end
 appraise 'rails-7.2' do
-  gem 'rails', github: 'rails/rails', branch: '7-2-stable'
+  gem 'rails', '~> 7.2.0'
 end
 appraise 'rails-8.0' do

data/CHANGELOG.md CHANGED Viewed

@@ -3,6 +3,9 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
+## [6.1.0]
+- Add cloudflare? method to determine if request passed through CF (https://github.com/modosc/cloudflare-rails/pull/149)
 ## [6.0.0] - 2024-06-12
 - Drop support for `rails` version `6.1` and `7.0`, new minimum version is `7.1.0` (https://github.com/modosc/cloudflare-rails/pull/142)
 - Bump minimum ruby version to `3.1.0` in preparation for `rails` version `7.2` (https://github.com/modosc/cloudflare-rails/pull/142)

data/README.md CHANGED Viewed

@@ -1,5 +1,5 @@
 # CloudflareRails [![Gem Version](https://badge.fury.io/rb/cloudflare-rails.svg)](https://badge.fury.io/rb/cloudflare-rails)
-This gem correctly configures Rails for [CloudFlare](https://www.cloudflare.com) so that `request.remote_ip` / `request.ip` both work correctly.
+This gem correctly configures Rails for [CloudFlare](https://www.cloudflare.com) so that `request.remote_ip` / `request.ip` both work correctly. It also exposes a `#cloudflare?` method on `Rack::Request`.
 ## Rails Compatibility
@@ -14,7 +14,6 @@ This gem requires `railties`, `activesupport`, and `actionpack` >= `7.1`. For ol
 | 5.1             | 2.0.0                      |
 | 5.0             | 2.0.0                      |
 | 4.2             | 0.1.0                      |
-| -----           | -------                    |
 ## Installation
@@ -48,13 +47,31 @@ Unfortunately this does not fix `request.ip`. This method comes from the [Rack::
 These issues are why this gem patches both `Rack::Request::Helpers` and `ActionDispatch::RemoteIP` rather than using the built-in configuration methods.
+## Prerequisites
+You must have a [`cache_store`](https://guides.rubyonrails.org/caching_with_rails.html#configuration) configured in your `rails` application.
 ## Usage
-You can configure the HTTP `timeout` and `expires_in` cache parameters inside of your rails config:
+You can configure the HTTP `timeout` and `expires_in` cache parameters inside of your `rails` config:
 ```ruby
 config.cloudflare.expires_in = 12.hours # default value
 config.cloudflare.timeout = 5.seconds # default value
 ```
+## Blocking non-Cloudflare traffic
+You can use the `#cloudfront?` method from this gem to block all non-Cloudflare traffic to your application. Here's an example of doing this with [`Rack::Attack`](https://github.com/rack/rack-attack):
+```ruby
+  Rack::Attack.blocklist('CloudFlare WAF bypass') do |req|
+    !req.cloudflare?
+  end
+```
+Note that the request may optionally pass through additional trusted proxies, so it will return true for any of these scenarios:
+ * `REMOTE_ADDR: CloudFlare`
+ * `REMOTE_ADDR: trusted_proxy`, `X_HTTP_FORWARDED_FOR: CloudFlare`
+ * `REMOTE_ADDR: trusted_proxy`, `X_HTTP_FORWARDED_FOR: trusted_proxy2,CloudFlare,...`
+but it will return false if CloudFlare comes after the trusted prefix of `X-Forwarded-For`.
 ## Alternatives
 [actionpack-cloudflare](https://github.com/customink/actionpack-cloudflare) simpler approach using the `CF-Connecting-IP` header.

data/cloudflare-rails.gemspec CHANGED Viewed

@@ -23,12 +23,11 @@ Gem::Specification.new do |spec|
   spec.add_development_dependency 'rack-attack', '~> 6.7.0'
   spec.add_development_dependency 'rake', '~> 13.2.1'
   spec.add_development_dependency 'rspec', '~> 3.13.0'
-  spec.add_development_dependency 'rspec_junit_formatter', '~> 0.6.0'
-  spec.add_development_dependency 'rspec-rails', '~> 6.1.2'
-  spec.add_development_dependency 'rubocop', '~> 1.64.1'
-  spec.add_development_dependency 'rubocop-performance', '~> 1.21.0'
-  spec.add_development_dependency 'rubocop-rails', '~> 2.25.0'
-  spec.add_development_dependency 'rubocop-rspec', '~> 2.26.1'
+  spec.add_development_dependency 'rspec-rails', '~> 7.0.1'
+  spec.add_development_dependency 'rubocop', '~> 1.66.1'
+  spec.add_development_dependency 'rubocop-performance', '~> 1.22.1'
+  spec.add_development_dependency 'rubocop-rails', '~> 2.26.1'
+  spec.add_development_dependency 'rubocop-rspec', '~> 3.0.1'
   spec.add_development_dependency 'webmock', '~> 3.23.1'
   spec.add_dependency 'actionpack', '>= 7.1.0', '< 8.1.0'

data/gemfiles/rails_7.2.gemfile CHANGED Viewed

@@ -4,6 +4,6 @@
 source 'https://rubygems.org'
-gem 'rails', github: 'rails/rails', branch: '7-2-stable'
+gem 'rails', '~> 7.2.0'
 gemspec path: '../'

data/lib/cloudflare_rails/check_trusted_proxies.rb CHANGED Viewed

@@ -1,13 +1,32 @@
+# frozen_string_literal: true
 module CloudflareRails
   # patch rack::request::helpers to use our cloudflare ips - this way request.ip is
   # correct inside of rack and rails
   module CheckTrustedProxies
-    def trusted_proxy?(ip)
-      matching = Importer.cloudflare_ips.any? do |proxy|
+    def cloudflare_ip?(ip)
+      Importer.cloudflare_ips.any? do |proxy|
         proxy === ip
       rescue IPAddr::InvalidAddressError
       end
-      matching || super
+    end
+    def trusted_proxy?(ip)
+      cloudflare_ip?(ip) || super
+    end
+    def cloudflare?
+      remote_addresses = split_header(get_header('REMOTE_ADDR'))
+      forwarded_for = self.forwarded_for || []
+      # Select only the trusted prefix of REMOTE_ADDR + X_HTTP_FORWARDED_FOR
+      trusted_proxies = (remote_addresses + forwarded_for).take_while do |ip|
+        trusted_proxy?(ip)
+      end
+      trusted_proxies.any? do |ip|
+        cloudflare_ip?(ip)
+      end
     end
   end
 end

data/lib/cloudflare_rails/importer.rb CHANGED Viewed

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
 require 'net/http'
 require 'uri'
@@ -19,9 +21,9 @@ module CloudflareRails
       end
     end
-    BASE_URL = 'https://www.cloudflare.com'.freeze
-    IPS_V4_URL = '/ips-v4/'.freeze
-    IPS_V6_URL = '/ips-v6/'.freeze
+    BASE_URL = 'https://www.cloudflare.com'
+    IPS_V4_URL = '/ips-v4/'
+    IPS_V6_URL = '/ips-v6/'
     class << self
       def ips_v6

data/lib/cloudflare_rails/railtie.rb CHANGED Viewed

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
 require 'active_support/core_ext/integer/time'
 module CloudflareRails

data/lib/cloudflare_rails/remote_ip_proxies.rb CHANGED Viewed

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
 module CloudflareRails
   # patch ActionDispatch::RemoteIP to use our cloudflare ips - this way
   # request.remote_ip is correct inside of rails

data/lib/cloudflare_rails/version.rb CHANGED Viewed

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
 module CloudflareRails
-  VERSION = '6.0.0'.freeze
+  VERSION = '6.1.0'
 end

data/lib/cloudflare_rails.rb CHANGED Viewed

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
 require 'zeitwerk'
 loader = Zeitwerk::Loader.for_gem
 loader.ignore("#{__dir__}/cloudflare-rails.rb")

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: cloudflare-rails
 version: !ruby/object:Gem::Version
-  version: 6.0.0
+  version: 6.1.0
 platform: ruby
 authors:
 - jonathan schatz
 autorequire:
 bindir: exe
 cert_chain: []
-date: 2024-06-13 00:00:00.000000000 Z
+date: 2024-09-23 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: appraisal
@@ -94,90 +94,76 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: 3.13.0
-- !ruby/object:Gem::Dependency
-  name: rspec_junit_formatter
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: 0.6.0
-  type: :development
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: 0.6.0
 - !ruby/object:Gem::Dependency
   name: rspec-rails
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 6.1.2
+        version: 7.0.1
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 6.1.2
+        version: 7.0.1
 - !ruby/object:Gem::Dependency
   name: rubocop
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 1.64.1
+        version: 1.66.1
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 1.64.1
+        version: 1.66.1
 - !ruby/object:Gem::Dependency
   name: rubocop-performance
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 1.21.0
+        version: 1.22.1
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 1.21.0
+        version: 1.22.1
 - !ruby/object:Gem::Dependency
   name: rubocop-rails
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 2.25.0
+        version: 2.26.1
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 2.25.0
+        version: 2.26.1
 - !ruby/object:Gem::Dependency
   name: rubocop-rspec
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 2.26.1
+        version: 3.0.1
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 2.26.1
+        version: 3.0.1
 - !ruby/object:Gem::Dependency
   name: webmock
   requirement: !ruby/object:Gem::Requirement