csr_auth 0.0.1

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: 4f9b8aad2a317167b51d55f568fca7e2aa108554
+  data.tar.gz: 36c1b030f4b27497bec1119d5064e9b8534e2c33
+SHA512:
+  metadata.gz: 8ec1bb34c944e9520f5b59fac776f1450174e06adc1d793a3d155022683c3cb89daa03a77e40b1515d1863c884f74ee8ea0c3df244e500506ae22b7ddae3527a
+  data.tar.gz: 666699812306cf0ff1ff9aa997479a737e757e3d31695cf4cbd896b3f1a858f6a791e7a7f0dbd58709ad7c67949b37d4092638c9361b50501a65f098579c7bcf

data/.gitignore

@@ -0,0 +1,14 @@
+/.bundle/
+/.yardoc
+/Gemfile.lock
+/_yardoc/
+/coverage/
+/doc/
+/pkg/
+/spec/reports/
+/tmp/
+*.bundle
+*.so
+*.o
+*.a
+mkmf.log

data/Gemfile

@@ -0,0 +1,4 @@
+source 'https://rubygems.org'
+
+# Specify your gem's dependencies in csr_auth.gemspec
+gemspec

data/LICENSE.txt

@@ -0,0 +1,22 @@
+Copyright (c) 2015 nishadmenezes
+
+MIT License
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.md

@@ -0,0 +1,85 @@
+# CsrAuth
+
+Allow CORS(Cross Origin Resource Sharing) via AJAX requests from trusted web applications to your Rails Back-End.
+
+## Installation
+
+Add this line to your application's Gemfile:
+
+```ruby
+gem 'csr_auth'
+```
+
+And then execute:
+
+    $ bundle install
+
+Or install it yourself as:
+
+    $ gem install csr_auth
+
+## Usage
+
+### Generate Initializer
+
+    $ rails generate csr_auth:install
+    
+### Edit Initializer
+Allowed origins can be specified in the generated Rails intializer:
+
+    config/initializers/csr_auth.rb
+    
+Configure allowed origins and allowed methods for each origin as shown:
+
+```ruby
+# Tell CsrAuth the origins that will send AJAX requests
+
+CsrAuth.configuration do |config|
+ # Cross Origin Resource Sharing via remote requests will be allowed only for the specified origins.
+ # By default the value is set to '*', allows all origins and request methods
+ config.allowed_origins = "*"
+
+ # Examples:
+ # config.allowed_origins = {:origin => 'http://localhost:3000', :methods => :all}
+ # config.allowed_origins = {:origin => '127.0.0.1:3000', :methods => :all}, {:origin => 'chrome-extension://my_extension_id', :methods => [:get, :post, :put]}
+end
+```
+
+#### Hash Description
+__:origin__ => The origin that will send cross script requests to your Rails app. You can pass either a string or a regex.
+
+__:methods__ => The allowed methods for a request from an origin. Value can either be *:all* for all methods or an array of allowed methods - *[:get, :post, :delete]*.
+
+_"*"_ => Allows requests from all origins and methods.
+
+__NOTE__: When passing a Regex be sure not to be too inclusive.
+
+### Modify Application Controller
+```ruby
+class ApplicationController < ActionController::Base
+  require 'csr_auth'
+  # Prevent CSRF attacks by raising an exception.
+  # For APIs, you may want to use :null_session instead.
+  protect_from_forgery with: :exception, if: :block_csr?
+  #before_filter :chrome_extension
+  
+  private
+  def block_csr?
+    CsrAuth::Filter.block_csr? request
+  end
+```
+1. Create a private method like - `block_csr?` and call CsrAuth's filter method passing in the request object - `CsrAuth::Filter.block_csr? request`
+2. Change line - `protect_from_forgery...` to `protect_from_forgery with: :exception, if: :block_csr?`
+
+## Configuration Examples:
+config.allowed_origins = "*"
+
+config.allowed_origins = {:origin => 'http://localhost:3000', :methods => :all}
+
+config.allowed_origins = {:origin => '127.0.0.1:3000', :methods => :all}, {:origin => 'chrome-extension://my_extension_id', :methods => [:get, :post, :put]}
+
+config.allowed_origins = {:origin => /chrome-extension:\\/\\/my_extension_id/, :methods => :get}, {:origin => /http:\\/\\/localhost:3000/, :methods => [:post, :put]}
+
+
+## License:
+MIT - [SEE HERE](../master/LICENSE)

data/Rakefile

@@ -0,0 +1,2 @@
+require "bundler/gem_tasks"
+

data/csr_auth.gemspec

@@ -0,0 +1,23 @@
+# coding: utf-8
+lib = File.expand_path('../lib', __FILE__)
+$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
+require 'csr_auth/version'
+
+Gem::Specification.new do |spec|
+  spec.name          = "csr_auth"
+  spec.version       = CsrAuth::VERSION
+  spec.authors       = ["nishadmenezes"]
+  spec.email         = ["nishadmenezes@gmail.com"]
+  spec.summary       = "Allow Cross Origin AJAX requests from trusted web applications to your Rails Back-End."
+  spec.description   = ""
+  spec.homepage      = "https://github.com/nishadmenezes/csr_auth"
+  spec.license       = "MIT"
+
+  spec.files         = `git ls-files -z`.split("\x0")
+  spec.executables   = spec.files.grep(%r{^bin/}) { |f| File.basename(f) }
+  spec.test_files    = spec.files.grep(%r{^(test|spec|features)/})
+  spec.require_paths = ["lib"]
+
+  spec.add_development_dependency "bundler", "~> 1.7"
+  spec.add_development_dependency "rake", "~> 10.0"
+end

data/lib/csr_auth.rb

@@ -0,0 +1,51 @@
+require "csr_auth/version"
+require "helpers/configuration"
+
+module CsrAuth
+  extend Configuration
+  
+  define_setting :allowed_origins, "*"
+
+  class Filter
+
+    include CsrAuth
+    
+    def self.block_csr?(request)
+  	 if request.format.html?
+        return true
+     else
+        block = true
+        unless request.headers['origin'].nil?
+          if @@allowed_origins == "*"
+            block = false
+          else
+            @@allowed_origins.each do |origin|
+              if origin[:origin].class == String
+                if request.headers['origin'].start_with? origin[:origin]
+                  block = block_method? origin[:methods], request.method
+                  break
+                end
+              elsif origin[:origin].class == Regexp
+                if request.headers['origin'] =~ origin[:origin]
+                  block = block_method? origin[:methods], request.method
+                  break
+                end
+              end
+            end
+          end
+        end
+        block
+      end
+    end
+
+    private
+    def self.block_method?(origin_methods, request_method)
+      if origin_methods == :all
+        false
+      else
+        origin_methods = [].push(origin_methods) if origin_methods.class == Symbol
+        origin_methods.exclude?(request_method.downcase.to_sym)
+      end
+    end
+  end
+end

data/lib/csr_auth/version.rb

@@ -0,0 +1,3 @@
+module CsrAuth
+  VERSION = "0.0.1"
+end

data/lib/generators/csr_auth/install/USAGE

@@ -0,0 +1,5 @@
+Description:
+  Creates an initializer for csr_auth.
+
+Example:
+  `rails generate csr_auth:install`

data/lib/generators/csr_auth/install/install_generator.rb

@@ -0,0 +1,10 @@
+module CsrAuth
+  class InstallGenerator < Rails::Generators::Base
+    source_root File.expand_path('../templates', __FILE__)
+
+    def copy_files
+      template "csr_auth.rb", File.join("config", "initializers", "csr_auth.rb")
+    end
+
+  end
+end

data/lib/generators/csr_auth/install/templates/csr_auth.rb

@@ -0,0 +1,11 @@
+# Tell CsrAuth the origins that will send AJAX requests
+
+CsrAuth.configuration do |config|
+ # Cross Origin Resource Sharing via remote requests will be allowed only for the specified origins.
+ # By default the value is set to '*', allows all origins and request methods
+ config.allowed_origins = "*"
+
+ # Examples:
+ # config.allowed_origins = {:origin => 'http://localhost:3000', :methods => :all}
+ # config.allowed_origins = {:origin => '127.0.0.1:3000', :methods => :all}, {:origin => 'chrome-extension://my_extension_id', :methods => [:get, :post, :put]}
+end

data/lib/generators/install_generator.rb

@@ -0,0 +1,10 @@
+module CsrAuth
+  class InstallGenerator < Rails::Generators::Base
+    source_root File.expand_path('../templates', __FILE__)
+
+    def copy_files
+      template "csr_auth.rb", File.join("config", "initializers", "csr_auth.rb")
+    end
+
+  end
+end

data/lib/helpers/configuration.rb

@@ -0,0 +1,28 @@
+module Configuration
+
+ def configuration
+ yield self
+ end
+
+ def define_setting(name, default = nil)
+ class_variable_set("@@#{name}", default)
+
+ define_class_method "#{name}=" do |value|
+ value = [].push(value) if value != "*" && value.class == Hash
+ class_variable_set("@@#{name}", value)
+ end
+
+ define_class_method name do
+ class_variable_get("@@#{name}")
+ end
+ end
+
+ private
+
+ def define_class_method(name, &block)
+ (class << self; self; end).instance_eval do
+ define_method name, &block
+ end
+ end
+
+end

metadata

@@ -0,0 +1,86 @@
+--- !ruby/object:Gem::Specification
+name: csr_auth
+version: !ruby/object:Gem::Version
+  version: 0.0.1
+platform: ruby
+authors:
+- nishadmenezes
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2016-05-01 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: bundler
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.7'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.7'
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '10.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '10.0'
+description: ''
+email:
+- nishadmenezes@gmail.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- ".gitignore"
+- Gemfile
+- LICENSE.txt
+- README.md
+- Rakefile
+- csr_auth.gemspec
+- lib/csr_auth.rb
+- lib/csr_auth/version.rb
+- lib/generators/csr_auth/install/USAGE
+- lib/generators/csr_auth/install/install_generator.rb
+- lib/generators/csr_auth/install/templates/csr_auth.rb
+- lib/generators/install_generator.rb
+- lib/helpers/configuration.rb
+homepage: https://github.com/nishadmenezes/csr_auth
+licenses:
+- MIT
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.2.2
+signing_key: 
+specification_version: 4
+summary: Allow Cross Origin AJAX requests from trusted web applications to your Rails
+  Back-End.
+test_files: []