enforce-ssl 0.1.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (2) hide show
  1. data/lib/enforce-ssl.rb +79 -0
  2. metadata +86 -0
data/lib/enforce-ssl.rb ADDED
@@ -0,0 +1,79 @@
1
+ # Copyright (c) 2005 David Heinemeier Hansson
2
+ #
3
+ # Permission is hereby granted, free of charge, to any person obtaining
4
+ # a copy of this software and associated documentation files (the
5
+ # "Software"), to deal in the Software without restriction, including
6
+ # without limitation the rights to use, copy, modify, merge, publish,
7
+ # distribute, sublicense, and/or sell copies of the Software, and to
8
+ # permit persons to whom the Software is furnished to do so, subject to
9
+ # the following conditions:
10
+ #
11
+ # The above copyright notice and this permission notice shall be
12
+ # included in all copies or substantial portions of the Software.
13
+ #
14
+ # THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
15
+ # EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
16
+ # MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
17
+ # NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
18
+ # LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
19
+ # OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
20
+ # WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
21
+ require 'rails'
22
+
23
+ class EnforceSslRailtie < Rails::Railtie
24
+
25
+ config.before_configuration do |app|
26
+ app.config.class.class_eval do
27
+ attr_accessor :ssl_port
28
+ end
29
+ app.config.ssl_port = Rails.env == "production" ? 443 : 3000
30
+ end
31
+ end
32
+
33
+ module EnforceSsl
34
+ def self.included(controller)
35
+ #controller.extend(ClassMethods)
36
+ controller.before_filter(:enforce_ssl)
37
+ end
38
+
39
+ # module ClassMethods
40
+ # # Specifies that the named actions requires an SSL connection to be performed (which is enforced by ensure_proper_protocol).
41
+ # def ssl_required(*actions)
42
+ # write_inheritable_array(:ssl_required_actions, actions)
43
+ # end
44
+
45
+ # def ssl_allowed(*actions)
46
+ # write_inheritable_array(:ssl_allowed_actions, actions)
47
+ # end
48
+ # end
49
+
50
+ # protected
51
+ # # Returns true if the current action is supposed to run as SSL
52
+ # def ssl_required?
53
+ # (self.class.read_inheritable_attribute(:ssl_required_actions) || []).include?(action_name.to_sym)
54
+ # end
55
+
56
+ # def ssl_allowed?
57
+ # (self.class.read_inheritable_attribute(:ssl_allowed_actions) || []).include?(action_name.to_sym)
58
+ # end
59
+
60
+ private
61
+ def enforce_ssl
62
+ #return true if ssl_allowed?
63
+
64
+ is_ssl = request.port.to_i == Rails.configuration.ssl_port.to_i
65
+ request.env['HTTPS'] = is_ssl ? "on" : nil
66
+
67
+ #if ssl_required? && !request.ssl?
68
+ unless is_ssl
69
+ redirect_to "https://" + request.host + ":#{Rails.configuration.ssl_port}" + request.fullpath
70
+ flash.keep
71
+ return false
72
+ #elsif request.ssl? && !ssl_required?
73
+ # redirect_to "http://" + request.host + request.request_uri
74
+ # flash.keep
75
+ # return false
76
+ end
77
+ end
78
+ end
79
+ ActionController::Base.send(:include, EnforceSsl)
metadata ADDED
@@ -0,0 +1,86 @@
1
+ --- !ruby/object:Gem::Specification
2
+ name: enforce-ssl
3
+ version: !ruby/object:Gem::Version
4
+ prerelease: false
5
+ segments:
6
+ - 0
7
+ - 1
8
+ - 0
9
+ version: 0.1.0
10
+ platform: ruby
11
+ authors:
12
+ - mkristian
13
+ autorequire:
14
+ bindir: bin
15
+ cert_chain: []
16
+
17
+ date: 2010-10-31 00:00:00 +05:30
18
+ default_executable:
19
+ dependencies:
20
+ - !ruby/object:Gem::Dependency
21
+ name: rake
22
+ prerelease: false
23
+ requirement: &id001 !ruby/object:Gem::Requirement
24
+ requirements:
25
+ - - "="
26
+ - !ruby/object:Gem::Version
27
+ segments:
28
+ - 0
29
+ - 8
30
+ - 7
31
+ version: 0.8.7
32
+ type: :development
33
+ version_requirements: *id001
34
+ description: "enforce the use of SSL for all controller actions, skip the enforcement with skip_before_filter :enforce_ssl for selected actions. moto: secure everything, open where needed"
35
+ email:
36
+ - m.kristian@web.de
37
+ executables: []
38
+
39
+ extensions: []
40
+
41
+ extra_rdoc_files: []
42
+
43
+ files:
44
+ - lib/enforce-ssl.rb
45
+ has_rdoc: true
46
+ homepage: http://github.com/mkristian/enforce-ssl
47
+ licenses: []
48
+
49
+ post_install_message: |-
50
+ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
51
+ configure the enforced ssl port with
52
+ (default => { development => 3000, production => 443 }):
53
+
54
+ config.ssl_port = 8443
55
+
56
+ for development you can do that in "config/environments/development.rb".
57
+ you can use "jetty-run" from "ruby-maven" gem (jruby only) to have both
58
+ an http and an https port listing for requests.
59
+ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
60
+ rdoc_options: []
61
+
62
+ require_paths:
63
+ - lib
64
+ required_ruby_version: !ruby/object:Gem::Requirement
65
+ requirements:
66
+ - - ">="
67
+ - !ruby/object:Gem::Version
68
+ segments:
69
+ - 0
70
+ version: "0"
71
+ required_rubygems_version: !ruby/object:Gem::Requirement
72
+ requirements:
73
+ - - ">="
74
+ - !ruby/object:Gem::Version
75
+ segments:
76
+ - 0
77
+ version: "0"
78
+ requirements: []
79
+
80
+ rubyforge_project:
81
+ rubygems_version: 1.3.6
82
+ signing_key:
83
+ specification_version: 3
84
+ summary: enforce the use of SSL for all controller actions
85
+ test_files: []
86
+