enforce-ssl 0.1.0 → 0.2.0

data/MIT-LICENSE

@@ -0,0 +1,20 @@
+Copyright (c) 2010 Kristian Meier
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/lib/enforce-ssl.rb

@@ -1,79 +1,3 @@
-# Copyright (c) 2005 David Heinemeier Hansson
-#
-# Permission is hereby granted, free of charge, to any person obtaining
-# a copy of this software and associated documentation files (the
-# "Software"), to deal in the Software without restriction, including
-# without limitation the rights to use, copy, modify, merge, publish,
-# distribute, sublicense, and/or sell copies of the Software, and to
-# permit persons to whom the Software is furnished to do so, subject to
-# the following conditions:
-#
-# The above copyright notice and this permission notice shall be
-# included in all copies or substantial portions of the Software.
-#
-# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
-# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
-# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
-# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
-# LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
-# OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
-# WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
-require 'rails'
-
-class EnforceSslRailtie < Rails::Railtie
-
-  config.before_configuration do |app|
-    app.config.class.class_eval do
-      attr_accessor :ssl_port
-    end
-    app.config.ssl_port = Rails.env == "production" ? 443 : 3000
-  end
+if defined?(Rails)
+  require 'enforce_ssl/filter_railtie'
 end
-
-module EnforceSsl
-  def self.included(controller)
-    #controller.extend(ClassMethods)
-    controller.before_filter(:enforce_ssl)
-  end
-
-  # module ClassMethods
-  #   # Specifies that the named actions requires an SSL connection to be performed (which is enforced by ensure_proper_protocol).
-  #   def ssl_required(*actions)
-  #     write_inheritable_array(:ssl_required_actions, actions)
-  #   end
-
-  #   def ssl_allowed(*actions)
-  #     write_inheritable_array(:ssl_allowed_actions, actions)
-  #   end
-  # end
-  
-  # protected
-  #   # Returns true if the current action is supposed to run as SSL
-  #   def ssl_required?
-  #     (self.class.read_inheritable_attribute(:ssl_required_actions) || []).include?(action_name.to_sym)
-  #   end
-    
-  #   def ssl_allowed?
-  #     (self.class.read_inheritable_attribute(:ssl_allowed_actions) || []).include?(action_name.to_sym)
-  #   end
-
-  private
-    def enforce_ssl
-      #return true if ssl_allowed?
-
-      is_ssl = request.port.to_i == Rails.configuration.ssl_port.to_i
-      request.env['HTTPS'] = is_ssl ? "on" : nil
-
-      #if ssl_required? && !request.ssl?
-      unless is_ssl
-        redirect_to "https://" + request.host + ":#{Rails.configuration.ssl_port}" + request.fullpath
-        flash.keep
-        return false
-      #elsif request.ssl? && !ssl_required?
-      #  redirect_to "http://" + request.host + request.request_uri
-      #  flash.keep
-      #  return false
-      end
-    end
-end
-ActionController::Base.send(:include, EnforceSsl)

data/lib/enforce_ssl/base_railtie.rb

@@ -0,0 +1,24 @@
+require 'rails'
+
+module EnforceSsl
+  class BaseRailtie
+
+    def self.configuration(app)
+      app.config.class.class_eval do
+        attr_accessor :no_ssl_port
+        attr_accessor :ssl_port
+        attr_accessor :hsts_max_age
+        attr_accessor :hsts_include_sub_domain
+      end
+      if Rails.env == "production"
+        app.config.no_ssl_port = 80
+        app.config.ssl_port = 443
+      else
+        app.config.no_ssl_port = 8080
+        app.config.ssl_port = 8443
+      end
+      app.config.hsts_include_sub_domain = false
+      app.config.hsts_max_age = 31536000 # one year in seconds
+    end
+  end
+end

data/lib/enforce_ssl/enforce_ssl_filter.rb

@@ -0,0 +1,27 @@
+require 'rails'
+
+module EnforceSsl
+  module EnforceSslFilter
+    def enforce_ssl
+      controller = self
+      is_ssl = controller.request.port.to_i == Rails.configuration.ssl_port.to_i
+      is_not_ssl = controller.request.port.to_i == Rails.configuration.no_ssl_port.to_i
+      
+      controller.request.env['HTTPS'] = is_ssl ? "on" : nil
+      
+      if is_ssl
+        # use only if max_age is set and only in production mode since it
+        # needs a proper (not self-signed) certificate
+        if Rails.configuration.hsts_max_age && Rails.env == "production"
+          subdomain = Rails.configuration.hsts_include_sub_domains? ? " ; includeSubDomains" : ""
+         controller. response.headers['Strict-Transport-Security'] = "max-age=#{Rails.configuration.hsts_max_age.to_i}" + subdomain
+          
+        end
+      elsif is_not_ssl
+        controller.redirect_to "https://" + controller.request.host + ":#{Rails.configuration.ssl_port}" + controller.request.fullpath
+        controller.flash.keep
+        return false
+      end
+    end
+  end
+end

data/lib/enforce_ssl/enforce_ssl_rack.rb

@@ -0,0 +1,34 @@
+module EnforceSsl
+  class EnforceSslRack
+
+    def initialize(app)
+      @app = app
+    end
+    
+    def call(env)
+      scheme = env["rack.url_scheme"]
+      port = env["SERVER_PORT"]
+      is_ssl = port.to_i == Rails.configuration.ssl_port.to_i
+      is_not_ssl = port.to_i == Rails.configuration.no_ssl_port.to_i
+
+      if is_ssl
+        @status, @headers, @body = @app.call(env)
+        
+        # use only if max_age is set and only in production mode since it
+        # needs a proper (not self-signed) certificate
+        if Rails.configuration.hsts_max_age && Rails.env == "production"
+          subdomain = Rails.configuration.hsts_include_sub_domains? ? " ; includeSubDomains" : ""
+          @headers['Strict-Transport-Security'] = "max-age=#{Rails.configuration.hsts_max_age.to_i}" + subdomain
+          
+        end
+      elsif is_not_ssl
+        @headers = { "location" => "https://" + env["HTTP_HOST"].sub(/\:.*/, '') + ":#{Rails.configuration.ssl_port}" + env["PATH_INFO"] }
+        @status = 302
+        @body = ''
+      else
+        @status, @headers, @body = @app.call(env)
+      end
+      [@status, @headers, @body]
+    end
+  end
+end

data/lib/enforce_ssl/filter_railtie.rb

@@ -0,0 +1,13 @@
+require 'enforce_ssl/base_railtie'
+require 'enforce_ssl/enforce_ssl_filter'
+
+module EnforceSsl
+  class FilterRailtie < Rails::Railtie
+
+    config.before_configuration do |app|
+      BaseRailtie.configuration(app)
+      ::ActionController::Base.send :include, EnforceSslFilter
+      ::ActionController::Base.prepend_before_filter(:enforce_ssl)
+    end
+  end
+end

data/lib/enforce_ssl/rack_railtie.rb

@@ -0,0 +1,12 @@
+require 'enforce_ssl/base_railtie'
+require 'enforce_ssl/enforce_ssl_rack'
+
+module EnforceSsl
+  class FilterRailtie < Rails::Railtie
+
+    config.before_configuration do |app|
+      BaseRailtie.configuration(app)
+      app.config.middleware.insert_before(::ActionDispatch::Static, EnforceSslRack)
+    end
+  end
+end

metadata

@@ -4,9 +4,9 @@ version: !ruby/object:Gem::Version
   prerelease: false
   segments: 
     - 0
-    - 1
+    - 2
     - 0
-  version: 0.1.0
+  version: 0.2.0
 platform: ruby
 authors: 
   - mkristian
@@ -14,7 +14,7 @@ autorequire:
 bindir: bin
 cert_chain: []
 
-date: 2010-10-31 00:00:00 +05:30
+date: 2011-03-22 00:00:00 +05:30
 default_executable: 
 dependencies: 
   - !ruby/object:Gem::Dependency 
@@ -41,22 +41,18 @@ extensions: []
 extra_rdoc_files: []
 
 files: 
+  - MIT-LICENSE
   - lib/enforce-ssl.rb
+  - lib/enforce_ssl/filter_railtie.rb
+  - lib/enforce_ssl/rack_railtie.rb
+  - lib/enforce_ssl/enforce_ssl_filter.rb
+  - lib/enforce_ssl/base_railtie.rb
+  - lib/enforce_ssl/enforce_ssl_rack.rb
 has_rdoc: true
 homepage: http://github.com/mkristian/enforce-ssl
-licenses: []
-
-post_install_message: |-
-  - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-  configure the enforced ssl port with 
-  (default => { development => 3000, production => 443 }):
-  
-     config.ssl_port = 8443
-  
-  for development you can do that in "config/environments/development.rb". 
-  you can use "jetty-run" from "ruby-maven" gem (jruby only) to have both 
-  an http and an https port listing for requests.
-  - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+licenses: 
+  - MIT-LICENSE
+post_install_message: 
 rdoc_options: []
 
 require_paths: