enforce-ssl 0.1.0 → 0.2.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (8) hide show
  1. data/MIT-LICENSE +20 -0
  2. data/lib/enforce-ssl.rb +2 -78
  3. data/lib/enforce_ssl/base_railtie.rb +24 -0
  4. data/lib/enforce_ssl/enforce_ssl_filter.rb +27 -0
  5. data/lib/enforce_ssl/enforce_ssl_rack.rb +34 -0
  6. data/lib/enforce_ssl/filter_railtie.rb +13 -0
  7. data/lib/enforce_ssl/rack_railtie.rb +12 -0
  8. metadata +12 -16
data/MIT-LICENSE ADDED
@@ -0,0 +1,20 @@
1
+ Copyright (c) 2010 Kristian Meier
2
+
3
+ Permission is hereby granted, free of charge, to any person obtaining
4
+ a copy of this software and associated documentation files (the
5
+ "Software"), to deal in the Software without restriction, including
6
+ without limitation the rights to use, copy, modify, merge, publish,
7
+ distribute, sublicense, and/or sell copies of the Software, and to
8
+ permit persons to whom the Software is furnished to do so, subject to
9
+ the following conditions:
10
+
11
+ The above copyright notice and this permission notice shall be
12
+ included in all copies or substantial portions of the Software.
13
+
14
+ THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
15
+ EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
16
+ MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
17
+ NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
18
+ LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
19
+ OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
20
+ WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
data/lib/enforce-ssl.rb CHANGED
@@ -1,79 +1,3 @@
1
- # Copyright (c) 2005 David Heinemeier Hansson
2
- #
3
- # Permission is hereby granted, free of charge, to any person obtaining
4
- # a copy of this software and associated documentation files (the
5
- # "Software"), to deal in the Software without restriction, including
6
- # without limitation the rights to use, copy, modify, merge, publish,
7
- # distribute, sublicense, and/or sell copies of the Software, and to
8
- # permit persons to whom the Software is furnished to do so, subject to
9
- # the following conditions:
10
- #
11
- # The above copyright notice and this permission notice shall be
12
- # included in all copies or substantial portions of the Software.
13
- #
14
- # THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
15
- # EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
16
- # MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
17
- # NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
18
- # LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
19
- # OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
20
- # WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
21
- require 'rails'
22
-
23
- class EnforceSslRailtie < Rails::Railtie
24
-
25
- config.before_configuration do |app|
26
- app.config.class.class_eval do
27
- attr_accessor :ssl_port
28
- end
29
- app.config.ssl_port = Rails.env == "production" ? 443 : 3000
30
- end
1
+ if defined?(Rails)
2
+ require 'enforce_ssl/filter_railtie'
31
3
  end
32
-
33
- module EnforceSsl
34
- def self.included(controller)
35
- #controller.extend(ClassMethods)
36
- controller.before_filter(:enforce_ssl)
37
- end
38
-
39
- # module ClassMethods
40
- # # Specifies that the named actions requires an SSL connection to be performed (which is enforced by ensure_proper_protocol).
41
- # def ssl_required(*actions)
42
- # write_inheritable_array(:ssl_required_actions, actions)
43
- # end
44
-
45
- # def ssl_allowed(*actions)
46
- # write_inheritable_array(:ssl_allowed_actions, actions)
47
- # end
48
- # end
49
-
50
- # protected
51
- # # Returns true if the current action is supposed to run as SSL
52
- # def ssl_required?
53
- # (self.class.read_inheritable_attribute(:ssl_required_actions) || []).include?(action_name.to_sym)
54
- # end
55
-
56
- # def ssl_allowed?
57
- # (self.class.read_inheritable_attribute(:ssl_allowed_actions) || []).include?(action_name.to_sym)
58
- # end
59
-
60
- private
61
- def enforce_ssl
62
- #return true if ssl_allowed?
63
-
64
- is_ssl = request.port.to_i == Rails.configuration.ssl_port.to_i
65
- request.env['HTTPS'] = is_ssl ? "on" : nil
66
-
67
- #if ssl_required? && !request.ssl?
68
- unless is_ssl
69
- redirect_to "https://" + request.host + ":#{Rails.configuration.ssl_port}" + request.fullpath
70
- flash.keep
71
- return false
72
- #elsif request.ssl? && !ssl_required?
73
- # redirect_to "http://" + request.host + request.request_uri
74
- # flash.keep
75
- # return false
76
- end
77
- end
78
- end
79
- ActionController::Base.send(:include, EnforceSsl)
data/lib/enforce_ssl/base_railtie.rb ADDED
@@ -0,0 +1,24 @@
1
+ require 'rails'
2
+
3
+ module EnforceSsl
4
+ class BaseRailtie
5
+
6
+ def self.configuration(app)
7
+ app.config.class.class_eval do
8
+ attr_accessor :no_ssl_port
9
+ attr_accessor :ssl_port
10
+ attr_accessor :hsts_max_age
11
+ attr_accessor :hsts_include_sub_domain
12
+ end
13
+ if Rails.env == "production"
14
+ app.config.no_ssl_port = 80
15
+ app.config.ssl_port = 443
16
+ else
17
+ app.config.no_ssl_port = 8080
18
+ app.config.ssl_port = 8443
19
+ end
20
+ app.config.hsts_include_sub_domain = false
21
+ app.config.hsts_max_age = 31536000 # one year in seconds
22
+ end
23
+ end
24
+ end
data/lib/enforce_ssl/enforce_ssl_filter.rb ADDED
@@ -0,0 +1,27 @@
1
+ require 'rails'
2
+
3
+ module EnforceSsl
4
+ module EnforceSslFilter
5
+ def enforce_ssl
6
+ controller = self
7
+ is_ssl = controller.request.port.to_i == Rails.configuration.ssl_port.to_i
8
+ is_not_ssl = controller.request.port.to_i == Rails.configuration.no_ssl_port.to_i
9
+
10
+ controller.request.env['HTTPS'] = is_ssl ? "on" : nil
11
+
12
+ if is_ssl
13
+ # use only if max_age is set and only in production mode since it
14
+ # needs a proper (not self-signed) certificate
15
+ if Rails.configuration.hsts_max_age && Rails.env == "production"
16
+ subdomain = Rails.configuration.hsts_include_sub_domains? ? " ; includeSubDomains" : ""
17
+ controller. response.headers['Strict-Transport-Security'] = "max-age=#{Rails.configuration.hsts_max_age.to_i}" + subdomain
18
+
19
+ end
20
+ elsif is_not_ssl
21
+ controller.redirect_to "https://" + controller.request.host + ":#{Rails.configuration.ssl_port}" + controller.request.fullpath
22
+ controller.flash.keep
23
+ return false
24
+ end
25
+ end
26
+ end
27
+ end
data/lib/enforce_ssl/enforce_ssl_rack.rb ADDED
@@ -0,0 +1,34 @@
1
+ module EnforceSsl
2
+ class EnforceSslRack
3
+
4
+ def initialize(app)
5
+ @app = app
6
+ end
7
+
8
+ def call(env)
9
+ scheme = env["rack.url_scheme"]
10
+ port = env["SERVER_PORT"]
11
+ is_ssl = port.to_i == Rails.configuration.ssl_port.to_i
12
+ is_not_ssl = port.to_i == Rails.configuration.no_ssl_port.to_i
13
+
14
+ if is_ssl
15
+ @status, @headers, @body = @app.call(env)
16
+
17
+ # use only if max_age is set and only in production mode since it
18
+ # needs a proper (not self-signed) certificate
19
+ if Rails.configuration.hsts_max_age && Rails.env == "production"
20
+ subdomain = Rails.configuration.hsts_include_sub_domains? ? " ; includeSubDomains" : ""
21
+ @headers['Strict-Transport-Security'] = "max-age=#{Rails.configuration.hsts_max_age.to_i}" + subdomain
22
+
23
+ end
24
+ elsif is_not_ssl
25
+ @headers = { "location" => "https://" + env["HTTP_HOST"].sub(/\:.*/, '') + ":#{Rails.configuration.ssl_port}" + env["PATH_INFO"] }
26
+ @status = 302
27
+ @body = ''
28
+ else
29
+ @status, @headers, @body = @app.call(env)
30
+ end
31
+ [@status, @headers, @body]
32
+ end
33
+ end
34
+ end
data/lib/enforce_ssl/filter_railtie.rb ADDED
@@ -0,0 +1,13 @@
1
+ require 'enforce_ssl/base_railtie'
2
+ require 'enforce_ssl/enforce_ssl_filter'
3
+
4
+ module EnforceSsl
5
+ class FilterRailtie < Rails::Railtie
6
+
7
+ config.before_configuration do |app|
8
+ BaseRailtie.configuration(app)
9
+ ::ActionController::Base.send :include, EnforceSslFilter
10
+ ::ActionController::Base.prepend_before_filter(:enforce_ssl)
11
+ end
12
+ end
13
+ end
data/lib/enforce_ssl/rack_railtie.rb ADDED
@@ -0,0 +1,12 @@
1
+ require 'enforce_ssl/base_railtie'
2
+ require 'enforce_ssl/enforce_ssl_rack'
3
+
4
+ module EnforceSsl
5
+ class FilterRailtie < Rails::Railtie
6
+
7
+ config.before_configuration do |app|
8
+ BaseRailtie.configuration(app)
9
+ app.config.middleware.insert_before(::ActionDispatch::Static, EnforceSslRack)
10
+ end
11
+ end
12
+ end
metadata CHANGED
@@ -4,9 +4,9 @@ version: !ruby/object:Gem::Version
4
4
  prerelease: false
5
5
  segments:
6
6
  - 0
7
- - 1
7
+ - 2
8
8
  - 0
9
- version: 0.1.0
9
+ version: 0.2.0
10
10
  platform: ruby
11
11
  authors:
12
12
  - mkristian
@@ -14,7 +14,7 @@ autorequire:
14
14
  bindir: bin
15
15
  cert_chain: []
16
16
 
17
- date: 2010-10-31 00:00:00 +05:30
17
+ date: 2011-03-22 00:00:00 +05:30
18
18
  default_executable:
19
19
  dependencies:
20
20
  - !ruby/object:Gem::Dependency
@@ -41,22 +41,18 @@ extensions: []
41
41
  extra_rdoc_files: []
42
42
 
43
43
  files:
44
+ - MIT-LICENSE
44
45
  - lib/enforce-ssl.rb
46
+ - lib/enforce_ssl/filter_railtie.rb
47
+ - lib/enforce_ssl/rack_railtie.rb
48
+ - lib/enforce_ssl/enforce_ssl_filter.rb
49
+ - lib/enforce_ssl/base_railtie.rb
50
+ - lib/enforce_ssl/enforce_ssl_rack.rb
45
51
  has_rdoc: true
46
52
  homepage: http://github.com/mkristian/enforce-ssl
47
- licenses: []
48
-
49
- post_install_message: |-
50
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
51
- configure the enforced ssl port with
52
- (default => { development => 3000, production => 443 }):
53
-
54
- config.ssl_port = 8443
55
-
56
- for development you can do that in "config/environments/development.rb".
57
- you can use "jetty-run" from "ruby-maven" gem (jruby only) to have both
58
- an http and an https port listing for requests.
59
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
53
+ licenses:
54
+ - MIT-LICENSE
55
+ post_install_message:
60
56
  rdoc_options: []
61
57
 
62
58
  require_paths: