enforce-ssl 0.1.0 → 0.2.0
Sign up to get free protection for your applications and to get access to all the features.
- data/MIT-LICENSE +20 -0
- data/lib/enforce-ssl.rb +2 -78
- data/lib/enforce_ssl/base_railtie.rb +24 -0
- data/lib/enforce_ssl/enforce_ssl_filter.rb +27 -0
- data/lib/enforce_ssl/enforce_ssl_rack.rb +34 -0
- data/lib/enforce_ssl/filter_railtie.rb +13 -0
- data/lib/enforce_ssl/rack_railtie.rb +12 -0
- metadata +12 -16
data/MIT-LICENSE
ADDED
@@ -0,0 +1,20 @@
|
|
1
|
+
Copyright (c) 2010 Kristian Meier
|
2
|
+
|
3
|
+
Permission is hereby granted, free of charge, to any person obtaining
|
4
|
+
a copy of this software and associated documentation files (the
|
5
|
+
"Software"), to deal in the Software without restriction, including
|
6
|
+
without limitation the rights to use, copy, modify, merge, publish,
|
7
|
+
distribute, sublicense, and/or sell copies of the Software, and to
|
8
|
+
permit persons to whom the Software is furnished to do so, subject to
|
9
|
+
the following conditions:
|
10
|
+
|
11
|
+
The above copyright notice and this permission notice shall be
|
12
|
+
included in all copies or substantial portions of the Software.
|
13
|
+
|
14
|
+
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
|
15
|
+
EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
|
16
|
+
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
|
17
|
+
NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
|
18
|
+
LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
|
19
|
+
OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
|
20
|
+
WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
|
data/lib/enforce-ssl.rb
CHANGED
@@ -1,79 +1,3 @@
|
|
1
|
-
|
2
|
-
|
3
|
-
# Permission is hereby granted, free of charge, to any person obtaining
|
4
|
-
# a copy of this software and associated documentation files (the
|
5
|
-
# "Software"), to deal in the Software without restriction, including
|
6
|
-
# without limitation the rights to use, copy, modify, merge, publish,
|
7
|
-
# distribute, sublicense, and/or sell copies of the Software, and to
|
8
|
-
# permit persons to whom the Software is furnished to do so, subject to
|
9
|
-
# the following conditions:
|
10
|
-
#
|
11
|
-
# The above copyright notice and this permission notice shall be
|
12
|
-
# included in all copies or substantial portions of the Software.
|
13
|
-
#
|
14
|
-
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
|
15
|
-
# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
|
16
|
-
# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
|
17
|
-
# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
|
18
|
-
# LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
|
19
|
-
# OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
|
20
|
-
# WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
|
21
|
-
require 'rails'
|
22
|
-
|
23
|
-
class EnforceSslRailtie < Rails::Railtie
|
24
|
-
|
25
|
-
config.before_configuration do |app|
|
26
|
-
app.config.class.class_eval do
|
27
|
-
attr_accessor :ssl_port
|
28
|
-
end
|
29
|
-
app.config.ssl_port = Rails.env == "production" ? 443 : 3000
|
30
|
-
end
|
1
|
+
if defined?(Rails)
|
2
|
+
require 'enforce_ssl/filter_railtie'
|
31
3
|
end
|
32
|
-
|
33
|
-
module EnforceSsl
|
34
|
-
def self.included(controller)
|
35
|
-
#controller.extend(ClassMethods)
|
36
|
-
controller.before_filter(:enforce_ssl)
|
37
|
-
end
|
38
|
-
|
39
|
-
# module ClassMethods
|
40
|
-
# # Specifies that the named actions requires an SSL connection to be performed (which is enforced by ensure_proper_protocol).
|
41
|
-
# def ssl_required(*actions)
|
42
|
-
# write_inheritable_array(:ssl_required_actions, actions)
|
43
|
-
# end
|
44
|
-
|
45
|
-
# def ssl_allowed(*actions)
|
46
|
-
# write_inheritable_array(:ssl_allowed_actions, actions)
|
47
|
-
# end
|
48
|
-
# end
|
49
|
-
|
50
|
-
# protected
|
51
|
-
# # Returns true if the current action is supposed to run as SSL
|
52
|
-
# def ssl_required?
|
53
|
-
# (self.class.read_inheritable_attribute(:ssl_required_actions) || []).include?(action_name.to_sym)
|
54
|
-
# end
|
55
|
-
|
56
|
-
# def ssl_allowed?
|
57
|
-
# (self.class.read_inheritable_attribute(:ssl_allowed_actions) || []).include?(action_name.to_sym)
|
58
|
-
# end
|
59
|
-
|
60
|
-
private
|
61
|
-
def enforce_ssl
|
62
|
-
#return true if ssl_allowed?
|
63
|
-
|
64
|
-
is_ssl = request.port.to_i == Rails.configuration.ssl_port.to_i
|
65
|
-
request.env['HTTPS'] = is_ssl ? "on" : nil
|
66
|
-
|
67
|
-
#if ssl_required? && !request.ssl?
|
68
|
-
unless is_ssl
|
69
|
-
redirect_to "https://" + request.host + ":#{Rails.configuration.ssl_port}" + request.fullpath
|
70
|
-
flash.keep
|
71
|
-
return false
|
72
|
-
#elsif request.ssl? && !ssl_required?
|
73
|
-
# redirect_to "http://" + request.host + request.request_uri
|
74
|
-
# flash.keep
|
75
|
-
# return false
|
76
|
-
end
|
77
|
-
end
|
78
|
-
end
|
79
|
-
ActionController::Base.send(:include, EnforceSsl)
|
@@ -0,0 +1,24 @@
|
|
1
|
+
require 'rails'
|
2
|
+
|
3
|
+
module EnforceSsl
|
4
|
+
class BaseRailtie
|
5
|
+
|
6
|
+
def self.configuration(app)
|
7
|
+
app.config.class.class_eval do
|
8
|
+
attr_accessor :no_ssl_port
|
9
|
+
attr_accessor :ssl_port
|
10
|
+
attr_accessor :hsts_max_age
|
11
|
+
attr_accessor :hsts_include_sub_domain
|
12
|
+
end
|
13
|
+
if Rails.env == "production"
|
14
|
+
app.config.no_ssl_port = 80
|
15
|
+
app.config.ssl_port = 443
|
16
|
+
else
|
17
|
+
app.config.no_ssl_port = 8080
|
18
|
+
app.config.ssl_port = 8443
|
19
|
+
end
|
20
|
+
app.config.hsts_include_sub_domain = false
|
21
|
+
app.config.hsts_max_age = 31536000 # one year in seconds
|
22
|
+
end
|
23
|
+
end
|
24
|
+
end
|
@@ -0,0 +1,27 @@
|
|
1
|
+
require 'rails'
|
2
|
+
|
3
|
+
module EnforceSsl
|
4
|
+
module EnforceSslFilter
|
5
|
+
def enforce_ssl
|
6
|
+
controller = self
|
7
|
+
is_ssl = controller.request.port.to_i == Rails.configuration.ssl_port.to_i
|
8
|
+
is_not_ssl = controller.request.port.to_i == Rails.configuration.no_ssl_port.to_i
|
9
|
+
|
10
|
+
controller.request.env['HTTPS'] = is_ssl ? "on" : nil
|
11
|
+
|
12
|
+
if is_ssl
|
13
|
+
# use only if max_age is set and only in production mode since it
|
14
|
+
# needs a proper (not self-signed) certificate
|
15
|
+
if Rails.configuration.hsts_max_age && Rails.env == "production"
|
16
|
+
subdomain = Rails.configuration.hsts_include_sub_domains? ? " ; includeSubDomains" : ""
|
17
|
+
controller. response.headers['Strict-Transport-Security'] = "max-age=#{Rails.configuration.hsts_max_age.to_i}" + subdomain
|
18
|
+
|
19
|
+
end
|
20
|
+
elsif is_not_ssl
|
21
|
+
controller.redirect_to "https://" + controller.request.host + ":#{Rails.configuration.ssl_port}" + controller.request.fullpath
|
22
|
+
controller.flash.keep
|
23
|
+
return false
|
24
|
+
end
|
25
|
+
end
|
26
|
+
end
|
27
|
+
end
|
@@ -0,0 +1,34 @@
|
|
1
|
+
module EnforceSsl
|
2
|
+
class EnforceSslRack
|
3
|
+
|
4
|
+
def initialize(app)
|
5
|
+
@app = app
|
6
|
+
end
|
7
|
+
|
8
|
+
def call(env)
|
9
|
+
scheme = env["rack.url_scheme"]
|
10
|
+
port = env["SERVER_PORT"]
|
11
|
+
is_ssl = port.to_i == Rails.configuration.ssl_port.to_i
|
12
|
+
is_not_ssl = port.to_i == Rails.configuration.no_ssl_port.to_i
|
13
|
+
|
14
|
+
if is_ssl
|
15
|
+
@status, @headers, @body = @app.call(env)
|
16
|
+
|
17
|
+
# use only if max_age is set and only in production mode since it
|
18
|
+
# needs a proper (not self-signed) certificate
|
19
|
+
if Rails.configuration.hsts_max_age && Rails.env == "production"
|
20
|
+
subdomain = Rails.configuration.hsts_include_sub_domains? ? " ; includeSubDomains" : ""
|
21
|
+
@headers['Strict-Transport-Security'] = "max-age=#{Rails.configuration.hsts_max_age.to_i}" + subdomain
|
22
|
+
|
23
|
+
end
|
24
|
+
elsif is_not_ssl
|
25
|
+
@headers = { "location" => "https://" + env["HTTP_HOST"].sub(/\:.*/, '') + ":#{Rails.configuration.ssl_port}" + env["PATH_INFO"] }
|
26
|
+
@status = 302
|
27
|
+
@body = ''
|
28
|
+
else
|
29
|
+
@status, @headers, @body = @app.call(env)
|
30
|
+
end
|
31
|
+
[@status, @headers, @body]
|
32
|
+
end
|
33
|
+
end
|
34
|
+
end
|
@@ -0,0 +1,13 @@
|
|
1
|
+
require 'enforce_ssl/base_railtie'
|
2
|
+
require 'enforce_ssl/enforce_ssl_filter'
|
3
|
+
|
4
|
+
module EnforceSsl
|
5
|
+
class FilterRailtie < Rails::Railtie
|
6
|
+
|
7
|
+
config.before_configuration do |app|
|
8
|
+
BaseRailtie.configuration(app)
|
9
|
+
::ActionController::Base.send :include, EnforceSslFilter
|
10
|
+
::ActionController::Base.prepend_before_filter(:enforce_ssl)
|
11
|
+
end
|
12
|
+
end
|
13
|
+
end
|
@@ -0,0 +1,12 @@
|
|
1
|
+
require 'enforce_ssl/base_railtie'
|
2
|
+
require 'enforce_ssl/enforce_ssl_rack'
|
3
|
+
|
4
|
+
module EnforceSsl
|
5
|
+
class FilterRailtie < Rails::Railtie
|
6
|
+
|
7
|
+
config.before_configuration do |app|
|
8
|
+
BaseRailtie.configuration(app)
|
9
|
+
app.config.middleware.insert_before(::ActionDispatch::Static, EnforceSslRack)
|
10
|
+
end
|
11
|
+
end
|
12
|
+
end
|
metadata
CHANGED
@@ -4,9 +4,9 @@ version: !ruby/object:Gem::Version
|
|
4
4
|
prerelease: false
|
5
5
|
segments:
|
6
6
|
- 0
|
7
|
-
-
|
7
|
+
- 2
|
8
8
|
- 0
|
9
|
-
version: 0.
|
9
|
+
version: 0.2.0
|
10
10
|
platform: ruby
|
11
11
|
authors:
|
12
12
|
- mkristian
|
@@ -14,7 +14,7 @@ autorequire:
|
|
14
14
|
bindir: bin
|
15
15
|
cert_chain: []
|
16
16
|
|
17
|
-
date:
|
17
|
+
date: 2011-03-22 00:00:00 +05:30
|
18
18
|
default_executable:
|
19
19
|
dependencies:
|
20
20
|
- !ruby/object:Gem::Dependency
|
@@ -41,22 +41,18 @@ extensions: []
|
|
41
41
|
extra_rdoc_files: []
|
42
42
|
|
43
43
|
files:
|
44
|
+
- MIT-LICENSE
|
44
45
|
- lib/enforce-ssl.rb
|
46
|
+
- lib/enforce_ssl/filter_railtie.rb
|
47
|
+
- lib/enforce_ssl/rack_railtie.rb
|
48
|
+
- lib/enforce_ssl/enforce_ssl_filter.rb
|
49
|
+
- lib/enforce_ssl/base_railtie.rb
|
50
|
+
- lib/enforce_ssl/enforce_ssl_rack.rb
|
45
51
|
has_rdoc: true
|
46
52
|
homepage: http://github.com/mkristian/enforce-ssl
|
47
|
-
licenses:
|
48
|
-
|
49
|
-
post_install_message:
|
50
|
-
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
|
51
|
-
configure the enforced ssl port with
|
52
|
-
(default => { development => 3000, production => 443 }):
|
53
|
-
|
54
|
-
config.ssl_port = 8443
|
55
|
-
|
56
|
-
for development you can do that in "config/environments/development.rb".
|
57
|
-
you can use "jetty-run" from "ruby-maven" gem (jruby only) to have both
|
58
|
-
an http and an https port listing for requests.
|
59
|
-
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
|
53
|
+
licenses:
|
54
|
+
- MIT-LICENSE
|
55
|
+
post_install_message:
|
60
56
|
rdoc_options: []
|
61
57
|
|
62
58
|
require_paths:
|