excursion 0.1.2 → 0.1.3

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: fa219ff3cceb9e5784a69dd6ce6aeca3dd2e8bb2
-  data.tar.gz: 3c325aff19013e5e14dfad13bb5528d877cea8f9
+  metadata.gz: ab8132a7eecf4dbcd15c02be1910a80ff4f99251
+  data.tar.gz: 09b7d1bb9d3c3df27b13943717da2fc425d1b173
 SHA512:
-  metadata.gz: f53750d0d718d610eb166038656d7b95678222a116237a9243b9c7951d38c070c199a93d144f996d78a86a4a7610f53153883381491d2918eaf4939d7df659da
-  data.tar.gz: 4788c23938cae5cca1589708e9b8fff3dc6414b8ce8f7b7aebe0c4e30d86168f025fba5568c6edc9b09998de713b01f397be3ba3a4c1d38e178f62088f515f9f
+  metadata.gz: 96cbfb48309e2b4e238b9ec4fb07c9e8ce6832f29001b6b2869ef1ee2d75466b20867245510d44c8b3598e35ae797c0c078cd892f80a65294f5b43d2ae599054
+  data.tar.gz: 56e54a5963c2ef247b8ba511613c98bb1967ca33acf05689bbbba088a2757497ac37d0c1831db47569a3c73345a1ef7245b11628778412aa67de1ad2cc5d967d

data/config/routes.rb

@@ -0,0 +1,3 @@
+Excursion::Engine.routes.draw do
+  match '*path' => 'application#cors_preflight', :via => :options if Excursion.configuration.enable_cors
+end

data/lib/excursion/configuration.rb

@@ -6,7 +6,14 @@ module Excursion
         # include_pattern: to only include certain routes
       register_app: true, # whether or not to register the app automatically on init
       default_url_options: {}, # default_url_options used when building routes for this app
-      retry_limit: 3 # retry limit for datastores that user remote servers
+      retry_limit: 3, # retry limit for datastores that user remote servers
+      enable_cors: false, # enables cross-origin resource sharing for this app
+      cors_whitelist: :pool, # whitelist for allowing cors for specific domains - defaults to only allow registered excursion apps
+      cors_blacklist: nil, # blacklist for denying cors for specific domains
+      cors_allow_methods: %w(POST PUT PATCH GET DELETE), # list of allowed cors request methods (Access-Control-Allow-Methods)
+      cors_allow_headers: %w(origin content-type accept x-requested-with x-csrf-token), # list of allowed cors request headers (Access-Control-Allow-Headers)
+      cors_allow_credentials: true, # allow credentials with cors requests (Access-Control-Allow-Credentials)
+      cors_max_age: 1728000 # cors max age (Access-Control-Max-Age)
     }
 
     #attr_reader *DEFAULT_CONFIGURATION_OPTIONS.keys

data/lib/excursion/cors.rb

@@ -0,0 +1,35 @@
+module Excursion
+  module CORS
+    def self.included(base)
+      base.send :before_filter, :cors_headers if Excursion.configuration.enable_cors
+    end
+
+    def cors_match?(origin, host)
+      host.is_a?(Regexp) ? origin.match(host) : origin.downcase == host.downcase
+    end
+
+    def cors_whitelisted?(origin)
+      return Excursion::Pool.all_applications.values.map { |app| app.default_url_options[:host] }.any? { |cw| cors_match? origin, cw } if Excursion.configuration.cors_whitelist == :pool
+      Excursion.configuration.cors_whitelist.nil? || Excursion.configuration.cors_whitelist.any? { |cw| cors_match? origin, cw }
+    end
+
+    def cors_blacklisted?(origin)
+      !Excursion.configuration.cors_blacklist.nil? && !Excursion.configuration.cors_blacklist.any? { |cb| cors_match? origin, cb }
+    end
+
+    def cors_headers
+      if !request.headers['Origin'].nil? && cors_whitelisted?(request.headers['Origin']) && !cors_blacklisted?(request.headers['Origin'])
+        headers['Access-Control-Allow-Origin'] = request.headers['Origin']
+        headers['Access-Control-Allow-Methods'] = Excursion.configuration.cors_allow_methods.join(',')
+        headers['Access-Control-Allow-Headers'] = Excursion.configuration.cors_allow_headers.join(', ')
+        headers['Access-Control-Allow-Credentials'] = Excursion.configuration.cors_allow_credentials.to_s
+        headers['Access-Control-Max-Age'] = Excursion.configuration.cors_max_age.to_s
+      end
+    end
+
+    def cors_preflight
+      cors_headers
+      render :text => '', :content_type => 'text/plain'
+    end
+  end
+end

data/lib/excursion/pool.rb

@@ -16,10 +16,10 @@ module Excursion
 
     def self.application(name)
       check_local_cache
-      return @@applications[name] if @@applications.has_key?(name) && !@@applications[name].nil?
+      return @@applications[name.to_s] if @@applications.has_key?(name.to_s) && !@@applications[name.to_s].nil?
       
       app = datastore.app(name)
-      @@applications[name] = app unless app.nil?
+      @@applications[name.to_s] = app unless app.nil?
     end
 
     def self.register_application(app=nil, opts={}, &block)
@@ -61,7 +61,7 @@ module Excursion
         datastore.set(name, app_hash)
         datastore.set('_pool_updated', Time.now.to_i)
       end
-      @@applications[name] = datastore.app(name)
+      @@applications[name.to_s] = datastore.app(name)
     end
 
     def self.remove_application(app)
@@ -107,5 +107,13 @@ module Excursion
     def self.check_local_cache
       (@@refreshed = Time.now.to_i) && (@@applications = {}) if pool_updated > pool_refreshed
     end
+
+    def self.set_secret_key_base
+      datastore.set('_secret_key_base', Digest::MD5.hexdigest(SecureRandom.base64(32)))
+    end
+
+    def self.secret_key_base
+      key = datastore.get('_secret_key_base') || set_secret_key_base
+    end
   end
 end

data/lib/excursion/railtie.rb

@@ -1,13 +1,14 @@
 module Excursion
   class Railtie < Rails::Railtie
     config.after_initialize do |app|
-      if Excursion.configuration.register_app == true && 
-         !Excursion.configuration.datastore.nil? && 
-         !defined?(Rails::Generators::Base) && # Do not register on init when running a generator (is there a better way to detect this? Maybe $0 == 'rails' && ARGV.include?('generate') or 'g')
-         File.basename($0) != "rake" # Do not register on init when running a rake task
+      # Do not register on init when running a generator (is there a better way to detect this? Maybe $0 == 'rails' && ARGV.include?('generate') or 'g')
+      # Do not register on init when running a rake task
+      if Excursion.configuration.register_app == true && !Excursion.configuration.datastore.nil? && !defined?(Rails::Generators::Base) && File.basename($0) != "rake"
         app.reload_routes!
         Excursion::Pool.register_application(app)
       end
+
+      ApplicationController.send :include, Excursion::CORS if Excursion.configuration.enable_cors
     end
 
     rake_tasks do

data/lib/excursion/version.rb

@@ -1,3 +1,3 @@
 module Excursion
-  VERSION = '0.1.2'
+  VERSION = '0.1.3'
 end

data/lib/excursion.rb

@@ -26,3 +26,4 @@ require 'excursion/pool'
 require 'excursion/helpers'
 require 'excursion/engine'
 require 'excursion/railtie'
+require 'excursion/cors'

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: excursion
 version: !ruby/object:Gem::Version
-  version: 0.1.2
+  version: 0.1.3
 platform: ruby
 authors:
 - Mark Rebec
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2013-11-07 00:00:00.000000000 Z
+date: 2013-11-14 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rails
@@ -99,10 +99,12 @@ files:
 - lib/excursion/helpers.rb
 - lib/excursion/route_pool.rb
 - lib/excursion/version.rb
+- lib/excursion/cors.rb
 - lib/generators/excursion/active_record_generator.rb
 - lib/generators/excursion/templates/migration.rb
 - lib/excursion.rb
 - app/assets/javascripts/excursion.js
+- config/routes.rb
 - spec/excursion_spec.rb
 - spec/dummy/public/500.html
 - spec/dummy/public/index.html