RubyGems - firewall_constraint - Versions diffs - 0.0.2 → 0.0.4 - Mend

firewall_constraint 0.0.2 → 0.0.4

Files changed (16) hide show

data/.gitignore +1 -0
data/.travis.yml +6 -0
data/README.md +9 -1
data/Rakefile +19 -1
data/firewall_constraint.gemspec +3 -3
data/lib/firewall_constraint.rb +25 -7
data/lib/firewall_constraint/version.rb +1 -1
data/spec/rails_app/app/controllers/dummy_controller.rb +8 -0
data/spec/rails_app/config/routes.rb +8 -0
data/spec/requests/dummy_controller_spec.rb +60 -0
data/spec/spec_helper.rb +0 -1
metadata +30 -36
data/spec/rails_app/app/views/payment/info_for_cc.html.erb +0 -1
data/spec/rails_app/app/views/payment/info_for_ec.html.erb +0 -1
data/spec/rails_app/app/views/payment/process_cc_payment.html.erb +0 -1
data/spec/rails_app/app/views/payment/process_from_session.html.erb +0 -1

data/.gitignore CHANGED

@@ -2,3 +2,4 @@
 .bundle
 Gemfile.lock
 pkg/*
+coverage

data/.travis.yml ADDED

@@ -0,0 +1,6 @@
+rvm:
+  - 1.8.7
+  - 1.9.2
+  - 1.9.3
+  - rbx
+  - jruby

data/README.md CHANGED

@@ -24,6 +24,10 @@ config/routes.rb:
       get 'dummy/blocked_by_dynamic' => 'dummy#blocked_by_dynamic'
     end
+    constraints FirewallConstraint::Constraint.new(Proc.new{['127.0.0.1']}) do
+      get 'dummy/blocked_by_proc'
+    end
 ----
 Uses a config file if ips not present in routes
@@ -33,4 +37,8 @@ config/firewall_constraint.yml:
     test:
       - 10.0.0.0/8
-----
+----
+You should be able to do DB-based whitelisting using the Proc whitelisting and an activerecord lookup or something similar to:
+constraints FirewallConstraint::Constraint.new(Proc.new{ValidIps.all.map{|x| x.ip}})

data/Rakefile CHANGED

@@ -10,4 +10,22 @@ desc 'Run specs'
 RSpec::Core::RakeTask.new(:spec) do |spec|
   # spec.libs << 'lib' << 'spec'
   # spec.spec_files = FileList['spec/**/*_spec.rb']
-end
+  # spec.rcov = true
+  # spec.rcov_opts = %w{--rails --exclude osx\/objc,gems\/,spec\/,features\/}
+end
+task :cleanup_rcov_files do
+  rm_rf 'coverage'
+end
+desc "Run all examples using rcov"
+RSpec::Core::RakeTask.new :rcov => :cleanup_rcov_files do |t|
+  t.rcov = true
+  t.rcov_opts =  %[-Ilib -Ispec --exclude "gems/*,features"]
+  t.rcov_opts << %[--text-report --sort coverage --html]
+end
+# desc  "Run all specs with rcov"
+# RSpec::Core::RakeTask.new(:rcov => spec_prereq) do |t|
+#
+# end

data/firewall_constraint.gemspec CHANGED

@@ -14,11 +14,11 @@ Gem::Specification.new do |s|
   s.rubyforge_project = "firewallconstraint"
+  s.add_development_dependency(%q<rails>, ["3.0.5"])
   s.add_dependency(%q<rails>, ["~> 3.0.0"])
   s.add_dependency(%q<ipaddress>)
-  s.add_development_dependency(%q<rails>, ["3.0.5"])
-	s.add_development_dependency(%q<shoulda>)
-  s.add_development_dependency(%q<rspec-rails>, [">= 2.5.0"])
+	s.add_development_dependency(%q<shoulda>, "~> 3.0.0")
+  s.add_development_dependency(%q<rspec-rails>, ["~> 2.5.0"])
   s.files         = `git ls-files`.split("\n")
   s.test_files    = `git ls-files -- {test,spec,features}/*`.split("\n")

data/lib/firewall_constraint.rb CHANGED

@@ -2,17 +2,21 @@ module FirewallConstraint
   require 'ipaddress'
   class Constraint
     def initialize(ips = [])
-      ips = [ips].flatten
-      @config = ips.empty? ?
-        YAML.load_file(Rails.root.join('config','firewall_constraint.yml'))[Rails.env] :
-        ips
+      if ips.respond_to? :call
+        @ips = ips
+      else
+        ips = [ips].flatten
+        @config = !ips.empty? ? ips :
+          YAML.load_file(Rails.root.join('config','firewall_constraint.yml'))[Rails.env]
-      @ips = @config.map{|c| IPAddress::parse(c)}
+        @ips = @config
+      end
     end
     def matches?(request)
       client_ip = IPAddress::parse(request.env["HTTP_X_FORWARDED_FOR"] ? request.env["HTTP_X_FORWARDED_FOR"] : request.remote_ip)
-      @ips.each do |ip|
+      parsed_ips.each do |ip|
         begin
           return true if ip.include?(client_ip)
         rescue NoMethodError => nme
@@ -20,6 +24,20 @@ module FirewallConstraint
       end
       false
     end
+    def parsed_ips
+      cur_ips = ips
+      if cur_ips == @old_ips
+        @cached_parsed_ips
+      else
+        @old_ips = cur_ips
+        @cached_parsed_ips = cur_ips.map{|c| IPAddress::parse(c)}
+      end
+    end
+    def ips
+      @ips.respond_to?(:call) ? @ips.call : @ips
+    end
   end
-  # Your code goes here...
 end

data/lib/firewall_constraint/version.rb CHANGED

@@ -1,3 +1,3 @@
 module FirewallConstraint
-  VERSION = "0.0.2"
+  VERSION = "0.0.4"
 end

data/spec/rails_app/app/controllers/dummy_controller.rb CHANGED

@@ -14,4 +14,12 @@ class DummyController < ApplicationController
   def blocked_by_dynamic
     render :text => "dynamic"
   end
+  def blocked_by_ipv6
+    render :text => "ipv6"
+  end
+  def blocked_by_proc
+    render :text => "proc"
+  end
 end

data/spec/rails_app/config/routes.rb CHANGED

@@ -11,4 +11,12 @@ RailsApp::Application.routes.draw do
   end
   root :to => 'dummy#index'
+  constraints FirewallConstraint::Constraint.new('fe80::d69a:20ff:fe0d:45fe') do
+    get 'dummy/blocked_by_ipv6'
+  end
+  constraints FirewallConstraint::Constraint.new(Proc.new{['127.0.0.1']}) do
+    get 'dummy/blocked_by_proc'
+  end
 end

data/spec/requests/dummy_controller_spec.rb CHANGED

@@ -18,6 +18,56 @@ describe "dummy stuff" do
     end
   end
+  it 'should get procced constraint' do
+    get root_path, nil, "REMOTE_ADDR" => "127.0.0.1"
+    open_session do |sess|
+      sess.remote_addr = '127.0.0.1'
+      get '/dummy/blocked_by_proc'
+      response.should be_success
+    end
+  end
+  it 'should get ipv6 constraint' do
+    ipv6 = 'fe80::d69a:20ff:fe0d:45fe'
+    get root_path, nil, "REMOTE_ADDR" => ipv6
+    open_session do |sess|
+      sess.remote_addr = ipv6
+      get '/dummy/blocked_by_ipv6'
+      response.should be_success
+    end
+  end
+  context 'given a bad ipv6 ip' do
+    around do |example|
+      ipv6 = 'fe80::d69a:20ff:fe0d:45ff'
+      get root_path, nil, "REMOTE_ADDR" => ipv6
+      open_session do |sess|
+        sess.remote_addr = ipv6
+        example.run
+      end
+    end
+    it 'should not vomit on an ipv4 rule' do
+      get '/dummy/blocked_by_block'
+      response.status.should eql 404
+    end
+    it 'should block on an ipv6 rule' do
+      get '/dummy/blocked_by_ipv6'
+      response.status.should eql 404
+    end
+  end
+  it 'should not vomit given a bad ipv6 ip' do
+    ipv6 = 'fe80::d69a:20ff:fe0d:45fe'
+    get root_path, nil, "REMOTE_ADDR" => ipv6
+    open_session do |sess|
+      sess.remote_addr = ipv6
+      get '/dummy/blocked_by_block'
+      response.status.should eql 404
+    end
+  end
   context 'given a good ip' do
     around do |example|
       get root_path, nil, "REMOTE_ADDR" => "10.0.0.45"
@@ -47,10 +97,20 @@ describe "dummy stuff" do
       end
     end
+    it 'should not vomit on an ipv4 rule' do
+      get '/dummy/blocked_by_ipv6'
+      response.status.should eql 404
+    end
     it 'should not get inline constraint' do
       get '/dummy/blocked_by_inline'
       response.status.should eql 404
     end
+    it 'should not get procced constraint' do
+      get '/dummy/blocked_by_proc'
+      response.status.should eql 404
+    end
     it 'should not get block constraint' do
       get '/dummy/blocked_by_block'

data/spec/spec_helper.rb CHANGED

@@ -3,7 +3,6 @@ Bundler.setup
 ENV["RAILS_ENV"] ||= 'test'
 require 'rails_app/config/environment'
 require 'rspec/rails'
-require 'shoulda/integrations/rspec2'
 require 'rubygems'
 RSpec.configure do |config|

metadata CHANGED

@@ -1,13 +1,13 @@
 --- !ruby/object:Gem::Specification
 name: firewall_constraint
 version: !ruby/object:Gem::Version
-  hash: 27
-  prerelease: false
+  hash: 23
+  prerelease:
   segments:
   - 0
   - 0
-  - 2
-  version: 0.0.2
+  - 4
+  version: 0.0.4
 platform: ruby
 authors:
 - Mike Auclair
@@ -15,8 +15,7 @@ autorequire:
 bindir: bin
 cert_chain: []
-date: 2011-03-23 00:00:00 -04:00
-default_executable:
+date: 2012-03-20 00:00:00 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rails
@@ -24,45 +23,45 @@ dependencies:
   requirement: &id001 !ruby/object:Gem::Requirement
     none: false
     requirements:
-    - - ~>
+    - - "="
       - !ruby/object:Gem::Version
-        hash: 7
+        hash: 13
         segments:
         - 3
         - 0
-        - 0
-        version: 3.0.0
-  type: :runtime
+        - 5
+        version: 3.0.5
+  type: :development
   version_requirements: *id001
 - !ruby/object:Gem::Dependency
-  name: ipaddress
+  name: rails
   prerelease: false
   requirement: &id002 !ruby/object:Gem::Requirement
     none: false
     requirements:
-    - - ">="
+    - - ~>
       - !ruby/object:Gem::Version
-        hash: 3
+        hash: 7
         segments:
+        - 3
         - 0
-        version: "0"
+        - 0
+        version: 3.0.0
   type: :runtime
   version_requirements: *id002
 - !ruby/object:Gem::Dependency
-  name: rails
+  name: ipaddress
   prerelease: false
   requirement: &id003 !ruby/object:Gem::Requirement
     none: false
     requirements:
-    - - "="
+    - - ">="
       - !ruby/object:Gem::Version
-        hash: 13
+        hash: 3
         segments:
-        - 3
         - 0
-        - 5
-        version: 3.0.5
-  type: :development
+        version: "0"
+  type: :runtime
   version_requirements: *id003
 - !ruby/object:Gem::Dependency
   name: shoulda
@@ -70,12 +69,14 @@ dependencies:
   requirement: &id004 !ruby/object:Gem::Requirement
     none: false
     requirements:
-    - - ">="
+    - - ~>
       - !ruby/object:Gem::Version
-        hash: 3
+        hash: 7
         segments:
+        - 3
         - 0
-        version: "0"
+        - 0
+        version: 3.0.0
   type: :development
   version_requirements: *id004
 - !ruby/object:Gem::Dependency
@@ -84,7 +85,7 @@ dependencies:
   requirement: &id005 !ruby/object:Gem::Requirement
     none: false
     requirements:
-    - - ">="
+    - - ~>
       - !ruby/object:Gem::Version
         hash: 27
         segments:
@@ -105,6 +106,7 @@ extra_rdoc_files: []
 files:
 - .gitignore
+- .travis.yml
 - Gemfile
 - README.md
 - Rakefile
@@ -119,10 +121,6 @@ files:
 - spec/rails_app/app/controllers/dummy_controller.rb
 - spec/rails_app/app/helpers/application_helper.rb
 - spec/rails_app/app/views/layouts/application.html.erb
-- spec/rails_app/app/views/payment/info_for_cc.html.erb
-- spec/rails_app/app/views/payment/info_for_ec.html.erb
-- spec/rails_app/app/views/payment/process_cc_payment.html.erb
-- spec/rails_app/app/views/payment/process_from_session.html.erb
 - spec/rails_app/config.ru
 - spec/rails_app/config/application.rb
 - spec/rails_app/config/boot.rb
@@ -162,7 +160,6 @@ files:
 - spec/rails_app/vendor/plugins/.gitkeep
 - spec/requests/dummy_controller_spec.rb
 - spec/spec_helper.rb
-has_rdoc: true
 homepage: http://github.com/mikeauclair/firewall_constraint
 licenses: []
@@ -192,7 +189,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
 requirements: []
 rubyforge_project: firewallconstraint
-rubygems_version: 1.3.7
+rubygems_version: 1.8.11
 signing_key:
 specification_version: 3
 summary: Rails 3 firewall route constraints
@@ -205,10 +202,6 @@ test_files:
 - spec/rails_app/app/controllers/dummy_controller.rb
 - spec/rails_app/app/helpers/application_helper.rb
 - spec/rails_app/app/views/layouts/application.html.erb
-- spec/rails_app/app/views/payment/info_for_cc.html.erb
-- spec/rails_app/app/views/payment/info_for_ec.html.erb
-- spec/rails_app/app/views/payment/process_cc_payment.html.erb
-- spec/rails_app/app/views/payment/process_from_session.html.erb
 - spec/rails_app/config.ru
 - spec/rails_app/config/application.rb
 - spec/rails_app/config/boot.rb
@@ -248,3 +241,4 @@ test_files:
 - spec/rails_app/vendor/plugins/.gitkeep
 - spec/requests/dummy_controller_spec.rb
 - spec/spec_helper.rb
+has_rdoc:

data/spec/rails_app/app/views/payment/info_for_cc.html.erb DELETED

	@@ -1 +0,0 @@
1	- ASDF

data/spec/rails_app/app/views/payment/info_for_ec.html.erb DELETED

	@@ -1 +0,0 @@
1	- ASDF

data/spec/rails_app/app/views/payment/process_cc_payment.html.erb DELETED

	@@ -1 +0,0 @@
1	- ASDF

data/spec/rails_app/app/views/payment/process_from_session.html.erb DELETED

	@@ -1 +0,0 @@
1	- ASDF