firewall_constraint 0.0.2 → 0.0.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (16) hide show
  1. data/.gitignore +1 -0
  2. data/.travis.yml +6 -0
  3. data/README.md +9 -1
  4. data/Rakefile +19 -1
  5. data/firewall_constraint.gemspec +3 -3
  6. data/lib/firewall_constraint.rb +25 -7
  7. data/lib/firewall_constraint/version.rb +1 -1
  8. data/spec/rails_app/app/controllers/dummy_controller.rb +8 -0
  9. data/spec/rails_app/config/routes.rb +8 -0
  10. data/spec/requests/dummy_controller_spec.rb +60 -0
  11. data/spec/spec_helper.rb +0 -1
  12. metadata +30 -36
  13. data/spec/rails_app/app/views/payment/info_for_cc.html.erb +0 -1
  14. data/spec/rails_app/app/views/payment/info_for_ec.html.erb +0 -1
  15. data/spec/rails_app/app/views/payment/process_cc_payment.html.erb +0 -1
  16. data/spec/rails_app/app/views/payment/process_from_session.html.erb +0 -1
data/.gitignore CHANGED
@@ -2,3 +2,4 @@
2
2
  .bundle
3
3
  Gemfile.lock
4
4
  pkg/*
5
+ coverage
data/.travis.yml ADDED
@@ -0,0 +1,6 @@
1
+ rvm:
2
+ - 1.8.7
3
+ - 1.9.2
4
+ - 1.9.3
5
+ - rbx
6
+ - jruby
data/README.md CHANGED
@@ -24,6 +24,10 @@ config/routes.rb:
24
24
  get 'dummy/blocked_by_dynamic' => 'dummy#blocked_by_dynamic'
25
25
  end
26
26
 
27
+ constraints FirewallConstraint::Constraint.new(Proc.new{['127.0.0.1']}) do
28
+ get 'dummy/blocked_by_proc'
29
+ end
30
+
27
31
  ----
28
32
 
29
33
  Uses a config file if ips not present in routes
@@ -33,4 +37,8 @@ config/firewall_constraint.yml:
33
37
  test:
34
38
  - 10.0.0.0/8
35
39
 
36
- ----
40
+ ----
41
+
42
+ You should be able to do DB-based whitelisting using the Proc whitelisting and an activerecord lookup or something similar to:
43
+
44
+ constraints FirewallConstraint::Constraint.new(Proc.new{ValidIps.all.map{|x| x.ip}})
data/Rakefile CHANGED
@@ -10,4 +10,22 @@ desc 'Run specs'
10
10
  RSpec::Core::RakeTask.new(:spec) do |spec|
11
11
  # spec.libs << 'lib' << 'spec'
12
12
  # spec.spec_files = FileList['spec/**/*_spec.rb']
13
- end
13
+ # spec.rcov = true
14
+ # spec.rcov_opts = %w{--rails --exclude osx\/objc,gems\/,spec\/,features\/}
15
+ end
16
+
17
+ task :cleanup_rcov_files do
18
+ rm_rf 'coverage'
19
+ end
20
+
21
+ desc "Run all examples using rcov"
22
+ RSpec::Core::RakeTask.new :rcov => :cleanup_rcov_files do |t|
23
+ t.rcov = true
24
+ t.rcov_opts = %[-Ilib -Ispec --exclude "gems/*,features"]
25
+ t.rcov_opts << %[--text-report --sort coverage --html]
26
+ end
27
+
28
+ # desc "Run all specs with rcov"
29
+ # RSpec::Core::RakeTask.new(:rcov => spec_prereq) do |t|
30
+ #
31
+ # end
data/firewall_constraint.gemspec CHANGED
@@ -14,11 +14,11 @@ Gem::Specification.new do |s|
14
14
 
15
15
  s.rubyforge_project = "firewallconstraint"
16
16
 
17
+ s.add_development_dependency(%q<rails>, ["3.0.5"])
17
18
  s.add_dependency(%q<rails>, ["~> 3.0.0"])
18
19
  s.add_dependency(%q<ipaddress>)
19
- s.add_development_dependency(%q<rails>, ["3.0.5"])
20
- s.add_development_dependency(%q<shoulda>)
21
- s.add_development_dependency(%q<rspec-rails>, [">= 2.5.0"])
20
+ s.add_development_dependency(%q<shoulda>, "~> 3.0.0")
21
+ s.add_development_dependency(%q<rspec-rails>, ["~> 2.5.0"])
22
22
 
23
23
  s.files = `git ls-files`.split("\n")
24
24
  s.test_files = `git ls-files -- {test,spec,features}/*`.split("\n")
data/lib/firewall_constraint.rb CHANGED
@@ -2,17 +2,21 @@ module FirewallConstraint
2
2
  require 'ipaddress'
3
3
  class Constraint
4
4
  def initialize(ips = [])
5
- ips = [ips].flatten
6
- @config = ips.empty? ?
7
- YAML.load_file(Rails.root.join('config','firewall_constraint.yml'))[Rails.env] :
8
- ips
5
+ if ips.respond_to? :call
6
+ @ips = ips
7
+ else
8
+ ips = [ips].flatten
9
+ @config = !ips.empty? ? ips :
10
+ YAML.load_file(Rails.root.join('config','firewall_constraint.yml'))[Rails.env]
11
+
9
12
 
10
- @ips = @config.map{|c| IPAddress::parse(c)}
13
+ @ips = @config
14
+ end
11
15
  end
12
16
 
13
17
  def matches?(request)
14
18
  client_ip = IPAddress::parse(request.env["HTTP_X_FORWARDED_FOR"] ? request.env["HTTP_X_FORWARDED_FOR"] : request.remote_ip)
15
- @ips.each do |ip|
19
+ parsed_ips.each do |ip|
16
20
  begin
17
21
  return true if ip.include?(client_ip)
18
22
  rescue NoMethodError => nme
@@ -20,6 +24,20 @@ module FirewallConstraint
20
24
  end
21
25
  false
22
26
  end
27
+
28
+ def parsed_ips
29
+ cur_ips = ips
30
+ if cur_ips == @old_ips
31
+ @cached_parsed_ips
32
+ else
33
+ @old_ips = cur_ips
34
+ @cached_parsed_ips = cur_ips.map{|c| IPAddress::parse(c)}
35
+ end
36
+
37
+ end
38
+
39
+ def ips
40
+ @ips.respond_to?(:call) ? @ips.call : @ips
41
+ end
23
42
  end
24
- # Your code goes here...
25
43
  end
data/lib/firewall_constraint/version.rb CHANGED
@@ -1,3 +1,3 @@
1
1
  module FirewallConstraint
2
- VERSION = "0.0.2"
2
+ VERSION = "0.0.4"
3
3
  end
data/spec/rails_app/app/controllers/dummy_controller.rb CHANGED
@@ -14,4 +14,12 @@ class DummyController < ApplicationController
14
14
  def blocked_by_dynamic
15
15
  render :text => "dynamic"
16
16
  end
17
+
18
+ def blocked_by_ipv6
19
+ render :text => "ipv6"
20
+ end
21
+
22
+ def blocked_by_proc
23
+ render :text => "proc"
24
+ end
17
25
  end
data/spec/rails_app/config/routes.rb CHANGED
@@ -11,4 +11,12 @@ RailsApp::Application.routes.draw do
11
11
  end
12
12
 
13
13
  root :to => 'dummy#index'
14
+
15
+ constraints FirewallConstraint::Constraint.new('fe80::d69a:20ff:fe0d:45fe') do
16
+ get 'dummy/blocked_by_ipv6'
17
+ end
18
+
19
+ constraints FirewallConstraint::Constraint.new(Proc.new{['127.0.0.1']}) do
20
+ get 'dummy/blocked_by_proc'
21
+ end
14
22
  end
data/spec/requests/dummy_controller_spec.rb CHANGED
@@ -18,6 +18,56 @@ describe "dummy stuff" do
18
18
  end
19
19
  end
20
20
 
21
+ it 'should get procced constraint' do
22
+ get root_path, nil, "REMOTE_ADDR" => "127.0.0.1"
23
+ open_session do |sess|
24
+ sess.remote_addr = '127.0.0.1'
25
+ get '/dummy/blocked_by_proc'
26
+ response.should be_success
27
+ end
28
+ end
29
+
30
+ it 'should get ipv6 constraint' do
31
+ ipv6 = 'fe80::d69a:20ff:fe0d:45fe'
32
+ get root_path, nil, "REMOTE_ADDR" => ipv6
33
+ open_session do |sess|
34
+ sess.remote_addr = ipv6
35
+ get '/dummy/blocked_by_ipv6'
36
+ response.should be_success
37
+ end
38
+ end
39
+
40
+ context 'given a bad ipv6 ip' do
41
+ around do |example|
42
+ ipv6 = 'fe80::d69a:20ff:fe0d:45ff'
43
+ get root_path, nil, "REMOTE_ADDR" => ipv6
44
+ open_session do |sess|
45
+ sess.remote_addr = ipv6
46
+ example.run
47
+ end
48
+ end
49
+
50
+ it 'should not vomit on an ipv4 rule' do
51
+ get '/dummy/blocked_by_block'
52
+ response.status.should eql 404
53
+ end
54
+
55
+ it 'should block on an ipv6 rule' do
56
+ get '/dummy/blocked_by_ipv6'
57
+ response.status.should eql 404
58
+ end
59
+ end
60
+
61
+ it 'should not vomit given a bad ipv6 ip' do
62
+ ipv6 = 'fe80::d69a:20ff:fe0d:45fe'
63
+ get root_path, nil, "REMOTE_ADDR" => ipv6
64
+ open_session do |sess|
65
+ sess.remote_addr = ipv6
66
+ get '/dummy/blocked_by_block'
67
+ response.status.should eql 404
68
+ end
69
+ end
70
+
21
71
  context 'given a good ip' do
22
72
  around do |example|
23
73
  get root_path, nil, "REMOTE_ADDR" => "10.0.0.45"
@@ -47,10 +97,20 @@ describe "dummy stuff" do
47
97
  end
48
98
  end
49
99
 
100
+ it 'should not vomit on an ipv4 rule' do
101
+ get '/dummy/blocked_by_ipv6'
102
+ response.status.should eql 404
103
+ end
104
+
50
105
  it 'should not get inline constraint' do
51
106
  get '/dummy/blocked_by_inline'
52
107
  response.status.should eql 404
53
108
  end
109
+
110
+ it 'should not get procced constraint' do
111
+ get '/dummy/blocked_by_proc'
112
+ response.status.should eql 404
113
+ end
54
114
 
55
115
  it 'should not get block constraint' do
56
116
  get '/dummy/blocked_by_block'
data/spec/spec_helper.rb CHANGED
@@ -3,7 +3,6 @@ Bundler.setup
3
3
  ENV["RAILS_ENV"] ||= 'test'
4
4
  require 'rails_app/config/environment'
5
5
  require 'rspec/rails'
6
- require 'shoulda/integrations/rspec2'
7
6
  require 'rubygems'
8
7
 
9
8
  RSpec.configure do |config|
metadata CHANGED
@@ -1,13 +1,13 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: firewall_constraint
3
3
  version: !ruby/object:Gem::Version
4
- hash: 27
5
- prerelease: false
4
+ hash: 23
5
+ prerelease:
6
6
  segments:
7
7
  - 0
8
8
  - 0
9
- - 2
10
- version: 0.0.2
9
+ - 4
10
+ version: 0.0.4
11
11
  platform: ruby
12
12
  authors:
13
13
  - Mike Auclair
@@ -15,8 +15,7 @@ autorequire:
15
15
  bindir: bin
16
16
  cert_chain: []
17
17
 
18
- date: 2011-03-23 00:00:00 -04:00
19
- default_executable:
18
+ date: 2012-03-20 00:00:00 Z
20
19
  dependencies:
21
20
  - !ruby/object:Gem::Dependency
22
21
  name: rails
@@ -24,45 +23,45 @@ dependencies:
24
23
  requirement: &id001 !ruby/object:Gem::Requirement
25
24
  none: false
26
25
  requirements:
27
- - - ~>
26
+ - - "="
28
27
  - !ruby/object:Gem::Version
29
- hash: 7
28
+ hash: 13
30
29
  segments:
31
30
  - 3
32
31
  - 0
33
- - 0
34
- version: 3.0.0
35
- type: :runtime
32
+ - 5
33
+ version: 3.0.5
34
+ type: :development
36
35
  version_requirements: *id001
37
36
  - !ruby/object:Gem::Dependency
38
- name: ipaddress
37
+ name: rails
39
38
  prerelease: false
40
39
  requirement: &id002 !ruby/object:Gem::Requirement
41
40
  none: false
42
41
  requirements:
43
- - - ">="
42
+ - - ~>
44
43
  - !ruby/object:Gem::Version
45
- hash: 3
44
+ hash: 7
46
45
  segments:
46
+ - 3
47
47
  - 0
48
- version: "0"
48
+ - 0
49
+ version: 3.0.0
49
50
  type: :runtime
50
51
  version_requirements: *id002
51
52
  - !ruby/object:Gem::Dependency
52
- name: rails
53
+ name: ipaddress
53
54
  prerelease: false
54
55
  requirement: &id003 !ruby/object:Gem::Requirement
55
56
  none: false
56
57
  requirements:
57
- - - "="
58
+ - - ">="
58
59
  - !ruby/object:Gem::Version
59
- hash: 13
60
+ hash: 3
60
61
  segments:
61
- - 3
62
62
  - 0
63
- - 5
64
- version: 3.0.5
65
- type: :development
63
+ version: "0"
64
+ type: :runtime
66
65
  version_requirements: *id003
67
66
  - !ruby/object:Gem::Dependency
68
67
  name: shoulda
@@ -70,12 +69,14 @@ dependencies:
70
69
  requirement: &id004 !ruby/object:Gem::Requirement
71
70
  none: false
72
71
  requirements:
73
- - - ">="
72
+ - - ~>
74
73
  - !ruby/object:Gem::Version
75
- hash: 3
74
+ hash: 7
76
75
  segments:
76
+ - 3
77
77
  - 0
78
- version: "0"
78
+ - 0
79
+ version: 3.0.0
79
80
  type: :development
80
81
  version_requirements: *id004
81
82
  - !ruby/object:Gem::Dependency
@@ -84,7 +85,7 @@ dependencies:
84
85
  requirement: &id005 !ruby/object:Gem::Requirement
85
86
  none: false
86
87
  requirements:
87
- - - ">="
88
+ - - ~>
88
89
  - !ruby/object:Gem::Version
89
90
  hash: 27
90
91
  segments:
@@ -105,6 +106,7 @@ extra_rdoc_files: []
105
106
 
106
107
  files:
107
108
  - .gitignore
109
+ - .travis.yml
108
110
  - Gemfile
109
111
  - README.md
110
112
  - Rakefile
@@ -119,10 +121,6 @@ files:
119
121
  - spec/rails_app/app/controllers/dummy_controller.rb
120
122
  - spec/rails_app/app/helpers/application_helper.rb
121
123
  - spec/rails_app/app/views/layouts/application.html.erb
122
- - spec/rails_app/app/views/payment/info_for_cc.html.erb
123
- - spec/rails_app/app/views/payment/info_for_ec.html.erb
124
- - spec/rails_app/app/views/payment/process_cc_payment.html.erb
125
- - spec/rails_app/app/views/payment/process_from_session.html.erb
126
124
  - spec/rails_app/config.ru
127
125
  - spec/rails_app/config/application.rb
128
126
  - spec/rails_app/config/boot.rb
@@ -162,7 +160,6 @@ files:
162
160
  - spec/rails_app/vendor/plugins/.gitkeep
163
161
  - spec/requests/dummy_controller_spec.rb
164
162
  - spec/spec_helper.rb
165
- has_rdoc: true
166
163
  homepage: http://github.com/mikeauclair/firewall_constraint
167
164
  licenses: []
168
165
 
@@ -192,7 +189,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
192
189
  requirements: []
193
190
 
194
191
  rubyforge_project: firewallconstraint
195
- rubygems_version: 1.3.7
192
+ rubygems_version: 1.8.11
196
193
  signing_key:
197
194
  specification_version: 3
198
195
  summary: Rails 3 firewall route constraints
@@ -205,10 +202,6 @@ test_files:
205
202
  - spec/rails_app/app/controllers/dummy_controller.rb
206
203
  - spec/rails_app/app/helpers/application_helper.rb
207
204
  - spec/rails_app/app/views/layouts/application.html.erb
208
- - spec/rails_app/app/views/payment/info_for_cc.html.erb
209
- - spec/rails_app/app/views/payment/info_for_ec.html.erb
210
- - spec/rails_app/app/views/payment/process_cc_payment.html.erb
211
- - spec/rails_app/app/views/payment/process_from_session.html.erb
212
205
  - spec/rails_app/config.ru
213
206
  - spec/rails_app/config/application.rb
214
207
  - spec/rails_app/config/boot.rb
@@ -248,3 +241,4 @@ test_files:
248
241
  - spec/rails_app/vendor/plugins/.gitkeep
249
242
  - spec/requests/dummy_controller_spec.rb
250
243
  - spec/spec_helper.rb
244
+ has_rdoc: