firewall_constraint 0.1.2 → 0.1.3
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/firewall_constraint.rb +5 -1
- data/lib/firewall_constraint/version.rb +1 -1
- data/spec/requests/dummy_controller_spec.rb +17 -7
- metadata +2 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 786a5e354a3b127d518c2cd08b4b4e012200a8e5
|
4
|
+
data.tar.gz: 6fac23e20cb5f56ccf5dcb95f5bafb1ed949b758
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: a48dfa6057c90b4a28b5ed25e2b5e0ebc398c80df625b1366a8596d2bcf9cc27bf84ec41e4e5aca708ac6a9b0008df0a20400145d2a0003eec61478b1aa9e678
|
7
|
+
data.tar.gz: 79bf725b17d5eb602d4c7a215fc91e1df6107d36d6fd793263775c12e3f285f9c7a0e8d7f837d68e1288383b2e2fb990a973d0c8aff3139a5a2e101265065371
|
data/lib/firewall_constraint.rb
CHANGED
@@ -13,9 +13,13 @@ module FirewallConstraint
|
|
13
13
|
end
|
14
14
|
end
|
15
15
|
|
16
|
+
def requestor_ip(request)
|
17
|
+
request.env["HTTP_X_FORWARDED_FOR"] ? request.env["HTTP_X_FORWARDED_FOR"].split(/, /).first : request.remote_ip
|
18
|
+
end
|
19
|
+
|
16
20
|
def matches?(request)
|
17
21
|
return true if parsed_ips.empty?
|
18
|
-
client_ip = IPAddress::parse(request
|
22
|
+
client_ip = IPAddress::parse requestor_ip(request)
|
19
23
|
parsed_ips.each do |ip|
|
20
24
|
begin
|
21
25
|
return true if ip.include?(client_ip)
|
@@ -7,7 +7,7 @@ describe "DummyController", type: :request do
|
|
7
7
|
end
|
8
8
|
|
9
9
|
it 'should get dynamic constraint' do
|
10
|
-
get root_path
|
10
|
+
get root_path
|
11
11
|
open_session do |sess|
|
12
12
|
sess.remote_addr = '127.0.0.1'
|
13
13
|
get '/dummy/blocked_by_dynamic'
|
@@ -16,7 +16,7 @@ describe "DummyController", type: :request do
|
|
16
16
|
end
|
17
17
|
|
18
18
|
it 'should get procced constraint' do
|
19
|
-
get root_path
|
19
|
+
get root_path
|
20
20
|
open_session do |sess|
|
21
21
|
sess.remote_addr = '127.0.0.1'
|
22
22
|
get '/dummy/blocked_by_proc'
|
@@ -26,7 +26,7 @@ describe "DummyController", type: :request do
|
|
26
26
|
|
27
27
|
it 'should get ipv6 constraint' do
|
28
28
|
ipv6 = 'fe80::d69a:20ff:fe0d:45fe'
|
29
|
-
get root_path
|
29
|
+
get root_path
|
30
30
|
open_session do |sess|
|
31
31
|
sess.remote_addr = ipv6
|
32
32
|
get '/dummy/blocked_by_ipv6'
|
@@ -38,7 +38,7 @@ describe "DummyController", type: :request do
|
|
38
38
|
context 'given a bad ipv6 ip' do
|
39
39
|
around do |example|
|
40
40
|
ipv6 = 'fe80::d69a:20ff:fe0d:45ff'
|
41
|
-
get root_path
|
41
|
+
get root_path
|
42
42
|
open_session do |sess|
|
43
43
|
sess.remote_addr = ipv6
|
44
44
|
example.run
|
@@ -56,16 +56,26 @@ describe "DummyController", type: :request do
|
|
56
56
|
|
57
57
|
it 'should not vomit given a bad ipv6 ip' do
|
58
58
|
ipv6 = 'fe80::d69a:20ff:fe0d:45fe'
|
59
|
-
get root_path
|
59
|
+
get root_path
|
60
60
|
open_session do |sess|
|
61
61
|
sess.remote_addr = ipv6
|
62
62
|
expect {get '/dummy/blocked_by_block'}.to raise_error ActionController::RoutingError
|
63
63
|
end
|
64
64
|
end
|
65
|
+
|
66
|
+
it 'should not vomit given a list of IPs in HTTP_X_FORWARDED_FOR -- and should look at the leftmost IP in the list' do
|
67
|
+
ip_list = '1.2.3.4, 10.0.0.1'
|
68
|
+
get root_path
|
69
|
+
open_session do |sess|
|
70
|
+
sess.remote_addr = ip_list
|
71
|
+
expect {get '/dummy/blocked_by_block', nil, {"HTTP_X_FORWARDED_FOR" => ip_list}}.to raise_error ActionController::RoutingError
|
72
|
+
end
|
73
|
+
end
|
74
|
+
|
65
75
|
|
66
76
|
context 'given a good ip' do
|
67
77
|
around do |example|
|
68
|
-
get root_path
|
78
|
+
get root_path
|
69
79
|
open_session do |sess|
|
70
80
|
sess.remote_addr = '10.0.0.45'
|
71
81
|
example.run
|
@@ -85,7 +95,7 @@ describe "DummyController", type: :request do
|
|
85
95
|
|
86
96
|
context 'given a bad ip' do
|
87
97
|
around do |example|
|
88
|
-
get root_path
|
98
|
+
get root_path
|
89
99
|
open_session do |sess|
|
90
100
|
sess.remote_addr = '55.55.55.55'
|
91
101
|
example.run
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: firewall_constraint
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.1.
|
4
|
+
version: 0.1.3
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Mike Auclair
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2015-05-
|
11
|
+
date: 2015-05-22 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: rails
|