first_click_free 1.0.0

data/lib/first_click_free/exceptions/subsequent_access_exception.rb

@@ -0,0 +1,6 @@
+module FirstClickFree
+  module Exceptions
+    class SubsequentAccessException < Exception
+    end
+  end
+end

data/lib/first_click_free/helpers/google.rb

@@ -0,0 +1,41 @@
+module FirstClickFree
+  module Helpers
+    module Google
+
+      # Public: Determine whether the agent requesting the resource
+      # is a Googlebot.
+      #
+      # This method operates by examining the User agent of the request.
+      # If the appropriate configuration is activated, it will also
+      # perform the necessary DNS requests to verify that the request
+      # originates from Google.
+      #
+      # perform_dns_lookup -  Perform a DNS lookup to verify that the request
+      #                       is originating from Google.
+      #
+      # Returns true if a Googlebot has been identified, false if not.
+      def googlebot?(use_dns_lookup = true)
+        (FirstClickFree.test_mode && params.key?(:googlebot)) ||\
+        (request.user_agent == "Googlebot" && (use_dns_lookup ? verify_googlebot_domain : true))
+      end
+
+      private
+
+      # Private: Perform a reverse and then forward DNS lookup to
+      # verify that this request is coming from the correct domain
+      # (googlebot.com).
+      #
+      # Returns true if the hostname ends with googlebot.com and the
+      # forward DNS lookup IP address matches the request's remote IP address.
+      def verify_googlebot_domain
+        hostname = Resolv.getname(request.remote_ip)
+        # Structure of lookup return is:
+        # ["AF_INET", 80, "66.249.66.1", "66.249.66.1", 2, 2, 17]
+        ip       = Socket.getaddrinfo(hostname, "http").first[2]
+
+        hostname =~ /.googlebot.com\Z/ && ip == request.remote_ip
+      end
+
+    end
+  end
+end

data/lib/first_click_free/helpers/path.rb

@@ -0,0 +1,22 @@
+module FirstClickFree
+  module Helpers
+    module Path
+
+      require 'uri'
+
+      # Public: Determine if the requested path is allowed to bypass
+      # first click free.
+      #
+      # This method will check if the requested path is in a list of
+      # specifically known paths (see FirstClickFree.permitted_paths). By
+      # default the permitted paths list is empty so no special paths are
+      # allowed.
+      #
+      # Returns true if the requested path is specifically permitted, or
+      # false if it is not.
+      def permitted_path?
+        FirstClickFree.permitted_paths.include?(URI.parse(request.fullpath).path)
+      end
+    end
+  end
+end

data/lib/first_click_free/helpers/referrer.rb

@@ -0,0 +1,26 @@
+module FirstClickFree
+  module Helpers
+    module Referrer
+
+      require 'uri'
+
+      # Public: Determine if the request referrer is allowed to bypass
+      # first click free.
+      #
+      # By default, this method will check if the request referrer is in
+      # a list of known search engine domains (see config/domains.yml). If
+      # the domain is a search engine domain, then the request will bypass
+      # any present first click free, as most search engines require
+      # that first click free pages always be accessible from search listings.
+      #
+      # Returns true if the domain from the request referrer is permitted, or
+      # false if it is not.
+      def permitted_domain?
+        return true if FirstClickFree.test_mode && params.key?(:google_referrer)
+        request.try(:referrer) && FirstClickFree.permitted_domains.any? do |domain|
+          URI.parse(request.referrer).hostname =~ /#{domain}\Z/
+        end
+      end
+    end
+  end
+end

data/lib/first_click_free/version.rb

@@ -0,0 +1,3 @@
+module FirstClickFree
+  VERSION = "1.0.0"
+end

data/lib/tasks/first_click_free_tasks.rake

@@ -0,0 +1,24 @@
+# desc "Explaining what the task does"
+# task :first_click_free do
+#   # Task goes here
+# end
+
+require 'open-uri'
+require 'yaml'
+
+namespace :first_click_free do
+
+  desc "Update the list of domains permitted for first click free bypass
+        from Google's list of supported domains"
+  task :update_permitted_domains do
+    File.open(File.join(FirstClickFree.root, 'config', 'domains.yml'), 'wb') do |domain_file|
+      domains = open("http://www.google.com/supported_domains").read.split("\n")
+      domains << ".bing.com"
+      domains << ".yahoo.com"
+
+      domain_file.write domains.to_yaml
+      puts "Done. Wrote #{domains.length} domains to config/domains.yml"
+    end
+  end
+
+end

data/spec/concerns/controller_spec.rb

@@ -0,0 +1,128 @@
+require "spec_helper"
+require "ostruct"
+
+Rails.application.routes.draw do
+  match "/first-click-free" => "anonymous#index", :as => "first_click_free", :via => "get"
+end
+
+
+describe FirstClickFree::Concerns::Controller, type: :controller do
+
+  let(:current_url) { "http://test.host/first-click-free" }
+
+  context "standard controller" do
+    controller do
+      allow_first_click_free
+
+      def index
+        head :ok
+      end
+    end
+
+    # Redefined here for conciseness
+    def checksum(url)
+      Zlib.adler32(url).to_s
+    end
+
+
+    before { FirstClickFree.free_clicks = 1 }
+
+    context "first visit" do
+      before { get :index, test: true }
+
+      it { session[:first_click].should include checksum(current_url) }
+      it { request.env["first_click_free_count"].should eq 1 }
+      it { response.should be_success }
+    end
+
+    context "subsequent visit to same page" do
+      before { session[:first_click] = [ checksum(current_url) ] }
+
+      it { get :index; request.env["first_click_free_count"].should eq 1 }
+      it { expect { get :index }.not_to raise_error }
+    end
+
+    context "subsequent visit to different page" do
+      before { session[:first_click] = [ checksum("http://test.host/another-page") ] }
+
+      it { expect { get :index }.to raise_error FirstClickFree::Exceptions::SubsequentAccessException }
+    end
+
+    context "subsequent visit to different page with unused multiple clicks" do
+      before do
+        session[:first_click] = [ checksum("http://test.host/some-page"),
+                                  checksum("http://test.host/some-other-page") ]
+        FirstClickFree.free_clicks = 3
+      end
+
+      it { get :index; request.env["first_click_free_count"].should eq 3 }
+      it { expect { get :index }.not_to raise_error }
+    end
+
+    context "subsequent visit to different page with multiple clicks used up" do
+      before do
+        session[:first_click] = [ checksum("http://test.host/some-page"),
+                                  checksum("http://test.host/some-other-page"),
+                                  checksum("http://test.host/yet-another-page") ]
+        FirstClickFree.free_clicks = 3
+      end
+
+      it { expect { get :index }.to raise_error FirstClickFree::Exceptions::SubsequentAccessException }
+    end
+
+    context "googlebot visit" do
+      before { controller.stub(:googlebot? => true); get :index }
+
+      it { session[:first_click].should be_nil }
+      it { response.should be_success }
+    end
+
+    context "registered user vist" do
+      before { controller.stub(:user_for_first_click_free => true); get :index }
+
+      it { session[:first_click].should be_nil }
+      it { response.should be_success }
+    end
+
+    context "google referrer visit" do
+      before { get :index; controller.stub(permitted_domain?: true); get :index }
+
+      it { response.should be_success }
+    end
+  end
+
+  context "controller skipping an action" do
+    controller do
+      allow_first_click_free except: :index
+
+      def index
+        head :ok
+      end
+    end
+
+    before { get :index }
+
+    it { session[:first_click].should be_nil }
+    it { response.should be_success }
+  end
+
+  context "entire controller skipped" do
+    controller do
+
+      # Normally this would be done in ApplicationController or similar
+      allow_first_click_free
+
+      # And this would be done in a child controller
+      skip_first_click_free
+
+      def index
+        head :ok
+      end
+    end
+
+    before { get :index }
+
+    it { session[:first_click].should be_nil }
+    it { response.should be_success }
+  end
+end

data/spec/dummy/README.rdoc

@@ -0,0 +1,28 @@
+== README
+
+This README would normally document whatever steps are necessary to get the
+application up and running.
+
+Things you may want to cover:
+
+* Ruby version
+
+* System dependencies
+
+* Configuration
+
+* Database creation
+
+* Database initialization
+
+* How to run the test suite
+
+* Services (job queues, cache servers, search engines, etc.)
+
+* Deployment instructions
+
+* ...
+
+
+Please feel free to use a different markup language if you do not plan to run
+<tt>rake doc:app</tt>.

data/spec/dummy/Rakefile

@@ -0,0 +1,6 @@
+# Add your own tasks in files placed in lib/tasks ending in .rake,
+# for example lib/tasks/capistrano.rake, and they will automatically be available to Rake.
+
+require File.expand_path('../config/application', __FILE__)
+
+Dummy::Application.load_tasks

data/spec/dummy/app/assets/javascripts/application.js

@@ -0,0 +1,13 @@
+// This is a manifest file that'll be compiled into application.js, which will include all the files
+// listed below.
+//
+// Any JavaScript/Coffee file within this directory, lib/assets/javascripts, vendor/assets/javascripts,
+// or vendor/assets/javascripts of plugins, if any, can be referenced here using a relative path.
+//
+// It's not advisable to add code directly here, but if you do, it'll appear at the bottom of the
+// compiled file.
+//
+// Read Sprockets README (https://github.com/sstephenson/sprockets#sprockets-directives) for details
+// about supported directives.
+//
+//= require_tree .

data/spec/dummy/app/assets/stylesheets/application.css

@@ -0,0 +1,13 @@
+/*
+ * This is a manifest file that'll be compiled into application.css, which will include all the files
+ * listed below.
+ *
+ * Any CSS and SCSS file within this directory, lib/assets/stylesheets, vendor/assets/stylesheets,
+ * or vendor/assets/stylesheets of plugins, if any, can be referenced here using a relative path.
+ *
+ * You're free to add application-wide styles to this file and they'll appear at the top of the
+ * compiled file, but it's generally better to create a new file per style scope.
+ *
+ *= require_self
+ *= require_tree .
+ */

data/spec/dummy/app/controllers/application_controller.rb

@@ -0,0 +1,5 @@
+class ApplicationController < ActionController::Base
+  # Prevent CSRF attacks by raising an exception.
+  # For APIs, you may want to use :null_session instead.
+  protect_from_forgery with: :exception
+end

data/spec/dummy/app/helpers/application_helper.rb

@@ -0,0 +1,2 @@
+module ApplicationHelper
+end

data/spec/dummy/app/views/layouts/application.html.erb

@@ -0,0 +1,14 @@
+<!DOCTYPE html>
+<html>
+<head>
+  <title>Dummy</title>
+  <%= stylesheet_link_tag    "application", media: "all", "data-turbolinks-track" => true %>
+  <%= javascript_include_tag "application", "data-turbolinks-track" => true %>
+  <%= csrf_meta_tags %>
+</head>
+<body>
+
+<%= yield %>
+
+</body>
+</html>

data/spec/dummy/bin/bundle

@@ -0,0 +1,3 @@
+#!/usr/bin/env ruby
+ENV['BUNDLE_GEMFILE'] ||= File.expand_path('../../Gemfile', __FILE__)
+load Gem.bin_path('bundler', 'bundle')

data/spec/dummy/bin/rails

@@ -0,0 +1,4 @@
+#!/usr/bin/env ruby
+APP_PATH = File.expand_path('../../config/application',  __FILE__)
+require_relative '../config/boot'
+require 'rails/commands'

data/spec/dummy/bin/rake

@@ -0,0 +1,4 @@
+#!/usr/bin/env ruby
+require_relative '../config/boot'
+require 'rake'
+Rake.application.run

data/spec/dummy/config.ru

@@ -0,0 +1,4 @@
+# This file is used by Rack-based servers to start the application.
+
+require ::File.expand_path('../config/environment',  __FILE__)
+run Rails.application

data/spec/dummy/config/application.rb

@@ -0,0 +1,23 @@
+require File.expand_path('../boot', __FILE__)
+
+require 'rails/all'
+
+Bundler.require(*Rails.groups)
+require "first_click_free"
+
+module Dummy
+  class Application < Rails::Application
+    # Settings in config/environments/* take precedence over those specified here.
+    # Application configuration should go into files in config/initializers
+    # -- all .rb files in that directory are automatically loaded.
+
+    # Set Time.zone default to the specified zone and make Active Record auto-convert to this zone.
+    # Run "rake -D time" for a list of tasks for finding time zone names. Default is UTC.
+    # config.time_zone = 'Central Time (US & Canada)'
+
+    # The default locale is :en and all translations from config/locales/*.rb,yml are auto loaded.
+    # config.i18n.load_path += Dir[Rails.root.join('my', 'locales', '*.{rb,yml}').to_s]
+    # config.i18n.default_locale = :de
+  end
+end
+

data/spec/dummy/config/boot.rb

@@ -0,0 +1,5 @@
+# Set up gems listed in the Gemfile.
+ENV['BUNDLE_GEMFILE'] ||= File.expand_path('../../../../Gemfile', __FILE__)
+
+require 'bundler/setup' if File.exists?(ENV['BUNDLE_GEMFILE'])
+$LOAD_PATH.unshift File.expand_path('../../../../lib', __FILE__)

data/spec/dummy/config/database.yml

@@ -0,0 +1,25 @@
+# SQLite version 3.x
+#   gem install sqlite3
+#
+#   Ensure the SQLite 3 gem is defined in your Gemfile
+#   gem 'sqlite3'
+development:
+  adapter: sqlite3
+  database: db/development.sqlite3
+  pool: 5
+  timeout: 5000
+
+# Warning: The database defined as "test" will be erased and
+# re-generated from your development database when you run "rake".
+# Do not set this db to the same as development or production.
+test:
+  adapter: sqlite3
+  database: db/test.sqlite3
+  pool: 5
+  timeout: 5000
+
+production:
+  adapter: sqlite3
+  database: db/production.sqlite3
+  pool: 5
+  timeout: 5000

data/spec/dummy/config/environment.rb

@@ -0,0 +1,5 @@
+# Load the Rails application.
+require File.expand_path('../application', __FILE__)
+
+# Initialize the Rails application.
+Dummy::Application.initialize!