first_click_free 1.0.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: 77ff2ae4a9b5357d67a37ed73451b4c62d9dec19
+  data.tar.gz: e5e39506a08daf5c744fa21cb6e0ccd5a9aa7f3e
+SHA512:
+  metadata.gz: d2788937dec98a853231e51023d0e5df183041f19efc4b35d45fe1fb1de5358ffd570943cd34579d62884b6df95cb6e0811607f698968cd0e16387455e3d199c
+  data.tar.gz: 1cb34f11618f073a0ebae026a2df2f06403f09b42d22b6076255bcc3c15b9c55a017d40716c4514ec94ee10e9886177f7359b1c8a2c1f0f7525b0ce1883a664c

data/MIT-LICENSE

@@ -0,0 +1,20 @@
+Copyright 2013 YOURNAME
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.md

@@ -0,0 +1,97 @@
+First Click Free
+===
+
+[![Build Status](https://travis-ci.org/3months/first_click_free.svg)](https://travis-ci.org/3months/first_click_free)
+
+[First Click Free](https://support.google.com/webmasters/answer/74536?hl=en) is one of three methods recommended officially by Google for improving search rankings for subscription, paywall and other restricted access sites.
+
+The technique involves making available the first n 'clicks', or pageviews for each user, and giving Google's crawling bots full access to index site content. This way, users coming from social media sites and search results are able to 'preview' the content they have been looking for, and search engines are able to fully index a site, even though it would normally require registration and/or payment.
+
+This gem aims to simplify and centralize the process of adding first click free support to a Rails application. It's fully tested, and used in production with many of our clients at [3months.com](https://3months.com).
+
+Use
+---
+
+**Rails is required to use this gem**
+
+1. Install: Add `gem 'first_click_free'` to your `Gemfile` and run `bundle install`
+2. For any controller that should have first click free activated, simply call `allow_first_click_free` in your controller definition, for example:
+   ``` ruby
+   class PagesController
+     allow_first_click_free
+   end
+   ```
+   You may pass through `only`, or `except` to restrict which actions will have first click free turned on, or you can put this in your `ApplicationController` to turn on first click free for all controllers.
+3. Handle the exception that is raised when a user tries to visit more than one page without being signed in:
+	``` ruby
+	rescue_from FirstClickFree::Exceptions::SubsequentAccessException do
+	  redirect_to root_path, alert: 'Please sign in to continue.'
+	end
+	```
+4. Good to go!
+
+Optional use
+---
+
+1. You may also permit certain individual paths to bypass first click free by setting them in an initializer like so
+`FirstClickFree.permitted_paths = [ '/about', '/contact' ]`. These paths do not set or reset the users' first click free status.
+2. By default users will get just 1 free click, however by setting `FirstClickFree.free_clicks` in an initializer you can allow n free clicks to content.
+3. A count of users' free clicks are available in request.env["first_click_free_count"].
+
+#### Registered Users
+
+If you have registered users that should always be allowed through (they shouldn't be affected by any first click free rules), then you can override the `user_for_first_click_free` method in `ApplicationController`, or any of your controllers using `allow_first_click_free`. This method should return either a falsy value if no-one is signed in, or the current user.
+
+Example:
+
+``` ruby
+  class ApplicationController
+    # …snip
+
+    protected
+
+    def user_for_first_click_free
+      current_member
+    end
+  end
+```
+
+
+
+How it works
+---
+
+##### For visitors
+
+* When a user first lands in a controller marked as being first click free, a session variable is set.
+* If that same user attempts to access any other URL marked as first click free, an exception is raised so that the application can redirect or display a message to that user.
+
+##### For visitors coming from a Google, Bing, or Yahoo search
+
+* When a user's HTTP referrer matches a list of known search engine domains, the request is allowed to override any previously set first click free.
+* It does not disable first click free, it just modifies which page that user may access.
+* For example, if a user searches for a page on your site using Google, and clicks on the first result, that page will be marked as first click free for them - any subsequent clicks from that page will trigger the first click free error. If they go back to the search results though, and then click on the second result, that page will take the place of the first and they will be able to access that page as normal.
+
+
+##### For Google's indexing services
+
+* If the requesting agent is recognized as a 'Googlebot', the request is allowed though as if they were a registered user, so that the content may be indexed.
+* Googlebot recognition is based on two factors:
+	* User agent: Google's indexers request a page with a user agent string of 'Googlebot' - this is used as the first-level of checking to make sure the page should be displayed. A user-agent string can be spoofed though, so the second check is:
+	* DNS: A reverse DNS request is issued against the remote IP, to ensure that the hostname returned matches a 'googlebot.com' domain. A forward DNS request is then issued against the hostname, to ensure that it matches back up with the original IP address.
+
+Contributing
+---
+
+* Contributions are welcome!
+* Please fork this repository, and run `bundle install` to install the development dependencies (RSpec and SQLite).
+* Create a new git branch to contain your changes. Try and limit commits to this branch to the specific changes you want to be merged in.
+* Push up your branch to Github, and create a pull request. Please don't change the gem version or anything, I can do that bit.
+* All pull requests will be reviewed ASAP. If it's not ready for merge, I'll help you to get it to a stage where it is!
+
+
+
+License
+---
+
+This project rocks and uses MIT-LICENSE.

data/Rakefile

@@ -0,0 +1,30 @@
+begin
+  require 'bundler/setup'
+rescue LoadError
+  puts 'You must `gem install bundler` and `bundle install` to run rake tasks'
+end
+
+require 'rdoc/task'
+
+RDoc::Task.new(:rdoc) do |rdoc|
+  rdoc.rdoc_dir = 'rdoc'
+  rdoc.title    = 'FirstClickFree'
+  rdoc.options << '--line-numbers'
+  rdoc.rdoc_files.include('README.rdoc')
+  rdoc.rdoc_files.include('lib/**/*.rb')
+end
+
+APP_RAKEFILE = File.expand_path("../spec/dummy/Rakefile", __FILE__)
+load 'rails/tasks/engine.rake'
+
+load 'tasks/first_click_free_tasks.rake'
+
+Bundler::GemHelper.install_tasks
+
+require 'rspec/core'
+require 'rspec/core/rake_task'
+
+desc "Run all specs in spec directory (excluding plugin specs)"
+RSpec::Core::RakeTask.new(:spec => 'app:db:test:prepare')
+
+task :default => :spec

data/config/domains.yml

@@ -0,0 +1,195 @@
+---
+- .google.com
+- .google.ad
+- .google.ae
+- .google.com.af
+- .google.com.ag
+- .google.com.ai
+- .google.al
+- .google.am
+- .google.co.ao
+- .google.com.ar
+- .google.as
+- .google.at
+- .google.com.au
+- .google.az
+- .google.ba
+- .google.com.bd
+- .google.be
+- .google.bf
+- .google.bg
+- .google.com.bh
+- .google.bi
+- .google.bj
+- .google.com.bn
+- .google.com.bo
+- .google.com.br
+- .google.bs
+- .google.bt
+- .google.co.bw
+- .google.by
+- .google.com.bz
+- .google.ca
+- .google.cd
+- .google.cf
+- .google.cg
+- .google.ch
+- .google.ci
+- .google.co.ck
+- .google.cl
+- .google.cm
+- .google.cn
+- .google.com.co
+- .google.co.cr
+- .google.com.cu
+- .google.cv
+- .google.com.cy
+- .google.cz
+- .google.de
+- .google.dj
+- .google.dk
+- .google.dm
+- .google.com.do
+- .google.dz
+- .google.com.ec
+- .google.ee
+- .google.com.eg
+- .google.es
+- .google.com.et
+- .google.fi
+- .google.com.fj
+- .google.fm
+- .google.fr
+- .google.ga
+- .google.ge
+- .google.gg
+- .google.com.gh
+- .google.com.gi
+- .google.gl
+- .google.gm
+- .google.gp
+- .google.gr
+- .google.com.gt
+- .google.gy
+- .google.com.hk
+- .google.hn
+- .google.hr
+- .google.ht
+- .google.hu
+- .google.co.id
+- .google.ie
+- .google.co.il
+- .google.im
+- .google.co.in
+- .google.iq
+- .google.is
+- .google.it
+- .google.je
+- .google.com.jm
+- .google.jo
+- .google.co.jp
+- .google.co.ke
+- .google.com.kh
+- .google.ki
+- .google.kg
+- .google.co.kr
+- .google.com.kw
+- .google.kz
+- .google.la
+- .google.com.lb
+- .google.li
+- .google.lk
+- .google.co.ls
+- .google.lt
+- .google.lu
+- .google.lv
+- .google.com.ly
+- .google.co.ma
+- .google.md
+- .google.me
+- .google.mg
+- .google.mk
+- .google.ml
+- .google.com.mm
+- .google.mn
+- .google.ms
+- .google.com.mt
+- .google.mu
+- .google.mv
+- .google.mw
+- .google.com.mx
+- .google.com.my
+- .google.co.mz
+- .google.com.na
+- .google.com.nf
+- .google.com.ng
+- .google.com.ni
+- .google.ne
+- .google.nl
+- .google.no
+- .google.com.np
+- .google.nr
+- .google.nu
+- .google.co.nz
+- .google.com.om
+- .google.com.pa
+- .google.com.pe
+- .google.com.pg
+- .google.com.ph
+- .google.com.pk
+- .google.pl
+- .google.pn
+- .google.com.pr
+- .google.ps
+- .google.pt
+- .google.com.py
+- .google.com.qa
+- .google.ro
+- .google.ru
+- .google.rw
+- .google.com.sa
+- .google.com.sb
+- .google.sc
+- .google.se
+- .google.com.sg
+- .google.sh
+- .google.si
+- .google.sk
+- .google.com.sl
+- .google.sn
+- .google.so
+- .google.sm
+- .google.st
+- .google.com.sv
+- .google.td
+- .google.tg
+- .google.co.th
+- .google.com.tj
+- .google.tk
+- .google.tl
+- .google.tm
+- .google.tn
+- .google.to
+- .google.com.tr
+- .google.tt
+- .google.com.tw
+- .google.co.tz
+- .google.com.ua
+- .google.co.ug
+- .google.co.uk
+- .google.com.uy
+- .google.co.uz
+- .google.com.vc
+- .google.co.ve
+- .google.vg
+- .google.co.vi
+- .google.com.vn
+- .google.vu
+- .google.ws
+- .google.rs
+- .google.co.za
+- .google.co.zm
+- .google.co.zw
+- .google.cat
+- .bing.com
+- .yahoo.com

data/lib/first_click_free.rb

@@ -0,0 +1,42 @@
+module FirstClickFree
+  require 'first_click_free/exceptions/subsequent_access_exception'
+  require 'first_click_free/helpers/google'
+  require 'first_click_free/helpers/path'
+  require 'first_click_free/helpers/referrer'
+  require 'first_click_free/concerns/controller'
+
+  class << self
+
+    require 'yaml'
+
+    attr_accessor :test_mode, :permitted_paths, :free_clicks
+
+    def root
+      File.expand_path(File.join(File.dirname(__FILE__), '..'))
+    end
+
+    def permitted_domains
+      @permitted_domains ||= YAML.load_file(File.join(FirstClickFree.root, 'config', 'domains.yml'))
+    end
+
+    def permitted_paths
+      @permitted_paths || []
+    end
+
+    def free_clicks
+      @free_clicks || 1 # default is 1 click free
+    end
+
+    def test_mode
+      @test_mode || false
+    end
+  end
+
+  class Railtie < Rails::Railtie
+    initializer "first_click_free.action_controller" do
+      ActiveSupport.on_load(:action_controller) do
+        include FirstClickFree::Concerns::Controller
+      end
+    end
+  end
+end

data/lib/first_click_free/concerns/controller.rb

@@ -0,0 +1,108 @@
+require 'active_support/concern'
+
+module FirstClickFree
+  module Concerns
+    module Controller
+      extend ActiveSupport::Concern
+      include FirstClickFree::Helpers::Google
+      include FirstClickFree::Helpers::Path
+      include FirstClickFree::Helpers::Referrer
+
+      module ClassMethods
+
+        # Public: Turn 'on' first click free for this controller.
+        #
+        # options - The options to pass through to `before_filter`.
+        #           Common options are `only` and `except`, to limit
+        #           which actions are affected.
+        #
+        #  DEPRECATION: `before_filter` is deprecated in favour of `before_action`
+        #               in Rails 4.
+        #
+        # Returns the result of the call to `before_filter`.
+        def allow_first_click_free(options = {})
+          before_filter :record_or_reject_first_click_free!, options
+        end
+
+        # Public: Skip first click free for a controller or action.
+        #
+        # options - The options to pass through to `skip_before_filter`,
+        #           for example to limit which actions should be skipped.
+        #
+        # DEPRECATION: `skip_before_filter` is deprecated in favour of
+        #              with `skip_before_action` in Rails 4.
+        #
+        # Returns the result of the call to `skip_before_filter`.
+        def skip_first_click_free(options = {})
+          skip_before_filter :record_or_reject_first_click_free!, options
+        end
+
+      end
+
+      # Public: Return the user to use when bypassing first click free
+      # (i.e. there is a user signed in at the time).
+      #
+      # This method is intended to be overridden in the controller
+      # with the appropriate method call (e.g. current_user).
+      #
+      # Returns nil, which will cause first click free to always be active.
+      def user_for_first_click_free
+        nil
+      end
+
+
+      # Public: Either record a first click free request, or reject
+      # the request for a subsequent content access.
+      #
+      # Raises FirstClickFree::Exceptions::SubsequentAccessException if
+      # a first click has already been recorded for this user.
+      #
+      # Returns true if the referrer User agent is GoogleBot, or
+      # if this is the first click recorded for this session.
+      def record_or_reject_first_click_free!
+        # Always allow requests from Googlebot
+        return true if googlebot?
+
+        # Always allow requests from authenticated users
+        return true if user_for_first_click_free
+
+        # Always allow requests to particular paths
+        return true if permitted_path?
+
+        # Reset first click free if the domain is permitted
+        # (new first click free will be set)
+        reset_first_click_free! if permitted_domain?
+
+        if session[:first_click] && session[:first_click].include?(checksum(url_for))
+          # already visited, can visit again
+        elsif session[:first_click] && session[:first_click].length < FirstClickFree.free_clicks
+          # new page but within free click limit
+          session[:first_click] << checksum(url_for)
+        elsif session[:first_click] && session[:first_click].length == FirstClickFree.free_clicks
+          raise FirstClickFree::Exceptions::SubsequentAccessException
+        else
+          # first click!
+          session[:first_click] = [ checksum(url_for) ]
+        end
+        request.env["first_click_free_count"] = session[:first_click].length
+        return true
+      end
+
+      private
+
+      # Private: Reset first click free session.
+      #
+      # Returns the value set in the first click session (nil)
+      def reset_first_click_free!
+        session.delete(:first_click)
+      end
+
+      # Private: Create a checksum string.
+      #
+      # Returns a checksum of the url as a string
+      def checksum(url)
+        Zlib.adler32(url).to_s
+      end
+    end
+  end
+end