grape-forgery_protection 0.0.1

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: 9fb63a608198901713fb9808e8ef70047bd2ccd96ebd316d5e013ac4035dedf8
+  data.tar.gz: a6ae6b6d6068c8b1efc5410f9d7adff7ac12826bf3d4ca37b74232fe84faffa6
+SHA512:
+  metadata.gz: c654df233d9042c882a61ec57d5f3058cdc7a34b4703bd1bd5ef16d2932fea52d810463e1819e8f4c89c842eeb82efd45cd8ff1d44922892523f3fbadb49fdb8
+  data.tar.gz: bda519d826113a3dae65202ee63e776b77707998266a54428bd1cc5b7182b233cc35d299cf505500e5fb262e08759d4d035fc9a35782a423fff38d2d78f131d7

data/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2018 
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

data/README.md

@@ -0,0 +1,25 @@
+# Grape ForgeryProtection
+
+This gem is your Rails app's payment model.
+
+## Install
+
+Add in your application `Gemfile`:
+
+```rb
+gem 'grape-forgery_protection'
+```
+
+## Release
+
+To release a new version, update the `CHANGELOG.md` and change the version
+number in `lib/sporran/version.rb`.
+
+Then, the following command will add these two files, commit, tag with the
+version and push to github:
+
+```sh
+$ rake grape-forgery_protection_release
+```
+
+Finally, upload the new `pkg/grape-forgery_protection-*.gem` file to rubygems.

data/Rakefile

@@ -0,0 +1,49 @@
+# Load gems
+begin
+  require 'bundler/setup'
+rescue LoadError
+  puts 'You must `gem install bundler` and `bundle install` to run rake tasks'
+end
+
+# RDOc
+require 'rdoc/task'
+RDoc::Task.new(:rdoc) do |rdoc|
+  rdoc.rdoc_dir = 'rdoc'
+  rdoc.title    = 'Grape::ForgeryProtection'
+  rdoc.options << '--line-numbers'
+  rdoc.rdoc_files.include('README.rdoc')
+  rdoc.rdoc_files.include('lib/**/*.rb')
+end
+
+# Engine
+APP_RAKEFILE = File.expand_path('spec/dummy/Rakefile', __dir__)
+load 'rails/tasks/engine.rake'
+
+# Bundler
+Bundler::GemHelper.install_tasks
+
+# Rubocop
+require 'rubocop/rake_task'
+RuboCop::RakeTask.new
+
+# Specs
+require 'rspec/core'
+require 'rspec/core/rake_task'
+RSpec::Core::RakeTask.new(:spec)
+
+desc "Commit, create tag v#{Grape::ForgeryProtection::VERSION}, " \
+     'build and push (make sure you update version.rb and CHANGELOG.md ' \
+     'beforehand)'
+task grape_forgery_protection_release: :build do
+  sh 'git add lib/grape/forgery_protection/version.rb CHANGELOG.md'
+  sh "git commit -m v#{Grape::ForgeryProtection::VERSION}"
+  sh "git tag v#{Grape::ForgeryProtection::VERSION}"
+  sh 'git push'
+  sh 'git push --tags'
+  puts
+  puts 'Done! You can now upload ' \
+       "pkg/grape-forgery_protection-#{Grape::ForgeryProtection::VERSION}.gem "\
+       'to rubygems'
+end
+
+task default: %i[spec rubocop]

data/lib/grape/forgery_protection/configuration.rb

@@ -0,0 +1,21 @@
+# Engine configuration.
+module Grape
+  module ForgeryProtection
+    class << self
+      attr_writer :configuration
+
+      def configuration
+        @configuration ||= Configuration.new
+      end
+
+      def configure
+        yield(configuration)
+      end
+    end
+
+    # Configuration variables and defaults.
+    class Configuration
+      def initialize; end
+    end
+  end
+end

data/lib/grape/forgery_protection/helpers.rb

@@ -0,0 +1,36 @@
+module Grape
+  module ForgeryProtection
+    module Helpers
+      def session
+        env['rack.session']
+      end
+
+      def protect_against_forgery
+        error!('Unauthorized', 401) unless verified_request?
+      end
+
+      def verified_request?
+        !protect_against_forgery? || request.get? || request.head? ||
+          form_authenticity_token == csrf_token_from_headers
+      end
+
+      def csrf_token_from_headers
+        request.headers['X-CSRF-Token'].presence ||
+          request.headers['X-Csrf-Token']
+      end
+
+      def form_authenticity_token
+        session[:_csrf_token] ||= SecureRandom.base64(32)
+      end
+
+      def protect_against_forgery?
+        allow_forgery_protection = Rails
+          .configuration
+          .action_controller
+          .allow_forgery_protection
+
+        allow_forgery_protection.nil? || allow_forgery_protection
+      end
+    end
+  end
+end

data/lib/grape/forgery_protection/version.rb

@@ -0,0 +1,5 @@
+module Grape
+  module ForgeryProtection
+    VERSION = '0.0.1'.freeze
+  end
+end

data/lib/grape-forgery_protection.rb

@@ -0,0 +1,6 @@
+require 'grape/forgery_protection/version'
+
+module Grape
+  module ForgeryProtection
+  end
+end

metadata

@@ -0,0 +1,121 @@
+--- !ruby/object:Gem::Specification
+name: grape-forgery_protection
+version: !ruby/object:Gem::Version
+  version: 0.0.1
+platform: ruby
+authors:
+- Cyril LEPAGNOT
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2018-11-19 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: grape
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.0'
+- !ruby/object:Gem::Dependency
+  name: fashion_police
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1'
+- !ruby/object:Gem::Dependency
+  name: pry
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.12'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.12'
+- !ruby/object:Gem::Dependency
+  name: pry-byebug
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.6'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.6'
+- !ruby/object:Gem::Dependency
+  name: test-unit
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0'
+description: Protect your Grape API from forgery attacks like Rails.
+email:
+- cyril.lepagnot@kisskissbankbank.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- LICENSE
+- README.md
+- Rakefile
+- lib/grape-forgery_protection.rb
+- lib/grape/forgery_protection/configuration.rb
+- lib/grape/forgery_protection/helpers.rb
+- lib/grape/forgery_protection/version.rb
+homepage: https://github.com/KissKissBankBank/grape-forgery_protection
+licenses:
+- MIT
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.7.7
+signing_key: 
+specification_version: 4
+summary: Protect your Grape API from forgery attacks.
+test_files: []