itsi-server 0.1.1 → 0.2.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/Cargo.lock +4487 -0
- data/Cargo.toml +7 -0
- data/README.md +6 -0
- data/Rakefile +7 -4
- data/exe/itsi +152 -46
- data/ext/itsi_acme/Cargo.toml +86 -0
- data/ext/itsi_acme/examples/high_level.rs +63 -0
- data/ext/itsi_acme/examples/high_level_warp.rs +52 -0
- data/ext/itsi_acme/examples/low_level.rs +87 -0
- data/ext/itsi_acme/examples/low_level_axum.rs +66 -0
- data/ext/itsi_acme/src/acceptor.rs +81 -0
- data/ext/itsi_acme/src/acme.rs +354 -0
- data/ext/itsi_acme/src/axum.rs +86 -0
- data/ext/itsi_acme/src/cache.rs +39 -0
- data/ext/itsi_acme/src/caches/boxed.rs +80 -0
- data/ext/itsi_acme/src/caches/composite.rs +69 -0
- data/ext/itsi_acme/src/caches/dir.rs +106 -0
- data/ext/itsi_acme/src/caches/mod.rs +11 -0
- data/ext/itsi_acme/src/caches/no.rs +78 -0
- data/ext/itsi_acme/src/caches/test.rs +136 -0
- data/ext/itsi_acme/src/config.rs +172 -0
- data/ext/itsi_acme/src/https_helper.rs +69 -0
- data/ext/itsi_acme/src/incoming.rs +142 -0
- data/ext/itsi_acme/src/jose.rs +161 -0
- data/ext/itsi_acme/src/lib.rs +142 -0
- data/ext/itsi_acme/src/resolver.rs +59 -0
- data/ext/itsi_acme/src/state.rs +424 -0
- data/ext/itsi_error/Cargo.toml +3 -0
- data/ext/itsi_error/src/lib.rs +98 -24
- data/ext/itsi_error/target/debug/build/clang-sys-da71b0344e568175/out/common.rs +355 -0
- data/ext/itsi_error/target/debug/build/clang-sys-da71b0344e568175/out/dynamic.rs +276 -0
- data/ext/itsi_error/target/debug/build/clang-sys-da71b0344e568175/out/macros.rs +49 -0
- data/ext/itsi_error/target/debug/build/rb-sys-49f554618693db24/out/bindings-0.9.110-mri-arm64-darwin23-3.4.2.rs +8865 -0
- data/ext/itsi_error/target/debug/incremental/itsi_error-1mmt5sux7jb0i/s-h510z7m8v9-0bxu7yd.lock +0 -0
- data/ext/itsi_error/target/debug/incremental/itsi_error-2vn3jey74oiw0/s-h5113n0e7e-1v5qzs6.lock +0 -0
- data/ext/itsi_error/target/debug/incremental/itsi_error-37uv9dicz7awp/s-h510ykifhe-0tbnep2.lock +0 -0
- data/ext/itsi_error/target/debug/incremental/itsi_error-37uv9dicz7awp/s-h510yyocpj-0tz7ug7.lock +0 -0
- data/ext/itsi_error/target/debug/incremental/itsi_error-37uv9dicz7awp/s-h510z0xc8g-14ol18k.lock +0 -0
- data/ext/itsi_error/target/debug/incremental/itsi_error-3g5qf4y7d54uj/s-h5113n0e7d-1trk8on.lock +0 -0
- data/ext/itsi_error/target/debug/incremental/itsi_error-3lpfftm45d3e2/s-h510z7m8r3-1pxp20o.lock +0 -0
- data/ext/itsi_error/target/debug/incremental/itsi_error-3o4qownhl3d7n/s-h510ykifek-1uxasnk.lock +0 -0
- data/ext/itsi_error/target/debug/incremental/itsi_error-3o4qownhl3d7n/s-h510yyocki-11u37qm.lock +0 -0
- data/ext/itsi_error/target/debug/incremental/itsi_error-3o4qownhl3d7n/s-h510z0xc93-0pmy0zm.lock +0 -0
- data/ext/itsi_instrument_entry/Cargo.toml +15 -0
- data/ext/itsi_instrument_entry/src/lib.rs +31 -0
- data/ext/itsi_rb_helpers/Cargo.toml +3 -0
- data/ext/itsi_rb_helpers/src/heap_value.rs +139 -0
- data/ext/itsi_rb_helpers/src/lib.rs +141 -10
- data/ext/itsi_rb_helpers/target/debug/build/clang-sys-da71b0344e568175/out/common.rs +355 -0
- data/ext/itsi_rb_helpers/target/debug/build/clang-sys-da71b0344e568175/out/dynamic.rs +276 -0
- data/ext/itsi_rb_helpers/target/debug/build/clang-sys-da71b0344e568175/out/macros.rs +49 -0
- data/ext/itsi_rb_helpers/target/debug/build/rb-sys-eb9ed4ff3a60f995/out/bindings-0.9.110-mri-arm64-darwin23-3.4.2.rs +8865 -0
- data/ext/itsi_rb_helpers/target/debug/incremental/itsi_rb_helpers-040pxg6yhb3g3/s-h5113n7a1b-03bwlt4.lock +0 -0
- data/ext/itsi_rb_helpers/target/debug/incremental/itsi_rb_helpers-131g1u4dzkt1a/s-h51113xnh3-1eik1ip.lock +0 -0
- data/ext/itsi_rb_helpers/target/debug/incremental/itsi_rb_helpers-131g1u4dzkt1a/s-h5111704jj-0g4rj8x.lock +0 -0
- data/ext/itsi_rb_helpers/target/debug/incremental/itsi_rb_helpers-1q2d3drtxrzs5/s-h5113n79yl-0bxcqc5.lock +0 -0
- data/ext/itsi_rb_helpers/target/debug/incremental/itsi_rb_helpers-374a9h7ovycj0/s-h51113xoox-10de2hp.lock +0 -0
- data/ext/itsi_rb_helpers/target/debug/incremental/itsi_rb_helpers-374a9h7ovycj0/s-h5111704w7-0vdq7gq.lock +0 -0
- data/ext/itsi_scheduler/Cargo.toml +24 -0
- data/ext/itsi_scheduler/src/itsi_scheduler/io_helpers.rs +56 -0
- data/ext/itsi_scheduler/src/itsi_scheduler/io_waiter.rs +44 -0
- data/ext/itsi_scheduler/src/itsi_scheduler/timer.rs +44 -0
- data/ext/itsi_scheduler/src/itsi_scheduler.rs +314 -0
- data/ext/itsi_scheduler/src/lib.rs +39 -0
- data/ext/itsi_server/Cargo.lock +2956 -0
- data/ext/itsi_server/Cargo.toml +75 -14
- data/ext/itsi_server/extconf.rb +1 -1
- data/ext/itsi_server/src/default_responses/html/401.html +68 -0
- data/ext/itsi_server/src/default_responses/html/403.html +68 -0
- data/ext/itsi_server/src/default_responses/html/404.html +68 -0
- data/ext/itsi_server/src/default_responses/html/413.html +71 -0
- data/ext/itsi_server/src/default_responses/html/429.html +68 -0
- data/ext/itsi_server/src/default_responses/html/500.html +71 -0
- data/ext/itsi_server/src/default_responses/html/502.html +71 -0
- data/ext/itsi_server/src/default_responses/html/503.html +68 -0
- data/ext/itsi_server/src/default_responses/html/504.html +69 -0
- data/ext/itsi_server/src/default_responses/html/index.html +238 -0
- data/ext/itsi_server/src/default_responses/json/401.json +6 -0
- data/ext/itsi_server/src/default_responses/json/403.json +6 -0
- data/ext/itsi_server/src/default_responses/json/404.json +6 -0
- data/ext/itsi_server/src/default_responses/json/413.json +6 -0
- data/ext/itsi_server/src/default_responses/json/429.json +6 -0
- data/ext/itsi_server/src/default_responses/json/500.json +6 -0
- data/ext/itsi_server/src/default_responses/json/502.json +6 -0
- data/ext/itsi_server/src/default_responses/json/503.json +6 -0
- data/ext/itsi_server/src/default_responses/json/504.json +6 -0
- data/ext/itsi_server/src/default_responses/mod.rs +11 -0
- data/ext/itsi_server/src/env.rs +43 -0
- data/ext/itsi_server/src/lib.rs +133 -40
- data/ext/itsi_server/src/prelude.rs +2 -0
- data/ext/itsi_server/src/ruby_types/itsi_body_proxy/big_bytes.rs +109 -0
- data/ext/itsi_server/src/ruby_types/itsi_body_proxy/mod.rs +143 -0
- data/ext/itsi_server/src/ruby_types/itsi_grpc_call.rs +344 -0
- data/ext/itsi_server/src/ruby_types/itsi_grpc_response_stream/mod.rs +264 -0
- data/ext/itsi_server/src/ruby_types/itsi_http_request.rs +362 -0
- data/ext/itsi_server/src/ruby_types/itsi_http_response.rs +391 -0
- data/ext/itsi_server/src/ruby_types/itsi_server/file_watcher.rs +233 -0
- data/ext/itsi_server/src/ruby_types/itsi_server/itsi_server_config.rs +565 -0
- data/ext/itsi_server/src/ruby_types/itsi_server.rs +86 -0
- data/ext/itsi_server/src/ruby_types/mod.rs +48 -0
- data/ext/itsi_server/src/server/binds/bind.rs +204 -0
- data/ext/itsi_server/src/server/binds/bind_protocol.rs +37 -0
- data/ext/itsi_server/src/server/binds/listener.rs +444 -0
- data/ext/itsi_server/src/server/binds/mod.rs +4 -0
- data/ext/itsi_server/src/server/binds/tls/locked_dir_cache.rs +132 -0
- data/ext/itsi_server/src/server/binds/tls.rs +278 -0
- data/ext/itsi_server/src/server/byte_frame.rs +32 -0
- data/ext/itsi_server/src/server/http_message_types.rs +97 -0
- data/ext/itsi_server/src/server/io_stream.rs +105 -0
- data/ext/itsi_server/src/server/lifecycle_event.rs +12 -0
- data/ext/itsi_server/src/server/middleware_stack/middleware.rs +170 -0
- data/ext/itsi_server/src/server/middleware_stack/middlewares/allow_list.rs +63 -0
- data/ext/itsi_server/src/server/middleware_stack/middlewares/auth_api_key.rs +94 -0
- data/ext/itsi_server/src/server/middleware_stack/middlewares/auth_basic.rs +94 -0
- data/ext/itsi_server/src/server/middleware_stack/middlewares/auth_jwt.rs +343 -0
- data/ext/itsi_server/src/server/middleware_stack/middlewares/cache_control.rs +151 -0
- data/ext/itsi_server/src/server/middleware_stack/middlewares/compression.rs +316 -0
- data/ext/itsi_server/src/server/middleware_stack/middlewares/cors.rs +301 -0
- data/ext/itsi_server/src/server/middleware_stack/middlewares/csp.rs +193 -0
- data/ext/itsi_server/src/server/middleware_stack/middlewares/deny_list.rs +64 -0
- data/ext/itsi_server/src/server/middleware_stack/middlewares/error_response/default_responses.rs +192 -0
- data/ext/itsi_server/src/server/middleware_stack/middlewares/error_response.rs +171 -0
- data/ext/itsi_server/src/server/middleware_stack/middlewares/etag.rs +198 -0
- data/ext/itsi_server/src/server/middleware_stack/middlewares/header_interpretation.rs +82 -0
- data/ext/itsi_server/src/server/middleware_stack/middlewares/intrusion_protection.rs +209 -0
- data/ext/itsi_server/src/server/middleware_stack/middlewares/log_requests.rs +82 -0
- data/ext/itsi_server/src/server/middleware_stack/middlewares/max_body.rs +47 -0
- data/ext/itsi_server/src/server/middleware_stack/middlewares/mod.rs +116 -0
- data/ext/itsi_server/src/server/middleware_stack/middlewares/proxy.rs +411 -0
- data/ext/itsi_server/src/server/middleware_stack/middlewares/rate_limit.rs +142 -0
- data/ext/itsi_server/src/server/middleware_stack/middlewares/redirect.rs +55 -0
- data/ext/itsi_server/src/server/middleware_stack/middlewares/request_headers.rs +54 -0
- data/ext/itsi_server/src/server/middleware_stack/middlewares/response_headers.rs +51 -0
- data/ext/itsi_server/src/server/middleware_stack/middlewares/ruby_app.rs +126 -0
- data/ext/itsi_server/src/server/middleware_stack/middlewares/static_assets.rs +187 -0
- data/ext/itsi_server/src/server/middleware_stack/middlewares/static_response.rs +55 -0
- data/ext/itsi_server/src/server/middleware_stack/middlewares/string_rewrite.rs +173 -0
- data/ext/itsi_server/src/server/middleware_stack/middlewares/token_source.rs +31 -0
- data/ext/itsi_server/src/server/middleware_stack/mod.rs +381 -0
- data/ext/itsi_server/src/server/mod.rs +13 -5
- data/ext/itsi_server/src/server/process_worker.rs +247 -0
- data/ext/itsi_server/src/server/redirect_type.rs +26 -0
- data/ext/itsi_server/src/server/request_job.rs +11 -0
- data/ext/itsi_server/src/server/serve_strategy/cluster_mode.rs +354 -0
- data/ext/itsi_server/src/server/serve_strategy/mod.rs +30 -0
- data/ext/itsi_server/src/server/serve_strategy/single_mode.rs +481 -0
- data/ext/itsi_server/src/server/signal.rs +77 -0
- data/ext/itsi_server/src/server/size_limited_incoming.rs +107 -0
- data/ext/itsi_server/src/server/thread_worker.rs +479 -0
- data/ext/itsi_server/src/services/cache_store.rs +74 -0
- data/ext/itsi_server/src/services/itsi_http_service.rs +257 -0
- data/ext/itsi_server/src/services/mime_types.rs +1416 -0
- data/ext/itsi_server/src/services/mod.rs +6 -0
- data/ext/itsi_server/src/services/password_hasher.rs +83 -0
- data/ext/itsi_server/src/services/rate_limiter.rs +580 -0
- data/ext/itsi_server/src/services/static_file_server.rs +1340 -0
- data/ext/itsi_tracing/Cargo.toml +5 -0
- data/ext/itsi_tracing/src/lib.rs +366 -7
- data/ext/itsi_tracing/target/debug/incremental/itsi_tracing-0994n8rpvvt9m/s-h510hfz1f6-1kbycmq.lock +0 -0
- data/ext/itsi_tracing/target/debug/incremental/itsi_tracing-0bob7bf4yq34i/s-h5113125h5-0lh4rag.lock +0 -0
- data/ext/itsi_tracing/target/debug/incremental/itsi_tracing-2fcodulrxbbxo/s-h510h2infk-0hp5kjw.lock +0 -0
- data/ext/itsi_tracing/target/debug/incremental/itsi_tracing-2iak63r1woi1l/s-h510h2in4q-0kxfzw1.lock +0 -0
- data/ext/itsi_tracing/target/debug/incremental/itsi_tracing-2kk4qj9gn5dg2/s-h5113124kv-0enwon2.lock +0 -0
- data/ext/itsi_tracing/target/debug/incremental/itsi_tracing-2mwo0yas7dtw4/s-h510hfz1ha-1udgpei.lock +0 -0
- data/lib/itsi/http_request/response_status_shortcodes.rb +76 -0
- data/lib/itsi/http_request.rb +218 -0
- data/lib/itsi/http_response.rb +42 -0
- data/lib/itsi/passfile.rb +108 -0
- data/lib/itsi/server/config/config_helpers.rb +105 -0
- data/lib/itsi/server/config/dsl.rb +211 -0
- data/lib/itsi/server/config/known_paths/KitchensinkDirectories.txt +2346 -0
- data/lib/itsi/server/config/known_paths/Randomfiles.txt +24 -0
- data/lib/itsi/server/config/known_paths/UnixDotfiles.txt +52 -0
- data/lib/itsi/server/config/known_paths/backdoors/ASP_CommonBackdoors.txt +29 -0
- data/lib/itsi/server/config/known_paths/backdoors/bot_control_panels.txt +1668 -0
- data/lib/itsi/server/config/known_paths/backdoors/shells.txt +1167 -0
- data/lib/itsi/server/config/known_paths/cgi/CGI_HTTP_POST.txt +7 -0
- data/lib/itsi/server/config/known_paths/cgi/CGI_HTTP_POST_Windows.txt +6 -0
- data/lib/itsi/server/config/known_paths/cgi/CGI_Microsoft.txt +79 -0
- data/lib/itsi/server/config/known_paths/cgi/CGI_XPlatform.txt +3948 -0
- data/lib/itsi/server/config/known_paths/cms/README.md +5 -0
- data/lib/itsi/server/config/known_paths/cms/drupal_plugins.txt +6320 -0
- data/lib/itsi/server/config/known_paths/cms/drupal_themes.txt +828 -0
- data/lib/itsi/server/config/known_paths/cms/joomla_plugins.txt +224 -0
- data/lib/itsi/server/config/known_paths/cms/joomla_themes.txt +30 -0
- data/lib/itsi/server/config/known_paths/cms/php-nuke.txt +2142 -0
- data/lib/itsi/server/config/known_paths/cms/wordpress.txt +1566 -0
- data/lib/itsi/server/config/known_paths/cms/wp_common_theme_files.txt +46 -0
- data/lib/itsi/server/config/known_paths/cms/wp_plugins.txt +13366 -0
- data/lib/itsi/server/config/known_paths/cms/wp_plugins_full.txt +68662 -0
- data/lib/itsi/server/config/known_paths/cms/wp_plugins_top225.txt +225 -0
- data/lib/itsi/server/config/known_paths/cms/wp_themes.readme +12 -0
- data/lib/itsi/server/config/known_paths/cms/wp_themes.txt +7336 -0
- data/lib/itsi/server/config/known_paths/filename-dirname-bruteforce/3CharExtBrute.txt +17576 -0
- data/lib/itsi/server/config/known_paths/filename-dirname-bruteforce/CommonWebExtensions.txt +80 -0
- data/lib/itsi/server/config/known_paths/filename-dirname-bruteforce/Extensions.Backup.txt +14 -0
- data/lib/itsi/server/config/known_paths/filename-dirname-bruteforce/Extensions.Common.txt +865 -0
- data/lib/itsi/server/config/known_paths/filename-dirname-bruteforce/Extensions.Compressed.txt +186 -0
- data/lib/itsi/server/config/known_paths/filename-dirname-bruteforce/Extensions.Mostcommon.txt +30 -0
- data/lib/itsi/server/config/known_paths/filename-dirname-bruteforce/Extensions.Skipfish.txt +93 -0
- data/lib/itsi/server/config/known_paths/filename-dirname-bruteforce/WordlistSkipfish.txt +1918 -0
- data/lib/itsi/server/config/known_paths/filename-dirname-bruteforce/copy_of.txt +8 -0
- data/lib/itsi/server/config/known_paths/filename-dirname-bruteforce/raft-large-directories-lowercase.txt +56180 -0
- data/lib/itsi/server/config/known_paths/filename-dirname-bruteforce/raft-large-directories.txt +62290 -0
- data/lib/itsi/server/config/known_paths/filename-dirname-bruteforce/raft-large-extensions-lowercase.txt +2367 -0
- data/lib/itsi/server/config/known_paths/filename-dirname-bruteforce/raft-large-extensions.txt +2450 -0
- data/lib/itsi/server/config/known_paths/filename-dirname-bruteforce/raft-large-files-lowercase.txt +35323 -0
- data/lib/itsi/server/config/known_paths/filename-dirname-bruteforce/raft-large-files.txt +37037 -0
- data/lib/itsi/server/config/known_paths/filename-dirname-bruteforce/raft-large-words-lowercase.txt +107982 -0
- data/lib/itsi/server/config/known_paths/filename-dirname-bruteforce/raft-large-words.txt +119600 -0
- data/lib/itsi/server/config/known_paths/filename-dirname-bruteforce/raft-medium-directories-lowercase.txt +26593 -0
- data/lib/itsi/server/config/known_paths/filename-dirname-bruteforce/raft-medium-directories.txt +30009 -0
- data/lib/itsi/server/config/known_paths/filename-dirname-bruteforce/raft-medium-extensions-lowercase.txt +1233 -0
- data/lib/itsi/server/config/known_paths/filename-dirname-bruteforce/raft-medium-extensions.txt +1289 -0
- data/lib/itsi/server/config/known_paths/filename-dirname-bruteforce/raft-medium-files-lowercase.txt +16243 -0
- data/lib/itsi/server/config/known_paths/filename-dirname-bruteforce/raft-medium-files.txt +17128 -0
- data/lib/itsi/server/config/known_paths/filename-dirname-bruteforce/raft-medium-words-lowercase.txt +56293 -0
- data/lib/itsi/server/config/known_paths/filename-dirname-bruteforce/raft-medium-words.txt +63087 -0
- data/lib/itsi/server/config/known_paths/filename-dirname-bruteforce/raft-small-directories-lowercase.txt +17776 -0
- data/lib/itsi/server/config/known_paths/filename-dirname-bruteforce/raft-small-directories.txt +20122 -0
- data/lib/itsi/server/config/known_paths/filename-dirname-bruteforce/raft-small-extensions-lowercase.txt +914 -0
- data/lib/itsi/server/config/known_paths/filename-dirname-bruteforce/raft-small-extensions.txt +963 -0
- data/lib/itsi/server/config/known_paths/filename-dirname-bruteforce/raft-small-files-lowercase.txt +10848 -0
- data/lib/itsi/server/config/known_paths/filename-dirname-bruteforce/raft-small-files.txt +11424 -0
- data/lib/itsi/server/config/known_paths/filename-dirname-bruteforce/raft-small-words-lowercase.txt +38267 -0
- data/lib/itsi/server/config/known_paths/filename-dirname-bruteforce/raft-small-words.txt +43003 -0
- data/lib/itsi/server/config/known_paths/filename-dirname-bruteforce/spanish.txt +445 -0
- data/lib/itsi/server/config/known_paths/filename-dirname-bruteforce/test_demo.txt +36 -0
- data/lib/itsi/server/config/known_paths/filename-dirname-bruteforce/upload_variants.txt +44 -0
- data/lib/itsi/server/config/known_paths/login-file-locations/Logins.txt +71 -0
- data/lib/itsi/server/config/known_paths/login-file-locations/cfm.txt +294 -0
- data/lib/itsi/server/config/known_paths/login-file-locations/html.txt +295 -0
- data/lib/itsi/server/config/known_paths/login-file-locations/jsp.txt +294 -0
- data/lib/itsi/server/config/known_paths/login-file-locations/php.txt +294 -0
- data/lib/itsi/server/config/known_paths/login-file-locations/windows-asp.txt +294 -0
- data/lib/itsi/server/config/known_paths/login-file-locations/windows-aspx.txt +294 -0
- data/lib/itsi/server/config/known_paths/password-file-locations/Passwords.txt +47 -0
- data/lib/itsi/server/config/known_paths/php/PHP.txt +30 -0
- data/lib/itsi/server/config/known_paths/php/PHP_CommonBackdoors.txt +5 -0
- data/lib/itsi/server/config/known_paths/proxy-conf.txt +31 -0
- data/lib/itsi/server/config/known_paths/tftp.txt +79 -0
- data/lib/itsi/server/config/known_paths/webservers-appservers/ADFS.txt +86 -0
- data/lib/itsi/server/config/known_paths/webservers-appservers/AdobeXML.txt +16 -0
- data/lib/itsi/server/config/known_paths/webservers-appservers/Apache.txt +101 -0
- data/lib/itsi/server/config/known_paths/webservers-appservers/ApacheTomcat.txt +47 -0
- data/lib/itsi/server/config/known_paths/webservers-appservers/Apache_Axis.txt +16 -0
- data/lib/itsi/server/config/known_paths/webservers-appservers/ColdFusion.txt +111 -0
- data/lib/itsi/server/config/known_paths/webservers-appservers/FatwireCMS.txt +390 -0
- data/lib/itsi/server/config/known_paths/webservers-appservers/Frontpage.txt +38 -0
- data/lib/itsi/server/config/known_paths/webservers-appservers/HP_System_Mgmt_Homepage.txt +239 -0
- data/lib/itsi/server/config/known_paths/webservers-appservers/HTTP_POST_Microsoft.txt +2 -0
- data/lib/itsi/server/config/known_paths/webservers-appservers/Hyperion.txt +578 -0
- data/lib/itsi/server/config/known_paths/webservers-appservers/IIS.txt +187 -0
- data/lib/itsi/server/config/known_paths/webservers-appservers/JBoss.txt +5 -0
- data/lib/itsi/server/config/known_paths/webservers-appservers/JRun.txt +13 -0
- data/lib/itsi/server/config/known_paths/webservers-appservers/JavaServlets_Common.txt +3 -0
- data/lib/itsi/server/config/known_paths/webservers-appservers/Joomla_exploitable.txt +1937 -0
- data/lib/itsi/server/config/known_paths/webservers-appservers/LotusNotes.txt +206 -0
- data/lib/itsi/server/config/known_paths/webservers-appservers/Netware.txt +18 -0
- data/lib/itsi/server/config/known_paths/webservers-appservers/Oracle9i.txt +60 -0
- data/lib/itsi/server/config/known_paths/webservers-appservers/OracleAppServer.txt +192 -0
- data/lib/itsi/server/config/known_paths/webservers-appservers/README.md +6 -0
- data/lib/itsi/server/config/known_paths/webservers-appservers/Ruby_Rails.txt +121 -0
- data/lib/itsi/server/config/known_paths/webservers-appservers/SAP.txt +463 -0
- data/lib/itsi/server/config/known_paths/webservers-appservers/Sharepoint.txt +1707 -0
- data/lib/itsi/server/config/known_paths/webservers-appservers/SiteMinder.txt +19 -0
- data/lib/itsi/server/config/known_paths/webservers-appservers/SunAppServerGlassfish.txt +51 -0
- data/lib/itsi/server/config/known_paths/webservers-appservers/SuniPlanet.txt +35 -0
- data/lib/itsi/server/config/known_paths/webservers-appservers/Vignette.txt +73 -0
- data/lib/itsi/server/config/known_paths/webservers-appservers/Weblogic.txt +160 -0
- data/lib/itsi/server/config/known_paths/webservers-appservers/Websphere.txt +366 -0
- data/lib/itsi/server/config/known_paths/wellknown-rfc5785.txt +30 -0
- data/lib/itsi/server/config/known_paths.rb +20 -0
- data/lib/itsi/server/config/middleware/_index.md +56 -0
- data/lib/itsi/server/config/middleware/allow_list.md +46 -0
- data/lib/itsi/server/config/middleware/allow_list.rb +42 -0
- data/lib/itsi/server/config/middleware/auth_api_key.md +90 -0
- data/lib/itsi/server/config/middleware/auth_api_key.rb +51 -0
- data/lib/itsi/server/config/middleware/auth_basic.md +45 -0
- data/lib/itsi/server/config/middleware/auth_basic.rb +44 -0
- data/lib/itsi/server/config/middleware/auth_jwt.md +82 -0
- data/lib/itsi/server/config/middleware/auth_jwt.rb +38 -0
- data/lib/itsi/server/config/middleware/cache_control.md +78 -0
- data/lib/itsi/server/config/middleware/cache_control.rb +45 -0
- data/lib/itsi/server/config/middleware/cidr_to_regex.rb +50 -0
- data/lib/itsi/server/config/middleware/compression.md +50 -0
- data/lib/itsi/server/config/middleware/compression.rb +37 -0
- data/lib/itsi/server/config/middleware/cors.md +93 -0
- data/lib/itsi/server/config/middleware/cors.rb +32 -0
- data/lib/itsi/server/config/middleware/csp.md +37 -0
- data/lib/itsi/server/config/middleware/csp.rb +44 -0
- data/lib/itsi/server/config/middleware/deny_list.md +45 -0
- data/lib/itsi/server/config/middleware/deny_list.rb +42 -0
- data/lib/itsi/server/config/middleware/endpoint/_index.md +159 -0
- data/lib/itsi/server/config/middleware/endpoint/controller.md +186 -0
- data/lib/itsi/server/config/middleware/endpoint/controller.rb +33 -0
- data/lib/itsi/server/config/middleware/endpoint/delete.md +12 -0
- data/lib/itsi/server/config/middleware/endpoint/delete.rb +42 -0
- data/lib/itsi/server/config/middleware/endpoint/endpoint.rb +99 -0
- data/lib/itsi/server/config/middleware/endpoint/get.md +12 -0
- data/lib/itsi/server/config/middleware/endpoint/get.rb +42 -0
- data/lib/itsi/server/config/middleware/endpoint/http_request.md +44 -0
- data/lib/itsi/server/config/middleware/endpoint/http_response.md +39 -0
- data/lib/itsi/server/config/middleware/endpoint/patch.md +12 -0
- data/lib/itsi/server/config/middleware/endpoint/patch.rb +42 -0
- data/lib/itsi/server/config/middleware/endpoint/post.md +12 -0
- data/lib/itsi/server/config/middleware/endpoint/post.rb +42 -0
- data/lib/itsi/server/config/middleware/endpoint/put.md +12 -0
- data/lib/itsi/server/config/middleware/endpoint/put.rb +42 -0
- data/lib/itsi/server/config/middleware/endpoint/schemas.md +122 -0
- data/lib/itsi/server/config/middleware/error_response.md +61 -0
- data/lib/itsi/server/config/middleware/error_response.rb +36 -0
- data/lib/itsi/server/config/middleware/etag.md +59 -0
- data/lib/itsi/server/config/middleware/etag.rb +27 -0
- data/lib/itsi/server/config/middleware/grpc.md +172 -0
- data/lib/itsi/server/config/middleware/grpc.rb +54 -0
- data/lib/itsi/server/config/middleware/intrusion_protection.md +124 -0
- data/lib/itsi/server/config/middleware/intrusion_protection.rb +61 -0
- data/lib/itsi/server/config/middleware/location.md +107 -0
- data/lib/itsi/server/config/middleware/location.rb +99 -0
- data/lib/itsi/server/config/middleware/log_requests.md +65 -0
- data/lib/itsi/server/config/middleware/log_requests.rb +31 -0
- data/lib/itsi/server/config/middleware/max_body.md +18 -0
- data/lib/itsi/server/config/middleware/max_body.rb +21 -0
- data/lib/itsi/server/config/middleware/proxy.md +62 -0
- data/lib/itsi/server/config/middleware/proxy.rb +41 -0
- data/lib/itsi/server/config/middleware/rackup_file.md +54 -0
- data/lib/itsi/server/config/middleware/rackup_file.rb +44 -0
- data/lib/itsi/server/config/middleware/rate_limit.md +126 -0
- data/lib/itsi/server/config/middleware/rate_limit.rb +34 -0
- data/lib/itsi/server/config/middleware/rate_limit_store.rb +25 -0
- data/lib/itsi/server/config/middleware/redirect.md +55 -0
- data/lib/itsi/server/config/middleware/redirect.rb +25 -0
- data/lib/itsi/server/config/middleware/request_headers.md +34 -0
- data/lib/itsi/server/config/middleware/request_headers.rb +24 -0
- data/lib/itsi/server/config/middleware/response_headers.md +33 -0
- data/lib/itsi/server/config/middleware/response_headers.rb +25 -0
- data/lib/itsi/server/config/middleware/run.md +60 -0
- data/lib/itsi/server/config/middleware/run.rb +43 -0
- data/lib/itsi/server/config/middleware/static_assets.md +73 -0
- data/lib/itsi/server/config/middleware/static_assets.rb +87 -0
- data/lib/itsi/server/config/middleware/static_response.md +44 -0
- data/lib/itsi/server/config/middleware/static_response.rb +29 -0
- data/lib/itsi/server/config/middleware/string_rewrite.md +67 -0
- data/lib/itsi/server/config/middleware/token_source.rb +32 -0
- data/lib/itsi/server/config/middleware.rb +13 -0
- data/lib/itsi/server/config/option.rb +14 -0
- data/lib/itsi/server/config/options/_index.md +37 -0
- data/lib/itsi/server/config/options/auto_reload_config.md +13 -0
- data/lib/itsi/server/config/options/auto_reload_config.rb +41 -0
- data/lib/itsi/server/config/options/bind.md +71 -0
- data/lib/itsi/server/config/options/bind.rb +26 -0
- data/lib/itsi/server/config/options/certificates.md +65 -0
- data/lib/itsi/server/config/options/daemonize.md +14 -0
- data/lib/itsi/server/config/options/daemonize.rb +19 -0
- data/lib/itsi/server/config/options/fiber_scheduler.md +34 -0
- data/lib/itsi/server/config/options/fiber_scheduler.rb +21 -0
- data/lib/itsi/server/config/options/header_read_timeout.md +17 -0
- data/lib/itsi/server/config/options/header_read_timeout.rb +19 -0
- data/lib/itsi/server/config/options/hooks/_index.md +11 -0
- data/lib/itsi/server/config/options/hooks/after_fork.md +13 -0
- data/lib/itsi/server/config/options/hooks/after_fork.rb +28 -0
- data/lib/itsi/server/config/options/hooks/after_memory_limit_reached.md +14 -0
- data/lib/itsi/server/config/options/hooks/after_memory_limit_reached.rb +28 -0
- data/lib/itsi/server/config/options/hooks/after_start.md +12 -0
- data/lib/itsi/server/config/options/hooks/after_start.rb +28 -0
- data/lib/itsi/server/config/options/hooks/before_fork.md +13 -0
- data/lib/itsi/server/config/options/hooks/before_fork.rb +28 -0
- data/lib/itsi/server/config/options/hooks/before_restart.md +12 -0
- data/lib/itsi/server/config/options/hooks/before_restart.rb +28 -0
- data/lib/itsi/server/config/options/hooks/before_shutdown.md +12 -0
- data/lib/itsi/server/config/options/hooks/before_shutdown.rb +28 -0
- data/lib/itsi/server/config/options/include.md +20 -0
- data/lib/itsi/server/config/options/include.rb +36 -0
- data/lib/itsi/server/config/options/listen_backlog.md +11 -0
- data/lib/itsi/server/config/options/listen_backlog.rb +19 -0
- data/lib/itsi/server/config/options/log_format.md +18 -0
- data/lib/itsi/server/config/options/log_format.rb +19 -0
- data/lib/itsi/server/config/options/log_level.md +34 -0
- data/lib/itsi/server/config/options/log_level.rb +20 -0
- data/lib/itsi/server/config/options/log_target.md +38 -0
- data/lib/itsi/server/config/options/log_target.rb +19 -0
- data/lib/itsi/server/config/options/log_target_filters.md +17 -0
- data/lib/itsi/server/config/options/log_target_filters.rb +19 -0
- data/lib/itsi/server/config/options/multithreaded_reactor.md +27 -0
- data/lib/itsi/server/config/options/multithreaded_reactor.rb +24 -0
- data/lib/itsi/server/config/options/nodelay.md +16 -0
- data/lib/itsi/server/config/options/nodelay.rb +19 -0
- data/lib/itsi/server/config/options/oob_gc_responses_threshold.md +19 -0
- data/lib/itsi/server/config/options/oob_gc_responses_threshold.rb +18 -0
- data/lib/itsi/server/config/options/pin_worker_cores.md +17 -0
- data/lib/itsi/server/config/options/pin_worker_cores.rb +19 -0
- data/lib/itsi/server/config/options/preload.md +21 -0
- data/lib/itsi/server/config/options/preload.rb +18 -0
- data/lib/itsi/server/config/options/recv_buffer_size.md +15 -0
- data/lib/itsi/server/config/options/recv_buffer_size.rb +19 -0
- data/lib/itsi/server/config/options/redirect_http_to_https.md +21 -0
- data/lib/itsi/server/config/options/redirect_http_to_https.rb +30 -0
- data/lib/itsi/server/config/options/request_timeout.md +23 -0
- data/lib/itsi/server/config/options/request_timeout.rb +19 -0
- data/lib/itsi/server/config/options/reuse_address.md +16 -0
- data/lib/itsi/server/config/options/reuse_address.rb +19 -0
- data/lib/itsi/server/config/options/reuse_port.md +16 -0
- data/lib/itsi/server/config/options/reuse_port.rb +19 -0
- data/lib/itsi/server/config/options/scheduler_threads.md +34 -0
- data/lib/itsi/server/config/options/scheduler_threads.rb +17 -0
- data/lib/itsi/server/config/options/shutdown_timeout.md +17 -0
- data/lib/itsi/server/config/options/shutdown_timeout.rb +19 -0
- data/lib/itsi/server/config/options/stream_body.md +32 -0
- data/lib/itsi/server/config/options/stream_body.rb +18 -0
- data/lib/itsi/server/config/options/threads.md +44 -0
- data/lib/itsi/server/config/options/threads.rb +17 -0
- data/lib/itsi/server/config/options/watch.md +16 -0
- data/lib/itsi/server/config/options/watch.rb +28 -0
- data/lib/itsi/server/config/options/worker_memory_limit.md +22 -0
- data/lib/itsi/server/config/options/worker_memory_limit.rb +18 -0
- data/lib/itsi/server/config/options/workers.md +42 -0
- data/lib/itsi/server/config/options/workers.rb +17 -0
- data/lib/itsi/server/config/typed_struct.rb +242 -0
- data/lib/itsi/server/config.rb +289 -0
- data/lib/itsi/server/default_app/default_app.rb +34 -0
- data/lib/itsi/server/default_app/index.html +115 -0
- data/lib/itsi/server/default_config/Itsi.rb +107 -0
- data/lib/itsi/server/grpc/grpc_call.rb +246 -0
- data/lib/itsi/server/grpc/grpc_interface.rb +107 -0
- data/lib/itsi/server/grpc/reflection/v1/reflection_pb.rb +26 -0
- data/lib/itsi/server/grpc/reflection/v1/reflection_services_pb.rb +122 -0
- data/lib/itsi/server/rack/handler/itsi.rb +27 -0
- data/lib/itsi/server/rack_interface.rb +94 -0
- data/lib/itsi/server/route_tester.rb +157 -0
- data/lib/itsi/server/scheduler_interface.rb +21 -0
- data/lib/itsi/server/scheduler_mode.rb +10 -0
- data/lib/itsi/server/signal_trap.rb +33 -0
- data/lib/itsi/server/typed_handlers/param_parser.rb +196 -0
- data/lib/itsi/server/typed_handlers/source_parser.rb +56 -0
- data/lib/itsi/server/typed_handlers.rb +25 -0
- data/lib/itsi/server/version.rb +1 -1
- data/lib/itsi/server.rb +265 -9
- data/lib/itsi/standard_headers.rb +86 -0
- data/lib/ruby_lsp/itsi/addon.rb +129 -0
- data/lib/shell_completions/completions.rb +26 -0
- metadata +454 -28
- data/CHANGELOG.md +0 -5
- data/CODE_OF_CONDUCT.md +0 -132
- data/LICENSE.txt +0 -21
- data/ext/itsi_server/src/request/itsi_request.rs +0 -143
- data/ext/itsi_server/src/request/mod.rs +0 -1
- data/ext/itsi_server/src/server/bind.rs +0 -138
- data/ext/itsi_server/src/server/itsi_ca/itsi_ca.crt +0 -32
- data/ext/itsi_server/src/server/itsi_ca/itsi_ca.key +0 -52
- data/ext/itsi_server/src/server/itsi_server.rs +0 -182
- data/ext/itsi_server/src/server/listener.rs +0 -218
- data/ext/itsi_server/src/server/tls.rs +0 -138
- data/ext/itsi_server/src/server/transfer_protocol.rs +0 -23
- data/ext/itsi_server/src/stream_writer/mod.rs +0 -21
- data/lib/itsi/request.rb +0 -39
|
@@ -0,0 +1,50 @@
|
|
|
1
|
+
module Itsi
|
|
2
|
+
class Server
|
|
3
|
+
module CidrToRegex
|
|
4
|
+
require 'ipaddr'
|
|
5
|
+
|
|
6
|
+
def range_to_regex(range)
|
|
7
|
+
# Convert an IP range to regex by component
|
|
8
|
+
start_ip, end_ip = range.begin, range.end
|
|
9
|
+
|
|
10
|
+
start_parts = start_ip.to_s.split('.').map(&:to_i)
|
|
11
|
+
end_parts = end_ip.to_s.split('.').map(&:to_i)
|
|
12
|
+
|
|
13
|
+
build_regex_from_parts(start_parts, end_parts)
|
|
14
|
+
end
|
|
15
|
+
|
|
16
|
+
def part_to_range_regex(start_val, end_val)
|
|
17
|
+
return start_val.to_s if start_val == end_val
|
|
18
|
+
|
|
19
|
+
ranges = []
|
|
20
|
+
(start_val..end_val).each do |val|
|
|
21
|
+
ranges << val.to_s
|
|
22
|
+
end
|
|
23
|
+
|
|
24
|
+
# Group similar patterns for compact regex
|
|
25
|
+
ranges.map! { |v| Regexp.escape(v) }
|
|
26
|
+
"(#{ranges.join('|')})"
|
|
27
|
+
end
|
|
28
|
+
|
|
29
|
+
def build_regex_from_parts(start_parts, end_parts)
|
|
30
|
+
# Build regex for each octet
|
|
31
|
+
parts = []
|
|
32
|
+
(0..3).each do |i|
|
|
33
|
+
if start_parts[i] == end_parts[i]
|
|
34
|
+
parts << Regexp.escape(start_parts[i].to_s)
|
|
35
|
+
else
|
|
36
|
+
parts << part_to_range_regex(start_parts[i], end_parts[i])
|
|
37
|
+
end
|
|
38
|
+
end
|
|
39
|
+
|
|
40
|
+
/^#{parts.join('\.')}$/
|
|
41
|
+
end
|
|
42
|
+
|
|
43
|
+
def cidr_to_regex(cidr)
|
|
44
|
+
ip_range = IPAddr.new(cidr).to_range
|
|
45
|
+
range_to_regex(ip_range)
|
|
46
|
+
end
|
|
47
|
+
|
|
48
|
+
end
|
|
49
|
+
end
|
|
50
|
+
end
|
|
@@ -0,0 +1,50 @@
|
|
|
1
|
+
---
|
|
2
|
+
title: Compression
|
|
3
|
+
url: /middleware/compression
|
|
4
|
+
---
|
|
5
|
+
|
|
6
|
+
The compression middleware allows you to configure compression settings for your application.
|
|
7
|
+
You can enable several different compression algorithms, and choose to selectively apply these based on the request path, content type, mime-type, and size. You can also choose whether or not to compress streams, and adjust the compression level.
|
|
8
|
+
|
|
9
|
+
|
|
10
|
+
## Top level compression
|
|
11
|
+
```ruby {filename=Itsi.rb}
|
|
12
|
+
compress \
|
|
13
|
+
min_size: 1024 # 1KiB,
|
|
14
|
+
algorithms: %w[zstd gzip deflate br],
|
|
15
|
+
compress_streams: true,
|
|
16
|
+
mime_types: %[all],
|
|
17
|
+
level: "fastest"
|
|
18
|
+
```
|
|
19
|
+
|
|
20
|
+
## Compression within a location block
|
|
21
|
+
```ruby {filename=Itsi.rb}
|
|
22
|
+
|
|
23
|
+
location "/images" do
|
|
24
|
+
compress \
|
|
25
|
+
min_size: 1024 # 1KiB,
|
|
26
|
+
algorithms: %w[zstd gzip deflate br],
|
|
27
|
+
mime_types: %[image],
|
|
28
|
+
level: "fastest"
|
|
29
|
+
|
|
30
|
+
static_assets: \
|
|
31
|
+
...
|
|
32
|
+
end
|
|
33
|
+
```
|
|
34
|
+
|
|
35
|
+
## Parameters
|
|
36
|
+
|
|
37
|
+
| Parameter | Description |
|
|
38
|
+
| --- | --- |
|
|
39
|
+
| `min_size` | The minimum size of the response body in bytes before compression is applied. Default is `1024` (1KiB). |
|
|
40
|
+
| `algorithms` | An array of compression algorithms to use. Supports any combination of `zstd`, `gzip`, `deflate`, `br`. |
|
|
41
|
+
| `compress_streams` | Whether or not to compress streams. Default is `true`. |
|
|
42
|
+
| `mime_types` | An array of mime-type groups/classes as string to compress. Default is `["all"]`.<br/>Available options are `all`, `text`, `image`, `audio`, `video`, `application`, `font`. <br/>You can also match arbitrary mime-types, by using an `other` object instead `{ "other" => "other/type" }` |
|
|
43
|
+
| `level` | The compression level to use. Default is `fastest`. Can be any of `fastest`, `best`, `balanced` and `precise` |
|
|
44
|
+
|
|
45
|
+
<br/>
|
|
46
|
+
|
|
47
|
+
# Pre-compressed `static_assets`
|
|
48
|
+
Itsi also supports serving pre-compressed static assets directly from the file-system.
|
|
49
|
+
This is configured inside the `static_assets` middleware.
|
|
50
|
+
Go to the [static_assets](/middleware/static_assets.md) middleware for more information.
|
|
@@ -0,0 +1,37 @@
|
|
|
1
|
+
module Itsi
|
|
2
|
+
class Server
|
|
3
|
+
module Config
|
|
4
|
+
class Compress < Middleware
|
|
5
|
+
|
|
6
|
+
insert_text <<~SNIPPET
|
|
7
|
+
compress \\
|
|
8
|
+
min_size: ${1|1024 * 1024|},
|
|
9
|
+
algorithms: ${2|%w[zstd gzip deflate br]|},
|
|
10
|
+
compress_streams: ${3|true,false|},
|
|
11
|
+
mime_types: ${4|%w[all],%w[image],%w[text image audio video font]|},
|
|
12
|
+
level: ${5|"fastest","precise","balanced","best"|}
|
|
13
|
+
SNIPPET
|
|
14
|
+
|
|
15
|
+
detail "Enable response compression"
|
|
16
|
+
|
|
17
|
+
OtherMimeType = TypedStruct.new do
|
|
18
|
+
{
|
|
19
|
+
other: Type(String)
|
|
20
|
+
}
|
|
21
|
+
end
|
|
22
|
+
|
|
23
|
+
schema do
|
|
24
|
+
{
|
|
25
|
+
min_size: (Range(0..1024 ** 4) & Required()).default(1024),
|
|
26
|
+
algorithms: (Array(Enum(%w[zstd gzip deflate br])).default(%w[zstd gzip deflate br])),
|
|
27
|
+
compress_streams: (Bool().default(true)),
|
|
28
|
+
mime_types: Array(Or(Enum(%w[text image application audio video font all]), Type(OtherMimeType))).default(%w[all]),
|
|
29
|
+
level: Enum(%w[fastest precise balanced best]).default("fastest")
|
|
30
|
+
}
|
|
31
|
+
end
|
|
32
|
+
|
|
33
|
+
|
|
34
|
+
end
|
|
35
|
+
end
|
|
36
|
+
end
|
|
37
|
+
end
|
|
@@ -0,0 +1,93 @@
|
|
|
1
|
+
---
|
|
2
|
+
title: CORS
|
|
3
|
+
url: /middleware/cors
|
|
4
|
+
---
|
|
5
|
+
|
|
6
|
+
The CORS middleware allows you to configure CORS settings for your application.
|
|
7
|
+
You can enable CORS for specific origins, methods, headers, and credentials.
|
|
8
|
+
|
|
9
|
+
|
|
10
|
+
## CORS configuration
|
|
11
|
+
```ruby {filename=Itsi.rb}
|
|
12
|
+
cors \
|
|
13
|
+
allow_origins: ["*"],
|
|
14
|
+
allow_methods: ["GET", "POST", "PUT", "DELETE"],
|
|
15
|
+
allow_headers: ["Content-Type", "Authorization"],
|
|
16
|
+
allow_credentials: true,
|
|
17
|
+
expose_headers: ["X-Total-Count"],
|
|
18
|
+
max_age: 3600
|
|
19
|
+
```
|
|
20
|
+
|
|
21
|
+
|
|
22
|
+
|
|
23
|
+
## CORS Applied to a sub-location
|
|
24
|
+
```ruby {filename=Itsi.rb}
|
|
25
|
+
location "/api" do
|
|
26
|
+
cors \
|
|
27
|
+
allow_origins: ["*"],
|
|
28
|
+
allow_methods: ["GET", "POST", "PUT", "DELETE"],
|
|
29
|
+
allow_headers: ["Content-Type", "Authorization"],
|
|
30
|
+
allow_credentials: true,
|
|
31
|
+
expose_headers: ["X-Total-Count"],
|
|
32
|
+
max_age: 3600
|
|
33
|
+
end
|
|
34
|
+
```
|
|
35
|
+
|
|
36
|
+
## Configuration Options
|
|
37
|
+
|
|
38
|
+
You can customize the CORS behavior using the following options:
|
|
39
|
+
|
|
40
|
+
- **allow_origins**:
|
|
41
|
+
A list of allowed origins (e.g., `"*"` or specific domain names).
|
|
42
|
+
When credentials are allowed (see `allow_credentials`), the middleware echoes back the exact origin from the request.
|
|
43
|
+
|
|
44
|
+
- **allow_methods**:
|
|
45
|
+
A list of allowed HTTP methods. Supported methods include:
|
|
46
|
+
- `GET`
|
|
47
|
+
- `POST`
|
|
48
|
+
- `PUT`
|
|
49
|
+
- `DELETE`
|
|
50
|
+
- `OPTIONS`
|
|
51
|
+
- `HEAD`
|
|
52
|
+
- `PATCH`
|
|
53
|
+
The internal implementation uses an enum (`HttpMethod`) with helper methods to match and convert these values.
|
|
54
|
+
|
|
55
|
+
- **allow_headers**:
|
|
56
|
+
A list of headers that the client is allowed to include in its requests.
|
|
57
|
+
|
|
58
|
+
- **allow_credentials**:
|
|
59
|
+
A boolean flag indicating whether credentials (like cookies or authorization headers) are allowed.
|
|
60
|
+
|
|
61
|
+
- **expose_headers**:
|
|
62
|
+
A list of headers that browsers are allowed to access from the response.
|
|
63
|
+
|
|
64
|
+
- **max_age**:
|
|
65
|
+
An optional field that sets the maximum time (in seconds) the result of a preflight request can be cached.
|
|
66
|
+
|
|
67
|
+
## How It Works
|
|
68
|
+
|
|
69
|
+
### Preflight Requests
|
|
70
|
+
|
|
71
|
+
For HTTP OPTIONS requests (used to determine if the actual request is safe to send):
|
|
72
|
+
#### 1. Extraction of Request Headers
|
|
73
|
+
The middleware extracts the following from the incoming request:
|
|
74
|
+
* `Origin`
|
|
75
|
+
* `Access-Control-Request-Method`
|
|
76
|
+
* `Access-Control-Request-Headers`
|
|
77
|
+
|
|
78
|
+
#### 2. Validation via preflight_headers
|
|
79
|
+
These values are validated:
|
|
80
|
+
* The Origin must be provided and permitted according to allow_origins.
|
|
81
|
+
* The Access-Control-Request-Method must match one of the configured allow_methods.
|
|
82
|
+
* Any headers listed in Access-Control-Request-Headers must appear in the allow_headers configuration.
|
|
83
|
+
|
|
84
|
+
#### 3. Response Generation
|
|
85
|
+
If the validation succeeds, the middleware constructs a set of CORS headers including:
|
|
86
|
+
* `Access-Control-Allow-Origin`
|
|
87
|
+
* `Access-Control-Allow-Methods`
|
|
88
|
+
* `Access-Control-Allow-Headers`
|
|
89
|
+
* `Access-Control-Allow-Credentials` (if enabled)
|
|
90
|
+
* `Access-Control-Max-Age` (if set)
|
|
91
|
+
* `Access-Control-Expose-Headers` (if configured)
|
|
92
|
+
|
|
93
|
+
A response with status code 204 No Content is sent immediately, ending further processing.
|
|
@@ -0,0 +1,32 @@
|
|
|
1
|
+
module Itsi
|
|
2
|
+
class Server
|
|
3
|
+
module Config
|
|
4
|
+
class Cors < Middleware
|
|
5
|
+
|
|
6
|
+
insert_text <<~SNIPPET
|
|
7
|
+
cors \\
|
|
8
|
+
allow_origins: ${1|["*"]|},
|
|
9
|
+
allow_methods: ${2|%w[GET POST PUT DELETE]|},
|
|
10
|
+
allow_headers: ${3|%w[Content-Type Authorization]|},
|
|
11
|
+
allow_credentials: ${4|true,false|},
|
|
12
|
+
expose_headers: ${5|[]|},
|
|
13
|
+
max_age: ${6|3600|}
|
|
14
|
+
SNIPPET
|
|
15
|
+
|
|
16
|
+
detail "Enables Cross-Origin Resource Sharing (CORS) for the server."
|
|
17
|
+
|
|
18
|
+
schema do
|
|
19
|
+
{
|
|
20
|
+
allow_origins: Array(Type(String)).default(["*"]),
|
|
21
|
+
allow_methods: Array(Type(String)).default(["GET", "POST", "PUT", "DELETE"]),
|
|
22
|
+
allow_headers: Array(Type(String)).default(["Content-Type", "Authorization"]),
|
|
23
|
+
allow_credentials: Bool().default(false),
|
|
24
|
+
expose_headers: Array(Type(String)).default([]),
|
|
25
|
+
max_age: Type(Integer).default(3600)
|
|
26
|
+
}
|
|
27
|
+
end
|
|
28
|
+
|
|
29
|
+
end
|
|
30
|
+
end
|
|
31
|
+
end
|
|
32
|
+
end
|
|
@@ -0,0 +1,37 @@
|
|
|
1
|
+
---
|
|
2
|
+
title: Content Security Policy
|
|
3
|
+
url: /middleware/csp
|
|
4
|
+
---
|
|
5
|
+
|
|
6
|
+
The `csp` middleware sets a [Content-Security-Policy (CSP)](https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP) header on outgoing responses and optionally collects violation reports from clients.
|
|
7
|
+
|
|
8
|
+
### Options
|
|
9
|
+
|
|
10
|
+
| Key | Type | Default | Description |
|
|
11
|
+
|----------------------|-------------|------------------|-------------|
|
|
12
|
+
| `policy` | `CspConfig` | `nil` | Optional policy components for `default-src`, `script-src`, etc. |
|
|
13
|
+
| `reporting_enabled` | `Bool` | `false` | Enable collection of CSP violation reports |
|
|
14
|
+
| `report_file` | `PathBuf` | `nil` | Where to persist reports if reporting is enabled |
|
|
15
|
+
| `report_endpoint` | `String` | `"/csp-report"` | Endpoint to receive reports from the browser |
|
|
16
|
+
| `flush_interval` | `Integer` | `10` | How frequently (in seconds) to flush pending reports to file |
|
|
17
|
+
|
|
18
|
+
### Example
|
|
19
|
+
|
|
20
|
+
```ruby
|
|
21
|
+
csp \
|
|
22
|
+
policy: {
|
|
23
|
+
default_src: ["'self'"],
|
|
24
|
+
script_src: ["'self'", "cdn.example.com"],
|
|
25
|
+
style_src: ["'self'"],
|
|
26
|
+
report_uri: ["/csp-report"]
|
|
27
|
+
},
|
|
28
|
+
reporting_enabled: true,
|
|
29
|
+
report_endpoint: "/csp-report",
|
|
30
|
+
report_file: "csp_reports.json",
|
|
31
|
+
flush_interval: 5
|
|
32
|
+
```
|
|
33
|
+
|
|
34
|
+
### Reporting
|
|
35
|
+
Configure `reporting_enabled`, `report_endpoint`, `report_file` and `flush_interval` to have Itsi perform CSP violation report collection.
|
|
36
|
+
|
|
37
|
+
If reporting is enabled, the middleware will collect violation reports from clients and persist them to the specified file at the given interval. (Make sure that `report_endpoint` and `report_uri` inside `policy_input` are correctly matched.)
|
|
@@ -0,0 +1,44 @@
|
|
|
1
|
+
module Itsi
|
|
2
|
+
class Server
|
|
3
|
+
module Config
|
|
4
|
+
class Csp < Middleware
|
|
5
|
+
insert_text <<~SNIPPET
|
|
6
|
+
csp \\
|
|
7
|
+
policy: {
|
|
8
|
+
default_src: ${1:["'self'"]},
|
|
9
|
+
script_src: ${2:["'self'", "cdn.example.com"]},
|
|
10
|
+
style_src: ${3:["'self'"]},
|
|
11
|
+
report_uri: ${4:["/csp-report"]}
|
|
12
|
+
},
|
|
13
|
+
reporting_enabled: ${5|true,false|},
|
|
14
|
+
report_file: "${6:csp_reports.json}",
|
|
15
|
+
report_endpoint: "${7:/csp-report}",
|
|
16
|
+
flush_interval: ${8:5.0}
|
|
17
|
+
SNIPPET
|
|
18
|
+
|
|
19
|
+
detail "Adds Content-Security-Policy headers and collects violation reports."
|
|
20
|
+
|
|
21
|
+
CspPolicy = TypedStruct.new do
|
|
22
|
+
{
|
|
23
|
+
default_src: Array(Type(String)).default([]),
|
|
24
|
+
script_src: Array(Type(String)).default([]),
|
|
25
|
+
style_src: Array(Type(String)).default([]),
|
|
26
|
+
report_uri: Array(Type(String)).default([])
|
|
27
|
+
}
|
|
28
|
+
end
|
|
29
|
+
|
|
30
|
+
schema do
|
|
31
|
+
{
|
|
32
|
+
policy: (Type(CspPolicy) & Required()).default({default_src: [], script_src: [], style_src: [], report_uri: []}),
|
|
33
|
+
reporting_enabled: Bool().default(false),
|
|
34
|
+
report_file: Type(String),
|
|
35
|
+
report_endpoint: Type(String).default("/csp-report"),
|
|
36
|
+
flush_interval: Type(Float).default(5.0)
|
|
37
|
+
}
|
|
38
|
+
end
|
|
39
|
+
|
|
40
|
+
|
|
41
|
+
end
|
|
42
|
+
end
|
|
43
|
+
end
|
|
44
|
+
end
|
|
@@ -0,0 +1,45 @@
|
|
|
1
|
+
---
|
|
2
|
+
title: Deny List
|
|
3
|
+
url: /middleware/deny_list
|
|
4
|
+
next: endpoint/
|
|
5
|
+
---
|
|
6
|
+
The **deny_list** middleware restricts access to only those clients whose IP address matches one a set of approved patterns. All other requests receive a configurable forbidden response.
|
|
7
|
+
|
|
8
|
+
## Configuration
|
|
9
|
+
|
|
10
|
+
```ruby {filename=Itsi.rb}
|
|
11
|
+
deny_list \
|
|
12
|
+
denied_patterns: [
|
|
13
|
+
/192\.168\.0\.\d+/, # block all 192.168.0.x
|
|
14
|
+
/203\.0\.113\.(10|11)/, # block .10 and .11
|
|
15
|
+
"10.0.0.0/24" # block all IPs in the 10.0.0.x range
|
|
16
|
+
],
|
|
17
|
+
error_response: { code: 403,
|
|
18
|
+
plaintext: { inline: "Access denied" },
|
|
19
|
+
default: "plaintext" }
|
|
20
|
+
```
|
|
21
|
+
|
|
22
|
+
* `denied_patterns` (required):
|
|
23
|
+
An array of Ruby‑style regexp strings. Each incoming client IP (from req.addr) is tested against this set; if any match, the request is blocked.
|
|
24
|
+
* `error_response` (optional):
|
|
25
|
+
A built‑in or custom error response (default is forbidden / HTTP 403).
|
|
26
|
+
|
|
27
|
+
|
|
28
|
+
## Trusted Proxies
|
|
29
|
+
|
|
30
|
+
By default, a deny-list uses the IP address from the underlying socket (remote_addr). However, if your server is behind a reverse proxy, all requests will appear to come from the proxy’s IP address. This can break IP-based rules or cause rate-limiting to group all users together.
|
|
31
|
+
|
|
32
|
+
To address this, you can declare trusted proxies and instruct the server to extract the original client IP from forwarded headers only if the request came from one of these proxies.
|
|
33
|
+
|
|
34
|
+
### Configuring trusted_proxies
|
|
35
|
+
|
|
36
|
+
To trust one or more upstream proxies, provide a trusted_proxies map in the middleware configuration.
|
|
37
|
+
E.g.
|
|
38
|
+
```ruby {filename=Itsi.rb}
|
|
39
|
+
deny_list \
|
|
40
|
+
denied_patterns: ["10.0.0.0/8", /198\.51\.100\.\d+/],
|
|
41
|
+
trusted_proxies: {
|
|
42
|
+
"192.168.1.1" => { header: { name: "X-Forwarded-For" } }
|
|
43
|
+
},
|
|
44
|
+
error_response: { code: 403, plaintext: { inline: "Access denied" } }
|
|
45
|
+
```
|
|
@@ -0,0 +1,42 @@
|
|
|
1
|
+
module Itsi
|
|
2
|
+
class Server
|
|
3
|
+
module Config
|
|
4
|
+
|
|
5
|
+
require_relative "cidr_to_regex"
|
|
6
|
+
require_relative "token_source"
|
|
7
|
+
|
|
8
|
+
include CidrToRegex
|
|
9
|
+
|
|
10
|
+
class DenyList < Middleware
|
|
11
|
+
insert_text <<~SNIPPET
|
|
12
|
+
deny_list \\
|
|
13
|
+
denied_patterns: [${1|"127.0.0.1","127.*", /127\.0\.*/|}],
|
|
14
|
+
error_response: ${2|"forbidden",{ code: 403\\, plaintext: { inline: "Access denied" } }|}
|
|
15
|
+
SNIPPET
|
|
16
|
+
|
|
17
|
+
detail "Block any clients whose IP matches one of the given regex patterns."
|
|
18
|
+
|
|
19
|
+
schema do
|
|
20
|
+
{
|
|
21
|
+
denied_patterns: Array(Type(String)) & Required(),
|
|
22
|
+
error_response: Type(ErrorResponseDef).default("forbidden"),
|
|
23
|
+
trusted_proxies: (Hash(Type(String), Type(TokenSource)) & Required()).default({})
|
|
24
|
+
}
|
|
25
|
+
end
|
|
26
|
+
|
|
27
|
+
def initialize(location, params={})
|
|
28
|
+
params[:denied_patterns] = Array(params[:denied_patterns]).map do |pattern|
|
|
29
|
+
if pattern.is_a?(Regexp)
|
|
30
|
+
pattern.source
|
|
31
|
+
elsif pattern =~ /\A\d{1,3}(?:\.\d{1,3}){3}\/\d{1,2}\z/
|
|
32
|
+
cidr_to_regex(pattern).source
|
|
33
|
+
else
|
|
34
|
+
pattern
|
|
35
|
+
end
|
|
36
|
+
end
|
|
37
|
+
super
|
|
38
|
+
end
|
|
39
|
+
end
|
|
40
|
+
end
|
|
41
|
+
end
|
|
42
|
+
end
|
|
@@ -0,0 +1,159 @@
|
|
|
1
|
+
---
|
|
2
|
+
title: Endpoint
|
|
3
|
+
url: /middleware/endpoint
|
|
4
|
+
prev: deny_list/
|
|
5
|
+
next: controller/
|
|
6
|
+
---
|
|
7
|
+
|
|
8
|
+
The **endpoint** middleware allows you to define an ultra light-weight, inline, Ruby endpoint.
|
|
9
|
+
|
|
10
|
+
> If you're after running a rack app using a fully-featured framework, e.g. a Ruby on Rails or Sinatra, take a look at the [Rackup File](/middleware/rackup_file) middleware instead.
|
|
11
|
+
This feature can be useful for quickly prototyping, building small pieces of isolated functionality, or minimal endpoints where high throughput is essential.
|
|
12
|
+
|
|
13
|
+
`endpoint` has several variants, that further restrict the endpoint to respond to specific HTTP methods:
|
|
14
|
+
- [`get`](/middleware/get) for **GET** requests
|
|
15
|
+
- [`post`](/middleware/post) for **POST** requests
|
|
16
|
+
- [`put`](/middleware/put) for **PUT** requests
|
|
17
|
+
- [`patch`](/middleware/patch) for **PATCH** requests
|
|
18
|
+
- [`delete`](/middleware/delete) for **DELETE** requests
|
|
19
|
+
|
|
20
|
+
### Functions
|
|
21
|
+
Endpoints also support:
|
|
22
|
+
* Request and response schema validation. See [Schema Validation](/middleware/endpoint/schemas)
|
|
23
|
+
* Controllers. See [Controllers](/middleware/controller)
|
|
24
|
+
|
|
25
|
+
## Usage
|
|
26
|
+
Endpoints require an optional path (default "*") and a handler proc or function, which must accept a mandatory request object (See [Request](/middleware/http_request)) and an optional params object.
|
|
27
|
+
|
|
28
|
+
|
|
29
|
+
```ruby {filename=Itsi.rb}
|
|
30
|
+
# A routeless endpoint is the same as a 'catch-all' endpoint.
|
|
31
|
+
# E.g. this:
|
|
32
|
+
get do |req|
|
|
33
|
+
end
|
|
34
|
+
|
|
35
|
+
# Is equivalent to this:
|
|
36
|
+
get "*" do |req|
|
|
37
|
+
end
|
|
38
|
+
```
|
|
39
|
+
|
|
40
|
+
The request object itself holds a reference [`#response`](/middleware/http_response) object, which can be used to manage the response explicitly.
|
|
41
|
+
|
|
42
|
+
### Request Life-cycle
|
|
43
|
+
Unlike most Rack frameworks where the life-span of an HTTP request/response is tied to the controller action, in Itsi there is no such contract.
|
|
44
|
+
You must explicitly close the response to complete it.
|
|
45
|
+
This also allows you hold on to a connection *indefinitely* (or until top-level timeouts occur, e.g. [request_timeout](/options/request_timeout)), and makes it easy to manage several concurrent requests asynchronously (especially if combined with [fiber_scheduler](/options/fiber_scheduler)).
|
|
46
|
+
|
|
47
|
+
There are several ways to write and close a response.
|
|
48
|
+
|
|
49
|
+
**Simple Responses**
|
|
50
|
+
* `request#respond`.
|
|
51
|
+
```ruby
|
|
52
|
+
get do |req|
|
|
53
|
+
req.respond "ok", 200, {} # All params are optional, and can also use named kwargs instead of positional args
|
|
54
|
+
end
|
|
55
|
+
```
|
|
56
|
+
* respond + status aliases. E.g. `request#ok`, `request#created`, `request#not_found`
|
|
57
|
+
```ruby
|
|
58
|
+
get do |req|
|
|
59
|
+
req.ok "ok", {} # All params are optional, and can also use named kwargs instead of positional args
|
|
60
|
+
end
|
|
61
|
+
```
|
|
62
|
+
|
|
63
|
+
**Low-level responses** (for low-level control over long-lived requests)
|
|
64
|
+
* `response#respond`
|
|
65
|
+
* `response#send_and_close`
|
|
66
|
+
* `response#close`
|
|
67
|
+
|
|
68
|
+
#### Simple Responses
|
|
69
|
+
For most use-cases using simple responses is all you need.
|
|
70
|
+
E.g.
|
|
71
|
+
|
|
72
|
+
```ruby {filename=Itsi.rb}
|
|
73
|
+
# Catch-all endpoint.
|
|
74
|
+
endpoint "/example/*" do |request|
|
|
75
|
+
request.ok "Hello, World!"
|
|
76
|
+
end
|
|
77
|
+
```
|
|
78
|
+
|
|
79
|
+
|
|
80
|
+
```ruby{filename=Itsi.rb}
|
|
81
|
+
# Single body, status and headers
|
|
82
|
+
|
|
83
|
+
# 200 assumed
|
|
84
|
+
endpoint("/"){|req| req.respond "Just a body" }
|
|
85
|
+
|
|
86
|
+
# With status
|
|
87
|
+
endpoint("/"){|req| req.respond "Body and status", 200 }
|
|
88
|
+
|
|
89
|
+
# With status and headers
|
|
90
|
+
endpoint("/"){|req| req.respond "Body and status", 200, {"Content-Type" => "text/plain"} }
|
|
91
|
+
|
|
92
|
+
# With kwargs
|
|
93
|
+
endpoint("/"){|req| req.respond body: "Just a body" }
|
|
94
|
+
|
|
95
|
+
# With status
|
|
96
|
+
endpoint("/"){|req| req.respond body: "Body and status", status: 200 }
|
|
97
|
+
|
|
98
|
+
# With status and headers
|
|
99
|
+
endpoint("/"){|req| req.respond body: "Body and status", status: 200, headers: {"Content-Type" => "text/plain"} }
|
|
100
|
+
|
|
101
|
+
# Response Formats
|
|
102
|
+
# JSON
|
|
103
|
+
endpoint("/"){|req| req.respond json: { "message": "With JSON Body" } }
|
|
104
|
+
|
|
105
|
+
# XML
|
|
106
|
+
endpoint("/"){|req| req.respond xml: "<message>With XML Body</message>"}
|
|
107
|
+
|
|
108
|
+
# HTML
|
|
109
|
+
endpoint("/"){|req| req.respond html: "<html><body><h1>With HTML Body</h1></body></html>"}
|
|
110
|
+
|
|
111
|
+
# Text
|
|
112
|
+
endpoint("/"){|req| req.respond text: "With Text Body"}
|
|
113
|
+
|
|
114
|
+
|
|
115
|
+
# Status helpers (All status codes supported)
|
|
116
|
+
endpoint("/"){|req| req.ok "Ok" }
|
|
117
|
+
endpoint("/"){|req| req.not_found "Not Found" }
|
|
118
|
+
endpoint("/"){|req| req.created "Created" }
|
|
119
|
+
endpoint("/"){|req| req.accepted "Accepted" }
|
|
120
|
+
```
|
|
121
|
+
|
|
122
|
+
For more advanced responses (e.g streaming responses), see documentation on [response](/middleware/response.rb)
|
|
123
|
+
|
|
124
|
+
### Capturing URL parameters
|
|
125
|
+
```ruby {filename=Itsi.rb}
|
|
126
|
+
# Catch-all endpoint.
|
|
127
|
+
location "/foo" do
|
|
128
|
+
endpoint "/users/:user_id" do |request|
|
|
129
|
+
if (user = User.find(request.query_params[:user_id]))
|
|
130
|
+
request.ok json: user.to_json
|
|
131
|
+
else
|
|
132
|
+
request.not_found "User not found!"
|
|
133
|
+
end
|
|
134
|
+
end
|
|
135
|
+
|
|
136
|
+
# Optionally restrict the character sets of capture groups using Regex
|
|
137
|
+
endpoint "/books/:book_id(\d+)" do |request|
|
|
138
|
+
request.ok "Got book #{request.query_params[:book_id]}"
|
|
139
|
+
end
|
|
140
|
+
end
|
|
141
|
+
```
|
|
142
|
+
|
|
143
|
+
### Basic Request Body / Parameters
|
|
144
|
+
|
|
145
|
+
If an endpoint accepts a second parameters argument, incoming request bodies will be parsed into a Ruby hash (including uploaded files as `File` objects and fed into the handler as the second parameter ).
|
|
146
|
+
|
|
147
|
+
The following request formats will be automatically detected and deserialized:
|
|
148
|
+
* **JSON** (`"Content-Type"` header is set to `"application/json"`)
|
|
149
|
+
* **Form-encoded** (`"Content-Type"` header is set to `"application/x-www-form-urlencoded"`)
|
|
150
|
+
* **Multipart** (`"Content-Type"` header is set to `"multipart/form-data"`)
|
|
151
|
+
|
|
152
|
+
|
|
153
|
+
```ruby {filename=Itsi.rb}
|
|
154
|
+
location "/echo" do
|
|
155
|
+
post "/body" do |request, params|
|
|
156
|
+
request.ok json: params.to_json
|
|
157
|
+
end
|
|
158
|
+
end
|
|
159
|
+
```
|