jsonrpc-rails 0.2.0 → 0.3.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 7c7eaabe38b79dd41bac2752a456d5278e6cc780c3d2ebbe0493c349ff24ee10
-  data.tar.gz: 51797ce9c50cd5e51b248f8a4376880f7ffcf19245daa8ae2ef1a4b9d5d17cdf
+  metadata.gz: 145a4a20db9c6d49fa01ca8b9eb0c1a853288195a78c099b4ecc9eefc4f551d8
+  data.tar.gz: c5ac9e090225a393917f0cda10c6d8a4d0593b428659d596539c1999edc3edcb
 SHA512:
-  metadata.gz: 3a55b1b369ff4d277b3351c6632a858bd00244cd0799108fbeaf4e64ba2e5b39c4687be0f1855e96df90343541e8ac0ab137684cad4f7af7394a75612b367395
-  data.tar.gz: 9883f5c131ab3437cde5410f82a21f072824a045e1680ad27d81ef1f4d10d471149a7db639c18d8e2d194586979919224c4e921bae263236023d71934d2a6cc5
+  metadata.gz: a5d77db449217fddce82825a2daac7019d9c2133759dfd23cf01c1eb10fb4ec9d91b24ceca98fadb244b011a6becb15fe40256ab5d318cc4e65a5d23b2842247
+  data.tar.gz: fdcf40b192d2f132d577c47195b007e67172e574f99936c3d74f2c30d31e7cc956a6dabba74ef8362777deaec2fb3f4a974736aa14991fd9e33ccba2bd28faf3

data/README.md

@@ -38,6 +38,22 @@ gem install jsonrpc-rails
 ### Rendering Responses
 
 Once installed, **jsonrpc-rails** registers a custom renderer with Rails. 
+
+Enable validation where you need it
+
+Add this to config/application.rb (or an environment file):
+```ruby
+# Validate only the JSON‑RPC endpoints you expose
+config.jsonrpc_rails.validated_paths = [
+"/rpc",                    # exact string
+%r{\A/api/v\d+/rpc\z},     # regexp
+->(p) { p.start_with? "/rpc/private" } # lambda / proc
+]
+```
+
+Leave the array empty (default) and the middleware is effectively off.
+Use [/.*\z/] if you really want it on everywhere.
+
 In your controllers, you can render JSON-RPC responses like so:
 
 ```ruby

data/lib/jsonrpc_rails/middleware/validator.rb

@@ -20,11 +20,15 @@ module JSONRPC_Rails
       CONTENT_TYPE = "application/json"
       ENV_PAYLOAD_KEY = :"jsonrpc.payload"
 
-      def initialize(app)
+      def initialize(app, paths = nil)
         @app = app
+
+        @paths = Array(paths || Rails.configuration.jsonrpc_rails.validated_paths)
       end
 
       def call(env)
+        return @app.call(env) unless validate_path?(env["PATH_INFO"])
+
         # Only process POST requests with the correct Content-Type
         return @app.call(env) unless env["REQUEST_METHOD"] == "POST" &&
                                      env["CONTENT_TYPE"]&.start_with?(CONTENT_TYPE)
@@ -87,6 +91,19 @@ module JSONRPC_Rails
         nil
       end
 
+      def validate_path?(path)
+        return false if @paths.empty?
+
+        @paths.any? do |m|
+          case m
+          when String then path == m
+          when Regexp then m.match?(path)
+          when Proc   then m.call(path)
+          else             false
+          end
+        end
+      end
+
       # Performs strict validation on a single object to ensure it conforms
       # to the JSON-RPC 2.0 structure (jsonrpc, method, params, id) and
       # has no extraneous keys.

data/lib/jsonrpc_rails/railtie.rb

@@ -3,8 +3,9 @@ require_relative "middleware/validator"
 module JSONRPC_Rails
   # Use Rails::Railtie to integrate with the Rails application
   class Railtie < Rails::Railtie
+    config.jsonrpc_rails = ActiveSupport::OrderedOptions.new
+    config.jsonrpc_rails.validated_paths = [] # By default, we inject it into the void.
     # Insert the JSON-RPC Validator middleware early in the stack.
-    # Inserting before Rack::Sendfile, which is typically present early in the stack.
     initializer "jsonrpc-rails.add_validator_middleware" do |app|
       app.middleware.use JSONRPC_Rails::Middleware::Validator
     end

data/lib/jsonrpc_rails/version.rb

@@ -1,3 +1,3 @@
 module JSONRPC_Rails
-    VERSION = "0.2.0"
+    VERSION = "0.3.1"
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: jsonrpc-rails
 version: !ruby/object:Gem::Version
-  version: 0.2.0
+  version: 0.3.1
 platform: ruby
 authors:
 - Abdelkader Boudih