kris-kross 0.0.1

data/.gitignore

@@ -0,0 +1,18 @@
+*.gem
+*.rbc
+.bundle
+.config
+.yardoc
+.idea
+Gemfile.lock
+InstalledFiles
+_yardoc
+coverage
+doc/
+lib/bundler/man
+pkg
+rdoc
+spec/reports
+test/tmp
+test/version_tmp
+tmp

data/Gemfile

@@ -0,0 +1,4 @@
+source 'https://rubygems.org'
+
+# Specify your gem's dependencies in kris-kross.gemspec
+gemspec

data/Guardfile

@@ -0,0 +1,13 @@
+#!/usr/bin/env ruby
+#^syntax detection
+
+# A sample Guardfile
+# More info at https://github.com/guard/guard#readme
+
+guard 'rspec', cli: '--color' do
+  watch(%r{^kris-kross\.gemspec}) { "spec"}
+  watch(%r{^spec/.+_spec\.rb$})
+  watch(%r{^lib/(.+)\.rb$}) { "spec" }
+  watch('spec/spec_helper.rb')  { "spec" }
+end
+

data/LICENSE

@@ -0,0 +1,22 @@
+Copyright (c) 2012 Eric Saxby
+
+MIT License
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.md

@@ -0,0 +1,144 @@
+Kris::Kross
+===========
+
+Kris Kross will make you jump jump between domains with cross origin requests. Have you read
+that RFC? It's F-en crazy! What headers do you set where, and who do you tell what to make those
+requests actually go through?
+
+This gem will totally kross out your confusion, and you'll be left young, rich and dangerous to
+certify your gold-plated programming skills.
+
+## Installation
+
+Add this line to your application's Gemfile:
+
+    gem 'kris-kross'
+
+And then execute:
+
+    $ bundle
+
+## Requirements
+
+This gem is built to work with Rails 3 applications.
+
+## Usage
+
+Including `kris-kross` in a Rails 3 application automatically adds it to the Middleware chain.
+Configure it in an initializer:
+
+```ruby
+Kris::Kross.configure do |c|
+  c.origins %w{ http://my-domain http://my-other-domain}
+end
+```
+
+The HTTP protocol desired (http/https) should be explicitly set in the configuration block. Kris Kross
+makes no assumptions about this.
+
+### Custom Headers
+
+Cors does some extra checking if you send custom headers in your cross origin requests. You can configure
+Kris Kross to accept those headers in the following way:
+
+```ruby
+Kris::Kross.configure do |c|
+  c.origins %w{ http://my-domain}
+  c.headers %w{X-Mac-Daddy X-Daddy-Mac}
+end
+```
+
+These get mixed into a set of default values and returns to clients as `Access-Control-Allow-Headers`.
+
+### Wildcard domains (not!)
+
+Kris Kross can not be configured to open domains to wildcard cross origin requests. Kris Kross is crazy,
+but not that crazy.
+
+## Cross Origin Requests explained
+
+Let's say you have a domain `http://make-my-video.com`, from which you serve an amazing javascript-based
+video game. With the overwhelming popularity of the site, you are starting to worry that over the weekend
+the it may go down.
+
+You move all the logic around saving state to `http://saves.make-my-video.com`, but notice at the last minute
+that nothing is making it through to those servers. What are you going to do???
+
+First, you drop `gem kris-kross` into your Gemfile.
+
+Second, you create the file `#{Rails.root}/config/initializers/kris-kross.rb` in
+both `make-my-video.com` and `saves.make-my-video.com`:
+
+```ruby
+Kris::Kross.configure do |c|
+  c.origins %w{ http://make-my-video.com }
+end
+```
+
+### Client interactions
+
+When a web browser hits your site, the Kris Kross rack middleware will mix in some response headers. You can see
+this by hitting your domain with curl:
+
+```bash
+> curl http://make-my-video.com -I
+HTTP/1.1 200 OK
+Server: nginx/1.2.4
+Date: Thu, 6 Feb 1992 18:03:07 GMT
+Content-Type: text/html; charset=utf-8
+Content-Length: 23497
+Connection: close
+Status: 200 OK
+Access-Control-Allow-Origin: http://make-my-video.com
+Access-Control-Allow-Credentials: true
+Cache-Control: no-cache, no-store, max-age=0, must-revalidate
+Pragma: no-cache
+Expires: Wed, 09 Sep 1972 09:09:09 GMT
+X-UA-Compatible: IE=Edge
+ETag: "7ccdafcac2e2d541fd69823d290126d6"
+X-Request-Id: f7c0684f1bc06321039b55d3c431d81b
+X-Runtime: 0.762781
+```
+
+The browser now knows that you know you have potential cross origin requests, and from where. This is only half
+of the picture, though. When the browser tries to do a cross origin request it first tests the crossed domain.
+It does this with what is called a preflight check.
+
+Preflight checks hit the cross origin domain with an HTTP call using the OPTIONS verb. Wait, never heard of OPTIONS?
+Test it out with another bit of curl:
+
+```bash
+> curl -X OPTIONS http://saves.make-my-video.com -I
+HTTP/1.1 200 OK
+Server: nginx/1.2.4
+Date: Thu, 6 Feb 1992 18:09:12 GMT
+Transfer-Encoding: chunked
+Connection: close
+Status: 200 OK
+Access-Control-Allow-Origin: http://make-my-video.com
+Access-Control-Allow-Methods: POST, GET, OPTIONS
+Access-Control-Allow-Headers: X-Requested-With, X-Prototype-Version, Authorization, Authentication
+Access-Control-Max-Age: 172800
+Access-Control-Allow-Credentials: true
+X-UA-Compatible: IE=Edge
+Cache-Control: no-cache
+X-Request-Id: b287f0b81f5711c659df1caa2d749568
+X-Runtime: 0.140053
+```
+
+Notice that in these examples, the `Access-Control-Allow-Origin` headers all refer to the main domain,
+`make-my-video.com` and not to the cross origin domain.
+
+## References
+
+* http://en.wikipedia.org/wiki/Cross-origin_resource_sharing
+* http://www.w3.org/TR/cors/
+* https://developer.mozilla.org/en-US/docs/HTTP_access_control
+
+## Contributing
+
+1. Fork it
+2. Create your feature branch (`git checkout -b my-new-feature`)
+3. Commit your changes (`git commit -am 'Added some feature'`)
+4. Push to the branch (`git push origin my-new-feature`)
+5. Create new Pull Request

data/Rakefile

@@ -0,0 +1,2 @@
+#!/usr/bin/env rake
+require "bundler/gem_tasks"

data/kris-kross.gemspec

@@ -0,0 +1,21 @@
+# -*- encoding: utf-8 -*-
+require File.expand_path('../lib/kris-kross/version', __FILE__)
+
+Gem::Specification.new do |gem|
+  gem.authors       = ["Eric Saxby"]
+  gem.email         = ["sax@wanelo.com"]
+  gem.description   = %q{Kris Kross will make you jump jump between domains with cross origin requests}
+  gem.summary       = %q{Cross origin requests made easy}
+  gem.homepage      = "https://github.com/wanelo/kris-kross"
+
+  gem.files         = `git ls-files`.split($\)
+  gem.executables   = gem.files.grep(%r{^bin/}).map{ |f| File.basename(f) }
+  gem.test_files    = gem.files.grep(%r{^(test|spec|features)/})
+  gem.name          = "kris-kross"
+  gem.require_paths = ["lib"]
+  gem.version       = Kris::Kross::VERSION
+
+  gem.add_development_dependency 'rspec'
+  gem.add_development_dependency 'guard-rspec'
+  gem.add_development_dependency 'rb-fsevent'
+end

data/lib/kris-kross.rb

@@ -0,0 +1,24 @@
+require "kris-kross/version"
+require "kris-kross/configuration"
+require "kris-kross/handler"
+
+module Kris
+  class Kross
+    # Does Kris live inside Kross, or does Kross live inside Kris?
+    # This is like a crazy X-Files episode!
+
+    def self.configure(&block)
+      Kris::Kross::Configuration.instance.configure(&block)
+    end
+
+    def initialize(app)
+      Kris::Kross::Handler.instance.app = app
+    end
+
+    def call(env)
+      Kris::Kross::Handler.instance.call(env)
+    end
+  end
+end
+
+require "kris-kross/railtie" if defined? Rails

data/lib/kris-kross/configuration.rb

@@ -0,0 +1,50 @@
+require 'singleton'
+
+module Kris
+  class Kross
+    class Configuration
+      include Singleton
+
+      attr_writer :origins, :headers
+
+      def configure
+        yield self
+        self
+      end
+
+      def origins(hostnames = nil)
+        if hostnames.nil?
+          [@origins].flatten
+        else
+          @origins = hostnames
+        end
+      end
+
+      def headers(headers = nil)
+        if headers.nil?
+          (default_headers + [@headers]).flatten.compact.join(' ')
+        else
+          @headers = headers
+        end
+      end
+
+      def self.origins
+        @origins ||= self.instance.origins
+      end
+
+      def self.hosts
+        @hosts ||= origins.join(' ')
+      end
+
+      def self.headers
+        @headers ||= self.instance.headers
+      end
+
+      private
+
+      def default_headers
+        %w{X-Requested-With X-Prototype-Version Authorization Authentication}
+      end
+    end
+  end
+end

data/lib/kris-kross/handler.rb

@@ -0,0 +1,45 @@
+require 'singleton'
+
+class Kris::Kross::Handler
+  include Singleton
+
+  attr_accessor :app
+
+  def call(env)
+    @env = env
+
+    if options_request?
+      [200, option_request_headers, [""]]
+    else
+      respond(env)
+    end
+  end
+
+  private
+
+  def option_request_headers
+    {
+      "Access-Control-Allow-Origin" => Kris::Kross::Configuration.hosts,
+      "Access-Control-Allow-Methods" => "POST, GET, OPTIONS",
+      "Access-Control-Allow-Headers" => Kris::Kross::Configuration.headers,
+      "Access-Control-Max-Age" => "172800",
+      "Access-Control-Allow-Credentials" => 'true'
+    }
+  end
+
+  def options_request?
+    @env["REQUEST_METHOD"] == "OPTIONS"
+  end
+
+  def respond(env)
+    status, headers, response = app.call(env)
+    [status, headers.merge(cors_headers), response]
+  end
+
+  def cors_headers
+    {
+        "Access-Control-Allow-Origin" => Kris::Kross::Configuration.hosts,
+        "Access-Control-Allow-Credentials" => "true"
+    }
+  end
+end

data/lib/kris-kross/railtie.rb

@@ -0,0 +1,9 @@
+module Kris
+  class Kross
+    class Railtie < Rails::Railtie
+      initializer "kriss_kross.insert_middleware" do |app|
+        app.config.middleware.use "Kris::Kross"
+      end
+    end
+  end
+end

data/lib/kris-kross/version.rb

@@ -0,0 +1,5 @@
+module Kris
+  class Kross
+    VERSION = "0.0.1"
+  end
+end

data/spec/kris-kross/configuration_spec.rb

@@ -0,0 +1,101 @@
+require 'spec_helper'
+
+describe Kris::Kross::Configuration, "#configure" do
+  before { Kris::Kross::Configuration.reset }
+  let(:instance) { Kris::Kross::Configuration.instance }
+
+  describe "origins" do
+    it "should allow configuration via method calls" do
+      instance.configure do |c|
+        c.origins %w(http://host-1 http://host-2)
+      end
+
+      instance.origins.should == %w(http://host-1 http://host-2)
+    end
+
+    it "should allow configuration via assignment" do
+      instance.configure do |c|
+        c.origins = %w(http://host-3 http://host-4)
+      end
+
+      instance.origins.should == %w(http://host-3 http://host-4)
+    end
+
+    it "should accept string origins" do
+      instance.configure do |c|
+        c.origins = "http://blah.blah"
+      end
+
+      instance.origins.should == %w(http://blah.blah)
+    end
+  end
+
+  describe "headers" do
+    it "should allow configuration via method calls, mixed into defaults" do
+      instance.configure do |c|
+        c.headers %w{X-Blah-Blah X-Blah-Blah-Blah}
+      end
+
+      instance.headers.should == %w{
+        X-Requested-With
+        X-Prototype-Version
+        Authorization
+        Authentication
+        X-Blah-Blah
+        X-Blah-Blah-Blah}.join(' ')
+    end
+
+    it "should allow configuration with assignment, mixed into defaults" do
+      instance.configure do |c|
+        c.headers = %w{X-Blah-Blah X-Blah-Blah-Blah}
+      end
+
+      instance.headers.should == %w{
+        X-Requested-With
+        X-Prototype-Version
+        Authorization
+        Authentication
+        X-Blah-Blah
+        X-Blah-Blah-Blah}.join(' ')
+    end
+  end
+end
+
+describe Kris::Kross::Configuration, ".headers" do
+  before { Kris::Kross::Configuration.reset }
+  let(:instance) { Kris::Kross::Configuration.instance }
+  let(:default_headers) { %w{X-Requested-With X-Prototype-Version Authorization Authentication} }
+
+  context "with only default headers" do
+    it "should return just the defaults" do
+      Kris::Kross::Configuration.headers.should == default_headers.join(' ')
+    end
+  end
+
+  context "with extra headers" do
+    before do
+      instance.configure do |c|
+        c.headers %w(X-Blah)
+      end
+    end
+
+    it "should return headers as a string" do
+      Kris::Kross::Configuration.headers.should == (default_headers << "X-Blah").join(' ')
+    end
+  end
+end
+
+describe Kris::Kross::Configuration, ".hosts" do
+  before { Kris::Kross::Configuration.reset }
+  let(:instance) { Kris::Kross::Configuration.instance }
+
+  before do
+    instance.configure do |c|
+      c.origins %w(http://host-1 http://host-2)
+    end
+  end
+
+  it "should return origins as a string" do
+    Kris::Kross::Configuration.hosts.should == "http://host-1 http://host-2"
+  end
+end

data/spec/kris-kross/handler_spec.rb

@@ -0,0 +1,75 @@
+require 'spec_helper'
+
+describe Kris::Kross::Handler do
+  before do
+    Kris::Kross::Handler.reset_instance
+    Kris::Kross::Handler.instance.app = app
+  end
+
+  subject { Kris::Kross::Handler.instance }
+
+  let(:app) { mock() }
+  let(:response) { subject.call(env) }
+  let(:status) { response[0] }
+  let(:headers) { response[1] }
+  let(:body) { response[2] }
+
+  let(:request_method) { 'OPTIONS' }
+  let(:allow_origin) { 'http://my-host https://my-host' }
+  let(:allow_headers) { 'X-Stuff X-Other-Stuff X-What-What' }
+
+  let(:configuration) { mock() }
+
+  before do
+    Kris::Kross::Configuration.stub(:hosts).and_return(allow_origin)
+    Kris::Kross::Configuration.stub(:headers).and_return(allow_headers)
+  end
+
+  let(:env) { {
+      'REQUEST_METHOD' => request_method,
+      'REQUEST_PATH' => '/'
+  } }
+
+  describe "OPTIONS request" do
+    it "should return a 200 status" do
+      status.should == 200
+    end
+
+    it "should include Access-Control headers" do
+      headers['Access-Control-Allow-Origin'].should == allow_origin
+      headers["Access-Control-Allow-Methods"].should == "POST, GET, OPTIONS"
+      headers["Access-Control-Allow-Headers"].should == allow_headers
+      headers["Access-Control-Max-Age"].should == "172800"
+      headers["Access-Control-Allow-Credentials"].should == 'true'
+    end
+  end
+
+  describe "POST request" do
+    let(:request_method) { 'POST' }
+    let(:application_response_body) { ["some text from the application"] }
+    let(:application_response) {
+      [
+          200,
+          {"header" => 'content'},
+          application_response_body
+      ]
+    }
+
+    before do
+      app.should_receive(:call).with(env).and_return(application_response)
+    end
+
+    it "should call the Rails dispatcher with the request environment" do
+      subject.call(env)
+    end
+
+    it "should return the body text from the app" do
+      body.should == application_response_body
+    end
+
+    it "should inject Allow-Origin headers into the response" do
+      headers['Access-Control-Allow-Origin'].should == allow_origin
+      headers["Access-Control-Allow-Credentials"].should == 'true'
+    end
+  end
+end

data/spec/kris-kross_spec.rb

@@ -0,0 +1,33 @@
+require 'spec_helper'
+
+describe Kris::Kross, "#new" do
+  let(:app) { mock() }
+
+  it "should initialize a handler and configure it" do
+    Kris::Kross::Handler.instance.should_receive(:app=).with(app)
+    Kris::Kross.new(app)
+  end
+end
+
+describe Kris::Kross, "#configure" do
+  let(:proc) { -> { "some proc" } }
+
+  it "passes block on to Configuration" do
+    Kris::Kross::Configuration.instance.should_receive(:configure).with(&proc)
+    Kris::Kross.configure(&proc)
+  end
+end
+
+describe Kris::Kross, "#call" do
+  let(:app) { mock() }
+  let(:env) { mock() }
+  let(:handler) { mock() }
+
+  it "passes arguments on to a handler" do
+    Kris::Kross::Handler.stub(:instance).and_return(handler)
+    handler.should_receive(:app=).with(app)
+    handler.should_receive(:call).with(env)
+
+    Kris::Kross.new(app).call(env)
+  end
+end

data/spec/spec_helper.rb

@@ -0,0 +1,25 @@
+# This file was generated by the `rspec --init` command. Conventionally, all
+# specs live under a `spec` directory, which RSpec adds to the `$LOAD_PATH`.
+# Require this file using `require "spec_helper"` to ensure that it is only
+# loaded once.
+#
+# See http://rubydoc.info/gems/rspec-core/RSpec/Core/Configuration
+
+ENV['BUNDLE_GEMFILE'] ||= File.expand_path('../../Gemfile', __FILE__)
+require 'rubygems'
+require 'bundler/setup' if File.exists?(ENV['BUNDLE_GEMFILE'])
+require 'support/singleton'
+require 'kris-kross'
+require 'support/configuration'
+
+RSpec.configure do |config|
+  config.treat_symbols_as_metadata_keys_with_true_values = true
+  config.run_all_when_everything_filtered = true
+  config.filter_run :focus
+
+  # Run specs in random order to surface order dependencies. If you find an
+  # order dependency and want to debug it, you can fix the order by providing
+  # the seed, which is printed after each run.
+  #     --seed 1234
+  config.order = 'random'
+end

data/spec/support/configuration.rb

@@ -0,0 +1,8 @@
+class Kris::Kross::Configuration
+  def self.reset
+    @origins = nil
+    @hosts = nil
+    @headers = nil
+    reset_instance
+  end
+end

data/spec/support/singleton.rb

@@ -0,0 +1,15 @@
+require 'singleton'
+
+class <<Singleton
+  def included_with_reset(klass)
+    included_without_reset(klass)
+    class <<klass
+      def reset_instance
+        Singleton.send :__init__, self
+        self
+      end
+    end
+  end
+  alias_method :included_without_reset, :included
+  alias_method :included, :included_with_reset
+end

metadata

@@ -0,0 +1,119 @@
+--- !ruby/object:Gem::Specification
+name: kris-kross
+version: !ruby/object:Gem::Version
+  version: 0.0.1
+  prerelease: 
+platform: ruby
+authors:
+- Eric Saxby
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2012-11-22 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: rspec
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: guard-rspec
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: rb-fsevent
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+description: Kris Kross will make you jump jump between domains with cross origin
+  requests
+email:
+- sax@wanelo.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- .gitignore
+- Gemfile
+- Guardfile
+- LICENSE
+- README.md
+- Rakefile
+- kris-kross.gemspec
+- lib/kris-kross.rb
+- lib/kris-kross/configuration.rb
+- lib/kris-kross/handler.rb
+- lib/kris-kross/railtie.rb
+- lib/kris-kross/version.rb
+- spec/kris-kross/configuration_spec.rb
+- spec/kris-kross/handler_spec.rb
+- spec/kris-kross_spec.rb
+- spec/spec_helper.rb
+- spec/support/configuration.rb
+- spec/support/singleton.rb
+homepage: https://github.com/wanelo/kris-kross
+licenses: []
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  none: false
+  requirements:
+  - - ! '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  none: false
+  requirements:
+  - - ! '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 1.8.24
+signing_key: 
+specification_version: 3
+summary: Cross origin requests made easy
+test_files:
+- spec/kris-kross/configuration_spec.rb
+- spec/kris-kross/handler_spec.rb
+- spec/kris-kross_spec.rb
+- spec/spec_helper.rb
+- spec/support/configuration.rb
+- spec/support/singleton.rb
+has_rdoc: