manifold 1.0.0

data/.gitignore

@@ -0,0 +1,17 @@
+*.gem
+*.rbc
+.bundle
+.config
+.yardoc
+Gemfile.lock
+InstalledFiles
+_yardoc
+coverage
+doc/
+lib/bundler/man
+pkg
+rdoc
+spec/reports
+test/tmp
+test/version_tmp
+tmp

data/Gemfile

@@ -0,0 +1,4 @@
+source 'https://rubygems.org'
+
+# Specify your gem's dependencies in manifold.gemspec
+gemspec

data/LICENSE

@@ -0,0 +1,22 @@
+Copyright (c) 2012 twinturbo
+
+MIT License
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.md

@@ -0,0 +1,84 @@
+# Manifold
+
+Mainfold: A generous CORS implementation designed for public APIs.
+
+Use this if you don't care about CORS problems and never want to see
+them again.
+
+Don't use this if you have more complex CORS policies.
+
+## Background
+
+CORS is a bitch. It's annoying when you just want to develop your
+application. You need to GET/POST/PUT/DELETE to some api in a browser
+but it's stopping you. Drop this rack middleware into your stack and
+make that it work.
+
+## How It Works
+
+* Handles simple CORS and preflight CORS requests.
+* `Access-Control-Accept-Origin: *`.
+* Echo's back `Access-Control-Request-Method` for
+  `Access-Control-Allow-Method` for preflight requests.
+* Echo's back `Access-Control-Request-Headers` for
+  `Access-Control-Allow-Headers` for preflight requests.
+* Makes preflight requests cachcable.
+* Configurable options for `Access-Control-Expose-Headers`.
+* Configurable options for `Access-Control-Accept-Headers`.
+* Add `Access-Control-Accept-Origin: *` to simple requests.
+
+## Preflight Requests
+
+CORS preflight requests are sent as OPTIONS requests to whatever URL the
+request will made to. Browsers add `Access-Control-Request-Method` and
+`Access-Control-Request-Headers`to these requests. The middleware short
+circuit these reqeusts to return the CORS response. So be warned: **If
+your application accepts `OPTIONS` for routing then you should not use
+this code.**
+
+## Installation
+
+Add this line to your application's Gemfile:
+
+    gem 'manifold'
+
+And then execute:
+
+    $ bundle
+
+Or install it yourself as:
+
+    $ gem install manifold
+
+## Usage
+
+```ruby
+# config.ru
+require 'manifold'
+
+Manifold.expose += %w(X-Custom-Header)
+
+use Manifold::Middleware
+run MyApp
+```
+
+## Rails
+
+Manifold integrates cleanly with Rails. It inserts it's middleware at
+the top of the stack and exposes it's configuration through
+`Rails.config`. Manifold also add exposes headers added by Rails for
+CORS.
+
+```ruby
+# application.rb
+config.manifold.accept += %w(X-Custom-Input-Header) # add custom headers you need
+config.manifold.expose += %(X-Custom-Output-Header)
+```
+
+## Contributing
+
+1. Fork it
+2. Create your feature branch (`git checkout -b my-new-feature`)
+3. Commit your changes (`git commit -am 'Added some feature'`)
+4. Push to the branch (`git push origin my-new-feature`)
+5. Create new Pull Request

data/Rakefile

@@ -0,0 +1,10 @@
+#!/usr/bin/env rake
+require "bundler/gem_tasks"
+
+require 'rake/testtask'
+Rake::TestTask.new(:test) do |test|
+  test.libs << 'test'
+  test.pattern = 'test/**/*_test.rb'
+end
+
+task :default => :test

data/lib/manifold.rb

@@ -0,0 +1,74 @@
+require "manifold/version"
+
+module Manifold
+  class Config
+    attr_accessor :expose, :accept
+
+    def initialize
+      @expose = []
+      @accept = []
+    end
+  end
+
+  def self.config
+    @config ||= Config.new
+  end
+
+  class Middleware
+    def initialize(app)
+      @app = app
+    end
+
+    def call(env)
+      if preflight?(env)
+        env['HTTP_ORIGIN'] = 'file://' if env['HTTP_ORIGIN'] == 'null'
+        env['HTTP_ORIGIN'] ||= env['HTTP_X_ORIGIN']
+
+        headers = cors_headers(env)
+        headers['Content-Type'] = 'text/plain'
+
+        [200, headers, []]
+      else
+        status, headers, body =  @app.call env
+
+        headers['Access-Control-Allow-Origin'] = "*"
+
+        [status, headers, body]
+      end
+    end
+
+    def cors_headers(env)
+      headers = {}
+
+      headers['Access-Control-Allow-Origin'] = "*"
+
+      headers['Access-Control-Allow-Methods'] = env['HTTP_ACCESS_CONTROL_REQUEST_METHOD']
+
+      headers['Access-Control-Allow-Headers'] = [
+        env['HTTP_ACCESS_CONTROL_REQUEST_HEADERS'],
+        Manifold.config.accept,
+        'Authorization'
+      ].compact.join(', ')
+
+      if Manifold.config.expose
+        headers['Access-Control-Expose-Headers'] = Manifold.config.expose.join(', ')
+      end
+
+      headers['Access-Control-Allow-Credentials'] = "true"
+
+      headers['Access-Control-Max-Age'] = "1728000"
+
+      headers
+    end
+
+    def preflight?(env)
+      env['REQUEST_METHOD'] == "OPTIONS" &&
+        env['HTTP_ACCESS_CONTROL_REQUEST_METHOD'] &&
+        env['HTTP_ACCESS_CONTROL_REQUEST_HEADERS']
+    end
+  end
+end
+
+if defined? Rails
+  require 'manifold/railtie'
+endnever

data/lib/manifold/railtie.rb

@@ -0,0 +1,15 @@
+module Manifold
+  class Engine < Rails::Railtie
+    config.manifold = Manifold.config
+
+    initializer "manifold.middleware" do |app|
+      app.config.middleware.insert 0, Manifold::Middleware
+    end
+
+    initializer "manifold.headers" do |app|
+      app.config.manifold.expose << "X-Request-Id"
+      app.config.manifold.expose << "X-Runtime"
+      app.config.manifold.expose << "X-Rack-Cache"
+    end
+  end
+end

data/lib/manifold/version.rb

@@ -0,0 +1,3 @@
+module Manifold
+  VERSION = "1.0.0"
+end

data/manifold.gemspec

@@ -0,0 +1,21 @@
+# -*- encoding: utf-8 -*-
+require File.expand_path('../lib/manifold/version', __FILE__)
+
+Gem::Specification.new do |gem|
+  gem.authors       = ["twinturbo"]
+  gem.email         = ["me@broadcastingadam.com"]
+  gem.description   = %q{Rack middleware to enabled CORS}
+  gem.summary       = %q{}
+  gem.homepage      = "https://github.com/twinturbo/manifold"
+
+  gem.files         = `git ls-files`.split($\)
+  gem.executables   = gem.files.grep(%r{^bin/}).map{ |f| File.basename(f) }
+  gem.test_files    = gem.files.grep(%r{^(test|spec|features)/})
+  gem.name          = "manifold"
+  gem.require_paths = ["lib"]
+  gem.version       = Manifold::VERSION
+
+  gem.add_development_dependency "rack-test"
+  gem.add_development_dependency "rails"
+  gem.add_development_dependency "simplecov"
+end

data/test/mainfold_test.rb

@@ -0,0 +1,108 @@
+require 'test_helper'
+
+class ManifoldTest < MiniTest::Unit::TestCase
+  include Rack::Test::Methods
+
+  def setup
+    @old_expose = Manifold.config.expose
+    @old_accept = Manifold.config.accept
+
+    Manifold.config.expose = []
+    Manifold.config.accept = []
+  end
+
+  def teardown
+    Manifold.config.expose = @old_expose
+    Manifold.config.accept = @old_accept
+  end
+
+  def app
+    TestApp
+  end
+
+  def preflight(method, headers = "Content-Type", origin = "http://example.com")
+    options '/', {}, { 'HTTP_ORIGIN' => origin, 'HTTP_ACCESS_CONTROL_REQUEST_METHOD' => method , 'HTTP_ACCESS_CONTROL_REQUEST_HEADERS' => headers }
+  end
+
+  def test_allows_any_origin
+    preflight "GET", "Content-Type", "foo.com"
+
+    assert last_response.ok?
+    headers = last_response.headers
+    assert_equal "*", headers['Access-Control-Allow-Origin']
+  end
+
+  def tests_echos_requested_method_for_preflight
+    preflight "PATCH"
+
+    assert last_response.ok?
+    headers = last_response.headers
+    assert_includes headers['Access-Control-Allow-Methods'], "PATCH"
+  end
+
+  def tests_echos_requested_headers_for_preflight
+    preflight "PUT", "X-Custom-Header"
+
+    assert last_response.ok?
+    headers = last_response.header
+    assert_includes headers['Access-Control-Allow-Headers'], "X-Custom-Header"
+  end
+
+  def test_allows_http_auth_in_preflight
+    preflight "POST"
+
+    assert last_response.ok?
+    headers = last_response.headers
+    assert_includes headers['Access-Control-Allow-Headers'], "Authorization"
+  end
+
+  def test_allows_cookies_in_preflight
+    preflight "GET"
+
+    assert last_response.ok?
+    headers = last_response.headers
+    assert_equal "true", headers['Access-Control-Allow-Credentials']
+  end
+
+  def test_sends_the_content_type_header_for_preflight
+    preflight "PATCH"
+
+    assert_equal 'text/plain', last_response.content_type
+  end
+
+  def test_allows_for_custom_headers_exposed
+    Manifold.config.expose = ["X-Request-ID"]
+
+    preflight "PATCH"
+
+    assert last_response.ok?
+    headers = last_response.headers
+    assert_equal "X-Request-ID", headers['Access-Control-Expose-Headers']
+  end
+
+  def tests_allow_for_custom_headers_accept
+    Manifold.config.accept = ["X-Rate-Limit"]
+
+    preflight "PATCH"
+
+    assert last_response.ok?
+    headers = last_response.headers
+    assert_includes headers['Access-Control-Allow-Headers'], 'X-Rate-Limit'
+  end
+
+  def test_preflight_is_cachable
+    preflight "PATCH"
+
+    assert last_response.ok?
+    headers = last_response.header
+    assert headers['Access-Control-Max-Age']
+  end
+
+  def test_adds_cors_support_for_simple_requests
+    get '/'
+
+    assert last_response.ok?
+    headers = last_response.headers
+    assert_equal "*", headers['Access-Control-Allow-Origin']
+  end
+end

data/test/rails_test.rb

@@ -0,0 +1,16 @@
+require 'test_helper'
+
+class RailsIntegrationTest < MiniTest::Unit::TestCase
+  def test_loads_middleware
+    middleware = TestRailsApp.config.middleware
+    assert_equal Manifold::Middleware, middleware.first.klass
+  end
+
+  def tests_exposes_headers_uses_in_rails_applications
+    config = TestRailsApp.config.manifold
+
+    assert_includes config.expose, 'X-Request-Id'
+    assert_includes config.expose, 'X-Runtime'
+    assert_includes config.expose, 'X-Rack-Cache'
+  end
+end

data/test/test_helper.rb

@@ -0,0 +1,32 @@
+require 'simplecov'
+SimpleCov.start
+
+require 'manifold'
+
+require 'minitest/unit'
+require 'minitest/pride'
+require 'minitest/autorun'
+
+require 'rack/test'
+
+class HelloWorld
+  def self.call(env)
+    [200, {}, ["Hi"]]
+  end
+end
+
+TestApp = Rack::Builder.new do
+  use Manifold::Middleware
+  run HelloWorld
+end
+
+ENV['RAILS_ENV'] = "test"
+
+require 'rails'
+require 'action_controller/railtie'
+require 'manifold/railtie'
+
+class TestRailsApp < Rails::Application
+  config.active_support.deprecation = proc { |message, stack| }
+  initialize!
+end

metadata

@@ -0,0 +1,99 @@
+--- !ruby/object:Gem::Specification
+name: manifold
+version: !ruby/object:Gem::Version
+  version: 1.0.0
+  prerelease: 
+platform: ruby
+authors:
+- twinturbo
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2012-05-14 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: rack-test
+  requirement: &70177011769320 !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: *70177011769320
+- !ruby/object:Gem::Dependency
+  name: rails
+  requirement: &70177011768900 !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: *70177011768900
+- !ruby/object:Gem::Dependency
+  name: simplecov
+  requirement: &70177011768480 !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: *70177011768480
+description: Rack middleware to enabled CORS
+email:
+- me@broadcastingadam.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- .gitignore
+- Gemfile
+- LICENSE
+- README.md
+- Rakefile
+- lib/manifold.rb
+- lib/manifold/railtie.rb
+- lib/manifold/version.rb
+- manifold.gemspec
+- test/mainfold_test.rb
+- test/rails_test.rb
+- test/test_helper.rb
+homepage: https://github.com/twinturbo/manifold
+licenses: []
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  none: false
+  requirements:
+  - - ! '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+      segments:
+      - 0
+      hash: -316482174822974352
+required_rubygems_version: !ruby/object:Gem::Requirement
+  none: false
+  requirements:
+  - - ! '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+      segments:
+      - 0
+      hash: -316482174822974352
+requirements: []
+rubyforge_project: 
+rubygems_version: 1.8.11
+signing_key: 
+specification_version: 3
+summary: ''
+test_files:
+- test/mainfold_test.rb
+- test/rails_test.rb
+- test/test_helper.rb