manifold 1.0.0

Sign up to get free protection for your applications and to get access to all the features.
@@ -0,0 +1,17 @@
1
+ *.gem
2
+ *.rbc
3
+ .bundle
4
+ .config
5
+ .yardoc
6
+ Gemfile.lock
7
+ InstalledFiles
8
+ _yardoc
9
+ coverage
10
+ doc/
11
+ lib/bundler/man
12
+ pkg
13
+ rdoc
14
+ spec/reports
15
+ test/tmp
16
+ test/version_tmp
17
+ tmp
data/Gemfile ADDED
@@ -0,0 +1,4 @@
1
+ source 'https://rubygems.org'
2
+
3
+ # Specify your gem's dependencies in manifold.gemspec
4
+ gemspec
data/LICENSE ADDED
@@ -0,0 +1,22 @@
1
+ Copyright (c) 2012 twinturbo
2
+
3
+ MIT License
4
+
5
+ Permission is hereby granted, free of charge, to any person obtaining
6
+ a copy of this software and associated documentation files (the
7
+ "Software"), to deal in the Software without restriction, including
8
+ without limitation the rights to use, copy, modify, merge, publish,
9
+ distribute, sublicense, and/or sell copies of the Software, and to
10
+ permit persons to whom the Software is furnished to do so, subject to
11
+ the following conditions:
12
+
13
+ The above copyright notice and this permission notice shall be
14
+ included in all copies or substantial portions of the Software.
15
+
16
+ THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
17
+ EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
18
+ MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
19
+ NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
20
+ LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
21
+ OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
22
+ WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
@@ -0,0 +1,84 @@
1
+ # Manifold
2
+
3
+ Mainfold: A generous CORS implementation designed for public APIs.
4
+
5
+ Use this if you don't care about CORS problems and never want to see
6
+ them again.
7
+
8
+ Don't use this if you have more complex CORS policies.
9
+
10
+ ## Background
11
+
12
+ CORS is a bitch. It's annoying when you just want to develop your
13
+ application. You need to GET/POST/PUT/DELETE to some api in a browser
14
+ but it's stopping you. Drop this rack middleware into your stack and
15
+ make that it work.
16
+
17
+ ## How It Works
18
+
19
+ * Handles simple CORS and preflight CORS requests.
20
+ * `Access-Control-Accept-Origin: *`.
21
+ * Echo's back `Access-Control-Request-Method` for
22
+ `Access-Control-Allow-Method` for preflight requests.
23
+ * Echo's back `Access-Control-Request-Headers` for
24
+ `Access-Control-Allow-Headers` for preflight requests.
25
+ * Makes preflight requests cachcable.
26
+ * Configurable options for `Access-Control-Expose-Headers`.
27
+ * Configurable options for `Access-Control-Accept-Headers`.
28
+ * Add `Access-Control-Accept-Origin: *` to simple requests.
29
+
30
+ ## Preflight Requests
31
+
32
+ CORS preflight requests are sent as OPTIONS requests to whatever URL the
33
+ request will made to. Browsers add `Access-Control-Request-Method` and
34
+ `Access-Control-Request-Headers`to these requests. The middleware short
35
+ circuit these reqeusts to return the CORS response. So be warned: **If
36
+ your application accepts `OPTIONS` for routing then you should not use
37
+ this code.**
38
+
39
+ ## Installation
40
+
41
+ Add this line to your application's Gemfile:
42
+
43
+ gem 'manifold'
44
+
45
+ And then execute:
46
+
47
+ $ bundle
48
+
49
+ Or install it yourself as:
50
+
51
+ $ gem install manifold
52
+
53
+ ## Usage
54
+
55
+ ```ruby
56
+ # config.ru
57
+ require 'manifold'
58
+
59
+ Manifold.expose += %w(X-Custom-Header)
60
+
61
+ use Manifold::Middleware
62
+ run MyApp
63
+ ```
64
+
65
+ ## Rails
66
+
67
+ Manifold integrates cleanly with Rails. It inserts it's middleware at
68
+ the top of the stack and exposes it's configuration through
69
+ `Rails.config`. Manifold also add exposes headers added by Rails for
70
+ CORS.
71
+
72
+ ```ruby
73
+ # application.rb
74
+ config.manifold.accept += %w(X-Custom-Input-Header) # add custom headers you need
75
+ config.manifold.expose += %(X-Custom-Output-Header)
76
+ ```
77
+
78
+ ## Contributing
79
+
80
+ 1. Fork it
81
+ 2. Create your feature branch (`git checkout -b my-new-feature`)
82
+ 3. Commit your changes (`git commit -am 'Added some feature'`)
83
+ 4. Push to the branch (`git push origin my-new-feature`)
84
+ 5. Create new Pull Request
@@ -0,0 +1,10 @@
1
+ #!/usr/bin/env rake
2
+ require "bundler/gem_tasks"
3
+
4
+ require 'rake/testtask'
5
+ Rake::TestTask.new(:test) do |test|
6
+ test.libs << 'test'
7
+ test.pattern = 'test/**/*_test.rb'
8
+ end
9
+
10
+ task :default => :test
@@ -0,0 +1,74 @@
1
+ require "manifold/version"
2
+
3
+ module Manifold
4
+ class Config
5
+ attr_accessor :expose, :accept
6
+
7
+ def initialize
8
+ @expose = []
9
+ @accept = []
10
+ end
11
+ end
12
+
13
+ def self.config
14
+ @config ||= Config.new
15
+ end
16
+
17
+ class Middleware
18
+ def initialize(app)
19
+ @app = app
20
+ end
21
+
22
+ def call(env)
23
+ if preflight?(env)
24
+ env['HTTP_ORIGIN'] = 'file://' if env['HTTP_ORIGIN'] == 'null'
25
+ env['HTTP_ORIGIN'] ||= env['HTTP_X_ORIGIN']
26
+
27
+ headers = cors_headers(env)
28
+ headers['Content-Type'] = 'text/plain'
29
+
30
+ [200, headers, []]
31
+ else
32
+ status, headers, body = @app.call env
33
+
34
+ headers['Access-Control-Allow-Origin'] = "*"
35
+
36
+ [status, headers, body]
37
+ end
38
+ end
39
+
40
+ def cors_headers(env)
41
+ headers = {}
42
+
43
+ headers['Access-Control-Allow-Origin'] = "*"
44
+
45
+ headers['Access-Control-Allow-Methods'] = env['HTTP_ACCESS_CONTROL_REQUEST_METHOD']
46
+
47
+ headers['Access-Control-Allow-Headers'] = [
48
+ env['HTTP_ACCESS_CONTROL_REQUEST_HEADERS'],
49
+ Manifold.config.accept,
50
+ 'Authorization'
51
+ ].compact.join(', ')
52
+
53
+ if Manifold.config.expose
54
+ headers['Access-Control-Expose-Headers'] = Manifold.config.expose.join(', ')
55
+ end
56
+
57
+ headers['Access-Control-Allow-Credentials'] = "true"
58
+
59
+ headers['Access-Control-Max-Age'] = "1728000"
60
+
61
+ headers
62
+ end
63
+
64
+ def preflight?(env)
65
+ env['REQUEST_METHOD'] == "OPTIONS" &&
66
+ env['HTTP_ACCESS_CONTROL_REQUEST_METHOD'] &&
67
+ env['HTTP_ACCESS_CONTROL_REQUEST_HEADERS']
68
+ end
69
+ end
70
+ end
71
+
72
+ if defined? Rails
73
+ require 'manifold/railtie'
74
+ endnever
@@ -0,0 +1,15 @@
1
+ module Manifold
2
+ class Engine < Rails::Railtie
3
+ config.manifold = Manifold.config
4
+
5
+ initializer "manifold.middleware" do |app|
6
+ app.config.middleware.insert 0, Manifold::Middleware
7
+ end
8
+
9
+ initializer "manifold.headers" do |app|
10
+ app.config.manifold.expose << "X-Request-Id"
11
+ app.config.manifold.expose << "X-Runtime"
12
+ app.config.manifold.expose << "X-Rack-Cache"
13
+ end
14
+ end
15
+ end
@@ -0,0 +1,3 @@
1
+ module Manifold
2
+ VERSION = "1.0.0"
3
+ end
@@ -0,0 +1,21 @@
1
+ # -*- encoding: utf-8 -*-
2
+ require File.expand_path('../lib/manifold/version', __FILE__)
3
+
4
+ Gem::Specification.new do |gem|
5
+ gem.authors = ["twinturbo"]
6
+ gem.email = ["me@broadcastingadam.com"]
7
+ gem.description = %q{Rack middleware to enabled CORS}
8
+ gem.summary = %q{}
9
+ gem.homepage = "https://github.com/twinturbo/manifold"
10
+
11
+ gem.files = `git ls-files`.split($\)
12
+ gem.executables = gem.files.grep(%r{^bin/}).map{ |f| File.basename(f) }
13
+ gem.test_files = gem.files.grep(%r{^(test|spec|features)/})
14
+ gem.name = "manifold"
15
+ gem.require_paths = ["lib"]
16
+ gem.version = Manifold::VERSION
17
+
18
+ gem.add_development_dependency "rack-test"
19
+ gem.add_development_dependency "rails"
20
+ gem.add_development_dependency "simplecov"
21
+ end
@@ -0,0 +1,108 @@
1
+ require 'test_helper'
2
+
3
+ class ManifoldTest < MiniTest::Unit::TestCase
4
+ include Rack::Test::Methods
5
+
6
+ def setup
7
+ @old_expose = Manifold.config.expose
8
+ @old_accept = Manifold.config.accept
9
+
10
+ Manifold.config.expose = []
11
+ Manifold.config.accept = []
12
+ end
13
+
14
+ def teardown
15
+ Manifold.config.expose = @old_expose
16
+ Manifold.config.accept = @old_accept
17
+ end
18
+
19
+ def app
20
+ TestApp
21
+ end
22
+
23
+ def preflight(method, headers = "Content-Type", origin = "http://example.com")
24
+ options '/', {}, { 'HTTP_ORIGIN' => origin, 'HTTP_ACCESS_CONTROL_REQUEST_METHOD' => method , 'HTTP_ACCESS_CONTROL_REQUEST_HEADERS' => headers }
25
+ end
26
+
27
+ def test_allows_any_origin
28
+ preflight "GET", "Content-Type", "foo.com"
29
+
30
+ assert last_response.ok?
31
+ headers = last_response.headers
32
+ assert_equal "*", headers['Access-Control-Allow-Origin']
33
+ end
34
+
35
+ def tests_echos_requested_method_for_preflight
36
+ preflight "PATCH"
37
+
38
+ assert last_response.ok?
39
+ headers = last_response.headers
40
+ assert_includes headers['Access-Control-Allow-Methods'], "PATCH"
41
+ end
42
+
43
+ def tests_echos_requested_headers_for_preflight
44
+ preflight "PUT", "X-Custom-Header"
45
+
46
+ assert last_response.ok?
47
+ headers = last_response.header
48
+ assert_includes headers['Access-Control-Allow-Headers'], "X-Custom-Header"
49
+ end
50
+
51
+ def test_allows_http_auth_in_preflight
52
+ preflight "POST"
53
+
54
+ assert last_response.ok?
55
+ headers = last_response.headers
56
+ assert_includes headers['Access-Control-Allow-Headers'], "Authorization"
57
+ end
58
+
59
+ def test_allows_cookies_in_preflight
60
+ preflight "GET"
61
+
62
+ assert last_response.ok?
63
+ headers = last_response.headers
64
+ assert_equal "true", headers['Access-Control-Allow-Credentials']
65
+ end
66
+
67
+ def test_sends_the_content_type_header_for_preflight
68
+ preflight "PATCH"
69
+
70
+ assert_equal 'text/plain', last_response.content_type
71
+ end
72
+
73
+ def test_allows_for_custom_headers_exposed
74
+ Manifold.config.expose = ["X-Request-ID"]
75
+
76
+ preflight "PATCH"
77
+
78
+ assert last_response.ok?
79
+ headers = last_response.headers
80
+ assert_equal "X-Request-ID", headers['Access-Control-Expose-Headers']
81
+ end
82
+
83
+ def tests_allow_for_custom_headers_accept
84
+ Manifold.config.accept = ["X-Rate-Limit"]
85
+
86
+ preflight "PATCH"
87
+
88
+ assert last_response.ok?
89
+ headers = last_response.headers
90
+ assert_includes headers['Access-Control-Allow-Headers'], 'X-Rate-Limit'
91
+ end
92
+
93
+ def test_preflight_is_cachable
94
+ preflight "PATCH"
95
+
96
+ assert last_response.ok?
97
+ headers = last_response.header
98
+ assert headers['Access-Control-Max-Age']
99
+ end
100
+
101
+ def test_adds_cors_support_for_simple_requests
102
+ get '/'
103
+
104
+ assert last_response.ok?
105
+ headers = last_response.headers
106
+ assert_equal "*", headers['Access-Control-Allow-Origin']
107
+ end
108
+ end
@@ -0,0 +1,16 @@
1
+ require 'test_helper'
2
+
3
+ class RailsIntegrationTest < MiniTest::Unit::TestCase
4
+ def test_loads_middleware
5
+ middleware = TestRailsApp.config.middleware
6
+ assert_equal Manifold::Middleware, middleware.first.klass
7
+ end
8
+
9
+ def tests_exposes_headers_uses_in_rails_applications
10
+ config = TestRailsApp.config.manifold
11
+
12
+ assert_includes config.expose, 'X-Request-Id'
13
+ assert_includes config.expose, 'X-Runtime'
14
+ assert_includes config.expose, 'X-Rack-Cache'
15
+ end
16
+ end
@@ -0,0 +1,32 @@
1
+ require 'simplecov'
2
+ SimpleCov.start
3
+
4
+ require 'manifold'
5
+
6
+ require 'minitest/unit'
7
+ require 'minitest/pride'
8
+ require 'minitest/autorun'
9
+
10
+ require 'rack/test'
11
+
12
+ class HelloWorld
13
+ def self.call(env)
14
+ [200, {}, ["Hi"]]
15
+ end
16
+ end
17
+
18
+ TestApp = Rack::Builder.new do
19
+ use Manifold::Middleware
20
+ run HelloWorld
21
+ end
22
+
23
+ ENV['RAILS_ENV'] = "test"
24
+
25
+ require 'rails'
26
+ require 'action_controller/railtie'
27
+ require 'manifold/railtie'
28
+
29
+ class TestRailsApp < Rails::Application
30
+ config.active_support.deprecation = proc { |message, stack| }
31
+ initialize!
32
+ end
metadata ADDED
@@ -0,0 +1,99 @@
1
+ --- !ruby/object:Gem::Specification
2
+ name: manifold
3
+ version: !ruby/object:Gem::Version
4
+ version: 1.0.0
5
+ prerelease:
6
+ platform: ruby
7
+ authors:
8
+ - twinturbo
9
+ autorequire:
10
+ bindir: bin
11
+ cert_chain: []
12
+ date: 2012-05-14 00:00:00.000000000 Z
13
+ dependencies:
14
+ - !ruby/object:Gem::Dependency
15
+ name: rack-test
16
+ requirement: &70177011769320 !ruby/object:Gem::Requirement
17
+ none: false
18
+ requirements:
19
+ - - ! '>='
20
+ - !ruby/object:Gem::Version
21
+ version: '0'
22
+ type: :development
23
+ prerelease: false
24
+ version_requirements: *70177011769320
25
+ - !ruby/object:Gem::Dependency
26
+ name: rails
27
+ requirement: &70177011768900 !ruby/object:Gem::Requirement
28
+ none: false
29
+ requirements:
30
+ - - ! '>='
31
+ - !ruby/object:Gem::Version
32
+ version: '0'
33
+ type: :development
34
+ prerelease: false
35
+ version_requirements: *70177011768900
36
+ - !ruby/object:Gem::Dependency
37
+ name: simplecov
38
+ requirement: &70177011768480 !ruby/object:Gem::Requirement
39
+ none: false
40
+ requirements:
41
+ - - ! '>='
42
+ - !ruby/object:Gem::Version
43
+ version: '0'
44
+ type: :development
45
+ prerelease: false
46
+ version_requirements: *70177011768480
47
+ description: Rack middleware to enabled CORS
48
+ email:
49
+ - me@broadcastingadam.com
50
+ executables: []
51
+ extensions: []
52
+ extra_rdoc_files: []
53
+ files:
54
+ - .gitignore
55
+ - Gemfile
56
+ - LICENSE
57
+ - README.md
58
+ - Rakefile
59
+ - lib/manifold.rb
60
+ - lib/manifold/railtie.rb
61
+ - lib/manifold/version.rb
62
+ - manifold.gemspec
63
+ - test/mainfold_test.rb
64
+ - test/rails_test.rb
65
+ - test/test_helper.rb
66
+ homepage: https://github.com/twinturbo/manifold
67
+ licenses: []
68
+ post_install_message:
69
+ rdoc_options: []
70
+ require_paths:
71
+ - lib
72
+ required_ruby_version: !ruby/object:Gem::Requirement
73
+ none: false
74
+ requirements:
75
+ - - ! '>='
76
+ - !ruby/object:Gem::Version
77
+ version: '0'
78
+ segments:
79
+ - 0
80
+ hash: -316482174822974352
81
+ required_rubygems_version: !ruby/object:Gem::Requirement
82
+ none: false
83
+ requirements:
84
+ - - ! '>='
85
+ - !ruby/object:Gem::Version
86
+ version: '0'
87
+ segments:
88
+ - 0
89
+ hash: -316482174822974352
90
+ requirements: []
91
+ rubyforge_project:
92
+ rubygems_version: 1.8.11
93
+ signing_key:
94
+ specification_version: 3
95
+ summary: ''
96
+ test_files:
97
+ - test/mainfold_test.rb
98
+ - test/rails_test.rb
99
+ - test/test_helper.rb