rack-blacklist_cookies 1.0.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: ca060fd79fc80cccf1c2ac8e294d002094e0998b
+  data.tar.gz: f0b4a211a78499c28dc104a7354062df68868374
+SHA512:
+  metadata.gz: a077d2bdd2c2ccc7da39551d34761e7821cee26e2beacc3c4c617770043df6a8d5a54db15e0b86e05567a6b325a32c5b3288e4c4f0b52d28ea828f40ef599cca
+  data.tar.gz: ccde3df668b19623a3fbd88f186bfa8f6a2a0881c18abae384002ac2b8e40834820f3e5001634eac935a5fc7caebaf27983883aa2e0ede61e16f02a00f2295c2

data/.gitignore

@@ -0,0 +1,13 @@
+/.bundle/
+/.yardoc
+/Gemfile.lock
+/_yardoc/
+/coverage/
+/doc/
+/pkg/
+/spec/reports/
+/tmp/
+/vendor/
+
+# rspec failure tracking
+.rspec_status

data/.reek

@@ -0,0 +1,11 @@
+Attribute:
+  exclude:
+    - "Rack::BlacklistCookies::Configuration"
+
+UtilityFunction:
+  public_methods_only: true
+
+exclude_paths:
+  - bin/
+  - spec/
+  - vendor/

data/.rspec

@@ -0,0 +1,2 @@
+--format documentation
+--color

data/.rubocop.yml

@@ -0,0 +1,96 @@
+AllCops:
+  TargetRubyVersion: 2.3
+  DisplayStyleGuide: false
+  Exclude:
+    - 'vendor/**/*'
+    - 'spec/**/*'
+Rails:
+  Enabled: true
+
+Metrics/LineLength:
+  Max: 120
+
+Style/AlignParameters:
+  # Alignment of parameters in multi-line method calls.
+  #
+  # The `with_first_parameter` style aligns the following lines along the same
+  # column as the first parameter.
+  #
+  #     method_call(a,
+  #                 b)
+  #
+  # The `with_fixed_indentation` style aligns the following lines with one
+  # level of indentation relative to the start of the line with the method call.
+  #
+  #     method_call(a,
+  #       b)
+  EnforcedStyle: with_fixed_indentation
+  SupportedStyles:
+    - with_first_parameter
+    - with_fixed_indentation
+
+# Multi-line method chaining should be done with trailing dots.
+Style/DotPosition:
+  EnforcedStyle: trailing
+  SupportedStyles:
+    - leading
+    - trailing
+
+Style/Documentation:
+  Description: 'Document classes and non-namespace modules.'
+  Enabled: false
+  Exclude:
+    - 'spec/**/*'
+    - 'test/**/*'
+
+Style/FileName:
+  Enabled: false
+
+Style/TrailingCommaInArguments:
+  # If `comma`, the cop requires a comma after the last argument, but only for
+  # parenthesized method calls where each argument is on its own line.
+  # If `consistent_comma`, the cop requires a comma after the last argument,
+  # for all parenthesized method calls with arguments.
+  EnforcedStyleForMultiline: comma
+
+Style/TrailingCommaInLiteral:
+  # If `comma`, the cop requires a comma after the last item in an array or
+  # hash, but only when each item is on its own line.
+  # If `consistent_comma`, the cop requires a comma after the last item of all
+  # non-empty array and hash literals.
+  EnforcedStyleForMultiline: comma
+
+
+Style/StringLiterals:
+  EnforcedStyle: double_quotes
+  SupportedStyles:
+    - single_quotes
+    - double_quotes
+  # If true, strings which span multiple lines using \ for continuation must
+  # use the same type of quotes on each line.
+  ConsistentQuotesInMultiline: false
+
+Style/StringLiteralsInInterpolation:
+  EnforcedStyle: double_quotes
+  SupportedStyles:
+    - single_quotes
+    - double_quotes
+
+Style/UnneededInterpolation:
+  Enabled: false
+
+Style/HashSyntax:
+  EnforcedStyle: no_mixed_keys
+  SupportedStyles:
+    # checks for 1.9 syntax (e.g. {a: 1}) for all symbol keys
+    - ruby19
+    # checks for hash rocket syntax for all hashes
+    - hash_rockets
+    # forbids mixed key syntaxes (e.g. {a: 1, :b => 2})
+    - no_mixed_keys
+    # enforces both ruby19 and no_mixed_keys styles
+    - ruby19_no_mixed_keys
+  # Force hashes that have a symbol value to use hash rockets
+  UseHashRocketsWithSymbolValues: false
+  # Do not suggest { a?: 1 } over { :a? => 1 } in ruby19 style
+  PreferHashRocketsForNonAlnumEndingSymbols: true

data/Gemfile

@@ -0,0 +1,5 @@
+# frozen_string_literal: true
+source "https://rubygems.org"
+
+# Specify your gem's dependencies in rack-blacklist_cookies.gemspec
+gemspec

data/LICENSE.txt

@@ -0,0 +1,21 @@
+The MIT License (MIT)
+
+Copyright (c) 2017 Notonthehighstreet Enterprises Ltd
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.

data/README.md

@@ -0,0 +1,82 @@
+# Rack::BlacklistCookies
+
+Rack middleware for removing cookies on the request and response at a route level.
+
+Rack::BlacklistCookies is a rack middleware that will block certain cookies from an HTTP request, as well as strip
+certain cookies from an HTTP response.
+
+It does this by examining the `Cookies` headers on the request, and the `Set-Cookie` headers on the response, and
+stripping out any cookie that has been explicitly blacklisted in the configuration. It also let's you do that on a
+per route basis, allowing you to selectively strip certain cookies only for certain routes in your application.
+
+This may be useful in situations where you want to continue setting cookies generally but want to apply a finer set of
+rules to either the request or the response.
+
+## Installation
+
+Add this line to your application's Gemfile:
+
+```ruby
+gem 'rack-blacklist_cookies'
+```
+
+And then execute:
+
+    $ bundle
+
+Or install it yourself as:
+
+    $ gem install rack-blacklist_cookies
+
+## Configuration
+
+All this gem needs to run is a simple configuration file.
+
+You can blacklist on either the request or the response by setting pairs of `"/url-string" => ["list", "of", "cookies"]`
+values.
+
+Take the following config as an example:
+
+```ruby
+Rack::BlacklistCookies.configure do |config|
+  config.request_blacklist = {
+    "/some-url"       => ["cookie_to_blacklist", "another_blacklisted_cookie"]
+  }
+  config.response_blacklist = {
+    "/"               => ["do_not_set_this_cookie_on_homepage_response"]
+  }
+end
+```
+
+This will ensure requests getting into your application on the URL `/some-url` will not have the cookies
+`cookie_to_blacklist` and `another_blacklisted_cookie`. Similarly, even if your web application returns a cookie with
+the name `do_not_set_this_cookie_on_homepage_response` for requests to `/`, that cookie will not make it into the client
+as the middleware will strip it out.
+
+
+As this is a Rack middleware, it will respect and correctly ignore any `?querystring` and `#bookmark` params in the URL.
+
+## Using with Rails
+
+If you are using this middleware with Rails, a typical place to set up the gem is in the `config/initializers` folder.
+
+Don't forget to add the middleware to `config/application.rb` as well.
+
+```ruby
+config.middleware.insert 0, Rack::BlacklistCookies
+```
+
+## Development
+
+After checking out the repo, run `bundle install` to install dependencies. Then, run `rake spec` to run the tests.
+
+## Contributing
+
+Bug reports and pull requests are welcome on GitHub at https://github.com/notonthehighstreet/rack-blacklist_cookies.
+This project is intended to be a safe, welcoming space for collaboration, and contributors are expected to adhere to the
+[Contributor Covenant](http://contributor-covenant.org) code of conduct.
+
+
+## License
+
+The gem is available as open source under the terms of the [MIT License](http://opensource.org/licenses/MIT).

data/Rakefile

@@ -0,0 +1,7 @@
+# frozen_string_literal: true
+require "bundler/gem_tasks"
+require "rspec/core/rake_task"
+
+RSpec::Core::RakeTask.new(:spec)
+
+task :default => :spec

data/lib/rack-blacklist_cookies.rb

@@ -0,0 +1,30 @@
+# frozen_string_literal: true
+require "rack/blacklist_cookies"
+require "rack/blacklist_cookies/configuration"
+require "rack/blacklist_cookies/scrubber"
+require "rack/blacklist_cookies/version"
+
+module Rack
+  # Rack::BlacklistCookies holds onto configuration values at the class level
+  class BlacklistCookies
+    def self.configuration
+      @configuration ||= Configuration.new
+    end
+
+    def self.configure
+      yield(configuration)
+      configuration.validate
+    rescue ConfigurationError => error
+      configuration.reset
+      raise error
+    end
+
+    def self.request_blacklist(env)
+      configuration.request_blacklist[env["PATH_INFO"]]
+    end
+
+    def self.response_blacklist(env)
+      configuration.response_blacklist[env["PATH_INFO"]]
+    end
+  end
+end

data/lib/rack/blacklist_cookies.rb

@@ -0,0 +1,29 @@
+# frozen_string_literal: true
+module Rack
+  # Rack::BlacklistCookies is a middleware that removes selected cookies from the request and / or response.
+  class BlacklistCookies
+    def initialize(app)
+      @app = app
+    end
+
+    def call(env)
+      env["HTTP_COOKIE"] = "#{RequestScrubber.new(env, env["HTTP_COOKIE"])}" if scrub_request?(env)
+
+      status, headers, body = @app.call(env)
+
+      headers["Set-Cookie"] = "#{ResponseScrubber.new(env, headers["Set-Cookie"])}" if scrub_response?(env, headers)
+
+      [status, headers, body]
+    end
+
+    private
+
+    def scrub_request?(env)
+      !env["HTTP_COOKIE"].nil? && !env["HTTP_COOKIE"].empty? && BlacklistCookies.request_blacklist(env)
+    end
+
+    def scrub_response?(env, headers)
+      !headers["Set-Cookie"].nil? && !headers["Set-Cookie"].empty? && BlacklistCookies.response_blacklist(env)
+    end
+  end
+end

data/lib/rack/blacklist_cookies/configuration.rb

@@ -0,0 +1,49 @@
+# frozen_string_literal: true
+module Rack
+  class BlacklistCookies
+    # Configuration defaults to an empty hash if it has not been set.
+    class Configuration
+      attr_accessor :request_blacklist, :response_blacklist
+
+      def initialize
+        @request_blacklist = {}
+        @response_blacklist = {}
+      end
+
+      def reset
+        @request_blacklist = {}
+        @response_blacklist = {}
+      end
+
+      # rubocop:disable MethodLength
+      def validate
+        [@request_blacklist, @response_blacklist].each do |blacklist|
+          raise ConfigurationError, "Blacklist is not a hash" unless blacklist.is_a?(Hash)
+          blacklist.each do |route, cookie_list|
+            raise ConfigurationError, "Blacklist key is not a string" unless route.is_a?(String)
+            raise ConfigurationError, "Blacklist value is not an array" unless cookie_list.is_a?(Array)
+            raise ConfigurationError, "Blacklist key is not a URL path" unless route.start_with?("/")
+            cookie_list.each do |cookie_name|
+              raise ConfigurationError, "Blacklist cookie is not a valid name string" unless cookie_name.is_a?(String)
+            end
+          end
+        end
+      end
+    end
+
+    # ConfigurationError feeds configuration issues back to the user.
+    class ConfigurationError < StandardError
+      def initialize(message = "Failed to configure correctly")
+        @message = message
+      end
+
+      def to_s
+        "#{@message}. #{docs}"
+      end
+
+      def docs
+        "Docs are at https://github.com/notonthehighstreet/rack-blacklist_cookies "
+      end
+    end
+  end
+end

data/lib/rack/blacklist_cookies/scrubber.rb

@@ -0,0 +1,72 @@
+# frozen_string_literal: true
+module Rack
+  class BlacklistCookies
+    # The Scrubber class is responsible for removing any unwanted cookies from a given cookies header.
+    # The base class provides the main #scrub method, while the subclasses are responsible
+    # for being able to deal with parsing the Request and Response headers and associated config.
+    class BaseScrubber
+      attr_reader :env
+
+      def initialize(env, cookies_header)
+        @env = env
+        @cookies_header = cookies_header
+      end
+
+      def to_s
+        return @cookies_header unless blacklist
+        scrub
+      end
+
+      private
+
+      def scrub
+        new_cookies_header = @cookies_header.split(splitter)
+        blacklist.each do |cookie_name|
+          new_cookies_header.reject! { |cookie| "#{cookie_name}=" == cookie[0..cookie_name.length] }
+        end
+
+        new_cookies_header.join(joiner)
+      end
+
+      def blacklist; end
+
+      def splitter; end
+
+      def joiner; end
+    end
+
+    # RequestScrubber is responsible for parsing and configuring the request according to RFC-6252
+    # https://tools.ietf.org/html/rfc6265#section-5.4
+    # https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Cookie
+    class RequestScrubber < BaseScrubber
+      def blacklist
+        BlacklistCookies.request_blacklist(env)
+      end
+
+      def splitter
+        /[;,] */n
+      end
+
+      def joiner
+        "; "
+      end
+    end
+
+    # ResponseScrubber is responsible for parsing and configuring the response according to RFC-6252
+    # https://tools.ietf.org/html/rfc6265#section-4.1
+    # https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie
+    class ResponseScrubber < BaseScrubber
+      def blacklist
+        BlacklistCookies.response_blacklist(env)
+      end
+
+      def splitter
+        "\n"
+      end
+
+      def joiner
+        "\n"
+      end
+    end
+  end
+end

data/lib/rack/blacklist_cookies/version.rb

@@ -0,0 +1,6 @@
+# frozen_string_literal: true
+module Rack
+  class BlacklistCookies
+    VERSION = "1.0.0".freeze
+  end
+end

data/rack-blacklist_cookies.gemspec

@@ -0,0 +1,31 @@
+# coding: utf-8
+# frozen_string_literal: true
+lib = File.expand_path("../lib", __FILE__)
+$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
+require "rack-blacklist_cookies"
+
+Gem::Specification.new do |spec|
+  spec.name          = "rack-blacklist_cookies"
+  spec.version       = Rack::BlacklistCookies::VERSION
+  spec.authors       = ["notonthehighstreet.com"]
+  spec.email         = ["tech.contact@notonthehighstreet.com"]
+
+  spec.summary       = "Blacklist cookies on the request and response HTTP headers"
+  spec.description   = "Removes specified cookies from HTTP request and / or response on user defined pages."
+  spec.homepage      = "https://github.com/notonthehighstreet/rack-blacklist_cookies"
+  spec.license       = "MIT"
+
+  spec.files         = `git ls-files -z`.split("\x0").reject do |f|
+    f.match(%r{^(test|spec|features)/})
+  end
+  spec.bindir        = "exe"
+  spec.executables   = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
+  spec.require_paths = ["lib"]
+
+  spec.add_development_dependency "bundler", "~> 1.13.7"
+  spec.add_development_dependency "rake", "~> 10.0"
+  spec.add_development_dependency "rspec", "~> 3.0"
+  spec.add_development_dependency "pry-byebug"
+  spec.add_development_dependency "rubocop"
+  spec.add_development_dependency "reek"
+end

metadata

@@ -0,0 +1,143 @@
+--- !ruby/object:Gem::Specification
+name: rack-blacklist_cookies
+version: !ruby/object:Gem::Version
+  version: 1.0.0
+platform: ruby
+authors:
+- notonthehighstreet.com
+autorequire: 
+bindir: exe
+cert_chain: []
+date: 2017-05-23 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: bundler
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 1.13.7
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 1.13.7
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '10.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '10.0'
+- !ruby/object:Gem::Dependency
+  name: rspec
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.0'
+- !ruby/object:Gem::Dependency
+  name: pry-byebug
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: rubocop
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: reek
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+description: Removes specified cookies from HTTP request and / or response on user
+  defined pages.
+email:
+- tech.contact@notonthehighstreet.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- ".gitignore"
+- ".reek"
+- ".rspec"
+- ".rubocop.yml"
+- Gemfile
+- LICENSE.txt
+- README.md
+- Rakefile
+- lib/rack-blacklist_cookies.rb
+- lib/rack/blacklist_cookies.rb
+- lib/rack/blacklist_cookies/configuration.rb
+- lib/rack/blacklist_cookies/scrubber.rb
+- lib/rack/blacklist_cookies/version.rb
+- rack-blacklist_cookies.gemspec
+homepage: https://github.com/notonthehighstreet/rack-blacklist_cookies
+licenses:
+- MIT
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.6.10
+signing_key: 
+specification_version: 4
+summary: Blacklist cookies on the request and response HTTP headers
+test_files: []