rack-canonical-host 0.2.1 → 0.2.2

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 8a6f24e954b7680ed4e2571398bc6d2012deaf38
-  data.tar.gz: 224fd0063568a627b4f37bf0ca6dc33d579645ba
+  metadata.gz: afbfedb96e0996ded4ce9b2d21532dcbda77bded
+  data.tar.gz: 47d412e723522d44bf530af57fa03107fef9b745
 SHA512:
-  metadata.gz: 981074ba73744daeff5a3e7e3256e42ed19cfdb56759ff8e133390ab353804886e9b3fce6bc5268934daa41275b6d1d38ec1c7c8e048e0d4017ce38df3539cb3
-  data.tar.gz: 6c191906b97d467c729b055abbf9ffade959d35f32071566d0796500f431fa790f9d59c03a5f1427e374ebd3b0e0c385ac749e661314e1007a52fcc982c3ab0b
+  metadata.gz: 83e23130511d87ee922ea34ed3f87384179fde266f818c04aace1c0d19a98b389380fcc250db824a06894cb53921eb3c4fd9dc079c48058ead99d61b7d3c56ce
+  data.tar.gz: 0c8d2c995d2f341bd63d1b51e8ffc6d5d7161236263ee2eda932b95edd847ee59beb6af002c805b08e3c3a5e8d66333bb5599efe1489c3937058f030e22dca29

data/CHANGELOG.md

@@ -1,5 +1,9 @@
 # Changelog
 
+## 0.2.2 (2016-05-17)
+
+  * Add `:cache_control` option ([Pete Nicholls][Aupajo])
+
 ## 0.2.1 (2016-03-28)
 
   * Relax Rack dependency to allow for Rack 2 ([Tyler Ewing][zoso10])
@@ -57,6 +61,7 @@
 
   * Initial release ([Tyler Hunt][tylerhunt])
 
+[Aupajo]: http://github.com/Aupajo
 [finack]: http://github.com/finack
 [firedev]: http://github.com/firedev
 [jcarbo]: http://github.com/jcarbo

data/README.md

@@ -95,6 +95,23 @@ use Rack::CanonicalHost, 'example.com', if: /.*\.example\.com/
 use Rack::CanonicalHost, 'example.ru', if: /.*\.example\.ru/
 ```
 
+### Cache-Control
+
+To avoid browsers indefinitely caching a `301` redirect, it’s a sensible idea
+to set an expiry on each redirect, to hedge against the chance you may need to
+change that redirect in the future.
+
+``` ruby
+# Leave caching up to the browser (which could cache it indefinitely):
+use Rack::CanonicalHost, 'example.com'
+
+# Cache the redirect for up to an hour:
+use Rack::CanonicalHost, 'example.com', cache_control: 'max-age=3600'
+
+# Prevent caching of redirects:
+use Rack::CanonicalHost, 'example.com', cache_control: 'no-cache'
+```
+
 ## Contributing
 
   1. Fork it
@@ -109,6 +126,7 @@ use Rack::CanonicalHost, 'example.ru', if: /.*\.example\.ru/
 Thanks to the following people who have contributed patches or helpful
 suggestions:
 
+  * [Pete Nicholls](https://github.com/Aupajo)
   * [Tyler Ewing](https://github.com/zoso10)
   * [Thomas Maurer](https://github.com/tma)
   * [Jeff Carbonella](https://github.com/jcarbo)

data/lib/rack/canonical_host/redirect.rb

@@ -20,6 +20,7 @@ module Rack
         self.host = host
         self.ignore = Array(options[:ignore])
         self.conditions = Array(options[:if])
+        self.cache_control = options[:cache_control]
       end
 
       def canonical?
@@ -37,6 +38,7 @@ module Rack
       attr_accessor :host
       attr_accessor :ignore
       attr_accessor :conditions
+      attr_accessor :cache_control
 
     private
 
@@ -46,9 +48,10 @@ module Rack
 
       def headers
         {
-          'Location' => new_url,
+          'Cache-Control' => cache_control,
           'Content-Type' => 'text/html',
-        }
+          'Location' => new_url,
+        }.reject { |_, value| !value }
       end
 
       def enabled?

data/lib/rack/canonical_host/version.rb

@@ -1,5 +1,5 @@
 module Rack
   class CanonicalHost
-    VERSION = '0.2.1'
+    VERSION = '0.2.2'
   end
 end

data/spec/rack/canonical_host_spec.rb

@@ -1,9 +1,14 @@
-require 'spec_helper'
-
-describe Rack::CanonicalHost do
-  let(:response) { [200, { 'Content-Type' => 'text/plain' }, ['OK']] }
+RSpec.describe Rack::CanonicalHost do
+  let(:app_response) { [200, { 'Content-Type' => 'text/plain' }, %w(OK)] }
   let(:inner_app) { lambda { |env| response } }
 
+  before do
+    allow(inner_app)
+      .to receive(:call)
+      .with(env)
+      .and_return(app_response)
+  end
+
   def build_app(host=nil, options={}, inner_app=inner_app(), &block)
     Rack::Builder.new do
       use Rack::Lint
@@ -19,8 +24,8 @@ describe Rack::CanonicalHost do
       it { should_not be_redirect }
 
       it 'calls the inner app' do
-        expect(inner_app).to receive(:call).with(env).and_return(response)
-        subject
+        expect(inner_app).to receive(:call).with(env)
+        call_app
       end
     end
   end
@@ -29,12 +34,14 @@ describe Rack::CanonicalHost do
     context 'with a request to a non-matching host' do
       let(:url) { 'http://www.example.com/full/path' }
 
-      it { should be_redirect.via(301).to('http://example.com/full/path') }
+      it { should redirect_to('http://example.com/full/path') }
 
       it 'does not call the inner app' do
         expect(inner_app).to_not receive(:call)
-        subject
+        call_app
       end
+
+      it { expect(response).to_not have_header('Cache-Control') }
     end
   end
 
@@ -44,51 +51,70 @@ describe Rack::CanonicalHost do
   end
 
   context '#call' do
-    let(:env) { Rack::MockRequest.env_for(url) }
+    let(:headers) { {} }
 
-    subject { app.call(env) }
+    let(:app) { build_app('example.com') }
+    let(:env) { Rack::MockRequest.env_for(url, headers) }
 
-    context 'without a host' do
-      let(:app) { build_app(nil) }
+    def call_app
+      app.call(env)
+    end
 
-      include_context 'a matching request'
+    subject(:response) { call_app }
+
+    include_context 'a matching request'
+    include_context 'a non-matching request'
+
+    context 'when the request has a pipe in the URL' do
+      let(:url) { 'https://example.com/full/path?value=withPIPE' }
+
+      before { env['QUERY_STRING'].sub!('PIPE', '|') }
+
+      it { expect { call_app }.to_not raise_error }
     end
 
-    context 'with an X-Forwarded-Host' do
+    context 'when the request has JavaScript in the URL' do
+      let(:url) { 'http://www.example.com/full/path' }
+
+      let(:headers) {
+        { 'QUERY_STRING' => '"><script>alert(73541);</script>' }
+      }
+
       let(:app) { build_app('example.com') }
-      let(:url) { 'http://proxied.url/full/path' }
+
+      it 'escapes the JavaScript' do
+        expect(response)
+          .to redirect_to('http://example.com/full/path?%22%3E%3Cscript%3Ealert(73541)%3B%3C/script%3E')
+      end
+    end
+
+    context 'with an X-Forwarded-Host' do
+      let(:url) { 'http://proxy.test/full/path' }
 
       context 'which matches the canonical host' do
-        let(:env) { Rack::MockRequest.env_for(url, 'HTTP_X_FORWARDED_HOST' => 'example.com:80') }
+        let(:headers) { { 'HTTP_X_FORWARDED_HOST' => 'example.com:80' } }
 
         include_context 'a matching request'
       end
 
       context 'which does not match the canonical host' do
-        let(:env) { Rack::MockRequest.env_for(url, 'HTTP_X_FORWARDED_HOST' => 'www.example.com:80') }
+        let(:headers) { { 'HTTP_X_FORWARDED_HOST' => 'www.example.com:80' } }
 
         include_context 'a non-matching request'
       end
     end
 
-    context 'without any options' do
-      let(:app) { build_app('example.com') }
-
-      include_context 'matching and non-matching requests'
-
-      context 'when the request has a pipe in the URL' do
-        let(:url) { 'https://example.com/full/path?value=withPIPE' }
-
-        before { env['QUERY_STRING'].sub!('PIPE', '|') }
+    context 'without a host' do
+      let(:app) { build_app(nil) }
 
-        it { expect { subject }.to_not raise_error }
-      end
+      include_context 'a matching request'
     end
 
     context 'with :ignore option' do
       let(:app) { build_app('example.com', :ignore => 'example.net') }
 
-      include_context 'matching and non-matching requests'
+      include_context 'a matching request'
+      include_context 'a non-matching request'
 
       context 'with a request to an ignored host' do
         let(:url) { 'http://example.net/full/path' }
@@ -96,67 +122,88 @@ describe Rack::CanonicalHost do
         it { should_not be_redirect }
 
         it 'calls the inner app' do
-          expect(inner_app).to receive(:call).with(env).and_return(response)
-          subject
+          expect(inner_app).to receive(:call).with(env)
+          call_app
         end
       end
     end
 
     context 'with :if option' do
-
       let(:app) { build_app('example.com', :if => 'www.example.net') }
 
-      context 'with a request to a :if matching host' do
+      context 'with a request to a matching host' do
         let(:url) { 'http://www.example.net/full/path' }
-        it { should be_redirect.to('http://example.com/full/path') }
+
+        it { should redirect_to('http://example.com/full/path') }
       end
 
-      context 'with a request to a :if non-matching host' do
-        let(:url) { 'http://www.sexample.net/full/path' }
+      context 'with a request to a non-matching host' do
+        let(:url) { 'http://www.example.com/full/path' }
+
         it { should_not be_redirect }
       end
-
     end
 
-    context 'with :if and regexp as an option' do
-
+    context 'with a regular expression :if option' do
       let(:app) { build_app('example.com', :if => /.*\.example\.net/) }
 
-      context 'with a request to a :if matching host' do
+      context 'with a request to a matching host' do
         let(:url) { 'http://subdomain.example.net/full/path' }
-        it { should be_redirect.to('http://example.com/full/path') }
+
+        it { should redirect_to('http://example.com/full/path') }
       end
 
-      context 'with a request to a :if non-matching host' do
+      context 'with a request to a non-matching host' do
         let(:url) { 'http://example.net/full/path' }
+
         it { should_not be_redirect }
       end
+    end
+
+    context 'with a :cache_control option' do
+      let(:url) { 'http://subdomain.example.net/full/path' }
+
+      context 'with a max-age value' do
+        let(:app) {
+          build_app('example.com', :cache_control => 'max-age=3600')
+        }
+
+        it {
+          expect(response).to have_header('Cache-Control').with('max-age=3600')
+        }
+      end
+
+      context 'with a no-cache value' do
+        let(:app) { build_app('example.com', :cache_control => 'no-cache') }
+
+        it { expect(subject).to have_header('Cache-Control').with('no-cache') }
+      end
 
+      context 'with a false value' do
+        let(:app) { build_app('example.com', :cache_control => false) }
+
+        it { expect(subject).to_not have_header('Cache-Control') }
+      end
+
+      context 'with a nil value' do
+        let(:app) { build_app('example.com', :cache_control => false) }
+
+        it { expect(subject).to_not have_header('Cache-Control') }
+      end
     end
 
     context 'with a block' do
       let(:app) { build_app { 'example.com' } }
 
-      include_context 'matching and non-matching requests'
+      include_context 'a matching request'
+      include_context 'a non-matching request'
 
       context 'that returns nil' do
         let(:app) { build_app('example.com') { nil } }
 
-        include_context 'matching and non-matching requests'
-      end
-    end
-
-    context 'with URL containing JavaScript XSS' do
-      let(:url) { 'http://subdomain.example.net/full/path' }
-      let(:env) do
-        Rack::MockRequest.env_for(url).tap do |env|
-          env['QUERY_STRING'] = '"><script>alert(73541);</script>'
-        end
+        include_context 'a matching request'
+        include_context 'a non-matching request'
       end
-
-      let(:app) { build_app('example.com') }
-
-      it { should be_redirect.to('http://example.com/full/path?%22%3E%3Cscript%3Ealert(73541)%3B%3C/script%3E') }
     end
   end
 end

data/spec/support/matchers/have_header.rb

@@ -0,0 +1,56 @@
+module HaveHeader
+  class Matcher
+    def initialize(expected_header)
+      self.expected_header = expected_header
+    end
+
+    def matches?(response)
+      _, self.actual_headers, _ = response
+
+      if expected_value
+        actual_header == expected_value
+      else
+        actual_header
+      end
+    end
+
+    def with(expected_value)
+      self.expected_value = expected_value
+      self
+    end
+
+    def description
+      sentence = "have header #{expected_header.inspect}"
+      sentence << " with #{expected_value.inspect}" if expected_value
+      sentence
+    end
+
+    def failure_message
+      "Expected response to #{description}"
+    end
+
+    def failure_message_when_negated
+      "Did not expect response to #{description}"
+    end
+
+  protected
+
+    attr_accessor :actual_headers
+    attr_accessor :expected_header
+    attr_accessor :expected_value
+
+  private
+
+    def actual_header
+      actual_headers[expected_header]
+    end
+  end
+
+  def have_header(name)
+    Matcher.new(name)
+  end
+end
+
+RSpec.configure do |config|
+  config.include HaveHeader
+end

data/spec/support/matchers/{be_redirect.rb → redirect_to.rb}

@@ -1,36 +1,30 @@
-module BeRedirect
+module RedirectTo
   class Matcher
-    attr :expected_status_code
-    attr :expected_location
-    attr :actual_status_code
-    attr :actual_location
+    def initialize(expected_location)
+      self.expected_location = expected_location
+      self.expected_status_code = STATUS
+    end
 
     def matches?(response)
-      @actual_status_code, headers, _ = response
-      @actual_location = headers['Location']
+      self.actual_status_code, self.actual_headers, _ = response
 
       status_code_matches? && location_matches?
     end
 
     def via(expected_status_code)
-      @expected_status_code = expected_status_code
-      self
-    end
-
-    def to(expected_location)
-      @expected_location = expected_location
+      self.expected_status_code = expected_status_code
       self
     end
 
     def description
       if expected_status_code && expected_location
-        "redirect via #{expected_status_code} to #{expected_location.inspect}"
+        "redirect to #{expected_location.inspect} via #{expected_status_code}"
       elsif expected_status_code
         "redirect via #{expected_status_code}"
       elsif expected_location
         "redirect to #{expected_location.inspect}"
       else
-        "be a redirect"
+        'be a redirect'
       end
     end
 
@@ -42,6 +36,22 @@ module BeRedirect
       "Did not expect response to #{description}"
     end
 
+  protected
+
+    attr_accessor :actual_headers
+    attr_accessor :actual_status_code
+    attr_accessor :expected_location
+    attr_accessor :expected_status_code
+
+  private
+
+    LOCATION = 'Location'
+    STATUS = 301
+
+    def actual_location
+      actual_headers[LOCATION]
+    end
+
     def status_code_matches?
       if expected_status_code
         actual_status_code == expected_status_code
@@ -49,19 +59,23 @@ module BeRedirect
         actual_status_code.to_s =~ /^30[1237]$/
       end
     end
-    private :status_code_matches?
 
     def location_matches?
-      !expected_location || (expected_location == actual_location)
+      if expected_location
+        expected_location == actual_location
+      end
     end
-    private :location_matches?
+  end
+
+  def redirect_to(location)
+    Matcher.new(location)
   end
 
   def be_redirect
-    Matcher.new
+    Matcher.new(nil).via(nil)
   end
 end
 
 RSpec.configure do |config|
-  config.include(BeRedirect)
+  config.include RedirectTo
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: rack-canonical-host
 version: !ruby/object:Gem::Version
-  version: 0.2.1
+  version: 0.2.2
 platform: ruby
 authors:
 - Tyler Hunt
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2016-03-28 00:00:00.000000000 Z
+date: 2016-05-17 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: addressable
@@ -99,7 +99,8 @@ files:
 - rack-canonical-host.gemspec
 - spec/rack/canonical_host_spec.rb
 - spec/spec_helper.rb
-- spec/support/matchers/be_redirect.rb
+- spec/support/matchers/have_header.rb
+- spec/support/matchers/redirect_to.rb
 homepage: http://github.com/tylerhunt/rack-canonical-host
 licenses: []
 metadata: {}
@@ -126,4 +127,5 @@ summary: Rack middleware for defining a canonical host name.
 test_files:
 - spec/rack/canonical_host_spec.rb
 - spec/spec_helper.rb
-- spec/support/matchers/be_redirect.rb
+- spec/support/matchers/have_header.rb
+- spec/support/matchers/redirect_to.rb