RubyGems - rack-cloudflare_middleware - Versions diffs - 1.1.0 → 1.2.0 - Mend

rack-cloudflare_middleware 1.1.0 → 1.2.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (11) hide show

checksums.yaml +4 -4
data/.github/workflows/ci.yml +5 -5
data/.github/workflows/release.yml +2 -2
data/.pre-commit-config.yaml +1 -1
data/CHANGELOG.md +5 -0
data/Gemfile.lock +18 -10
data/README.md +9 -0
data/lib/rack/cloudflare_middleware/deny_others.rb +3 -2
data/lib/rack/cloudflare_middleware/version.rb +1 -1
data/rack-cloudflare_middleware.gemspec +2 -0
metadata +3 -3

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 1d791a3a095bff874bd6a9f6b400a03d1d9a442417720af6dc504738048f5011
-  data.tar.gz: 75d1b89659db8315982e2ce22020611f4522c9d80b6e25253bf3132d3529babe
+  metadata.gz: 1806fad87fa57e8317ff1937cd2cd45db0bcef1b89aabb7ba1c3d4aa71434d22
+  data.tar.gz: 47811778ab426303239fa18e3e29310e5f212cd54740efc71674061e30787c85
 SHA512:
-  metadata.gz: 0cd8c07c159038648cd922543f0ab50a764ee99075a02fd4a1a2b6b11c5d8f2f53351f71646790e864e0e3e559f7e28256240ee99512f1b99a710b6577eba1ab
-  data.tar.gz: 8fc4cbc087364618a42298f20bc23a6e46be124db6f509ece22ddb5971d1bda081019b2a479cb563bfb40a21e1d11178a686368cb249b19bc2d57c70cab7661c
+  metadata.gz: '084ac8b92afac4bd6aff7435c56a546c3f4faafaf4124d19a3f542fcef07b43b31ffa1222bccc49d46693deb97db5aad3dfd31f1800cc4dcdd1c7475afe0f806'
+  data.tar.gz: a10319a8ec1dabed6022d7efe051b8af63752f134fbafa4c9fc35d3e563780ec3e3d6fb3de26b81ffc637f1ac0c37ae87a6dabae78cbbeadc2a8b0cbb4d37715

data/.github/workflows/ci.yml CHANGED Viewed

@@ -19,9 +19,9 @@ jobs:
         ruby: ["2.7", "3.0", "3.1", "3.2"]
     steps:
       - name: Checkout code
-        uses: actions/checkout@8f4b7f84864484a7bf31766abe9204da3cbe65b3
+        uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab
       - name: Install Ruby and gems
-        uses: ruby/setup-ruby@904f3fef85a9c80a3750cbe7d5159268fd5caa9f
+        uses: ruby/setup-ruby@8a45918450651f5e4784b6031db26f4b9f76b251
         with:
           bundler-cache: true
           ruby-version: ${{ matrix.ruby }}
@@ -35,16 +35,16 @@ jobs:
       contents: read
     steps:
       - name: Checkout code
-        uses: actions/checkout@8f4b7f84864484a7bf31766abe9204da3cbe65b3
+        uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab
       - name: Install Ruby and gems
-        uses: ruby/setup-ruby@904f3fef85a9c80a3750cbe7d5159268fd5caa9f
+        uses: ruby/setup-ruby@8a45918450651f5e4784b6031db26f4b9f76b251
         with:
           bundler-cache: true
           ruby-version: "3.1"
       - name: Bundle Audit Check
         run: bundle exec bundle-audit update && bundle exec bundle-audit check
       - name: Setup Python
-        uses: actions/setup-python@d27e3f3d7c64b4bbf8e4abfb9b63b83e846e0435
+        uses: actions/setup-python@bd6b4b6205c4dbad673328db7b31b7fab9e241c0
         with:
           python-version: "3.10"
       - name: Run pre-commit

data/.github/workflows/release.yml CHANGED Viewed

@@ -7,9 +7,9 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout code
-        uses: actions/checkout@8f4b7f84864484a7bf31766abe9204da3cbe65b3
+        uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab
       - name: Install Ruby and gems
-        uses: ruby/setup-ruby@904f3fef85a9c80a3750cbe7d5159268fd5caa9f
+        uses: ruby/setup-ruby@8a45918450651f5e4784b6031db26f4b9f76b251
         with:
           bundler-cache: true
           ruby-version: "3.2"

data/.pre-commit-config.yaml CHANGED Viewed

@@ -12,6 +12,6 @@ repos:
     exclude: '^spec/data/'
   - id: check-merge-conflict
 - repo: https://github.com/instrumentl/pre-commit-standardrb.git
-  rev: '1ae56c7524a2d48cd2b7ca1f74bdb0cdd454477e'
+  rev: 'b9c5657a92bcc2ebfa9ec295754b0c56877fbed8'
   hooks:
     - id: standardrb

data/CHANGELOG.md CHANGED Viewed

@@ -1,3 +1,8 @@
+v1.2.0 - 2023-06-05
+-------------------
+- Set `required_ruby_version` in the gemspec
+- Add `trusted_request_proc` kwarg to DenyOthers middleware
 v1.1.0 - 2023-03-31
 -------------------
 - Expand requirements to allow using Rack 3.x

data/Gemfile.lock CHANGED Viewed

@@ -1,7 +1,7 @@
 PATH
   remote: .
   specs:
-    rack-cloudflare_middleware (1.1.0)
+    rack-cloudflare_middleware (1.2.0)
       faraday (>= 1.0, < 3)
       rack (>= 2, < 4)
@@ -20,16 +20,17 @@ GEM
     crack (0.4.5)
       rexml
     diff-lcs (1.5.0)
-    faraday (2.7.4)
+    faraday (2.7.5)
       faraday-net_http (>= 2.0, < 3.1)
       ruby2_keywords (>= 0.0.4)
     faraday-net_http (3.0.2)
     hashdiff (1.0.1)
     json (2.6.3)
     language_server-protocol (3.17.0.3)
+    lint_roller (1.0.0)
     method_source (1.0.0)
-    parallel (1.22.1)
-    parser (3.2.1.1)
+    parallel (1.23.0)
+    parser (3.2.2.1)
       ast (~> 2.4.1)
     pry (0.14.2)
       coderay (~> 1.1)
@@ -40,7 +41,7 @@ GEM
       rack (>= 1.3)
     rainbow (3.1.1)
     rake (13.0.6)
-    regexp_parser (2.7.0)
+    regexp_parser (2.8.0)
     rexml (3.2.5)
     rspec (3.12.0)
       rspec-core (~> 3.12.0)
@@ -58,26 +59,33 @@ GEM
       diff-lcs (>= 1.2.0, < 2.0)
       rspec-support (~> 3.12.0)
     rspec-support (3.12.0)
-    rubocop (1.48.1)
+    rubocop (1.50.2)
       json (~> 2.3)
       parallel (~> 1.10)
       parser (>= 3.2.0.0)
       rainbow (>= 2.2.2, < 4.0)
       regexp_parser (>= 1.8, < 3.0)
       rexml (>= 3.2.5, < 4.0)
-      rubocop-ast (>= 1.26.0, < 2.0)
+      rubocop-ast (>= 1.28.0, < 2.0)
       ruby-progressbar (~> 1.7)
       unicode-display_width (>= 2.4.0, < 3.0)
-    rubocop-ast (1.28.0)
+    rubocop-ast (1.28.1)
       parser (>= 3.2.1.0)
     rubocop-performance (1.16.0)
       rubocop (>= 1.7.0, < 2.0)
       rubocop-ast (>= 0.4.0)
     ruby-progressbar (1.13.0)
     ruby2_keywords (0.0.5)
-    standard (1.25.3)
+    standard (1.28.4)
       language_server-protocol (~> 3.17.0.2)
-      rubocop (~> 1.48.1)
+      lint_roller (~> 1.0)
+      rubocop (~> 1.50.2)
+      standard-custom (~> 1.0.0)
+      standard-performance (~> 1.0.1)
+    standard-custom (1.0.0)
+      lint_roller (~> 1.0)
+    standard-performance (1.0.1)
+      lint_roller (~> 1.0)
       rubocop-performance (~> 1.16.0)
     thor (1.2.1)
     unicode-display_width (2.4.2)

data/README.md CHANGED Viewed

@@ -42,4 +42,13 @@ use Rack::CloudflareMiddleware::DenyOthers, on_fail_proc: ->(env) do
 end
 ```
+`DenyOthers` also takes a `trusted_request_proc` which receives a `Rack::Request` object and should return a boolean of whether or not the request is to be allowed through regardless of Source IP. This is primarily intended for healthchecks. Example usage:
+```ruby
+require "rack/cloudflare_middleware"
+use Rack::CloudflareMiddleware::DenyOthers, trusted_request_proc: ->(request) do
+  request.path.start_with? "/health/check"
+end
+```
 Both middlewares also include a convenience called `trust_xff_if_private` mode; this will change them to use the right-most contents of `X-Forwarded-For` as `REMOTE_ADDR` if and only if the actual `REMOTE_ADDR` is a private address. This is a moderately-unsafe option, but may be required if your application provider has made poor choices in routing technologies (and, for example, is required on Heroku). If you're in this state, you should tell your provider to use the PROXY protocol internally instead of `X-Forwarded-For`. There have been many security issues related to Heroku's poor parsing of `X-Forwarded-For` in their router/load-balancer layer, and may be more in the future.

data/lib/rack/cloudflare_middleware/deny_others.rb CHANGED Viewed

@@ -3,8 +3,9 @@
 module Rack
   module CloudflareMiddleware
     class DenyOthers
-      def initialize(app, allow_private: false, on_fail_proc: nil, trust_xff_if_private: false)
+      def initialize(app, allow_private: false, trusted_request_proc: nil, on_fail_proc: nil, trust_xff_if_private: false)
         @allow_private = allow_private
+        @trusted_request_proc = trusted_request_proc
         @on_fail_proc = on_fail_proc
         @trust_xff_if_private = trust_xff_if_private
         @app = app
@@ -13,7 +14,7 @@ module Rack
       def call(env)
         TrustedIps.instance.check_update
         remote_addr = Rack::CloudflareMiddleware.get_remote_addr(env, @trust_xff_if_private)
-        if (@allow_private && (remote_addr.private? || remote_addr.loopback?)) || TrustedIps.instance.include?(remote_addr)
+        if (@allow_private && (remote_addr.private? || remote_addr.loopback?)) || TrustedIps.instance.include?(remote_addr) || @trusted_request_proc&.call(Rack::Request.new(env))
           @app.call(env)
         elsif @on_fail_proc.nil?
           default_on_fail(remote_addr)

data/lib/rack/cloudflare_middleware/version.rb CHANGED Viewed

@@ -2,6 +2,6 @@
 module Rack
   module CloudflareMiddleware
-    VERSION = "1.1.0"
+    VERSION = "1.2.0"
   end
 end

data/rack-cloudflare_middleware.gemspec CHANGED Viewed

@@ -21,6 +21,8 @@ Gem::Specification.new do |spec|
   end
   spec.require_paths = ["lib"]
+  spec.required_ruby_version = ">= 2.7"
   spec.add_dependency "faraday", ">= 1.0", "< 3"
   spec.add_dependency "rack", ">= 2", "< 4"

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: rack-cloudflare_middleware
 version: !ruby/object:Gem::Version
-  version: 1.1.0
+  version: 1.2.0
 platform: ruby
 authors:
 - James Brown
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2023-03-31 00:00:00.000000000 Z
+date: 2023-06-06 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: faraday
@@ -144,7 +144,7 @@ required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
-      version: '0'
+      version: '2.7'
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="