rack-cloudflare_middleware 1.1.0 → 1.2.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 1d791a3a095bff874bd6a9f6b400a03d1d9a442417720af6dc504738048f5011
4
- data.tar.gz: 75d1b89659db8315982e2ce22020611f4522c9d80b6e25253bf3132d3529babe
3
+ metadata.gz: 1806fad87fa57e8317ff1937cd2cd45db0bcef1b89aabb7ba1c3d4aa71434d22
4
+ data.tar.gz: 47811778ab426303239fa18e3e29310e5f212cd54740efc71674061e30787c85
5
5
  SHA512:
6
- metadata.gz: 0cd8c07c159038648cd922543f0ab50a764ee99075a02fd4a1a2b6b11c5d8f2f53351f71646790e864e0e3e559f7e28256240ee99512f1b99a710b6577eba1ab
7
- data.tar.gz: 8fc4cbc087364618a42298f20bc23a6e46be124db6f509ece22ddb5971d1bda081019b2a479cb563bfb40a21e1d11178a686368cb249b19bc2d57c70cab7661c
6
+ metadata.gz: '084ac8b92afac4bd6aff7435c56a546c3f4faafaf4124d19a3f542fcef07b43b31ffa1222bccc49d46693deb97db5aad3dfd31f1800cc4dcdd1c7475afe0f806'
7
+ data.tar.gz: a10319a8ec1dabed6022d7efe051b8af63752f134fbafa4c9fc35d3e563780ec3e3d6fb3de26b81ffc637f1ac0c37ae87a6dabae78cbbeadc2a8b0cbb4d37715
@@ -19,9 +19,9 @@ jobs:
19
19
  ruby: ["2.7", "3.0", "3.1", "3.2"]
20
20
  steps:
21
21
  - name: Checkout code
22
- uses: actions/checkout@8f4b7f84864484a7bf31766abe9204da3cbe65b3
22
+ uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab
23
23
  - name: Install Ruby and gems
24
- uses: ruby/setup-ruby@904f3fef85a9c80a3750cbe7d5159268fd5caa9f
24
+ uses: ruby/setup-ruby@8a45918450651f5e4784b6031db26f4b9f76b251
25
25
  with:
26
26
  bundler-cache: true
27
27
  ruby-version: ${{ matrix.ruby }}
@@ -35,16 +35,16 @@ jobs:
35
35
  contents: read
36
36
  steps:
37
37
  - name: Checkout code
38
- uses: actions/checkout@8f4b7f84864484a7bf31766abe9204da3cbe65b3
38
+ uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab
39
39
  - name: Install Ruby and gems
40
- uses: ruby/setup-ruby@904f3fef85a9c80a3750cbe7d5159268fd5caa9f
40
+ uses: ruby/setup-ruby@8a45918450651f5e4784b6031db26f4b9f76b251
41
41
  with:
42
42
  bundler-cache: true
43
43
  ruby-version: "3.1"
44
44
  - name: Bundle Audit Check
45
45
  run: bundle exec bundle-audit update && bundle exec bundle-audit check
46
46
  - name: Setup Python
47
- uses: actions/setup-python@d27e3f3d7c64b4bbf8e4abfb9b63b83e846e0435
47
+ uses: actions/setup-python@bd6b4b6205c4dbad673328db7b31b7fab9e241c0
48
48
  with:
49
49
  python-version: "3.10"
50
50
  - name: Run pre-commit
@@ -7,9 +7,9 @@ jobs:
7
7
  runs-on: ubuntu-latest
8
8
  steps:
9
9
  - name: Checkout code
10
- uses: actions/checkout@8f4b7f84864484a7bf31766abe9204da3cbe65b3
10
+ uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab
11
11
  - name: Install Ruby and gems
12
- uses: ruby/setup-ruby@904f3fef85a9c80a3750cbe7d5159268fd5caa9f
12
+ uses: ruby/setup-ruby@8a45918450651f5e4784b6031db26f4b9f76b251
13
13
  with:
14
14
  bundler-cache: true
15
15
  ruby-version: "3.2"
@@ -12,6 +12,6 @@ repos:
12
12
  exclude: '^spec/data/'
13
13
  - id: check-merge-conflict
14
14
  - repo: https://github.com/instrumentl/pre-commit-standardrb.git
15
- rev: '1ae56c7524a2d48cd2b7ca1f74bdb0cdd454477e'
15
+ rev: 'b9c5657a92bcc2ebfa9ec295754b0c56877fbed8'
16
16
  hooks:
17
17
  - id: standardrb
data/CHANGELOG.md CHANGED
@@ -1,3 +1,8 @@
1
+ v1.2.0 - 2023-06-05
2
+ -------------------
3
+ - Set `required_ruby_version` in the gemspec
4
+ - Add `trusted_request_proc` kwarg to DenyOthers middleware
5
+
1
6
  v1.1.0 - 2023-03-31
2
7
  -------------------
3
8
  - Expand requirements to allow using Rack 3.x
data/Gemfile.lock CHANGED
@@ -1,7 +1,7 @@
1
1
  PATH
2
2
  remote: .
3
3
  specs:
4
- rack-cloudflare_middleware (1.1.0)
4
+ rack-cloudflare_middleware (1.2.0)
5
5
  faraday (>= 1.0, < 3)
6
6
  rack (>= 2, < 4)
7
7
 
@@ -20,16 +20,17 @@ GEM
20
20
  crack (0.4.5)
21
21
  rexml
22
22
  diff-lcs (1.5.0)
23
- faraday (2.7.4)
23
+ faraday (2.7.5)
24
24
  faraday-net_http (>= 2.0, < 3.1)
25
25
  ruby2_keywords (>= 0.0.4)
26
26
  faraday-net_http (3.0.2)
27
27
  hashdiff (1.0.1)
28
28
  json (2.6.3)
29
29
  language_server-protocol (3.17.0.3)
30
+ lint_roller (1.0.0)
30
31
  method_source (1.0.0)
31
- parallel (1.22.1)
32
- parser (3.2.1.1)
32
+ parallel (1.23.0)
33
+ parser (3.2.2.1)
33
34
  ast (~> 2.4.1)
34
35
  pry (0.14.2)
35
36
  coderay (~> 1.1)
@@ -40,7 +41,7 @@ GEM
40
41
  rack (>= 1.3)
41
42
  rainbow (3.1.1)
42
43
  rake (13.0.6)
43
- regexp_parser (2.7.0)
44
+ regexp_parser (2.8.0)
44
45
  rexml (3.2.5)
45
46
  rspec (3.12.0)
46
47
  rspec-core (~> 3.12.0)
@@ -58,26 +59,33 @@ GEM
58
59
  diff-lcs (>= 1.2.0, < 2.0)
59
60
  rspec-support (~> 3.12.0)
60
61
  rspec-support (3.12.0)
61
- rubocop (1.48.1)
62
+ rubocop (1.50.2)
62
63
  json (~> 2.3)
63
64
  parallel (~> 1.10)
64
65
  parser (>= 3.2.0.0)
65
66
  rainbow (>= 2.2.2, < 4.0)
66
67
  regexp_parser (>= 1.8, < 3.0)
67
68
  rexml (>= 3.2.5, < 4.0)
68
- rubocop-ast (>= 1.26.0, < 2.0)
69
+ rubocop-ast (>= 1.28.0, < 2.0)
69
70
  ruby-progressbar (~> 1.7)
70
71
  unicode-display_width (>= 2.4.0, < 3.0)
71
- rubocop-ast (1.28.0)
72
+ rubocop-ast (1.28.1)
72
73
  parser (>= 3.2.1.0)
73
74
  rubocop-performance (1.16.0)
74
75
  rubocop (>= 1.7.0, < 2.0)
75
76
  rubocop-ast (>= 0.4.0)
76
77
  ruby-progressbar (1.13.0)
77
78
  ruby2_keywords (0.0.5)
78
- standard (1.25.3)
79
+ standard (1.28.4)
79
80
  language_server-protocol (~> 3.17.0.2)
80
- rubocop (~> 1.48.1)
81
+ lint_roller (~> 1.0)
82
+ rubocop (~> 1.50.2)
83
+ standard-custom (~> 1.0.0)
84
+ standard-performance (~> 1.0.1)
85
+ standard-custom (1.0.0)
86
+ lint_roller (~> 1.0)
87
+ standard-performance (1.0.1)
88
+ lint_roller (~> 1.0)
81
89
  rubocop-performance (~> 1.16.0)
82
90
  thor (1.2.1)
83
91
  unicode-display_width (2.4.2)
data/README.md CHANGED
@@ -42,4 +42,13 @@ use Rack::CloudflareMiddleware::DenyOthers, on_fail_proc: ->(env) do
42
42
  end
43
43
  ```
44
44
 
45
+ `DenyOthers` also takes a `trusted_request_proc` which receives a `Rack::Request` object and should return a boolean of whether or not the request is to be allowed through regardless of Source IP. This is primarily intended for healthchecks. Example usage:
46
+
47
+ ```ruby
48
+ require "rack/cloudflare_middleware"
49
+ use Rack::CloudflareMiddleware::DenyOthers, trusted_request_proc: ->(request) do
50
+ request.path.start_with? "/health/check"
51
+ end
52
+ ```
53
+
45
54
  Both middlewares also include a convenience called `trust_xff_if_private` mode; this will change them to use the right-most contents of `X-Forwarded-For` as `REMOTE_ADDR` if and only if the actual `REMOTE_ADDR` is a private address. This is a moderately-unsafe option, but may be required if your application provider has made poor choices in routing technologies (and, for example, is required on Heroku). If you're in this state, you should tell your provider to use the PROXY protocol internally instead of `X-Forwarded-For`. There have been many security issues related to Heroku's poor parsing of `X-Forwarded-For` in their router/load-balancer layer, and may be more in the future.
@@ -3,8 +3,9 @@
3
3
  module Rack
4
4
  module CloudflareMiddleware
5
5
  class DenyOthers
6
- def initialize(app, allow_private: false, on_fail_proc: nil, trust_xff_if_private: false)
6
+ def initialize(app, allow_private: false, trusted_request_proc: nil, on_fail_proc: nil, trust_xff_if_private: false)
7
7
  @allow_private = allow_private
8
+ @trusted_request_proc = trusted_request_proc
8
9
  @on_fail_proc = on_fail_proc
9
10
  @trust_xff_if_private = trust_xff_if_private
10
11
  @app = app
@@ -13,7 +14,7 @@ module Rack
13
14
  def call(env)
14
15
  TrustedIps.instance.check_update
15
16
  remote_addr = Rack::CloudflareMiddleware.get_remote_addr(env, @trust_xff_if_private)
16
- if (@allow_private && (remote_addr.private? || remote_addr.loopback?)) || TrustedIps.instance.include?(remote_addr)
17
+ if (@allow_private && (remote_addr.private? || remote_addr.loopback?)) || TrustedIps.instance.include?(remote_addr) || @trusted_request_proc&.call(Rack::Request.new(env))
17
18
  @app.call(env)
18
19
  elsif @on_fail_proc.nil?
19
20
  default_on_fail(remote_addr)
@@ -2,6 +2,6 @@
2
2
 
3
3
  module Rack
4
4
  module CloudflareMiddleware
5
- VERSION = "1.1.0"
5
+ VERSION = "1.2.0"
6
6
  end
7
7
  end
@@ -21,6 +21,8 @@ Gem::Specification.new do |spec|
21
21
  end
22
22
  spec.require_paths = ["lib"]
23
23
 
24
+ spec.required_ruby_version = ">= 2.7"
25
+
24
26
  spec.add_dependency "faraday", ">= 1.0", "< 3"
25
27
  spec.add_dependency "rack", ">= 2", "< 4"
26
28
 
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: rack-cloudflare_middleware
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.1.0
4
+ version: 1.2.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - James Brown
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2023-03-31 00:00:00.000000000 Z
11
+ date: 2023-06-06 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: faraday
@@ -144,7 +144,7 @@ required_ruby_version: !ruby/object:Gem::Requirement
144
144
  requirements:
145
145
  - - ">="
146
146
  - !ruby/object:Gem::Version
147
- version: '0'
147
+ version: '2.7'
148
148
  required_rubygems_version: !ruby/object:Gem::Requirement
149
149
  requirements:
150
150
  - - ">="