rack-csrf-detector 0.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (3) hide show
  1. checksums.yaml +7 -0
  2. data/lib/rack/csrf_detector.rb +61 -0
  3. metadata +47 -0
checksums.yaml ADDED
@@ -0,0 +1,7 @@
1
+ ---
2
+ SHA1:
3
+ metadata.gz: c0dea88d24a9de1ca64da770e521fe4be8195b76
4
+ data.tar.gz: 9cd14e8a69e1ff336b6cbfe0dcee0cdd83e8d895
5
+ SHA512:
6
+ metadata.gz: 0734528033885051d452cc22e3581306ce98f0855b814a6a5836e195c495916cfe7c54716cd04ae3e52817f86c386557bb29f8a7ff0b7e9763020e8e03399e4c
7
+ data.tar.gz: 36f3281606e24d29e4bc706e1355b48e493114986f2e689b23a01728a04201f26f776359380bbc871fe5683a0643191b6b26cc1c0297d9b5cdee9022c57d44f4
data/lib/rack/csrf_detector.rb ADDED
@@ -0,0 +1,61 @@
1
+ module Rack
2
+ class CsrfDetector
3
+ @@bad_count = 0
4
+
5
+ def initialize(app)
6
+ @app = app
7
+ 🙉_activerecord!
8
+ end
9
+
10
+ def call(env)
11
+ @@bad_count = 0
12
+ status, headers, response = @app.call(env)
13
+
14
+ if env['REQUEST_METHOD'] == 'GET' && @@bad_count > 0
15
+ headers["CSRF_WARNING"] = 'yes'
16
+ end
17
+
18
+ [status, headers, response]
19
+ end
20
+
21
+ def self.more_bad!
22
+ @@bad_count += 1
23
+ end
24
+
25
+ private
26
+
27
+ def 🙉_activerecord!
28
+ if ActiveRecord::VERSION::STRING.match(/^4.2/)
29
+ 🙉_activerecord_4_2!
30
+ else
31
+ 🙉_activerecord_4_0!
32
+ end
33
+ end
34
+
35
+ def 🙉_activerecord_4_0!
36
+ require 'active_record/connection_adapters/abstract/transaction'
37
+
38
+ ActiveRecord::ConnectionAdapters::OpenTransaction.class_eval do
39
+ commit_method = instance_method(:commit)
40
+
41
+ define_method :commit do
42
+ Rack::CsrfDetector.more_bad!
43
+ commit_method.bind(self).call
44
+ end
45
+ end
46
+ end
47
+
48
+ def 🙉_activerecord_4_2!
49
+ require 'active_record/connection_adapters/abstract/transaction'
50
+
51
+ ActiveRecord::ConnectionAdapters::Transaction.class_eval do
52
+ commit_method = instance_method(:commit)
53
+
54
+ define_method :commit do
55
+ Rack::CsrfDetector.more_bad!
56
+ commit_method.bind(self).call
57
+ end
58
+ end
59
+ end
60
+ end
61
+ end
metadata ADDED
@@ -0,0 +1,47 @@
1
+ --- !ruby/object:Gem::Specification
2
+ name: rack-csrf-detector
3
+ version: !ruby/object:Gem::Version
4
+ version: 0.1.0
5
+ platform: ruby
6
+ authors:
7
+ - Tommy Murphy
8
+ autorequire:
9
+ bindir: bin
10
+ cert_chain: []
11
+ date: 2015-07-04 00:00:00.000000000 Z
12
+ dependencies: []
13
+ description: |-
14
+ This middleware helps you identify when a GET request results in an
15
+ application state-change
16
+ email: tommy.murphy@gmail.com
17
+ executables: []
18
+ extensions: []
19
+ extra_rdoc_files: []
20
+ files:
21
+ - lib/rack/csrf_detector.rb
22
+ homepage: https://github.com/tam7t/rack-csrf-detector
23
+ licenses:
24
+ - MIT
25
+ metadata: {}
26
+ post_install_message:
27
+ rdoc_options: []
28
+ require_paths:
29
+ - lib
30
+ required_ruby_version: !ruby/object:Gem::Requirement
31
+ requirements:
32
+ - - ">="
33
+ - !ruby/object:Gem::Version
34
+ version: '0'
35
+ required_rubygems_version: !ruby/object:Gem::Requirement
36
+ requirements:
37
+ - - ">="
38
+ - !ruby/object:Gem::Version
39
+ version: '0'
40
+ requirements: []
41
+ rubyforge_project:
42
+ rubygems_version: 2.2.5
43
+ signing_key:
44
+ specification_version: 4
45
+ summary: Automated CSRF detection middleware
46
+ test_files: []
47
+ has_rdoc: