rack-policy 0.1.0

Sign up to get free protection for your applications and to get access to all the features.
@@ -0,0 +1,18 @@
1
+ *.gem
2
+ *.rbc
3
+ .bundle
4
+ .config
5
+ .yardoc
6
+ Gemfile.lock
7
+ InstalledFiles
8
+ _yardoc
9
+ coverage
10
+ doc/
11
+ lib/bundler/man
12
+ pkg
13
+ rdoc
14
+ spec/reports
15
+ test/tmp
16
+ test/version_tmp
17
+ tmp
18
+ *.swp
data/.rspec ADDED
@@ -0,0 +1 @@
1
+ --color
data/.rvmrc ADDED
@@ -0,0 +1,34 @@
1
+ #!/usr/bin/env bash
2
+
3
+ environment_id="1.9.3@rack-policy"
4
+
5
+ #
6
+ # First we attempt to load the desired environment directly from the environment
7
+ # file. This is very fast and efficient compared to running through the entire
8
+ # CLI and selector. If you want feedback on which environment was used then
9
+ # insert the word 'use' after --create as this triggers verbose mode.
10
+ #
11
+ if [[ -d "${rvm_path:-$HOME/.rvm}/environments" \
12
+ && -s "${rvm_path:-$HOME/.rvm}/environments/$environment_id" ]]
13
+ then
14
+ \. "${rvm_path:-$HOME/.rvm}/environments/$environment_id"
15
+
16
+ if [[ -s "${rvm_path:-$HOME/.rvm}/hooks/after_use" ]]
17
+ then
18
+ . "${rvm_path:-$HOME/.rvm}/hooks/after_use"
19
+ fi
20
+ else
21
+ # If the environment file has not yet been created, use the RVM CLI to select.
22
+ if ! rvm --create "$environment_id"
23
+ then
24
+ echo "Failed to create RVM environment '${environment_id}'."
25
+ return 1
26
+ fi
27
+ fi
28
+
29
+ if [[ $- == *i* ]] # check for interactive shells
30
+ then
31
+ echo "Using: $(tput setaf 2)$GEM_HOME$(tput sgr0)" # show the user the ruby and gemset they are using in green
32
+ else
33
+ echo "Using: $GEM_HOME" # don't use colors in interactive shells
34
+ fi
@@ -0,0 +1,9 @@
1
+ ---
2
+ rvm:
3
+ - 1.8.7
4
+ - 1.9.2
5
+ - 1.9.3
6
+ - rbx-18mode
7
+ - rbx-19mode
8
+ - jruby
9
+ - ruby-head
data/Gemfile ADDED
@@ -0,0 +1,4 @@
1
+ source 'https://rubygems.org'
2
+
3
+ # Specify your gem's dependencies in rack-policy.gemspec
4
+ gemspec
data/LICENSE ADDED
@@ -0,0 +1,22 @@
1
+ Copyright (c) 2012 Piotr Murach
2
+
3
+ MIT License
4
+
5
+ Permission is hereby granted, free of charge, to any person obtaining
6
+ a copy of this software and associated documentation files (the
7
+ "Software"), to deal in the Software without restriction, including
8
+ without limitation the rights to use, copy, modify, merge, publish,
9
+ distribute, sublicense, and/or sell copies of the Software, and to
10
+ permit persons to whom the Software is furnished to do so, subject to
11
+ the following conditions:
12
+
13
+ The above copyright notice and this permission notice shall be
14
+ included in all copies or substantial portions of the Software.
15
+
16
+ THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
17
+ EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
18
+ MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
19
+ NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
20
+ LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
21
+ OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
22
+ WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
@@ -0,0 +1,99 @@
1
+ # Rack-Policy
2
+ [![Build Status](https://secure.travis-ci.org/peter-murach/rack-policy.png?branch=master)][travis] [![Dependency Status](https://gemnasium.com/peter-murach/rack-policy.png?travis)][gemnasium]
3
+
4
+ [travis]: http://travis-ci.org/peter-murach/rack-policy
5
+ [gemnasium]: https://gemnasium.com/peter-murach/rack-policy
6
+
7
+ This is Rack middleware that makes your app compliant with the 'EU ePrivacy Directive'
8
+ whereby a user needs to provide implied consent before any data can be stored on his
9
+ machine.
10
+
11
+ ## Installation
12
+
13
+ Add this line to your application's Gemfile:
14
+
15
+ gem 'rack-policy'
16
+
17
+ And then execute:
18
+
19
+ $ bundle
20
+
21
+ Or install it yourself as:
22
+
23
+ $ gem install rack-policy
24
+
25
+ ## Usage
26
+
27
+ By default when the Rack application is loaded no cookies will be set(provided no session cookies already exist), and any existing session cookies will be destroyed. Throughout the request cycle cookies now won't be set until the user has given explicit consent. This can be controlled by setting consent token
28
+
29
+ ```ruby
30
+ Rack::Policy::CookieLimiter consent_token: 'allow_me'
31
+ ```
32
+
33
+ ## Examples
34
+
35
+ ### Rails 3.x
36
+
37
+ ```ruby
38
+ # config/application.rb
39
+ require 'rack/policy'
40
+
41
+ class Application < Rails::Application
42
+ config.middleware.use Rack::Policy::CookieLimiter consent_token: 'rack.policy'
43
+ end
44
+ ```
45
+
46
+ And then in your custome controller create actions responsible for setting and unsetting cookie policy
47
+
48
+ ```ruby
49
+ class CookiePolicyController < ApplicationController
50
+ def allow
51
+ cookies[:consent_token] = {
52
+ value: 'true',
53
+ expires: 1.year.from_now.utc
54
+ }
55
+ end
56
+
57
+ def deny
58
+ cookies[:consent_token] = {
59
+ value: '',
60
+ expires: Time.at(0)
61
+ }
62
+ end
63
+ end
64
+ ```
65
+
66
+ ### Rails 2.x
67
+
68
+ ```ruby
69
+ # config/environment
70
+
71
+ Rails::Initializer.run do |config|
72
+ config.middleware.use Rack::Policy::Cookie :consent_token => 'rack.policy'
73
+ end
74
+ ```
75
+
76
+ Set and unset cookie consent in similar way to Rails 3.x example.
77
+
78
+ ### Sinatra
79
+
80
+ ```ruby
81
+ require 'sinatra'
82
+ require 'rack/policy'
83
+
84
+ use Rack::Policy::CookieLimiter consent_token: 'rack.policy'
85
+
86
+ get('/hello') { "Hello world" }
87
+
88
+ get('/allow') { }
89
+ ```
90
+
91
+ ### Rackup app
92
+
93
+ ## Contributing
94
+
95
+ 1. Fork it
96
+ 2. Create your feature branch (`git checkout -b my-new-feature`)
97
+ 3. Commit your changes (`git commit -am 'Added some feature'`)
98
+ 4. Push to the branch (`git push origin my-new-feature`)
99
+ 5. Create new Pull Request
@@ -0,0 +1,9 @@
1
+ #!/usr/bin/env rake
2
+ require "bundler/gem_tasks"
3
+ require "rspec/core/rake_task"
4
+
5
+ RSpec::Core::RakeTask.new(:spec) do |spec|
6
+ spec.pattern = FileList['spec/**/*_spec.rb']
7
+ end
8
+
9
+ task :default => :spec
@@ -0,0 +1 @@
1
+ require 'rack/policy'
@@ -0,0 +1,12 @@
1
+ # -*- encoding: utf-8 -*-
2
+
3
+ require 'rack'
4
+
5
+ module Rack
6
+ module Policy
7
+
8
+ autoload :CookieLimiter, 'rack/policy/cookie_limiter'
9
+ autoload :Version, 'rack/policy/version'
10
+
11
+ end # Policy
12
+ end # Rack
@@ -0,0 +1,76 @@
1
+ # -*- encoding: utf-8 -*-
2
+
3
+ module Rack
4
+ module Policy
5
+ class CookieLimiter
6
+ include ::Rack::Utils
7
+
8
+ SET_COOKIE = "Set-Cookie".freeze
9
+ CACHE_CONTROL = "Cache-Control".freeze
10
+ CONSENT_TOKEN = "cookie_limiter".freeze
11
+
12
+ attr_reader :app
13
+ attr_reader :options
14
+ attr_accessor :headers
15
+
16
+ def initialize(app, options={})
17
+ @app, @options = app, options
18
+ end
19
+
20
+ def consent_token
21
+ @consent_token ||= options[:consent_token] || CONSENT_TOKEN
22
+ end
23
+
24
+ def expires
25
+ Time.parse(options[:expires]) if options[:expires]
26
+ end
27
+
28
+ def call(env)
29
+ status, headers, body = app.call(env)
30
+ self.headers = headers
31
+ clear_cookies! unless allowed?
32
+ [status, headers, body]
33
+ end
34
+
35
+ def allowed?
36
+ if parse_cookies.has_key?(consent_token)
37
+ true
38
+ else
39
+ false
40
+ end
41
+ end
42
+
43
+ protected
44
+
45
+ # Returns the response cookies converted to Hash
46
+ def parse_cookies
47
+ cookies = {}
48
+ if header = headers[SET_COOKIE]
49
+ header = header.split("\n") if header.respond_to?(:to_str)
50
+ header.each do |cookie|
51
+ if pair = cookie.split(';').first
52
+ key, value = pair.split('=').map { |v| ::Rack::Utils.unescape(v) }
53
+ cookies[key] = value
54
+ end
55
+ end
56
+ end
57
+ cookies
58
+ end
59
+
60
+ def clear_cookies!
61
+ headers.delete(SET_COOKIE)
62
+ revalidate_cache!
63
+ headers
64
+ end
65
+
66
+ def revalidate_cache!
67
+ headers.merge!({ CACHE_CONTROL => 'must-revalidate, max-age=0' })
68
+ end
69
+
70
+ def set_cookie(key, value)
71
+ ::Rack::Utils.set_cookie_header!(headers, key, value)
72
+ end
73
+
74
+ end # CookieLimiter
75
+ end # Policy
76
+ end # Rack
@@ -0,0 +1,7 @@
1
+ # -*- encoding: utf-8 -*-
2
+
3
+ module Rack
4
+ module Policy
5
+ VERSION = "0.1.0"
6
+ end
7
+ end
@@ -0,0 +1,23 @@
1
+ # -*- encoding: utf-8 -*-
2
+ require File.expand_path('../lib/rack/policy/version', __FILE__)
3
+
4
+ Gem::Specification.new do |gem|
5
+ gem.authors = ["Piotr Murach"]
6
+ gem.email = [""]
7
+ gem.description = %q{This is Rack middleware that makes your app compliant with the 'EU ePrivacy Directive'}
8
+ gem.summary = %q{This is Rack middleware that makes your app compliant with the 'EU ePrivacy Directive' whereby a user needs to provide implied consent before any data can be stored on his machine.}
9
+ gem.homepage = "https://github.com/peter-murach/rack-policy"
10
+
11
+ gem.files = `git ls-files`.split($\)
12
+ gem.executables = gem.files.grep(%r{^bin/}).map{ |f| File.basename(f) }
13
+ gem.test_files = gem.files.grep(%r{^(test|spec|features)/})
14
+ gem.name = "rack-policy"
15
+ gem.require_paths = ["lib"]
16
+ gem.version = Rack::Policy::VERSION
17
+
18
+ gem.add_dependency 'rack', '~> 1.1'
19
+
20
+ gem.add_development_dependency 'rack-test'
21
+ gem.add_development_dependency 'rspec'
22
+ gem.add_development_dependency 'rake'
23
+ end
@@ -0,0 +1,49 @@
1
+ require File.expand_path('../spec_helper.rb', __FILE__)
2
+
3
+ describe Rack::Policy::CookieLimiter do
4
+
5
+ it 'preserves normal requests' do
6
+ get('/').should be_ok
7
+ last_response.body.should == 'ok'
8
+ end
9
+
10
+ it "does not meter where the middleware is inserted"
11
+
12
+ context 'no consent' do
13
+ it 'removes cookie session header' do
14
+ mock_app with_headers('Set-Cookie' => "google=bot")
15
+ get '/'
16
+ last_response.should be_ok
17
+ last_response.headers['Set-Cookie'].should be_nil
18
+ end
19
+
20
+ it 'revalidates caches' do
21
+ mock_app with_headers('Set-Cookie' => "google=bot")
22
+ get '/'
23
+ last_response.should be_ok
24
+ last_response.headers['Cache-control'].should_not be_nil
25
+ end
26
+ end
27
+
28
+ context 'with consent' do
29
+ it 'preserves cookie header' do
30
+ mock_app with_headers('Set-Cookie' => "cookie_limiter=true; path=/;")
31
+ get '/'
32
+ last_response.should be_ok
33
+ last_response.headers['Set-Cookie'].should_not be_nil
34
+ end
35
+
36
+ it 'sets consent cookie' do
37
+ mock_app with_headers('Set-Cookie' => "cookie_limiter=true; path=/;")
38
+ get '/'
39
+ last_response.headers['Set-Cookie'].should =~ /cookie_limiter/
40
+ end
41
+
42
+ it 'preserves other session cookies' do
43
+ mock_app with_headers('Set-Cookie' => "cookie_limiter=true; path=/;\ngithub.com=bot")
44
+ get '/'
45
+ last_response.headers['Set-Cookie'].should =~ /github.com=bot/
46
+ end
47
+ end
48
+
49
+ end # Rack::Policy::CookieLimiter
@@ -0,0 +1,45 @@
1
+ require 'rubygems'
2
+
3
+ $LOAD_PATH.unshift(File.join(File.dirname(__FILE__), '..', 'lib'))
4
+ $LOAD_PATH.unshift(File.dirname(__FILE__))
5
+
6
+ require 'rspec'
7
+ require 'rack/test'
8
+ require 'rack/policy'
9
+
10
+ module DummyApp
11
+ def self.call(env)
12
+ Thread.current[:last_env] = env
13
+ [200, {'Content-Type' => 'text/plain'}, ['ok']]
14
+ end
15
+ end
16
+
17
+ module TestHelpers
18
+ def app
19
+ @app || mock_app(DummyApp)
20
+ end
21
+
22
+ def mock_app(app=nil, &block)
23
+ app = block if app.nil? and block.arity == 1
24
+ if app
25
+ klass = described_class
26
+ mock_app do
27
+ use klass
28
+ run app
29
+ end
30
+ else
31
+ @app = Rack::Lint.new Rack::Builder.new(&block).to_app
32
+ end
33
+ end
34
+
35
+ def with_headers(headers)
36
+ proc { [200, {'Content-Type' => 'text/plain' }.merge(headers), ['ok']] }
37
+ end
38
+ end
39
+
40
+ RSpec.configure do |config|
41
+ config.order = :rand
42
+ config.expect_with :rspec, :stdlib
43
+ config.include Rack::Test::Methods
44
+ config.include TestHelpers
45
+ end
metadata ADDED
@@ -0,0 +1,109 @@
1
+ --- !ruby/object:Gem::Specification
2
+ name: rack-policy
3
+ version: !ruby/object:Gem::Version
4
+ version: 0.1.0
5
+ prerelease:
6
+ platform: ruby
7
+ authors:
8
+ - Piotr Murach
9
+ autorequire:
10
+ bindir: bin
11
+ cert_chain: []
12
+ date: 2012-06-23 00:00:00.000000000 Z
13
+ dependencies:
14
+ - !ruby/object:Gem::Dependency
15
+ name: rack
16
+ requirement: &2160301740 !ruby/object:Gem::Requirement
17
+ none: false
18
+ requirements:
19
+ - - ~>
20
+ - !ruby/object:Gem::Version
21
+ version: '1.1'
22
+ type: :runtime
23
+ prerelease: false
24
+ version_requirements: *2160301740
25
+ - !ruby/object:Gem::Dependency
26
+ name: rack-test
27
+ requirement: &2160301320 !ruby/object:Gem::Requirement
28
+ none: false
29
+ requirements:
30
+ - - ! '>='
31
+ - !ruby/object:Gem::Version
32
+ version: '0'
33
+ type: :development
34
+ prerelease: false
35
+ version_requirements: *2160301320
36
+ - !ruby/object:Gem::Dependency
37
+ name: rspec
38
+ requirement: &2160300860 !ruby/object:Gem::Requirement
39
+ none: false
40
+ requirements:
41
+ - - ! '>='
42
+ - !ruby/object:Gem::Version
43
+ version: '0'
44
+ type: :development
45
+ prerelease: false
46
+ version_requirements: *2160300860
47
+ - !ruby/object:Gem::Dependency
48
+ name: rake
49
+ requirement: &2160300240 !ruby/object:Gem::Requirement
50
+ none: false
51
+ requirements:
52
+ - - ! '>='
53
+ - !ruby/object:Gem::Version
54
+ version: '0'
55
+ type: :development
56
+ prerelease: false
57
+ version_requirements: *2160300240
58
+ description: This is Rack middleware that makes your app compliant with the 'EU ePrivacy
59
+ Directive'
60
+ email:
61
+ - ''
62
+ executables: []
63
+ extensions: []
64
+ extra_rdoc_files: []
65
+ files:
66
+ - .gitignore
67
+ - .rspec
68
+ - .rvmrc
69
+ - .travis.yml
70
+ - Gemfile
71
+ - LICENSE
72
+ - README.md
73
+ - Rakefile
74
+ - lib/rack-policy.rb
75
+ - lib/rack/policy.rb
76
+ - lib/rack/policy/cookie_limiter.rb
77
+ - lib/rack/policy/version.rb
78
+ - rack-policy.gemspec
79
+ - spec/cookie_limiter_spec.rb
80
+ - spec/spec_helper.rb
81
+ homepage: https://github.com/peter-murach/rack-policy
82
+ licenses: []
83
+ post_install_message:
84
+ rdoc_options: []
85
+ require_paths:
86
+ - lib
87
+ required_ruby_version: !ruby/object:Gem::Requirement
88
+ none: false
89
+ requirements:
90
+ - - ! '>='
91
+ - !ruby/object:Gem::Version
92
+ version: '0'
93
+ required_rubygems_version: !ruby/object:Gem::Requirement
94
+ none: false
95
+ requirements:
96
+ - - ! '>='
97
+ - !ruby/object:Gem::Version
98
+ version: '0'
99
+ requirements: []
100
+ rubyforge_project:
101
+ rubygems_version: 1.8.10
102
+ signing_key:
103
+ specification_version: 3
104
+ summary: This is Rack middleware that makes your app compliant with the 'EU ePrivacy
105
+ Directive' whereby a user needs to provide implied consent before any data can be
106
+ stored on his machine.
107
+ test_files:
108
+ - spec/cookie_limiter_spec.rb
109
+ - spec/spec_helper.rb