rack-policy 0.1.0

data/.gitignore

@@ -0,0 +1,18 @@
+*.gem
+*.rbc
+.bundle
+.config
+.yardoc
+Gemfile.lock
+InstalledFiles
+_yardoc
+coverage
+doc/
+lib/bundler/man
+pkg
+rdoc
+spec/reports
+test/tmp
+test/version_tmp
+tmp
+*.swp

data/.rspec

@@ -0,0 +1 @@
+--color

data/.rvmrc

@@ -0,0 +1,34 @@
+#!/usr/bin/env bash
+
+environment_id="1.9.3@rack-policy"
+
+#
+# First we attempt to load the desired environment directly from the environment
+# file. This is very fast and efficient compared to running through the entire
+# CLI and selector. If you want feedback on which environment was used then
+# insert the word 'use' after --create as this triggers verbose mode.
+#
+if [[ -d "${rvm_path:-$HOME/.rvm}/environments" \
+  && -s "${rvm_path:-$HOME/.rvm}/environments/$environment_id" ]]
+then
+  \. "${rvm_path:-$HOME/.rvm}/environments/$environment_id"
+
+  if [[ -s "${rvm_path:-$HOME/.rvm}/hooks/after_use" ]]
+  then
+    . "${rvm_path:-$HOME/.rvm}/hooks/after_use"
+  fi
+else
+  # If the environment file has not yet been created, use the RVM CLI to select.
+  if ! rvm --create  "$environment_id"
+  then
+    echo "Failed to create RVM environment '${environment_id}'."
+    return 1
+  fi
+fi
+
+if [[ $- == *i* ]] # check for interactive shells
+then
+    echo "Using: $(tput setaf 2)$GEM_HOME$(tput sgr0)" # show the user the ruby and gemset they are using in green
+else 
+	echo "Using: $GEM_HOME" # don't use colors in interactive shells
+fi

data/.travis.yml

@@ -0,0 +1,9 @@
+---
+rvm:
+- 1.8.7
+- 1.9.2
+- 1.9.3
+- rbx-18mode
+- rbx-19mode
+- jruby
+- ruby-head

data/Gemfile

@@ -0,0 +1,4 @@
+source 'https://rubygems.org'
+
+# Specify your gem's dependencies in rack-policy.gemspec
+gemspec

data/LICENSE

@@ -0,0 +1,22 @@
+Copyright (c) 2012 Piotr Murach
+
+MIT License
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.md

@@ -0,0 +1,99 @@
+# Rack-Policy
+[![Build Status](https://secure.travis-ci.org/peter-murach/rack-policy.png?branch=master)][travis] [![Dependency Status](https://gemnasium.com/peter-murach/rack-policy.png?travis)][gemnasium]
+
+[travis]: http://travis-ci.org/peter-murach/rack-policy
+[gemnasium]: https://gemnasium.com/peter-murach/rack-policy
+
+This is Rack middleware that makes your app compliant with the 'EU ePrivacy Directive'
+whereby a user needs to provide implied consent before any data can be stored on his
+machine.
+
+## Installation
+
+Add this line to your application's Gemfile:
+
+    gem 'rack-policy'
+
+And then execute:
+
+    $ bundle
+
+Or install it yourself as:
+
+    $ gem install rack-policy
+
+## Usage
+
+By default when the Rack application is loaded no cookies will be set(provided no session cookies already exist), and any existing session cookies will be destroyed. Throughout the request cycle cookies now won't be set until the user has given explicit consent. This can be controlled by setting consent token
+
+```ruby
+Rack::Policy::CookieLimiter consent_token: 'allow_me'
+```
+
+## Examples
+
+### Rails 3.x
+
+```ruby
+# config/application.rb
+require 'rack/policy'
+
+class Application < Rails::Application
+  config.middleware.use Rack::Policy::CookieLimiter consent_token: 'rack.policy'
+end
+```
+
+And then in your custome controller create actions responsible for setting and unsetting cookie policy
+
+```ruby
+class CookiePolicyController < ApplicationController
+  def allow
+    cookies[:consent_token] = {
+      value: 'true',
+      expires: 1.year.from_now.utc
+    }
+  end
+
+  def deny
+    cookies[:consent_token] = {
+      value: '',
+      expires: Time.at(0)
+    }
+  end
+end
+```
+
+### Rails 2.x
+
+```ruby
+# config/environment
+
+Rails::Initializer.run do |config|
+  config.middleware.use Rack::Policy::Cookie :consent_token => 'rack.policy'
+end
+```
+
+Set and unset cookie consent in similar way to Rails 3.x example.
+
+### Sinatra
+
+```ruby
+require 'sinatra'
+require 'rack/policy'
+
+use Rack::Policy::CookieLimiter consent_token: 'rack.policy'
+
+get('/hello') { "Hello world" }
+
+get('/allow') { }
+```
+
+### Rackup app
+
+## Contributing
+
+1. Fork it
+2. Create your feature branch (`git checkout -b my-new-feature`)
+3. Commit your changes (`git commit -am 'Added some feature'`)
+4. Push to the branch (`git push origin my-new-feature`)
+5. Create new Pull Request

data/Rakefile

@@ -0,0 +1,9 @@
+#!/usr/bin/env rake
+require "bundler/gem_tasks"
+require "rspec/core/rake_task"
+
+RSpec::Core::RakeTask.new(:spec) do |spec|
+  spec.pattern = FileList['spec/**/*_spec.rb']
+end
+
+task :default => :spec

data/lib/rack-policy.rb

@@ -0,0 +1 @@
+require 'rack/policy'

data/lib/rack/policy.rb

@@ -0,0 +1,12 @@
+# -*- encoding: utf-8 -*-
+
+require 'rack'
+
+module Rack
+  module Policy
+
+    autoload :CookieLimiter,  'rack/policy/cookie_limiter'
+    autoload :Version,        'rack/policy/version'
+
+  end # Policy
+end # Rack

data/lib/rack/policy/cookie_limiter.rb

@@ -0,0 +1,76 @@
+# -*- encoding: utf-8 -*-
+
+module Rack
+  module Policy
+    class CookieLimiter
+      include ::Rack::Utils
+
+      SET_COOKIE    = "Set-Cookie".freeze
+      CACHE_CONTROL = "Cache-Control".freeze
+      CONSENT_TOKEN = "cookie_limiter".freeze
+
+      attr_reader :app
+      attr_reader :options
+      attr_accessor :headers
+
+      def initialize(app, options={})
+        @app, @options = app, options
+      end
+
+      def consent_token
+        @consent_token ||= options[:consent_token] || CONSENT_TOKEN
+      end
+
+      def expires
+        Time.parse(options[:expires]) if options[:expires]
+      end
+
+      def call(env)
+        status, headers, body = app.call(env)
+        self.headers = headers
+        clear_cookies! unless allowed?
+        [status, headers, body]
+      end
+
+      def allowed?
+        if parse_cookies.has_key?(consent_token)
+          true
+        else
+          false
+        end
+      end
+
+      protected
+
+      # Returns the response cookies converted to Hash
+      def parse_cookies
+        cookies = {}
+        if header = headers[SET_COOKIE]
+          header = header.split("\n") if header.respond_to?(:to_str)
+          header.each do |cookie|
+            if pair = cookie.split(';').first
+              key, value = pair.split('=').map { |v| ::Rack::Utils.unescape(v) }
+              cookies[key] = value
+            end
+          end
+        end
+        cookies
+      end
+
+      def clear_cookies!
+        headers.delete(SET_COOKIE)
+        revalidate_cache!
+        headers
+      end
+
+      def revalidate_cache!
+        headers.merge!({ CACHE_CONTROL => 'must-revalidate, max-age=0' })
+      end
+
+      def set_cookie(key, value)
+        ::Rack::Utils.set_cookie_header!(headers, key, value)
+      end
+
+    end # CookieLimiter
+  end # Policy
+end # Rack

data/lib/rack/policy/version.rb

@@ -0,0 +1,7 @@
+# -*- encoding: utf-8 -*-
+
+module Rack
+  module Policy
+    VERSION = "0.1.0"
+  end
+end

data/rack-policy.gemspec

@@ -0,0 +1,23 @@
+# -*- encoding: utf-8 -*-
+require File.expand_path('../lib/rack/policy/version', __FILE__)
+
+Gem::Specification.new do |gem|
+  gem.authors       = ["Piotr Murach"]
+  gem.email         = [""]
+  gem.description   = %q{This is Rack middleware that makes your app compliant with the 'EU ePrivacy Directive'}
+  gem.summary       = %q{This is Rack middleware that makes your app compliant with the 'EU ePrivacy Directive' whereby a user needs to provide implied consent before any data can be stored on his machine.}
+  gem.homepage      = "https://github.com/peter-murach/rack-policy"
+
+  gem.files         = `git ls-files`.split($\)
+  gem.executables   = gem.files.grep(%r{^bin/}).map{ |f| File.basename(f) }
+  gem.test_files    = gem.files.grep(%r{^(test|spec|features)/})
+  gem.name          = "rack-policy"
+  gem.require_paths = ["lib"]
+  gem.version       = Rack::Policy::VERSION
+
+  gem.add_dependency 'rack', '~> 1.1'
+
+  gem.add_development_dependency 'rack-test'
+  gem.add_development_dependency 'rspec'
+  gem.add_development_dependency 'rake'
+end

data/spec/cookie_limiter_spec.rb

@@ -0,0 +1,49 @@
+require File.expand_path('../spec_helper.rb', __FILE__)
+
+describe Rack::Policy::CookieLimiter do
+
+  it 'preserves normal requests' do
+    get('/').should be_ok
+    last_response.body.should == 'ok'
+  end
+
+  it "does not meter where the middleware is inserted"
+
+  context 'no consent' do
+    it 'removes cookie session header' do
+      mock_app with_headers('Set-Cookie' => "google=bot")
+      get '/'
+      last_response.should be_ok
+      last_response.headers['Set-Cookie'].should be_nil
+    end
+
+    it 'revalidates caches' do
+      mock_app with_headers('Set-Cookie' => "google=bot")
+      get '/'
+      last_response.should be_ok
+      last_response.headers['Cache-control'].should_not be_nil
+    end
+  end
+
+  context 'with consent' do
+    it 'preserves cookie header' do
+      mock_app with_headers('Set-Cookie' => "cookie_limiter=true; path=/;")
+      get '/'
+      last_response.should be_ok
+      last_response.headers['Set-Cookie'].should_not be_nil
+    end
+
+    it 'sets consent cookie' do
+      mock_app with_headers('Set-Cookie' => "cookie_limiter=true; path=/;")
+      get '/'
+      last_response.headers['Set-Cookie'].should =~ /cookie_limiter/
+    end
+
+    it 'preserves other session cookies' do
+      mock_app with_headers('Set-Cookie' => "cookie_limiter=true; path=/;\ngithub.com=bot")
+      get '/'
+      last_response.headers['Set-Cookie'].should =~ /github.com=bot/
+    end
+  end
+
+end # Rack::Policy::CookieLimiter

data/spec/spec_helper.rb

@@ -0,0 +1,45 @@
+require 'rubygems'
+
+$LOAD_PATH.unshift(File.join(File.dirname(__FILE__), '..', 'lib'))
+$LOAD_PATH.unshift(File.dirname(__FILE__))
+
+require 'rspec'
+require 'rack/test'
+require 'rack/policy'
+
+module DummyApp
+  def self.call(env)
+    Thread.current[:last_env] = env
+    [200, {'Content-Type' => 'text/plain'}, ['ok']]
+  end
+end
+
+module TestHelpers
+  def app
+    @app || mock_app(DummyApp)
+  end
+
+  def mock_app(app=nil, &block)
+    app = block if app.nil? and block.arity == 1
+    if app
+      klass = described_class
+      mock_app do
+        use klass
+        run app
+      end
+    else
+      @app = Rack::Lint.new Rack::Builder.new(&block).to_app
+    end
+  end
+
+  def with_headers(headers)
+    proc { [200, {'Content-Type' => 'text/plain' }.merge(headers), ['ok']] }
+  end
+end
+
+RSpec.configure do |config|
+  config.order = :rand
+  config.expect_with :rspec, :stdlib
+  config.include Rack::Test::Methods
+  config.include TestHelpers
+end

metadata

@@ -0,0 +1,109 @@
+--- !ruby/object:Gem::Specification
+name: rack-policy
+version: !ruby/object:Gem::Version
+  version: 0.1.0
+  prerelease: 
+platform: ruby
+authors:
+- Piotr Murach
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2012-06-23 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: rack
+  requirement: &2160301740 !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: '1.1'
+  type: :runtime
+  prerelease: false
+  version_requirements: *2160301740
+- !ruby/object:Gem::Dependency
+  name: rack-test
+  requirement: &2160301320 !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: *2160301320
+- !ruby/object:Gem::Dependency
+  name: rspec
+  requirement: &2160300860 !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: *2160300860
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: &2160300240 !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: *2160300240
+description: This is Rack middleware that makes your app compliant with the 'EU ePrivacy
+  Directive'
+email:
+- ''
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- .gitignore
+- .rspec
+- .rvmrc
+- .travis.yml
+- Gemfile
+- LICENSE
+- README.md
+- Rakefile
+- lib/rack-policy.rb
+- lib/rack/policy.rb
+- lib/rack/policy/cookie_limiter.rb
+- lib/rack/policy/version.rb
+- rack-policy.gemspec
+- spec/cookie_limiter_spec.rb
+- spec/spec_helper.rb
+homepage: https://github.com/peter-murach/rack-policy
+licenses: []
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  none: false
+  requirements:
+  - - ! '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  none: false
+  requirements:
+  - - ! '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 1.8.10
+signing_key: 
+specification_version: 3
+summary: This is Rack middleware that makes your app compliant with the 'EU ePrivacy
+  Directive' whereby a user needs to provide implied consent before any data can be
+  stored on his machine.
+test_files:
+- spec/cookie_limiter_spec.rb
+- spec/spec_helper.rb