rack-policy 0.1.0 → 0.2.0

data/CHANGELOG.md

@@ -0,0 +1,14 @@
+0.2.0 (June 24, 2012)
+
+* Fix bug when checking allowed cookie.
+* Refactor cookie clearing to work off request and response cycle.
+* Add cookie deletion.
+* Add response headers handling and fix bug with cache revalidation.
+* Add code comments.
+* Improve documentation with sinatra and rackup examples.
+* Add code example for rails 3 app.
+
+0.1.0 (June 23, 2012)
+
+* Add cookie limiter middleware.
+* Add spec tests.

data/Gemfile

@@ -1,4 +1,3 @@
 source 'https://rubygems.org'
 
-# Specify your gem's dependencies in rack-policy.gemspec
 gemspec

data/README.md

@@ -30,8 +30,12 @@ By default when the Rack application is loaded no cookies will be set(provided n
 Rack::Policy::CookieLimiter consent_token: 'allow_me'
 ```
 
+The very same `consent_token` is used to toggle the limiter behaviour.
+
 ## Examples
 
+Adding `Rack::Policy::CookieLimiter` do Rack applications
+
 ### Rails 3.x
 
 ```ruby
@@ -47,18 +51,18 @@ And then in your custome controller create actions responsible for setting and u
 
 ```ruby
 class CookiePolicyController < ApplicationController
+
   def allow
-    cookies[:consent_token] = {
+    response.set_cookie 'rack.policy', {
       value: 'true',
       expires: 1.year.from_now.utc
     }
+    render nothing: true
   end
 
   def deny
-    cookies[:consent_token] = {
-      value: '',
-      expires: Time.at(0)
-    }
+    response.delete_cookie 'rack.policy'
+    render nothing: true
   end
 end
 ```
@@ -69,7 +73,7 @@ end
 # config/environment
 
 Rails::Initializer.run do |config|
-  config.middleware.use Rack::Policy::Cookie :consent_token => 'rack.policy'
+  config.middleware.use Rack::Policy::CookieLimiter consent_token: 'rack.policy'
 end
 ```
 
@@ -77,19 +81,35 @@ Set and unset cookie consent in similar way to Rails 3.x example.
 
 ### Sinatra
 
+For classic style sinatra application do
+
 ```ruby
+#!/usr/bin/env ruby -rubygems
 require 'sinatra'
 require 'rack/policy'
 
 use Rack::Policy::CookieLimiter consent_token: 'rack.policy'
 
-get('/hello') { "Hello world" }
+get('/') { "Allow cookies to be set? <a href='/allow'>Allow</a>" }
 
-get('/allow') { }
+get('/allow') { response.set_cookie 'rack.policy' }
+
+get('/deny') { response.delete_cookie 'rack.policy' }
 ```
 
+### Padrino app
+
 ### Rackup app
 
+```ruby
+#!/usr/bin/env rackup
+require 'rack/policy'
+
+use Rack::Policy::CookieLimiter consent_token: 'rack.policy'
+
+run lambda { |env| [200, {'Content-Type' => 'text/plain'}, "Hello, world!\n"] }
+```
+
 ## Contributing
 
 1. Fork it

data/examples/rails_3/Gemfile

@@ -0,0 +1,8 @@
+source :rubygems
+
+gem 'actionpack', "~> 3.2"
+gem 'railties', "~> 3.2"
+gem 'rack-policy', :path => File.expand_path('../../../', __FILE__)
+gem 'tzinfo'
+gem 'rack'
+gem 'thin'

data/examples/rails_3/rails_3.ru

@@ -0,0 +1,51 @@
+# RAILS_ENV=production bundle exec rackup -p 3000 -s thin
+
+require 'rails'
+require 'rails/all'
+require 'rack/policy'
+
+class MyApp < Rails::Application
+  routes.append do
+    match '/hello' => 'policy#hello'
+    match '/allow' => 'policy#allow'
+    match '/deny'  => 'policy#deny'
+  end
+
+  require 'rack/policy'
+
+  config.middleware.use Rack::Policy::CookieLimiter
+end
+
+class PolicyController < ActionController::Base
+
+  def hello
+    response.set_cookie :custom_cookie, {
+      :value => 'illegal cookie',
+      :expires => 2.hours.from_now.utc
+    }
+    render :text => "Cookies #{cookies.inspect}"
+  end
+
+  def allow
+    response.set_cookie :cookie_limiter, {
+      :value => 'true',
+      :expires => 2.hours.from_now.utc
+    }
+    render :text => "Cookies #{cookies.inspect}"
+  end
+
+  def deny
+    response.delete_cookie :cookie_limiter
+    render :text => "Cookies #{cookies.inspect}"
+  end
+end
+
+MyApp.initialize!
+
+# Print middleware stack
+Rails.configuration.middleware.each do |middleware|
+  puts "use #{middleware.inspect}"
+end
+puts "run #{Rails.application.class.name}.routes"
+
+run MyApp

data/lib/rack/policy/cookie_limiter.rb

@@ -2,17 +2,20 @@
 
 module Rack
   module Policy
+    # This is the class for limiting cookie storage on client machine.
     class CookieLimiter
       include ::Rack::Utils
 
+      HTTP_COOKIE   = "HTTP_COOKIE".freeze
       SET_COOKIE    = "Set-Cookie".freeze
       CACHE_CONTROL = "Cache-Control".freeze
       CONSENT_TOKEN = "cookie_limiter".freeze
 
-      attr_reader :app
-      attr_reader :options
-      attr_accessor :headers
+      attr_reader :app, :options
+      attr_accessor :status, :headers, :body
 
+      # @option options [String] :consent_token
+      #
       def initialize(app, options={})
         @app, @options = app, options
       end
@@ -26,23 +29,41 @@ module Rack
       end
 
       def call(env)
-        status, headers, body = app.call(env)
-        self.headers = headers
-        clear_cookies! unless allowed?
-        [status, headers, body]
+        self.status, self.headers, self.body = @app.call(env)
+        request = Rack::Request.new(env)
+        response = Rack::Response.new body, status, headers
+        clear_cookies!(request, response) unless allowed?(request)
+        finish(env)
       end
 
-      def allowed?
-        if parse_cookies.has_key?(consent_token)
+      # Returns `false` if the cookie policy disallows cookie storage
+      # for a given request, or `true` otherwise.
+      #
+      def allowed?(request)
+        if ( request.cookies.has_key?(consent_token.to_s) ||
+             parse_cookies.has_key?(consent_token.to_s) )
           true
         else
           false
         end
       end
 
+      # Finish http response with proper headers
+      def finish(env)
+        if [204, 304].include?(status.to_i)
+          headers.delete "Content-Type"
+          [status.to_i, headers, []]
+        elsif env['REQUEST_METHOD'] == 'HEAD'
+          [status.to_i, headers, []]
+        else
+          [status.to_i, headers, body]
+        end
+      end
+
       protected
 
       # Returns the response cookies converted to Hash
+      #
       def parse_cookies
         cookies = {}
         if header = headers[SET_COOKIE]
@@ -57,9 +78,16 @@ module Rack
         cookies
       end
 
-      def clear_cookies!
+      def clear_cookies!(request, response)
+        cookies = parse_cookies
         headers.delete(SET_COOKIE)
+        request.env.delete(HTTP_COOKIE)
         revalidate_cache!
+
+        cookies.merge(request.cookies).each do |key, value|
+          response.delete_cookie key.to_sym
+        end
+
         headers
       end
 
@@ -71,6 +99,10 @@ module Rack
         ::Rack::Utils.set_cookie_header!(headers, key, value)
       end
 
+      def delete_cookie(key, value)
+        ::Rack::Utils.delete_cookie_header!(headers, key, value)
+      end
+
     end # CookieLimiter
   end # Policy
 end # Rack

data/lib/rack/policy/version.rb

@@ -2,6 +2,6 @@
 
 module Rack
   module Policy
-    VERSION = "0.1.0"
+    VERSION = "0.2.0"
   end
 end

data/spec/cookie_limiter_spec.rb

@@ -7,21 +7,36 @@ describe Rack::Policy::CookieLimiter do
     last_response.body.should == 'ok'
   end
 
-  it "does not meter where the middleware is inserted"
+  it "does not meter where the middleware is inserted" do
+    mock_app {
+      use Rack::Policy::CookieLimiter
+      use Rack::Session::Cookie, :key => 'app.session', :path => '/'
+      run DummyApp
+    }
+    get '/'
+    last_response.should be_ok
+    last_response.headers['Set-Cookie'].should be_nil
+  end
 
   context 'no consent' do
     it 'removes cookie session header' do
-      mock_app with_headers('Set-Cookie' => "google=bot")
-      get '/'
+      mock_app {
+        use Rack::Policy::CookieLimiter
+        run DummyApp
+      }
+      request '/'
       last_response.should be_ok
       last_response.headers['Set-Cookie'].should be_nil
     end
 
     it 'revalidates caches' do
-      mock_app with_headers('Set-Cookie' => "google=bot")
-      get '/'
+      mock_app {
+        use Rack::Policy::CookieLimiter
+        run DummyApp
+      }
+      request '/'
       last_response.should be_ok
-      last_response.headers['Cache-control'].should_not be_nil
+      last_response.headers['Cache-Control'].should =~ /must-revalidate/
     end
   end
 
@@ -46,4 +61,15 @@ describe Rack::Policy::CookieLimiter do
     end
   end
 
+  context 'finish response' do
+    it 'returns correct response for head request' do
+      mock_app {
+        use Rack::Policy::CookieLimiter
+        run DummyApp
+      }
+      head '/'
+      last_response.should be_ok
+    end
+  end
+
 end # Rack::Policy::CookieLimiter

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: rack-policy
 version: !ruby/object:Gem::Version
-  version: 0.1.0
+  version: 0.2.0
   prerelease: 
 platform: ruby
 authors:
@@ -9,11 +9,11 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2012-06-23 00:00:00.000000000 Z
+date: 2012-06-24 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rack
-  requirement: &2160301740 !ruby/object:Gem::Requirement
+  requirement: &2152703340 !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ~>
@@ -21,10 +21,10 @@ dependencies:
         version: '1.1'
   type: :runtime
   prerelease: false
-  version_requirements: *2160301740
+  version_requirements: *2152703340
 - !ruby/object:Gem::Dependency
   name: rack-test
-  requirement: &2160301320 !ruby/object:Gem::Requirement
+  requirement: &2152702840 !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ! '>='
@@ -32,10 +32,10 @@ dependencies:
         version: '0'
   type: :development
   prerelease: false
-  version_requirements: *2160301320
+  version_requirements: *2152702840
 - !ruby/object:Gem::Dependency
   name: rspec
-  requirement: &2160300860 !ruby/object:Gem::Requirement
+  requirement: &2152702300 !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ! '>='
@@ -43,10 +43,10 @@ dependencies:
         version: '0'
   type: :development
   prerelease: false
-  version_requirements: *2160300860
+  version_requirements: *2152702300
 - !ruby/object:Gem::Dependency
   name: rake
-  requirement: &2160300240 !ruby/object:Gem::Requirement
+  requirement: &2152701660 !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ! '>='
@@ -54,7 +54,7 @@ dependencies:
         version: '0'
   type: :development
   prerelease: false
-  version_requirements: *2160300240
+  version_requirements: *2152701660
 description: This is Rack middleware that makes your app compliant with the 'EU ePrivacy
   Directive'
 email:
@@ -67,10 +67,13 @@ files:
 - .rspec
 - .rvmrc
 - .travis.yml
+- CHANGELOG.md
 - Gemfile
 - LICENSE
 - README.md
 - Rakefile
+- examples/rails_3/Gemfile
+- examples/rails_3/rails_3.ru
 - lib/rack-policy.rb
 - lib/rack/policy.rb
 - lib/rack/policy/cookie_limiter.rb