rack-proxy 0.7.0 → 0.7.7

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 228f3bf6e52dcd2bdcebf9c52bf1db47dfdc7179ed52cd3664e14cfd8df80db9
-  data.tar.gz: 6613d7f13087046d9ad6ee22e5afa56db6910145df427e42101f5aa491d3fe26
+  metadata.gz: 888784aa8d1d28ae0dc2a1352aa44ba8e639d5cd604043facbb31da3fa1dc759
+  data.tar.gz: 9ba49effcffcacb930ab08fe2f6a9fd08040b60800b8aa8e5ccc274053f36c4e
 SHA512:
-  metadata.gz: 151b04e286d1305d116cf743f00c6b811ed10fad0f24cf806b685a4e038a4dcf5c3b8f7e0dd0cf1e8aa95dd8c46763b0f8b114d36c668fdaabda541d48d5722a
-  data.tar.gz: 234ec48678c973b203cf00f256039c6e88f63c67c5e279e6f0ec17fc51de07022f7a3099dfe0efdaacf46808a0512cd9e16444823b6d616fdee08ae5572efbb2
+  metadata.gz: 606ed720fb5b8c67cd1fc3058b9644e88fb2e7768d4fce4606ba0332fac24cadca11a36ab50d97cb7ff5767664864b1c1a2cf5108cd58a66fecfb3b93de37517
+  data.tar.gz: a91cc8541d7af6c390fe1c0faa3c923942a14cce746eebc3d170b95b45aafc5871a04ad1ec9fee6f0c07500534755c794f76d0c14bccdcf5fdaad06e239aeb07

data/.github/FUNDING.yml

@@ -0,0 +1,3 @@
+# These are supported funding model platforms
+
+github: [ncr]

data/.travis.yml

@@ -1,4 +1,3 @@
-sudo: false
 cache: bundler
 language: ruby
 before_install:

data/Gemfile.lock

@@ -1,22 +1,22 @@
 PATH
   remote: .
   specs:
-    rack-proxy (0.7.0)
+    rack-proxy (0.7.7)
       rack
 
 GEM
   remote: https://rubygems.org/
   specs:
-    power_assert (0.2.6)
-    rack (2.0.3)
-    rack-test (0.5.6)
-      rack (>= 1.0)
-    rake (13.0.1)
-    test-unit (3.1.5)
+    power_assert (2.0.3)
+    rack (3.0.8)
+    rack-test (2.1.0)
+      rack (>= 1.3)
+    rake (13.0.6)
+    test-unit (3.6.1)
       power_assert
 
 PLATFORMS
-  ruby
+  arm64-darwin-22
 
 DEPENDENCIES
   rack-proxy!
@@ -25,4 +25,4 @@ DEPENDENCIES
   test-unit
 
 BUNDLED WITH
-   1.17.2
+   2.4.17

data/README.md

@@ -6,7 +6,7 @@ Installation
 Add the following to your `Gemfile`:
 
 ```
-gem 'rack-proxy', '~> 0.7.0'
+gem 'rack-proxy', '~> 0.7.7'
 ```
 
 Or install:
@@ -136,7 +136,7 @@ Test with `require 'rack_proxy_examples/example_service_proxy'`
 # 1. rails new test_app
 # 2. cd test_app
 # 3. install Rack-Proxy in `Gemfile`
-#    a. `gem 'rack-proxy', '~> 0.7.0'`
+#    a. `gem 'rack-proxy', '~> 0.7.7'`
 # 4. install gem: `bundle install`
 # 5. create `config/initializers/proxy.rb` adding this line `require 'rack_proxy_examples/example_service_proxy'`
 # 6. run: `SERVICE_URL=http://guides.rubyonrails.org rails server`
@@ -297,6 +297,35 @@ Add some domain name like `debug.your_app.com` into your local `/etc/hosts` file
 
 Next start the proxy and your app. And now you can access to your Spring application through SSL connection via `https://debug.your_app.com` URI in a browser.
 
+### Using SSL/TLS certificates with HTTP connection
+This may be helpful, when third-party API has authentication by client TLS certificates and you need to proxy your requests and sign them with certificate.
+
+Just specify Rack::Proxy SSL options and your request will use TLS HTTP connection:
+```ruby
+# config.ru
+. . .
+
+cert_raw = File.read('./certs/rootCA.crt')
+key_raw = File.read('./certs/key.pem')
+
+cert = OpenSSL::X509::Certificate.new(cert_raw)
+key = OpenSSL::PKey.read(key_raw)
+
+use TLSProxy, cert: cert, key: key, use_ssl: true, verify_mode: OpenSSL::SSL::VERIFY_PEER, ssl_version: 'TLSv1_2'
+```
+
+And rewrite host for example:
+```ruby
+# tls_proxy.rb
+class TLSProxy < Rack::Proxy
+  attr_accessor :original_request, :query_params
+
+  def rewrite_env(env)
+    env["HTTP_HOST"] = "client-tls-auth-api.com:443"
+    env
+  end
+end
+```
 
 WARNING
 ----

data/lib/rack/http_streaming_response.rb

@@ -1,13 +1,16 @@
 require "net_http_hacked"
+require "stringio"
 
 module Rack
-
   # Wraps the hacked net/http in a Rack way.
   class HttpStreamingResponse
-    attr_accessor :use_ssl
-    attr_accessor :verify_mode
-    attr_accessor :read_timeout
-    attr_accessor :ssl_version
+    STATUSES_WITH_NO_ENTITY_BODY = {
+      204 => true,
+      205 => true,
+      304 => true
+    }.freeze
+
+    attr_accessor :use_ssl, :verify_mode, :read_timeout, :ssl_version, :cert, :key
 
     def initialize(request, host, port = nil)
       @request, @host, @port = request, host, port
@@ -18,60 +21,62 @@ module Rack
     end
 
     def code
-      response.code.to_i
+      response.code.to_i.tap do |response_code|
+        STATUSES_WITH_NO_ENTITY_BODY[response_code] && close_connection
+      end
     end
     # #status is deprecated
     alias_method :status, :code
 
     def headers
-      h = Utils::HeaderHash.new
-
-      response.to_hash.each do |k, v|
-        h[k] = v
-      end
-
-      h
+      Rack::Proxy.build_header_hash(response.to_hash)
     end
 
     # Can be called only once!
     def each(&block)
+      return if connection_closed
+
       response.read_body(&block)
     ensure
-      session.end_request_hacked
-      session.finish
+      close_connection
     end
 
     def to_s
-      @body ||= begin
-        lines = []
-
-        each do |line|
-          lines << line
-        end
-
-        lines.join
-      end
+      @to_s ||= StringIO.new.tap { |io| each { |line| io << line } }.string
     end
 
     protected
 
     # Net::HTTPResponse
     def response
-      @response ||= session.begin_request_hacked(@request)
+      @response ||= session.begin_request_hacked(request)
     end
 
     # Net::HTTP
     def session
-      @session ||= begin
-        http = Net::HTTP.new @host, @port
-        http.use_ssl = self.use_ssl
-        http.verify_mode = self.verify_mode
-        http.read_timeout = self.read_timeout
-        http.ssl_version = self.ssl_version if self.use_ssl
+      @session ||= Net::HTTP.new(host, port).tap do |http|
+        http.use_ssl = use_ssl
+        http.verify_mode = verify_mode
+        http.read_timeout = read_timeout
+        http.ssl_version = ssl_version if ssl_version
+        http.cert = cert if cert
+        http.key = key if key
         http.start
       end
     end
 
-  end
+    private
+
+    attr_reader :request, :host, :port
+
+    attr_accessor :connection_closed
 
+    def close_connection
+      return if connection_closed
+
+      session.end_request_hacked
+      session.finish
+      self.connection_closed = true
+    end
+  end
 end

data/lib/rack/proxy.rb

@@ -5,7 +5,18 @@ module Rack
 
   # Subclass and bring your own #rewrite_request and #rewrite_response
   class Proxy
-    VERSION = "0.7.0"
+    VERSION = "0.7.7".freeze
+
+    HOP_BY_HOP_HEADERS = {
+      'connection' => true,
+      'keep-alive' => true,
+      'proxy-authenticate' => true,
+      'proxy-authorization' => true,
+      'te' => true,
+      'trailer' => true,
+      'transfer-encoding' => true,
+      'upgrade' => true
+    }.freeze
 
     class << self
       def extract_http_request_headers(env)
@@ -13,28 +24,38 @@ module Rack
           !(/^HTTP_[A-Z0-9_\.]+$/ === k) || v.nil?
         end.map do |k, v|
           [reconstruct_header_name(k), v]
-        end.inject(Utils::HeaderHash.new) do |hash, k_v|
-          k, v = k_v
-          hash[k] = v
-          hash
-        end
+        end.then { |pairs| build_header_hash(pairs) }
 
-        x_forwarded_for = (headers["X-Forwarded-For"].to_s.split(/, +/) << env["REMOTE_ADDR"]).join(", ")
+        x_forwarded_for = (headers['X-Forwarded-For'].to_s.split(/, +/) << env['REMOTE_ADDR']).join(', ')
 
-        headers.merge!("X-Forwarded-For" =>  x_forwarded_for)
+        headers.merge!('X-Forwarded-For' => x_forwarded_for)
       end
 
       def normalize_headers(headers)
         mapped = headers.map do |k, v|
-          [k, if v.is_a? Array then v.join("\n") else v end]
+          [titleize(k), if v.is_a? Array then v.join("\n") else v end]
+        end
+        build_header_hash Hash[mapped]
+      end
+
+      def build_header_hash(pairs)
+        if Rack.const_defined?(:Headers)
+          # Rack::Headers is only available from Rack 3 onward
+          Headers.new.tap { |headers| pairs.each { |k, v| headers[k] = v } }
+        else
+          # Rack::Utils::HeaderHash is deprecated from Rack 3 onward and is to be removed in 3.1
+          Utils::HeaderHash.new(pairs)
         end
-        Utils::HeaderHash.new Hash[mapped]
       end
 
       protected
 
       def reconstruct_header_name(name)
-        name.sub(/^HTTP_/, "").gsub("_", "-")
+        titleize(name.sub(/^HTTP_/, "").gsub("_", "-"))
+      end
+
+      def titleize(str)
+        str.split("-").map(&:capitalize).join("-")
       end
     end
 
@@ -49,12 +70,15 @@ module Rack
 
       @streaming = opts.fetch(:streaming, true)
       @ssl_verify_none = opts.fetch(:ssl_verify_none, false)
-      @backend = URI(opts[:backend]) if opts[:backend]
+      @backend = opts[:backend] ? URI(opts[:backend]) : nil
       @read_timeout = opts.fetch(:read_timeout, 60)
-      @ssl_version = opts[:ssl_version] if opts[:ssl_version]
+      @ssl_version = opts[:ssl_version]
+      @cert = opts[:cert]
+      @key = opts[:key]
+      @verify_mode = opts[:verify_mode]
 
-      @username = opts[:username] if opts[:username]
-      @password = opts[:password] if opts[:password]
+      @username = opts[:username]
+      @password = opts[:password]
 
       @opts = opts
     end
@@ -85,7 +109,7 @@ module Rack
         full_path = source_request.fullpath
       end
 
-      target_request = Net::HTTP.const_get(source_request.request_method.capitalize).new(full_path)
+      target_request = Net::HTTP.const_get(source_request.request_method.capitalize, false).new(full_path)
 
       # Setup headers
       target_request.initialize_http_header(self.class.extract_http_request_headers(source_request.env))
@@ -102,8 +126,7 @@ module Rack
       target_request.basic_auth(@username, @password) if @username && @password
 
       backend = env.delete('rack.backend') || @backend || source_request
-      use_ssl = backend.scheme == "https"
-      ssl_verify_none = (env.delete('rack.ssl_verify_none') || @ssl_verify_none) == true
+      use_ssl = backend.scheme == "https" || @cert
       read_timeout = env.delete('http.read_timeout') || @read_timeout
 
       # Create the response
@@ -112,30 +135,34 @@ module Rack
         target_response = HttpStreamingResponse.new(target_request, backend.host, backend.port)
         target_response.use_ssl = use_ssl
         target_response.read_timeout = read_timeout
-        target_response.verify_mode = OpenSSL::SSL::VERIFY_NONE if use_ssl && ssl_verify_none
         target_response.ssl_version = @ssl_version if @ssl_version
+        target_response.verify_mode = (@verify_mode || OpenSSL::SSL::VERIFY_NONE) if use_ssl
+        target_response.cert = @cert if @cert
+        target_response.key = @key if @key
       else
         http = Net::HTTP.new(backend.host, backend.port)
         http.use_ssl = use_ssl if use_ssl
         http.read_timeout = read_timeout
-        http.verify_mode = OpenSSL::SSL::VERIFY_NONE if use_ssl && ssl_verify_none
         http.ssl_version = @ssl_version if @ssl_version
+        http.verify_mode = (@verify_mode || OpenSSL::SSL::VERIFY_NONE if use_ssl) if use_ssl
+        http.cert = @cert if @cert
+        http.key = @key if @key
 
         target_response = http.start do
           http.request(target_request)
         end
       end
 
+      code    = target_response.code
       headers = self.class.normalize_headers(target_response.respond_to?(:headers) ? target_response.headers : target_response.to_hash)
       body    = target_response.body || [""]
       body    = [body] unless body.respond_to?(:each)
 
       # According to https://tools.ietf.org/html/draft-ietf-httpbis-p1-messaging-14#section-7.1.3.1Acc
       # should remove hop-by-hop header fields
-      headers.reject! { |k| ['connection', 'keep-alive', 'proxy-authenticate', 'proxy-authorization', 'te', 'trailer', 'transfer-encoding', 'upgrade'].include? k.downcase }
-      [target_response.code, headers, body]
-    end
+      headers.reject! { |k| HOP_BY_HOP_HEADERS[k.downcase] }
 
+      [code, headers, body]
+    end
   end
-
 end

data/lib/rack_proxy_examples/example_service_proxy.rb

@@ -5,7 +5,7 @@
 # 1. rails new test_app
 # 2. cd test_app
 # 3. install Rack-Proxy in `Gemfile`
-#    a. `gem 'rack-proxy', '~> 0.7.0'`
+#    a. `gem 'rack-proxy', '~> 0.7.7'`
 # 4. install gem: `bundle install`
 # 5. create `config/initializers/proxy.rb` adding this line `require 'rack_proxy_examples/example_service_proxy'`
 # 6. run: `SERVICE_URL=http://guides.rubyonrails.org rails server`

data/rack-proxy.gemspec

@@ -12,6 +12,7 @@ Gem::Specification.new do |s|
   s.homepage    = "https://github.com/ncr/rack-proxy"
   s.summary     = %q{A request/response rewriting HTTP proxy. A Rack app.}
   s.description = %q{A Rack app that provides request/response rewriting proxy capabilities with streaming.}
+  s.required_ruby_version = '>= 2.6'
 
   s.files         = `git ls-files`.split("\n")
   s.test_files    = `git ls-files -- {test,spec,features}/*`.split("\n")

data/test/http_streaming_response_test.rb

@@ -4,23 +4,24 @@ require "rack/http_streaming_response"
 class HttpStreamingResponseTest < Test::Unit::TestCase
 
   def setup
-    host, req = "www.trix.pl", Net::HTTP::Get.new("/")
-    @response = Rack::HttpStreamingResponse.new(req, host)
+    host, req = "example.com", Net::HTTP::Get.new("/")
+    @response = Rack::HttpStreamingResponse.new(req, host, 443)
+    @response.use_ssl = true
   end
 
   def test_streaming
     # Response status
-    assert @response.code == 200
-    assert @response.status == 200
+    assert_equal 200, @response.status
+    assert_equal 200, @response.status
 
     # Headers
     headers = @response.headers
 
-    assert headers.size > 0
+    assert headers.size.positive?
 
-    assert headers["content-type"] == ["text/html;charset=utf-8"]
-    assert headers["CoNtEnT-TyPe"] == headers["content-type"]
-    assert headers["content-length"].first.to_i > 0
+    assert_match %r{text/html; ?charset=utf-8}, headers["content-type"].first.downcase
+    assert_equal headers["content-type"], headers["CoNtEnT-TyPe"]
+    assert headers["content-length"].first.to_i.positive?
 
     # Body
     chunks = []
@@ -28,7 +29,7 @@ class HttpStreamingResponseTest < Test::Unit::TestCase
       chunks << chunk
     end
 
-    assert chunks.size > 0
+    assert chunks.size.positive?
     chunks.each do |chunk|
       assert chunk.is_a?(String)
     end
@@ -36,7 +37,7 @@ class HttpStreamingResponseTest < Test::Unit::TestCase
   end
 
   def test_to_s
-    assert_equal @response.headers["Content-Length"].first.to_i, @response.body.to_s.size
+    assert_equal @response.headers["Content-Length"].first.to_i, @response.body.to_s.bytesize
   end
 
   def test_to_s_called_twice

data/test/rack_proxy_test.rb

@@ -78,10 +78,10 @@ class RackProxyTest < Test::Unit::TestCase
     proxy_class = Rack::Proxy
 
     header = proxy_class.send(:reconstruct_header_name, "HTTP_ABC")
-    assert header == "ABC"
+    assert header == "Abc"
 
     header = proxy_class.send(:reconstruct_header_name, "HTTP_ABC_D")
-    assert header == "ABC-D"
+    assert header == "Abc-D"
   end
 
   def test_extract_http_request_headers
@@ -120,7 +120,7 @@ class RackProxyTest < Test::Unit::TestCase
   end
 
   def test_response_header_included_Hop_by_hop
-    app({:streaming => true}).host = 'auth.goeasyship.com'
+    app({:streaming => true}).host = 'mockapi.io'
     get 'https://example.com/oauth2/token/info?access_token=123'
     assert !last_response.headers.key?('transfer-encoding')
   end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: rack-proxy
 version: !ruby/object:Gem::Version
-  version: 0.7.0
+  version: 0.7.7
 platform: ruby
 authors:
 - Jacek Becela
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2021-05-28 00:00:00.000000000 Z
+date: 2023-09-01 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rack
@@ -60,6 +60,7 @@ executables: []
 extensions: []
 extra_rdoc_files: []
 files:
+- ".github/FUNDING.yml"
 - ".gitignore"
 - ".travis.yml"
 - Gemfile
@@ -92,14 +93,14 @@ required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
-      version: '0'
+      version: '2.6'
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.0.3
+rubygems_version: 3.2.3
 signing_key:
 specification_version: 4
 summary: A request/response rewriting HTTP proxy. A Rack app.