RubyGems - rack-proxy - Versions diffs - 0.7.2 → 0.7.7 - Mend

rack-proxy 0.7.2 → 0.7.7

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (10) hide show

checksums.yaml +4 -4
data/.github/FUNDING.yml +3 -0
data/Gemfile.lock +8 -8
data/README.md +31 -2
data/lib/rack/http_streaming_response.rb +37 -32
data/lib/rack/proxy.rb +40 -17
data/lib/rack_proxy_examples/example_service_proxy.rb +1 -1
data/rack-proxy.gemspec +1 -0
data/test/http_streaming_response_test.rb +2 -2
metadata +5 -4

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 6cbdbb6efeff29ecbbd6dbebe7b67ac4c923fa0ab898d245a310fa872e6d9581
-  data.tar.gz: e21085cf4be6ec258b67ed91685086a8c0c5c0a83252a92c87853c5f3b79701e
+  metadata.gz: 888784aa8d1d28ae0dc2a1352aa44ba8e639d5cd604043facbb31da3fa1dc759
+  data.tar.gz: 9ba49effcffcacb930ab08fe2f6a9fd08040b60800b8aa8e5ccc274053f36c4e
 SHA512:
-  metadata.gz: 5eed533bedea80e3a485b9a61e6f5e55ab9480146eed5793c0aeb520cb348e86bdfa4a514467300b626f0b016760ce8ecb1a3318272d7cdcc5649c24131d7134
-  data.tar.gz: 4aea216293ead6071d44a1460b7c0f3f865e53d5332c994c441cbe956db6f57d67aa7b9b80a17bbd593676b2f651860f11f284c698200dbe4acfb0385ac00a15
+  metadata.gz: 606ed720fb5b8c67cd1fc3058b9644e88fb2e7768d4fce4606ba0332fac24cadca11a36ab50d97cb7ff5767664864b1c1a2cf5108cd58a66fecfb3b93de37517
+  data.tar.gz: a91cc8541d7af6c390fe1c0faa3c923942a14cce746eebc3d170b95b45aafc5871a04ad1ec9fee6f0c07500534755c794f76d0c14bccdcf5fdaad06e239aeb07

data/.github/FUNDING.yml ADDED Viewed

@@ -0,0 +1,3 @@
+# These are supported funding model platforms
+github: [ncr]

data/Gemfile.lock CHANGED Viewed

@@ -1,22 +1,22 @@
 PATH
   remote: .
   specs:
-    rack-proxy (0.7.2)
+    rack-proxy (0.7.7)
       rack
 GEM
   remote: https://rubygems.org/
   specs:
-    power_assert (0.2.6)
-    rack (2.2.3)
-    rack-test (0.5.6)
-      rack (>= 1.0)
+    power_assert (2.0.3)
+    rack (3.0.8)
+    rack-test (2.1.0)
+      rack (>= 1.3)
     rake (13.0.6)
-    test-unit (3.1.5)
+    test-unit (3.6.1)
       power_assert
 PLATFORMS
-  ruby
+  arm64-darwin-22
 DEPENDENCIES
   rack-proxy!
@@ -25,4 +25,4 @@ DEPENDENCIES
   test-unit
 BUNDLED WITH
-   1.17.2
+   2.4.17

data/README.md CHANGED Viewed

@@ -6,7 +6,7 @@ Installation
 Add the following to your `Gemfile`:
 ```
-gem 'rack-proxy', '~> 0.7.2'
+gem 'rack-proxy', '~> 0.7.7'
 ```
 Or install:
@@ -136,7 +136,7 @@ Test with `require 'rack_proxy_examples/example_service_proxy'`
 # 1. rails new test_app
 # 2. cd test_app
 # 3. install Rack-Proxy in `Gemfile`
-#    a. `gem 'rack-proxy', '~> 0.7.2'`
+#    a. `gem 'rack-proxy', '~> 0.7.7'`
 # 4. install gem: `bundle install`
 # 5. create `config/initializers/proxy.rb` adding this line `require 'rack_proxy_examples/example_service_proxy'`
 # 6. run: `SERVICE_URL=http://guides.rubyonrails.org rails server`
@@ -297,6 +297,35 @@ Add some domain name like `debug.your_app.com` into your local `/etc/hosts` file
 Next start the proxy and your app. And now you can access to your Spring application through SSL connection via `https://debug.your_app.com` URI in a browser.
+### Using SSL/TLS certificates with HTTP connection
+This may be helpful, when third-party API has authentication by client TLS certificates and you need to proxy your requests and sign them with certificate.
+Just specify Rack::Proxy SSL options and your request will use TLS HTTP connection:
+```ruby
+# config.ru
+. . .
+cert_raw = File.read('./certs/rootCA.crt')
+key_raw = File.read('./certs/key.pem')
+cert = OpenSSL::X509::Certificate.new(cert_raw)
+key = OpenSSL::PKey.read(key_raw)
+use TLSProxy, cert: cert, key: key, use_ssl: true, verify_mode: OpenSSL::SSL::VERIFY_PEER, ssl_version: 'TLSv1_2'
+```
+And rewrite host for example:
+```ruby
+# tls_proxy.rb
+class TLSProxy < Rack::Proxy
+  attr_accessor :original_request, :query_params
+  def rewrite_env(env)
+    env["HTTP_HOST"] = "client-tls-auth-api.com:443"
+    env
+  end
+end
+```
 WARNING
 ----

data/lib/rack/http_streaming_response.rb CHANGED Viewed

@@ -1,13 +1,16 @@
 require "net_http_hacked"
+require "stringio"
 module Rack
   # Wraps the hacked net/http in a Rack way.
   class HttpStreamingResponse
-    attr_accessor :use_ssl
-    attr_accessor :verify_mode
-    attr_accessor :read_timeout
-    attr_accessor :ssl_version
+    STATUSES_WITH_NO_ENTITY_BODY = {
+      204 => true,
+      205 => true,
+      304 => true
+    }.freeze
+    attr_accessor :use_ssl, :verify_mode, :read_timeout, :ssl_version, :cert, :key
     def initialize(request, host, port = nil)
       @request, @host, @port = request, host, port
@@ -18,60 +21,62 @@ module Rack
     end
     def code
-      response.code.to_i
+      response.code.to_i.tap do |response_code|
+        STATUSES_WITH_NO_ENTITY_BODY[response_code] && close_connection
+      end
     end
     # #status is deprecated
     alias_method :status, :code
     def headers
-      h = Utils::HeaderHash.new
-      response.to_hash.each do |k, v|
-        h[k] = v
-      end
-      h
+      Rack::Proxy.build_header_hash(response.to_hash)
     end
     # Can be called only once!
     def each(&block)
+      return if connection_closed
       response.read_body(&block)
     ensure
-      session.end_request_hacked
-      session.finish
+      close_connection
     end
     def to_s
-      @body ||= begin
-        lines = []
-        each do |line|
-          lines << line
-        end
-        lines.join
-      end
+      @to_s ||= StringIO.new.tap { |io| each { |line| io << line } }.string
     end
     protected
     # Net::HTTPResponse
     def response
-      @response ||= session.begin_request_hacked(@request)
+      @response ||= session.begin_request_hacked(request)
     end
     # Net::HTTP
     def session
-      @session ||= begin
-        http = Net::HTTP.new @host, @port
-        http.use_ssl = self.use_ssl
-        http.verify_mode = self.verify_mode
-        http.read_timeout = self.read_timeout
-        http.ssl_version = self.ssl_version if self.use_ssl
+      @session ||= Net::HTTP.new(host, port).tap do |http|
+        http.use_ssl = use_ssl
+        http.verify_mode = verify_mode
+        http.read_timeout = read_timeout
+        http.ssl_version = ssl_version if ssl_version
+        http.cert = cert if cert
+        http.key = key if key
         http.start
       end
     end
-  end
+    private
+    attr_reader :request, :host, :port
+    attr_accessor :connection_closed
+    def close_connection
+      return if connection_closed
+      session.end_request_hacked
+      session.finish
+      self.connection_closed = true
+    end
+  end
 end

data/lib/rack/proxy.rb CHANGED Viewed

@@ -5,7 +5,18 @@ module Rack
   # Subclass and bring your own #rewrite_request and #rewrite_response
   class Proxy
-    VERSION = "0.7.2"
+    VERSION = "0.7.7".freeze
+    HOP_BY_HOP_HEADERS = {
+      'connection' => true,
+      'keep-alive' => true,
+      'proxy-authenticate' => true,
+      'proxy-authorization' => true,
+      'te' => true,
+      'trailer' => true,
+      'transfer-encoding' => true,
+      'upgrade' => true
+    }.freeze
     class << self
       def extract_http_request_headers(env)
@@ -13,22 +24,28 @@ module Rack
           !(/^HTTP_[A-Z0-9_\.]+$/ === k) || v.nil?
         end.map do |k, v|
           [reconstruct_header_name(k), v]
-        end.inject(Utils::HeaderHash.new) do |hash, k_v|
-          k, v = k_v
-          hash[k] = v
-          hash
-        end
+        end.then { |pairs| build_header_hash(pairs) }
-        x_forwarded_for = (headers["X-Forwarded-For"].to_s.split(/, +/) << env["REMOTE_ADDR"]).join(", ")
+        x_forwarded_for = (headers['X-Forwarded-For'].to_s.split(/, +/) << env['REMOTE_ADDR']).join(', ')
-        headers.merge!("X-Forwarded-For" =>  x_forwarded_for)
+        headers.merge!('X-Forwarded-For' => x_forwarded_for)
       end
       def normalize_headers(headers)
         mapped = headers.map do |k, v|
           [titleize(k), if v.is_a? Array then v.join("\n") else v end]
         end
-        Utils::HeaderHash.new Hash[mapped]
+        build_header_hash Hash[mapped]
+      end
+      def build_header_hash(pairs)
+        if Rack.const_defined?(:Headers)
+          # Rack::Headers is only available from Rack 3 onward
+          Headers.new.tap { |headers| pairs.each { |k, v| headers[k] = v } }
+        else
+          # Rack::Utils::HeaderHash is deprecated from Rack 3 onward and is to be removed in 3.1
+          Utils::HeaderHash.new(pairs)
+        end
       end
       protected
@@ -56,6 +73,9 @@ module Rack
       @backend = opts[:backend] ? URI(opts[:backend]) : nil
       @read_timeout = opts.fetch(:read_timeout, 60)
       @ssl_version = opts[:ssl_version]
+      @cert = opts[:cert]
+      @key = opts[:key]
+      @verify_mode = opts[:verify_mode]
       @username = opts[:username]
       @password = opts[:password]
@@ -106,8 +126,7 @@ module Rack
       target_request.basic_auth(@username, @password) if @username && @password
       backend = env.delete('rack.backend') || @backend || source_request
-      use_ssl = backend.scheme == "https"
-      ssl_verify_none = (env.delete('rack.ssl_verify_none') || @ssl_verify_none) == true
+      use_ssl = backend.scheme == "https" || @cert
       read_timeout = env.delete('http.read_timeout') || @read_timeout
       # Create the response
@@ -116,30 +135,34 @@ module Rack
         target_response = HttpStreamingResponse.new(target_request, backend.host, backend.port)
         target_response.use_ssl = use_ssl
         target_response.read_timeout = read_timeout
-        target_response.verify_mode = OpenSSL::SSL::VERIFY_NONE if use_ssl && ssl_verify_none
         target_response.ssl_version = @ssl_version if @ssl_version
+        target_response.verify_mode = (@verify_mode || OpenSSL::SSL::VERIFY_NONE) if use_ssl
+        target_response.cert = @cert if @cert
+        target_response.key = @key if @key
       else
         http = Net::HTTP.new(backend.host, backend.port)
         http.use_ssl = use_ssl if use_ssl
         http.read_timeout = read_timeout
-        http.verify_mode = OpenSSL::SSL::VERIFY_NONE if use_ssl && ssl_verify_none
         http.ssl_version = @ssl_version if @ssl_version
+        http.verify_mode = (@verify_mode || OpenSSL::SSL::VERIFY_NONE if use_ssl) if use_ssl
+        http.cert = @cert if @cert
+        http.key = @key if @key
         target_response = http.start do
           http.request(target_request)
         end
       end
+      code    = target_response.code
       headers = self.class.normalize_headers(target_response.respond_to?(:headers) ? target_response.headers : target_response.to_hash)
       body    = target_response.body || [""]
       body    = [body] unless body.respond_to?(:each)
       # According to https://tools.ietf.org/html/draft-ietf-httpbis-p1-messaging-14#section-7.1.3.1Acc
       # should remove hop-by-hop header fields
-      headers.reject! { |k| ['connection', 'keep-alive', 'proxy-authenticate', 'proxy-authorization', 'te', 'trailer', 'transfer-encoding', 'upgrade'].include? k.downcase }
-      [target_response.code, headers, body]
-    end
+      headers.reject! { |k| HOP_BY_HOP_HEADERS[k.downcase] }
+      [code, headers, body]
+    end
   end
 end

data/lib/rack_proxy_examples/example_service_proxy.rb CHANGED Viewed

@@ -5,7 +5,7 @@
 # 1. rails new test_app
 # 2. cd test_app
 # 3. install Rack-Proxy in `Gemfile`
-#    a. `gem 'rack-proxy', '~> 0.7.2'`
+#    a. `gem 'rack-proxy', '~> 0.7.7'`
 # 4. install gem: `bundle install`
 # 5. create `config/initializers/proxy.rb` adding this line `require 'rack_proxy_examples/example_service_proxy'`
 # 6. run: `SERVICE_URL=http://guides.rubyonrails.org rails server`

data/rack-proxy.gemspec CHANGED Viewed

@@ -12,6 +12,7 @@ Gem::Specification.new do |s|
   s.homepage    = "https://github.com/ncr/rack-proxy"
   s.summary     = %q{A request/response rewriting HTTP proxy. A Rack app.}
   s.description = %q{A Rack app that provides request/response rewriting proxy capabilities with streaming.}
+  s.required_ruby_version = '>= 2.6'
   s.files         = `git ls-files`.split("\n")
   s.test_files    = `git ls-files -- {test,spec,features}/*`.split("\n")

data/test/http_streaming_response_test.rb CHANGED Viewed

@@ -4,7 +4,7 @@ require "rack/http_streaming_response"
 class HttpStreamingResponseTest < Test::Unit::TestCase
   def setup
-    host, req = "mockapi.io", Net::HTTP::Get.new("/")
+    host, req = "example.com", Net::HTTP::Get.new("/")
     @response = Rack::HttpStreamingResponse.new(req, host, 443)
     @response.use_ssl = true
   end
@@ -37,7 +37,7 @@ class HttpStreamingResponseTest < Test::Unit::TestCase
   end
   def test_to_s
-    assert_equal @response.headers["Content-Length"].first.to_i, @response.body.to_s.size
+    assert_equal @response.headers["Content-Length"].first.to_i, @response.body.to_s.bytesize
   end
   def test_to_s_called_twice

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: rack-proxy
 version: !ruby/object:Gem::Version
-  version: 0.7.2
+  version: 0.7.7
 platform: ruby
 authors:
 - Jacek Becela
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2022-01-05 00:00:00.000000000 Z
+date: 2023-09-01 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rack
@@ -60,6 +60,7 @@ executables: []
 extensions: []
 extra_rdoc_files: []
 files:
+- ".github/FUNDING.yml"
 - ".gitignore"
 - ".travis.yml"
 - Gemfile
@@ -92,14 +93,14 @@ required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
-      version: '0'
+      version: '2.6'
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.0.3
+rubygems_version: 3.2.3
 signing_key:
 specification_version: 4
 summary: A request/response rewriting HTTP proxy. A Rack app.