rack-proxy 0.7.4 → 0.7.6

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 896fa421268e5b014853a876ec69e499e5e48b5befd5c7438ffacd4094ceeb75
-  data.tar.gz: dfcdf003e020c8590eaaf1dd0a531f0a516b85ece47898261611e5149bd81411
+  metadata.gz: 62be6002663408927b7852a394d35481e9fa50f9554bff82c48313d66be49555
+  data.tar.gz: fea7d1541cbfe2d06149918b9011459ee283f3d447ef1f64cf7b2ebda9219234
 SHA512:
-  metadata.gz: 16d0245d20d2144d34fbbb15f23ba719dd189c8d9e9166caf55c13e3492406a3af9803f76b6ae07b10c1d6700385caf2d41825188554834ef010a90af666250e
-  data.tar.gz: f477d57ddd81d95f95e700952daf8168d4001098cc458b5aac2599cafc0847923ed25cd0ea6aed711e9bae6461b54a7e826f0d4ea34737a6b440bf961ba21251
+  metadata.gz: 95b87f8db0915a3075f22cbf6b0b657b11b363d56e67ab146726887ba251f02e04744f1ff2e7a9f2fde8ed5413ba6f1eaff2ce8e9bc8012a0bb2b435a0014321
+  data.tar.gz: 6adfa15976e581125984b3f39f95826c56ec9d5027af966b474cd4e101f9c57b5efb6f17a49620e979107943e40d76ae8775d908ea61e8908af8fbe7e62dd061

data/Gemfile.lock

@@ -1,7 +1,7 @@
 PATH
   remote: .
   specs:
-    rack-proxy (0.7.4)
+    rack-proxy (0.7.6)
       rack
 
 GEM

data/README.md

@@ -6,7 +6,7 @@ Installation
 Add the following to your `Gemfile`:
 
 ```
-gem 'rack-proxy', '~> 0.7.4'
+gem 'rack-proxy', '~> 0.7.6'
 ```
 
 Or install:
@@ -136,7 +136,7 @@ Test with `require 'rack_proxy_examples/example_service_proxy'`
 # 1. rails new test_app
 # 2. cd test_app
 # 3. install Rack-Proxy in `Gemfile`
-#    a. `gem 'rack-proxy', '~> 0.7.4'`
+#    a. `gem 'rack-proxy', '~> 0.7.6'`
 # 4. install gem: `bundle install`
 # 5. create `config/initializers/proxy.rb` adding this line `require 'rack_proxy_examples/example_service_proxy'`
 # 6. run: `SERVICE_URL=http://guides.rubyonrails.org rails server`
@@ -297,6 +297,35 @@ Add some domain name like `debug.your_app.com` into your local `/etc/hosts` file
 
 Next start the proxy and your app. And now you can access to your Spring application through SSL connection via `https://debug.your_app.com` URI in a browser.
 
+### Using SSL/TLS certificates with HTTP connection
+This may be helpful, when third-party API has authentication by client TLS certificates and you need to proxy your requests and sign them with certificate.
+
+Just specify Rack::Proxy SSL options and your request will use TLS HTTP connection:
+```ruby
+# config.ru
+. . .
+
+cert_raw = File.read('./certs/rootCA.crt')
+key_raw = File.read('./certs/key.pem')
+
+cert = OpenSSL::X509::Certificate.new(cert_raw)
+key = OpenSSL::PKey.read(key_raw)
+
+use TLSProxy, cert: cert, key: key, use_ssl: true, verify_mode: OpenSSL::SSL::VERIFY_PEER, ssl_version: 'TLSv1_2'
+```
+
+And rewrite host for example:
+```ruby
+# tls_proxy.rb
+class TLSProxy < Rack::Proxy
+  attr_accessor :original_request, :query_params
+
+  def rewrite_env(env)
+    env["HTTP_HOST"] = "client-tls-auth-api.com:443"
+    env
+  end
+end
+```
 
 WARNING
 ----

data/lib/rack/http_streaming_response.rb

@@ -10,7 +10,7 @@ module Rack
       304 => true
     }.freeze
 
-    attr_accessor :use_ssl, :verify_mode, :read_timeout, :ssl_version
+    attr_accessor :use_ssl, :verify_mode, :read_timeout, :ssl_version, :cert, :key
 
     def initialize(request, host, port = nil)
       @request, @host, @port = request, host, port
@@ -29,9 +29,7 @@ module Rack
     alias_method :status, :code
 
     def headers
-      Utils::HeaderHash.new.tap do |h|
-        response.to_hash.each { |k, v| h[k] = v }
-      end
+      Rack::Proxy.build_header_hash(response.to_hash)
     end
 
     # Can be called only once!
@@ -60,7 +58,9 @@ module Rack
         http.use_ssl = use_ssl
         http.verify_mode = verify_mode
         http.read_timeout = read_timeout
-        http.ssl_version = ssl_version if use_ssl
+        http.ssl_version = ssl_version if ssl_version
+        http.cert = cert if cert
+        http.key = key if key
         http.start
       end
     end

data/lib/rack/proxy.rb

@@ -5,7 +5,7 @@ module Rack
 
   # Subclass and bring your own #rewrite_request and #rewrite_response
   class Proxy
-    VERSION = "0.7.4".freeze
+    VERSION = "0.7.6".freeze
 
     HOP_BY_HOP_HEADERS = {
       'connection' => true,
@@ -24,11 +24,7 @@ module Rack
           !(/^HTTP_[A-Z0-9_\.]+$/ === k) || v.nil?
         end.map do |k, v|
           [reconstruct_header_name(k), v]
-        end.inject(Utils::HeaderHash.new) do |hash, k_v|
-          k, v = k_v
-          hash[k] = v
-          hash
-        end
+        end.then { |pairs| build_header_hash(pairs) }
 
         x_forwarded_for = (headers['X-Forwarded-For'].to_s.split(/, +/) << env['REMOTE_ADDR']).join(', ')
 
@@ -39,7 +35,17 @@ module Rack
         mapped = headers.map do |k, v|
           [titleize(k), if v.is_a? Array then v.join("\n") else v end]
         end
-        Utils::HeaderHash.new Hash[mapped]
+        build_header_hash Hash[mapped]
+      end
+
+      def build_header_hash(pairs)
+        if Rack.const_defined?(:Headers)
+          # Rack::Headers is only available from Rack 3 onward
+          Headers.new.tap { |headers| pairs.each { |k, v| headers[k] = v } }
+        else
+          # Rack::Utils::HeaderHash is deprecated from Rack 3 onward and is to be removed in 3.1
+          Utils::HeaderHash.new(pairs)
+        end
       end
 
       protected
@@ -67,6 +73,9 @@ module Rack
       @backend = opts[:backend] ? URI(opts[:backend]) : nil
       @read_timeout = opts.fetch(:read_timeout, 60)
       @ssl_version = opts[:ssl_version]
+      @cert = opts[:cert]
+      @key = opts[:key]
+      @verify_mode = opts[:verify_mode]
 
       @username = opts[:username]
       @password = opts[:password]
@@ -117,7 +126,7 @@ module Rack
       target_request.basic_auth(@username, @password) if @username && @password
 
       backend = env.delete('rack.backend') || @backend || source_request
-      use_ssl = backend.scheme == "https"
+      use_ssl = backend.scheme == "https" || @cert
       ssl_verify_none = (env.delete('rack.ssl_verify_none') || @ssl_verify_none) == true
       read_timeout = env.delete('http.read_timeout') || @read_timeout
 
@@ -127,14 +136,18 @@ module Rack
         target_response = HttpStreamingResponse.new(target_request, backend.host, backend.port)
         target_response.use_ssl = use_ssl
         target_response.read_timeout = read_timeout
-        target_response.verify_mode = OpenSSL::SSL::VERIFY_NONE if use_ssl && ssl_verify_none
         target_response.ssl_version = @ssl_version if @ssl_version
+        target_response.verify_mode = (@verify_mode || OpenSSL::SSL::VERIFY_NONE) if use_ssl
+        target_response.cert = @cert if @cert
+        target_response.key = @key if @key
       else
         http = Net::HTTP.new(backend.host, backend.port)
         http.use_ssl = use_ssl if use_ssl
         http.read_timeout = read_timeout
-        http.verify_mode = OpenSSL::SSL::VERIFY_NONE if use_ssl && ssl_verify_none
         http.ssl_version = @ssl_version if @ssl_version
+        http.verify_mode = (@verify_mode || OpenSSL::SSL::VERIFY_NONE if use_ssl) if use_ssl
+        http.cert = @cert if @cert
+        http.key = @key if @key
 
         target_response = http.start do
           http.request(target_request)

data/lib/rack_proxy_examples/example_service_proxy.rb

@@ -5,7 +5,7 @@
 # 1. rails new test_app
 # 2. cd test_app
 # 3. install Rack-Proxy in `Gemfile`
-#    a. `gem 'rack-proxy', '~> 0.7.4'`
+#    a. `gem 'rack-proxy', '~> 0.7.6'`
 # 4. install gem: `bundle install`
 # 5. create `config/initializers/proxy.rb` adding this line `require 'rack_proxy_examples/example_service_proxy'`
 # 6. run: `SERVICE_URL=http://guides.rubyonrails.org rails server`

data/test/http_streaming_response_test.rb

@@ -4,7 +4,7 @@ require "rack/http_streaming_response"
 class HttpStreamingResponseTest < Test::Unit::TestCase
 
   def setup
-    host, req = "mockapi.io", Net::HTTP::Get.new("/")
+    host, req = "example.com", Net::HTTP::Get.new("/")
     @response = Rack::HttpStreamingResponse.new(req, host, 443)
     @response.use_ssl = true
   end
@@ -37,7 +37,7 @@ class HttpStreamingResponseTest < Test::Unit::TestCase
   end
 
   def test_to_s
-    assert_equal @response.headers["Content-Length"].first.to_i, @response.body.to_s.size
+    assert_equal @response.headers["Content-Length"].first.to_i, @response.body.to_s.bytesize
   end
 
   def test_to_s_called_twice

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: rack-proxy
 version: !ruby/object:Gem::Version
-  version: 0.7.4
+  version: 0.7.6
 platform: ruby
 authors:
 - Jacek Becela
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2022-09-13 00:00:00.000000000 Z
+date: 2023-01-17 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rack