rack-proxy 0.7.4 → 0.7.6
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/Gemfile.lock +1 -1
- data/README.md +31 -2
- data/lib/rack/http_streaming_response.rb +5 -5
- data/lib/rack/proxy.rb +23 -10
- data/lib/rack_proxy_examples/example_service_proxy.rb +1 -1
- data/test/http_streaming_response_test.rb +2 -2
- metadata +2 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 62be6002663408927b7852a394d35481e9fa50f9554bff82c48313d66be49555
|
4
|
+
data.tar.gz: fea7d1541cbfe2d06149918b9011459ee283f3d447ef1f64cf7b2ebda9219234
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 95b87f8db0915a3075f22cbf6b0b657b11b363d56e67ab146726887ba251f02e04744f1ff2e7a9f2fde8ed5413ba6f1eaff2ce8e9bc8012a0bb2b435a0014321
|
7
|
+
data.tar.gz: 6adfa15976e581125984b3f39f95826c56ec9d5027af966b474cd4e101f9c57b5efb6f17a49620e979107943e40d76ae8775d908ea61e8908af8fbe7e62dd061
|
data/Gemfile.lock
CHANGED
data/README.md
CHANGED
@@ -6,7 +6,7 @@ Installation
|
|
6
6
|
Add the following to your `Gemfile`:
|
7
7
|
|
8
8
|
```
|
9
|
-
gem 'rack-proxy', '~> 0.7.
|
9
|
+
gem 'rack-proxy', '~> 0.7.6'
|
10
10
|
```
|
11
11
|
|
12
12
|
Or install:
|
@@ -136,7 +136,7 @@ Test with `require 'rack_proxy_examples/example_service_proxy'`
|
|
136
136
|
# 1. rails new test_app
|
137
137
|
# 2. cd test_app
|
138
138
|
# 3. install Rack-Proxy in `Gemfile`
|
139
|
-
# a. `gem 'rack-proxy', '~> 0.7.
|
139
|
+
# a. `gem 'rack-proxy', '~> 0.7.6'`
|
140
140
|
# 4. install gem: `bundle install`
|
141
141
|
# 5. create `config/initializers/proxy.rb` adding this line `require 'rack_proxy_examples/example_service_proxy'`
|
142
142
|
# 6. run: `SERVICE_URL=http://guides.rubyonrails.org rails server`
|
@@ -297,6 +297,35 @@ Add some domain name like `debug.your_app.com` into your local `/etc/hosts` file
|
|
297
297
|
|
298
298
|
Next start the proxy and your app. And now you can access to your Spring application through SSL connection via `https://debug.your_app.com` URI in a browser.
|
299
299
|
|
300
|
+
### Using SSL/TLS certificates with HTTP connection
|
301
|
+
This may be helpful, when third-party API has authentication by client TLS certificates and you need to proxy your requests and sign them with certificate.
|
302
|
+
|
303
|
+
Just specify Rack::Proxy SSL options and your request will use TLS HTTP connection:
|
304
|
+
```ruby
|
305
|
+
# config.ru
|
306
|
+
. . .
|
307
|
+
|
308
|
+
cert_raw = File.read('./certs/rootCA.crt')
|
309
|
+
key_raw = File.read('./certs/key.pem')
|
310
|
+
|
311
|
+
cert = OpenSSL::X509::Certificate.new(cert_raw)
|
312
|
+
key = OpenSSL::PKey.read(key_raw)
|
313
|
+
|
314
|
+
use TLSProxy, cert: cert, key: key, use_ssl: true, verify_mode: OpenSSL::SSL::VERIFY_PEER, ssl_version: 'TLSv1_2'
|
315
|
+
```
|
316
|
+
|
317
|
+
And rewrite host for example:
|
318
|
+
```ruby
|
319
|
+
# tls_proxy.rb
|
320
|
+
class TLSProxy < Rack::Proxy
|
321
|
+
attr_accessor :original_request, :query_params
|
322
|
+
|
323
|
+
def rewrite_env(env)
|
324
|
+
env["HTTP_HOST"] = "client-tls-auth-api.com:443"
|
325
|
+
env
|
326
|
+
end
|
327
|
+
end
|
328
|
+
```
|
300
329
|
|
301
330
|
WARNING
|
302
331
|
----
|
@@ -10,7 +10,7 @@ module Rack
|
|
10
10
|
304 => true
|
11
11
|
}.freeze
|
12
12
|
|
13
|
-
attr_accessor :use_ssl, :verify_mode, :read_timeout, :ssl_version
|
13
|
+
attr_accessor :use_ssl, :verify_mode, :read_timeout, :ssl_version, :cert, :key
|
14
14
|
|
15
15
|
def initialize(request, host, port = nil)
|
16
16
|
@request, @host, @port = request, host, port
|
@@ -29,9 +29,7 @@ module Rack
|
|
29
29
|
alias_method :status, :code
|
30
30
|
|
31
31
|
def headers
|
32
|
-
|
33
|
-
response.to_hash.each { |k, v| h[k] = v }
|
34
|
-
end
|
32
|
+
Rack::Proxy.build_header_hash(response.to_hash)
|
35
33
|
end
|
36
34
|
|
37
35
|
# Can be called only once!
|
@@ -60,7 +58,9 @@ module Rack
|
|
60
58
|
http.use_ssl = use_ssl
|
61
59
|
http.verify_mode = verify_mode
|
62
60
|
http.read_timeout = read_timeout
|
63
|
-
http.ssl_version = ssl_version if
|
61
|
+
http.ssl_version = ssl_version if ssl_version
|
62
|
+
http.cert = cert if cert
|
63
|
+
http.key = key if key
|
64
64
|
http.start
|
65
65
|
end
|
66
66
|
end
|
data/lib/rack/proxy.rb
CHANGED
@@ -5,7 +5,7 @@ module Rack
|
|
5
5
|
|
6
6
|
# Subclass and bring your own #rewrite_request and #rewrite_response
|
7
7
|
class Proxy
|
8
|
-
VERSION = "0.7.
|
8
|
+
VERSION = "0.7.6".freeze
|
9
9
|
|
10
10
|
HOP_BY_HOP_HEADERS = {
|
11
11
|
'connection' => true,
|
@@ -24,11 +24,7 @@ module Rack
|
|
24
24
|
!(/^HTTP_[A-Z0-9_\.]+$/ === k) || v.nil?
|
25
25
|
end.map do |k, v|
|
26
26
|
[reconstruct_header_name(k), v]
|
27
|
-
end.
|
28
|
-
k, v = k_v
|
29
|
-
hash[k] = v
|
30
|
-
hash
|
31
|
-
end
|
27
|
+
end.then { |pairs| build_header_hash(pairs) }
|
32
28
|
|
33
29
|
x_forwarded_for = (headers['X-Forwarded-For'].to_s.split(/, +/) << env['REMOTE_ADDR']).join(', ')
|
34
30
|
|
@@ -39,7 +35,17 @@ module Rack
|
|
39
35
|
mapped = headers.map do |k, v|
|
40
36
|
[titleize(k), if v.is_a? Array then v.join("\n") else v end]
|
41
37
|
end
|
42
|
-
|
38
|
+
build_header_hash Hash[mapped]
|
39
|
+
end
|
40
|
+
|
41
|
+
def build_header_hash(pairs)
|
42
|
+
if Rack.const_defined?(:Headers)
|
43
|
+
# Rack::Headers is only available from Rack 3 onward
|
44
|
+
Headers.new.tap { |headers| pairs.each { |k, v| headers[k] = v } }
|
45
|
+
else
|
46
|
+
# Rack::Utils::HeaderHash is deprecated from Rack 3 onward and is to be removed in 3.1
|
47
|
+
Utils::HeaderHash.new(pairs)
|
48
|
+
end
|
43
49
|
end
|
44
50
|
|
45
51
|
protected
|
@@ -67,6 +73,9 @@ module Rack
|
|
67
73
|
@backend = opts[:backend] ? URI(opts[:backend]) : nil
|
68
74
|
@read_timeout = opts.fetch(:read_timeout, 60)
|
69
75
|
@ssl_version = opts[:ssl_version]
|
76
|
+
@cert = opts[:cert]
|
77
|
+
@key = opts[:key]
|
78
|
+
@verify_mode = opts[:verify_mode]
|
70
79
|
|
71
80
|
@username = opts[:username]
|
72
81
|
@password = opts[:password]
|
@@ -117,7 +126,7 @@ module Rack
|
|
117
126
|
target_request.basic_auth(@username, @password) if @username && @password
|
118
127
|
|
119
128
|
backend = env.delete('rack.backend') || @backend || source_request
|
120
|
-
use_ssl = backend.scheme == "https"
|
129
|
+
use_ssl = backend.scheme == "https" || @cert
|
121
130
|
ssl_verify_none = (env.delete('rack.ssl_verify_none') || @ssl_verify_none) == true
|
122
131
|
read_timeout = env.delete('http.read_timeout') || @read_timeout
|
123
132
|
|
@@ -127,14 +136,18 @@ module Rack
|
|
127
136
|
target_response = HttpStreamingResponse.new(target_request, backend.host, backend.port)
|
128
137
|
target_response.use_ssl = use_ssl
|
129
138
|
target_response.read_timeout = read_timeout
|
130
|
-
target_response.verify_mode = OpenSSL::SSL::VERIFY_NONE if use_ssl && ssl_verify_none
|
131
139
|
target_response.ssl_version = @ssl_version if @ssl_version
|
140
|
+
target_response.verify_mode = (@verify_mode || OpenSSL::SSL::VERIFY_NONE) if use_ssl
|
141
|
+
target_response.cert = @cert if @cert
|
142
|
+
target_response.key = @key if @key
|
132
143
|
else
|
133
144
|
http = Net::HTTP.new(backend.host, backend.port)
|
134
145
|
http.use_ssl = use_ssl if use_ssl
|
135
146
|
http.read_timeout = read_timeout
|
136
|
-
http.verify_mode = OpenSSL::SSL::VERIFY_NONE if use_ssl && ssl_verify_none
|
137
147
|
http.ssl_version = @ssl_version if @ssl_version
|
148
|
+
http.verify_mode = (@verify_mode || OpenSSL::SSL::VERIFY_NONE if use_ssl) if use_ssl
|
149
|
+
http.cert = @cert if @cert
|
150
|
+
http.key = @key if @key
|
138
151
|
|
139
152
|
target_response = http.start do
|
140
153
|
http.request(target_request)
|
@@ -5,7 +5,7 @@
|
|
5
5
|
# 1. rails new test_app
|
6
6
|
# 2. cd test_app
|
7
7
|
# 3. install Rack-Proxy in `Gemfile`
|
8
|
-
# a. `gem 'rack-proxy', '~> 0.7.
|
8
|
+
# a. `gem 'rack-proxy', '~> 0.7.6'`
|
9
9
|
# 4. install gem: `bundle install`
|
10
10
|
# 5. create `config/initializers/proxy.rb` adding this line `require 'rack_proxy_examples/example_service_proxy'`
|
11
11
|
# 6. run: `SERVICE_URL=http://guides.rubyonrails.org rails server`
|
@@ -4,7 +4,7 @@ require "rack/http_streaming_response"
|
|
4
4
|
class HttpStreamingResponseTest < Test::Unit::TestCase
|
5
5
|
|
6
6
|
def setup
|
7
|
-
host, req = "
|
7
|
+
host, req = "example.com", Net::HTTP::Get.new("/")
|
8
8
|
@response = Rack::HttpStreamingResponse.new(req, host, 443)
|
9
9
|
@response.use_ssl = true
|
10
10
|
end
|
@@ -37,7 +37,7 @@ class HttpStreamingResponseTest < Test::Unit::TestCase
|
|
37
37
|
end
|
38
38
|
|
39
39
|
def test_to_s
|
40
|
-
assert_equal @response.headers["Content-Length"].first.to_i, @response.body.to_s.
|
40
|
+
assert_equal @response.headers["Content-Length"].first.to_i, @response.body.to_s.bytesize
|
41
41
|
end
|
42
42
|
|
43
43
|
def test_to_s_called_twice
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: rack-proxy
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.7.
|
4
|
+
version: 0.7.6
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Jacek Becela
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date:
|
11
|
+
date: 2023-01-17 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: rack
|