rack-proxy 0.7.4 → 0.7.6
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/Gemfile.lock +1 -1
- data/README.md +31 -2
- data/lib/rack/http_streaming_response.rb +5 -5
- data/lib/rack/proxy.rb +23 -10
- data/lib/rack_proxy_examples/example_service_proxy.rb +1 -1
- data/test/http_streaming_response_test.rb +2 -2
- metadata +2 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 62be6002663408927b7852a394d35481e9fa50f9554bff82c48313d66be49555
|
4
|
+
data.tar.gz: fea7d1541cbfe2d06149918b9011459ee283f3d447ef1f64cf7b2ebda9219234
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 95b87f8db0915a3075f22cbf6b0b657b11b363d56e67ab146726887ba251f02e04744f1ff2e7a9f2fde8ed5413ba6f1eaff2ce8e9bc8012a0bb2b435a0014321
|
7
|
+
data.tar.gz: 6adfa15976e581125984b3f39f95826c56ec9d5027af966b474cd4e101f9c57b5efb6f17a49620e979107943e40d76ae8775d908ea61e8908af8fbe7e62dd061
|
data/Gemfile.lock
CHANGED
data/README.md
CHANGED
@@ -6,7 +6,7 @@ Installation
|
|
6
6
|
Add the following to your `Gemfile`:
|
7
7
|
|
8
8
|
```
|
9
|
-
gem 'rack-proxy', '~> 0.7.
|
9
|
+
gem 'rack-proxy', '~> 0.7.6'
|
10
10
|
```
|
11
11
|
|
12
12
|
Or install:
|
@@ -136,7 +136,7 @@ Test with `require 'rack_proxy_examples/example_service_proxy'`
|
|
136
136
|
# 1. rails new test_app
|
137
137
|
# 2. cd test_app
|
138
138
|
# 3. install Rack-Proxy in `Gemfile`
|
139
|
-
# a. `gem 'rack-proxy', '~> 0.7.
|
139
|
+
# a. `gem 'rack-proxy', '~> 0.7.6'`
|
140
140
|
# 4. install gem: `bundle install`
|
141
141
|
# 5. create `config/initializers/proxy.rb` adding this line `require 'rack_proxy_examples/example_service_proxy'`
|
142
142
|
# 6. run: `SERVICE_URL=http://guides.rubyonrails.org rails server`
|
@@ -297,6 +297,35 @@ Add some domain name like `debug.your_app.com` into your local `/etc/hosts` file
|
|
297
297
|
|
298
298
|
Next start the proxy and your app. And now you can access to your Spring application through SSL connection via `https://debug.your_app.com` URI in a browser.
|
299
299
|
|
300
|
+
### Using SSL/TLS certificates with HTTP connection
|
301
|
+
This may be helpful, when third-party API has authentication by client TLS certificates and you need to proxy your requests and sign them with certificate.
|
302
|
+
|
303
|
+
Just specify Rack::Proxy SSL options and your request will use TLS HTTP connection:
|
304
|
+
```ruby
|
305
|
+
# config.ru
|
306
|
+
. . .
|
307
|
+
|
308
|
+
cert_raw = File.read('./certs/rootCA.crt')
|
309
|
+
key_raw = File.read('./certs/key.pem')
|
310
|
+
|
311
|
+
cert = OpenSSL::X509::Certificate.new(cert_raw)
|
312
|
+
key = OpenSSL::PKey.read(key_raw)
|
313
|
+
|
314
|
+
use TLSProxy, cert: cert, key: key, use_ssl: true, verify_mode: OpenSSL::SSL::VERIFY_PEER, ssl_version: 'TLSv1_2'
|
315
|
+
```
|
316
|
+
|
317
|
+
And rewrite host for example:
|
318
|
+
```ruby
|
319
|
+
# tls_proxy.rb
|
320
|
+
class TLSProxy < Rack::Proxy
|
321
|
+
attr_accessor :original_request, :query_params
|
322
|
+
|
323
|
+
def rewrite_env(env)
|
324
|
+
env["HTTP_HOST"] = "client-tls-auth-api.com:443"
|
325
|
+
env
|
326
|
+
end
|
327
|
+
end
|
328
|
+
```
|
300
329
|
|
301
330
|
WARNING
|
302
331
|
----
|
@@ -10,7 +10,7 @@ module Rack
|
|
10
10
|
304 => true
|
11
11
|
}.freeze
|
12
12
|
|
13
|
-
attr_accessor :use_ssl, :verify_mode, :read_timeout, :ssl_version
|
13
|
+
attr_accessor :use_ssl, :verify_mode, :read_timeout, :ssl_version, :cert, :key
|
14
14
|
|
15
15
|
def initialize(request, host, port = nil)
|
16
16
|
@request, @host, @port = request, host, port
|
@@ -29,9 +29,7 @@ module Rack
|
|
29
29
|
alias_method :status, :code
|
30
30
|
|
31
31
|
def headers
|
32
|
-
|
33
|
-
response.to_hash.each { |k, v| h[k] = v }
|
34
|
-
end
|
32
|
+
Rack::Proxy.build_header_hash(response.to_hash)
|
35
33
|
end
|
36
34
|
|
37
35
|
# Can be called only once!
|
@@ -60,7 +58,9 @@ module Rack
|
|
60
58
|
http.use_ssl = use_ssl
|
61
59
|
http.verify_mode = verify_mode
|
62
60
|
http.read_timeout = read_timeout
|
63
|
-
http.ssl_version = ssl_version if
|
61
|
+
http.ssl_version = ssl_version if ssl_version
|
62
|
+
http.cert = cert if cert
|
63
|
+
http.key = key if key
|
64
64
|
http.start
|
65
65
|
end
|
66
66
|
end
|
data/lib/rack/proxy.rb
CHANGED
@@ -5,7 +5,7 @@ module Rack
|
|
5
5
|
|
6
6
|
# Subclass and bring your own #rewrite_request and #rewrite_response
|
7
7
|
class Proxy
|
8
|
-
VERSION = "0.7.
|
8
|
+
VERSION = "0.7.6".freeze
|
9
9
|
|
10
10
|
HOP_BY_HOP_HEADERS = {
|
11
11
|
'connection' => true,
|
@@ -24,11 +24,7 @@ module Rack
|
|
24
24
|
!(/^HTTP_[A-Z0-9_\.]+$/ === k) || v.nil?
|
25
25
|
end.map do |k, v|
|
26
26
|
[reconstruct_header_name(k), v]
|
27
|
-
end.
|
28
|
-
k, v = k_v
|
29
|
-
hash[k] = v
|
30
|
-
hash
|
31
|
-
end
|
27
|
+
end.then { |pairs| build_header_hash(pairs) }
|
32
28
|
|
33
29
|
x_forwarded_for = (headers['X-Forwarded-For'].to_s.split(/, +/) << env['REMOTE_ADDR']).join(', ')
|
34
30
|
|
@@ -39,7 +35,17 @@ module Rack
|
|
39
35
|
mapped = headers.map do |k, v|
|
40
36
|
[titleize(k), if v.is_a? Array then v.join("\n") else v end]
|
41
37
|
end
|
42
|
-
|
38
|
+
build_header_hash Hash[mapped]
|
39
|
+
end
|
40
|
+
|
41
|
+
def build_header_hash(pairs)
|
42
|
+
if Rack.const_defined?(:Headers)
|
43
|
+
# Rack::Headers is only available from Rack 3 onward
|
44
|
+
Headers.new.tap { |headers| pairs.each { |k, v| headers[k] = v } }
|
45
|
+
else
|
46
|
+
# Rack::Utils::HeaderHash is deprecated from Rack 3 onward and is to be removed in 3.1
|
47
|
+
Utils::HeaderHash.new(pairs)
|
48
|
+
end
|
43
49
|
end
|
44
50
|
|
45
51
|
protected
|
@@ -67,6 +73,9 @@ module Rack
|
|
67
73
|
@backend = opts[:backend] ? URI(opts[:backend]) : nil
|
68
74
|
@read_timeout = opts.fetch(:read_timeout, 60)
|
69
75
|
@ssl_version = opts[:ssl_version]
|
76
|
+
@cert = opts[:cert]
|
77
|
+
@key = opts[:key]
|
78
|
+
@verify_mode = opts[:verify_mode]
|
70
79
|
|
71
80
|
@username = opts[:username]
|
72
81
|
@password = opts[:password]
|
@@ -117,7 +126,7 @@ module Rack
|
|
117
126
|
target_request.basic_auth(@username, @password) if @username && @password
|
118
127
|
|
119
128
|
backend = env.delete('rack.backend') || @backend || source_request
|
120
|
-
use_ssl = backend.scheme == "https"
|
129
|
+
use_ssl = backend.scheme == "https" || @cert
|
121
130
|
ssl_verify_none = (env.delete('rack.ssl_verify_none') || @ssl_verify_none) == true
|
122
131
|
read_timeout = env.delete('http.read_timeout') || @read_timeout
|
123
132
|
|
@@ -127,14 +136,18 @@ module Rack
|
|
127
136
|
target_response = HttpStreamingResponse.new(target_request, backend.host, backend.port)
|
128
137
|
target_response.use_ssl = use_ssl
|
129
138
|
target_response.read_timeout = read_timeout
|
130
|
-
target_response.verify_mode = OpenSSL::SSL::VERIFY_NONE if use_ssl && ssl_verify_none
|
131
139
|
target_response.ssl_version = @ssl_version if @ssl_version
|
140
|
+
target_response.verify_mode = (@verify_mode || OpenSSL::SSL::VERIFY_NONE) if use_ssl
|
141
|
+
target_response.cert = @cert if @cert
|
142
|
+
target_response.key = @key if @key
|
132
143
|
else
|
133
144
|
http = Net::HTTP.new(backend.host, backend.port)
|
134
145
|
http.use_ssl = use_ssl if use_ssl
|
135
146
|
http.read_timeout = read_timeout
|
136
|
-
http.verify_mode = OpenSSL::SSL::VERIFY_NONE if use_ssl && ssl_verify_none
|
137
147
|
http.ssl_version = @ssl_version if @ssl_version
|
148
|
+
http.verify_mode = (@verify_mode || OpenSSL::SSL::VERIFY_NONE if use_ssl) if use_ssl
|
149
|
+
http.cert = @cert if @cert
|
150
|
+
http.key = @key if @key
|
138
151
|
|
139
152
|
target_response = http.start do
|
140
153
|
http.request(target_request)
|
@@ -5,7 +5,7 @@
|
|
5
5
|
# 1. rails new test_app
|
6
6
|
# 2. cd test_app
|
7
7
|
# 3. install Rack-Proxy in `Gemfile`
|
8
|
-
# a. `gem 'rack-proxy', '~> 0.7.
|
8
|
+
# a. `gem 'rack-proxy', '~> 0.7.6'`
|
9
9
|
# 4. install gem: `bundle install`
|
10
10
|
# 5. create `config/initializers/proxy.rb` adding this line `require 'rack_proxy_examples/example_service_proxy'`
|
11
11
|
# 6. run: `SERVICE_URL=http://guides.rubyonrails.org rails server`
|
@@ -4,7 +4,7 @@ require "rack/http_streaming_response"
|
|
4
4
|
class HttpStreamingResponseTest < Test::Unit::TestCase
|
5
5
|
|
6
6
|
def setup
|
7
|
-
host, req = "
|
7
|
+
host, req = "example.com", Net::HTTP::Get.new("/")
|
8
8
|
@response = Rack::HttpStreamingResponse.new(req, host, 443)
|
9
9
|
@response.use_ssl = true
|
10
10
|
end
|
@@ -37,7 +37,7 @@ class HttpStreamingResponseTest < Test::Unit::TestCase
|
|
37
37
|
end
|
38
38
|
|
39
39
|
def test_to_s
|
40
|
-
assert_equal @response.headers["Content-Length"].first.to_i, @response.body.to_s.
|
40
|
+
assert_equal @response.headers["Content-Length"].first.to_i, @response.body.to_s.bytesize
|
41
41
|
end
|
42
42
|
|
43
43
|
def test_to_s_called_twice
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: rack-proxy
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.7.
|
4
|
+
version: 0.7.6
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Jacek Becela
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date:
|
11
|
+
date: 2023-01-17 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: rack
|