rack-proxy 0.7.4 → 0.7.7
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/Gemfile.lock +8 -8
- data/README.md +31 -2
- data/lib/rack/http_streaming_response.rb +5 -5
- data/lib/rack/proxy.rb +23 -11
- data/lib/rack_proxy_examples/example_service_proxy.rb +1 -1
- data/rack-proxy.gemspec +1 -0
- data/test/http_streaming_response_test.rb +2 -2
- metadata +4 -4
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 888784aa8d1d28ae0dc2a1352aa44ba8e639d5cd604043facbb31da3fa1dc759
|
|
4
|
+
data.tar.gz: 9ba49effcffcacb930ab08fe2f6a9fd08040b60800b8aa8e5ccc274053f36c4e
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 606ed720fb5b8c67cd1fc3058b9644e88fb2e7768d4fce4606ba0332fac24cadca11a36ab50d97cb7ff5767664864b1c1a2cf5108cd58a66fecfb3b93de37517
|
|
7
|
+
data.tar.gz: a91cc8541d7af6c390fe1c0faa3c923942a14cce746eebc3d170b95b45aafc5871a04ad1ec9fee6f0c07500534755c794f76d0c14bccdcf5fdaad06e239aeb07
|
data/Gemfile.lock
CHANGED
|
@@ -1,22 +1,22 @@
|
|
|
1
1
|
PATH
|
|
2
2
|
remote: .
|
|
3
3
|
specs:
|
|
4
|
-
rack-proxy (0.7.
|
|
4
|
+
rack-proxy (0.7.7)
|
|
5
5
|
rack
|
|
6
6
|
|
|
7
7
|
GEM
|
|
8
8
|
remote: https://rubygems.org/
|
|
9
9
|
specs:
|
|
10
|
-
power_assert (2.0.
|
|
11
|
-
rack (
|
|
12
|
-
rack-test (
|
|
13
|
-
rack (>= 1.
|
|
10
|
+
power_assert (2.0.3)
|
|
11
|
+
rack (3.0.8)
|
|
12
|
+
rack-test (2.1.0)
|
|
13
|
+
rack (>= 1.3)
|
|
14
14
|
rake (13.0.6)
|
|
15
|
-
test-unit (3.
|
|
15
|
+
test-unit (3.6.1)
|
|
16
16
|
power_assert
|
|
17
17
|
|
|
18
18
|
PLATFORMS
|
|
19
|
-
|
|
19
|
+
arm64-darwin-22
|
|
20
20
|
|
|
21
21
|
DEPENDENCIES
|
|
22
22
|
rack-proxy!
|
|
@@ -25,4 +25,4 @@ DEPENDENCIES
|
|
|
25
25
|
test-unit
|
|
26
26
|
|
|
27
27
|
BUNDLED WITH
|
|
28
|
-
2.
|
|
28
|
+
2.4.17
|
data/README.md
CHANGED
|
@@ -6,7 +6,7 @@ Installation
|
|
|
6
6
|
Add the following to your `Gemfile`:
|
|
7
7
|
|
|
8
8
|
```
|
|
9
|
-
gem 'rack-proxy', '~> 0.7.
|
|
9
|
+
gem 'rack-proxy', '~> 0.7.7'
|
|
10
10
|
```
|
|
11
11
|
|
|
12
12
|
Or install:
|
|
@@ -136,7 +136,7 @@ Test with `require 'rack_proxy_examples/example_service_proxy'`
|
|
|
136
136
|
# 1. rails new test_app
|
|
137
137
|
# 2. cd test_app
|
|
138
138
|
# 3. install Rack-Proxy in `Gemfile`
|
|
139
|
-
# a. `gem 'rack-proxy', '~> 0.7.
|
|
139
|
+
# a. `gem 'rack-proxy', '~> 0.7.7'`
|
|
140
140
|
# 4. install gem: `bundle install`
|
|
141
141
|
# 5. create `config/initializers/proxy.rb` adding this line `require 'rack_proxy_examples/example_service_proxy'`
|
|
142
142
|
# 6. run: `SERVICE_URL=http://guides.rubyonrails.org rails server`
|
|
@@ -297,6 +297,35 @@ Add some domain name like `debug.your_app.com` into your local `/etc/hosts` file
|
|
|
297
297
|
|
|
298
298
|
Next start the proxy and your app. And now you can access to your Spring application through SSL connection via `https://debug.your_app.com` URI in a browser.
|
|
299
299
|
|
|
300
|
+
### Using SSL/TLS certificates with HTTP connection
|
|
301
|
+
This may be helpful, when third-party API has authentication by client TLS certificates and you need to proxy your requests and sign them with certificate.
|
|
302
|
+
|
|
303
|
+
Just specify Rack::Proxy SSL options and your request will use TLS HTTP connection:
|
|
304
|
+
```ruby
|
|
305
|
+
# config.ru
|
|
306
|
+
. . .
|
|
307
|
+
|
|
308
|
+
cert_raw = File.read('./certs/rootCA.crt')
|
|
309
|
+
key_raw = File.read('./certs/key.pem')
|
|
310
|
+
|
|
311
|
+
cert = OpenSSL::X509::Certificate.new(cert_raw)
|
|
312
|
+
key = OpenSSL::PKey.read(key_raw)
|
|
313
|
+
|
|
314
|
+
use TLSProxy, cert: cert, key: key, use_ssl: true, verify_mode: OpenSSL::SSL::VERIFY_PEER, ssl_version: 'TLSv1_2'
|
|
315
|
+
```
|
|
316
|
+
|
|
317
|
+
And rewrite host for example:
|
|
318
|
+
```ruby
|
|
319
|
+
# tls_proxy.rb
|
|
320
|
+
class TLSProxy < Rack::Proxy
|
|
321
|
+
attr_accessor :original_request, :query_params
|
|
322
|
+
|
|
323
|
+
def rewrite_env(env)
|
|
324
|
+
env["HTTP_HOST"] = "client-tls-auth-api.com:443"
|
|
325
|
+
env
|
|
326
|
+
end
|
|
327
|
+
end
|
|
328
|
+
```
|
|
300
329
|
|
|
301
330
|
WARNING
|
|
302
331
|
----
|
|
@@ -10,7 +10,7 @@ module Rack
|
|
|
10
10
|
304 => true
|
|
11
11
|
}.freeze
|
|
12
12
|
|
|
13
|
-
attr_accessor :use_ssl, :verify_mode, :read_timeout, :ssl_version
|
|
13
|
+
attr_accessor :use_ssl, :verify_mode, :read_timeout, :ssl_version, :cert, :key
|
|
14
14
|
|
|
15
15
|
def initialize(request, host, port = nil)
|
|
16
16
|
@request, @host, @port = request, host, port
|
|
@@ -29,9 +29,7 @@ module Rack
|
|
|
29
29
|
alias_method :status, :code
|
|
30
30
|
|
|
31
31
|
def headers
|
|
32
|
-
|
|
33
|
-
response.to_hash.each { |k, v| h[k] = v }
|
|
34
|
-
end
|
|
32
|
+
Rack::Proxy.build_header_hash(response.to_hash)
|
|
35
33
|
end
|
|
36
34
|
|
|
37
35
|
# Can be called only once!
|
|
@@ -60,7 +58,9 @@ module Rack
|
|
|
60
58
|
http.use_ssl = use_ssl
|
|
61
59
|
http.verify_mode = verify_mode
|
|
62
60
|
http.read_timeout = read_timeout
|
|
63
|
-
http.ssl_version = ssl_version if
|
|
61
|
+
http.ssl_version = ssl_version if ssl_version
|
|
62
|
+
http.cert = cert if cert
|
|
63
|
+
http.key = key if key
|
|
64
64
|
http.start
|
|
65
65
|
end
|
|
66
66
|
end
|
data/lib/rack/proxy.rb
CHANGED
|
@@ -5,7 +5,7 @@ module Rack
|
|
|
5
5
|
|
|
6
6
|
# Subclass and bring your own #rewrite_request and #rewrite_response
|
|
7
7
|
class Proxy
|
|
8
|
-
VERSION = "0.7.
|
|
8
|
+
VERSION = "0.7.7".freeze
|
|
9
9
|
|
|
10
10
|
HOP_BY_HOP_HEADERS = {
|
|
11
11
|
'connection' => true,
|
|
@@ -24,11 +24,7 @@ module Rack
|
|
|
24
24
|
!(/^HTTP_[A-Z0-9_\.]+$/ === k) || v.nil?
|
|
25
25
|
end.map do |k, v|
|
|
26
26
|
[reconstruct_header_name(k), v]
|
|
27
|
-
end.
|
|
28
|
-
k, v = k_v
|
|
29
|
-
hash[k] = v
|
|
30
|
-
hash
|
|
31
|
-
end
|
|
27
|
+
end.then { |pairs| build_header_hash(pairs) }
|
|
32
28
|
|
|
33
29
|
x_forwarded_for = (headers['X-Forwarded-For'].to_s.split(/, +/) << env['REMOTE_ADDR']).join(', ')
|
|
34
30
|
|
|
@@ -39,7 +35,17 @@ module Rack
|
|
|
39
35
|
mapped = headers.map do |k, v|
|
|
40
36
|
[titleize(k), if v.is_a? Array then v.join("\n") else v end]
|
|
41
37
|
end
|
|
42
|
-
|
|
38
|
+
build_header_hash Hash[mapped]
|
|
39
|
+
end
|
|
40
|
+
|
|
41
|
+
def build_header_hash(pairs)
|
|
42
|
+
if Rack.const_defined?(:Headers)
|
|
43
|
+
# Rack::Headers is only available from Rack 3 onward
|
|
44
|
+
Headers.new.tap { |headers| pairs.each { |k, v| headers[k] = v } }
|
|
45
|
+
else
|
|
46
|
+
# Rack::Utils::HeaderHash is deprecated from Rack 3 onward and is to be removed in 3.1
|
|
47
|
+
Utils::HeaderHash.new(pairs)
|
|
48
|
+
end
|
|
43
49
|
end
|
|
44
50
|
|
|
45
51
|
protected
|
|
@@ -67,6 +73,9 @@ module Rack
|
|
|
67
73
|
@backend = opts[:backend] ? URI(opts[:backend]) : nil
|
|
68
74
|
@read_timeout = opts.fetch(:read_timeout, 60)
|
|
69
75
|
@ssl_version = opts[:ssl_version]
|
|
76
|
+
@cert = opts[:cert]
|
|
77
|
+
@key = opts[:key]
|
|
78
|
+
@verify_mode = opts[:verify_mode]
|
|
70
79
|
|
|
71
80
|
@username = opts[:username]
|
|
72
81
|
@password = opts[:password]
|
|
@@ -117,8 +126,7 @@ module Rack
|
|
|
117
126
|
target_request.basic_auth(@username, @password) if @username && @password
|
|
118
127
|
|
|
119
128
|
backend = env.delete('rack.backend') || @backend || source_request
|
|
120
|
-
use_ssl = backend.scheme == "https"
|
|
121
|
-
ssl_verify_none = (env.delete('rack.ssl_verify_none') || @ssl_verify_none) == true
|
|
129
|
+
use_ssl = backend.scheme == "https" || @cert
|
|
122
130
|
read_timeout = env.delete('http.read_timeout') || @read_timeout
|
|
123
131
|
|
|
124
132
|
# Create the response
|
|
@@ -127,14 +135,18 @@ module Rack
|
|
|
127
135
|
target_response = HttpStreamingResponse.new(target_request, backend.host, backend.port)
|
|
128
136
|
target_response.use_ssl = use_ssl
|
|
129
137
|
target_response.read_timeout = read_timeout
|
|
130
|
-
target_response.verify_mode = OpenSSL::SSL::VERIFY_NONE if use_ssl && ssl_verify_none
|
|
131
138
|
target_response.ssl_version = @ssl_version if @ssl_version
|
|
139
|
+
target_response.verify_mode = (@verify_mode || OpenSSL::SSL::VERIFY_NONE) if use_ssl
|
|
140
|
+
target_response.cert = @cert if @cert
|
|
141
|
+
target_response.key = @key if @key
|
|
132
142
|
else
|
|
133
143
|
http = Net::HTTP.new(backend.host, backend.port)
|
|
134
144
|
http.use_ssl = use_ssl if use_ssl
|
|
135
145
|
http.read_timeout = read_timeout
|
|
136
|
-
http.verify_mode = OpenSSL::SSL::VERIFY_NONE if use_ssl && ssl_verify_none
|
|
137
146
|
http.ssl_version = @ssl_version if @ssl_version
|
|
147
|
+
http.verify_mode = (@verify_mode || OpenSSL::SSL::VERIFY_NONE if use_ssl) if use_ssl
|
|
148
|
+
http.cert = @cert if @cert
|
|
149
|
+
http.key = @key if @key
|
|
138
150
|
|
|
139
151
|
target_response = http.start do
|
|
140
152
|
http.request(target_request)
|
|
@@ -5,7 +5,7 @@
|
|
|
5
5
|
# 1. rails new test_app
|
|
6
6
|
# 2. cd test_app
|
|
7
7
|
# 3. install Rack-Proxy in `Gemfile`
|
|
8
|
-
# a. `gem 'rack-proxy', '~> 0.7.
|
|
8
|
+
# a. `gem 'rack-proxy', '~> 0.7.7'`
|
|
9
9
|
# 4. install gem: `bundle install`
|
|
10
10
|
# 5. create `config/initializers/proxy.rb` adding this line `require 'rack_proxy_examples/example_service_proxy'`
|
|
11
11
|
# 6. run: `SERVICE_URL=http://guides.rubyonrails.org rails server`
|
data/rack-proxy.gemspec
CHANGED
|
@@ -12,6 +12,7 @@ Gem::Specification.new do |s|
|
|
|
12
12
|
s.homepage = "https://github.com/ncr/rack-proxy"
|
|
13
13
|
s.summary = %q{A request/response rewriting HTTP proxy. A Rack app.}
|
|
14
14
|
s.description = %q{A Rack app that provides request/response rewriting proxy capabilities with streaming.}
|
|
15
|
+
s.required_ruby_version = '>= 2.6'
|
|
15
16
|
|
|
16
17
|
s.files = `git ls-files`.split("\n")
|
|
17
18
|
s.test_files = `git ls-files -- {test,spec,features}/*`.split("\n")
|
|
@@ -4,7 +4,7 @@ require "rack/http_streaming_response"
|
|
|
4
4
|
class HttpStreamingResponseTest < Test::Unit::TestCase
|
|
5
5
|
|
|
6
6
|
def setup
|
|
7
|
-
host, req = "
|
|
7
|
+
host, req = "example.com", Net::HTTP::Get.new("/")
|
|
8
8
|
@response = Rack::HttpStreamingResponse.new(req, host, 443)
|
|
9
9
|
@response.use_ssl = true
|
|
10
10
|
end
|
|
@@ -37,7 +37,7 @@ class HttpStreamingResponseTest < Test::Unit::TestCase
|
|
|
37
37
|
end
|
|
38
38
|
|
|
39
39
|
def test_to_s
|
|
40
|
-
assert_equal @response.headers["Content-Length"].first.to_i, @response.body.to_s.
|
|
40
|
+
assert_equal @response.headers["Content-Length"].first.to_i, @response.body.to_s.bytesize
|
|
41
41
|
end
|
|
42
42
|
|
|
43
43
|
def test_to_s_called_twice
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: rack-proxy
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.7.
|
|
4
|
+
version: 0.7.7
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Jacek Becela
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date:
|
|
11
|
+
date: 2023-09-01 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: rack
|
|
@@ -93,14 +93,14 @@ required_ruby_version: !ruby/object:Gem::Requirement
|
|
|
93
93
|
requirements:
|
|
94
94
|
- - ">="
|
|
95
95
|
- !ruby/object:Gem::Version
|
|
96
|
-
version: '
|
|
96
|
+
version: '2.6'
|
|
97
97
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
|
98
98
|
requirements:
|
|
99
99
|
- - ">="
|
|
100
100
|
- !ruby/object:Gem::Version
|
|
101
101
|
version: '0'
|
|
102
102
|
requirements: []
|
|
103
|
-
rubygems_version: 3.
|
|
103
|
+
rubygems_version: 3.2.3
|
|
104
104
|
signing_key:
|
|
105
105
|
specification_version: 4
|
|
106
106
|
summary: A request/response rewriting HTTP proxy. A Rack app.
|