rack-reverse-proxy-pact 1.0.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: 266ec4e7f0ec590e1cc7b632cb434c061ecd4caac4959ade57b63c483b083483
+  data.tar.gz: dc24cc984e0ca19a848e27a880a695214ed832a2950cf7af0313d4f642594a96
+SHA512:
+  metadata.gz: bea8e5c559239d1fb6a7915787aa8d12dcd509e4ace2822d7c51c0f1b414a9233f388e324b903f692227c63a92337013d658f3011b550cc3d8e32cca35ac9d93
+  data.tar.gz: 545e1b83c39cbfef470f6389466abd46a0a930d454bbe1ae159bd9fa8ae04fa2914ecd4fd1f7ce1a74e78b4d9b1e4d50e9edf21f2670aa01c335ec68e8c30477

data/.document

@@ -0,0 +1,5 @@
+README.rdoc
+lib/**/*.rb
+bin/*
+features/**/*.feature
+LICENSE

data/.github/workflows/test.yml

@@ -0,0 +1,22 @@
+name: Test
+
+on: [push, pull_request]
+
+jobs:
+  test:
+    strategy:
+      fail-fast: false
+      matrix:
+        ruby_version: ["2.7", "3.0", "3.1", "3.2", "3.3"]
+        os: ["ubuntu-latest","windows-latest","macos-latest"]
+        rack_version: ["2", "3"]
+    runs-on: ${{ matrix.os }}
+    env:
+      RACK_VERSION: ${{ matrix.rack_version }}
+    steps:
+      - uses: actions/checkout@v4
+      - uses: ruby/setup-ruby@v1
+        with:
+          ruby-version: ${{ matrix.ruby_version }}
+      - run: "bundle install"
+      - run: "bundle exec rake"

data/.gitignore

@@ -0,0 +1,16 @@
+/.bundle/
+/.yardoc
+/Gemfile.lock
+/_yardoc/
+/coverage/
+/doc/
+/pkg/
+/spec/reports/
+/spec/examples.txt
+/tmp/
+*.bundle
+*.so
+*.o
+*.a
+mkmf.log
+tests.lock

data/.rspec

@@ -0,0 +1 @@
+--color

data/.rubocop.yml

@@ -0,0 +1,21 @@
+Style/StringLiterals:
+  EnforcedStyle: double_quotes
+
+Metrics/LineLength:
+  Max: 100
+
+#begin ruby 1.8 support
+Style/HashSyntax:
+  EnforcedStyle: hash_rockets
+
+Style/Lambda:
+  Enabled: false
+
+Style/TrailingCommaInLiteral:
+  EnforcedStyleForMultiline: no_comma
+
+Style/TrailingCommaInArguments:
+  EnforcedStyleForMultiline: no_comma
+
+Style/EachWithObject:
+  Enabled: false

data/.travis.yml

@@ -0,0 +1,19 @@
+language: ruby
+rvm:
+  - 2.2.5
+  - 2.3.1
+  - 2.4.1
+  - jruby-9.0.5.0
+  - rbx
+
+before_install:
+  - gem install bundler
+
+bundler_args: --without development
+
+script:
+  - bundle exec rspec
+
+matrix:
+  allow_failures:
+    - rvm: rbx

data/CHANGELOG.md

@@ -0,0 +1,41 @@
+# Changelog
+
+## 1.0.0 (UNRELEASED)
+
+- Breaking Change: Never modify Location headers that are only paths without hosts. [John Bachir](https://github.com/jjb) [#46](https://github.com/waterlink/rack-reverse-proxy/pull/46)
+- Breaking Change: Previously, the Accept-Encoding header was stripped by default, unless the
+  `preserve_encoding` option was set to true. Now, no headers are stripped by default, and an array
+  of headers that should be stripped can be specified with the `stripped_headers` option.
+- Breaking Change: Previously, rack-reverse-proxy had the behavior/bug that when reverse_proxy_options
+  was invoked, all options that weren't set in the invokation would be set to nil. Now, those options will remain set at their default values - [Krzysztof Knapik](https://github.com/knapo) [#37](https://github.com/waterlink/rack-reverse-proxy/pull/37) and [John Bachir](https://github.com/jjb) [#47](https://github.com/waterlink/rack-reverse-proxy/pull/47)
+- Breaking Change: Previously, when invoking reverse_proxy_options multiple times, only the
+  final invocation would have any effect. Now, the invocations will have a commulative effect.
+  [John Bachir](https://github.com/jjb) [#47](https://github.com/waterlink/rack-reverse-proxy/pull/47)
+- Bugfix: Fix rack response body for https redirects [John Bachir](https://github.com/jjb) [#43](https://github.com/waterlink/rack-reverse-proxy/pull/43)
+
+## 0.12.0
+
+- Enhancement: Set "X-Forwarded-Proto" header to the proxying scheme. [Motonobu Kuryu](https://github.com/arc279) [#32](https://github.com/waterlink/rack-reverse-proxy/pull/32)
+- Bugfix: Upgrade to a version of rack-proxy with the bug fix for the unclosed network resources. [John Bachir](https://github.com/jjb) [#45](https://github.com/waterlink/rack-reverse-proxy/pull/45)
+
+## 0.11.0
+
+- Breaking Change: Rename option x_forwarded_host option to x_forwarded_headers, as it controls both X-Forwarded-Port and X-Forwarded-Host - [Aurelien Derouineau](https://github.com/aderouineau) [#26](https://github.com/waterlink/rack-reverse-proxy/pull/26)
+- Breaking Change: Strip Accept-Encoding header before forwarding request. [Max Gulyaev](https://github.com/maxilev) [#27](https://github.com/waterlink/rack-reverse-proxy/pull/27)
+
+## 0.10.0
+
+- Feature: `options[:verify_mode]` to set SSL verification mode. - [Marv Cool](https://github.com/MrMarvin) [#24](https://github.com/waterlink/rack-reverse-proxy/pull/24) and [#25](https://github.com/waterlink/rack-reverse-proxy/pull/25)
+
+## 0.9.1
+
+- Enhancement: Remove `Status` key from response headers as per Rack protocol (see [rack/lint](https://github.com/rack/rack/blob/master/lib/rack/lint.rb#L639)) - [Jan Raasch](https://github.com/janraasch) [#7](https://github.com/waterlink/rack-reverse-proxy/pull/7)
+
+## 0.9.0
+
+- Bugfix: Timeout option matches the documentation - [Paul Hepworth](https://github.com/peppyheppy)
+- Ruby 1.8 compatibility - [anujdas](https://github.com/anujdas)
+- Bugfix: Omit port in host header for default ports (80, 443), so that it doesn't break some web servers, like "Apache Coyote" - [Peter Suschlik](https://github.com/splattael)
+- Bugfix: Don't drop source request's port in response's location header - [Eric Koslow](https://github.com/ekosz)
+- Bugfix: Capitalize headers correctly to prevent duplicate headers when used together with other proxies - [Eric Koslow](https://github.com/ekosz)
+- Bugfix: Normalize headers from HttpStreamingResponse in order not to break other middlewares - [Jan Raasch](https://github.com/janraasch)

data/Gemfile

@@ -0,0 +1,20 @@
+source "https://rubygems.org"
+
+gemspec
+
+ruby_version = RUBY_VERSION.to_f
+rubocop_platform = [:ruby_20, :ruby_21, :ruby_22, :ruby_23, :ruby_24]
+rubocop_platform = [:ruby_20, :ruby_21] if ruby_version < 2.0
+
+group :test do
+  gem "rspec"
+  gem "rack-test"
+  gem "webmock"
+  gem "rubocop", :platform => rubocop_platform
+
+  gem "addressable", "< 2.4" if ruby_version < 1.9
+end
+
+group :development, :test do
+  gem "simplecov"
+end

data/LICENSE

@@ -0,0 +1,20 @@
+Copyright (c) 2009 Jon Swope
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.md

@@ -0,0 +1,129 @@
+# A Reverse Proxy for Rack
+[![TravisCI](https://secure.travis-ci.org/waterlink/rack-reverse-proxy.svg "Build Status")](http://travis-ci.org/waterlink/rack-reverse-proxy "Build Status")
+
+This is a simple reverse proxy for Rack that pretty heavily rips off Rack Forwarder. It is not meant for production systems (although it may work), as the webserver fronting your app is generally much better at this sort of thing.
+
+## Forked Repository Details
+
+This repository was forked from source - https://github.com/waterlink/rack-reverse-proxy in order to apply Rack 3 compatibility, alongside Rack 2 backwards-compatibility.
+
+Changes are applied against the branch [`rack_2_and_3_compat`](https://github.com/pact-foundation/rack-reverse-proxy/tree/feat/rack_2_and_3_compat)
+
+The upstream PR is [here](https://github.com/waterlink/rack-reverse-proxy/pull/74).
+
+It also includes [changes merged](https://github.com/waterlink/rack-reverse-proxy/pull/52) but not released to the original project, as requested by @bethesque [here](https://github.com/waterlink/rack-reverse-proxy/issues/67)
+
+## Installation
+The gem is available on rubygems.  Assuming you have a recent version of Rubygems you should just be able to install it via:
+
+```
+gem install rack-reverse-proxy
+```
+
+For your Gemfile use:
+
+```ruby
+gem "rack-reverse-proxy", require: "rack/reverse_proxy"
+```
+
+## Usage
+
+`Rack::ReverseProxy` should ideally be the very first middleware in your
+stack. In a typical use case it is being used to proxy an entirely
+different website through your application, so it's unlikely that you will want
+any other middleware to modify the requests or responses. The examples below
+reflect this.
+
+
+### Generic Rack app example
+
+```ruby
+require 'rack/reverse_proxy'
+
+use Rack::ReverseProxy do
+  # Set :preserve_host to true globally (default is true already)
+  reverse_proxy_options preserve_host: true
+
+  # Forward the path /test* to http://example.com/test*
+  reverse_proxy '/test', 'http://example.com/'
+
+  # Forward the path /foo/* to http://example.com/bar/*
+  reverse_proxy /^\/foo(\/.*)$/, 'http://example.com/bar$1', username: 'name', password: 'basic_auth_secret'
+end
+
+app = proc do |env|
+  [ 200, {'Content-Type' => 'text/plain'}, ["b"] ]
+end
+run app
+```
+
+### Ruby on Rails app example
+
+This example use `config.middleware.insert(0` to ensure that
+`Rack::ReverseProxy` is first in the stack. It is possible that
+other code in your app (usually in application.rb, development.rb, or production.rb)
+will take over this position in the stack. To ensure
+that this is not the case, view the stack by running `rails middleware`. You should see
+`Rack::ReverseProxy` at the top. Note that
+the middleware stack will likely differ slightly in each environment. All that said, it's a pretty
+safe bet to put the below code into application.rb.
+
+```ruby
+# config/application.rb
+config.middleware.insert(0, Rack::ReverseProxy) do
+  reverse_proxy_options preserve_host: true
+  reverse_proxy '/wiki', 'http://wiki.example.com/'
+end
+```
+
+### Rules
+
+As seen in the Rack example above, `reverse_proxy` can be invoked multiple times with
+different rules, which will be commulatively added.
+
+Rules can be a regex or a string. If a regex is used, you can use the subcaptures in your forwarding url by denoting them with a `$`.
+
+Right now if more than one rule matches any given route, it throws an exception for an ambiguous match.  This will probably change later. If no match is found, the call is forwarded to your application.
+
+
+### Options
+
+`reverse_proxy_options` sets global options for all reverse proxies. Available options are:
+
+* `:preserve_host` Set to false to omit Host headers
+* `:username` username for basic auth
+* `:password` password for basic auth
+* `:matching` is a global only option, if set to :first the first matched url will be requested (no ambigous error). Default: :all.
+* `:timeout` seconds to timout the requests
+* `:force_ssl` redirects to ssl version, if not already using it (requires `:replace_response_host`). Default: false.
+* `:verify_mode` the `OpenSSL::SSL` verify mode passed to Net::HTTP. Default: `OpenSSL::SSL::VERIFY_PEER`.
+* `:x_forwarded_headers` sets up proper `X-Forwarded-*` headers. Default: true.
+* `:stripped_headers` Array of headers that should be stripped before forwarding reqeust. Default: nil.
+  e.g. `stripped_headers: ["Accept-Encoding", "Foo-Bar"]`
+
+If `reverse_proxy_options` is invoked multiple times, the invocations will have a commulative effect,
+only overwritting the values which they specify. Example of how this could be useful:
+
+```ruby
+config.middleware.insert(0, Rack::ReverseProxy) do
+  reverse_proxy_options preserve_host: false
+  if Rails.env.production? or Rails.env.staging?
+    reverse_proxy_options force_ssl: true, replace_response_host: true
+  end
+  reverse_proxy /^\/blog(\/?.*)$/, 'http://blog.example.com/blog$1'
+end
+```
+
+## Note on Patches/Pull Requests
+* Fork the project.
+* Make your feature addition or bug fix.
+* Add tests for it. This is important so I don't break it in a
+  future version unintentionally.
+* Commit, do not mess with rakefile, version, or history.
+  (if you want to have your own version, that is fine but bump version in a commit by itself I can ignore when I pull)
+* Send me a pull request. Bonus points for topic branches.
+
+## Contributors
+
+- Jon Swope, creator
+- Oleksii Fedorov, maintainer

data/Rakefile

@@ -0,0 +1,10 @@
+require "rubygems"
+require "rake"
+require "bundler/gem_tasks"
+require "rspec/core/rake_task"
+
+RSpec::Core::RakeTask.new(:spec) do |spec|
+  spec.pattern = "spec/**/*_spec.rb"
+end
+
+task :default => :spec

data/lib/rack/reverse_proxy.rb

@@ -0,0 +1,6 @@
+require "rack_reverse_proxy"
+
+# Re-opening Rack module only to define ReverseProxy constant
+module Rack
+  ReverseProxy = RackReverseProxy::Middleware
+end

data/lib/rack_reverse_proxy/errors.rb

@@ -0,0 +1,36 @@
+module RackReverseProxy
+  module Errors
+    # GenericURI indicates that url is too generic
+    class GenericURI < RuntimeError
+      attr_reader :url
+
+      def intialize(url)
+        @url = url
+      end
+
+      def to_s
+        %(Your URL "#{@url}" is too generic. Did you mean "http://#{@url}"?)
+      end
+    end
+
+    # AmbiguousMatch indicates that path matched more than one endpoint
+    class AmbiguousMatch < RuntimeError
+      attr_reader :path, :matches
+
+      def initialize(path, matches)
+        @path = path
+        @matches = matches
+      end
+
+      def to_s
+        %(Path "#{path}" matched multiple endpoints: #{formatted_matches})
+      end
+
+      private
+
+      def formatted_matches
+        matches.map(&:to_s).join(", ")
+      end
+    end
+  end
+end

data/lib/rack_reverse_proxy/middleware.rb

@@ -0,0 +1,47 @@
+require "net/http"
+require "net/https"
+require "rack-proxy"
+require "rack_reverse_proxy/roundtrip"
+
+module RackReverseProxy
+  # Rack middleware for handling reverse proxying
+  class Middleware
+    include NewRelic::Agent::Instrumentation::ControllerInstrumentation if defined? NewRelic
+
+    DEFAULT_OPTIONS = {
+      :preserve_host => true,
+      :stripped_headers => nil,
+      :x_forwarded_headers => true,
+      :matching => :all,
+      :replace_response_host => false
+    }
+
+    def initialize(app = nil, &b)
+      @app = app || lambda { |_| [404, rack_version_less_than_three ? [] : {}, []] }
+      @rules = []
+      @global_options = DEFAULT_OPTIONS
+      instance_eval(&b) if block_given?
+    end
+
+    def call(env)
+      RoundTrip.new(@app, env, @global_options, @rules).call
+    end
+
+    private
+
+    def rack_version_less_than_three
+      Rack.release.split('.').first.to_i < 3
+    end
+
+    def reverse_proxy_options(options)
+      @global_options = @global_options.merge(options)
+    end
+
+    def reverse_proxy(rule, url = nil, opts = {})
+      if rule.is_a?(String) && url.is_a?(String) && URI(url).class == URI::Generic
+        raise Errors::GenericURI.new, url
+      end
+      @rules << Rule.new(rule, url, opts)
+    end
+  end
+end

data/lib/rack_reverse_proxy/response_builder.rb

@@ -0,0 +1,60 @@
+module RackReverseProxy
+  # ResponseBuilder knows target response building process
+  class ResponseBuilder
+    def initialize(target_request, uri, options)
+      @target_request = target_request
+      @uri = uri
+      @options = options
+    end
+
+    def fetch
+      setup_response
+      target_response
+    end
+
+    private
+
+    def setup_response
+      set_read_timeout
+      handle_https
+      handle_verify_mode
+    end
+
+    def set_read_timeout
+      return unless read_timeout?
+      target_response.read_timeout = options[:timeout]
+    end
+
+    def read_timeout?
+      options[:timeout].to_i > 0
+    end
+
+    def handle_https
+      return unless https?
+      target_response.use_ssl = true
+    end
+
+    def https?
+      "https" == uri.scheme
+    end
+
+    def handle_verify_mode
+      return unless verify_mode?
+      target_response.verify_mode = options[:verify_mode]
+    end
+
+    def verify_mode?
+      options.key?(:verify_mode)
+    end
+
+    def target_response
+      @_target_response ||= Rack::HttpStreamingResponse.new(
+        target_request,
+        uri.host,
+        uri.port
+      )
+    end
+
+    attr_reader :target_request, :uri, :options
+  end
+end