rack-secure_only 0.1.0

data/.document

@@ -0,0 +1,5 @@
+README.rdoc
+lib/**/*.rb
+bin/*
+features/**/*.feature
+LICENSE

data/.gitignore

@@ -0,0 +1,21 @@
+## MAC OS
+.DS_Store
+
+## TEXTMATE
+*.tmproj
+tmtags
+
+## EMACS
+*~
+\#*
+.\#*
+
+## VIM
+*.swp
+
+## PROJECT::GENERAL
+coverage
+rdoc
+pkg
+
+## PROJECT::SPECIFIC

data/LICENSE

@@ -0,0 +1,20 @@
+Copyright (c) 2009 Klaas Speller
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.rdoc

@@ -0,0 +1,43 @@
+= rack-secure_only
+
+SecureOnly will redirect to https if the request is on http.
+
+When passed :secure => false it will do the opposite and redirect https to http.
+
+The check if the current request is on https includes checking the HTTP_X_FORWARDED_PROTO header.
+
+This means the redirect will also work on heroku.com
+
+== Usage
+
+	require 'rack/secure_only'
+
+	app = Rack::Builder.new do      
+	  map '/secure' do
+	    use Rack::SecureOnly
+	    run lambda { |env| [200, { 'Content-Type' => 'text/plain' }, ["SECURE APP"]] }
+	  end
+  
+	  map '/notsecure' do
+	    use Rack::SecureOnly, :secure => false
+	    run lambda { |env| [200, { 'Content-Type' => 'text/plain' }, ["NON SECURE APP"]] }
+	  end
+	end
+	
+	run app
+	
+This will redirect all requests to /secure to https and all requests to /notsecure to http.
+
+== Note on Patches/Pull Requests
+ 
+* Fork the project.
+* Make your feature addition or bug fix.
+* Add tests for it. This is important so I don't break it in a
+  future version unintentionally.
+* Commit, do not mess with rakefile, version, or history.
+  (if you want to have your own version, that is fine but bump version in a commit by itself I can ignore when I pull)
+* Send me a pull request. Bonus points for topic branches.
+
+== Copyright
+
+Copyright (c) 2010 Klaas Speller. See LICENSE for details.

data/Rakefile

@@ -0,0 +1,38 @@
+require 'rubygems'
+require 'rake'
+
+begin
+  require 'jeweler'
+  Jeweler::Tasks.new do |gem|
+    gem.name = "rack-secure_only"
+    gem.summary = %Q{Redirect http to https and the other way around}
+    gem.description = %Q{Redirect http to https and the other way around}
+    gem.email = "klaasspeller@gmail.com"
+    gem.homepage = "http://github.com/spllr/rack-secure_only"
+    gem.authors = ["Klaas Speller"]
+    gem.add_development_dependency "rspec", ">= 1.2.9"
+    gem.add_development_dependency "rack-test", ">= 0.5.3"
+    gem.add_dependency "rack", ">= 1.1.0"
+  end
+  Jeweler::GemcutterTasks.new
+rescue LoadError
+  puts "Jeweler (or a dependency) not available. Install it with: gem install jeweler"
+end
+
+require 'spec/rake/spectask'
+Spec::Rake::SpecTask.new(:spec) do |spec|
+  spec.libs << 'lib' << 'spec'
+  spec.spec_files = FileList['spec/**/*_spec.rb']
+end
+
+task :default => :spec
+
+require 'rake/rdoctask'
+Rake::RDocTask.new do |rdoc|
+  version = File.exist?('VERSION') ? File.read('VERSION') : ""
+
+  rdoc.rdoc_dir = 'rdoc'
+  rdoc.title = "rack-secure_only #{version}"
+  rdoc.rdoc_files.include('README*')
+  rdoc.rdoc_files.include('lib/**/*.rb')
+end

data/VERSION

@@ -0,0 +1 @@
+0.1.0

data/lib/rack/secure_only.rb

@@ -0,0 +1,66 @@
+require "rack"
+
+module Rack
+  
+  # SecureOnly will redirect to https if the request is on http.
+  # 
+  # When passed :secure => false it will do the opposite and redirect https to http
+  #
+  # The check if the current request is on https includes checking 
+  # the HTTP_X_FORWARDED_PROTO header.
+  #
+  # This means the redirect will also work on heroku.com
+  #
+  class SecureOnly
+    def initialize(app, opts={})
+      opts    = { :secure => true }.merge(opts)
+      @app    = app
+      @secure = opts[:secure]
+    end
+    
+    def call(env)
+      should_redirect, to_path = redirect?(env)
+      return [307, { 'Content-Type'  => 'text/plain', 'Location' => to_path }, ["Redirect"]] if should_redirect
+      @app.call(env)
+    end
+    
+    # Returns true if the current url scheme is http
+    # and the HTTP_X_FORWARDED_PROTO header is not set to https
+    # 
+    def on_http?(env)
+      ( env['rack.url_scheme'] == 'http' && env['HTTP_X_FORWARDED_PROTO'] != 'https')
+    end
+    
+    # Returns true if the current url scheme is https or 
+    # the HTTP_X_FORWARDED_PROTO header is set to https
+    # 
+    def on_https?(env)
+      ( env['rack.url_scheme'] == 'https' || env['HTTP_X_FORWARDED_PROTO'] == 'https')
+    end
+    
+    # Boolean accesor for :secure
+    #  
+    def secure?
+      !!@secure
+    end
+
+    # Inversed boolean accesor for :secure
+    #      
+    def not_secure?
+      !secure?
+    end
+    
+    protected
+    
+    def redirect?(env)
+      req = Request.new(env)
+      if secure? && on_http?(env)
+        return [true, req.url.gsub(/^http:/,'https:')]
+      elsif not_secure? && on_https?(env)
+        return [true, req.url.gsub(/^https:/,'http:')]
+      else
+        return [false, req.url]
+      end
+    end
+  end
+end

data/rack-secure_only.gemspec

@@ -0,0 +1,61 @@
+# Generated by jeweler
+# DO NOT EDIT THIS FILE DIRECTLY
+# Instead, edit Jeweler::Tasks in Rakefile, and run the gemspec command
+# -*- encoding: utf-8 -*-
+
+Gem::Specification.new do |s|
+  s.name = %q{rack-secure_only}
+  s.version = "0.1.0"
+
+  s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
+  s.authors = ["Klaas Speller"]
+  s.date = %q{2010-05-21}
+  s.description = %q{Redirect http to https and the other way around}
+  s.email = %q{klaasspeller@gmail.com}
+  s.extra_rdoc_files = [
+    "LICENSE",
+     "README.rdoc"
+  ]
+  s.files = [
+    ".document",
+     ".gitignore",
+     "LICENSE",
+     "README.rdoc",
+     "Rakefile",
+     "VERSION",
+     "lib/rack/secure_only.rb",
+     "rack-secure_only.gemspec",
+     "spec/rack/secure_only_spec.rb",
+     "spec/spec.opts",
+     "spec/spec_helper.rb"
+  ]
+  s.homepage = %q{http://github.com/spllr/rack-secure_only}
+  s.rdoc_options = ["--charset=UTF-8"]
+  s.require_paths = ["lib"]
+  s.rubygems_version = %q{1.3.6}
+  s.summary = %q{Redirect http to https and the other way around}
+  s.test_files = [
+    "spec/rack/secure_only_spec.rb",
+     "spec/spec_helper.rb"
+  ]
+
+  if s.respond_to? :specification_version then
+    current_version = Gem::Specification::CURRENT_SPECIFICATION_VERSION
+    s.specification_version = 3
+
+    if Gem::Version.new(Gem::RubyGemsVersion) >= Gem::Version.new('1.2.0') then
+      s.add_development_dependency(%q<rspec>, [">= 1.2.9"])
+      s.add_development_dependency(%q<rack-test>, [">= 0.5.3"])
+      s.add_runtime_dependency(%q<rack>, [">= 1.1.0"])
+    else
+      s.add_dependency(%q<rspec>, [">= 1.2.9"])
+      s.add_dependency(%q<rack-test>, [">= 0.5.3"])
+      s.add_dependency(%q<rack>, [">= 1.1.0"])
+    end
+  else
+    s.add_dependency(%q<rspec>, [">= 1.2.9"])
+    s.add_dependency(%q<rack-test>, [">= 0.5.3"])
+    s.add_dependency(%q<rack>, [">= 1.1.0"])
+  end
+end
+

data/spec/rack/secure_only_spec.rb

@@ -0,0 +1,145 @@
+require File.expand_path(File.dirname(__FILE__) + '/../spec_helper')
+
+describe Rack::SecureOnly do
+  
+  def app
+    Rack::Builder.new do      
+      map '/secure' do
+        use Rack::SecureOnly
+        run lambda { |env| [200, { 'Content-Type' => 'text/plain' }, ["SECURE APP"]] }
+      end
+      
+      map '/notsecure' do
+        use Rack::SecureOnly, :secure => false
+        run lambda { |env| [200, { 'Content-Type' => 'text/plain' }, ["NON SECURE APP"]] }
+      end
+    end
+  end
+  
+  describe "Enforcing https" do
+    before(:each) do
+      @request  = Rack::MockRequest.new(app)
+      @response = @request.get('https://www.example.com/secure')
+    end
+
+    describe "when requesting https://www.example.com/secure" do
+      it "should pass" do
+        @response.body.should == "SECURE APP"
+      end
+
+      it "should set status to 200 ok" do
+        @response.status.should == 200
+      end
+
+      it "should not set a location header" do
+        @response.location.should be_nil
+      end
+
+      describe "with HTTP_X_FORWARDED_PROTO header set to https (like with heroku ssl)" do
+        before(:each) do
+          @response = @request.get('http://www.example.com/secure', { 'HTTP_X_FORWARDED_PROTO' => 'https' })
+        end
+
+        it "should do no redirect" do
+          @response.location.should be_nil
+        end
+      end
+
+    end
+
+    describe "when requesting http://www.example.com/secure" do
+      before(:each) do
+        @response = @request.get('http://www.example.com/secure')
+      end
+      it "should respond with status 307 redirect" do
+        @response.status.should == 307
+      end
+
+      it "should set location to https://www.example.com/secure" do
+        @response.location.should == "https://www.example.com/secure"
+      end
+
+      it "should set a content type" do
+        @response.content_type.should == 'text/plain'
+      end
+
+      describe "following redirect" do
+        before(:each) do
+          @redirect_response = @request.get(@response.location)
+        end
+
+        it "should pass" do
+          @redirect_response.body.should == "SECURE APP"
+        end
+
+        it "should respond 200 ok" do
+          @redirect_response.status.should == 200
+        end
+      end
+    end
+  end
+
+  describe "Enforcing http" do
+    before(:each) do
+      @request  = Rack::MockRequest.new(app)
+      @response = @request.get('https://www.example.com/notsecure')
+    end
+
+    describe "when requesting https://www.example.com/notsecure" do
+      
+      it "should respond with status 307 redirect" do
+        @response.status.should == 307
+      end
+
+      it "should set location to http://www.example.com/notsecure" do
+        @response.location.should == "http://www.example.com/notsecure"
+      end
+
+      it "should set a content type" do
+        @response.content_type.should == 'text/plain'
+      end
+
+      describe "and following redirect" do
+        before(:each) do
+          @redirect_response = @request.get(@response.location)
+        end
+
+        it "should pass" do
+          @redirect_response.body.should == "NON SECURE APP"
+        end
+
+        it "should respond 200 ok" do
+          @redirect_response.status.should == 200
+        end
+      end
+    end
+
+    describe "when requesting http://www.example.com/notsecure" do
+      before(:each) do
+        @response = @request.get('http://www.example.com/notsecure')
+      end
+      
+      it "should pass" do
+        @response.body.should == "NON SECURE APP"
+      end
+
+      it "should set status to 200 ok" do
+        @response.status.should == 200
+      end
+
+      it "should not set a location header" do
+        @response.location.should be_nil
+      end
+
+      describe "with HTTP_X_FORWARDED_PROTO header set to https (like with heroku ssl)" do
+        before(:each) do
+          @response = @request.get('http://www.example.com/notsecure', { 'HTTP_X_FORWARDED_PROTO' => 'https' })
+        end
+
+        it "should do redirect" do
+          @response.location.should == "http://www.example.com/notsecure"
+        end
+      end
+    end
+  end
+end

data/spec/spec.opts

@@ -0,0 +1 @@
+--color

data/spec/spec_helper.rb

@@ -0,0 +1,10 @@
+$LOAD_PATH.unshift(File.dirname(__FILE__))
+$LOAD_PATH.unshift(File.join(File.dirname(__FILE__), '..', 'lib'))
+require 'rack/secure_only'
+require 'spec'
+require 'spec/autorun'
+require 'rack/test'
+
+Spec::Runner.configure do |config|
+  config.include Rack::Test::Methods
+end

metadata

@@ -0,0 +1,115 @@
+--- !ruby/object:Gem::Specification 
+name: rack-secure_only
+version: !ruby/object:Gem::Version 
+  prerelease: false
+  segments: 
+  - 0
+  - 1
+  - 0
+  version: 0.1.0
+platform: ruby
+authors: 
+- Klaas Speller
+autorequire: 
+bindir: bin
+cert_chain: []
+
+date: 2010-05-21 00:00:00 +02:00
+default_executable: 
+dependencies: 
+- !ruby/object:Gem::Dependency 
+  name: rspec
+  prerelease: false
+  requirement: &id001 !ruby/object:Gem::Requirement 
+    requirements: 
+    - - ">="
+      - !ruby/object:Gem::Version 
+        segments: 
+        - 1
+        - 2
+        - 9
+        version: 1.2.9
+  type: :development
+  version_requirements: *id001
+- !ruby/object:Gem::Dependency 
+  name: rack-test
+  prerelease: false
+  requirement: &id002 !ruby/object:Gem::Requirement 
+    requirements: 
+    - - ">="
+      - !ruby/object:Gem::Version 
+        segments: 
+        - 0
+        - 5
+        - 3
+        version: 0.5.3
+  type: :development
+  version_requirements: *id002
+- !ruby/object:Gem::Dependency 
+  name: rack
+  prerelease: false
+  requirement: &id003 !ruby/object:Gem::Requirement 
+    requirements: 
+    - - ">="
+      - !ruby/object:Gem::Version 
+        segments: 
+        - 1
+        - 1
+        - 0
+        version: 1.1.0
+  type: :runtime
+  version_requirements: *id003
+description: Redirect http to https and the other way around
+email: klaasspeller@gmail.com
+executables: []
+
+extensions: []
+
+extra_rdoc_files: 
+- LICENSE
+- README.rdoc
+files: 
+- .document
+- .gitignore
+- LICENSE
+- README.rdoc
+- Rakefile
+- VERSION
+- lib/rack/secure_only.rb
+- rack-secure_only.gemspec
+- spec/rack/secure_only_spec.rb
+- spec/spec.opts
+- spec/spec_helper.rb
+has_rdoc: true
+homepage: http://github.com/spllr/rack-secure_only
+licenses: []
+
+post_install_message: 
+rdoc_options: 
+- --charset=UTF-8
+require_paths: 
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement 
+  requirements: 
+  - - ">="
+    - !ruby/object:Gem::Version 
+      segments: 
+      - 0
+      version: "0"
+required_rubygems_version: !ruby/object:Gem::Requirement 
+  requirements: 
+  - - ">="
+    - !ruby/object:Gem::Version 
+      segments: 
+      - 0
+      version: "0"
+requirements: []
+
+rubyforge_project: 
+rubygems_version: 1.3.6
+signing_key: 
+specification_version: 3
+summary: Redirect http to https and the other way around
+test_files: 
+- spec/rack/secure_only_spec.rb
+- spec/spec_helper.rb