rack-stale-call 0.0.1

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: ba1b5f39717e8fb296408ba8c46532fde5111dbd
+  data.tar.gz: cd4e5e812eec3103cd298aa9f93506787b93b6cf
+SHA512:
+  metadata.gz: 7a4c71a307ecb7a08a40226a9488afd52b8f650afeef4b795e7a40824a32545ce7f2aeae2dc084d418924ce6b5bedd086e160151c79b0c35afb1105e03f72330
+  data.tar.gz: 24cf371934ec8a5a2059aa33a52a14236810c7b4c3964f16bb064f94b04cee87e3c5a11e221b786b3698ba23ca495d47c3878cceeca9ed3459a0b6a693ef9b33

data/.gitignore

@@ -0,0 +1 @@
+pkg/

data/.travis.yml

@@ -0,0 +1,4 @@
+language: ruby
+rvm:
+ - 2.0.0
+

data/Gemfile

@@ -0,0 +1,4 @@
+source 'https://rubygems.org'
+
+gemspec
+

data/Gemfile.lock

@@ -0,0 +1,57 @@
+PATH
+  remote: .
+  specs:
+    rack-stale-call (0.0.1)
+
+GEM
+  remote: https://rubygems.org/
+  specs:
+    coderay (1.0.9)
+    diff-lcs (1.2.4)
+    ffi (1.9.0)
+    formatador (0.2.4)
+    guard (1.8.1)
+      formatador (>= 0.2.4)
+      listen (>= 1.0.0)
+      lumberjack (>= 1.0.2)
+      pry (>= 0.9.10)
+      thor (>= 0.14.6)
+    guard-rspec (3.0.2)
+      guard (>= 1.8)
+      rspec (~> 2.13)
+    listen (1.2.2)
+      rb-fsevent (>= 0.9.3)
+      rb-inotify (>= 0.9)
+      rb-kqueue (>= 0.2)
+    lumberjack (1.0.4)
+    method_source (0.8.1)
+    pry (0.9.12.2)
+      coderay (~> 1.0.5)
+      method_source (~> 0.8)
+      slop (~> 3.4)
+    rake (10.1.0)
+    rb-fsevent (0.9.3)
+    rb-inotify (0.9.0)
+      ffi (>= 0.5.0)
+    rb-kqueue (0.2.0)
+      ffi (>= 0.5.0)
+    rspec (2.14.1)
+      rspec-core (~> 2.14.0)
+      rspec-expectations (~> 2.14.0)
+      rspec-mocks (~> 2.14.0)
+    rspec-core (2.14.3)
+    rspec-expectations (2.14.0)
+      diff-lcs (>= 1.1.3, < 2.0)
+    rspec-mocks (2.14.1)
+    slop (3.4.5)
+    thor (0.18.1)
+
+PLATFORMS
+  ruby
+
+DEPENDENCIES
+  guard
+  guard-rspec
+  rack-stale-call!
+  rake
+  rspec

data/Guardfile

@@ -0,0 +1,8 @@
+#!/usr/bin/env ruby
+
+guard :rspec, all_on_start: false, all_after_pass: false, notification: false do
+  watch(%r{^spec/.+_spec\.rb$})
+  watch(%r{^lib/(.+)\.rb$}) { |m| "spec/#{m[1]}_spec.rb" }
+  watch('spec/spec_helper.rb') { "spec" }
+end
+

data/LICENSE

@@ -0,0 +1,21 @@
+The MIT License (MIT)
+
+Copyright (c) 2013 ZippyKid
+
+Permission is hereby granted, free of charge, to any person obtaining a copy of
+this software and associated documentation files (the "Software"), to deal in
+the Software without restriction, including without limitation the rights to
+use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of
+the Software, and to permit persons to whom the Software is furnished to do so,
+subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
+FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
+COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
+IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
+CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+

data/README.md

@@ -0,0 +1,12 @@
+# Rack::Contrib::StaleCall
+
+Provide a simple method for validating that a request isn't a time traveler.
+Prevents old requests from being run again, and future requests from being run.
+
+## Usage
+
+```ruby
+# config.ru
+
+use Rack::Contrib::StaleCall
+```

data/Rakefile

@@ -0,0 +1,6 @@
+require "bundler/gem_tasks"
+require 'rspec/core/rake_task'
+
+RSpec::Core::RakeTask.new(:spec)
+task :default => :spec
+

data/lib/rack/contrib/stale_call.rb

@@ -0,0 +1,72 @@
+
+require 'logger'
+
+module Rack
+  module Contrib
+    #
+    # Validate a request's age isn't too old or too young, indicating a
+    # replayed request.
+    #
+    class StaleCall
+      VERSION = '0.0.1'
+
+      attr_reader :opts
+
+
+      def initialize app, opts = {}
+        @app = app
+        @opts = opts
+        @opts[:header] ||= 'Date'
+        @opts[:grace] ||= 5
+        @opts[:logger] ||= Logger.new('/dev/null')
+      end
+
+      # Translate a header name to a variable which Rack might provide
+      def header_variable
+        'HTTP_' + opts[:header].upcase.gsub(/-/, '_')
+      end
+
+      # Return the standard date error contents
+      def date_error
+        [401, {}, []]
+      end
+
+      # Convert an RFC2822 compatible date string to a diff against now
+      def date_to_diff_seconds date
+        date = DateTime.rfc2822(date)
+        datediff = date - DateTime.now # Number of days apart as a float
+        datediff *= 24 # hours apart
+        datediff *= 60 # minutes apart
+        datediff *= 60 # seconds apart
+        seconds = datediff.to_i.abs
+      end
+
+      # Determine if the date is recent enough
+      def date_is_recent seconds
+        seconds <= opts[:grace]
+      end
+
+      # Verify the age of the request
+      def call env
+        unless env.has_key? header_variable
+          @opts[:logger].info "Denied: #{opts[:header]} header missing."
+          return date_error
+        end
+
+        diff_seconds = date_to_diff_seconds(env[header_variable])
+        unless date_is_recent diff_seconds
+          @opts[:logger].info sprintf(
+            "Denied: %s header is %ss over the %ss grace period.",
+            @opts[:header],
+            diff_seconds - @opts[:grace],
+            @opts[:grace]
+          )
+          return date_error
+        end
+
+        @app.call env
+      end
+    end
+  end
+end
+

data/rack-stale-call.gemspec

@@ -0,0 +1,24 @@
+lib = File.expand_path('../lib', __FILE__)
+$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
+
+require 'rack/contrib/stale_call'
+
+Gem::Specification.new do |gem|
+  gem.name = 'rack-stale-call'
+  gem.version = Rack::Contrib::StaleCall::VERSION
+  gem.summary = 'Validate that the request was recently generated'
+  gem.homepage = 'https://github.com/zippykid/rack-stale-call'
+  gem.authors = ['Graham Christensen']
+  gem.email = ['info@zippykid.com']
+  gem.licenses = ['MIT']
+
+  gem.files = `git ls-files`.split($/)
+  gem.test_files = gem.files.grep(%r{^(test|spec|features)/})
+  gem.require_paths = ['lib']
+
+  gem.add_development_dependency('rake')
+  gem.add_development_dependency('rspec')
+  gem.add_development_dependency('guard')
+  gem.add_development_dependency('guard-rspec')
+end
+

data/spec/rack/contrib/stale_call_spec.rb

@@ -0,0 +1,204 @@
+require 'spec_helper'
+require 'stringio'
+
+describe Rack::Contrib::StaleCall do
+  let (:response) { [200, {}, ['foo', 'bar']]}
+  let (:log_string) { StringIO.new }
+  let (:logger) do
+    l = Logger.new(log_string, Logger::DEBUG)
+    l.formatter = proc do |severity, datetime, progname, msg|
+      "#{severity} - #{msg}\n"
+    end
+
+    l
+  end
+
+  describe "#initialize" do
+    it "accepts an app" do
+      expect { ware  = Rack::Contrib::StaleCall.new nil }.not_to raise_error
+    end
+
+    it "requires an app" do
+      expect { ware = Rack::Contrib::StaleCall.new }.to raise_error
+    end
+
+    it "accepts a hash of options" do
+      expect { ware = Rack::Contrib::StaleCall.new(nil, {}) }.not_to raise_error
+    end
+  end
+
+  describe "#opts" do
+    it "returns all default options" do
+      ware = Rack::Contrib::StaleCall.new nil
+
+      opts = ware.opts
+
+      opts[:logger].should be_an_instance_of Logger
+      opts[:grace].should eq(5)
+      opts[:header].should eq('Date')
+    end
+
+    it "accounts for options passed in the initialize" do
+      ware = Rack::Contrib::StaleCall.new nil,
+        :grace => 6, :header => "foo", :logger => logger
+
+      opts = ware.opts
+
+      opts.should eq({
+        :header => "foo",
+        :grace => 6,
+        :logger => logger
+      })
+    end
+  end
+
+  describe "#header_variable" do
+    it "converts a header name to an environment variable" do
+      ware = Rack::Contrib::StaleCall.new nil, :header => 'FoO-Ba-r-Date'
+
+      variable_name = ware.header_variable
+
+      variable_name.should eq('HTTP_FOO_BA_R_DATE')
+    end
+  end
+
+  describe "#date_error" do
+    it "returns a 401 with no headers and body" do
+      ware = Rack::Contrib::StaleCall.new nil, :header => 'FoO-Ba-r-Date'
+
+      code, headers, body = ware.date_error
+
+      code.should eq(401)
+      headers.should eq({})
+      body.should eq([])
+    end
+  end
+
+  describe "#date_to_diff_seconds" do
+    context "converts an HTTPDate to the differing number of seconds" do
+      it "handles dates in the future" do
+        ware = Rack::Contrib::StaleCall.new nil
+        time = (Time.now + 301).httpdate
+
+        diff = ware.date_to_diff_seconds time
+
+        diff.should eq(300)
+      end
+
+      it "absolute values the dates in the past" do
+        ware = Rack::Contrib::StaleCall.new nil
+        time = (Time.now - 300).httpdate
+
+        diff = ware.date_to_diff_seconds time
+
+        diff.should eq(300)
+      end
+    end
+  end
+
+  describe "#date_is_recent" do
+    it "is recent with a time less than grace" do
+      ware = Rack::Contrib::StaleCall.new nil, :grace => 500
+
+      is_recent = ware.date_is_recent 400
+
+      is_recent.should eq(true)
+    end
+
+    it "is recent with a time equal to grace" do
+      ware = Rack::Contrib::StaleCall.new nil, :grace => 500
+
+      is_recent = ware.date_is_recent 500
+
+      is_recent.should eq(true)
+    end
+
+    it "is recent with a time greater than grace" do
+      ware = Rack::Contrib::StaleCall.new nil, :grace => 1
+
+      is_recent = ware.date_is_recent 2
+
+      is_recent.should eq(false)
+    end
+  end
+
+  describe "#call" do
+    it "requires an env" do
+      ware = Rack::Contrib::StaleCall.new nil
+      expect { ware.call }.to raise_error
+    end
+
+    context "there is an invalid date header" do
+      context "the date is missing" do
+        it "returns a 401" do
+          ware = Rack::Contrib::StaleCall.new nil
+          env = {}
+
+          code, headers, body = ware.call env
+
+          code.should eq(401)
+        end
+
+        it "logs the failure" do
+          ware = Rack::Contrib::StaleCall.new nil,
+            :logger => logger,
+            :header => 'My-Date'
+          env = {}
+
+          ware.call env
+
+          log_string.string.should eq("INFO - Denied: My-Date header missing.\n")
+        end
+      end
+
+      context "the date is older than the grace" do
+        it "returns a 401" do
+          ware = Rack::Contrib::StaleCall.new nil
+          env = {'HTTP_DATE' => (Time.now - 10).httpdate}
+          ware.stub(:date_is_recent => false)
+
+          code, headers, body = ware.call env
+
+          code.should eq(401)
+        end
+
+        it "logs the failure" do
+          ware = Rack::Contrib::StaleCall.new nil,
+            :header => 'My-Date',
+            :logger => logger
+          env = {'HTTP_MY_DATE' => (Time.now - 10).httpdate}
+          ware.stub(:date_is_recent => false)
+
+          ware.call env
+
+          expected_message = "INFO - Denied: My-Date header is 5s over the " +
+            "5s grace period.\n"
+          log_string.string.should eq(expected_message)
+        end
+      end
+    end
+
+    context "there is a valid date header" do
+      it "calls the app's .call method" do
+        app = double(nil, call: response)
+        env = {'foo' => 'bar', 'HTTP_DATE' => Time.now.httpdate}
+        ware = Rack::Contrib::StaleCall.new app
+
+        ware.call env
+
+        app.should have_received(:call).once.with(env)
+      end
+
+      it "returns the apps' return" do
+        app = double(nil, call: response)
+        env = {'foo' => 'bar', 'HTTP_DATE' => Time.now.httpdate}
+        ware = Rack::Contrib::StaleCall.new app
+
+        ret = ware.call env
+
+        ret.should eq(response)
+      end
+    end
+  end
+end
+

data/spec/spec_helper.rb

@@ -0,0 +1,3 @@
+
+require 'rack/contrib/stale_call'
+

metadata

@@ -0,0 +1,114 @@
+--- !ruby/object:Gem::Specification
+name: rack-stale-call
+version: !ruby/object:Gem::Version
+  version: 0.0.1
+platform: ruby
+authors:
+- Graham Christensen
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2013-07-29 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: rspec
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: guard
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: guard-rspec
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+description: 
+email:
+- info@zippykid.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- .gitignore
+- .travis.yml
+- Gemfile
+- Gemfile.lock
+- Guardfile
+- LICENSE
+- README.md
+- Rakefile
+- lib/rack/contrib/stale_call.rb
+- rack-stale-call.gemspec
+- spec/rack/contrib/stale_call_spec.rb
+- spec/spec_helper.rb
+homepage: https://github.com/zippykid/rack-stale-call
+licenses:
+- MIT
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.0.5
+signing_key: 
+specification_version: 4
+summary: Validate that the request was recently generated
+test_files:
+- spec/rack/contrib/stale_call_spec.rb
+- spec/spec_helper.rb