rack-strip-cookies 1.0.2 → 2.0.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/rack/strip-cookies/version.rb +1 -1
- data/lib/rack/strip-cookies.rb +62 -20
- metadata +6 -6
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: ee48b2cf41b5f790f375f381c8456ba1f5454dc7dc836cc613c15f8e5e9c6e1b
|
4
|
+
data.tar.gz: cfc890245c466bcde879ab81d82d9aad4a4fe4b7c0b8d4a5a7f8f88155872397
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: e7cb64501921d5e02144044e7d1f36bc2bc61f3954b3c4330aa0fd508dab1d7e2753a5746b669746e04e097c329d2f14c044a5d8fc381f7a72968cb9d3f53cd8
|
7
|
+
data.tar.gz: 34b7e75bfebfbf6211580eb9b591f2434383f839bd9cc9363d86affc01d6539e4b8c14790e527d7d6f3cf0dcc1665d31562c8830c7acaa3ccf6788f4ba2ebc25
|
data/lib/rack/strip-cookies.rb
CHANGED
@@ -1,46 +1,88 @@
|
|
1
|
+
# lib/rack/strip-cookies.rb
|
1
2
|
module Rack
|
2
3
|
class StripCookies
|
3
|
-
attr_reader :app, :
|
4
|
+
attr_reader :app, :patterns, :invert
|
4
5
|
|
5
6
|
# Initializes the middleware.
|
6
7
|
#
|
7
8
|
# @param app [Rack application] The Rack application.
|
8
|
-
# @param
|
9
|
-
# @
|
9
|
+
# @param options [Hash] The options to customize the middleware behavior.
|
10
|
+
# @option options [Array<String>] :paths The paths or patterns where cookies should be deleted.
|
11
|
+
# - Exact paths: "/api"
|
12
|
+
# - Wildcard paths: "/api/*"
|
13
|
+
# @option options [Boolean] :invert Whether to invert the paths where cookies are deleted.
|
10
14
|
def initialize(app, options = {})
|
11
15
|
@app = app
|
12
|
-
@
|
13
|
-
@
|
16
|
+
@invert = options.fetch(:invert, false)
|
17
|
+
@patterns = compile_patterns(options[:paths] || [])
|
14
18
|
end
|
15
19
|
|
16
20
|
# Entry point of the middleware.
|
17
21
|
#
|
22
|
+
# This method is called for each HTTP request that passes through the middleware.
|
23
|
+
# It determines whether to strip cookies from the request and response based on
|
24
|
+
# the configured paths/patterns and the invert flag.
|
25
|
+
#
|
18
26
|
# @param env [Hash] The request environment.
|
19
27
|
# @return [Array] The response containing the status, headers, and body.
|
20
28
|
def call(env)
|
21
|
-
# Extract the path from the
|
22
|
-
path
|
29
|
+
# Extract the request path from the environment.
|
30
|
+
# 'PATH_INFO' contains the path portion of the URL, e.g., "/dashboard".
|
31
|
+
path = env["PATH_INFO"] || "/"
|
23
32
|
|
24
|
-
#
|
25
|
-
|
33
|
+
# Determine if the current path matches any of the compiled patterns.
|
34
|
+
# Each pattern is a regex that represents either an exact match or a wildcard match.
|
35
|
+
matched = patterns.any? { |regex| regex.match?(path) }
|
26
36
|
|
27
|
-
# Decide whether to strip cookies based on the
|
28
|
-
|
37
|
+
# Decide whether to strip cookies based on the matching result and the invert flag.
|
38
|
+
# If 'invert' is false:
|
39
|
+
# - Cookies are stripped if the path matches any of the specified patterns.
|
40
|
+
# If 'invert' is true:
|
41
|
+
# - Cookies are stripped if the path does NOT match any of the specified patterns.
|
42
|
+
strip_out = (matched && !invert) || (!matched && invert)
|
29
43
|
|
30
|
-
|
31
|
-
|
44
|
+
if strip_out
|
45
|
+
# Remove the 'HTTP_COOKIE' header from the request environment.
|
46
|
+
# This prevents any cookies from being sent to the application.
|
47
|
+
env.delete("HTTP_COOKIE")
|
32
48
|
|
33
|
-
|
34
|
-
|
49
|
+
# Call the next middleware or application in the stack with the modified environment.
|
50
|
+
# This returns the HTTP status, headers, and body of the response.
|
51
|
+
status, headers, body = @app.call(env)
|
35
52
|
|
36
|
-
|
37
|
-
|
53
|
+
# Remove the 'Set-Cookie' header from the response headers.
|
54
|
+
headers.delete("set-cookie")
|
38
55
|
|
39
|
-
|
40
|
-
|
56
|
+
# Add a custom header 'Cookies-Stripped' to indicate that cookies were stripped.
|
57
|
+
headers["cookies-stripped"] = "true"
|
58
|
+
else
|
59
|
+
# If cookies are not to be stripped, simply call the next middleware or application.
|
60
|
+
# The original request and response headers remain untouched.
|
61
|
+
status, headers, body = @app.call(env)
|
62
|
+
end
|
41
63
|
|
42
|
-
# Return the response
|
64
|
+
# Return the final response to the client.
|
65
|
+
# The response is an array containing the status code, headers hash, and body array.
|
43
66
|
[status, headers, body]
|
44
67
|
end
|
68
|
+
|
69
|
+
private
|
70
|
+
|
71
|
+
# Compiles the user-specified paths/patterns into regular expressions.
|
72
|
+
#
|
73
|
+
# @param paths [Array<String>] The paths or patterns to compile.
|
74
|
+
# @return [Array<Regexp>] The array of compiled regular expressions.
|
75
|
+
def compile_patterns(paths)
|
76
|
+
paths.map do |path|
|
77
|
+
if path.end_with?("/*")
|
78
|
+
# Wildcard pattern: "/api/*" -> matches "/api/" and "/api/anything"
|
79
|
+
prefix = Regexp.escape(path.chomp("/*"))
|
80
|
+
Regexp.new("^#{prefix}/.*$")
|
81
|
+
else
|
82
|
+
# Exact match pattern: "/api" -> matches only "/api"
|
83
|
+
Regexp.new("^#{Regexp.escape(path)}$")
|
84
|
+
end
|
85
|
+
end
|
86
|
+
end
|
45
87
|
end
|
46
88
|
end
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: rack-strip-cookies
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version:
|
4
|
+
version: 2.0.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Claudio Poli
|
8
|
-
autorequire:
|
8
|
+
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date:
|
11
|
+
date: 2024-09-16 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: rack
|
@@ -94,7 +94,7 @@ homepage: http://github.com/icoretech/rack-strip-cookies
|
|
94
94
|
licenses:
|
95
95
|
- MIT
|
96
96
|
metadata: {}
|
97
|
-
post_install_message:
|
97
|
+
post_install_message:
|
98
98
|
rdoc_options: []
|
99
99
|
require_paths:
|
100
100
|
- lib
|
@@ -109,8 +109,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
109
109
|
- !ruby/object:Gem::Version
|
110
110
|
version: '0'
|
111
111
|
requirements: []
|
112
|
-
rubygems_version: 3.
|
113
|
-
signing_key:
|
112
|
+
rubygems_version: 3.5.16
|
113
|
+
signing_key:
|
114
114
|
specification_version: 4
|
115
115
|
summary: Rack middleware to remove cookies at user-defined paths.
|
116
116
|
test_files: []
|