rack-strip-cookies 1.0.2 → 2.0.0

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 9a8503901e753161808979aa446f1d67ce2987564b7101c7e619c66f2d02e269
4
- data.tar.gz: 88c6931d4820ea356ddcba724d39d82003978ce27c11dbd537a0db471bc7862f
3
+ metadata.gz: ee48b2cf41b5f790f375f381c8456ba1f5454dc7dc836cc613c15f8e5e9c6e1b
4
+ data.tar.gz: cfc890245c466bcde879ab81d82d9aad4a4fe4b7c0b8d4a5a7f8f88155872397
5
5
  SHA512:
6
- metadata.gz: 31b18dad5488570f1088e84a2b1bca92cb7cc3c636b09b315d61ad4970f17e7b14d0a5a4e6f2fa96adb1e22233c0241e8980de30134d28debcfb24ca260fafcc
7
- data.tar.gz: c91047409d70adb8da31b45bef6db13dc4b6066baa70b39dd59ba2a0294da82cca7c6fd025453dd29283c448e8dc0dcceb222d4ed166f1422ae24bded3bffe7b
6
+ metadata.gz: e7cb64501921d5e02144044e7d1f36bc2bc61f3954b3c4330aa0fd508dab1d7e2753a5746b669746e04e097c329d2f14c044a5d8fc381f7a72968cb9d3f53cd8
7
+ data.tar.gz: 34b7e75bfebfbf6211580eb9b591f2434383f839bd9cc9363d86affc01d6539e4b8c14790e527d7d6f3cf0dcc1665d31562c8830c7acaa3ccf6788f4ba2ebc25
@@ -1,5 +1,5 @@
1
1
  module Rack
2
2
  class StripCookies
3
- VERSION = "1.0.2"
3
+ VERSION = "2.0.0"
4
4
  end
5
5
  end
@@ -1,46 +1,88 @@
1
+ # lib/rack/strip-cookies.rb
1
2
  module Rack
2
3
  class StripCookies
3
- attr_reader :app, :paths, :invert
4
+ attr_reader :app, :patterns, :invert
4
5
 
5
6
  # Initializes the middleware.
6
7
  #
7
8
  # @param app [Rack application] The Rack application.
8
- # @param paths [Array<String>] The paths where cookies should be deleted.
9
- # @param invert [Boolean] Whether to invert the paths where cookies are deleted.
9
+ # @param options [Hash] The options to customize the middleware behavior.
10
+ # @option options [Array<String>] :paths The paths or patterns where cookies should be deleted.
11
+ # - Exact paths: "/api"
12
+ # - Wildcard paths: "/api/*"
13
+ # @option options [Boolean] :invert Whether to invert the paths where cookies are deleted.
10
14
  def initialize(app, options = {})
11
15
  @app = app
12
- @paths = Array(options[:paths])
13
- @invert = options[:invert] || false
16
+ @invert = options.fetch(:invert, false)
17
+ @patterns = compile_patterns(options[:paths] || [])
14
18
  end
15
19
 
16
20
  # Entry point of the middleware.
17
21
  #
22
+ # This method is called for each HTTP request that passes through the middleware.
23
+ # It determines whether to strip cookies from the request and response based on
24
+ # the configured paths/patterns and the invert flag.
25
+ #
18
26
  # @param env [Hash] The request environment.
19
27
  # @return [Array] The response containing the status, headers, and body.
20
28
  def call(env)
21
- # Extract the path from the request
22
- path = Rack::Request.new(env).path
29
+ # Extract the request path from the environment.
30
+ # 'PATH_INFO' contains the path portion of the URL, e.g., "/dashboard".
31
+ path = env["PATH_INFO"] || "/"
23
32
 
24
- # Check if the request path is in the list of paths to be stripped
25
- included = paths.any? { |s| path.include?(s) }
33
+ # Determine if the current path matches any of the compiled patterns.
34
+ # Each pattern is a regex that represents either an exact match or a wildcard match.
35
+ matched = patterns.any? { |regex| regex.match?(path) }
26
36
 
27
- # Decide whether to strip cookies based on the request path and the invert flag
28
- strip_out = ((included && !invert) || (!included && invert))
37
+ # Decide whether to strip cookies based on the matching result and the invert flag.
38
+ # If 'invert' is false:
39
+ # - Cookies are stripped if the path matches any of the specified patterns.
40
+ # If 'invert' is true:
41
+ # - Cookies are stripped if the path does NOT match any of the specified patterns.
42
+ strip_out = (matched && !invert) || (!matched && invert)
29
43
 
30
- # If cookies are to be stripped, delete the HTTP_COOKIE from the request environment
31
- env.delete("HTTP_COOKIE".freeze) if strip_out
44
+ if strip_out
45
+ # Remove the 'HTTP_COOKIE' header from the request environment.
46
+ # This prevents any cookies from being sent to the application.
47
+ env.delete("HTTP_COOKIE")
32
48
 
33
- # Call the next middleware/app and get the status, headers, and body of the response
34
- status, headers, body = @app.call(env)
49
+ # Call the next middleware or application in the stack with the modified environment.
50
+ # This returns the HTTP status, headers, and body of the response.
51
+ status, headers, body = @app.call(env)
35
52
 
36
- # If cookies are to be stripped, delete the Set-Cookie header from the response
37
- headers.delete("set-cookie".freeze) if strip_out
53
+ # Remove the 'Set-Cookie' header from the response headers.
54
+ headers.delete("set-cookie")
38
55
 
39
- # If cookies were stripped, insert a custom header indicating that fact
40
- headers["cookies-stripped".freeze] = "true" if strip_out
56
+ # Add a custom header 'Cookies-Stripped' to indicate that cookies were stripped.
57
+ headers["cookies-stripped"] = "true"
58
+ else
59
+ # If cookies are not to be stripped, simply call the next middleware or application.
60
+ # The original request and response headers remain untouched.
61
+ status, headers, body = @app.call(env)
62
+ end
41
63
 
42
- # Return the response (status, headers, body) to the next middleware or the web server
64
+ # Return the final response to the client.
65
+ # The response is an array containing the status code, headers hash, and body array.
43
66
  [status, headers, body]
44
67
  end
68
+
69
+ private
70
+
71
+ # Compiles the user-specified paths/patterns into regular expressions.
72
+ #
73
+ # @param paths [Array<String>] The paths or patterns to compile.
74
+ # @return [Array<Regexp>] The array of compiled regular expressions.
75
+ def compile_patterns(paths)
76
+ paths.map do |path|
77
+ if path.end_with?("/*")
78
+ # Wildcard pattern: "/api/*" -> matches "/api/" and "/api/anything"
79
+ prefix = Regexp.escape(path.chomp("/*"))
80
+ Regexp.new("^#{prefix}/.*$")
81
+ else
82
+ # Exact match pattern: "/api" -> matches only "/api"
83
+ Regexp.new("^#{Regexp.escape(path)}$")
84
+ end
85
+ end
86
+ end
45
87
  end
46
88
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: rack-strip-cookies
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.0.2
4
+ version: 2.0.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Claudio Poli
8
- autorequire:
8
+ autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2023-05-22 00:00:00.000000000 Z
11
+ date: 2024-09-16 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: rack
@@ -94,7 +94,7 @@ homepage: http://github.com/icoretech/rack-strip-cookies
94
94
  licenses:
95
95
  - MIT
96
96
  metadata: {}
97
- post_install_message:
97
+ post_install_message:
98
98
  rdoc_options: []
99
99
  require_paths:
100
100
  - lib
@@ -109,8 +109,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
109
109
  - !ruby/object:Gem::Version
110
110
  version: '0'
111
111
  requirements: []
112
- rubygems_version: 3.4.10
113
- signing_key:
112
+ rubygems_version: 3.5.16
113
+ signing_key:
114
114
  specification_version: 4
115
115
  summary: Rack middleware to remove cookies at user-defined paths.
116
116
  test_files: []