rack-strip-cookies 1.0.5 → 2.0.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: c4059603af0c0f3d7b85455b14173813ca46a65660d6df8c9051690edd0f3fff
-  data.tar.gz: 42b8886ca861056e9341b61059dec3659adc3f0246b255206cfccdd8c63e2cf4
+  metadata.gz: ee48b2cf41b5f790f375f381c8456ba1f5454dc7dc836cc613c15f8e5e9c6e1b
+  data.tar.gz: cfc890245c466bcde879ab81d82d9aad4a4fe4b7c0b8d4a5a7f8f88155872397
 SHA512:
-  metadata.gz: 3049a6ea95624a7028392b1d101ba3d9772e3d608f0451fd97062fa7720761df5775431e898e79ae449c1073353dd496ff9fc1b845740a4c31acc23db403d212
-  data.tar.gz: cbca8ee1a9dc18bb102c0e24c1e144c933ed38f762f0d92bcc981402010a886ed5fa3539eb5a26308142e2ca488e88ac6b49b0079faa4f571716de4b3006dad7
+  metadata.gz: e7cb64501921d5e02144044e7d1f36bc2bc61f3954b3c4330aa0fd508dab1d7e2753a5746b669746e04e097c329d2f14c044a5d8fc381f7a72968cb9d3f53cd8
+  data.tar.gz: 34b7e75bfebfbf6211580eb9b591f2434383f839bd9cc9363d86affc01d6539e4b8c14790e527d7d6f3cf0dcc1665d31562c8830c7acaa3ccf6788f4ba2ebc25

data/lib/rack/strip-cookies/version.rb

@@ -1,5 +1,5 @@
 module Rack
   class StripCookies
-    VERSION = "1.0.5"
+    VERSION = "2.0.0"
   end
 end

data/lib/rack/strip-cookies.rb

@@ -1,46 +1,88 @@
+# lib/rack/strip-cookies.rb
 module Rack
   class StripCookies
-    attr_reader :app, :paths, :invert
+    attr_reader :app, :patterns, :invert
 
     # Initializes the middleware.
     #
     # @param app [Rack application] The Rack application.
-    # @param paths [Array<String>] The paths where cookies should be deleted.
-    # @param invert [Boolean] Whether to invert the paths where cookies are deleted.
+    # @param options [Hash] The options to customize the middleware behavior.
+    # @option options [Array<String>] :paths The paths or patterns where cookies should be deleted.
+    #   - Exact paths: "/api"
+    #   - Wildcard paths: "/api/*"
+    # @option options [Boolean] :invert Whether to invert the paths where cookies are deleted.
     def initialize(app, options = {})
       @app = app
-      @paths = Array(options[:paths])
-      @invert = options[:invert] || false
+      @invert = options.fetch(:invert, false)
+      @patterns = compile_patterns(options[:paths] || [])
     end
 
     # Entry point of the middleware.
     #
+    # This method is called for each HTTP request that passes through the middleware.
+    # It determines whether to strip cookies from the request and response based on
+    # the configured paths/patterns and the invert flag.
+    #
     # @param env [Hash] The request environment.
     # @return [Array] The response containing the status, headers, and body.
     def call(env)
-      # Extract the path from the request
-      path = Rack::Request.new(env).path
+      # Extract the request path from the environment.
+      # 'PATH_INFO' contains the path portion of the URL, e.g., "/dashboard".
+      path = env["PATH_INFO"] || "/"
 
-      # Check if the request path is in the list of paths to be stripped
-      included = paths.any? { |s| path.include?(s) }
+      # Determine if the current path matches any of the compiled patterns.
+      # Each pattern is a regex that represents either an exact match or a wildcard match.
+      matched = patterns.any? { |regex| regex.match?(path) }
 
-      # Decide whether to strip cookies based on the request path and the invert flag
-      strip_out = ((included && !invert) || (!included && invert))
+      # Decide whether to strip cookies based on the matching result and the invert flag.
+      # If 'invert' is false:
+      #   - Cookies are stripped if the path matches any of the specified patterns.
+      # If 'invert' is true:
+      #   - Cookies are stripped if the path does NOT match any of the specified patterns.
+      strip_out = (matched && !invert) || (!matched && invert)
 
-      # If cookies are to be stripped, delete the HTTP_COOKIE from the request environment
-      env.delete("HTTP_COOKIE".freeze) if strip_out
+      if strip_out
+        # Remove the 'HTTP_COOKIE' header from the request environment.
+        # This prevents any cookies from being sent to the application.
+        env.delete("HTTP_COOKIE")
 
-      # Call the next middleware/app and get the status, headers, and body of the response
-      status, headers, body = @app.call(env)
+        # Call the next middleware or application in the stack with the modified environment.
+        # This returns the HTTP status, headers, and body of the response.
+        status, headers, body = @app.call(env)
 
-      # If cookies are to be stripped, delete the Set-Cookie header from the response
-      headers.delete("set-cookie".freeze) if strip_out
+        # Remove the 'Set-Cookie' header from the response headers.
+        headers.delete("set-cookie")
 
-      # If cookies were stripped, insert a custom header indicating that fact
-      headers["cookies-stripped".freeze] = "true" if strip_out
+        # Add a custom header 'Cookies-Stripped' to indicate that cookies were stripped.
+        headers["cookies-stripped"] = "true"
+      else
+        # If cookies are not to be stripped, simply call the next middleware or application.
+        # The original request and response headers remain untouched.
+        status, headers, body = @app.call(env)
+      end
 
-      # Return the response (status, headers, body) to the next middleware or the web server
+      # Return the final response to the client.
+      # The response is an array containing the status code, headers hash, and body array.
       [status, headers, body]
     end
+
+    private
+
+    # Compiles the user-specified paths/patterns into regular expressions.
+    #
+    # @param paths [Array<String>] The paths or patterns to compile.
+    # @return [Array<Regexp>] The array of compiled regular expressions.
+    def compile_patterns(paths)
+      paths.map do |path|
+        if path.end_with?("/*")
+          # Wildcard pattern: "/api/*" -> matches "/api/" and "/api/anything"
+          prefix = Regexp.escape(path.chomp("/*"))
+          Regexp.new("^#{prefix}/.*$")
+        else
+          # Exact match pattern: "/api" -> matches only "/api"
+          Regexp.new("^#{Regexp.escape(path)}$")
+        end
+      end
+    end
   end
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: rack-strip-cookies
 version: !ruby/object:Gem::Version
-  version: 1.0.5
+  version: 2.0.0
 platform: ruby
 authors:
 - Claudio Poli
-autorequire: 
+autorequire:
 bindir: bin
 cert_chain: []
-date: 2023-05-22 00:00:00.000000000 Z
+date: 2024-09-16 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rack
@@ -94,7 +94,7 @@ homepage: http://github.com/icoretech/rack-strip-cookies
 licenses:
 - MIT
 metadata: {}
-post_install_message: 
+post_install_message:
 rdoc_options: []
 require_paths:
 - lib
@@ -109,8 +109,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.4.10
-signing_key: 
+rubygems_version: 3.5.16
+signing_key:
 specification_version: 4
 summary: Rack middleware to remove cookies at user-defined paths.
 test_files: []