rack-wwwhisper 1.0.0.pre

data/Rakefile

@@ -0,0 +1,13 @@
+require 'rake/testtask'
+
+Rake::TestTask.new do |t|
+  t.libs << 'test'
+end
+
+desc "Run tests"
+task :default => :test
+
+
+task :gem do
+  sh "gem build rack-wwwhisper.gemspec"
+end

data/lib/rack/wwwhisper.rb

@@ -0,0 +1,267 @@
+# Rack middleware that uses wwwhisper service to authorize visitors.
+# Copyright (C) 2013 Jan Wrobel <wrr@mixedbit.org>
+#
+# This program is freely distributable under the terms of the
+# Simplified BSD License. See COPYING.
+
+require 'addressable/uri'
+require 'net/http/persistent'
+require 'rack/utils'
+
+module Rack
+
+class WWWhisper
+  @@DEFAULT_ASSETS_URL = 'https://c693db817dca7e162673-39ba3573e09a1fa9bea151a745461b70.ssl.cf1.rackcdn.com'
+  @@WWWHISPER_PREFIX = '/wwwhisper/'
+  #@@AUTH_COOKIES_PREFIX = 'wwwhisper'
+
+  @@DEFAULT_IFRAME = \
+%Q[<iframe id="wwwhisper-iframe" src="%s"
+ width="340" height="29" frameborder="0" scrolling="no"
+ style="position:fixed; overflow:hidden; border:0px; bottom:0px;
+ right:0px; z-index:11235; background-color:transparent;"> </iframe>
+]
+
+  def initialize(app)
+    @app = app
+    if not ENV['WWWHISPER_URL']
+      raise StandardError, 'WWWHISPER_URL environment variable not set'
+    end
+
+    wwwhisper_http = http_init('wwwhisper')
+    wwwhisper_uri = parse_uri(ENV['WWWHISPER_URL'])
+
+    @wwwhisper_iframe = ENV['WWWHISPER_IFRAME'] ||
+      sprintf(@@DEFAULT_IFRAME, wwwhisper_path('auth/overlay.html'))
+
+    @request_config = {
+      :auth => {
+        :forwarded_headers => ['Cookie'],
+        :http => wwwhisper_http,
+        :uri => wwwhisper_uri,
+        :send_site_url => true,
+      },
+      :api => {
+        :forwarded_headers => ['Accept', 'Accept-Language', 'Cookie',
+                               'X-CSRFToken', 'X-Requested-With'],
+        :http => wwwhisper_http,
+        :uri => wwwhisper_uri,
+        :send_site_url => true,
+      },
+      :assets => {
+        # Don't pass Accept-Encoding to get uncompressed response (so
+        # iframe can be inserted to it).
+        :forwarded_headers => ['Accept', 'Accept-Language'],
+        :http => http_init('wwwhisper-assets'),
+        :uri => parse_uri(ENV['WWWHISPER_ASSETS_URL'] || @@DEFAULT_ASSETS_URL),
+        :send_site_url => false,
+      },
+    }
+
+    @aliases = {}
+    {
+      'auth/login' => 'auth/login.html',
+      'auth/logout' => 'auth/logout.html',
+      'admin/' => 'admin/index.html',
+    }.each do |k, v|
+      @aliases[wwwhisper_path(k)] = wwwhisper_path(v)
+    end
+  end
+
+  def wwwhisper_path(suffix)
+    "#{@@WWWHISPER_PREFIX}#{suffix}"
+  end
+
+  def auth_query(queried_path)
+    wwwhisper_path "auth/api/is-authorized/?path=#{queried_path}"
+  end
+
+  def auth_login_path()
+    wwwhisper_path 'auth/login.html'
+  end
+
+  def auth_denied_path()
+    wwwhisper_path 'auth/not_authorized.html'
+  end
+
+  def parse_uri(uri)
+    parsed_uri = Addressable::URI.parse(uri)
+    # If port is not specified, net/http/persistent uses port 80 for
+    # https connections which is counterintuitive.
+    parsed_uri.port ||= parsed_uri.default_port
+    parsed_uri
+  end
+
+  def http_init(connection_id)
+    http = Net::HTTP::Persistent.new(connection_id)
+    store = OpenSSL::X509::Store.new()
+    store.set_default_paths
+    http.cert_store = store
+    http.verify_mode = OpenSSL::SSL::VERIFY_PEER
+    return http
+  end
+
+  def default_port(proto)
+    {
+      'http' => 80,
+      'https' => 443,
+    }[proto]
+  end
+
+  def proto_host_port(env)
+    proto = env['HTTP_X_FORWARDED_PROTO'] || 'http'
+    return proto,
+    env['HTTP_HOST'],
+    env['HTTP_X_FORWARDED_PORT'] || default_port(proto)
+  end
+
+  def site_url(env)
+    proto, host, port = proto_host_port(env)
+    port_str = if port != default_port(proto)
+                 ":#{port}"
+               else
+                 ''
+               end
+    "#{proto}://#{host}#{port_str}"
+  end
+
+  def request_init(config, env, method, path)
+    path = @aliases[path] || path
+    request = Net::HTTP.const_get(method).new(path)
+    copy_headers(config[:forwarded_headers], env, request)
+    request['Site-Url'] = site_url(env) if config[:send_site_url]
+    uri = config[:uri]
+    request.basic_auth(uri.user, uri.password) if uri.user and uri.password
+    request
+  end
+
+  def has_value(dict, key)
+    dict[key] != nil and !dict[key].empty?
+  end
+
+  def copy_headers(headers_names, env, request)
+    headers_names.each do |header|
+      key = "HTTP_#{header.upcase}".gsub(/-/, '_')
+      request[header] = env[key] if has_value(env, key)
+      #puts "Sending header #{header} #{request[header]} #{key} #{env[key]}"
+    end
+  end
+
+  def copy_body(src_request, dst_request)
+    if dst_request.request_body_permitted? and src_request.body
+      dst_request.body_stream = src_request.body
+      dst_request.content_length = src_request.content_length
+      dst_request.content_type =
+        src_request.content_type if src_request.content_type
+    end
+  end
+
+  def extract_headers(env, response)
+    headers = Rack::Utils::HeaderHash.new()
+    response.each_capitalized do |k,v|
+      #puts "Header #{k} VAL #{v}"
+      if k.to_s =~ /location/i
+        location = Addressable::URI.parse(v)
+        location.scheme, location.host, location.port = proto_host_port(env)
+        v = location.to_s
+      end
+      # Transfer encoding and content-length are set correctly by Rack.
+      # TODO: what is transfer encoding?
+      headers[k] = v unless k.to_s =~ /transfer-encoding|content-length/i
+    end
+    return headers
+  end
+
+  def dispatch(env)
+    orig_request = Rack::Request.new(env)
+    if orig_request.path =~ %r{^#{@@WWWHISPER_PREFIX}}
+      debug orig_request, "passing request to wwwhisper service"
+
+      config =
+        if orig_request.path =~ %r{^#{@@WWWHISPER_PREFIX}(auth|admin)/api/}
+          @request_config[:api]
+        else
+          @request_config[:assets]
+        end
+
+      method = orig_request.request_method.capitalize
+      request = request_init(config, env, method, orig_request.fullpath)
+      copy_body(orig_request, request)
+
+      response = config[:http].request(config[:uri], request)
+      net_http_response_to_rack(env, response)
+    else
+      debug orig_request, "passing request to Rack stack"
+      @app.call(env)
+    end
+  end
+
+  def net_http_response_to_rack(env, response)
+    [
+     response.code.to_i,
+     extract_headers(env, response),
+     [(response.read_body() or '')]
+    ]
+  end
+
+  def wwwhisper_auth_request(env, req)
+    config = @request_config[:auth]
+    auth_request = request_init(config, env, 'Get', auth_query(req.path))
+    auth_response = config[:http].request(config[:uri], auth_request)
+    net_http_response_to_rack(env, auth_response)
+  end
+
+  def should_inject_iframe(status, headers)
+    status == 200 and headers['Content-Type'] =~ /text\/html/i
+  end
+
+  def inject_iframe(headers, body)
+    # If Content-Length is missing, Rack sets correct one.
+    headers.delete('Content-Length')
+    #todo: iterate?
+    body[0] = body[0].sub(/<\/body>/, "#{@wwwhisper_iframe}</body>")
+  end
+
+  def call(env)
+    req = Rack::Request.new(env)
+
+    req.path_info = Addressable::URI.normalize_path(req.path)
+    if req.path =~ %r{^#{@@WWWHISPER_PREFIX}auth}
+      # Requests to /@@WWWHISPER_PREFIX/auth/ should not be authorized,
+      # every visitor can access login pages.
+      return dispatch(env)
+    end
+    debug req, "sending auth request for #{req.path}"
+    auth_status, auth_headers, auth_body = wwwhisper_auth_request(env, req)
+
+    case auth_status
+    when 200
+      debug req, "access granted"
+      status, headers, body = dispatch(env)
+      inject_iframe(headers, body) if should_inject_iframe(status, headers)
+      [status, headers, body]
+    when 401, 403
+      login_needed = (auth_status == 401)
+      debug req,  login_needed ? "user not authenticated" : "access_denied"
+      req.path_info = login_needed ? auth_login_path() : auth_denied_path()
+      status, headers, body = dispatch(env)
+      auth_headers['Content-Type'] = headers['Content-Type']
+      # TODO: only here?
+      auth_headers['Content-Encoding'] = headers['Content-Encoding']
+      [auth_status, auth_headers, body]
+    else
+      debug req, "auth request failed"
+      [auth_status, auth_headers, auth_body]
+    end
+  end
+
+  # TODO: more private
+  private
+
+  def debug(req, message)
+    req.logger.debug "wwwhisper #{message}" if req.logger
+  end
+
+end
+
+end

data/test/test_wwwhisper.rb

@@ -0,0 +1,283 @@
+# Rack middleware that uses wwwhisper service to authorize visitors.
+# Copyright (C) 2013 Jan Wrobel <wrr@mixedbit.org>
+#
+# This program is freely distributable under the terms of the
+# Simplified BSD License. See COPYING.
+
+require 'rack/test'
+require 'test/unit'
+require 'webmock/test_unit'
+require 'rack/wwwhisper'
+
+ENV['RACK_ENV'] = 'test'
+
+class MockBackend
+  attr_accessor :response
+
+  def initialize()
+    @response = [200, {'Content-Type' => 'text/html'}, ['Hello World']]
+  end
+
+  def call(env)
+    @response
+  end
+end
+
+class TestWWWhisper < Test::Unit::TestCase
+  include Rack::Test::Methods
+  WWWHISPER_URL = 'https://example.com'
+  WWWHISPER_ASSETS_URL = 'https://assets.example.com'
+  SITE_PROTO = 'https'
+  SITE_HOST = 'bar.io'
+  SITE_PORT = 443
+
+  def setup()
+    @backend = MockBackend.new()
+    ENV['WWWHISPER_URL'] = WWWHISPER_URL
+    ENV['WWWHISPER_ASSETS_URL'] = WWWHISPER_ASSETS_URL
+    @wwwhisper = Rack::WWWhisper.new(@backend)
+  end
+
+  def app
+    @wwwhisper
+  end
+
+  def full_url(path)
+    "#{WWWHISPER_URL}#{path}"
+  end
+
+  def full_assets_url(path)
+    "#{WWWHISPER_ASSETS_URL}#{path}"
+  end
+
+  def test_wwwhisper_url_required
+    ENV.delete('WWWHISPER_URL')
+    assert_raise(StandardError) {
+      Rack::WWWhisper.new(@backend)
+    }
+  end
+
+  def get path, params={}, rack_env={}
+    rack_env['HTTP_HOST'] ||= SITE_HOST
+    rack_env['HTTP_X_FORWARDED_PROTO'] ||= SITE_PROTO
+    rack_env['HTTP_X_FORWARDED_PORT'] ||= SITE_PORT
+    super path, params, rack_env
+  end
+
+  def test_auth_query_path
+    assert_equal('/wwwhisper/auth/api/is-authorized/?path=/foo/bar',
+                 @wwwhisper.auth_query('/foo/bar'))
+  end
+
+  def test_request_allowed
+    path = '/foo/bar'
+    stub_request(:get, full_url(@wwwhisper.auth_query(path))).
+      to_return(:status => 200, :body => '', :headers => {})
+
+    get path
+    assert last_response.ok?
+    assert_equal 'Hello World', last_response.body
+    assert_requested :get, full_url(@wwwhisper.auth_query(path))
+  end
+
+  def test_login_required
+    path = '/foo/bar'
+    stub_request(:get, full_url(@wwwhisper.auth_query(path))).
+      to_return(:status => 401, :body => '', :headers => {})
+    stub_request(:get, full_assets_url(@wwwhisper.auth_login_path())).
+      to_return(:status => 200, :body => 'Login required', :headers => {})
+
+    get path
+    assert !last_response.ok?
+    assert_equal 401, last_response.status
+    assert_equal 'Login required', last_response.body
+    assert_requested :get, full_url(@wwwhisper.auth_query(path))
+    assert_requested :get, full_assets_url(@wwwhisper.auth_login_path())
+  end
+
+  def test_request_denied
+    path = '/foo/bar'
+    stub_request(:get, full_url(@wwwhisper.auth_query(path))).
+      to_return(:status => 403, :body => '', :headers => {})
+    stub_request(:get, full_assets_url(@wwwhisper.auth_denied_path())).
+      to_return(:status => 200, :body => 'Not authorized', :headers => {})
+
+    get path
+    assert !last_response.ok?
+    assert_equal 403, last_response.status
+    assert_equal 'Not authorized', last_response.body
+    assert_requested :get, full_url(@wwwhisper.auth_query(path))
+    assert_requested :get, full_assets_url(@wwwhisper.auth_denied_path())
+  end
+
+  def test_iframe_injected_to_html_response
+    path = '/foo/bar'
+    stub_request(:get, full_url(@wwwhisper.auth_query(path))).
+      to_return(:status => 200, :body => '', :headers => {})
+    # wwwhisper iframe is injected only when response is a html document
+    # with <body></body>
+    body = '<html><body>Hello World</body></html>'
+    @backend.response= [200, {'Content-Type' => 'text/html'}, [body]]
+
+    get path
+    assert last_response.ok?
+    assert_match(/.*<iframe id="wwwhisper-iframe".*/, last_response.body)
+    assert_requested :get, full_url(@wwwhisper.auth_query(path))
+  end
+
+  def test_iframe_not_injected_to_non_html_response
+    path = '/foo/bar'
+    stub_request(:get, full_url(@wwwhisper.auth_query(path))).
+      to_return(:status => 200, :body => '', :headers => {})
+    body = '<html><body>Hello World</body></html>'
+    @backend.response= [200, {'Content-Type' => 'text/plain'}, [body]]
+
+    get path
+    assert last_response.ok?
+    assert_equal(body, last_response.body)
+    assert_requested :get, full_url(@wwwhisper.auth_query(path))
+  end
+
+  def test_auth_query_not_sent_for_login_request
+    path = '/wwwhisper/auth/api/login'
+    stub_request(:get, full_url(path)).
+      to_return(:status => 200, :body => 'Login', :headers => {})
+
+    get path
+    assert last_response.ok?
+    assert_equal 'Login', last_response.body
+  end
+
+  def test_auth_cookies_passed_to_wwwhisper()
+    path = '/foo/bar'
+    stub_request(:get, full_url(@wwwhisper.auth_query(path))).
+      with(:headers => {'Cookie' => /wwwhisper_auth.+wwwhisper_csrf.+/}).
+      to_return(:status => 200, :body => '', :headers => {})
+
+    get(path, {},
+        {'HTTP_COOKIE' => 'wwwhisper_auth=xyz; wwwhisper_csrf_token=abc'})
+    assert last_response.ok?
+    assert_equal 'Hello World', last_response.body
+    assert_requested :get, full_url(@wwwhisper.auth_query(path))
+  end
+
+  def assert_path_normalized(normalized, requested)
+    stub_request(:get, full_url(@wwwhisper.auth_query(normalized))).
+      to_return(:status => 200, :body => '', :headers => {})
+
+    get requested
+    assert last_response.ok?
+    assert_equal 'Hello World', last_response.body
+    assert_requested :get, full_url(@wwwhisper.auth_query(normalized))
+    WebMock.reset!
+  end
+
+  def test_path_normalization
+    assert_path_normalized '/', '/'
+    assert_path_normalized '/foo/bar', '/foo/bar'
+    assert_path_normalized '/foo/bar/', '/foo/bar/'
+
+    assert_path_normalized '/foo/', '/auth/api/login/../../../foo/'
+    assert_path_normalized '/', '//'
+    assert_path_normalized '/', ''
+    assert_path_normalized '/', '/../'
+    assert_path_normalized '/', '/./././'
+    assert_path_normalized '/bar', '/foo/./bar/../../bar'
+    assert_path_normalized '/foo/', '/foo/bar/..'
+
+    # These two do not seem to be handled correctly and consistency,
+    # but this is not a big issue, because wwwhisper rejects such
+    # paths.
+    assert_path_normalized '/foo//', '/foo//'
+    assert_path_normalized '//', '/./././/'
+  end
+
+  def test_admin_request
+    path = '/wwwhisper/admin/api/users/xyz'
+    stub_request(:get, full_url(@wwwhisper.auth_query(path))).
+      to_return(:status => 200, :body => '', :headers => {})
+    stub_request(:delete, full_url(path)).
+      # Test that a header with multiple '-' is correctly passed
+      with(:headers => {'X-Requested-With' => 'XMLHttpRequest'}).
+      to_return(:status => 200, :body => 'admin page', :headers => {})
+
+    delete(path, {}, {'HTTP_X_REQUESTED_WITH' => 'XMLHttpRequest'})
+    assert last_response.ok?
+    assert_equal 'admin page', last_response.body
+  end
+
+  def test_invalid_auth_request
+    path = '/foo'
+    stub_request(:get, full_url(@wwwhisper.auth_query(path))).
+      to_return(:status => 400, :body => 'invalid request', :headers => {})
+
+    get path
+    assert !last_response.ok?
+    assert_equal 400, last_response.status
+    assert_equal 'invalid request', last_response.body
+  end
+
+  def test_site_url
+    path = '/foo/bar'
+    # Site-Url header should be sent to wwwhisper backend but not to
+    # assets server.
+    stub_request(:get, full_url(@wwwhisper.auth_query(path))).
+      with(:headers => {'Site-Url' => "#{SITE_PROTO}://#{SITE_HOST}"}).
+      to_return(:status => 401, :body => '', :headers => {})
+    stub_request(:get, full_assets_url(@wwwhisper.auth_login_path())).
+      with { |request| request.headers['Site-Url'] == nil}.
+      to_return(:status => 200, :body => 'Login required', :headers => {})
+
+    get path
+    assert !last_response.ok?
+    assert_equal 401, last_response.status
+    assert_equal 'Login required', last_response.body
+    assert_requested :get, full_url(@wwwhisper.auth_query(path))
+    assert_requested :get, full_assets_url(@wwwhisper.auth_login_path())
+  end
+
+  def test_site_url_with_non_default_port
+    path = '/foo/bar'
+    port = 11235
+    # Site-Url header should be sent to wwwhisper backend but not to
+    # assets server.
+    stub_request(:get, full_url(@wwwhisper.auth_query(path))).
+      with(:headers => {'Site-Url' => "#{SITE_PROTO}://#{SITE_HOST}:#{port}"}).
+      to_return(:status => 400, :body => '', :headers => {})
+
+    get(path, {}, {'HTTP_X_FORWARDED_PORT' => port.to_s})
+    assert !last_response.ok?
+    assert_equal 400, last_response.status
+    assert_requested :get, full_url(@wwwhisper.auth_query(path))
+  end
+
+  def test_aliases
+    requested_path = '/wwwhisper/auth/login'
+    expected_path = requested_path + '.html'
+    stub_request(:get, full_assets_url(expected_path)).
+      to_return(:status => 200, :body => 'Login', :headers => {})
+
+    get requested_path
+    assert last_response.ok?
+    assert_equal 'Login', last_response.body
+  end
+
+  def test_redirects
+    path = '/wwwhisper/admin/index.html'
+    stub_request(:get, full_url(@wwwhisper.auth_query(path))).
+      to_return(:status => 200, :body => '', :headers => {})
+    stub_request(:get, full_assets_url(path)).
+      to_return(:status => 303, :body => 'Admin page moved',
+                :headers => {'Location' => 'https://new.location/foo/bar'})
+
+    get path
+    assert !last_response.ok?
+    assert_equal 303, last_response.status
+    assert_equal 'Admin page moved', last_response.body
+    assert_equal("#{SITE_PROTO}://#{SITE_HOST}:#{SITE_PORT}/foo/bar",
+                 last_response['Location'])
+    assert_requested :get, full_url(@wwwhisper.auth_query(path))
+    assert_requested :get, full_assets_url(path)
+  end
+
+end

metadata

@@ -0,0 +1,145 @@
+--- !ruby/object:Gem::Specification
+name: rack-wwwhisper
+version: !ruby/object:Gem::Version
+  version: 1.0.0.pre
+  prerelease: 6
+platform: ruby
+authors:
+- Jan Wrobel
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2013-01-09 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: rack
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: '1.0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: '1.0'
+- !ruby/object:Gem::Dependency
+  name: addresable
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: '2.0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: '2.0'
+- !ruby/object:Gem::Dependency
+  name: net-http-persistent
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: rack-test
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: webmock
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+description: Middleware that uses wwwhisper service to authorize requests.
+email: wrr@mixedbit.org
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- lib/rack/wwwhisper.rb
+- test/test_wwwhisper.rb
+- Rakefile
+homepage: https://github.com/wrr/rack-wwwhisper
+licenses:
+- BSD
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  none: false
+  requirements:
+  - - ! '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  none: false
+  requirements:
+  - - ! '>'
+    - !ruby/object:Gem::Version
+      version: 1.3.1
+requirements: []
+rubyforge_project: 
+rubygems_version: 1.8.24
+signing_key: 
+specification_version: 3
+summary: Persona based authorization layer for Rack applications.
+test_files:
+- test/test_wwwhisper.rb