rack-wwwhisper 1.0.3.pre → 1.0.4

data/lib/rack/wwwhisper.rb

@@ -10,72 +10,55 @@ require 'rack/utils'
 
 module Rack
 
+class NoPublicCache
+  def initialize(app)
+    @app = app
+  end
+
+  def call(env)
+    status, headers, body = @app.call(env)
+    if cache_control = headers['Cache-Control']
+      # If caching is enabled, make sure it is private.
+      if (not cache_control.gsub!(/public/, 'private') and
+          cache_control.index(/max-age\s*=\s*0*[1-9]/))
+          cache_control.insert(0, 'private, ')
+      end
+    end
+    [status, headers, body]
+  end
+end
+
 class WWWhisper
-  @@DEFAULT_ASSETS_URL = 'https://c693db817dca7e162673-39ba3573e09a1fa9bea151a745461b70.ssl.cf1.rackcdn.com'
   @@WWWHISPER_PREFIX = '/wwwhisper/'
-  #@@AUTH_COOKIES_PREFIX = 'wwwhisper'
-
+  @@AUTH_COOKIES_PREFIX = 'wwwhisper'
+  @@FORWARDED_HEADERS = ['Accept', 'Accept-Language', 'Cookie', 'X-CSRFToken',
+                         'X-Requested-With']
   @@DEFAULT_IFRAME = \
-%Q[<iframe id="wwwhisper-iframe" src="%s"
- width="340" height="29" frameborder="0" scrolling="no"
+%Q[<iframe id="wwwhisper-iframe" src="%s" width="340" height="29"
  style="position:fixed; overflow:hidden; border:0px; bottom:0px;
  right:0px; z-index:11235; background-color:transparent;"> </iframe>
 ]
 
   def initialize(app)
     @app = app
-
     if ENV['WWWHISPER_DISABLE'] == "1"
       def self.call(env)
         @app.call(env)
       end
       return
     end
+    @app = NoPublicCache.new(app)
 
     if not ENV['WWWHISPER_URL']
       raise StandardError, 'WWWHISPER_URL environment variable not set'
     end
 
-    wwwhisper_http = http_init('wwwhisper')
-    wwwhisper_uri = parse_uri(ENV['WWWHISPER_URL'])
+    @http = http_init('wwwhisper')
+    @wwwhisper_uri = parse_uri(ENV['WWWHISPER_URL'])
 
     @wwwhisper_iframe = ENV['WWWHISPER_IFRAME'] ||
       sprintf(@@DEFAULT_IFRAME, wwwhisper_path('auth/overlay.html'))
     @wwwhisper_iframe_bytesize = Rack::Utils::bytesize(@wwwhisper_iframe)
-
-    @request_config = {
-      # TODO: probably now auth can be removed.
-      :auth => {
-        :forwarded_headers => ['Accept', 'Accept-Language', 'Cookie'],
-        :http => wwwhisper_http,
-        :uri => wwwhisper_uri,
-        :send_site_url => true,
-      },
-      :api => {
-        :forwarded_headers => ['Accept', 'Accept-Language', 'Cookie',
-                               'X-CSRFToken', 'X-Requested-With'],
-        :http => wwwhisper_http,
-        :uri => wwwhisper_uri,
-        :send_site_url => true,
-      },
-      :assets => {
-        # Don't pass Accept-Encoding to get uncompressed response (so
-        # iframe can be inserted to it).
-        :forwarded_headers => ['Accept', 'Accept-Language'],
-        :http => http_init('wwwhisper-assets'),
-        :uri => parse_uri(ENV['WWWHISPER_ASSETS_URL'] || @@DEFAULT_ASSETS_URL),
-        :send_site_url => false,
-      },
-    }
-
-    @aliases = {}
-    {
-      'auth/login' => 'auth/login.html',
-      'auth/logout' => 'auth/logout.html',
-      'admin/' => 'admin/index.html',
-    }.each do |k, v|
-      @aliases[wwwhisper_path(k)] = wwwhisper_path(v)
-    end
   end
 
   def wwwhisper_path(suffix)
@@ -89,7 +72,7 @@ class WWWhisper
   def call(env)
     req = Request.new(env)
 
-    if req.path =~ %r{^#{@@WWWHISPER_PREFIX}auth}
+    if req.path =~ %r{^#{wwwhisper_path('auth')}}
       # Requests to /@@WWWHISPER_PREFIX/auth/ should not be authorized,
       # every visitor can access login pages.
       return dispatch(req)
@@ -128,12 +111,17 @@ class WWWhisper
       env['HTTP_X_FORWARDED_PROTO'] || 'http'
     end
 
-    def host
+    def host_with_port
       env['HTTP_HOST']
     end
 
+    def host
+      host_with_port.to_s.gsub(/:\d+\z/, '')
+    end
+
     def port
-      env['HTTP_X_FORWARDED_PORT'] || default_port(scheme)
+      env['HTTP_X_FORWARDED_PORT'] || host_with_port.split(/:/)[1] ||
+        default_port(scheme)
     end
 
     def site_url
@@ -182,24 +170,25 @@ class WWWhisper
     return http
   end
 
-  def sub_request_init(config, rack_req, method, path)
-    path = @aliases[path] || path
+  def sub_request_init(rack_req, method, path)
     sub_req = Net::HTTP.const_get(method).new(path)
-    copy_headers(config[:forwarded_headers], rack_req.env, sub_req)
-    sub_req['Site-Url'] = rack_req.site_url if config[:send_site_url]
-    uri = config[:uri]
-    sub_req.basic_auth(uri.user, uri.password) if uri.user and uri.password
+    copy_headers(@@FORWARDED_HEADERS, rack_req.env, sub_req)
+    sub_req['Site-Url'] = rack_req.site_url
+    if @wwwhisper_uri.user and @wwwhisper_uri.password
+      sub_req.basic_auth(@wwwhisper_uri.user, @wwwhisper_uri.password)
+    end
     sub_req
   end
 
-  def has_value(dict, key)
-    dict[key] != nil and !dict[key].empty?
-  end
-
   def copy_headers(headers_names, env, sub_req)
     headers_names.each do |header|
       key = "HTTP_#{header.upcase}".gsub(/-/, '_')
-      sub_req[header] = env[key] if has_value(env, key)
+      value = env[key]
+      if value and key == 'HTTP_COOKIE'
+        # Pass only wwwhisper's cookies to the wwwhisper service.
+        value = value.scan(/#{@@AUTH_COOKIES_PREFIX}-[^;]*(?:;|$)/).join(' ')
+      end
+      sub_req[header] = value if value and not value.empty?
     end
   end
 
@@ -240,9 +229,8 @@ class WWWhisper
   end
 
   def wwwhisper_auth_request(req)
-    config = @request_config[:auth]
-    auth_req = sub_request_init(config, req, 'Get', auth_query(req.path))
-    config[:http].request(config[:uri], auth_req)
+    auth_req = sub_request_init(req, 'Get', auth_query(req.path))
+    @http.request(@wwwhisper_uri, auth_req)
   end
 
   def should_inject_iframe(status, headers)
@@ -277,18 +265,11 @@ class WWWhisper
     if orig_req.path =~ %r{^#{@@WWWHISPER_PREFIX}}
       debug orig_req, "passing request to wwwhisper service #{orig_req.path}"
 
-      config =
-        if orig_req.path =~ %r{^#{@@WWWHISPER_PREFIX}(auth|admin)/api/}
-          @request_config[:api]
-        else
-          @request_config[:assets]
-        end
-
       method = orig_req.request_method.capitalize
-      sub_req = sub_request_init(config, orig_req, method, orig_req.fullpath)
+      sub_req = sub_request_init(orig_req, method, orig_req.fullpath)
       copy_body(orig_req, sub_req)
 
-      sub_resp = config[:http].request(config[:uri], sub_req)
+      sub_resp = @http.request(@wwwhisper_uri, sub_req)
       sub_response_to_rack(orig_req, sub_resp)
     else
       debug orig_req, 'passing request to Rack stack'

data/test/test_wwwhisper.rb

@@ -27,12 +27,16 @@ class MockBackend
     assert_equal @expected_email, env['REMOTE_USER']
     @response
   end
+
+  def add_response_header(key, value)
+    @response[1][key] = value
+  end
+
 end
 
 class TestWWWhisper < Test::Unit::TestCase
   include Rack::Test::Methods
   WWWHISPER_URL = 'https://example.com'
-  WWWHISPER_ASSETS_URL = 'https://assets.example.com'
   SITE_PROTO = 'https'
   SITE_HOST = 'bar.io'
   SITE_PORT = 443
@@ -41,7 +45,6 @@ class TestWWWhisper < Test::Unit::TestCase
     @backend = MockBackend.new(TEST_USER)
     ENV.delete('WWWHISPER_DISABLE')
     ENV['WWWHISPER_URL'] = WWWHISPER_URL
-    ENV['WWWHISPER_ASSETS_URL'] = WWWHISPER_ASSETS_URL
     @wwwhisper = Rack::WWWhisper.new(@backend)
   end
 
@@ -53,10 +56,6 @@ class TestWWWhisper < Test::Unit::TestCase
     "#{WWWHISPER_URL}#{path}"
   end
 
-  def full_assets_url(path)
-    "#{WWWHISPER_ASSETS_URL}#{path}"
-  end
-
   def test_wwwhisper_url_required
     ENV.delete('WWWHISPER_URL')
     assert_raise(StandardError) {
@@ -169,11 +168,29 @@ class TestWWWhisper < Test::Unit::TestCase
   def test_auth_cookies_passed_to_wwwhisper()
     path = '/foo/bar'
     stub_request(:get, full_url(@wwwhisper.auth_query(path))).
-      with(:headers => {'Cookie' => /wwwhisper_auth.+wwwhisper_csrf.+/}).
+      with(:headers => {
+             'Cookie' => /wwwhisper-auth=xyz; wwwhisper-csrftoken=abc/
+           }).
       to_return(granted())
 
     get(path, {},
-        {'HTTP_COOKIE' => 'wwwhisper_auth=xyz; wwwhisper_csrf_token=abc'})
+        {'HTTP_COOKIE' => 'wwwhisper-auth=xyz; wwwhisper-csrftoken=abc'})
+    assert last_response.ok?
+    assert_equal 'Hello World', last_response.body
+    assert_requested :get, full_url(@wwwhisper.auth_query(path))
+  end
+
+  def test_non_wwwhisper_cookies_not_passed_to_wwwhisper()
+    path = '/foo/bar'
+    stub_request(:get, full_url(@wwwhisper.auth_query(path))).
+      with(:headers => {
+             'Cookie' => /wwwhisper-auth=xyz; wwwhisper-csrftoken=abc/
+           }).
+      to_return(granted())
+
+    get(path, {},
+        {'HTTP_COOKIE' => 'session=123; wwwhisper-auth=xyz;' +
+          'settings=foobar; wwwhisper-csrftoken=abc'})
     assert last_response.ok?
     assert_equal 'Hello World', last_response.body
     assert_requested :get, full_url(@wwwhisper.auth_query(path))
@@ -246,13 +263,12 @@ class TestWWWhisper < Test::Unit::TestCase
   def test_site_url
     path = '/wwwhisper/admin/index.html'
 
-    # Site-Url header should be sent to wwwhisper backend but not to
-    # assets server.
+    # Site-Url header should be sent to wwwhisper backend.
     stub_request(:get, full_url(@wwwhisper.auth_query(path))).
       with(:headers => {'Site-Url' => "#{SITE_PROTO}://#{SITE_HOST}"}).
       to_return(granted())
-    stub_request(:get, full_assets_url(path)).
-      with { |request| request.headers['Site-Url'] == nil}.
+    stub_request(:get, full_url(path)).
+      with(:headers => {'Site-Url' => "#{SITE_PROTO}://#{SITE_HOST}"}).
       to_return(:status => 200, :body => 'Admin page', :headers => {})
 
     get path
@@ -260,7 +276,21 @@ class TestWWWhisper < Test::Unit::TestCase
     assert_equal 200, last_response.status
     assert_equal 'Admin page', last_response.body
     assert_requested :get, full_url(@wwwhisper.auth_query(path))
-    assert_requested :get, full_assets_url(path)
+    assert_requested :get, full_url(path)
+  end
+
+  def test_host_with_port
+    path = '/foo'
+    host = 'localhost:5000'
+    stub_request(:get, full_url(@wwwhisper.auth_query(path))).
+      # Test makes sure that port is not repeated in Site-Url.
+      with(:headers => {'Site-Url' => "#{SITE_PROTO}://#{host}"}).
+      to_return(:status => 401, :body => 'Login required', :headers => {})
+
+    # TODO: start here
+    get(path, {}, {'HTTP_HOST' => host, 'HTTP_X_FORWARDED_PORT' => '5000'})
+    assert_equal 401, last_response.status
+    assert_requested :get, full_url(@wwwhisper.auth_query(path))
   end
 
   def test_site_url_with_non_default_port
@@ -278,22 +308,11 @@ class TestWWWhisper < Test::Unit::TestCase
     assert_requested :get, full_url(@wwwhisper.auth_query(path))
   end
 
-  def test_aliases
-    requested_path = '/wwwhisper/auth/login'
-    expected_path = requested_path + '.html'
-    stub_request(:get, full_assets_url(expected_path)).
-      to_return(:status => 200, :body => 'Login', :headers => {})
-
-    get requested_path
-    assert last_response.ok?
-    assert_equal 'Login', last_response.body
-  end
-
   def test_redirects
     path = '/wwwhisper/admin/index.html'
     stub_request(:get, full_url(@wwwhisper.auth_query(path))).
       to_return(granted())
-    stub_request(:get, full_assets_url(path)).
+    stub_request(:get, full_url(path)).
       to_return(:status => 303, :body => 'Admin page moved',
                 :headers => {'Location' => 'https://new.location/foo/bar'})
 
@@ -304,7 +323,7 @@ class TestWWWhisper < Test::Unit::TestCase
     assert_equal("#{SITE_PROTO}://#{SITE_HOST}:#{SITE_PORT}/foo/bar",
                  last_response['Location'])
     assert_requested :get, full_url(@wwwhisper.auth_query(path))
-    assert_requested :get, full_assets_url(path)
+    assert_requested :get, full_url(path)
   end
 
   def test_disable_wwwhisper
@@ -331,4 +350,20 @@ class TestWWWhisper < Test::Unit::TestCase
     assert_not_nil last_response['Content-Length']
   end
 
+  def test_public_caching_disabled()
+    path = '/foo/bar'
+    stub_request(:get, full_url(@wwwhisper.auth_query(path))).
+      to_return(granted())
+    @backend.add_response_header('Cache-Control', 'public, max-age=60')
+
+    get path
+    assert last_response.ok?
+    assert_equal 'private, max-age=60', last_response['Cache-Control']
+
+    @backend.add_response_header('Cache-Control', 'max-age=60')
+    get path
+    assert last_response.ok?
+    assert_equal 'private, max-age=60', last_response['Cache-Control']
+  end
+
 end

metadata

@@ -1,15 +1,15 @@
 --- !ruby/object:Gem::Specification
 name: rack-wwwhisper
 version: !ruby/object:Gem::Version
-  version: 1.0.3.pre
-  prerelease: 6
+  version: 1.0.4
+  prerelease: 
 platform: ruby
 authors:
 - Jan Wrobel
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2013-01-11 00:00:00.000000000 Z
+date: 2013-01-23 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rack
@@ -131,13 +131,16 @@ required_ruby_version: !ruby/object:Gem::Requirement
       version: '0'
       segments:
       - 0
-      hash: 1268452761752086879
+      hash: -4405127786806447004
 required_rubygems_version: !ruby/object:Gem::Requirement
   none: false
   requirements:
-  - - ! '>'
+  - - ! '>='
     - !ruby/object:Gem::Version
-      version: 1.3.1
+      version: '0'
+      segments:
+      - 0
+      hash: -4405127786806447004
 requirements: []
 rubyforge_project: 
 rubygems_version: 1.8.24