rack_ip_restrictor 0.1.0

data/.document

@@ -0,0 +1,5 @@
+lib/**/*.rb
+bin/*
+- 
+features/**/*.feature
+LICENSE.txt

data/.rspec

@@ -0,0 +1 @@
+--color

data/Gemfile

@@ -0,0 +1,11 @@
+source "http://rubygems.org"
+gem "activesupport", ">= 2.3.5"
+
+# Add dependencies to develop your gem here.
+# Include everything needed to run rake, tests, features, etc.
+group :development do
+  gem "rspec", "~> 2.3.0"
+  gem "yard", "~> 0.6.0"
+  gem "bundler", "~> 1.0.0"
+  gem "jeweler", "~> 1.5.2"
+end

data/Gemfile.lock

@@ -0,0 +1,30 @@
+GEM
+  remote: http://rubygems.org/
+  specs:
+    activesupport (3.0.6)
+    diff-lcs (1.1.2)
+    git (1.2.5)
+    jeweler (1.5.2)
+      bundler (~> 1.0.0)
+      git (>= 1.2.5)
+      rake
+    rake (0.8.7)
+    rspec (2.3.0)
+      rspec-core (~> 2.3.0)
+      rspec-expectations (~> 2.3.0)
+      rspec-mocks (~> 2.3.0)
+    rspec-core (2.3.1)
+    rspec-expectations (2.3.0)
+      diff-lcs (~> 1.1.2)
+    rspec-mocks (2.3.0)
+    yard (0.6.7)
+
+PLATFORMS
+  ruby
+
+DEPENDENCIES
+  activesupport (>= 2.3.5)
+  bundler (~> 1.0.0)
+  jeweler (~> 1.5.2)
+  rspec (~> 2.3.0)
+  yard (~> 0.6.0)

data/LICENSE.txt

@@ -0,0 +1,20 @@
+Copyright (c) 2011 Alexander Dreher
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.rdoc

@@ -0,0 +1,62 @@
+= rack_ip_restrictor
+
+Restricts requests to specific IP addresses and ranges for specified paths.
+
+== Installation
+Add the following line to your Gemfile
+  gem "rack_ip_restrictor"
+
+If you want to use it as plugin
+  rails plugin install git://github.com/phatworx/rack_ip_restrictor.git
+
+== Using
+=== Rails 3
+Create an initializer file in +config/initializers+, e.g. +config/initializers/rack_ip_restrictor.rb+ with your configuration. See the documentation for details.
+
+  Rack::IpRestrictor.configure do
+    respond_with [403, {'Content-Type' => 'text/html'}, '']
+
+    ips_for :test do
+      add '127.0.0.1'
+      add '127.0.0.2/8'
+    end
+
+    restrict /^\/admin/, '/admin', :only => :test
+  end
+
+Add the configured middleware in the +config/application.rb+
+
+  # [...]
+    class Application < Rails::Application
+      # [...]
+      config.middleware.use Rack::IpRestrictor.middleware
+      # [...]
+    end
+  # [...]
+
+Start/restart your rails server and see it working.
+
+== Features
+TODO
+
+== Maintainers
+
+* Team Phatworx (http://github.com/phatworx)
+* Alexander Dreher (http://github.com/alexdreher)
+* Marco Scholl (http://github.com/traxanos)
+
+
+== Contributing to rack_ip_restrictor
+ 
+* Check out the latest master to make sure the feature hasn't been implemented or the bug hasn't been fixed yet
+* Check out the issue tracker to make sure someone already hasn't requested it and/or contributed it
+* Fork the project
+* Start a feature/bugfix branch
+* Commit and push until you are happy with your contribution
+* Make sure to add tests for it. This is important so I don't break it in a future version unintentionally.
+* Please try not to mess with the Rakefile, version, or history. If you want to have your own version, or is otherwise necessary, that is fine, but please isolate to its own commit so I can cherry-pick around it.
+
+== Copyright
+
+Copyright (c) 2011 Alexander Dreher. See LICENSE.txt for further details.
+

data/Rakefile

@@ -0,0 +1,38 @@
+require 'rubygems'
+require 'bundler'
+begin
+  Bundler.setup(:default, :development)
+rescue Bundler::BundlerError => e
+  $stderr.puts e.message
+  $stderr.puts "Run `bundle install` to install missing gems"
+  exit e.status_code
+end
+require 'rake'
+
+require 'jeweler'
+Jeweler::Tasks.new do |gem|
+  # gem is a Gem::Specification... see http://docs.rubygems.org/read/chapter/20 for more options
+  gem.name = "rack_ip_restrictor"
+  gem.homepage = "http://github.com/phatworx/rack_ip_restrictor"
+  gem.license = "MIT"
+  gem.summary = %Q{IP restriction middleware}
+  gem.description = %Q{Restricts requests to specific IP addresses and ranges for specified paths}
+  gem.email = "team@phatworx.de"
+  gem.authors = ["Alexander Dreher"]
+  # Include your dependencies below. Runtime dependencies are required when using your gem,
+  # and development dependencies are only needed for development (ie running rake tasks, tests, etc)
+  #  gem.add_runtime_dependency 'jabber4r', '> 0.1'
+  #  gem.add_development_dependency 'rspec', '> 1.2.3'
+end
+Jeweler::RubygemsDotOrgTasks.new
+
+require 'rspec/core'
+require 'rspec/core/rake_task'
+RSpec::Core::RakeTask.new(:spec) do |spec|
+  spec.pattern = FileList['spec/**/*_spec.rb']
+end
+
+task :default => :spec
+
+require 'yard'
+YARD::Rake::YardocTask.new

data/VERSION

@@ -0,0 +1 @@
+0.1.0

data/init.rb

@@ -0,0 +1 @@
+require 'rack_ip_restrictor'

data/lib/rack_ip_restrictor/config.rb

@@ -0,0 +1,55 @@
+module Rack::IpRestrictor
+  # Configuration class for the IpRestrictor
+  # @example
+  #  Rack::IpRestrictor.configure do
+  #    respond_with [403, {'Content-Type' => 'text/html'}, '']
+  #
+  #    ips_for :test do
+  #      add '127.0.0.1'
+  #      add '127.0.0.2/8'
+  #    end
+  #
+  #    restrict /^\/admin/, '/admin', :only => :test
+  #  end
+  # @see README.rdoc
+  class Config
+    attr_accessor :response, :ip_groups, :restrictions
+
+    def initialize
+      @ip_groups = {}
+      @restrictions = []
+      @response = [
+        403,
+        {'Content-Type' => 'text/html'},
+        ''
+      ]
+    end
+
+    # Overwrites the default response. Same format as a middleware response.
+    #
+    # @param [Array<Integer, String, String>] response status, a set of headers, body
+    def respond_with(response)
+      @response = response
+    end
+
+    # Sets and gets IP addresses for a named group
+    #
+    # @return [IpGroup] IP addresses for a named group
+    def ips_for(name, &block)
+      if block_given?
+        @ip_groups[name] = IpGroup.new
+        @ip_groups[name].instance_eval &block
+        @ip_groups[name]
+      else
+        @ip_groups[name]
+      end
+    end
+
+    # Adds a restriction
+    # @see Restriction#initialize
+    def restrict(*args)
+      @restrictions << Restriction.new(*args)
+    end
+
+  end
+end

data/lib/rack_ip_restrictor/ip_group.rb

@@ -0,0 +1,29 @@
+module Rack::IpRestrictor
+  # Stores and handles groups of IP's added as String, converted into hash of IpAddr
+  class IpGroup
+
+    def initialize
+      @addresses = {}
+    end
+
+    # Adds an IP address to the list of addresses as instance of IPAddr
+    #
+    # @param [String] ip_arg IP address as String
+    def add(ip_arg)
+      @addresses[ip_arg] = IPAddr.new(ip_arg)
+    end
+
+    # @return [Array] Keys of addresses set
+    def ips
+      @addresses.keys
+    end
+
+    # @param [IpAddr] remote_addr The IP address of the requester
+    def include?(remote_addr)
+      @addresses.each do |key, value|
+        return true if value.include? remote_addr
+      end
+      false
+    end
+  end
+end

data/lib/rack_ip_restrictor/middleware.rb

@@ -0,0 +1,25 @@
+# Rack middleware
+class Rack::IpRestrictor::Middleware
+
+  def initialize(app, options={})
+    @app = app
+    @options = options
+  end
+
+  # Rack middleware call method
+  def call(env)
+    remote_addr = IPAddr.new(env['REMOTE_ADDR'])
+
+    Rack::IpRestrictor.config.restrictions.each do |restriction|
+      return access_denied unless restriction.validate(env, remote_addr)
+    end
+
+    @app.call(env)
+  end
+
+  private
+  # @return [Array] The response array [Status, set of headers, body]
+  def access_denied
+    Rack::IpRestrictor.config.response
+  end
+end

data/lib/rack_ip_restrictor/restriction.rb

@@ -0,0 +1,58 @@
+module Rack::IpRestrictor
+  # Handles restrictions
+  class Restriction
+
+    # Inits a new restriction
+    #
+    # @example Path as String
+    #   restrict '/admin', :only => :test
+    # @example Path as Regexp
+    #   restrict /^\/admin/, :only => :test
+    # @example List of paths; Strings and Regexps can be combined
+    #   restrict /^\/admin/, '/internal', '/secret', :only => :test
+    #
+    # @param [Array<String, Regexp, Hash>] *args
+    #
+    # @todo Add other options, i.e. an array of IP groups
+    #   :only => [:test1, :admins]
+    def initialize(*args)
+      @options = args.extract_options!
+
+      raise Exception, "invalid argument" unless @options.has_key? :only and @options[:only].is_a? Symbol
+
+      @paths = args
+      @paths.each do |path|
+        raise Exception, "invalid path argument" unless path.is_a? String or path.is_a? Regexp
+      end
+
+    end
+
+    # Validates, if a request (with a remote_address) is allowed to access the requested path
+    # @see Middleware#call
+    def validate(env, remote_addr)
+      @paths.each do |path|
+        if concerns_path?(env["PATH_INFO"]) and not concerns_ip?(remote_addr)
+          return false
+        end
+      end
+
+      true
+    end
+
+    private
+
+    # @return [Boolean] Is the remote_addr included in a configured IP range?
+    def concerns_ip?(remote_addr)
+      Rack::IpRestrictor.config.ips_for(@options[:only]).include?(remote_addr)
+    end
+
+    # @return [Boolean] Does the request concern a configured path?
+    def concerns_path?(request_path)
+      @paths.each do |path|
+        return true if path.is_a? String and path == request_path
+        return true if path.is_a? Regexp and path =~ request_path
+      end
+      false
+    end
+  end
+end

data/lib/rack_ip_restrictor.rb

@@ -0,0 +1,30 @@
+require 'ipaddr'
+require 'active_support/core_ext/array/extract_options'
+
+# namespace Rack
+module Rack
+  # namespace IpRestrictor
+  module IpRestrictor
+    class << self
+      attr_reader :config
+
+      # @see Config#initialize
+      def configure(&block)
+        @config = IpRestrictor::Config.new
+        @config.instance_eval &block
+      end
+
+      # Rack middleware
+      # @return [Middleware] The configured plug & play Rack middleware
+      def middleware
+        IpRestrictor::Middleware
+      end
+    end
+  end
+end
+
+require 'rack_ip_restrictor/ip_group'
+require 'rack_ip_restrictor/middleware'
+require 'rack_ip_restrictor/config'
+require 'rack_ip_restrictor/restriction'
+

data/rack_ip_restrictor.gemspec

@@ -0,0 +1,74 @@
+# Generated by jeweler
+# DO NOT EDIT THIS FILE DIRECTLY
+# Instead, edit Jeweler::Tasks in Rakefile, and run 'rake gemspec'
+# -*- encoding: utf-8 -*-
+
+Gem::Specification.new do |s|
+  s.name = %q{rack_ip_restrictor}
+  s.version = "0.1.0"
+
+  s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
+  s.authors = ["Alexander Dreher"]
+  s.date = %q{2011-04-12}
+  s.description = %q{Restricts requests to specific IP addresses and ranges for specified paths}
+  s.email = %q{team@phatworx.de}
+  s.extra_rdoc_files = [
+    "LICENSE.txt",
+    "README.rdoc"
+  ]
+  s.files = [
+    ".document",
+    ".rspec",
+    "Gemfile",
+    "Gemfile.lock",
+    "LICENSE.txt",
+    "README.rdoc",
+    "Rakefile",
+    "VERSION",
+    "init.rb",
+    "lib/rack_ip_restrictor.rb",
+    "lib/rack_ip_restrictor/config.rb",
+    "lib/rack_ip_restrictor/ip_group.rb",
+    "lib/rack_ip_restrictor/middleware.rb",
+    "lib/rack_ip_restrictor/restriction.rb",
+    "rack_ip_restrictor.gemspec",
+    "spec/rack_ip_restrictor_spec.rb",
+    "spec/rule_set_spec.rb",
+    "spec/spec_helper.rb"
+  ]
+  s.homepage = %q{http://github.com/phatworx/rack_ip_restrictor}
+  s.licenses = ["MIT"]
+  s.require_paths = ["lib"]
+  s.rubygems_version = %q{1.6.2}
+  s.summary = %q{IP restriction middleware}
+  s.test_files = [
+    "spec/rack_ip_restrictor_spec.rb",
+    "spec/rule_set_spec.rb",
+    "spec/spec_helper.rb"
+  ]
+
+  if s.respond_to? :specification_version then
+    s.specification_version = 3
+
+    if Gem::Version.new(Gem::VERSION) >= Gem::Version.new('1.2.0') then
+      s.add_runtime_dependency(%q<activesupport>, [">= 2.3.5"])
+      s.add_development_dependency(%q<rspec>, ["~> 2.3.0"])
+      s.add_development_dependency(%q<yard>, ["~> 0.6.0"])
+      s.add_development_dependency(%q<bundler>, ["~> 1.0.0"])
+      s.add_development_dependency(%q<jeweler>, ["~> 1.5.2"])
+    else
+      s.add_dependency(%q<activesupport>, [">= 2.3.5"])
+      s.add_dependency(%q<rspec>, ["~> 2.3.0"])
+      s.add_dependency(%q<yard>, ["~> 0.6.0"])
+      s.add_dependency(%q<bundler>, ["~> 1.0.0"])
+      s.add_dependency(%q<jeweler>, ["~> 1.5.2"])
+    end
+  else
+    s.add_dependency(%q<activesupport>, [">= 2.3.5"])
+    s.add_dependency(%q<rspec>, ["~> 2.3.0"])
+    s.add_dependency(%q<yard>, ["~> 0.6.0"])
+    s.add_dependency(%q<bundler>, ["~> 1.0.0"])
+    s.add_dependency(%q<jeweler>, ["~> 1.5.2"])
+  end
+end
+

data/spec/rack_ip_restrictor_spec.rb

@@ -0,0 +1,65 @@
+require File.expand_path(File.dirname(__FILE__) + '/spec_helper')
+
+describe Rack::IpRestrictor do
+  describe "#middleware" do
+    subject { Rack::IpRestrictor.middleware }
+
+    it { should respond_to :new }
+
+    describe "#new" do
+      subject { Rack::IpRestrictor.middleware.new([]) }
+      it { should respond_to :call }
+    end
+  end
+
+  context "#configure" do
+    describe "#ips_for :test" do
+      before do
+
+        Rack::IpRestrictor.configure do
+          ips_for :test do
+            add '127.0.0.1'
+            add '127.0.0.2/8'
+          end
+        end
+
+      end
+
+      it "sould be configured" do
+        Rack::IpRestrictor.config.should_not be_nil
+      end
+
+      it "should have one ip groups" do
+        Rack::IpRestrictor.config.ip_groups.size.should == 1
+      end
+
+      it "should have 2 ips" do
+        Rack::IpRestrictor.config.ips_for(:test).ips.size.should == 2
+      end
+
+    end
+
+    describe "#restrict '/secret'" do
+      before do
+
+        Rack::IpRestrictor.configure do
+          respond_with [404, {'Content-Type' => 'text/html'}, "Not found"]
+
+          ips_for :test do
+            add '127.0.0.1'
+            add '127.0.0.2/8'
+          end
+
+          restrict '/test'
+          restrict /^\/test/
+          restrict ['/test', '/test2']
+        end
+
+      end
+
+      it "sould be configured" do
+        Rack::IpRestrictor.config.should_not be_nil
+      end
+    end
+  end
+end

data/spec/rule_set_spec.rb

@@ -0,0 +1,18 @@
+#require File.expand_path(File.dirname(__FILE__) + '/spec_helper')
+#
+#describe Rack::IpRestrictor::RuleSet do
+#  before { @rule_set = Rack::IpRestrictor::RuleSet.new }
+#  subject { @rule_set }
+#
+#  it "#ip_group" do
+#    @rule_set.ip_group :test do
+#
+#      address '127.0.0.1'
+#
+#    end
+#
+#    
+#
+#  end
+#
+#end

data/spec/spec_helper.rb

@@ -0,0 +1,12 @@
+$LOAD_PATH.unshift(File.join(File.dirname(__FILE__), '..', 'lib'))
+$LOAD_PATH.unshift(File.dirname(__FILE__))
+require 'rspec'
+require 'rack_ip_restrictor'
+
+# Requires supporting files with custom matchers and macros, etc,
+# in ./support/ and its subdirectories.
+Dir["#{File.dirname(__FILE__)}/support/**/*.rb"].each {|f| require f}
+
+RSpec.configure do |config|
+  
+end

metadata

@@ -0,0 +1,133 @@
+--- !ruby/object:Gem::Specification 
+name: rack_ip_restrictor
+version: !ruby/object:Gem::Version 
+  prerelease: 
+  version: 0.1.0
+platform: ruby
+authors: 
+- Alexander Dreher
+autorequire: 
+bindir: bin
+cert_chain: []
+
+date: 2011-04-12 00:00:00 +02:00
+default_executable: 
+dependencies: 
+- !ruby/object:Gem::Dependency 
+  name: activesupport
+  requirement: &id001 !ruby/object:Gem::Requirement 
+    none: false
+    requirements: 
+    - - ">="
+      - !ruby/object:Gem::Version 
+        version: 2.3.5
+  type: :runtime
+  prerelease: false
+  version_requirements: *id001
+- !ruby/object:Gem::Dependency 
+  name: rspec
+  requirement: &id002 !ruby/object:Gem::Requirement 
+    none: false
+    requirements: 
+    - - ~>
+      - !ruby/object:Gem::Version 
+        version: 2.3.0
+  type: :development
+  prerelease: false
+  version_requirements: *id002
+- !ruby/object:Gem::Dependency 
+  name: yard
+  requirement: &id003 !ruby/object:Gem::Requirement 
+    none: false
+    requirements: 
+    - - ~>
+      - !ruby/object:Gem::Version 
+        version: 0.6.0
+  type: :development
+  prerelease: false
+  version_requirements: *id003
+- !ruby/object:Gem::Dependency 
+  name: bundler
+  requirement: &id004 !ruby/object:Gem::Requirement 
+    none: false
+    requirements: 
+    - - ~>
+      - !ruby/object:Gem::Version 
+        version: 1.0.0
+  type: :development
+  prerelease: false
+  version_requirements: *id004
+- !ruby/object:Gem::Dependency 
+  name: jeweler
+  requirement: &id005 !ruby/object:Gem::Requirement 
+    none: false
+    requirements: 
+    - - ~>
+      - !ruby/object:Gem::Version 
+        version: 1.5.2
+  type: :development
+  prerelease: false
+  version_requirements: *id005
+description: Restricts requests to specific IP addresses and ranges for specified paths
+email: team@phatworx.de
+executables: []
+
+extensions: []
+
+extra_rdoc_files: 
+- LICENSE.txt
+- README.rdoc
+files: 
+- .document
+- .rspec
+- Gemfile
+- Gemfile.lock
+- LICENSE.txt
+- README.rdoc
+- Rakefile
+- VERSION
+- init.rb
+- lib/rack_ip_restrictor.rb
+- lib/rack_ip_restrictor/config.rb
+- lib/rack_ip_restrictor/ip_group.rb
+- lib/rack_ip_restrictor/middleware.rb
+- lib/rack_ip_restrictor/restriction.rb
+- rack_ip_restrictor.gemspec
+- spec/rack_ip_restrictor_spec.rb
+- spec/rule_set_spec.rb
+- spec/spec_helper.rb
+has_rdoc: true
+homepage: http://github.com/phatworx/rack_ip_restrictor
+licenses: 
+- MIT
+post_install_message: 
+rdoc_options: []
+
+require_paths: 
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement 
+  none: false
+  requirements: 
+  - - ">="
+    - !ruby/object:Gem::Version 
+      hash: -1851724760224035934
+      segments: 
+      - 0
+      version: "0"
+required_rubygems_version: !ruby/object:Gem::Requirement 
+  none: false
+  requirements: 
+  - - ">="
+    - !ruby/object:Gem::Version 
+      version: "0"
+requirements: []
+
+rubyforge_project: 
+rubygems_version: 1.6.2
+signing_key: 
+specification_version: 3
+summary: IP restriction middleware
+test_files: 
+- spec/rack_ip_restrictor_spec.rb
+- spec/rule_set_spec.rb
+- spec/spec_helper.rb