really-broken-geocoder 1.5.1

data/lib/geocoder/models/active_record.rb

@@ -0,0 +1,51 @@
+require 'geocoder/models/base'
+
+module Geocoder
+  module Model
+    module ActiveRecord
+      include Base
+
+      ##
+      # Set attribute names and include the Geocoder module.
+      #
+      def geocoded_by(address_attr, options = {}, &block)
+        geocoder_init(
+          :geocode       => true,
+          :user_address  => address_attr,
+          :latitude      => options[:latitude]  || :latitude,
+          :longitude     => options[:longitude] || :longitude,
+          :geocode_block => block,
+          :units         => options[:units],
+          :method        => options[:method],
+          :lookup        => options[:lookup],
+          :language      => options[:language],
+          :params        => options[:params]
+        )
+      end
+
+      ##
+      # Set attribute names and include the Geocoder module.
+      #
+      def reverse_geocoded_by(latitude_attr, longitude_attr, options = {}, &block)
+        geocoder_init(
+          :reverse_geocode => true,
+          :fetched_address => options[:address] || :address,
+          :latitude        => latitude_attr,
+          :longitude       => longitude_attr,
+          :reverse_block   => block,
+          :units           => options[:units],
+          :method          => options[:method],
+          :lookup          => options[:lookup],
+          :language        => options[:language],
+          :params          => options[:params]
+        )
+      end
+
+
+      private # --------------------------------------------------------------
+
+      def geocoder_file_name;   "active_record"; end
+      def geocoder_module_name; "ActiveRecord"; end
+    end
+  end
+end

data/lib/geocoder/models/base.rb

@@ -0,0 +1,39 @@
+module Geocoder
+
+  ##
+  # Methods for invoking Geocoder in a model.
+  #
+  module Model
+    module Base
+
+      def geocoder_options
+        if defined?(@geocoder_options)
+          @geocoder_options
+        elsif superclass.respond_to?(:geocoder_options)
+          superclass.geocoder_options || { }
+        else
+          { }
+        end
+      end
+
+      def geocoded_by
+        fail
+      end
+
+      def reverse_geocoded_by
+        fail
+      end
+
+      private # ----------------------------------------------------------------
+
+      def geocoder_init(options)
+        unless defined?(@geocoder_options)
+          @geocoder_options = {}
+          require "geocoder/stores/#{geocoder_file_name}"
+          include Geocoder::Store.const_get(geocoder_module_name)
+        end
+        @geocoder_options.merge! options
+      end
+    end
+  end
+end

data/lib/geocoder/models/mongo_base.rb

@@ -0,0 +1,62 @@
+module Geocoder
+
+  ##
+  # Methods for invoking Geocoder in a model.
+  #
+  module Model
+    module MongoBase
+
+      ##
+      # Set attribute names and include the Geocoder module.
+      #
+      def geocoded_by(address_attr, options = {}, &block)
+        geocoder_init(
+          :geocode       => true,
+          :user_address  => address_attr,
+          :coordinates   => options[:coordinates] || :coordinates,
+          :geocode_block => block,
+          :units         => options[:units],
+          :method        => options[:method],
+          :skip_index    => options[:skip_index] || false,
+          :lookup        => options[:lookup],
+          :language      => options[:language]
+        )
+      end
+
+      ##
+      # Set attribute names and include the Geocoder module.
+      #
+      def reverse_geocoded_by(coordinates_attr, options = {}, &block)
+        geocoder_init(
+          :reverse_geocode => true,
+          :fetched_address => options[:address] || :address,
+          :coordinates     => coordinates_attr,
+          :reverse_block   => block,
+          :units           => options[:units],
+          :method          => options[:method],
+          :skip_index      => options[:skip_index] || false,
+          :lookup          => options[:lookup],
+          :language        => options[:language]
+        )
+      end
+
+      private # ----------------------------------------------------------------
+
+      def geocoder_init(options)
+        unless geocoder_initialized?
+          @geocoder_options = { }
+          require "geocoder/stores/#{geocoder_file_name}"
+          include Geocoder::Store.const_get(geocoder_module_name)
+        end
+        @geocoder_options.merge! options
+      end
+
+      def geocoder_initialized?
+        included_modules.include? Geocoder::Store.const_get(geocoder_module_name)
+      rescue NameError
+        false
+      end
+    end
+  end
+end
+

data/lib/geocoder/models/mongo_mapper.rb

@@ -0,0 +1,26 @@
+require 'geocoder/models/base'
+require 'geocoder/models/mongo_base'
+
+module Geocoder
+  module Model
+    module MongoMapper
+      include Base
+      include MongoBase
+
+      def self.included(base); base.extend(self); end
+
+      private # --------------------------------------------------------------
+
+      def geocoder_file_name;   "mongo_mapper"; end
+      def geocoder_module_name; "MongoMapper"; end
+
+      def geocoder_init(options)
+        super(options)
+        if options[:skip_index] == false
+          ensure_index [[ geocoder_options[:coordinates], Mongo::GEO2D ]],
+            :min => -180, :max => 180 # create 2d index
+        end
+      end
+    end
+  end
+end

data/lib/geocoder/models/mongoid.rb

@@ -0,0 +1,32 @@
+require 'geocoder/models/base'
+require 'geocoder/models/mongo_base'
+
+module Geocoder
+  module Model
+    module Mongoid
+      include Base
+      include MongoBase
+
+      def self.included(base); base.extend(self); end
+
+      private # --------------------------------------------------------------
+
+      def geocoder_file_name;   "mongoid"; end
+      def geocoder_module_name; "Mongoid"; end
+
+      def geocoder_init(options)
+        super(options)
+        if options[:skip_index] == false
+          # create 2d index
+          if defined?(::Mongoid::VERSION) && ::Mongoid::VERSION >= "3"
+            index({ geocoder_options[:coordinates].to_sym => '2d' }, 
+                  {:min => -180, :max => 180})
+          else
+            index [[ geocoder_options[:coordinates], '2d' ]],
+              :min => -180, :max => 180
+          end
+        end
+      end
+    end
+  end
+end

data/lib/geocoder/query.rb

@@ -0,0 +1,125 @@
+module Geocoder
+  class Query
+    attr_accessor :text, :options
+
+    def initialize(text, options = {})
+      self.text = text
+      self.options = options
+    end
+
+    def execute
+      lookup.search(text, options)
+    end
+
+    def to_s
+      text
+    end
+
+    def sanitized_text
+      if coordinates?
+        if text.is_a?(Array)
+          text.join(',')
+        else
+          text.split(/\s*,\s*/).join(',')
+        end
+      else
+        text
+      end
+    end
+
+    ##
+    # Get a Lookup object (which communicates with the remote geocoding API)
+    # appropriate to the Query text.
+    #
+    def lookup
+      if !options[:street_address] and (options[:ip_address] or ip_address?)
+        name = options[:ip_lookup] || Configuration.ip_lookup || Geocoder::Lookup.ip_services.first
+      else
+        name = options[:lookup] || Configuration.lookup || Geocoder::Lookup.street_services.first
+      end
+      Lookup.get(name)
+    end
+
+    def url
+      lookup.query_url(self)
+    end
+
+    ##
+    # Is the Query blank? (ie, should we not bother searching?)
+    # A query is considered blank if its text is nil or empty string AND
+    # no URL parameters are specified.
+    #
+    def blank?
+      !params_given? and (
+        (text.is_a?(Array) and text.compact.size < 2) or
+        text.to_s.match(/\A\s*\z/)
+      )
+    end
+
+    ##
+    # Does the Query text look like an IP address?
+    #
+    # Does not check for actual validity, just the appearance of four
+    # dot-delimited numbers.
+    #
+    def ip_address?
+      IpAddress.new(text).valid? rescue false
+    end
+
+    ##
+    # Is the Query text a loopback or private IP address?
+    #
+    def internal_ip_address?
+      ip_address? && IpAddress.new(text).internal?
+    end
+
+    ##
+    # Is the Query text a loopback IP address?
+    #
+    def loopback_ip_address?
+      ip_address? && IpAddress.new(text).loopback?
+    end
+
+    ##
+    # Is the Query text a private IP address?
+    #
+    def private_ip_address?
+      ip_address? && IpAddress.new(text).private?
+    end
+
+    ##
+    # Does the given string look like latitude/longitude coordinates?
+    #
+    def coordinates?
+      text.is_a?(Array) or (
+        text.is_a?(String) and
+        !!text.to_s.match(/\A-?[0-9\.]+, *-?[0-9\.]+\z/)
+      )
+    end
+
+    ##
+    # Return the latitude/longitude coordinates specified in the query,
+    # or nil if none.
+    #
+    def coordinates
+      sanitized_text.split(',') if coordinates?
+    end
+
+    ##
+    # Should reverse geocoding be performed for this query?
+    #
+    def reverse_geocode?
+      coordinates?
+    end
+
+    def language
+      options[:language]
+    end
+
+    private # ----------------------------------------------------------------
+
+    def params_given?
+      !!(options[:params].is_a?(Hash) and options[:params].keys.size > 0)
+    end
+  end
+end

data/lib/geocoder/railtie.rb

@@ -0,0 +1,26 @@
+require 'geocoder/models/active_record'
+
+module Geocoder
+  if defined? Rails::Railtie
+    require 'rails'
+    class Railtie < Rails::Railtie
+      initializer 'geocoder.insert_into_active_record', before: :load_config_initializers do
+        ActiveSupport.on_load :active_record do
+          Geocoder::Railtie.insert
+        end
+      end
+      rake_tasks do
+        load "tasks/geocoder.rake"
+        load "tasks/maxmind.rake"
+      end
+    end
+  end
+
+  class Railtie
+    def self.insert
+      if defined?(::ActiveRecord)
+        ::ActiveRecord::Base.extend(Model::ActiveRecord)
+      end
+    end
+  end
+end

data/lib/geocoder/request.rb

@@ -0,0 +1,114 @@
+require 'ipaddr'
+
+module Geocoder
+  module Request
+
+    # The location() method is vulnerable to trivial IP spoofing.
+    #   Don't use it in authorization/authentication code, or any
+    #   other security-sensitive application.  Use safe_location
+    #   instead.
+    def location
+      @location ||= Geocoder.search(geocoder_spoofable_ip, ip_address: true).first
+    end
+
+    # This safe_location() protects you from trivial IP spoofing.
+    #   For requests that go through a proxy that you haven't
+    #   whitelisted as trusted in your Rack config, you will get the
+    #   location for the IP of the last untrusted proxy in the chain,
+    #   not the original client IP.  You WILL NOT get the location
+    #   corresponding to the original client IP for any request sent
+    #   through a non-whitelisted proxy.
+    def safe_location
+      @safe_location ||= Geocoder.search(ip, ip_address: true).first
+    end
+
+    # There's a whole zoo of nonstandard headers added by various
+    #   proxy softwares to indicate original client IP.
+    # ANY of these can be trivially spoofed!
+    #   (except REMOTE_ADDR, which should by set by your server,
+    #    and is included at the end as a fallback.
+    # Order does matter: we're following the convention established in
+    #   ActionDispatch::RemoteIp::GetIp::calculate_ip()
+    #   https://github.com/rails/rails/blob/master/actionpack/lib/action_dispatch/middleware/remote_ip.rb
+    #   where the forwarded_for headers, possibly containing lists,
+    #   are arbitrarily preferred over headers expected to contain a
+    #   single address.
+    GEOCODER_CANDIDATE_HEADERS = ['HTTP_X_FORWARDED_FOR',
+                                  'HTTP_X_FORWARDED',
+                                  'HTTP_FORWARDED_FOR',
+                                  'HTTP_FORWARDED',
+                                  'HTTP_X_CLIENT_IP',
+                                  'HTTP_CLIENT_IP',
+                                  'HTTP_X_REAL_IP',
+                                  'HTTP_X_CLUSTER_CLIENT_IP',
+                                  'REMOTE_ADDR']
+
+    def geocoder_spoofable_ip
+
+      # We could use a more sophisticated IP-guessing algorithm here,
+      # in which we'd try to resolve the use of different headers by
+      # different proxies.  The idea is that by comparing IPs repeated
+      # in different headers, you can sometimes decide which header
+      # was used by a proxy further along in the chain, and thus
+      # prefer the headers used earlier.  However, the gains might not
+      # be worth the performance tradeoff, since this method is likely
+      # to be called on every request in a lot of applications.
+      GEOCODER_CANDIDATE_HEADERS.each do |header|
+        if @env.has_key? header
+          addrs = geocoder_split_ip_addresses(@env[header])
+          addrs = geocoder_remove_port_from_addresses(addrs)
+          addrs = geocoder_reject_non_ipv4_addresses(addrs)
+          addrs = geocoder_reject_trusted_ip_addresses(addrs)
+          return addrs.first if addrs.any?
+        end
+      end
+
+      @env['REMOTE_ADDR']
+    end
+
+    private
+
+    def geocoder_split_ip_addresses(ip_addresses)
+      ip_addresses ? ip_addresses.strip.split(/[,\s]+/) : []
+    end
+
+    # use Rack's trusted_proxy?() method to filter out IPs that have
+    #   been configured as trusted; includes private ranges by
+    #   default.  (we don't want every lookup to return the location
+    #   of our own proxy/load balancer)
+    def geocoder_reject_trusted_ip_addresses(ip_addresses)
+      ip_addresses.reject { |ip| trusted_proxy?(ip) }
+    end
+
+    def geocoder_remove_port_from_addresses(ip_addresses)
+      ip_addresses.map do |ip|
+        # IPv4
+        if ip.count('.') > 0
+          ip.split(':').first
+        # IPv6 bracket notation
+        elsif match = ip.match(/\[(\S+)\]/)
+          match.captures.first
+        # IPv6 bare notation
+        else
+          ip
+        end
+      end
+    end
+
+    def geocoder_reject_non_ipv4_addresses(ip_addresses)
+      ips = []
+      for ip in ip_addresses
+        begin
+          valid_ip = IPAddr.new(ip)
+        rescue
+          valid_ip = false
+        end
+        ips << valid_ip.to_s if valid_ip
+      end
+      return ips.any? ? ips : ip_addresses
+    end
+  end
+end
+
+ActionDispatch::Request.__send__(:include, Geocoder::Request) if defined?(ActionDispatch::Request)
+Rack::Request.__send__(:include, Geocoder::Request) if defined?(Rack::Request)