redirectr 0.1.1 → 1.0.2

checksums.yaml

@@ -1,7 +1,7 @@
 ---
-SHA1:
-  metadata.gz: 2d2e5bda91ce0407fb196a450cf6adf0fc33aba2
-  data.tar.gz: bc3a10bed54b7ff7a3804d2894de0c8cb64d3a2d
+SHA256:
+  metadata.gz: 39a819683a6431c465429c1c8cc26ca69025baf7de9733127ba09c3c871362ef
+  data.tar.gz: e9367fbb4d37863273194b4704f32632689420b7c8118240557f6344290ee71a
 SHA512:
-  metadata.gz: 3f6eba38b0be27a841e24ed82381723befad33f545cd6ac603f8da33e91d582afb7b4d826a7e65032d6f48113cc2c8ddd7c77bb8adab01c24e62694f05b3cbca
-  data.tar.gz: 9bc23622bb0a245bff831d0c7323149e91da3c44c011d8209cf22a90b9c0ae1c9d07d84ad011492bb6a5631423c3aa399be8763fceb2abebc1b745a4066275df
+  metadata.gz: 19cd53b6e4899399ef7a2f3e2a41c138e4b97fc7b981307d2c947422c2f1a739ec8fe39a4d6792597f040901110aad40fbf095622da45ccb245d6a90e577f3b2
+  data.tar.gz: ec84882c583f6c1e2d585f44b489838009633bf2521847f5c3540bf4f8ef705499e97aaeec55ebef1c71143cf8cf92e021598ad5a40292a0381ea15b38bad606

data/MIT-LICENSE

@@ -0,0 +1,20 @@
+Copyright 2020 Willem van Kerkhof
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.md

@@ -0,0 +1,157 @@
+# Redirectr
+
+In many web applications, the user triggers actions that result in simple or complex workflows that should, after that workflow is finished, result in the user being redirected to the page where he initially started it. Another example would be a "back"-Link on any page.
+A simple but completely Un-RESTful way would be to store the "current" page in a cookie each time the user calls an action and redirect to the url stored there if needed.
+
+A much better (and potentially even cacheable) way is to encode the "backlink" URL in an URL parameter or form field and pass it along with every workflow step until the last (or only) action uses it to redirect the user back to where he initially came from.
+
+Redirectr really does nothing more than provide a simple API for exactly that.
+
+Redirectr provides a few Controller and Helper methods that will be included in your ApplicationController and ApplicationHelper, respectively.
+
+## Installation
+
+when Using bundler, just at the following to your Gemfile
+
+    gem 'redirectr'
+
+and then call
+
+    bundle install
+
+## Migrating from 0.1.x to 1.0.0
+
+Please read this section if you are already using an older version of Redirectr in yout project. Otherwise, you may skip it.
+
+Pre-1.0 versions of Redirectr automatically included some view helpers (`hidden_referrer_input_tag`, `link_to_back`). This is no longer the case, so please add the following to your `app/helper/application_helper.rb`:
+
+    module ApplicationHelper
+      include Redirectr::ApplicationHelper
+    end
+
+Please note that methods like `current_path`, `referrer_path` have been removed. Only `current_url`, `referrer_url` exist. Please do also note that the value returned by these methods is not a String containing an URI value anymore. Instead, a Redirectr::ReferrerToken is returned which maps a token to an URI. To get the URI value, call `#to_s` (e.g. when used in a `redirect_to` call). When used as an URL parameter, Rails calls `#to_param` which returns the token.
+
+Summary:
+
+    # pre-1.0.0:
+    referrer_url.inspect # => 'https://example.com/...'
+    redirect_to referrer_url
+    redirect_to back_or_default
+
+    # post-1.0.0:
+    referrer_url.inspect # => '#<Redirectr::ReferrerToken:... @url="..." @token="...">'
+    redirect_to referrer_url.to_s
+    redirect_to back_or_default.to_s
+    # OR, if you mount Redirectr::Engine in your routes
+    redirect_to referrer_url
+    redirect_to back_or_default
+
+    # pre-1.0.0:
+    link_to 'take me back', back_or_default(my_url)
+
+    # post-1.0.0:
+    link_to 'take me back', back_or_default(my_url).to_s
+    # OR, if you mount Redirectr::Engine in your routes
+    link_to 'take me back', back_or_default(my_url)
+
+## Examples
+
+### Contact Form
+
+Suppose you have an application with a contact form that can be reached via a footer link on every page. After submitting the form, the user should be redirected to the page he was before clicking on the "contact form" link.
+
+for the footer link to the contact form:
+
+    <%= link_to 'Contact us!', new_contact_path(referrer_param => current_url) %>
+
+In the 'new contact' view:
+
+    <%= form_for ... do |f| %>
+      <%= hidden_referrer_input_tag %>
+      <!-- ... -->
+    <% end %>
+
+and finally, in the 'create' action of your ContactsController:
+
+    def create
+      # ...
+      redirect_to back_or_default.to_s
+    end
+
+### Custom default_url
+
+The above will redirect the user back to the page specified in the referrer param. However, if you want to provide a custom fallback url per controller in case no referrer param is provided, just define the `#default_url` in your controller:
+
+    class MyController < ApplicationController
+      def default_url
+        if @record
+          my_record_path(@record)
+        else
+          my_record_index_path
+        end
+      end
+    end
+
+### Nesting referrers
+
+Referrer params can be nested, which is helpful if your workflow involves branching into subworkflows. Thus, it is always possible to pass the referrer_param to another url:
+
+    <%= link_to 'go back directly', referrer_or_current_url %>
+    <%= link_to 'add new Foobar before going back', new_foobar_url(:foobar =>  {:name => 'My Foo'}, referrer_param => referrer_or_current_url) %>
+
+NOTE: If your URLs include lots of params, it is very advisable to use Referrer Tokens instead of plain URLs to avoud "URI too long" errors. See next section.
+
+## Unvalidated Redirect Mitigation
+
+Simply redirecting to an URI provided by HTTP params is considered a security vulnerability (see OWASP cheat sheet https://cheatsheetseries.owasp.org/cheatsheets/Unvalidated_Redirects_and_Forwards_Cheat_Sheet.html). Earlier versions of redirectr did not take any potential issues into account, allowing all kinds of phishing attacs.
+
+Redirectr offers three kinds of mitigation, two of them being optional:
+
+* checking the referrer param against a whitelist before performing a redirect (mandatory): by default, the request's host name and port number are allowed and all other hosts are disallowed.
+* encrypting and signing the referrer URL using the Rails secret key base: makes the referrer param absolutely tamper-proof but requires all services to use the same secret_key_base in a multi-service deployment.
+* using random tokens instead of referrer URLs and an token-to-URL lookup service. This leaves you with the additional side effect of also having an URL shortener.
+
+### Using the whitelist
+
+By default, Redirectr checks the protocol, hostname and port of the referrer against the corresponding values of the current request. You may add your own:
+
+    YourApp::Application.configure do
+      config.x.redirectr.whitelist = %w( http://localhost:3000 https://my.host.com )
+    end
+
+### Token instead of URL (URL-shortener)
+
+Instead of using a URL in the referrer token, redirectr can act as an URL shortener that maps random tokens to URLs. This requires a storage_implementation to be defined:
+
+    YourApp::Application.configure do
+      config.x.redirectr.use_referrer_token = true
+      config.x.redirectr.reuse_tokens = true # set to false to generate a new token for each and every link
+      config.x.redirectr.storage_implementation = Redirectr::ReferrerToken::ActiveRecordStorage
+    end
+
+This example requires a table named 'redirectr_referrer_tokens' to be present with two columns: `url` and `token`. To install and apply the required schema migration, run:
+
+    bundle exec rails redirectr:install:migrations
+    bundle exec rails db:migrate
+
+Redirectr::ReferrerToken has two representations: #to_s displays the URL and #to_param its tokenized form. Depending on your config, this can be either a random token, an encrypted URL or the plaintext URL.
+
+## Contributions
+
+Contributions like bugfixes and new ideas are more than welcome. Please just fork this project on github (https://github.com/wvk/redirectr) and send me a pull request with your changes.
+
+Thanks so far to:
+
+* Falk Hoppe for Rails 2.3.x interoperability
+* Dimitar Haralanov for Rails 3.0.x interoperability
+* Raffael Schmid for spotting a typo in the gemspec description ;)
+
+## Changelog
+
+* 1.0.0: Validate Redirect urls against whitelist; Allow Token instead of URL referrer param
+* 0.1.1: deprecate *_path methods; improve Rails 5 compatibility by removing `alias` in view helpers
+* 0.1.0: Use absolute URI instead of path in current_path method
+* 0.0.8: Use ActiveSupport::Concern (Thanks to Dimitar Haralanov)
+* 0.0.7: Add Rails 3.0 compatibility (Thanks to Falk Hoppe)
+
+Copyright (c) 2010 Willem van Kerkhof <wvk@consolving.de>, released under the MIT license

data/Rakefile

@@ -0,0 +1,32 @@
+begin
+  require 'bundler/setup'
+rescue LoadError
+  puts 'You must `gem install bundler` and `bundle install` to run rake tasks'
+end
+
+require 'rdoc/task'
+
+RDoc::Task.new(:rdoc) do |rdoc|
+  rdoc.rdoc_dir = 'rdoc'
+  rdoc.title    = 'Redirectr'
+  rdoc.options << '--line-numbers'
+  rdoc.rdoc_files.include('README.md')
+  rdoc.rdoc_files.include('lib/**/*.rb')
+end
+
+APP_RAKEFILE = File.expand_path("test/dummy/Rakefile", __dir__)
+load 'rails/tasks/engine.rake'
+
+load 'rails/tasks/statistics.rake'
+
+require 'bundler/gem_tasks'
+
+require 'rake/testtask'
+
+Rake::TestTask.new(:test) do |t|
+  t.libs << 'test'
+  t.pattern = 'test/**/*_test.rb'
+  t.verbose = false
+end
+
+task default: :test

data/app/assets/config/redirectr_manifest.js

@@ -0,0 +1,2 @@
+//= link_directory ../javascripts/redirectr .js
+//= link_directory ../stylesheets/redirectr .css

data/app/assets/javascripts/redirectr/application.js

@@ -0,0 +1,13 @@
+// This is a manifest file that'll be compiled into application.js, which will include all the files
+// listed below.
+//
+// Any JavaScript/Coffee file within this directory, lib/assets/javascripts, vendor/assets/javascripts,
+// or any plugin's vendor/assets/javascripts directory can be referenced here using a relative path.
+//
+// It's not advisable to add code directly here, but if you do, it'll appear at the bottom of the
+// compiled file. JavaScript code in this file should be added after the last require_* statement.
+//
+// Read Sprockets README (https://github.com/rails/sprockets#sprockets-directives) for details
+// about supported directives.
+//
+//= require_tree .

data/app/assets/stylesheets/redirectr/application.css

@@ -0,0 +1,15 @@
+/*
+ * This is a manifest file that'll be compiled into application.css, which will include all the files
+ * listed below.
+ *
+ * Any CSS and SCSS file within this directory, lib/assets/stylesheets, vendor/assets/stylesheets,
+ * or any plugin's vendor/assets/stylesheets directory can be referenced here using a relative path.
+ *
+ * You're free to add application-wide styles to this file and they'll appear at the bottom of the
+ * compiled file so the styles you add here take precedence over styles defined in any other CSS/SCSS
+ * files in this directory. Styles in this file should be added after the last require_* statement.
+ * It is generally better to create a new file per style scope.
+ *
+ *= require_tree .
+ *= require_self
+ */

data/app/controllers/redirectr/application_controller.rb

@@ -0,0 +1,5 @@
+module Redirectr
+  class ApplicationController < ActionController::Base
+    protect_from_forgery with: :exception
+  end
+end

data/app/helpers/redirectr/application_helper.rb

@@ -0,0 +1,19 @@
+module Redirectr
+  module ApplicationHelper
+    # Create a link back to the path specified in the referrer-param.
+    # title can be either a text string or anything else like an image.
+    # Remember to call #html_safe on the title argument if it contains
+    # HTML and you are using Rails >=3.
+    def link_to_back(title, options = {})
+      link_to title, back_or_default.to_s, options.merge(rel: 'back')
+    end
+
+    # Create a hidden input field containing the referrer or current path.
+    # Handy for use in forms that are called with a referrer param which
+    # has to be passed on and respected by the form processing action.
+    def hidden_referrer_input_tag(options = {})
+      hidden_field_tag :referrer, referrer_or_current_url.to_param, options
+    end
+
+  end
+end

data/app/jobs/redirectr/application_job.rb

@@ -0,0 +1,4 @@
+module Redirectr
+  class ApplicationJob < ActiveJob::Base
+  end
+end

data/app/models/redirectr/application_record.rb

@@ -0,0 +1,5 @@
+module Redirectr
+  class ApplicationRecord < ActiveRecord::Base
+    self.abstract_class = true
+  end
+end

data/app/views/layouts/redirectr/application.html.erb

@@ -0,0 +1,16 @@
+<!DOCTYPE html>
+<html>
+<head>
+  <title>Redirectr</title>
+  <%= csrf_meta_tags %>
+  <%= csp_meta_tag %>
+
+  <%= stylesheet_link_tag    "redirectr/application", media: "all" %>
+  <%= javascript_include_tag "redirectr/application" %>
+</head>
+<body>
+
+<%= yield %>
+
+</body>
+</html>

data/config/routes.rb

@@ -0,0 +1,5 @@
+Redirectr::Engine.routes.draw do
+
+  #resources :referrer_tokens # for future use as URL shortener
+
+end

data/db/migrate/20201120110532_create_redirectr_referrer_tokens.rb

@@ -0,0 +1,10 @@
+class CreateRedirectrReferrerTokens < ActiveRecord::Migration[6.0]
+  def change
+    create_table :redirectr_referrer_tokens do |t|
+      t.string :url,   index: true
+      t.string :token, unique: true
+
+      t.timestamps
+    end
+  end
+end

data/lib/redirectr/engine.rb

@@ -0,0 +1,5 @@
+module Redirectr
+  class Engine < ::Rails::Engine
+    #isolate_namespace Redirectr
+  end
+end

data/lib/redirectr/version.rb

@@ -0,0 +1,3 @@
+module Redirectr
+  VERSION = '1.0.2'
+end

data/lib/redirectr.rb

@@ -1,16 +1,160 @@
+require 'redirectr/engine'
+require 'securerandom'
+
+def ReferrerToken(url, token=nil)
+  case url
+  when Redirectr::ReferrerToken
+    url
+  when nil
+    nil
+  else
+    Redirectr::ReferrerToken.new(url, token).tap do |rt|
+      #puts "Token for #{url}: #{rt.token}"
+      rt.save
+    end
+  end
+end
+
+$referrer_lookup ||= {}
 
 module Redirectr
   REFERRER_PARAM_NAME = :referrer
 
+  class UrlNotInWhitelist < ArgumentError
+  end
+
+  class InvalidReferrerToken < ArgumentError
+  end
+
+  def self.config
+    Rails.configuration.x.redirectr
+  end
+
+  class ReferrerToken
+    extend ActiveModel::Naming
+
+    # this is a stora implementation for activerecord-
+    class ActiveRecordStorage < ActiveRecord::Base
+      validates_presence_of :url, :token
+
+      self.table_name = :redirectr_referrer_tokens
+
+      class << self
+        def store(record)
+          self.find_or_create_by url: record.url, token: record.token
+          record.url
+        end
+
+        def fetch(token)
+          url = self.find_by(token: token)&.url
+          ReferrerToken(url) if url
+        end
+
+        def token_for_url(url)
+          self.find_by(url: url)&.token
+        end
+      end
+    end
+
+    class GlobalVarStorage
+      extend ActiveModel::Naming
+
+      def persisted?
+        false
+      end
+
+      class << self
+        def store(record)
+          $referrer_lookup[record.token] = record.url
+        end
+
+        def fetch(token)
+          ReferrerToken($referrer_lookup[token])
+        end
+
+        def token_for_url(url)
+          $referrer_lookup.key(url)
+        end
+      end
+    end
+
+    attr_reader :url, :token
+
+    def initialize(url, token=nil)
+      @url   = url
+      @token = token
+
+      if Redirectr.config.use_referrer_token
+        if Redirectr.config.storage_implementation.nil?
+          raise "Missing storage implementation for referrer tokens! please define config.x.redirectr.storage_implementation"
+        end
+
+        if Redirectr.config.reuse_tokens
+          @token ||= Redirectr.config.storage_implementation.token_for_url(url)
+        end
+        @token ||= SecureRandom.hex(16)
+      elsif Redirectr.config.encrypt_referrer
+        @token ||= self.class.cryptr.encrypt_and_sign url
+      else
+        @token ||= url
+      end
+    end
+
+    def to_param
+      @token
+    end
+
+    def to_model
+      self
+    end
+
+    def to_s
+      @url
+    end
+
+    def persisted?
+      true
+    end
+
+    def save
+      if Redirectr.config.use_referrer_token
+        Redirectr.config.storage_implementation.store self
+      end
+    end
+
+    def self.from_param(param)
+      if Redirectr.config.encrypt_referrer
+        ReferrerToken.new self.class.cryptr.decrypt_and_verify param
+      elsif Redirectr.config.use_referrer_token
+        self.lookup(param)
+      else
+        ReferrerToken.new param
+      end
+    end
+
+    def self.lookup(token)
+      Redirectr.config.storage_implementation.fetch token
+    end
+
+    private
+
+    def self.cryptr
+      @cryptr ||= ActiveSupport::MessageEncryptor.new(Rails.application.secrets.secret_key_base)
+    end
+  end
+
+
   module ControllerMethods
     extend ActiveSupport::Concern
 
     included do
-      helper_method :current_path, :current_url,
-                    :referrer_or_current_path, :referrer_or_current_url,
+      helper_method :current_url,
+                    :referrer_or_current_url,
                     :back_or_default,
-                    :referrer_path, :referrer_url,
-                    :referrer_param
+                    :referrer_url,
+                    :referrer_param,
+                    :redirectr_referrer_token_url,
+                    :redirectr_referrer_token_path
     end
 
     module ClassMethods
@@ -24,67 +168,64 @@ module Redirectr
       #   end
       #
       def use_referrer_param_name(new_name)
-        const_set Redirectr::REFERRER_PARAM_NAME, new_name.to_sym
+        Redirectr.remove_constant :REFERRER_PARAM_NAME
+        Redirectr.const_set :REFERRER_PARAM_NAME, new_name.to_sym
       end
     end
 
+    def redirectr_referrer_token_url(rt)
+      rt.to_s
+    end
+
+    def redirectr_referrer_token_path(rt)
+      rt.to_s
+    end
 
     # Return the name of the parameter used to pass the referrer path.
     # Use this instead of the real param name in creating your own links
     # to allow easily changing the name later
     # Example:
     #
-    #  <%= link_to my_messages_path :filter_by => 'date', referrer_param => current_path %>
+    #  <%= link_to my_messages_url :filter_by => 'date', referrer_param => current_url %>
     #
     def referrer_param
       Redirectr::REFERRER_PARAM_NAME
     end
 
     # Return the complete URL of the current request.
-    # Note that this path does include ALL query parameters and the host name,
+    # Note that this does include ALL query parameters and the host name,
     # thus allowing you to navigate back and forth between different hosts. If you
     # want the pre-0.1.0 behaviour back, just overwrite this method
     # in your controller so it returns "request.env['PATH_INFO']".
     # Example:
     #
-    #  <%= link_to my_messages_path referrer_param => current_path %>
+    #  <%= link_to my_messages_url referrer_param => current_url %>
     #
     def current_url
-#       request.env['PATH_INFO'] # old behaviour
       if request.respond_to? :url # for rack >= 2.0.0
-        request.url
+        ReferrerToken(request.url)
       elsif request.respond_to? :original_url # for rails >= 4.0.0
-        request.original_url
+        ReferrerToken(request.original_url)
       else
-        request.env['REQUEST_URI']
+        ReferrerToken(request.env['REQUEST_URI'])
       end
     end
 
-    # deprecated
-    def current_path
-      current_url
-    end
-
     # Return the referrer or the current path, it the former is not set.
     # Useful in cases where there might be a redirect path that has to be
     # taken note of but in case it is not present, the current path will be
     # redirected back to.
     # Example:
     #
-    #  <%= link_to my_messages_path referrer_param => referrer_or_current_path %>
+    #  <%= link_to my_messages_url referrer_param => referrer_or_current_url %>
     #
     def referrer_or_current_url
-      referrer_path.blank? ? current_url : referrer_url
-    end
-
-    # deprecated
-    def referrer_or_current_path
-      referrer_or_current_url
+      referrer_url.blank? ? current_url : referrer_url
     end
 
     # Used in back links, referrer based redirection after actions etc.
     # Accepts a default redirect path in case no param[referrer_param]
-    # is set, default being root_path.
+    # is set, default being root_url.
     # To set an own default path (per controller), you can overwrite
     # the default_url method (see below).
     # Example:
@@ -92,12 +233,12 @@ module Redirectr
     #   class MyController
     #     def create
     #       @my = My.create(...)
-    #       redirect_to back_or_default(my_path)
+    #       redirect_to back_or_default(my_url)
     #     end
     #   end
     #
-    # The above example will redirect to the referrer_path if it is defined, otherwise
-    # it will redirect to the my_path
+    # The above example will redirect to the referrer_url if it is defined, otherwise
+    # it will redirect to the my_url
     #
     # Example:
     #
@@ -108,57 +249,72 @@ module Redirectr
     #     end
     #   end
     #
-    # The above example will redirect to the referrer_path if it is defined, otherwise
-    # it will redirect to the root_path of the application.
+    # The above example will redirect to the referrer_url if it is defined, otherwise
+    # it will redirect to the root_url of the application.
     def back_or_default(default = nil)
-      unless referrer_path.blank?
-        referrer_path
+      if self.referrer_url.present?
+        self.referrer_url
       else
-        default || default_url
+        case default
+        when nil
+          ReferrerToken(self.default_url)
+        when String
+          ReferrerToken(default)
+        else
+          ReferrerToken(url_for(default))
+        end
       end
     end
 
     # to be overwritten by your controllers
     def default_url
-      root_path
+      root_url
     end
 
-    # deprecated
-    def default_path
-      default_url
-    end
-
-    # Convenience method for params[referrer_param]
+    # reads referrer_param from HTTP params and validates it against the whitelist
     def referrer_url
-      params[referrer_param]
-    end
+      return nil if params[referrer_param].blank?
 
-    # deprecated
-    def referrer_path
-      referrer_url
+      referrer_token = ReferrerToken.from_param params[referrer_param]
+      raise Redirectr::InvalidReferrerToken, "no URL matches given token value #{params[referrer_param]}" if referrer_token.blank?
+
+      parsed_url = URI.parse referrer_token.to_s
+      if parsed_url.absolute? and in_whitelist? parsed_url
+        referrer_token
+      elsif parsed_url.relative?
+        referrer_token
+      else
+        raise Redirectr::UrlNotInWhitelist, "#{parsed_url.inspect} - #{redirect_whitelist.inspect}"
+      end
     end
-  end
 
-  module Helpers
-    extend ActiveSupport::Concern
+    def redirect_to_with_whitelist(redirect_url)
+      case redirect_url
+      when nil
+        raise 'Cannot redirect to nil'
+      when String
+        parsed_url = URI.parse(redirect_url)
+        if parsed_url.relative? or in_whitelist? parsed_url
+          redirect_to parsed_url
+        else
+          raise Redirectr::UrlNotInWhitelist, "#{parsed_url.inspect} - #{redirect_whitelist.inspect}"
+        end
+      else
+        redirect_to default
+      end
+    end
 
-    # Create a link back to the path specified in the referrer-param.
-    # title can be either a text string or anything else like an image.
-    # Remember to call #html_safe on the title argument if it contains
-    # HTML and you are using Rails 3.
-    def link_to_back(title, options = {})
-      link_to title, back_or_default, options
+    def in_whitelist?(parsed_url)
+      redirect_whitelist.find {|url| parsed_url.host == url.host and parsed_url.port == url.port }
     end
 
-    # Create a hidden input field containing the referrer or current path.
-    # Handy for use in forms that are called with a referrer param which
-    # has to be passed on and respected by the form processing action.
-    def hidden_referrer_input_tag(options = {})
-      hidden_field_tag :referrer, referrer_or_current_url, options
+    def redirect_whitelist
+      @redirect_whitelist ||= [URI.parse(self.current_url.to_s)] +
+          Array(Redirectr.config.whitelist).map {|url| URI.parse url.to_s }
     end
-  end # module Helpers
+  end
+
 end # module Redirectr
 
 ActionController::Base.send :include, Redirectr::ControllerMethods
-ActionView::Helpers.send :include, Redirectr::Helpers
-ActionView::Base.send :include, Redirectr::Helpers
+

data/lib/tasks/redirectr_tasks.rake

@@ -0,0 +1,4 @@
+# desc "Explaining what the task does"
+# task :redirectr do
+#   # Task goes here
+# end

metadata

@@ -1,26 +1,71 @@
 --- !ruby/object:Gem::Specification
 name: redirectr
 version: !ruby/object:Gem::Version
-  version: 0.1.1
+  version: 1.0.2
 platform: ruby
 authors:
 - Willem van Kerkhof
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2017-10-18 00:00:00.000000000 Z
-dependencies: []
+date: 2022-09-13 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: rails
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '5.2'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '5.2'
+- !ruby/object:Gem::Dependency
+  name: sqlite3
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
 description: Provides Rails-helper methods for referrer-style backlinks and setting
   redirect URLs after form submission
-email: wvk@consolving.de
+email:
+- wvk@consolving.de
 executables: []
 extensions: []
 extra_rdoc_files: []
 files:
-- README
+- MIT-LICENSE
+- README.md
+- Rakefile
+- app/assets/config/redirectr_manifest.js
+- app/assets/javascripts/redirectr/application.js
+- app/assets/stylesheets/redirectr/application.css
+- app/controllers/redirectr/application_controller.rb
+- app/helpers/redirectr/application_helper.rb
+- app/jobs/redirectr/application_job.rb
+- app/models/redirectr/application_record.rb
+- app/views/layouts/redirectr/application.html.erb
+- config/routes.rb
+- db/migrate/20201120110532_create_redirectr_referrer_tokens.rb
 - lib/redirectr.rb
+- lib/redirectr/engine.rb
+- lib/redirectr/version.rb
+- lib/tasks/redirectr_tasks.rake
 homepage: http://github.com/wvk/redirectr
-licenses: []
+licenses:
+- MIT
 metadata: {}
 post_install_message: 
 rdoc_options: []
@@ -37,9 +82,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubyforge_project: 
-rubygems_version: 2.5.2.1
+rubygems_version: 3.2.27
 signing_key: 
 specification_version: 4
-summary: Provides Rails helper methods for referrer-style backlinks
+summary: Rails referrer-URL handling done right
 test_files: []

data/README

@@ -1,86 +0,0 @@
-h1. Redirectr
-
-In many web applications, the user triggers actions that result in simple or complex workflows that should, after that workflow is finished, result in the user being redirected to the page where he initially started it. Another example would be a "back"-Link on any page.
-A simple but completely Un-RESTful way would be to store the "current" page in a cookie each time the user calls an action and redirect to the url stored there if needed.
-
-A much better (and potentially even cacheable) way is to encode the "backlink" URL in an URL parameter or form field and pass it along with every workflow step until the last (or only) action uses it to redirect the user back to where he initially came from.
-
-Redirectr really does nothing more than provide a simple API for exactly that.
-
-Redirectr provides a few Controller and Helper methods that will be included in your ApplicationController and ApplicationHelper, respectively.
-
-h2. Installation
-
-when Using bundler, just at the following to your Gemfile
-
-    gem 'redirectr'
-
-and then call
-
-    bundle install
-
-h2. Examples
-
-h3. Contact Form
-
-Suppose you have an application with a contact form that can be reached via a footer link on every page. After submitting the form, the user should be redirected to the page he was before clicking on the "contact form" link.
-
-for the footer link to the contact form:
-
-    <%= link_to 'Contact us!', new_contact_path(referrer_param => current_url) %>
-
-In the 'new contact' view:
-
-    <%= form_for ... do |f| %>
-      <%= hidden_referrer_input_tag %>
-      <!-- ... -->
-    <% end %>
-
-and finally, in the 'create' action of your ContactsController:
-
-    def create
-      # ...
-      redirect_to back_or_default
-    end
-
-h3. Custom default_url
-
-The above will redirect the user back to the page specified in the referrer param. However, if you want to provide a custom fallback url per controller in case no referrer param is provided, just define the `#default_url` in your controller:
-
-    class MyController < ApplicationController
-      def default_url
-        if @record
-          my_record_path(@record)
-        else
-          my_record_index_path
-        end
-      end
-    end
-
-h3. Nesting referrers
-
-Referrer params can be nested, which is helpful if your workflow involves branching into subworkflows. Thus, it is always possible to pass the referrer_param to another url:
-
-    <%= link_to 'go back directly', referrer_or_current_url %>
-    <%= link_to 'add new Foobar before going back', new_foobar_url(:foobar =>  {:name => 'My Foo'}, referrer_param => referrer_or_current_url) %>
-
-for more detailed examples, see the Rdoc documentation.
-
-h2. Contributions
-
-Contributions like bugfixes and new ideas are more than welcome. Please just fork this project on github (https://github.com/wvk/redirectr) and send me a pull request with your changes.
-
-Thanks so far to:
-
-* Falk Hoppe for Rails 2.3.x interoperability
-* Dimitar Haralanov for Rails 3.0.x interoperability
-* Raffael Schmid for spotting a typo in the gemspec description ;)
-
-## Changelog
-
-0.1.1: deprecate *_path methods; improve Rails 5 compatibility by removing `alias` in view helpers
-0.1.0: Use absolute URI instead of path in current_path method
-0.0.8: Use ActiveSupport::Concern (Thanks to Dimitar Haralanov)
-0.0.7: Add Rails 3.0 compatibility (Thanks to Falk Hoppe)
-
-Copyright (c) 2010 Willem van Kerkhof <wvk@consolving.de>, released under the MIT license