restrack 1.6.1 → 1.6.2

data/README.markdown

@@ -128,7 +128,7 @@ which can be accessed separately through @post_params and @get_params.
 
 
 ## URLs and Controller relationships
-RESTRack enforces a strict URL pattern through the contruct of controller relationships, rather than a routing file.
+RESTRack enforces a strict URL pattern through the construct of controller relationships, rather than a routing file.
 Defining a controller for a resource means that you plan to expose that resource to requests to your service.
 Defining a controller relationship means that you plan to expose a path from this resource to another.
 

data/README.markdown.html

@@ -159,7 +159,7 @@ end
 
 <h2>URLs and Controller relationships</h2>
 
-<p>RESTRack enforces a strict URL pattern through the contruct of controller relationships, rather than a routing file.
+<p>RESTRack enforces a strict URL pattern through the construct of controller relationships, rather than a routing file.
 Defining a controller for a resource means that you plan to expose that resource to requests to your service.
 Defining a controller relationship means that you plan to expose a path from this resource to another.</p>
 

data/lib/restrack/resource_request.rb

@@ -11,6 +11,10 @@ module RESTRack
       @request_id = opts[:request_id] || get_request_id
       # Write input details to logs
       RESTRack.request_log.info "{#{@request_id}} #{@request.request_method} #{@request.path_info} requested from #{@request.ip}"
+      @headers = Rack::Utils::HeaderHash.new
+      @request.env.select {|k,v| k.start_with? 'HTTP_'}.each do |k,v|
+        @headers[k.sub(/^HTTP_/, '')] = v
+      end
     end
 
     def prepare
@@ -28,9 +32,15 @@ module RESTRack
       end
         # Determine MIME type from extension
       @mime_type = get_mime_type_from( extension )
-      
+      # Now safe to raise exceptions
       raise HTTP400BadRequest, "Request path of #{@request.path_info} is invalid" if @request.path_info.include?('//')
 
+      # For CORS support
+      if RESTRack::CONFIG[:CORS]
+        raise HTTP403Forbidden unless RESTRack::CONFIG[:CORS]['Access-Control-Allow-Origin'] == '*' or RESTRack::CONFIG[:CORS]['Access-Control-Allow-Origin'].include?(@headers['Origin'])
+        raise HTTP403Forbidden unless @request.env['REQUEST_METHOD'] == 'OPTIONS' or RESTRack::CONFIG[:CORS]['Access-Control-Allow-Methods'] == '*' or RESTRack::CONFIG[:CORS]['Access-Control-Allow-Methods'].include?(@request.env['REQUEST_METHOD'])
+      end
+
       # Pull input data from POST body
       @post_params = parse_body( @request )
       @get_params = parse_query_string( @request )
@@ -146,4 +156,4 @@ module RESTRack
     end
 
   end # class ResourceRequest
-end # module RESTRack
+end # module RESTRack

data/lib/restrack/response.rb

@@ -1,14 +1,19 @@
 module RESTRack
   class Response
-    attr_reader :status, :content_type, :body, :mime_type
+    attr_reader :status, :content_type, :body, :mime_type, :headers
 
     def initialize(request)
       @request = request
       begin
         @request.prepare
         RESTRack.log.debug "{#{@request.request_id}} Retrieving Output"
-        @body = @request.active_controller.call
-        @status = body.blank? ? 204 : 200
+        if RESTRack::CONFIG[:CORS] and @request.request.env['REQUEST_METHOD'] == 'OPTIONS'
+          @body = ''
+          @status = 200
+        else
+          @body = @request.active_controller.call
+          @status = body.blank? ? 204 : 200
+        end
         RESTRack.log.debug "(#{@request.request_id}) HTTP200OK '#{@request.mime_type.to_s}' response data:\n" + @body.inspect
         RESTRack.request_log.info "(#{@request.request_id}) HTTP200OK"
       rescue Exception => exception
@@ -55,7 +60,13 @@ module RESTRack
     end
 
     def output
-      return [status, {'Content-Type' => content_type}, [package(body)] ]
+      @headers ||= {}
+      @headers['Content-Type'] = content_type
+      if RESTRack::CONFIG[:CORS]
+        @headers['Access-Control-Allow-Origin'] = RESTRack::CONFIG[:CORS]['Access-Control-Allow-Origin'] if RESTRack::CONFIG[:CORS]['Access-Control-Allow-Origin']
+        @headers['Access-Control-Allow-Methods'] = RESTRack::CONFIG[:CORS]['Access-Control-Allow-Methods'] if RESTRack::CONFIG[:CORS]['Access-Control-Allow-Methods']
+      end
+      return [status, headers, [package(body)] ]
     end
 
     private

data/lib/restrack/version.rb

@@ -1,3 +1,3 @@
 module RESTRack
-  VERSION = "1.6.1"
+  VERSION = "1.6.2"
 end

data/test/sample_app_1/config/constants.yaml

@@ -28,6 +28,23 @@
 :SHOW_STACK:              true
 
 # String#encode will be called when this value is set
-#:TRANSCODE:               ISO-8859-1  # UTF-8
+#:TRANSCODE:               ISO-8859-1  #or UTF-8 etc
 # String#force_encoding will be called when this value is set
-#:FORCE_ENCODING:          ISO-8859-1  # UTF-8
+#:FORCE_ENCODING:          ISO-8859-1
+
+# CORS Header configuration
+#   Supported:
+#    - Access-Control-Allow-Origin: http://localhost
+#    - Access-Control-Allow-Methods: POST, GET
+#   List of all:
+#    - Access-Control-Allow-Origin: <origin> | *
+#       e.g. Access-Control-Allow-Origin: http://mozilla.com
+#    - Access-Control-Expose-Headers: X-My-Custom-Header, X-Another-Custom-Header
+#    - Access-Control-Max-Age: <delta-seconds>
+#    - Access-Control-Allow-Credentials: true | false
+#    - Access-Control-Allow-Methods: <method>[, <method>]*
+#       e.g. Access-Control-Allow-Methods: POST, GET
+#    - Access-Control-Allow-Headers: <field-name>[, <field-name>]*
+#:CORS:
+#  Access-Control-Allow-Origin: http://restrack.me
+#  Access-Control-Allow-Methods: POST, GET

data/test/sample_app_1/test/test_cors_jsonp_support.rb

@@ -0,0 +1,91 @@
+require 'rubygems'
+require 'test/unit'
+require 'rack/test'
+require File.expand_path(File.join(File.dirname(__FILE__),'..','loader'))
+require 'pp'
+
+class SampleApp::TestCORSHeaders < Test::Unit::TestCase
+
+  def setup
+    @ws = SampleApp::WebService.new
+  end
+
+  def test_cors_on_allowed_domain
+    RESTRack::CONFIG[:CORS] = {}
+    RESTRack::CONFIG[:CORS]['Access-Control-Allow-Origin'] = 'http://restrack.me'
+    RESTRack::CONFIG[:CORS]['Access-Control-Allow-Methods'] = 'POST, GET'
+    env = Rack::MockRequest.env_for('/foo_bar/144', {
+      :method     => 'GET',
+      'HTTP_Origin'    => 'http://restrack.me'
+    })
+    output = @ws.call(env)
+    expected_status = 200
+    expected_headers =  {
+      "Content-Type" => "application/json",
+      "Access-Control-Allow-Origin"   => "http://restrack.me",
+      "Access-Control-Allow-Methods"  => "POST, GET"
+    }
+    expected_body = { :foo => 'bar', :baz => 123 }.to_json
+    assert_equal expected_status, output[0]
+    assert_equal expected_headers, output[1]
+    assert_equal expected_body, output[2][0]
+  end
+
+  def test_cors_on_disallowed_domain
+    RESTRack::CONFIG[:CORS] = {}
+    RESTRack::CONFIG[:CORS]['Access-Control-Allow-Origin'] = 'http://restrack.me'
+    RESTRack::CONFIG[:CORS]['Access-Control-Allow-Methods'] = 'POST, GET'
+    env = Rack::MockRequest.env_for('/foo_bar/144', {
+      :method           => 'GET',
+      'HTTP_Origin'     => 'http://somehacker.net'
+    })
+    output = @ws.call(env)
+    expected_status = 403
+    expected_headers =  {
+      "Content-Type" => "application/json",
+      "Access-Control-Allow-Origin" => "http://restrack.me",
+      "Access-Control-Allow-Methods" => "POST, GET"
+    }
+    assert_equal expected_status, output[0]
+    assert_equal expected_headers, output[1]
+  end
+
+  def test_cors_on_disallowed_method
+    RESTRack::CONFIG[:CORS] = {}
+    RESTRack::CONFIG[:CORS]['Access-Control-Allow-Origin'] = 'http://restrack.me'
+    RESTRack::CONFIG[:CORS]['Access-Control-Allow-Methods'] = 'POST, GET'
+    env = Rack::MockRequest.env_for('/foo_bar/144', {
+      :method           => 'PUT',
+      'HTTP_Origin'     => 'http://restrack.me'
+    })
+    output = @ws.call(env)
+    expected_status = 403
+    expected_headers =  {
+      "Content-Type" => "application/json",
+      "Access-Control-Allow-Origin" => "http://restrack.me",
+      "Access-Control-Allow-Methods" => "POST, GET"
+    }
+    assert_equal expected_status, output[0]
+    assert_equal expected_headers, output[1]
+  end
+
+  def test_options_request
+    RESTRack::CONFIG[:CORS] = {}
+    RESTRack::CONFIG[:CORS]['Access-Control-Allow-Origin'] = 'http://restrack.me'
+    RESTRack::CONFIG[:CORS]['Access-Control-Allow-Methods'] = 'POST, GET'
+    env = Rack::MockRequest.env_for('/foo_bar/144', {
+      :method           => 'OPTIONS',
+      'HTTP_Origin'     => 'http://restrack.me'
+    })
+    output = @ws.call(env)
+    expected_status = 200
+    expected_headers =  {
+      "Content-Type" => "application/json",
+      "Access-Control-Allow-Origin" => "http://restrack.me",
+      "Access-Control-Allow-Methods" => "POST, GET"
+    }
+    assert_equal expected_status, output[0]
+    assert_equal expected_headers, output[1]
+  end
+
+end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: restrack
 version: !ruby/object:Gem::Version
-  version: 1.6.1
+  version: 1.6.2
   prerelease: 
 platform: ruby
 authors:
@@ -9,7 +9,7 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2012-07-12 00:00:00.000000000 Z
+date: 2012-08-21 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rack
@@ -193,6 +193,7 @@ files:
 - test/sample_app_1/test/test_controller_actions.rb
 - test/sample_app_1/test/test_controller_inputs.rb
 - test/sample_app_1/test/test_controller_modifiers.rb
+- test/sample_app_1/test/test_cors_jsonp_support.rb
 - test/sample_app_1/test/test_errors.rb
 - test/sample_app_1/test/test_formats.rb
 - test/sample_app_1/test/test_resource_request.rb