secure_routes 0.0.1

data/.rspec

@@ -0,0 +1,2 @@
+--colour
+--format documentation

data/Gemfile

@@ -0,0 +1,11 @@
+source "http://rubygems.org"
+
+gem "rails"
+
+group :development, :test do
+  gem "sqlite3-ruby", :require => "sqlite3"
+
+  gem "rspec-rails"
+  gem "jeweler"
+  gem "mongrel"
+end

data/Gemfile.lock

@@ -0,0 +1,106 @@
+GEM
+  remote: http://rubygems.org/
+  specs:
+    abstract (1.0.0)
+    actionmailer (3.0.4)
+      actionpack (= 3.0.4)
+      mail (~> 2.2.15)
+    actionpack (3.0.4)
+      activemodel (= 3.0.4)
+      activesupport (= 3.0.4)
+      builder (~> 2.1.2)
+      erubis (~> 2.6.6)
+      i18n (~> 0.4)
+      rack (~> 1.2.1)
+      rack-mount (~> 0.6.13)
+      rack-test (~> 0.5.7)
+      tzinfo (~> 0.3.23)
+    activemodel (3.0.4)
+      activesupport (= 3.0.4)
+      builder (~> 2.1.2)
+      i18n (~> 0.4)
+    activerecord (3.0.4)
+      activemodel (= 3.0.4)
+      activesupport (= 3.0.4)
+      arel (~> 2.0.2)
+      tzinfo (~> 0.3.23)
+    activeresource (3.0.4)
+      activemodel (= 3.0.4)
+      activesupport (= 3.0.4)
+    activesupport (3.0.4)
+    arel (2.0.8)
+    builder (2.1.2)
+    cgi_multipart_eof_fix (2.5.0)
+    daemons (1.1.0)
+    diff-lcs (1.1.2)
+    erubis (2.6.6)
+      abstract (>= 1.0.0)
+    fastthread (1.0.7)
+    gem_plugin (0.2.3)
+    git (1.2.5)
+    i18n (0.5.0)
+    jeweler (1.5.2)
+      bundler (~> 1.0.0)
+      git (>= 1.2.5)
+      rake
+    mail (2.2.15)
+      activesupport (>= 2.3.6)
+      i18n (>= 0.4.0)
+      mime-types (~> 1.16)
+      treetop (~> 1.4.8)
+    mime-types (1.16)
+    mongrel (1.1.5)
+      cgi_multipart_eof_fix (>= 2.4)
+      daemons (>= 1.0.3)
+      fastthread (>= 1.0.1)
+      gem_plugin (>= 0.2.3)
+    polyglot (0.3.1)
+    rack (1.2.1)
+    rack-mount (0.6.13)
+      rack (>= 1.0.0)
+    rack-test (0.5.7)
+      rack (>= 1.0)
+    rails (3.0.4)
+      actionmailer (= 3.0.4)
+      actionpack (= 3.0.4)
+      activerecord (= 3.0.4)
+      activeresource (= 3.0.4)
+      activesupport (= 3.0.4)
+      bundler (~> 1.0)
+      railties (= 3.0.4)
+    railties (3.0.4)
+      actionpack (= 3.0.4)
+      activesupport (= 3.0.4)
+      rake (>= 0.8.7)
+      thor (~> 0.14.4)
+    rake (0.8.7)
+    rspec (2.5.0)
+      rspec-core (~> 2.5.0)
+      rspec-expectations (~> 2.5.0)
+      rspec-mocks (~> 2.5.0)
+    rspec-core (2.5.1)
+    rspec-expectations (2.5.0)
+      diff-lcs (~> 1.1.2)
+    rspec-mocks (2.5.0)
+    rspec-rails (2.5.0)
+      actionpack (~> 3.0)
+      activesupport (~> 3.0)
+      railties (~> 3.0)
+      rspec (~> 2.5.0)
+    sqlite3 (1.3.3)
+    sqlite3-ruby (1.3.3)
+      sqlite3 (>= 1.3.3)
+    thor (0.14.6)
+    treetop (1.4.9)
+      polyglot (>= 0.3.1)
+    tzinfo (0.3.24)
+
+PLATFORMS
+  ruby
+
+DEPENDENCIES
+  jeweler
+  mongrel
+  rails
+  rspec-rails
+  sqlite3-ruby

data/MIT-LICENSE

@@ -0,0 +1,20 @@
+Copyright 2011 YOURNAME
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.rdoc

@@ -0,0 +1,36 @@
+= SecureRoutes
+
+== Warning! Proof of concept.
+
+Secure routes is routing-level support for ssl in your rails 3 application.
+
+== Installation
+
+To install simply add this to your Gemfile:
+  gem 'secure_routes'
+
+Then you need to enable secure routing in your environment config:
+  config.action_dispatch.secure_routes = true
+
+== Usage
+
+If you want your action to force https protocol, add this to routes:
+  match 'login' => 'sessions#new', :secure => true
+
+Or
+  scope :secure => true do
+    match 'login' => 'sessions#new'
+  end
+
+And if you'll try to access http://host.com/login then you'll be redirected to https://host.com/login
+
+To force http protocol, just set <tt>:secure => false</tt>. Redirection rules works here too.
+If protocol is unnesesary - don't set <tt>:secure</tt> option.
+
+You can setup secure actions usage with:
+  config.action_dispatch.secure_routes = true
+
+in your environment. It is <tt>false</tt> by default. So you can use securing for production only.
+
+To spec it just clone repo, then:
+  bundle && rake spec

data/Rakefile

@@ -0,0 +1,37 @@
+# encoding: UTF-8
+require 'rubygems'
+begin
+  require 'bundler/setup'
+rescue LoadError
+  puts 'You must `gem install bundler` and `bundle install` to run rake tasks'
+end
+
+require 'rake'
+require 'rake/rdoctask'
+
+require 'rspec/core'
+require 'rspec/core/rake_task'
+
+RSpec::Core::RakeTask.new(:spec)
+
+task :default => :spec
+
+Rake::RDocTask.new(:rdoc) do |rdoc|
+  rdoc.rdoc_dir = 'rdoc'
+  rdoc.title    = 'SecureRoutes'
+  rdoc.options << '--line-numbers' << '--inline-source'
+  rdoc.rdoc_files.include('README.rdoc')
+  rdoc.rdoc_files.include('lib/**/*.rb')
+end
+
+require 'jeweler'
+
+Jeweler::Tasks.new do |gem|
+  gem.name = "secure_routes"
+  gem.summary = %Q{Rails ssl requirements}
+  gem.description = %Q{Routing-level ssl support for ruby application actions}
+  gem.email = "kinwizard@gmail.com"
+  gem.homepage = "http://github.com/pyromaniac/secure_routes"
+  gem.authors = ["pyromaniac"]
+end
+Jeweler::GemcutterTasks.new

data/VERSION

@@ -0,0 +1 @@
+0.0.1

data/lib/secure_routes.rb

@@ -0,0 +1,7 @@
+module SecureRoutes
+end
+
+require 'secure_routes/options'
+require 'secure_routes/mapper'
+require 'secure_routes/route_set'
+

data/lib/secure_routes/mapper.rb

@@ -0,0 +1,32 @@
+module SecureRoutes
+  module Mapper
+
+    def self.included base
+      base.class_eval do
+        alias_method_chain :match, :secure
+      end
+    end
+
+    def match_with_secure path, options
+      if Rails.application.config.action_dispatch.secure_routes
+        options_ssl = options[:secure]
+        options_without_ssl = options.dup
+        options_without_ssl.delete(:as)
+
+        ssl = @scope[:secure] === true || options_ssl === true
+        no_ssl = @scope[:secure] === false || options_ssl === false
+        options.deep_merge! :constraints => { :protocol => 'https://' } if ssl
+        options.deep_merge! :constraints => { :protocol => 'http://' } if no_ssl
+
+        match_without_secure path, options
+
+        match_without_secure path, options_without_ssl.merge(:to => redirect {|p, req| req.url.gsub(/^http/, 'https') }) if ssl
+        match_without_secure path, options_without_ssl.merge(:to => redirect {|p, req| req.url.gsub(/^https/, 'http') }) if no_ssl
+      else
+        match_without_secure path, options
+      end
+    end
+  end
+end
+
+ActionDispatch::Routing::Mapper::Base.send :include, SecureRoutes::Mapper

data/lib/secure_routes/options.rb

@@ -0,0 +1,13 @@
+module SecureRoutes
+  module Options
+
+    def self.included base
+      base.class_eval do
+        config.action_dispatch.secure_routes = false
+      end
+    end
+
+  end
+end
+
+ActionDispatch::Railtie.send :include, SecureRoutes::Options

data/lib/secure_routes/route_set.rb

@@ -0,0 +1,22 @@
+module SecureRoutes
+  module RouteSet
+
+    def self.included base
+      base.class_eval do
+        alias_method_chain :url_for, :secure
+      end
+    end
+
+    def url_for_with_secure options
+      if Rails.application.config.action_dispatch.secure_routes
+        options[:only_path] = false if (options[:secure] === true && options[:protocol] == 'http://') || (options[:secure] === false && options[:protocol] == 'https://')
+        options[:protocol] = 'http://' if options[:secure] === false
+        options[:protocol] = 'https://' if options[:secure] === true
+      end
+      url_for_without_secure options
+    end
+
+  end
+end
+
+ActionDispatch::Routing::RouteSet.send :include, SecureRoutes::RouteSet

data/secure_routes.gemspec

@@ -0,0 +1,101 @@
+# Generated by jeweler
+# DO NOT EDIT THIS FILE DIRECTLY
+# Instead, edit Jeweler::Tasks in Rakefile, and run 'rake gemspec'
+# -*- encoding: utf-8 -*-
+
+Gem::Specification.new do |s|
+  s.name = %q{secure_routes}
+  s.version = "0.0.1"
+
+  s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
+  s.authors = ["pyromaniac"]
+  s.date = %q{2011-02-10}
+  s.description = %q{Routing-level ssl support for ruby application actions}
+  s.email = %q{kinwizard@gmail.com}
+  s.extra_rdoc_files = [
+    "README.rdoc"
+  ]
+  s.files = [
+    ".rspec",
+    "Gemfile",
+    "Gemfile.lock",
+    "MIT-LICENSE",
+    "README.rdoc",
+    "Rakefile",
+    "VERSION",
+    "lib/secure_routes.rb",
+    "lib/secure_routes/mapper.rb",
+    "lib/secure_routes/options.rb",
+    "lib/secure_routes/route_set.rb",
+    "secure_routes.gemspec",
+    "spec/dummy/Rakefile",
+    "spec/dummy/app/controllers/application_controller.rb",
+    "spec/dummy/app/controllers/ssl_controller.rb",
+    "spec/dummy/app/views/layouts/application.html.erb",
+    "spec/dummy/app/views/ssl/action.html.erb",
+    "spec/dummy/config.ru",
+    "spec/dummy/config/application.rb",
+    "spec/dummy/config/boot.rb",
+    "spec/dummy/config/database.yml",
+    "spec/dummy/config/environment.rb",
+    "spec/dummy/config/environments/development.rb",
+    "spec/dummy/config/environments/production.rb",
+    "spec/dummy/config/environments/test.rb",
+    "spec/dummy/config/initializers/backtrace_silencers.rb",
+    "spec/dummy/config/initializers/inflections.rb",
+    "spec/dummy/config/initializers/mime_types.rb",
+    "spec/dummy/config/initializers/secret_token.rb",
+    "spec/dummy/config/initializers/session_store.rb",
+    "spec/dummy/config/routes.rb",
+    "spec/dummy/script/rails",
+    "spec/secure_routes_spec.rb",
+    "spec/spec_helper.rb"
+  ]
+  s.homepage = %q{http://github.com/pyromaniac/secure_routes}
+  s.require_paths = ["lib"]
+  s.rubygems_version = %q{1.4.2}
+  s.summary = %q{Rails ssl requirements}
+  s.test_files = [
+    "spec/dummy/app/controllers/application_controller.rb",
+    "spec/dummy/app/controllers/ssl_controller.rb",
+    "spec/dummy/config/application.rb",
+    "spec/dummy/config/boot.rb",
+    "spec/dummy/config/environment.rb",
+    "spec/dummy/config/environments/development.rb",
+    "spec/dummy/config/environments/production.rb",
+    "spec/dummy/config/environments/test.rb",
+    "spec/dummy/config/initializers/backtrace_silencers.rb",
+    "spec/dummy/config/initializers/inflections.rb",
+    "spec/dummy/config/initializers/mime_types.rb",
+    "spec/dummy/config/initializers/secret_token.rb",
+    "spec/dummy/config/initializers/session_store.rb",
+    "spec/dummy/config/routes.rb",
+    "spec/secure_routes_spec.rb",
+    "spec/spec_helper.rb"
+  ]
+
+  if s.respond_to? :specification_version then
+    s.specification_version = 3
+
+    if Gem::Version.new(Gem::VERSION) >= Gem::Version.new('1.2.0') then
+      s.add_runtime_dependency(%q<rails>, [">= 0"])
+      s.add_development_dependency(%q<sqlite3-ruby>, [">= 0"])
+      s.add_development_dependency(%q<rspec-rails>, [">= 0"])
+      s.add_development_dependency(%q<jeweler>, [">= 0"])
+      s.add_development_dependency(%q<mongrel>, [">= 0"])
+    else
+      s.add_dependency(%q<rails>, [">= 0"])
+      s.add_dependency(%q<sqlite3-ruby>, [">= 0"])
+      s.add_dependency(%q<rspec-rails>, [">= 0"])
+      s.add_dependency(%q<jeweler>, [">= 0"])
+      s.add_dependency(%q<mongrel>, [">= 0"])
+    end
+  else
+    s.add_dependency(%q<rails>, [">= 0"])
+    s.add_dependency(%q<sqlite3-ruby>, [">= 0"])
+    s.add_dependency(%q<rspec-rails>, [">= 0"])
+    s.add_dependency(%q<jeweler>, [">= 0"])
+    s.add_dependency(%q<mongrel>, [">= 0"])
+  end
+end
+

data/spec/dummy/Rakefile

@@ -0,0 +1,7 @@
+# Add your own tasks in files placed in lib/tasks ending in .rake,
+# for example lib/tasks/capistrano.rake, and they will automatically be available to Rake.
+
+require File.expand_path('../config/application', __FILE__)
+require 'rake'
+
+Dummy::Application.load_tasks

data/spec/dummy/app/controllers/application_controller.rb

@@ -0,0 +1,3 @@
+class ApplicationController < ActionController::Base
+  protect_from_forgery
+end

data/spec/dummy/app/controllers/ssl_controller.rb

@@ -0,0 +1,15 @@
+class SslController < ApplicationController
+
+  def ssl_action
+    render 'action'
+  end
+
+  def action
+    render 'action'
+  end
+
+  def no_ssl_action
+    render 'action'
+  end
+
+end

data/spec/dummy/app/views/layouts/application.html.erb

@@ -0,0 +1 @@
+<%= yield %>

data/spec/dummy/app/views/ssl/action.html.erb

@@ -0,0 +1,6 @@
+<%= ssl_action_path %>
+<%= action_path %>
+<%= no_ssl_action_path %>
+<%= ssl_action_url %>
+<%= action_url %>
+<%= no_ssl_action_url %>

data/spec/dummy/config.ru

@@ -0,0 +1,4 @@
+# This file is used by Rack-based servers to start the application.
+
+require ::File.expand_path('../config/environment',  __FILE__)
+run Dummy::Application

data/spec/dummy/config/application.rb

@@ -0,0 +1,45 @@
+require File.expand_path('../boot', __FILE__)
+
+require "active_model/railtie"
+require "active_record/railtie"
+require "action_controller/railtie"
+require "action_view/railtie"
+require "action_mailer/railtie"
+
+Bundler.require
+require "secure_routes"
+
+module Dummy
+  class Application < Rails::Application
+    # Settings in config/environments/* take precedence over those specified here.
+    # Application configuration should go into files in config/initializers
+    # -- all .rb files in that directory are automatically loaded.
+
+    # Custom directories with classes and modules you want to be autoloadable.
+    # config.autoload_paths += %W(#{config.root}/extras)
+
+    # Only load the plugins named here, in the order given (default is alphabetical).
+    # :all can be used as a placeholder for all plugins not explicitly named.
+    # config.plugins = [ :exception_notification, :ssl_requirement, :all ]
+
+    # Activate observers that should always be running.
+    # config.active_record.observers = :cacher, :garbage_collector, :forum_observer
+
+    # Set Time.zone default to the specified zone and make Active Record auto-convert to this zone.
+    # Run "rake -D time" for a list of tasks for finding time zone names. Default is UTC.
+    # config.time_zone = 'Central Time (US & Canada)'
+
+    # The default locale is :en and all translations from config/locales/*.rb,yml are auto loaded.
+    # config.i18n.load_path += Dir[Rails.root.join('my', 'locales', '*.{rb,yml}').to_s]
+    # config.i18n.default_locale = :de
+
+    # JavaScript files you want as :defaults (application.js is always included).
+    # config.action_view.javascript_expansions[:defaults] = %w(jquery rails)
+
+    # Configure the default encoding used in templates for Ruby 1.9.
+    config.encoding = "utf-8"
+
+    # Configure sensitive parameters which will be filtered from the log file.
+    config.filter_parameters += [:password]
+  end
+end

data/spec/dummy/config/boot.rb

@@ -0,0 +1,10 @@
+require 'rubygems'
+gemfile = File.expand_path('../../../../Gemfile', __FILE__)
+
+if File.exist?(gemfile)
+  ENV['BUNDLE_GEMFILE'] = gemfile
+  require 'bundler'
+  Bundler.setup
+end
+
+$:.unshift File.expand_path('../../../../lib', __FILE__)

data/spec/dummy/config/database.yml

@@ -0,0 +1,22 @@
+# SQLite version 3.x
+#   gem install sqlite3-ruby (not necessary on OS X Leopard)
+development:
+  adapter: sqlite3
+  database: db/development.sqlite3
+  pool: 5
+  timeout: 5000
+
+# Warning: The database defined as "test" will be erased and
+# re-generated from your development database when you run "rake".
+# Do not set this db to the same as development or production.
+test:
+  adapter: sqlite3
+  database: db/test.sqlite3
+  pool: 5
+  timeout: 5000
+
+production:
+  adapter: sqlite3
+  database: db/production.sqlite3
+  pool: 5
+  timeout: 5000

data/spec/dummy/config/environment.rb

@@ -0,0 +1,5 @@
+# Load the rails application
+require File.expand_path('../application', __FILE__)
+
+# Initialize the rails application
+Dummy::Application.initialize!

data/spec/dummy/config/environments/development.rb

@@ -0,0 +1,26 @@
+Dummy::Application.configure do
+  # Settings specified here will take precedence over those in config/application.rb
+
+  # In the development environment your application's code is reloaded on
+  # every request.  This slows down response time but is perfect for development
+  # since you don't have to restart the webserver when you make code changes.
+  config.cache_classes = false
+
+  # Log error messages when you accidentally call methods on nil.
+  config.whiny_nils = true
+
+  # Show full error reports and disable caching
+  config.consider_all_requests_local       = true
+  config.action_view.debug_rjs             = true
+  config.action_controller.perform_caching = false
+
+  # Don't care if the mailer can't send
+  config.action_mailer.raise_delivery_errors = false
+
+  # Print deprecation notices to the Rails logger
+  config.active_support.deprecation = :log
+
+  # Only use best-standards-support built into browsers
+  config.action_dispatch.best_standards_support = :builtin
+end
+

data/spec/dummy/config/environments/production.rb

@@ -0,0 +1,49 @@
+Dummy::Application.configure do
+  # Settings specified here will take precedence over those in config/application.rb
+
+  # The production environment is meant for finished, "live" apps.
+  # Code is not reloaded between requests
+  config.cache_classes = true
+
+  # Full error reports are disabled and caching is turned on
+  config.consider_all_requests_local       = false
+  config.action_controller.perform_caching = true
+
+  # Specifies the header that your server uses for sending files
+  config.action_dispatch.x_sendfile_header = "X-Sendfile"
+
+  # For nginx:
+  # config.action_dispatch.x_sendfile_header = 'X-Accel-Redirect'
+
+  # If you have no front-end server that supports something like X-Sendfile,
+  # just comment this out and Rails will serve the files
+
+  # See everything in the log (default is :info)
+  # config.log_level = :debug
+
+  # Use a different logger for distributed setups
+  # config.logger = SyslogLogger.new
+
+  # Use a different cache store in production
+  # config.cache_store = :mem_cache_store
+
+  # Disable Rails's static asset server
+  # In production, Apache or nginx will already do this
+  config.serve_static_assets = false
+
+  # Enable serving of images, stylesheets, and javascripts from an asset server
+  # config.action_controller.asset_host = "http://assets.example.com"
+
+  # Disable delivery errors, bad email addresses will be ignored
+  # config.action_mailer.raise_delivery_errors = false
+
+  # Enable threaded mode
+  # config.threadsafe!
+
+  # Enable locale fallbacks for I18n (makes lookups for any locale fall back to
+  # the I18n.default_locale when a translation can not be found)
+  config.i18n.fallbacks = true
+
+  # Send deprecation notices to registered listeners
+  config.active_support.deprecation = :notify
+end

data/spec/dummy/config/environments/test.rb

@@ -0,0 +1,36 @@
+Dummy::Application.configure do
+  # Settings specified here will take precedence over those in config/application.rb
+
+  # The test environment is used exclusively to run your application's
+  # test suite.  You never need to work with it otherwise.  Remember that
+  # your test database is "scratch space" for the test suite and is wiped
+  # and recreated between test runs.  Don't rely on the data there!
+  config.cache_classes = true
+
+  # Log error messages when you accidentally call methods on nil.
+  config.whiny_nils = true
+
+  # Show full error reports and disable caching
+  config.consider_all_requests_local       = true
+  config.action_controller.perform_caching = false
+
+  # Raise exceptions instead of rendering exception templates
+  config.action_dispatch.show_exceptions = false
+
+  config.action_dispatch.secure_routes = true
+  # Disable request forgery protection in test environment
+  config.action_controller.allow_forgery_protection    = false
+
+  # Tell Action Mailer not to deliver emails to the real world.
+  # The :test delivery method accumulates sent emails in the
+  # ActionMailer::Base.deliveries array.
+  config.action_mailer.delivery_method = :test
+
+  # Use SQL instead of Active Record's schema dumper when creating the test database.
+  # This is necessary if your schema can't be completely dumped by the schema dumper,
+  # like if you have constraints or database-specific column types
+  # config.active_record.schema_format = :sql
+
+  # Print deprecation notices to the stderr
+  config.active_support.deprecation = :stderr
+end

data/spec/dummy/config/initializers/backtrace_silencers.rb

@@ -0,0 +1,7 @@
+# Be sure to restart your server when you modify this file.
+
+# You can add backtrace silencers for libraries that you're using but don't wish to see in your backtraces.
+# Rails.backtrace_cleaner.add_silencer { |line| line =~ /my_noisy_library/ }
+
+# You can also remove all the silencers if you're trying to debug a problem that might stem from framework code.
+# Rails.backtrace_cleaner.remove_silencers!

data/spec/dummy/config/initializers/inflections.rb

@@ -0,0 +1,10 @@
+# Be sure to restart your server when you modify this file.
+
+# Add new inflection rules using the following format
+# (all these examples are active by default):
+# ActiveSupport::Inflector.inflections do |inflect|
+#   inflect.plural /^(ox)$/i, '\1en'
+#   inflect.singular /^(ox)en/i, '\1'
+#   inflect.irregular 'person', 'people'
+#   inflect.uncountable %w( fish sheep )
+# end

data/spec/dummy/config/initializers/mime_types.rb

@@ -0,0 +1,5 @@
+# Be sure to restart your server when you modify this file.
+
+# Add new mime types for use in respond_to blocks:
+# Mime::Type.register "text/richtext", :rtf
+# Mime::Type.register_alias "text/html", :iphone

data/spec/dummy/config/initializers/secret_token.rb

@@ -0,0 +1,7 @@
+# Be sure to restart your server when you modify this file.
+
+# Your secret key for verifying the integrity of signed cookies.
+# If you change this key, all old signed cookies will become invalid!
+# Make sure the secret is at least 30 characters and all random,
+# no regular words or you'll be exposed to dictionary attacks.
+Dummy::Application.config.secret_token = '5bf98aacce9285353bad569fbc9e2b7b39be543052b945523538cd77371fe190051e3706e43589d2db8faa9e47c353afc57bb9bb087dcc3a769035b582a695f4'

data/spec/dummy/config/initializers/session_store.rb

@@ -0,0 +1,8 @@
+# Be sure to restart your server when you modify this file.
+
+Dummy::Application.config.session_store :cookie_store, :key => '_dummy_session'
+
+# Use the database for sessions instead of the cookie-based default,
+# which shouldn't be used to store highly confidential information
+# (create the session table with "rails generate session_migration")
+# Dummy::Application.config.session_store :active_record_store

data/spec/dummy/config/routes.rb

@@ -0,0 +1,5 @@
+Dummy::Application.routes.draw do
+  match 'ssl_action' => 'ssl#ssl_action', :secure => true
+  match 'action' => 'ssl#action'
+  match 'no_ssl_action' => 'ssl#no_ssl_action', :secure => false
+end

data/spec/dummy/script/rails

@@ -0,0 +1,6 @@
+#!/usr/bin/env ruby
+# This command will automatically be run when you run "rails" with Rails 3 gems installed from the root of your application.
+
+APP_PATH = File.expand_path('../../config/application',  __FILE__)
+require File.expand_path('../../config/boot',  __FILE__)
+require 'rails/commands'

data/spec/secure_routes_spec.rb

@@ -0,0 +1,85 @@
+require 'spec_helper'
+
+describe SecureRoutes do
+
+  include RSpec::Rails::RequestExampleGroup
+
+  describe 'require ssl route' do
+
+    it 'should redirect http request' do
+      get 'http://localhost/ssl_action'
+      response.should be_redirect
+    end
+
+    it 'should handle https request' do
+      get 'https://localhost/ssl_action'
+      response.should be_success
+      response.body.should == <<-BODY
+/ssl_action
+/action
+http://localhost/no_ssl_action
+https://localhost/ssl_action
+https://localhost/action
+http://localhost/no_ssl_action
+
+      BODY
+    end
+
+  end
+
+  describe 'allow ssl route' do
+
+    it 'should handle https request' do
+      get 'https://localhost/action'
+      response.should be_success
+      response.body.should == <<-BODY
+/ssl_action
+/action
+http://localhost/no_ssl_action
+https://localhost/ssl_action
+https://localhost/action
+http://localhost/no_ssl_action
+
+      BODY
+    end
+
+    it 'should handle http request' do
+      get 'http://localhost/action'
+      response.should be_success
+      response.body.should == <<-BODY
+https://localhost/ssl_action
+/action
+/no_ssl_action
+https://localhost/ssl_action
+http://localhost/action
+http://localhost/no_ssl_action
+
+      BODY
+    end
+
+  end
+
+  describe 'require no ssl route' do
+
+    it 'should handle http request' do
+      get 'http://localhost/no_ssl_action'
+      response.should be_success
+      response.body.should == <<-BODY
+https://localhost/ssl_action
+/action
+/no_ssl_action
+https://localhost/ssl_action
+http://localhost/action
+http://localhost/no_ssl_action
+
+      BODY
+    end
+
+    it 'should redirect https request' do
+      get 'https://localhost/no_ssl_action'
+      response.should be_redirect
+    end
+
+  end
+
+end

data/spec/spec_helper.rb

@@ -0,0 +1,33 @@
+# Configure Rails Envinronment
+ENV["RAILS_ENV"] = "test"
+
+require File.expand_path("../dummy/config/environment.rb",  __FILE__)
+require "rails/test_help"
+require "rspec/rails"
+
+ActionMailer::Base.delivery_method = :test
+ActionMailer::Base.perform_deliveries = true
+ActionMailer::Base.default_url_options[:host] = "test.com"
+
+Rails.backtrace_cleaner.remove_silencers!
+
+# Configure capybara for integration testing
+#require "capybara/rails"
+#Capybara.default_driver   = :rack_test
+#Capybara.default_selector = :css
+
+# Run any available migration
+#ActiveRecord::Migrator.migrate File.expand_path("../dummy/db/migrate/", __FILE__)
+
+# Load support files
+Dir["#{File.dirname(__FILE__)}/support/**/*.rb"].each { |f| require f }
+
+RSpec.configure do |config|
+  # Remove this line if you don't want RSpec's should and should_not
+  # methods or matchers
+  require 'rspec/expectations'
+  config.include RSpec::Matchers
+
+  # == Mock Framework
+  config.mock_with :rspec
+end

metadata

@@ -0,0 +1,184 @@
+--- !ruby/object:Gem::Specification 
+name: secure_routes
+version: !ruby/object:Gem::Version 
+  hash: 29
+  prerelease: 
+  segments: 
+  - 0
+  - 0
+  - 1
+  version: 0.0.1
+platform: ruby
+authors: 
+- pyromaniac
+autorequire: 
+bindir: bin
+cert_chain: []
+
+date: 2011-02-10 00:00:00 +03:00
+default_executable: 
+dependencies: 
+- !ruby/object:Gem::Dependency 
+  type: :runtime
+  version_requirements: &id001 !ruby/object:Gem::Requirement 
+    none: false
+    requirements: 
+    - - ">="
+      - !ruby/object:Gem::Version 
+        hash: 3
+        segments: 
+        - 0
+        version: "0"
+  requirement: *id001
+  prerelease: false
+  name: rails
+- !ruby/object:Gem::Dependency 
+  type: :development
+  version_requirements: &id002 !ruby/object:Gem::Requirement 
+    none: false
+    requirements: 
+    - - ">="
+      - !ruby/object:Gem::Version 
+        hash: 3
+        segments: 
+        - 0
+        version: "0"
+  requirement: *id002
+  prerelease: false
+  name: sqlite3-ruby
+- !ruby/object:Gem::Dependency 
+  type: :development
+  version_requirements: &id003 !ruby/object:Gem::Requirement 
+    none: false
+    requirements: 
+    - - ">="
+      - !ruby/object:Gem::Version 
+        hash: 3
+        segments: 
+        - 0
+        version: "0"
+  requirement: *id003
+  prerelease: false
+  name: rspec-rails
+- !ruby/object:Gem::Dependency 
+  type: :development
+  version_requirements: &id004 !ruby/object:Gem::Requirement 
+    none: false
+    requirements: 
+    - - ">="
+      - !ruby/object:Gem::Version 
+        hash: 3
+        segments: 
+        - 0
+        version: "0"
+  requirement: *id004
+  prerelease: false
+  name: jeweler
+- !ruby/object:Gem::Dependency 
+  type: :development
+  version_requirements: &id005 !ruby/object:Gem::Requirement 
+    none: false
+    requirements: 
+    - - ">="
+      - !ruby/object:Gem::Version 
+        hash: 3
+        segments: 
+        - 0
+        version: "0"
+  requirement: *id005
+  prerelease: false
+  name: mongrel
+description: Routing-level ssl support for ruby application actions
+email: kinwizard@gmail.com
+executables: []
+
+extensions: []
+
+extra_rdoc_files: 
+- README.rdoc
+files: 
+- .rspec
+- Gemfile
+- Gemfile.lock
+- MIT-LICENSE
+- README.rdoc
+- Rakefile
+- VERSION
+- lib/secure_routes.rb
+- lib/secure_routes/mapper.rb
+- lib/secure_routes/options.rb
+- lib/secure_routes/route_set.rb
+- secure_routes.gemspec
+- spec/dummy/Rakefile
+- spec/dummy/app/controllers/application_controller.rb
+- spec/dummy/app/controllers/ssl_controller.rb
+- spec/dummy/app/views/layouts/application.html.erb
+- spec/dummy/app/views/ssl/action.html.erb
+- spec/dummy/config.ru
+- spec/dummy/config/application.rb
+- spec/dummy/config/boot.rb
+- spec/dummy/config/database.yml
+- spec/dummy/config/environment.rb
+- spec/dummy/config/environments/development.rb
+- spec/dummy/config/environments/production.rb
+- spec/dummy/config/environments/test.rb
+- spec/dummy/config/initializers/backtrace_silencers.rb
+- spec/dummy/config/initializers/inflections.rb
+- spec/dummy/config/initializers/mime_types.rb
+- spec/dummy/config/initializers/secret_token.rb
+- spec/dummy/config/initializers/session_store.rb
+- spec/dummy/config/routes.rb
+- spec/dummy/script/rails
+- spec/secure_routes_spec.rb
+- spec/spec_helper.rb
+has_rdoc: true
+homepage: http://github.com/pyromaniac/secure_routes
+licenses: []
+
+post_install_message: 
+rdoc_options: []
+
+require_paths: 
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement 
+  none: false
+  requirements: 
+  - - ">="
+    - !ruby/object:Gem::Version 
+      hash: 3
+      segments: 
+      - 0
+      version: "0"
+required_rubygems_version: !ruby/object:Gem::Requirement 
+  none: false
+  requirements: 
+  - - ">="
+    - !ruby/object:Gem::Version 
+      hash: 3
+      segments: 
+      - 0
+      version: "0"
+requirements: []
+
+rubyforge_project: 
+rubygems_version: 1.4.2
+signing_key: 
+specification_version: 3
+summary: Rails ssl requirements
+test_files: 
+- spec/dummy/app/controllers/application_controller.rb
+- spec/dummy/app/controllers/ssl_controller.rb
+- spec/dummy/config/application.rb
+- spec/dummy/config/boot.rb
+- spec/dummy/config/environment.rb
+- spec/dummy/config/environments/development.rb
+- spec/dummy/config/environments/production.rb
+- spec/dummy/config/environments/test.rb
+- spec/dummy/config/initializers/backtrace_silencers.rb
+- spec/dummy/config/initializers/inflections.rb
+- spec/dummy/config/initializers/mime_types.rb
+- spec/dummy/config/initializers/secret_token.rb
+- spec/dummy/config/initializers/session_store.rb
+- spec/dummy/config/routes.rb
+- spec/secure_routes_spec.rb
+- spec/spec_helper.rb