ssl_enforcer 0.1.4 → 0.2.0

data/.gitignore

@@ -0,0 +1,17 @@
+*.gem
+*.rbc
+.bundle
+.config
+.yardoc
+Gemfile.lock
+InstalledFiles
+_yardoc
+coverage
+doc/
+lib/bundler/man
+pkg
+rdoc
+spec/reports
+test/tmp
+test/version_tmp
+tmp

data/Gemfile

@@ -1,8 +1,4 @@
-source "http://rubygems.org"
+source 'https://rubygems.org'
 
-group :development do
-  gem "rspec", "~> 2.3.0"
-  gem "bundler", "~> 1.0.0"
-  gem "jeweler", "~> 1.6.4"
-  gem "simplecov", ">= 0"
-end
+# Specify your gem's dependencies in ssl_enforcer.gemspec
+gemspec

data/LICENSE.txt

@@ -1,4 +1,6 @@
-Copyright (c) 2012 Digital Opera
+Copyright (c) 2013 Digital Opera, LLC (www.digitalopera.com)
+
+MIT License
 
 Permission is hereby granted, free of charge, to any person obtaining
 a copy of this software and associated documentation files (the
@@ -17,4 +19,4 @@ MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
 NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
 LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
 OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
-WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.md

@@ -15,17 +15,17 @@ And then run `bundle install` to install it.
 To use SSL Enforcer after installing it open `config/environments/production.rb` and add the following line:
 
 ```rb
-# Force SSL Connections
-config.middleware.use SSLEnforcer
+## Force SSL Connections for all domains/subdomains
+config.middleware.use SSLEnforcer::Enforcer
 ```
 
 This will force SSL connections for the entire application.
 
-If you would like to force SSL connections for a specific subdomain only, you can use the `:subdomain` option:
+If you would like to force SSL connections for a specific subdomain only, you can use the `:only` option:
 
 ```rb
-# Force SSL Connections
-config.middleware.use SSLEnforcer, :subdomain => %w( secure )
+## Force SSL Connections for specific subdomains
+config.middleware.use SSLEnforcer::Enforcer, :only => [:secure]
 ```
 
 By specifying the *secure* subdomain as the one to force SSL on, all connections to "https://secure.mydomain.com" will be forced redirected using a 301 redirect to "https://secure.mydomain.com".  Connections to "http://www.mydomain.com/" would be left untouched.
@@ -33,13 +33,25 @@ By specifying the *secure* subdomain as the one to force SSL on, all connections
 If you have several different subdomains in your application that you would like to force SSL connections on, you can do so by providing an array of the subdomains to be enforced.
 
 ```rb
-# Force SSL Connections
-config.middleware.use SSLEnforcer, :subdomain => %w( secure checkout protected)
+# Force SSL Connections on multiple subdomains
+config.middleware.use SSLEnforcer::Enforcer, :only => [:secure, :checkout, :protected]
 ```
 
 This will enforce SSL connections for "secure.mydomain.com", as well as "checkout.mydomain.com" and "protected.mydomain.com".
 
-*NOTE* SSL Enforcer will not provide SSL certificates.  You should first configure your server environment to properly support SSL connections before using SSL Enforcer.
+## Subdomain Exceptions
+
+You can specify subdomain exceptions that should not be forced to HTTPS.  This can be handy in the event that you application supports "wildcard" subdomains.  You may want to force SSL
+on all of the application subdomains, except say your public website "www".  You can do this using the `:except` option:
+
+```rb
+## Force SSL connections for all requests except the website
+config.middleware.use SSLEnforcer::Enforcer, :except => [:www]
+```
+
+SSL Enforcer will not provide SSL certificates.  You should first configure your server environment to properly support SSL connections before using SSL Enforcer.
+
+**NOTE** The `only` and `except` options must be passed an array.
 
 ## Bug Reports
 

data/Rakefile

@@ -1,24 +1 @@
-# encoding: utf-8
-
-require 'rubygems'
-require 'bundler'
-begin
-  Bundler.setup(:default, :development)
-rescue Bundler::BundlerError => e
-  $stderr.puts e.message
-  $stderr.puts "Run `bundle install` to install missing gems"
-  exit e.status_code
-end
-require 'rake'
-
-require 'jeweler'
-Jeweler::Tasks.new do |gem|
-  gem.name = "ssl_enforcer"
-  gem.homepage = "http://github.com/noiseunion/ssl_enforcer"
-  gem.license = "MIT"
-  gem.summary = "Force SSL for specific subdomains of your application"
-  gem.description = "Simple Rack middleware for forcing SSL on specific subdomains of an application."
-  gem.email = "jd@digitalopera.com"
-  gem.authors = ["JD Hendrickson"]
-end
-Jeweler::RubygemsDotOrgTasks.new
+require "bundler/gem_tasks"

data/lib/ssl_enforcer/enforcer.rb

@@ -0,0 +1,76 @@
+require "rack"
+require "rack/request"
+
+class SSLEnforcer::Enforcer
+  def initialize(app, options = {})
+    @options    = { :only => [] }.merge(options)
+    @app        = app
+    @only       = @options[:only] || []
+    @exceptions = @options[:except] || []
+
+    ## Convert @only and @exception values to symbols
+    @exceptions.map!{ |sd| sd.downcase.to_sym }
+    @only.map!{ |sd| sd.downcase.to_sym }
+  end
+
+  def call(env)
+    # if the domain is already using SSL don't do anything
+    if url_is_ok?(env)
+      @app.call(env)
+    else
+      # if the domain is NOT currently using SSL then we need to redirect the request
+      req     = Rack::Request.new(env)
+      headers = { "Location" => req.url.gsub(/^http:/, "https:"), "Content-Type"=>"text/plain" }
+
+      [301, headers, []]
+    end
+  end
+
+  private # -----------------------------------------------
+
+  def url_is_ok?(env)
+    tld       = get_top_level_domain(env["SERVER_NAME"])
+    subdomain = get_subdomain(env["SERVER_NAME"], tld).downcase.to_sym
+
+    # Hack to deal with heroku redirect issues.
+    # http://rack.lighthouseapp.com/projects/22435/tickets/101
+    scheme    = (env["SERVER_PORT"] == "443") ? :https : :http
+    #scheme    = env["HTTP_X_FORWARDED_PROTO"] if env["HTTP_X_FORWARDED_PROTO"]
+
+    # If the "only" and or "exceptions" options have not been passed, then
+    # we want to force SSL on ALL subdomains
+    return false if @only.empty? && @exceptions.empty?
+
+    ## Return true if the subdomain is in in the "except" list
+    return true if @exceptions.include?(subdomain)
+
+    ## Return the current scheme test restuls if the
+    ## subdomain is in the "only" list
+    return scheme == :https if @only.include?(subdomain)
+
+    ## If the subdomain is not found in either @exceptions || @only
+    ## we must first check to see if the "only" option was passed.
+    ## If so, then we will return true and not change the request.
+    ## If the option was not passed, then we must assume to change all
+    ## subdomains NOT responded to by @exceptions
+    if @only.empty?
+      return scheme == :https
+    else
+      return true
+    end
+  end
+
+  # return the subdomain regardless of how many levels deep it is
+  def get_subdomain(server_name, tld)
+    return server_name.gsub /\.?#{tld}$/, ""
+  end
+
+  # We will break the server URL into separate parts, reverse them and then
+  # reconstruct the TLD (Top Level Domain) from there.  This should allow
+  # for support of domains that extend beyond a third level
+  # (i.e. - secure.my.domain.com)
+  def get_top_level_domain(server_name)
+    domain_parts = server_name.split(".").reverse
+    return [domain_parts.second, domain_parts.first].join(".")
+  end
+end

data/lib/ssl_enforcer/version.rb

@@ -0,0 +1,3 @@
+module SSLEnforcer
+  VERSION = "0.2.0"
+end

data/lib/ssl_enforcer.rb

@@ -1,56 +1,5 @@
-require "rack"
-require "rack/request"
+require "ssl_enforcer/version"
+require "ssl_enforcer/enforcer"
 
-class SSLEnforcer
-  def initialize(app, options = {})
-    @options    = { :subdomain => [] }.merge(options)
-    @app        = app
-    @subdomains = @options[:subdomain]
-  end
-
-  def call(env)
-    # if the domain is already using SSL don't do anything
-    if url_is_ok?(env)
-      @app.call(env)
-    else # if the domain is NOT currently using SSL then we need to redirect the request
-      req     = Rack::Request.new(env)
-      headers = { "Location" => req.url.gsub(/^http:/, "https:") }
-
-      [301, headers, []]
-    end
-  end
-
-  private # -----------------------------------------------------------------
-
-  def url_is_ok?(env)
-    tld       = get_top_level_domain(env["SERVER_NAME"])
-    subdomain = get_subdomain(env["SERVER_NAME"], tld)
-    
-    # Hack to deal with heroku redirect issues.
-    # http://rack.lighthouseapp.com/projects/22435/tickets/101
-    scheme    = "https" if env["SERVER_PORT"] == "443"
-    scheme    = env["HTTP_X_FORWARDED_PROTO"] if env["HTTP_X_FORWARDED_PROTO"]
-    
-    # If the subdomain is in the list of HTTPS enforced subs, check for HTTPS
-    # otherwise, return true
-    if @subdomains.index(subdomain).nil?
-      return true
-    else
-      return scheme == "https"
-    end
-  end
-
-  # return the subdomain regardless of how many levels deep it is
-  def get_subdomain(server_name, tld)
-    return server_name.gsub /\.?#{tld}$/, ""
-  end
-
-  # We will break the server URL into separate parts, reverse them and then
-  # reconstruct the TLD (Top Level Domain) from there.  This should allow
-  # for support of domains that extend beyond a third level
-  # (i.e. - secure.my.domain.com)
-  def get_top_level_domain(server_name)
-    domain_parts = server_name.split(".").reverse
-    return [domain_parts.second, domain_parts.first].join(".")
-  end
+module SSLEnforcer
 end

data/ssl_enforcer.gemspec

@@ -1,60 +1,19 @@
-# Generated by jeweler
-# DO NOT EDIT THIS FILE DIRECTLY
-# Instead, edit Jeweler::Tasks in Rakefile, and run 'rake gemspec'
 # -*- encoding: utf-8 -*-
+lib = File.expand_path('../lib', __FILE__)
+$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
+require 'ssl_enforcer/version'
 
-Gem::Specification.new do |s|
-  s.name = "ssl_enforcer"
-  s.version = "0.1.4"
+Gem::Specification.new do |gem|
+  gem.name          = "ssl_enforcer"
+  gem.version       = SSLEnforcer::VERSION
+  gem.authors       = ["JD Hendrickson"]
+  gem.email         = ["jd@digitalopera.com"]
+  gem.description   = "Simple Rack middleware for forcing SSL on specific subdomains of an application."
+  gem.summary       = "Simple Rack middleware for forcing SSL on specific subdomains of an application."
+  gem.homepage      = "https://github.com/digitalopera/ssl_enforcer/"
 
-  s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
-  s.authors = ["JD Hendrickson"]
-  s.date = "2012-04-09"
-  s.description = "Simple Rack middleware for forcing SSL on specific subdomains of an application."
-  s.email = "jd@digitalopera.com"
-  s.extra_rdoc_files = [
-    "LICENSE.txt",
-    "README.md"
-  ]
-  s.files = [
-    ".document",
-    ".rspec",
-    "Gemfile",
-    "Gemfile.lock",
-    "LICENSE.txt",
-    "README.md",
-    "Rakefile",
-    "VERSION",
-    "lib/ssl_enforcer.rb",
-    "spec/spec_helper.rb",
-    "spec/ssl_enforcer_spec.rb",
-    "ssl_enforcer.gemspec"
-  ]
-  s.homepage = "http://github.com/noiseunion/ssl_enforcer"
-  s.licenses = ["MIT"]
-  s.require_paths = ["lib"]
-  s.rubygems_version = "1.8.21"
-  s.summary = "Force SSL for specific subdomains of your application"
-
-  if s.respond_to? :specification_version then
-    s.specification_version = 3
-
-    if Gem::Version.new(Gem::VERSION) >= Gem::Version.new('1.2.0') then
-      s.add_development_dependency(%q<rspec>, ["~> 2.3.0"])
-      s.add_development_dependency(%q<bundler>, ["~> 1.0.0"])
-      s.add_development_dependency(%q<jeweler>, ["~> 1.6.4"])
-      s.add_development_dependency(%q<simplecov>, [">= 0"])
-    else
-      s.add_dependency(%q<rspec>, ["~> 2.3.0"])
-      s.add_dependency(%q<bundler>, ["~> 1.0.0"])
-      s.add_dependency(%q<jeweler>, ["~> 1.6.4"])
-      s.add_dependency(%q<simplecov>, [">= 0"])
-    end
-  else
-    s.add_dependency(%q<rspec>, ["~> 2.3.0"])
-    s.add_dependency(%q<bundler>, ["~> 1.0.0"])
-    s.add_dependency(%q<jeweler>, ["~> 1.6.4"])
-    s.add_dependency(%q<simplecov>, [">= 0"])
-  end
+  gem.files         = `git ls-files`.split($/)
+  gem.executables   = gem.files.grep(%r{^bin/}).map{ |f| File.basename(f) }
+  gem.test_files    = gem.files.grep(%r{^(test|spec|features)/})
+  gem.require_paths = ["lib"]
 end
-

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: ssl_enforcer
 version: !ruby/object:Gem::Version
-  version: 0.1.4
+  version: 0.2.0
   prerelease: 
 platform: ruby
 authors:
@@ -9,95 +9,26 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2012-04-09 00:00:00.000000000 Z
-dependencies:
-- !ruby/object:Gem::Dependency
-  name: rspec
-  requirement: !ruby/object:Gem::Requirement
-    none: false
-    requirements:
-    - - ~>
-      - !ruby/object:Gem::Version
-        version: 2.3.0
-  type: :development
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    none: false
-    requirements:
-    - - ~>
-      - !ruby/object:Gem::Version
-        version: 2.3.0
-- !ruby/object:Gem::Dependency
-  name: bundler
-  requirement: !ruby/object:Gem::Requirement
-    none: false
-    requirements:
-    - - ~>
-      - !ruby/object:Gem::Version
-        version: 1.0.0
-  type: :development
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    none: false
-    requirements:
-    - - ~>
-      - !ruby/object:Gem::Version
-        version: 1.0.0
-- !ruby/object:Gem::Dependency
-  name: jeweler
-  requirement: !ruby/object:Gem::Requirement
-    none: false
-    requirements:
-    - - ~>
-      - !ruby/object:Gem::Version
-        version: 1.6.4
-  type: :development
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    none: false
-    requirements:
-    - - ~>
-      - !ruby/object:Gem::Version
-        version: 1.6.4
-- !ruby/object:Gem::Dependency
-  name: simplecov
-  requirement: !ruby/object:Gem::Requirement
-    none: false
-    requirements:
-    - - ! '>='
-      - !ruby/object:Gem::Version
-        version: '0'
-  type: :development
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    none: false
-    requirements:
-    - - ! '>='
-      - !ruby/object:Gem::Version
-        version: '0'
+date: 2013-08-05 00:00:00.000000000 Z
+dependencies: []
 description: Simple Rack middleware for forcing SSL on specific subdomains of an application.
-email: jd@digitalopera.com
+email:
+- jd@digitalopera.com
 executables: []
 extensions: []
-extra_rdoc_files:
-- LICENSE.txt
-- README.md
+extra_rdoc_files: []
 files:
-- .document
-- .rspec
+- .gitignore
 - Gemfile
-- Gemfile.lock
 - LICENSE.txt
 - README.md
 - Rakefile
-- VERSION
 - lib/ssl_enforcer.rb
-- spec/spec_helper.rb
-- spec/ssl_enforcer_spec.rb
+- lib/ssl_enforcer/enforcer.rb
+- lib/ssl_enforcer/version.rb
 - ssl_enforcer.gemspec
-homepage: http://github.com/noiseunion/ssl_enforcer
-licenses:
-- MIT
+homepage: https://github.com/digitalopera/ssl_enforcer/
+licenses: []
 post_install_message: 
 rdoc_options: []
 require_paths:
@@ -108,9 +39,6 @@ required_ruby_version: !ruby/object:Gem::Requirement
   - - ! '>='
     - !ruby/object:Gem::Version
       version: '0'
-      segments:
-      - 0
-      hash: -3686267842636745665
 required_rubygems_version: !ruby/object:Gem::Requirement
   none: false
   requirements:
@@ -119,8 +47,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubyforge_project: 
-rubygems_version: 1.8.21
+rubygems_version: 1.8.24
 signing_key: 
 specification_version: 3
-summary: Force SSL for specific subdomains of your application
+summary: Simple Rack middleware for forcing SSL on specific subdomains of an application.
 test_files: []

data/.document

@@ -1,5 +0,0 @@
-lib/**/*.rb
-bin/*
-- 
-features/**/*.feature
-LICENSE.txt

data/.rspec

@@ -1 +0,0 @@
---color

data/Gemfile.lock

@@ -1,32 +0,0 @@
-GEM
-  remote: http://rubygems.org/
-  specs:
-    diff-lcs (1.1.3)
-    git (1.2.5)
-    jeweler (1.6.4)
-      bundler (~> 1.0)
-      git (>= 1.2.5)
-      rake
-    multi_json (1.2.0)
-    rake (0.9.2.2)
-    rspec (2.3.0)
-      rspec-core (~> 2.3.0)
-      rspec-expectations (~> 2.3.0)
-      rspec-mocks (~> 2.3.0)
-    rspec-core (2.3.1)
-    rspec-expectations (2.3.0)
-      diff-lcs (~> 1.1.2)
-    rspec-mocks (2.3.0)
-    simplecov (0.6.1)
-      multi_json (~> 1.0)
-      simplecov-html (~> 0.5.3)
-    simplecov-html (0.5.3)
-
-PLATFORMS
-  ruby
-
-DEPENDENCIES
-  bundler (~> 1.0.0)
-  jeweler (~> 1.6.4)
-  rspec (~> 2.3.0)
-  simplecov

data/VERSION

@@ -1 +0,0 @@
-0.1.4

data/spec/spec_helper.rb

@@ -1,12 +0,0 @@
-$LOAD_PATH.unshift(File.join(File.dirname(__FILE__), '..', 'lib'))
-$LOAD_PATH.unshift(File.dirname(__FILE__))
-require 'rspec'
-require 'ssl_enforcer'
-
-# Requires supporting files with custom matchers and macros, etc,
-# in ./support/ and its subdirectories.
-Dir["#{File.dirname(__FILE__)}/support/**/*.rb"].each {|f| require f}
-
-RSpec.configure do |config|
-  
-end

data/spec/ssl_enforcer_spec.rb

@@ -1,7 +0,0 @@
-require File.expand_path(File.dirname(__FILE__) + '/spec_helper')
-
-describe "SslEnforcer" do
-  it "fails" do
-    fail "hey buddy, you should probably rename this file and start specing for real"
-  end
-end