ssl_routes 0.0.2

data/lib/ssl_routes/controller.rb

@@ -0,0 +1,69 @@
+module SslRoutes::Controller
+
+  def self.included(base)
+    base.extend ClassMethods
+    base.send :include, InstanceMethods
+    base.send :alias_method_chain, :url_for, :ssl_support
+  end
+
+  module ClassMethods
+
+    def enforce_protocols(&block)
+      cattr_accessor :parameter, :secure_session, :enable_ssl
+      self.parameter        = :protocol
+      self.secure_session   = false
+      self.enable_ssl       = false
+      yield self if block_given?
+      before_filter :ensure_protocol if self.enable_ssl
+    end
+
+  end
+
+  module InstanceMethods
+
+    def url_for_with_ssl_support(options)
+      if self.enable_ssl
+        case options
+          when Hash
+            current = request.protocol.split(':').first
+            target  = extract_protocol(options, 'http')
+            if current != target
+              options.merge!({ :protocol => target, :only_path => false })
+            end
+        end
+      end
+      url_for_without_ssl_support(options)
+    end
+
+    private
+
+      def ensure_protocol
+        options = ActionController::Routing::Routes.recognize_path(
+          request.path,
+          ActionController::Routing::Routes.extract_request_environment(request)
+        )
+        current = request.protocol.split(':').first
+        target  = extract_protocol(options, current)
+        if current != target
+          flash.keep
+          redirect_to "#{target}://#{request.host_with_port + request.request_uri}"
+          return false
+        end
+      end
+
+      def extract_protocol(options, default_protocol)
+        protocol = case options[self.parameter]
+          when String then options[self.parameter]
+          when TrueClass then 'https'
+          else default_protocol
+        end
+        protocol = 'https' if self.secure_session && current_user
+        protocol = options[:protocol] if options[:protocol]
+        return protocol.split(':').first
+      end
+
+  end
+
+end
+
+ActionController::Base.send :include, SslRoutes::Controller

data/lib/ssl_routes/paperclip.rb

@@ -0,0 +1,15 @@
+# Pollute Thread.current so we can fix S3 urls.
+ActionController::Base.class_eval do
+  after_filter :set_protocol
+  private
+    def set_protocol
+      Thread.current[:protocol] = request && request.ssl? ? 'https' : 'http'
+    end
+end
+
+# Fix protocol in S3 urls.
+module Paperclip::Storage::S3
+  def s3_protocol
+    Thread.current[:protocol] ||= @s3_protocol
+  end
+end

data/lib/ssl_routes/version.rb

@@ -0,0 +1,5 @@
+module SslRoutes
+  
+  VERSION = '0.0.2'
+  
+end

data/lib/ssl_routes.rb

@@ -0,0 +1,22 @@
+module SslRoutes
+  
+  # Features:
+  # - [DONE] enable/disable ssl
+  # - [DONE] enforce protocol in controller
+  # - [DONE] route parameter option
+  # - [DONE] secure session (firesheep)
+  # - [DONE] fix urls (paperclip)
+  # - [DONE] fix urls (url_for - controller and view)
+  # - presentation plugin
+  #
+  # Other:
+  # - cross protocol form submits
+  # - question: canonical urls?
+  # - question: fractured pagerank?
+  
+  require 'ruby-debug'
+  
+  require 'ssl_routes/controller'
+  require 'ssl_routes/paperclip' if defined?( Paperclip )
+  
+end

data/test/test_helper.rb

@@ -0,0 +1,14 @@
+$: << File.join(File.dirname(__FILE__), '..', 'lib')
+$: << File.join(File.dirname(__FILE__))
+
+require 'rubygems'
+require 'test/unit'
+# require 'sqlite3'
+# require 'mocha'
+# require 'active_support'
+# require 'action_controller'
+# require 'action_controller/test_case'
+# require 'action_view'
+# require 'active_record'
+# require 'ruby-debug'
+require 'spamtrap'

metadata

@@ -0,0 +1,87 @@
+--- !ruby/object:Gem::Specification 
+name: ssl_routes
+version: !ruby/object:Gem::Version 
+  hash: 27
+  prerelease: false
+  segments: 
+  - 0
+  - 0
+  - 2
+  version: 0.0.2
+platform: ruby
+authors: 
+- Cedric Howe
+autorequire: 
+bindir: bin
+cert_chain: []
+
+date: 2010-12-02 00:00:00 -05:00
+default_executable: 
+dependencies: 
+- !ruby/object:Gem::Dependency 
+  name: rails
+  prerelease: false
+  requirement: &id001 !ruby/object:Gem::Requirement 
+    none: false
+    requirements: 
+    - - ">="
+      - !ruby/object:Gem::Version 
+        hash: 5
+        segments: 
+        - 2
+        - 3
+        version: "2.3"
+  type: :runtime
+  version_requirements: *id001
+description: Define your SSL settings in one place to enforce in your controller, generate URLs with the correct protocol, and protect yourself against session hijacking.
+email: cedric@freezerbox.com
+executables: []
+
+extensions: []
+
+extra_rdoc_files: []
+
+files: 
+- lib/ssl_routes/controller.rb
+- lib/ssl_routes/paperclip.rb
+- lib/ssl_routes/version.rb
+- lib/ssl_routes.rb
+- test/test_helper.rb
+has_rdoc: true
+homepage: http://github.com/cedric/ssl_routes/
+licenses: []
+
+post_install_message: 
+rdoc_options: []
+
+require_paths: 
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement 
+  none: false
+  requirements: 
+  - - ">="
+    - !ruby/object:Gem::Version 
+      hash: 3
+      segments: 
+      - 0
+      version: "0"
+required_rubygems_version: !ruby/object:Gem::Requirement 
+  none: false
+  requirements: 
+  - - ">="
+    - !ruby/object:Gem::Version 
+      hash: 23
+      segments: 
+      - 1
+      - 3
+      - 6
+      version: 1.3.6
+requirements: []
+
+rubyforge_project: ssl_routes
+rubygems_version: 1.3.7
+signing_key: 
+specification_version: 3
+summary: Enforce SSL based on your Rails routes.
+test_files: 
+- test/test_helper.rb