startback 0.14.2 → 0.15.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: b170ad4acdf67e94658b9f22c96e22d9117ee35864992bfe0f69e831e4273688
4
- data.tar.gz: 1e3de02cb0635e50ab5435176619c580f9429d89af766737c7419da3aaca9a1e
3
+ metadata.gz: d3b72151f15267aa20de6185a0f6c33d6ee22370171dfb34574604dfb1c5016c
4
+ data.tar.gz: 2aa005e7ca84a6dab18a29b0054ad16483b5c8b27e789351c8dfb3bccdc4714a
5
5
  SHA512:
6
- metadata.gz: 9a9a4dbeb2cbe2d833dc2f1892476ee3181ceec68c0b52c14b3e2cdec0521cbe7b857ed4ef5a3e2b8ba3e682130d021265becc13c662cdd2a1f164b0f76c14ab
7
- data.tar.gz: 6cb1f10d1a0c78f55c132b44a6f37ba1dea98a1a673b79e6ce7efe392567e43272ea7d3b584584deb4fc18c1013f88003a6233844e5137a19ce5cefcf840b135
6
+ metadata.gz: fb5b6cb84aa0fb74ad5600fd5cefaf7efc1bd0bd659555e5035031db98646d7cf44f66c22c1c04ffa020d74dbdb4ad4609e09a8dda2efee7b0f41570a0ce57ae
7
+ data.tar.gz: ebacc25e2ca8628d5914396314bec03a22d65fa39886656f2f0863fb02efc1276cda9ccf07e1ef0256489ad17845e5e3fb224c4707ce4295740917af872b240f
@@ -1,8 +1,8 @@
1
1
  module Startback
2
2
  module Version
3
3
  MAJOR = 0
4
- MINOR = 14
5
- TINY = 2
4
+ MINOR = 15
5
+ TINY = 0
6
6
  end
7
7
  VERSION = "#{Version::MAJOR}.#{Version::MINOR}.#{Version::TINY}"
8
8
  end
@@ -14,6 +14,12 @@ module Startback
14
14
  # # as Access-Control-Allow-Origin response header
15
15
  # use CorsHeaders, bounce: true
16
16
  #
17
+ # # Force a bouncing of the origin, but only for whitelisted candidates
18
+ # use CorsHeaders, bounce: ['https://*.test.com', 'https://*.test.devel']
19
+ #
20
+ # # The option above also works with a comma-separated string
21
+ # use CorsHeaders, bounce: 'https://*.test.com,https://*.test.devel'
22
+ #
17
23
  # # Overrides a specific header
18
24
  # use CorsHeaders, headers: { 'Access-Control-Allow-Methods' => 'POST' }
19
25
  #
@@ -47,6 +53,7 @@ module Startback
47
53
  def initialize(app, options = {})
48
54
  @app = app
49
55
  @options = Startback::Support.deep_merge(DEFAULT_OPTIONS, options)
56
+ @options[:bounce] = compile_bounce!(@options[:bounce])
50
57
  end
51
58
 
52
59
  def call(env)
@@ -65,14 +72,43 @@ module Startback
65
72
 
66
73
  def cors_headers(origin)
67
74
  headers = @options[:headers].dup
68
- if bounce?
69
- headers['Access-Control-Allow-Origin'] = origin
70
- end
75
+ bounce = do_bounce(origin)
76
+ headers['Access-Control-Allow-Origin'] = bounce
71
77
  headers
72
78
  end
73
79
 
74
- def bounce?
75
- @options[:bounce]
80
+ def compile_bounce!(bounce)
81
+ case bounce
82
+ when TrueClass
83
+ true
84
+ when FalseClass, NilClass
85
+ nil
86
+ when Regexp
87
+ bounce
88
+ when String
89
+ rx_str = bounce
90
+ .split(',')
91
+ .map{|b| b.gsub(/\*/, '[^.]+') }
92
+ .join('|')
93
+ Regexp.new("^(#{rx_str})$")
94
+ when Array
95
+ compile_bounce!(bounce.join(','))
96
+ else
97
+ nil
98
+ end
99
+ end
100
+
101
+ def do_bounce(origin)
102
+ case bounce = @options[:bounce]
103
+ when NilClass
104
+ @options[:headers]['Access-Control-Allow-Origin']
105
+ when TrueClass
106
+ origin
107
+ when Regexp
108
+ bounce =~ origin ? origin : nil
109
+ else
110
+ nil
111
+ end
76
112
  end
77
113
 
78
114
  end # class AllowCors
@@ -40,6 +40,7 @@ module Startback
40
40
  def body_for(ex)
41
41
  ex = ex.root_cause if ex.is_a?(Finitio::TypeError)
42
42
  body = { code: ex.class.name, description: ex.message }
43
+ body[:location] = ex.location if ex.is_a?(Finitio::TypeError)
43
44
  return body unless ex.is_a?(Startback::Errors::Error)
44
45
  return body unless ex.has_causes?
45
46
 
@@ -17,22 +17,22 @@ module Startback
17
17
  it 'sets the CORS headers to default values' do
18
18
  header('Origin', "https://test.com")
19
19
  get '/'
20
- expect(last_response['Access-Control-Allow-Origin']). to eql("*")
21
- expect(last_response['Access-Control-Allow-Methods']). to eql("OPTIONS, HEAD, GET, POST, PUT, PATCH, DELETE")
20
+ expect(last_response['Access-Control-Allow-Origin']).to eql("*")
21
+ expect(last_response['Access-Control-Allow-Methods']).to eql("OPTIONS, HEAD, GET, POST, PUT, PATCH, DELETE")
22
22
  expect(last_response.body).to eql("Hello world")
23
23
  end
24
24
 
25
25
  it 'strips everything when option' do
26
26
  header('Origin', "https://test.com")
27
27
  options '/'
28
- expect(last_response['Access-Control-Allow-Origin']). to eql("*")
29
- expect(last_response['Access-Control-Allow-Methods']). to eql("OPTIONS, HEAD, GET, POST, PUT, PATCH, DELETE")
28
+ expect(last_response['Access-Control-Allow-Origin']).to eql("*")
29
+ expect(last_response['Access-Control-Allow-Methods']).to eql("OPTIONS, HEAD, GET, POST, PUT, PATCH, DELETE")
30
30
  expect(last_response.status).to eql(204)
31
31
  expect(last_response.body).to eql("")
32
32
  end
33
33
  end
34
34
 
35
- context 'when used with the :bounce option' do
35
+ context 'when used with the :bounce option (boolean)' do
36
36
  def app
37
37
  Rack::Builder.new do
38
38
  use CorsHeaders, bounce: true
@@ -43,12 +43,62 @@ module Startback
43
43
  it 'sets the CORS Origin header to the caller' do
44
44
  header('Origin', "https://test.com")
45
45
  get '/'
46
- expect(last_response['Access-Control-Allow-Origin']). to eql("https://test.com")
47
- expect(last_response['Access-Control-Allow-Methods']). to eql("OPTIONS, HEAD, GET, POST, PUT, PATCH, DELETE")
46
+ expect(last_response['Access-Control-Allow-Origin']).to eql("https://test.com")
47
+ expect(last_response['Access-Control-Allow-Methods']).to eql("OPTIONS, HEAD, GET, POST, PUT, PATCH, DELETE")
48
48
  expect(last_response.body).to eql("Hello world")
49
49
  end
50
50
  end
51
51
 
52
+ context 'when used with the :bounce option (array)' do
53
+ def app
54
+ Rack::Builder.new do
55
+ use CorsHeaders, bounce: ['https://test.com', 'https://*.test.com']
56
+ run ->(env){ [200, {}, ["Hello world"]] }
57
+ end
58
+ end
59
+
60
+ it 'sets the CORS Origin header to the caller if match' do
61
+ header('Origin', "https://test.com")
62
+ get '/'
63
+ expect(last_response['Access-Control-Allow-Origin']).to eql("https://test.com")
64
+
65
+ header('Origin', "https://api.test.com")
66
+ get '/'
67
+ expect(last_response['Access-Control-Allow-Origin']).to eql("https://api.test.com")
68
+ end
69
+
70
+ it 'rejects otherwise' do
71
+ header('Origin', "https://nosuchone.com")
72
+ get '/'
73
+ expect(last_response['Access-Control-Allow-Origin']).to be_nil
74
+ end
75
+ end
76
+
77
+ context 'when used with the :bounce option (string)' do
78
+ def app
79
+ Rack::Builder.new do
80
+ use CorsHeaders, bounce: 'https://test.com,https://*.test.com'
81
+ run ->(env){ [200, {}, ["Hello world"]] }
82
+ end
83
+ end
84
+
85
+ it 'sets the CORS Origin header to the caller if match' do
86
+ header('Origin', "https://test.com")
87
+ get '/'
88
+ expect(last_response['Access-Control-Allow-Origin']).to eql("https://test.com")
89
+
90
+ header('Origin', "https://api.test.com")
91
+ get '/'
92
+ expect(last_response['Access-Control-Allow-Origin']).to eql("https://api.test.com")
93
+ end
94
+
95
+ it 'rejects otherwise' do
96
+ header('Origin', "https://nosuchone.com")
97
+ get '/'
98
+ expect(last_response['Access-Control-Allow-Origin']).to be_nil
99
+ end
100
+ end
101
+
52
102
  context 'when overriding a header' do
53
103
  def app
54
104
  Rack::Builder.new do
@@ -60,8 +110,8 @@ module Startback
60
110
  it 'sets the CORS Origin header to the caller' do
61
111
  header('Origin', "https://test.com")
62
112
  get '/'
63
- expect(last_response['Access-Control-Allow-Origin']). to eql("*")
64
- expect(last_response['Access-Control-Allow-Methods']). to eql("POST")
113
+ expect(last_response['Access-Control-Allow-Origin']).to eql("*")
114
+ expect(last_response['Access-Control-Allow-Methods']).to eql("POST")
65
115
  expect(last_response.body).to eql("Hello world")
66
116
  end
67
117
  end
@@ -77,8 +127,8 @@ module Startback
77
127
  it 'does not override them' do
78
128
  header('Origin', "https://test.com")
79
129
  get '/'
80
- expect(last_response['Access-Control-Allow-Origin']). to eql("*")
81
- expect(last_response['Access-Control-Allow-Methods']). to eql("POST")
130
+ expect(last_response['Access-Control-Allow-Origin']).to eql("*")
131
+ expect(last_response['Access-Control-Allow-Methods']).to eql("POST")
82
132
  expect(last_response.body).to eql("Hello world")
83
133
  end
84
134
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: startback
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.14.2
4
+ version: 0.15.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Bernard Lambeau
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2022-06-08 00:00:00.000000000 Z
11
+ date: 2022-06-22 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: rspec