strong_routes 0.9.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: 42f14c0ba0507ea6159188aa77ea3ef1c1dcfb19
+  data.tar.gz: 1b70c4df7176535de76d78c4f620c501668f2801
+SHA512:
+  metadata.gz: 78655f85f60188e5bd9074b2f06d778144e5a001e3b19add068b61afff1f1da5a4316c49515fdb2cc56422bdbb4c5259ce0fbf5d07b50c1ae6423c966a4e72bc
+  data.tar.gz: 29fbc16ece04910b136feeeac04354621e9bbcb69a024c6fe78e30f9bb181ab49737ad6e9c14d524a67618adf991992557673a9c4d8d50296582a4cdb10c9695

data/.gitignore

@@ -0,0 +1,18 @@
+*.gem
+*.rbc
+.bundle
+.config
+.ruby-*
+.yardoc
+Gemfile.lock
+InstalledFiles
+_yardoc
+coverage
+doc/
+lib/bundler/man
+pkg
+rdoc
+spec/reports
+test/tmp
+test/version_tmp
+tmp

data/Gemfile

@@ -0,0 +1,4 @@
+source 'https://rubygems.org'
+
+# Specify your gem's dependencies in strong_routes.gemspec
+gemspec

data/LICENSE.txt

@@ -0,0 +1,22 @@
+Copyright (c) 2013 Adam Hutchison
+
+MIT License
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.md

@@ -0,0 +1,65 @@
+# Strong Routes
+
+Strong Routes is a simple Rack middleware to reject requests to unknown routes before allocating connections or any resources.
+
+## Installation
+
+Add this line to your application's Gemfile:
+
+    gem 'strong_routes'
+
+And then execute:
+
+    $ bundle
+
+Or install it yourself as:
+
+    $ gem install strong_routes
+
+## Usage
+
+### Rails Apps
+
+In Rails apps, using strong routes is as simple as adding it to your Gemfile. The middleware is automatically added to the middleware stack. Any routes defined by the application are automatically allowed by default.
+
+### Rack Apps
+
+In Rack apps, load the `StrongRoutes::Allow` middleware into your middleware stack:
+
+```Ruby
+app.insert_before StrongRoutes::Allow, ResourceLoadingMiddleware
+```
+
+In (non-Rails) Rack apps, allowed routes are empty default. Allowed routes are specified using the `allowed_routes` config option:
+
+```Ruby
+StrongRoutes.config.allowed_routes = [ '/', '/posts' ]
+```
+
+Routes can be specified as strings or regular expressions:
+
+```Ruby
+StrongRoutes.config.allowed_routes = [ /\A\//i, /\A\/posts/i ]
+```
+
+### Response
+
+Any routes that aren't allowed will return a 404 by default:
+
+```
+[ 404, { "Content-Type" => "text/html", "Content-Length" => "18" }, [ "Resource Not Found" ] ]
+```
+
+The message that is returned can be specified using the `message` config option:
+
+```Ruby
+StrongRoutes.config.message = File.read(Rails.root.join('public/404.html'))
+```
+
+## Contributing
+
+1. Fork it ( http://github.com/<my-github-username>/strong_routes/fork )
+2. Create your feature branch (`git checkout -b my-new-feature`)
+3. Commit your changes (`git commit -am 'Add some feature'`)
+4. Push to the branch (`git push origin my-new-feature`)
+5. Create new Pull Request

data/Rakefile

@@ -0,0 +1,11 @@
+require "bundler/gem_tasks"
+require "rake/testtask"
+
+Rake::TestTask.new do |t|
+  t.libs.push "spec"
+  t.pattern = "spec/**/*_spec.rb"
+  t.verbose = false
+end
+
+task :default => :test
+task :spec => :test

data/lib/strong_routes.rb

@@ -0,0 +1,17 @@
+require 'rack/request'
+
+require 'strong_routes/allow'
+require 'strong_routes/config'
+require 'strong_routes/route_matcher'
+require 'strong_routes/version'
+
+module StrongRoutes
+  def self.config
+    @config ||= Config.new
+  end
+
+  # Initialize the config
+  config
+end
+
+require 'strong_routes/rails/railtie' if defined?(Rails)

data/lib/strong_routes/allow.rb

@@ -0,0 +1,44 @@
+module StrongRoutes
+  class Allow
+    def initialize(app, options = {})
+      @app = app
+      @options = ::StrongRoutes.config.merge(options)
+    end
+
+    def call(env)
+      return @app.call(env) unless enabled?
+
+      request = ::Rack::Request.new(env)
+
+      if allowed?(request)
+        @app.call(env)
+      else
+        [ 404, { "Content-Type" => "text/html", "Content-Length" => @options.message.length }, [ @options.message ] ]
+      end
+    end
+
+  private
+
+    def allowed_routes
+      @allowed_routes ||= begin
+        routes = [ @options[:allowed_routes] ]
+        routes.flatten!
+        routes.compact!
+        routes.uniq!
+        routes
+      end
+    end
+
+    def allowed?(request)
+      route_matchers.any? { |route_matcher| route_matcher =~ request.path_info }
+    end
+
+    def enabled?
+      @options[:enabled]
+    end
+
+    def route_matchers
+      @route_matchers ||= allowed_routes.map { |allowed_route| ::StrongRoutes::RouteMatcher.new(allowed_route) }
+    end
+  end
+end

data/lib/strong_routes/config.rb

@@ -0,0 +1,51 @@
+module StrongRoutes
+  module Accessorable
+    # Creates an accessor that simply sets and reads a key in the hash:
+    #
+    #   class Config < Hash
+    #     hash_accessor :app
+    #   end
+    #
+    #   config = Config.new
+    #   config.app = Foo
+    #   config[:app] #=> Foo
+    #
+    #   config[:app] = Bar
+    #   config.app #=> Bar
+    #
+    def hash_accessor(*names) #:nodoc:
+      names.each do |name|
+        class_eval <<-METHOD, __FILE__, __LINE__ + 1
+          def #{name}
+            self[:#{name}]
+          end
+
+          def #{name}=(value)
+            self[:#{name}] = value
+          end
+
+          def #{name}?
+            self[:#{name}].nil?
+          end
+        METHOD
+      end
+    end
+  end
+
+  class Config < Hash
+    extend Accessorable
+
+    hash_accessor :allowed_routes,
+                  :enabled,
+                  :insert_after,
+                  :insert_before,
+                  :message
+
+    def initialize(*)
+      super
+
+      self[:enabled] = true if self[:enabled].nil?
+      self[:message] = "Resource Not Found" if self[:message].nil?
+    end
+  end
+end

data/lib/strong_routes/rails/railtie.rb

@@ -0,0 +1,23 @@
+require 'strong_routes/rails/route_mapper'
+
+module StrongRoutes
+  module Rails
+    class Railtie < ::Rails::Railtie
+      config.strong_routes = ::StrongRoutes.config
+
+      initializer 'strong_routes.initialize' do |app|
+        config.allowed_routes ||= []
+        config.allowed_routes += ::StrongRoutes::Rails::RouteMapper.map(app.routes)
+
+        case
+        when config.strong_routes.insert_before? then
+          app.config.middleware.insert_before(config.strong_routes.insert_before, ::StrongRoutes::Allow)
+        when config.strong_routes.insert_after? then
+          app.config.middleware.insert_after(config.strong_routes.insert_after, ::StrongRoutes::Allow)
+        else
+          app.config.middleware.insert_before(::Rails::Rack::Logger, ::StrongRoutes::Allow)
+        end
+      end
+    end
+  end
+end

data/lib/strong_routes/rails/route_mapper.rb

@@ -0,0 +1,45 @@
+require 'action_dispatch/routing/inspector'
+
+module StrongRoutes
+  module Rails
+    class RouteMapper
+      attr_reader :route_set
+
+      def self.map(route_set)
+        route_mapper = self.new(route_set)
+        route_mapper.map
+      end
+
+      def initialize(route_set)
+        @route_set = route_set
+      end
+
+      # Map the route set to a collection of the top level segments.
+      def map
+        map = matches.map { |match_data| match_data[:path] }
+        map.compact!
+        map.uniq!
+      end
+
+    private
+
+      # All we need for the allowed routes is the first segment (i.e. 'users'
+      # from '/users/:user_id/posts(/:format)'). Convert the path strings into
+      # match data objects.
+      def matches
+        matches = paths.map { |path| path.match(/\A\/(?<path>[\w-]+)\/*.*\Z/) }
+        matches.compact!
+        matches.uniq!
+        matches
+      end
+
+      # Extract the route paths from the route objects so we have a simple
+      # string to interact with.
+      def paths
+        paths = route_set.routes.map { |route| ::ActionDispatch::Routing::RouteWrapper.new(route).path }
+        paths.uniq!
+        paths
+      end
+    end
+  end
+end

data/lib/strong_routes/route_matcher.rb

@@ -0,0 +1,11 @@
+module StrongRoutes
+  class RouteMatcher < Regexp
+    def initialize(route)
+      if route.is_a?(Regexp)
+        super(route)
+      else
+        super(/\A\/#{route}/i,)
+      end
+    end
+  end
+end

data/lib/strong_routes/version.rb

@@ -0,0 +1,3 @@
+module StrongRoutes
+  VERSION = "0.9.0"
+end

data/spec/spec_helper.rb

@@ -0,0 +1,26 @@
+require 'rubygems'
+
+# Start SimpleCov
+require 'simplecov'
+SimpleCov.start do
+  add_filter "/spec"
+end
+
+# Load gems with Bundler
+require 'bundler'
+::Bundler.require(:default, :development, :test)
+
+require 'minitest/spec'
+require 'minitest/autorun'
+require 'minitest/pride'
+
+include ::Rack::Test::Methods
+
+class MiniTest::Spec < MiniTest::Unit::TestCase
+  class << self
+    alias_method :setup, :before
+    alias_method :teardown, :after
+    alias_method :should, :it
+    alias_method :context, :describe
+  end
+end

data/spec/strong_routes/allow_spec.rb

@@ -0,0 +1,92 @@
+require 'spec_helper'
+
+def middleware
+  ::StrongRoutes::Allow
+end
+
+describe ::StrongRoutes::Allow do
+  let(:app) { middleware.new(env) }
+  let(:env) { lambda { |env| [ 200, { "Content-Type" => "text/plain" }, [ "Good" ] ] } }
+
+  context "without allowed routes set" do
+    it "does not allow access to /users" do
+      get "/users"
+      last_response.wont_be :ok?
+    end
+
+    it "does not allow access to /users/profile" do
+      get "/users/profile"
+      last_response.wont_be :ok?
+    end
+
+    it "does not allow access to /users/profile/anything" do
+      get "/users/profile/anything"
+      last_response.wont_be :ok?
+    end
+
+    it "does not allow access to /users/profile/anything?stuff=12" do
+      get "/users/profile/anything?stuff=12"
+      last_response.wont_be :ok?
+    end
+
+    it "does not allow empty path" do
+      get "/"
+      last_response.wont_be :ok?
+    end
+  end
+
+  context "with allowed routes set" do
+    let(:users_path) { [ /\/users/i ] }
+
+    before do
+      ::StrongRoutes.config.allowed_routes = users_path
+    end
+
+    after do
+      ::StrongRoutes.config.allowed_routes = nil
+    end
+
+    it "allows access to /users" do
+      get "/users"
+      last_response.must_be :ok?
+    end
+
+    it "does not allow access to /user" do
+      get "/user"
+      last_response.wont_be :ok?
+    end
+
+    it "allows access to /users/profile/anything?stuff=12" do
+      get "/users/profile/anything?stuff=12"
+      last_response.must_be :ok?
+    end
+  end
+
+  context "enabled option is false" do
+    let(:app) { middleware.new(env, { :enabled => false }) }
+
+    it "passes request to the next app" do
+      get "/users/profile/anything?stuff=12"
+      last_response.must_be :ok?
+    end
+  end
+
+  context "allowed_routes passed to initializer" do
+    let(:app) { middleware.new(env, { :allowed_routes => [ :users ] }) }
+
+    it "allows /users with :users" do
+      get "/users"
+      last_response.must_be :ok?
+    end
+
+    it "does not allow /user :user" do
+      get "/user"
+      last_response.wont_be :ok?
+    end
+
+    it "allows access to /users/profile/anything?stuff=12 with :users" do
+      get "/users/profile/anything?stuff=12"
+      last_response.must_be :ok?
+    end
+  end
+end

data/spec/strong_routes/config_spec.rb

@@ -0,0 +1,29 @@
+require 'spec_helper'
+
+describe ::StrongRoutes::Config do
+  subject { ::StrongRoutes::Config.new }
+
+  describe "API" do
+    it "supports :allowed_routes" do
+      subject.respond_to?(:allowed_routes).must_equal true
+    end
+
+    it "supports :enabled" do
+      subject.respond_to?(:enabled).must_equal true
+    end
+
+    it "supports :insert_after" do
+      subject.respond_to?(:insert_after).must_equal true
+    end
+
+    it "supports :insert_before" do
+      subject.respond_to?(:insert_before).must_equal true
+    end
+  end
+
+  describe "#enabled" do
+    it "is enabled by default" do
+      subject.must_be :enabled
+    end
+  end
+end

data/spec/strong_routes/rails/route_mapper_spec.rb

@@ -0,0 +1,37 @@
+require 'spec_helper'
+
+require 'action_dispatch'
+require 'strong_routes/rails/route_mapper'
+
+describe ::StrongRoutes::Rails::RouteMapper do
+  let(:paths) { [ 'users', 'posts', 'user_posts', 'bar', 'trading-post' ] }
+  let(:route_set) {
+    route_set = ActionDispatch::Routing::RouteSet.new
+    route_set.draw do
+      resources :users, :only => :index  do
+        resources :posts
+      end
+
+      resources :posts, :only => :show
+      resources :user_posts, :only => :show
+
+      get 'bar/sandwich', :to => 'users#index'
+      get 'trading-post', :to => 'posts#show'
+    end
+    route_set
+  }
+
+  describe ".map" do
+    it "maps routes to path strings" do
+      ::StrongRoutes::Rails::RouteMapper.map(route_set).must_equal paths
+    end
+  end
+
+  describe "#map" do
+    subject { ::StrongRoutes::Rails::RouteMapper.new(route_set) }
+
+    it "maps routes to path strings" do
+      subject.map.must_equal paths
+    end
+  end
+end

data/spec/strong_routes/route_matcher_spec.rb

@@ -0,0 +1,35 @@
+require 'spec_helper'
+
+describe ::StrongRoutes::RouteMatcher do
+  describe "initialize" do
+    context "when given a regex" do
+      let(:matcher) { /foo/ }
+
+      subject { ::StrongRoutes::RouteMatcher.new(matcher) }
+
+      it "uses the regex as the matcher" do
+        subject.must_equal matcher
+      end
+    end
+
+    context "when not given a symbol" do
+      let(:matcher) { /\A\/foo/i }
+
+      subject { ::StrongRoutes::RouteMatcher.new(:foo) }
+
+      it "creates a new matcher" do
+        subject.must_equal matcher
+      end
+    end
+
+    context "when not given a string" do
+      let(:matcher) { /\A\/foo/i }
+
+      subject { ::StrongRoutes::RouteMatcher.new('foo') }
+
+      it "creates a new matcher" do
+        subject.must_equal matcher
+      end
+    end
+  end
+end

data/spec/strong_routes_spec.rb

@@ -0,0 +1,11 @@
+require 'spec_helper'
+
+describe ::StrongRoutes do
+  subject { ::StrongRoutes }
+
+  describe ".config" do
+    it "initializes a new config object" do
+      subject.config.must_be :instance_of?, ::StrongRoutes::Config
+    end
+  end
+end

data/strong_routes.gemspec

@@ -0,0 +1,29 @@
+# coding: utf-8
+lib = File.expand_path('../lib', __FILE__)
+$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
+require 'strong_routes/version'
+
+Gem::Specification.new do |spec|
+  spec.name          = "strong_routes"
+  spec.version       = StrongRoutes::VERSION
+  spec.authors       = ["Adam Hutchison"]
+  spec.email         = ["liveh2o@gmail.com"]
+  spec.summary       = %q{Middleware to reject/allow requests before allocating a database connection or any resources}
+  spec.description   = spec.summary
+  spec.homepage      = ""
+  spec.license       = "MIT"
+
+  spec.files         = `git ls-files`.split($/)
+  spec.executables   = spec.files.grep(%r{^bin/}) { |f| File.basename(f) }
+  spec.test_files    = spec.files.grep(%r{^(test|spec|features)/})
+  spec.require_paths = ["lib"]
+
+  spec.add_dependency "rack"
+
+  spec.add_development_dependency "actionpack"
+  spec.add_development_dependency "bundler"
+  spec.add_development_dependency "pry-nav"
+  spec.add_development_dependency "rake"
+  spec.add_development_dependency "rack-test"
+  spec.add_development_dependency "simplecov"
+end

metadata

@@ -0,0 +1,169 @@
+--- !ruby/object:Gem::Specification
+name: strong_routes
+version: !ruby/object:Gem::Version
+  version: 0.9.0
+platform: ruby
+authors:
+- Adam Hutchison
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2014-02-17 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: rack
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: actionpack
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: bundler
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: pry-nav
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: rack-test
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: simplecov
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+description: Middleware to reject/allow requests before allocating a database connection
+  or any resources
+email:
+- liveh2o@gmail.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- .gitignore
+- Gemfile
+- LICENSE.txt
+- README.md
+- Rakefile
+- lib/strong_routes.rb
+- lib/strong_routes/allow.rb
+- lib/strong_routes/config.rb
+- lib/strong_routes/rails/railtie.rb
+- lib/strong_routes/rails/route_mapper.rb
+- lib/strong_routes/route_matcher.rb
+- lib/strong_routes/version.rb
+- spec/spec_helper.rb
+- spec/strong_routes/allow_spec.rb
+- spec/strong_routes/config_spec.rb
+- spec/strong_routes/rails/route_mapper_spec.rb
+- spec/strong_routes/route_matcher_spec.rb
+- spec/strong_routes_spec.rb
+- strong_routes.gemspec
+homepage: ''
+licenses:
+- MIT
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.2.2
+signing_key: 
+specification_version: 4
+summary: Middleware to reject/allow requests before allocating a database connection
+  or any resources
+test_files:
+- spec/spec_helper.rb
+- spec/strong_routes/allow_spec.rb
+- spec/strong_routes/config_spec.rb
+- spec/strong_routes/rails/route_mapper_spec.rb
+- spec/strong_routes/route_matcher_spec.rb
+- spec/strong_routes_spec.rb