wrenchmode-rack 0.0.14 → 0.1.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (4) hide show
  1. checksums.yaml +4 -4
  2. data/README.md +16 -1
  3. data/lib/wrenchmode/rack.rb +20 -9
  4. metadata +2 -2
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: a1c9c1343641307a9f3f8f28a6106b5162de5010
4
- data.tar.gz: 2511eca006bd64b9808a819e002fcdcf7e2589d3
3
+ metadata.gz: 5cc24554fcc1385517b42e7911773c7077c928e9
4
+ data.tar.gz: 705aa08e5d6e2e207cf38da06bedd7dbe71618f6
5
5
  SHA512:
6
- metadata.gz: 68935ab359e0e8208e464522e388c92959c7f5a12d03918263ed8243f5e8be7b59fb89ab9cc977450b0a6933e25078003b31f939ce35ffe18398cc6cd54adf41
7
- data.tar.gz: 58379470a1a90feb0370f6187cfbf4a2bda27470a8d8dad891d4f56d43d2bffbb23c69cd7fe4f3d7e43a4e2285b56fb2d5ec1c244256fc3dbeeb240f46c84440
6
+ metadata.gz: 452d5505a9fd72ac64a6bd670b2bc8d5bbb5d2f947a7569ed1e1f5dae60d838258bd613080d23da193cc66ffe4f3a5c9fbc3e1fdbac0c497a1ea2dd2c1bed70e
7
+ data.tar.gz: 2f510452c96aa031e57bee82ab13384fde92852fe4f267892c3bb36b692a9226115d2d0ff45d6d9eaa499793b794639dabb2b10dcee03aa38a93ebcba79e78d8
data/README.md CHANGED
@@ -56,7 +56,7 @@ On deployment, the wrenchmode-rack gem will automatically pick up everything it
56
56
 
57
57
  ```ruby
58
58
  # config/environments/production.rb
59
- config.middleware.use Wrenchmode::Rack, jwt: "your-long-jwt"
59
+ config.middleware.insert_before 0, Wrenchmode::Rack, jwt: "your-long-jwt"
60
60
 
61
61
  # If you want to test in staging prior to deploying to production.
62
62
  # (Coming soon, still not implemented...)
@@ -75,6 +75,19 @@ Bundler.require(:default)
75
75
  use Wrenchmode::Rack, jwt: "your-long-jwt"
76
76
  ```
77
77
 
78
+ ## IP Whitelisting and Proxies (including Heroku)
79
+
80
+ If you are behind a proxy (ie. you are on Heroku, Amazon ELB, nginx proxy, etc.) then you will most likely need to use the `ActionDispatch::RemoteIp` Rack middleware to correctly retrieve the client's IP address. This is included automatically for Rails, but not for vanilla Rack applications.
81
+
82
+ To use Wrenchmode with a proxy, configure it as follows:
83
+
84
+ ```ruby
85
+ # config/environments/production.rb
86
+ config.middleware.insert_after ActionDispatch::RemoteIp, Wrenchmode::Rack, jwt: "your-long-jwt"
87
+ ```
88
+
89
+ Note: The `jwt` option is not necessary on Heroku, as this is automatically set when you install the Add-on.
90
+
78
91
  ## Advanced Configuration Options
79
92
 
80
93
  You can also specify the following options to the middleware layer:
@@ -85,6 +98,8 @@ You can also specify the following options to the middleware layer:
85
98
 
86
99
  `disable_local_wrench` - (Coming soon...) Set to true if you want to disable LocalWrench mode, where the Wrenchmode page is served on your domain. Disabling it will instead force a redirect to the Wrenchmode.com domain. Note: Unless you explicitly want this behavior, it's best to leave this at the default. (Default false)
87
100
 
101
+ `trust_remote_ip` - Set to false to ignore the IP addresses in the X-Forwarded-For header. This setting only matters for IP whitelisting. If you are behind a proxy (ie. Heroku, Amazon ELB, and many others) then this must be true for IP whitelisting to work. In addition, you must install the ActionDispatch::RemoteIp Rack layer. This is automatic if you are using Rails. (Default true)
102
+
88
103
  `check_delay_secs` - Change this to modify the rate at which the middleware polls Wrenchmode for updates. Unlikely that this needs anything faster than the default. (Default 5)
89
104
 
90
105
  `logging` - Set to true in order to log information from the middleware layer to your logging facility. (Default false)
@@ -6,7 +6,7 @@ require 'ipaddr'
6
6
  module Wrenchmode
7
7
  class Rack
8
8
  CLIENT_NAME = "wrenchmode-rack"
9
- VERSION = '0.0.14'
9
+ VERSION = '0.1.0'
10
10
 
11
11
  # The ENV var set on Heroku where we can retrieve the JWT
12
12
  HEROKU_JWT_VAR = "WRENCHMODE_PROJECT_JWT"
@@ -31,7 +31,8 @@ module Wrenchmode
31
31
  status_path: "/api/projects/status",
32
32
  check_delay_secs: 5,
33
33
  logging: false,
34
- read_timeout_secs: 3
34
+ read_timeout_secs: 3,
35
+ trust_remote_ip: true
35
36
  }.merge(opts)
36
37
 
37
38
  # The JWT can be set either explicity, or implicitly if Wrenchmode is added as a Heroku add-on
@@ -47,6 +48,7 @@ module Wrenchmode
47
48
  @read_timeout_secs = opts[:read_timeout_secs]
48
49
  @ip_whitelist = []
49
50
  @logger = nil
51
+ @trust_remote_ip = opts[:trust_remote_ip]
50
52
 
51
53
  @enable_reverse_proxy = false
52
54
 
@@ -81,10 +83,9 @@ module Wrenchmode
81
83
 
82
84
  should_display_wrenchmode = false
83
85
  if @switched
84
- req = ::Rack::Request.new(env)
85
86
 
86
87
  should_display_wrenchmode = !@force_open
87
- should_display_wrenchmode &&= !ip_whitelisted?(req)
88
+ should_display_wrenchmode &&= !ip_whitelisted?(env)
88
89
  end
89
90
 
90
91
  if should_display_wrenchmode
@@ -184,12 +185,22 @@ module Wrenchmode
184
185
  end
185
186
  end
186
187
 
187
- def ip_whitelisted?(request)
188
- return false unless request.ip
189
- client_ip = IPAddr.new(request.ip)
190
- @ip_whitelist.any? do |ip_address|
191
- IPAddr.new(ip_address).include?(client_ip)
188
+ def ip_whitelisted?(env)
189
+ client_ips(env).any? do |client_ip|
190
+ @ip_whitelist.any? do |ip_address|
191
+ IPAddr.new(ip_address).include?(client_ip)
192
+ end
193
+ end
194
+ end
195
+
196
+ def client_ips(env)
197
+ request = ::Rack::Request.new(env)
198
+ ips = request.ip ? [request.ip] : []
199
+ if @trust_remote_ip
200
+ ips << env.remote_ip.to_s if env.respond_to?(:remote_ip)
201
+ ips << env["action_dispatch.remote_ip"].to_s if Module.const_defined?("ActionDispatch::RemoteIp") && env["action_dispatch.remote_ip"]
192
202
  end
203
+ ips
193
204
  end
194
205
 
195
206
  def build_update_package
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: wrenchmode-rack
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.0.14
4
+ version: 0.1.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Micah Wedemeyer
8
8
  autorequire:
9
9
  bindir: exe
10
10
  cert_chain: []
11
- date: 2016-09-04 00:00:00.000000000 Z
11
+ date: 2016-09-17 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: rack