Class: Da99_Rack_Protect

Inherits:
Object
  • Object
show all
Defined in:
lib/da99_rack_protect.rb,
lib/da99_rack_protect/0050_Ensure_Host.rb,
lib/da99_rack_protect/0050_No_Old_MSIE.rb,
lib/da99_rack_protect/0020_Squeeze_Uri_Dots.rb,
lib/da99_rack_protect/0010_Allow_Only_Roman_Uri.rb,
lib/da99_rack_protect/0030_No_Slash_Path_Ending.rb,
lib/da99_rack_protect/0040_Root_Favicon_If_Not_Found.rb

Defined Under Namespace

Classes: Allow_Only_Roman_Uri, Ensure_Host, No_Old_MSIE, No_Slash_Path_Ending, Root_Favicon_If_Not_Found, Squeeze_Uri_Dots

Constant Summary collapse

DA99 = 
self
RACK_PROTECTS_DIR =

I need to know if new middleware has been added to rack-protection so it can be properly used (or ignored) by Da99_Rack_Protect.

File.join File.dirname(`gem which rack-protection`.strip), '/rack/protection'
RACK_PROTECTS = 
Dir.glob(RACK_PROTECTS_DIR + '/*').map { |f|
  File.basename(f).sub('.rb', '') 
}.sort
Ignore_Rack_Protects = 
%w{ base version escaped_params remote_referrer }
Known_Rack_Protects = 
%w{
  authenticity_token
  form_token
  frame_options
  http_origin
  ip_spoofing
  json_csrf
  path_traversal
  remote_token
  session_hijacking
  xss_header
}
Rack_Protection_Names = 
{'ip_spoofing' => :IPSpoofing, 'xss_header'=>:XSSHeader}
Unknown_Rack_Protects = 
RACK_PROTECTS - Known_Rack_Protects - Ignore_Rack_Protects
Names = 
files.map { |file|
  base = File.basename(file).sub('.rb', '')
  require "da99_rack_protect/#{base}"
  pieces = base.split('_')
  pieces.shift
  pieces.join('_').to_sym
}

Class Method Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(main_app) {|_self| ... } ⇒ Da99_Rack_Protect

class self

Yields:

  • (_self)

Yield Parameters:



83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
 
# File 'lib/da99_rack_protect.rb', line 83

def initialize main_app
  @configs = configs = {:hosts=>[]}

  yield(self) if block_given?

  @app = Rack::Builder.new do

    use Rack::Lint
    use Rack::ContentLength
    use Rack::ContentType, "text/plain"
    use Rack::MethodOverride
    use Rack::Session::Cookie, secret: SecureRandom.urlsafe_base64(nil, true)

    Known_Rack_Protects.each { |name|
      use Rack::Protection.const_get(Rack_Protection_Names[name])
    }

    Names.each { |name|
      case name
      when :Ensure_Host
        use Da99_Rack_Protect.const_get(name), *(configs[:hosts])
      else
        use Da99_Rack_Protect.const_get(name)
      end
    }

    run main_app
  end

  @configs[:hosts].freeze
end

Class Method Details

.redirect(new, code = 301) ⇒ Object 



65
66
67
68
69
 
# File 'lib/da99_rack_protect.rb', line 65

def redirect new, code = 301
  res = Rack::Response.new
  res.redirect new, code
  res.finish
end

.response(code, type, raw_content) ⇒ Object 



71
72
73
74
75
76
77
78
79
 
# File 'lib/da99_rack_protect.rb', line 71

def response code, type, raw_content
  content = raw_content.to_s
  res = Rack::Response.new
  res.status = code.to_i
  res.headers['Content-Length'] = content.bytesize.to_s
  res.headers['Content-Type']   = 'text/plain'.freeze
  res.body = [content]
  res.finish
end

Instance Method Details

#call(env) ⇒ Object

def config



126
127
128
 
# File 'lib/da99_rack_protect.rb', line 126

def call env
  @app.call env
end

#config(settings, *args) ⇒ Object 



115
116
117
118
119
120
121
122
123
124
 
# File 'lib/da99_rack_protect.rb', line 115

def config settings, *args
  case settings
  when :host
    @configs[:hosts].concat args
  else
    fail "Unknown args: #{args.inspect}"
  end # === case

  self
end