Merge pull request #31 from ehoch/http_headers

spam? should send any HTTP_ parameters except COOKIE to akismet

CHANGELOG

@@ -1,3 +1,5 @@
+= 1.5.0
+* Send HTTP_ env varialbes to Akismet [Eric Hochberger]
 = 1.4.0
 * Allow endpoint to be specified with a proc for multitenant applications [Bradly Feeley]
 * Add Akistmet permalink attribute [Eric Hochberger]

README.md

@@ -156,6 +156,15 @@ your app initialization:
 config.rakismet.use_middleware = false
 ```
 
+Additionally, the middleware will send along additional env variables starting with 
+HTTP_ to Akismet. If you wish to block any sensitive user information, use:
+
+```ruby
+config.rakismet.excluded_headers = ['HTTP_COOKIE','HTTP_SENSITIVE']
+```
+
+excluded_headers will default to ['HTTP_COOKIE']
+
 Testing
 -------
 

lib/rakismet.rb

@@ -9,11 +9,15 @@
 require 'rakismet/railtie.rb' if defined?(Rails)
 
 module Rakismet
-  Request = Struct.new(:user_ip, :user_agent, :referrer)
+  Request = Struct.new(:user_ip, :user_agent, :referrer, :http_headers)
   Undefined = Class.new(NameError)
 
   class << self
-    attr_accessor :key, :url, :host, :proxy_host, :proxy_port, :test
+    attr_accessor :key, :url, :host, :proxy_host, :proxy_port, :test, :excluded_headers
+
+    def excluded_headers
+      @excluded_headers || ['HTTP_COOKIE']
+    end
 
     def request
       @request ||= Request.new
@@ -26,6 +30,9 @@ def url
     def set_request_vars(env)
       request.user_ip, request.user_agent, request.referrer =
         env['REMOTE_ADDR'], env['HTTP_USER_AGENT'], env['HTTP_REFERER']
+
+      # Collect all CGI-style HTTP_ headers except cookies for privacy..
+      request.http_headers = env.select { |k,v| k =~ /^HTTP_/ }.reject { |k,v| excluded_headers.include? k }
     end
 
     def clear_request

lib/rakismet/model.rb

@@ -38,7 +38,7 @@ def spam?
         if instance_variable_defined? :@_spam
           @_spam
         else
-          data = akismet_data
+          data = akismet_data(true) # Only spam? check should include http_headers
           self.akismet_response = Rakismet.akismet_call('comment-check', data)
           @_spam = self.akismet_response == 'true'
         end
@@ -56,7 +56,7 @@ def ham!
 
       private
 
-        def akismet_data
+        def akismet_data(include_http_headers = false)
           akismet = self.class.akismet_attrs.keys.inject({}) do |data,attr|
             mapped_field = self.class.akismet_attrs[attr]
             data.merge attr =>  if mapped_field.is_a?(Proc)
@@ -76,6 +76,7 @@ def akismet_data
                                   Rakismet.request.send(attr)
                                 end
           end
+          akismet.merge! Rakismet.request.http_headers if include_http_headers and Rakismet.request.http_headers
           akismet.delete_if { |k,v| v.nil? || v.empty? }
           akismet[:comment_type] ||= 'comment'
           akismet

lib/rakismet/version.rb

@@ -1,3 +1,3 @@
 module Rakismet
-  VERSION = "1.4.0"
+  VERSION = "1.5.0"
 end

spec/models/rakismet_model_spec.rb

@@ -38,6 +38,17 @@
       @model.spam?
     end
 
+    it "should send http_headers from Rakismet.request if present" do
+      Rakismet.stub!(:request).and_return(request_with_headers)
+      Rakismet.should_receive(:akismet_call).
+                with('comment-check', akismet_attrs.merge(:user_ip => '127.0.0.1',
+                                                          :user_agent => 'RSpec',
+                                                          :referrer => 'http://test.host/referrer',
+                                                          'HTTP_USER_AGENT' => 'RSpec',
+                                                          'HTTP_REFERER' => 'http://test.host/referrer'))
+      @model.spam?
+    end
+
     it "should cache result of #spam?" do
       Rakismet.should_receive(:akismet_call).once
       @model.spam?

spec/rakismet_middleware_spec.rb

@@ -2,7 +2,7 @@
 
 describe Rakismet::Middleware do
 
-  let(:env) { { 'REMOTE_ADDR' => '127.0.0.1', 'HTTP_USER_AGENT' => 'RSpec', 'HTTP_REFERER' => 'http://test.host/referrer' } }
+  let(:env) { { 'REMOTE_ADDR' => '127.0.0.1', 'HTTP_USER_AGENT' => 'RSpec', 'HTTP_REFERER' => 'http://test.host/referrer', 'HTTP_COOKIE' => "Don't violate my privacy" } }
   let(:app) { double(:app, :call => nil) }
   let(:request) { double(:request).as_null_object }
 
@@ -18,10 +18,18 @@
     @middleware.call(env)
   end
 
+  it "should set set Rakismet.request http_headers" do
+    Rakismet.stub(:request).and_return(request)
+    request.should_receive(:http_headers=).with({ 'HTTP_USER_AGENT' => 'RSpec', 'HTTP_REFERER' => 'http://test.host/referrer' })
+    @middleware.call(env)
+  end
+
   it "should clear Rakismet.request after request is complete" do
     @middleware.call(env)
     Rakismet.request.user_ip.should be_nil
     Rakismet.request.user_agent.should be_nil
     Rakismet.request.referrer.should be_nil
+    Rakismet.request.http_headers.should be_nil
   end
+
 end

spec/rakismet_spec.rb

@@ -82,6 +82,12 @@ def mock_response(body)
       Rakismet.validate_key
     end
   end
+
+  describe '.excluded_headers' do
+    it "should default to ['HTTP_COOKIE']" do
+      Rakismet.excluded_headers.should eq ['HTTP_COOKIE']
+    end
+  end
 
   describe ".akismet_call" do
     before do

spec/spec_helper.rb

@@ -27,8 +27,16 @@ def request
                  :referrer => 'http://test.host/referrer')
 end
 
+def request_with_headers
+  OpenStruct.new(:user_ip => '127.0.0.1',
+                 :user_agent => 'RSpec',
+                 :referrer => 'http://test.host/referrer',
+                 :http_headers => { 'HTTP_USER_AGENT' => 'RSpec', 'HTTP_REFERER' => 'http://test.host/referrer' } )  
+end
+
 def empty_request
   OpenStruct.new(:user_ip => nil,
                  :user_agent => nil,
-                 :referrer => nil)
+                 :referrer => nil,
+                 :http_headers => nil)
 end