Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Browse files

refactered code and added rack middleware but use rails-filter for th…

…e time being
  • Loading branch information...
commit cf167a7ce55697bfd8135de1c61eb6386a327e83 1 parent 5d8bdc1
@mkristian authored
View
80 enforce-ssl-gem/lib/enforce-ssl.rb
@@ -1,79 +1,3 @@
-# Copyright (c) 2005 David Heinemeier Hansson
-#
-# Permission is hereby granted, free of charge, to any person obtaining
-# a copy of this software and associated documentation files (the
-# "Software"), to deal in the Software without restriction, including
-# without limitation the rights to use, copy, modify, merge, publish,
-# distribute, sublicense, and/or sell copies of the Software, and to
-# permit persons to whom the Software is furnished to do so, subject to
-# the following conditions:
-#
-# The above copyright notice and this permission notice shall be
-# included in all copies or substantial portions of the Software.
-#
-# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
-# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
-# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
-# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
-# LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
-# OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
-# WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
-require 'rails'
-
-class EnforceSslRailtie < Rails::Railtie
-
- config.before_configuration do |app|
- app.config.class.class_eval do
- attr_accessor :ssl_port
- end
- app.config.ssl_port = Rails.env == "production" ? 443 : 3000
- end
+if defined?(Rails)
+ require 'enforce_ssl/filter_railtie'
end
-
-module EnforceSsl
- def self.included(controller)
- #controller.extend(ClassMethods)
- controller.before_filter(:enforce_ssl)
- end
-
- # module ClassMethods
- # # Specifies that the named actions requires an SSL connection to be performed (which is enforced by ensure_proper_protocol).
- # def ssl_required(*actions)
- # write_inheritable_array(:ssl_required_actions, actions)
- # end
-
- # def ssl_allowed(*actions)
- # write_inheritable_array(:ssl_allowed_actions, actions)
- # end
- # end
-
- # protected
- # # Returns true if the current action is supposed to run as SSL
- # def ssl_required?
- # (self.class.read_inheritable_attribute(:ssl_required_actions) || []).include?(action_name.to_sym)
- # end
-
- # def ssl_allowed?
- # (self.class.read_inheritable_attribute(:ssl_allowed_actions) || []).include?(action_name.to_sym)
- # end
-
- private
- def enforce_ssl
- #return true if ssl_allowed?
-
- is_ssl = request.port.to_i == Rails.configuration.ssl_port.to_i
- request.env['HTTPS'] = is_ssl ? "on" : nil
-
- #if ssl_required? && !request.ssl?
- unless is_ssl
- redirect_to "https://" + request.host + ":#{Rails.configuration.ssl_port}" + request.fullpath
- flash.keep
- return false
- #elsif request.ssl? && !ssl_required?
- # redirect_to "http://" + request.host + request.request_uri
- # flash.keep
- # return false
- end
- end
-end
-ActionController::Base.send(:include, EnforceSsl)
View
24 enforce-ssl-gem/lib/enforce_ssl/base_railtie.rb
@@ -0,0 +1,24 @@
+require 'rails'
+
+module EnforceSsl
+ class BaseRailtie
+
+ def self.configuration(app)
+ app.config.class.class_eval do
+ attr_accessor :no_ssl_port
+ attr_accessor :ssl_port
+ attr_accessor :hsts_max_age
+ attr_accessor :hsts_include_sub_domain
+ end
+ if Rails.env == "production"
+ app.config.no_ssl_port = 80
+ app.config.ssl_port = 443
+ else
+ app.config.no_ssl_port = 8080
+ app.config.ssl_port = 8443
+ end
+ app.config.hsts_include_sub_domain = false
+ app.config.hsts_max_age = 31536000 # one year in seconds
+ end
+ end
+end
View
27 enforce-ssl-gem/lib/enforce_ssl/enforce_ssl_filter.rb
@@ -0,0 +1,27 @@
+require 'rails'
+
+module EnforceSsl
+ module EnforceSslFilter
+ def enforce_ssl
+ controller = self
+ is_ssl = controller.request.port.to_i == Rails.configuration.ssl_port.to_i
+ is_not_ssl = controller.request.port.to_i == Rails.configuration.no_ssl_port.to_i
+
+ controller.request.env['HTTPS'] = is_ssl ? "on" : nil
+
+ if is_ssl
+ # use only if max_age is set and only in production mode since it
+ # needs a proper (not self-signed) certificate
+ if Rails.configuration.hsts_max_age && Rails.env == "production"
+ subdomain = Rails.configuration.hsts_include_sub_domains? ? " ; includeSubDomains" : ""
+ controller. response.headers['Strict-Transport-Security'] = "max-age=#{Rails.configuration.hsts_max_age.to_i}" + subdomain
+
+ end
+ elsif is_not_ssl
+ controller.redirect_to "https://" + controller.request.host + ":#{Rails.configuration.ssl_port}" + controller.request.fullpath
+ controller.flash.keep
+ return false
+ end
+ end
+ end
+end
View
34 enforce-ssl-gem/lib/enforce_ssl/enforce_ssl_rack.rb
@@ -0,0 +1,34 @@
+module EnforceSsl
+ class EnforceSslRack
+
+ def initialize(app)
+ @app = app
+ end
+
+ def call(env)
+ scheme = env["rack.url_scheme"]
+ port = env["SERVER_PORT"]
+ is_ssl = port.to_i == Rails.configuration.ssl_port.to_i
+ is_not_ssl = port.to_i == Rails.configuration.no_ssl_port.to_i
+
+ if is_ssl
+ @status, @headers, @body = @app.call(env)
+
+ # use only if max_age is set and only in production mode since it
+ # needs a proper (not self-signed) certificate
+ if Rails.configuration.hsts_max_age && Rails.env == "production"
+ subdomain = Rails.configuration.hsts_include_sub_domains? ? " ; includeSubDomains" : ""
+ @headers['Strict-Transport-Security'] = "max-age=#{Rails.configuration.hsts_max_age.to_i}" + subdomain
+
+ end
+ elsif is_not_ssl
+ @headers = { "location" => "https://" + env["HTTP_HOST"].sub(/\:.*/, '') + ":#{Rails.configuration.ssl_port}" + env["PATH_INFO"] }
+ @status = 302
+ @body = ''
+ else
+ @status, @headers, @body = @app.call(env)
+ end
+ [@status, @headers, @body]
+ end
+ end
+end
View
13 enforce-ssl-gem/lib/enforce_ssl/filter_railtie.rb
@@ -0,0 +1,13 @@
+require 'enforce_ssl/base_railtie'
+require 'enforce_ssl/enforce_ssl_filter'
+
+module EnforceSsl
+ class FilterRailtie < Rails::Railtie
+
+ config.before_configuration do |app|
+ BaseRailtie.configuration(app)
+ ::ActionController::Base.send :include, EnforceSslFilter
+ ::ActionController::Base.prepend_before_filter(:enforce_ssl)
+ end
+ end
+end
View
12 enforce-ssl-gem/lib/enforce_ssl/rack_railtie.rb
@@ -0,0 +1,12 @@
+require 'enforce_ssl/base_railtie'
+require 'enforce_ssl/enforce_ssl_rack'
+
+module EnforceSsl
+ class FilterRailtie < Rails::Railtie
+
+ config.before_configuration do |app|
+ BaseRailtie.configuration(app)
+ app.config.middleware.insert_before(::ActionDispatch::Static, EnforceSslRack)
+ end
+ end
+end
Please sign in to comment.
Something went wrong with that request. Please try again.