Skip to content
This repository

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse code

refactered code and added rack middleware but use rails-filter for th…

…e time being
  • Loading branch information...
commit cf167a7ce55697bfd8135de1c61eb6386a327e83 1 parent 5d8bdc1
Christian Meier authored March 15, 2011
80  enforce-ssl-gem/lib/enforce-ssl.rb
... ...
@@ -1,79 +1,3 @@
1  
-# Copyright (c) 2005 David Heinemeier Hansson
2  
-#
3  
-# Permission is hereby granted, free of charge, to any person obtaining
4  
-# a copy of this software and associated documentation files (the
5  
-# "Software"), to deal in the Software without restriction, including
6  
-# without limitation the rights to use, copy, modify, merge, publish,
7  
-# distribute, sublicense, and/or sell copies of the Software, and to
8  
-# permit persons to whom the Software is furnished to do so, subject to
9  
-# the following conditions:
10  
-#
11  
-# The above copyright notice and this permission notice shall be
12  
-# included in all copies or substantial portions of the Software.
13  
-#
14  
-# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
15  
-# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
16  
-# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
17  
-# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
18  
-# LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
19  
-# OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
20  
-# WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
21  
-require 'rails'
22  
-
23  
-class EnforceSslRailtie < Rails::Railtie
24  
-
25  
-  config.before_configuration do |app|
26  
-    app.config.class.class_eval do
27  
-      attr_accessor :ssl_port
28  
-    end
29  
-    app.config.ssl_port = Rails.env == "production" ? 443 : 3000
30  
-  end
  1
+if defined?(Rails)
  2
+  require 'enforce_ssl/filter_railtie'
31 3
 end
32  
-
33  
-module EnforceSsl
34  
-  def self.included(controller)
35  
-    #controller.extend(ClassMethods)
36  
-    controller.before_filter(:enforce_ssl)
37  
-  end
38  
-
39  
-  # module ClassMethods
40  
-  #   # Specifies that the named actions requires an SSL connection to be performed (which is enforced by ensure_proper_protocol).
41  
-  #   def ssl_required(*actions)
42  
-  #     write_inheritable_array(:ssl_required_actions, actions)
43  
-  #   end
44  
-
45  
-  #   def ssl_allowed(*actions)
46  
-  #     write_inheritable_array(:ssl_allowed_actions, actions)
47  
-  #   end
48  
-  # end
49  
-  
50  
-  # protected
51  
-  #   # Returns true if the current action is supposed to run as SSL
52  
-  #   def ssl_required?
53  
-  #     (self.class.read_inheritable_attribute(:ssl_required_actions) || []).include?(action_name.to_sym)
54  
-  #   end
55  
-    
56  
-  #   def ssl_allowed?
57  
-  #     (self.class.read_inheritable_attribute(:ssl_allowed_actions) || []).include?(action_name.to_sym)
58  
-  #   end
59  
-
60  
-  private
61  
-    def enforce_ssl
62  
-      #return true if ssl_allowed?
63  
-
64  
-      is_ssl = request.port.to_i == Rails.configuration.ssl_port.to_i
65  
-      request.env['HTTPS'] = is_ssl ? "on" : nil
66  
-
67  
-      #if ssl_required? && !request.ssl?
68  
-      unless is_ssl
69  
-        redirect_to "https://" + request.host + ":#{Rails.configuration.ssl_port}" + request.fullpath
70  
-        flash.keep
71  
-        return false
72  
-      #elsif request.ssl? && !ssl_required?
73  
-      #  redirect_to "http://" + request.host + request.request_uri
74  
-      #  flash.keep
75  
-      #  return false
76  
-      end
77  
-    end
78  
-end
79  
-ActionController::Base.send(:include, EnforceSsl)
24  enforce-ssl-gem/lib/enforce_ssl/base_railtie.rb
... ...
@@ -0,0 +1,24 @@
  1
+require 'rails'
  2
+
  3
+module EnforceSsl
  4
+  class BaseRailtie
  5
+
  6
+    def self.configuration(app)
  7
+      app.config.class.class_eval do
  8
+        attr_accessor :no_ssl_port
  9
+        attr_accessor :ssl_port
  10
+        attr_accessor :hsts_max_age
  11
+        attr_accessor :hsts_include_sub_domain
  12
+      end
  13
+      if Rails.env == "production"
  14
+        app.config.no_ssl_port = 80
  15
+        app.config.ssl_port = 443
  16
+      else
  17
+        app.config.no_ssl_port = 8080
  18
+        app.config.ssl_port = 8443
  19
+      end
  20
+      app.config.hsts_include_sub_domain = false
  21
+      app.config.hsts_max_age = 31536000 # one year in seconds
  22
+    end
  23
+  end
  24
+end
27  enforce-ssl-gem/lib/enforce_ssl/enforce_ssl_filter.rb
... ...
@@ -0,0 +1,27 @@
  1
+require 'rails'
  2
+
  3
+module EnforceSsl
  4
+  module EnforceSslFilter
  5
+    def enforce_ssl
  6
+      controller = self
  7
+      is_ssl = controller.request.port.to_i == Rails.configuration.ssl_port.to_i
  8
+      is_not_ssl = controller.request.port.to_i == Rails.configuration.no_ssl_port.to_i
  9
+      
  10
+      controller.request.env['HTTPS'] = is_ssl ? "on" : nil
  11
+      
  12
+      if is_ssl
  13
+        # use only if max_age is set and only in production mode since it
  14
+        # needs a proper (not self-signed) certificate
  15
+        if Rails.configuration.hsts_max_age && Rails.env == "production"
  16
+          subdomain = Rails.configuration.hsts_include_sub_domains? ? " ; includeSubDomains" : ""
  17
+         controller. response.headers['Strict-Transport-Security'] = "max-age=#{Rails.configuration.hsts_max_age.to_i}" + subdomain
  18
+          
  19
+        end
  20
+      elsif is_not_ssl
  21
+        controller.redirect_to "https://" + controller.request.host + ":#{Rails.configuration.ssl_port}" + controller.request.fullpath
  22
+        controller.flash.keep
  23
+        return false
  24
+      end
  25
+    end
  26
+  end
  27
+end
34  enforce-ssl-gem/lib/enforce_ssl/enforce_ssl_rack.rb
... ...
@@ -0,0 +1,34 @@
  1
+module EnforceSsl
  2
+  class EnforceSslRack
  3
+
  4
+    def initialize(app)
  5
+      @app = app
  6
+    end
  7
+    
  8
+    def call(env)
  9
+      scheme = env["rack.url_scheme"]
  10
+      port = env["SERVER_PORT"]
  11
+      is_ssl = port.to_i == Rails.configuration.ssl_port.to_i
  12
+      is_not_ssl = port.to_i == Rails.configuration.no_ssl_port.to_i
  13
+
  14
+      if is_ssl
  15
+        @status, @headers, @body = @app.call(env)
  16
+        
  17
+        # use only if max_age is set and only in production mode since it
  18
+        # needs a proper (not self-signed) certificate
  19
+        if Rails.configuration.hsts_max_age && Rails.env == "production"
  20
+          subdomain = Rails.configuration.hsts_include_sub_domains? ? " ; includeSubDomains" : ""
  21
+          @headers['Strict-Transport-Security'] = "max-age=#{Rails.configuration.hsts_max_age.to_i}" + subdomain
  22
+          
  23
+        end
  24
+      elsif is_not_ssl
  25
+        @headers = { "location" => "https://" + env["HTTP_HOST"].sub(/\:.*/, '') + ":#{Rails.configuration.ssl_port}" + env["PATH_INFO"] }
  26
+        @status = 302
  27
+        @body = ''
  28
+      else
  29
+        @status, @headers, @body = @app.call(env)
  30
+      end
  31
+      [@status, @headers, @body]
  32
+    end
  33
+  end
  34
+end
13  enforce-ssl-gem/lib/enforce_ssl/filter_railtie.rb
... ...
@@ -0,0 +1,13 @@
  1
+require 'enforce_ssl/base_railtie'
  2
+require 'enforce_ssl/enforce_ssl_filter'
  3
+
  4
+module EnforceSsl
  5
+  class FilterRailtie < Rails::Railtie
  6
+
  7
+    config.before_configuration do |app|
  8
+      BaseRailtie.configuration(app)
  9
+      ::ActionController::Base.send :include, EnforceSslFilter
  10
+      ::ActionController::Base.prepend_before_filter(:enforce_ssl)
  11
+    end
  12
+  end
  13
+end
12  enforce-ssl-gem/lib/enforce_ssl/rack_railtie.rb
... ...
@@ -0,0 +1,12 @@
  1
+require 'enforce_ssl/base_railtie'
  2
+require 'enforce_ssl/enforce_ssl_rack'
  3
+
  4
+module EnforceSsl
  5
+  class FilterRailtie < Rails::Railtie
  6
+
  7
+    config.before_configuration do |app|
  8
+      BaseRailtie.configuration(app)
  9
+      app.config.middleware.insert_before(::ActionDispatch::Static, EnforceSslRack)
  10
+    end
  11
+  end
  12
+end

0 notes on commit cf167a7

Please sign in to comment.
Something went wrong with that request. Please try again.