github · benbalter · Aug 27, 2014 · Aug 26, 2014 · Aug 26, 2014 · Aug 26, 2014
@@ -1,3 +1,5 @@
-*.gem
+/*.gem
 *.lock
 .bundle
+vendor/gems
+/bin
@@ -0,0 +1,13 @@
+199.27.128.0/21
+173.245.48.0/20
+103.21.244.0/22
+103.22.200.0/22
+103.31.4.0/22
+141.101.64.0/18
+108.162.192.0/18
+190.93.240.0/20
+188.114.96.0/20
+197.234.240.0/22
+198.41.128.0/17
+162.158.0.0/15
+104.16.0.0/12
@@ -13,7 +13,8 @@ Gem::Specification.new do |s|
   s.license               = "MIT"
   s.files                 = [
     "lib/github-pages-health-check.rb",
-    "lib/github-pages-health-check/version.rb"
+    "lib/github-pages-health-check/version.rb",
+    "lib/github-pages-health-check/cloudflare.rb"
   ]
 
   s.add_dependency("net-dns", "~> 0.6")

@@ -2,7 +2,9 @@
 require 'net/dns/resolver'
 require 'ipaddr'
 require 'public_suffix'
+require 'singleton'
 require_relative 'github-pages-health-check/version'
+require_relative 'github-pages-health-check/cloudflare'
 
 class GitHubPages
   class HealthCheck
@@ -18,14 +20,12 @@ class InvalidCNAME < StandardError; end
       199.27.73.133
     ]
 
-    CLOUDFLARE_v4 = IPAddr.new("108.162.192.0/18")
-
     def initialize(domain)
       @domain = domain
     end
 
     def cloudflare_ip?
-      dns.all? { |answer| answer.class == Net::DNS::RR::A && CLOUDFLARE_v4.include?(answer.address.to_s) }
+      dns.all? { |answer| answer.class == Net::DNS::RR::A && CloudFlare.controls_ip?(answer.address) }
     end
 
     # Returns an array of DNS answers

@@ -0,0 +1,37 @@
+class GitHubPages
+  class HealthCheck
+    class CloudFlare
+      include Singleton
+
+      CONFIG_PATH = File.expand_path("../../config/cloudflare-ips.txt", File.dirname(__FILE__))
+
+      # Public: Does cloudflare control this address?
+      def self.controls_ip?(address)
+        instance.controls_ip?(address)
+      end
+
+      # Internal: Create a new cloudflare info instance.
+      def initialize(options = {})
+        @path = options.fetch(:path) { CONFIG_PATH }
+      end
+
+      # Internal: The path of the config file.
+      attr_reader :path
+
+      # Internal: Does cloudflare control this address?
+      def controls_ip?(address)
+        ranges.any? { |range| range.include?(address) }
+      end
+
+      # Internal: The IP address ranges that cloudflare controls.
+      def ranges
+        @ranges ||= load_ranges
+      end
+
+      # Internal: Load IPAddr ranges from #path
+      def load_ranges
+        File.read(path).lines.map { |line| IPAddr.new(line.chomp) }
+      end
+    end
+  end
+end
@@ -1,5 +1,5 @@
 class GitHubPages
   class HealthCheck
-    VERSION = '0.0.2'
+    VERSION = '0.0.3'
   end
 end
@@ -2,4 +2,13 @@
 
 set -ex
 
-bundle install
+cd "$(dirname "$0")/.."
+
+if [ -f .ruby-version ] ; then
+  export RBENV_VERSION=$(cat .ruby-version)
+fi
+
+#set ruby version, see https://github.com/github/pages-jekyll/pull/17
+export PATH=/usr/share/rbenv/shims:$PATH BUNDLE_GEMFILE=$(pwd)/Gemfile
+
+bundle install --path vendor/gems --binstubs --local --standalone --clean "$@"
@@ -0,0 +1,17 @@
+#!/bin/bash -e
+
+script/update-cloudflare-ips >/dev/null 2>&1
+
+# `git diff --quiet` suppresses output and sets a return code
+# 0 - no changes
+# 1 - changes
+if git diff -w --quiet --cached config/cloudflare-ips.txt
+then
+  echo CloudFlare IP list is up-to-date.
+  exit 0
+else
+  echo git reset config/cloudflare-ips.txt
+  git reset --quiet config/cloudflare-ips.txt
+  echo '*** CloudFlare IP list is out of date! Run script/update-cloudflare-ips!'
+  exit 1
+fi
@@ -2,4 +2,18 @@
 
 set -ex
 
-bundle exec rspec
+script/bootstrap
+
+if [ -L $0 ]; then
+  root=$(cd "$(dirname "$(readlink "$0")")"/.. && pwd)
+else
+  root=$(cd "$(dirname "$0")"/.. && pwd)
+fi
+
+export PATH="$root/bin:/usr/share/rbenv/shims:$PATH"
+
+export RBENV_VERSION=$(cat $root/.ruby-version)
+export BUNDLE_GEMFILE="$root/Gemfile"
+
+bundle exec bin/rspec
+script/check-cloudflare-ips
@@ -0,0 +1,14 @@
+#!/bin/bash -e
+#/ Usage script/update-cloudflare-ips
+#/ updates config/cloudflare-ips.txt
+
+source=https://www.cloudflare.com/ips-v4
+dest=config/cloudflare-ips.txt
+
+echo '====>' Downloading $source
+curl --silent --fail $source | tee $dest
+echo # cover for a missing newline
+
+echo '====>' git add $dest
+git diff -w $dest
+git add --verbose $dest
@@ -0,0 +1,23 @@
+require 'spec_helper'
+require 'json'
+
+describe(GitHubPages::HealthCheck::CloudFlare) do
+
+  let(:instance) { GitHubPages::HealthCheck::CloudFlare.instance }
+
+  it "loads the IPs" do
+    expect(instance.ranges.size).to eql(13)
+  end
+
+  it "detects a cloudflare IP" do
+    expect(instance.controls_ip?("108.162.196.20")).to be(true)
+  end
+
+  it "doesn't return false positives" do
+    expect(instance.controls_ip?("1.1.1.1")).to be(false)
+  end
+
+  it "works as a singleton" do
+    expect(GitHubPages::HealthCheck::CloudFlare.controls_ip?("108.162.196.20")).to be(true)
+  end
+end