From 69f5662834438461dfb0d3586f1bb463935e2350 Mon Sep 17 00:00:00 2001 From: Mauran Muthiah Date: Tue, 24 Oct 2017 09:21:26 +0200 Subject: [PATCH 1/3] Remove SSL functionality --- Package.resolved | 151 ++++++++++++++++++++ Sources/SSLEnforcer.swift | 28 ---- Tests/GatekeeperTests/GatekeeperTests.swift | 47 +----- 3 files changed, 152 insertions(+), 74 deletions(-) create mode 100644 Package.resolved delete mode 100644 Sources/SSLEnforcer.swift diff --git a/Package.resolved b/Package.resolved new file mode 100644 index 0000000..345acd9 --- /dev/null +++ b/Package.resolved @@ -0,0 +1,151 @@ +{ + "object": { + "pins": [ + { + "package": "BCrypt", + "repositoryURL": "https://github.com/vapor/bcrypt.git", + "state": { + "branch": null, + "revision": "3ee4aca16ba6ebfb1ad48cc5fd4dfb163c6d6be8", + "version": "1.1.0" + } + }, + { + "package": "Bits", + "repositoryURL": "https://github.com/vapor/bits.git", + "state": { + "branch": null, + "revision": "c32f5e6ae2007dccd21a92b7e33eba842dd80d2f", + "version": "1.1.0" + } + }, + { + "package": "CTLS", + "repositoryURL": "https://github.com/vapor/ctls.git", + "state": { + "branch": null, + "revision": "fddec6a4643d6e85b6bb6dc54b1b5cdbabd395d2", + "version": "1.1.2" + } + }, + { + "package": "Console", + "repositoryURL": "https://github.com/vapor/console.git", + "state": { + "branch": null, + "revision": "11c0694857d1be6c7b8b30d8db8b1162b73f2a2b", + "version": "2.2.0" + } + }, + { + "package": "Core", + "repositoryURL": "https://github.com/vapor/core.git", + "state": { + "branch": null, + "revision": "b8330808f4f6b69941961afe8ad6b015562f7b7c", + "version": "2.1.2" + } + }, + { + "package": "Crypto", + "repositoryURL": "https://github.com/vapor/crypto.git", + "state": { + "branch": null, + "revision": "bf4470b9da79024aab79c85de80374f6c29e3864", + "version": "2.1.1" + } + }, + { + "package": "Debugging", + "repositoryURL": "https://github.com/vapor/debugging.git", + "state": { + "branch": null, + "revision": "49c5e8f0a7cb5456a8f7c72c6cd9f1553e5885a8", + "version": "1.1.0" + } + }, + { + "package": "Engine", + "repositoryURL": "https://github.com/vapor/engine.git", + "state": { + "branch": null, + "revision": "decf702d774ac630dfe0441ff76b4bb68257b77a", + "version": "2.2.1" + } + }, + { + "package": "JSON", + "repositoryURL": "https://github.com/vapor/json.git", + "state": { + "branch": null, + "revision": "735800d8f2e75ebe3be25559eb6a781f4666dcfc", + "version": "2.2.1" + } + }, + { + "package": "Multipart", + "repositoryURL": "https://github.com/vapor/multipart.git", + "state": { + "branch": null, + "revision": "8e541b2e6fc64a3741eca2aa48ee2c3f23cbe17c", + "version": "2.1.1" + } + }, + { + "package": "Node", + "repositoryURL": "https://github.com/vapor/node.git", + "state": { + "branch": null, + "revision": "642f357d08ec5aa335ae2e3c4633c72da7b5a0c4", + "version": "2.1.1" + } + }, + { + "package": "Random", + "repositoryURL": "https://github.com/vapor/random.git", + "state": { + "branch": null, + "revision": "d7c4397d125caba795d14d956efacfe2a27a63d0", + "version": "1.2.0" + } + }, + { + "package": "Routing", + "repositoryURL": "https://github.com/vapor/routing.git", + "state": { + "branch": null, + "revision": "cb9d78aca2540c1a6b45b0ab43e5b0c50f29d216", + "version": "2.2.0" + } + }, + { + "package": "Sockets", + "repositoryURL": "https://github.com/vapor/sockets.git", + "state": { + "branch": null, + "revision": "fb839a109d256e843945086f0730b49e4eeed091", + "version": "2.2.0" + } + }, + { + "package": "TLS", + "repositoryURL": "https://github.com/vapor/tls.git", + "state": { + "branch": null, + "revision": "6c6eedb6761cddc6b6c87142a27eec13fa1701ec", + "version": "2.1.1" + } + }, + { + "package": "Vapor", + "repositoryURL": "https://github.com/vapor/vapor.git", + "state": { + "branch": null, + "revision": "59bde985edbdf6480c541485317c8d41cc5fefb7", + "version": "2.2.2" + } + } + ] + }, + "version": 1 +} diff --git a/Sources/SSLEnforcer.swift b/Sources/SSLEnforcer.swift deleted file mode 100644 index fa6a1ae..0000000 --- a/Sources/SSLEnforcer.swift +++ /dev/null @@ -1,28 +0,0 @@ -import HTTP -import Vapor - -public struct SSLEnforcer: Middleware { - private var shouldEnforce: Bool - private let error: AbortError - - public init(error: AbortError, drop: Droplet, environments: [Environment] = [.production]) { - shouldEnforce = environments.contains(drop.config.environment) - self.error = error - } - - public func respond(to request: Request, chainingTo next: Responder) throws -> Response { - if shouldEnforce { - // ** WARNING ** - // it's possible for a user to make a request using the scheme `https` - // but over plaintext. If this is a concern, serve application - // behind a proxy server, such as nginx, and have the proxy enforce - // an SSL conntection. - guard request.uri.scheme == "https" else { - throw error - } - } - - let response = try next.respond(to: request) - return response - } -} diff --git a/Tests/GatekeeperTests/GatekeeperTests.swift b/Tests/GatekeeperTests/GatekeeperTests.swift index 72462b8..0ee63b8 100644 --- a/Tests/GatekeeperTests/GatekeeperTests.swift +++ b/Tests/GatekeeperTests/GatekeeperTests.swift @@ -12,9 +12,6 @@ class GatekeeperTests: XCTestCase { ("testRateLimiter", testRateLimiter), ("testRateLimiterNoPeer", testRateLimiterNoPeer), ("testRateLimiterCountRefresh", testRateLimiterCountRefresh), - ("testSSLEnforcerBasic", testSSLEnforcerBasic), - ("testSSLEnforcerDenied", testSSLEnforcerDenied), - ("testSSLEnforcerDoNotEnforce", testSSLEnforcerDoNotEnforce), ("testRefreshIntervalValues", testRefreshIntervalValues), ] @@ -86,49 +83,7 @@ class GatekeeperTests: XCTestCase { requestsLeft = try! middleware.cache.get("192.168.1.2")?["requestsLeft"]?.int XCTAssertEqual(requestsLeft, 99, "Requests left should've reset") } - - func testSSLEnforcerBasic() { - let middleware = SSLEnforcer(error: Abort.badRequest, drop: productionDrop) - let request = getHTTPSRequest() - - do { - _ = try middleware.respond(to: request, chainingTo: MockResponder()) - } catch { - XCTFail("Request failed: \(error)") - } - } - - func testSSLEnforcerDenied() { - let middleware = SSLEnforcer(error: Abort.badRequest, drop: productionDrop) - let request = getHTTPRequest() - - do { - _ = try middleware.respond(to: request, chainingTo: MockResponder()) - XCTFail("Should've been rejected") - } catch let error as Abort { - switch error.status { - case .badRequest: - // success - break - default: - XCTFail("Expected bad request") - } - } catch { - XCTFail("Request failed: \(error)") - } - } - - func testSSLEnforcerDoNotEnforce() { - let middleware = SSLEnforcer(error: Abort.badRequest, drop: developmentDrop) - let request = getHTTPSRequest() - - do { - _ = try middleware.respond(to: request, chainingTo: MockResponder()) - } catch { - XCTFail("SSL should not have been enforced for development.") - } - } - + func testRefreshIntervalValues() { let expected: [(Rate.Interval, Double)] = [ (.second, 1), From d120f3275f3f08a3e032e3f64a7f5621b407b5a6 Mon Sep 17 00:00:00 2001 From: Mauran Muthiah Date: Tue, 24 Oct 2017 09:22:41 +0200 Subject: [PATCH 2/3] Removed package.resolved --- Package.resolved | 151 ----------------------------------------------- 1 file changed, 151 deletions(-) delete mode 100644 Package.resolved diff --git a/Package.resolved b/Package.resolved deleted file mode 100644 index 345acd9..0000000 --- a/Package.resolved +++ /dev/null @@ -1,151 +0,0 @@ -{ - "object": { - "pins": [ - { - "package": "BCrypt", - "repositoryURL": "https://github.com/vapor/bcrypt.git", - "state": { - "branch": null, - "revision": "3ee4aca16ba6ebfb1ad48cc5fd4dfb163c6d6be8", - "version": "1.1.0" - } - }, - { - "package": "Bits", - "repositoryURL": "https://github.com/vapor/bits.git", - "state": { - "branch": null, - "revision": "c32f5e6ae2007dccd21a92b7e33eba842dd80d2f", - "version": "1.1.0" - } - }, - { - "package": "CTLS", - "repositoryURL": "https://github.com/vapor/ctls.git", - "state": { - "branch": null, - "revision": "fddec6a4643d6e85b6bb6dc54b1b5cdbabd395d2", - "version": "1.1.2" - } - }, - { - "package": "Console", - "repositoryURL": "https://github.com/vapor/console.git", - "state": { - "branch": null, - "revision": "11c0694857d1be6c7b8b30d8db8b1162b73f2a2b", - "version": "2.2.0" - } - }, - { - "package": "Core", - "repositoryURL": "https://github.com/vapor/core.git", - "state": { - "branch": null, - "revision": "b8330808f4f6b69941961afe8ad6b015562f7b7c", - "version": "2.1.2" - } - }, - { - "package": "Crypto", - "repositoryURL": "https://github.com/vapor/crypto.git", - "state": { - "branch": null, - "revision": "bf4470b9da79024aab79c85de80374f6c29e3864", - "version": "2.1.1" - } - }, - { - "package": "Debugging", - "repositoryURL": "https://github.com/vapor/debugging.git", - "state": { - "branch": null, - "revision": "49c5e8f0a7cb5456a8f7c72c6cd9f1553e5885a8", - "version": "1.1.0" - } - }, - { - "package": "Engine", - "repositoryURL": "https://github.com/vapor/engine.git", - "state": { - "branch": null, - "revision": "decf702d774ac630dfe0441ff76b4bb68257b77a", - "version": "2.2.1" - } - }, - { - "package": "JSON", - "repositoryURL": "https://github.com/vapor/json.git", - "state": { - "branch": null, - "revision": "735800d8f2e75ebe3be25559eb6a781f4666dcfc", - "version": "2.2.1" - } - }, - { - "package": "Multipart", - "repositoryURL": "https://github.com/vapor/multipart.git", - "state": { - "branch": null, - "revision": "8e541b2e6fc64a3741eca2aa48ee2c3f23cbe17c", - "version": "2.1.1" - } - }, - { - "package": "Node", - "repositoryURL": "https://github.com/vapor/node.git", - "state": { - "branch": null, - "revision": "642f357d08ec5aa335ae2e3c4633c72da7b5a0c4", - "version": "2.1.1" - } - }, - { - "package": "Random", - "repositoryURL": "https://github.com/vapor/random.git", - "state": { - "branch": null, - "revision": "d7c4397d125caba795d14d956efacfe2a27a63d0", - "version": "1.2.0" - } - }, - { - "package": "Routing", - "repositoryURL": "https://github.com/vapor/routing.git", - "state": { - "branch": null, - "revision": "cb9d78aca2540c1a6b45b0ab43e5b0c50f29d216", - "version": "2.2.0" - } - }, - { - "package": "Sockets", - "repositoryURL": "https://github.com/vapor/sockets.git", - "state": { - "branch": null, - "revision": "fb839a109d256e843945086f0730b49e4eeed091", - "version": "2.2.0" - } - }, - { - "package": "TLS", - "repositoryURL": "https://github.com/vapor/tls.git", - "state": { - "branch": null, - "revision": "6c6eedb6761cddc6b6c87142a27eec13fa1701ec", - "version": "2.1.1" - } - }, - { - "package": "Vapor", - "repositoryURL": "https://github.com/vapor/vapor.git", - "state": { - "branch": null, - "revision": "59bde985edbdf6480c541485317c8d41cc5fefb7", - "version": "2.2.2" - } - } - ] - }, - "version": 1 -} From e43bde9a34ed4abcf9e09400d9dddac8bdc2d3f4 Mon Sep 17 00:00:00 2001 From: Mauran Muthiah Date: Tue, 24 Oct 2017 09:28:42 +0200 Subject: [PATCH 3/3] Updated README --- README.md | 30 +----------------------------- 1 file changed, 1 insertion(+), 29 deletions(-) diff --git a/README.md b/README.md index e55535c..43040f1 100644 --- a/README.md +++ b/README.md @@ -8,7 +8,7 @@ [![Readme Score](http://readme-score-api.herokuapp.com/score.svg?url=https://github.com/nodes-vapor/gatekeeper)](http://clayallsopp.github.io/readme-score?url=https://github.com/nodes-vapor/gatekeeper) [![GitHub license](https://img.shields.io/badge/license-MIT-blue.svg)](https://raw.githubusercontent.com/nodes-vapor/gatekeeper/master/LICENSE) -Rate Limiter and SSL enforcing middleware. +Rate Limiter middleware. ## 📦 Installation @@ -21,33 +21,6 @@ Update your `Package.swift` file. ## Getting started 🚀 -Both the rate limiter and SSL-enforcing middleware are easy to configure and get running. - - -## SSLEnforcer 🔒 - -`SSLEnforcer` has three configurable fields: the error to be thrown, your `Droplet` and the environments you wish to enforce on. The environments defaults to `[.production]`. -```swift -let drop = Droplet() -// this will only enforce if running in `production` mode. -let enforcer = SSLEnforcer(error: Abort.notFound, drop: drop) -``` - -If you wish to secure your endpoints during development you can do the following: -```swift -let enforcer = SSLEnforcer( - error: Abort.notFound, - drop: drop, - environments: [ - .production, - .development - ] -) -``` - - -## RateLimiter ⏱ - `RateLimiter` has two configurable fields: the maximum rate and the cache to use. If you don't supply your own cache the limiter will create its own, in-memory cache. ```swift @@ -64,7 +37,6 @@ case .hour case .day ``` - ## Credits 🏆 This package is developed and maintained by the Vapor team at [Nodes](https://www.nodes.dk).