CodeRack

rack-taint

2012-03-15 17:13:05 UTC

Taint the query string (and thus GET parameters), input (and thus POST parameters), headers (and thus cookies), and everything else that comes in on a request.

Among other use cases, this may prove helpful as a component in a scheme that limits mass assignment in Rails.

Add to your Gemfile:

gem 'rack-taint'

If it's not Rails, you'll also need to add Rack:Taint to your application stack. Earlier is better.

Rack::FunkyCache

2011-11-12 21:07:34 UTC

Rack middleware which together with Passenger implements funky caching.

Funky caching is technique popularized by PHP.net site. It was first mentioned by Rasmus Lerdorf in 2002. Middleware captures Rack output and caches it as static file to public directory. All subsequent requests are then served by Passenger and they never reach Rack.

Check usage from project page.

Rack::Facebook::MethodFix

2011-11-06 22:06:28 UTC

In early 2011 Facebook started to send all application requests as POST. This middleware converts POST requests back to GET when applicable.

Rack::Facebook::MethodFix looks for incoming POST requests. If the request contains signed_request parameter it converts request to GET as originally intended. Optionally if you pass in Facebook application secret_id it will also require the contents of signed_request to be valid.

Check usage from project page.

Naughty Step

2011-10-03 08:11:49 UTC

A Rack middleware for simple 404 and 500 status handling

= Naughty Step

Well, Naughty Step is nothing ground-breaking. This is just a basic way of catching errors (Status 500) and pages not found (Status 404) and use related html pages you’ve written for that purpose. The middleware even has default values:

- public/404.html
- public/500.html

So a very simple example might be to require the Gem and then:

use ::Rack::NaughtyStep

Or if you want to declare your paths:

use ::Rack::NaughtyStep ‘/path/to/404/page.html’, ‘/path/to/500/page.html’

Here you go. Truth is that I’ve been naughty as well. I did not write a proper full example, neither a spec. Just because I was in a rush, but I’ll do it as soon as I can. Please don’t spank me.

rack-golem

2011-09-23 08:23:22 UTC

A Controller middleware that is euh… basic. I would say it is a sort of Ramaze for kids

GOLEM

I would describe Golem as a Ramaze for kids.
Golem is not a framework though, just a controller, but you know... the kind of controller that leaves you in the train even if you did not buy a ticket.
It leaves you on the rails if you will (incredibly good pun intended).

Install with:

sudo gem install rack-golem

Config.ru is one of his names, so say it in a Rackup file.

require 'db' # Loads ORM models and all
require 'go' # Our controller (I don not like that word really)
use Rack::ContentLength
use Rack::Session::Cookies
run Go

And the winner is:

require 'rack/golem'

class Go
    include Rack::Golem # To hell with sub-classes !!!

    before do
      # Here you can do many things
      # In order to help you here are some variables you can read and override:
      # @r => the Rack::Request object
      # @res => the Rack::Response object
      # @action => Name of the public method that will handle the request
      # @action_arguments => Arguments for the action (really?)
    end

    def index(*args)
      # When no public method is found
      # Of course you don't have to declare one and it is gonna use Controller#not_found instead
      # But if it is declared, keep in mind it's a catch-all so make it deal with args
      @articles = Post.all
      erb :index
    end

    def post(id=nil)
      @post = Post[id]
      if @post.nil?
        not_found
      else
        erb :post
      end
    end

    def say(listener='me', *words)
      "Hey #{listener} I don't need ERB to tell you that #{words.join(' ')}"
    end

    def not_found(*args)
      # This one is defined by Golem but here we decided to override it
      # Like :index this method receives the arguments in order to make something with it
      Email.alert('Too many people are looking for porn here') if args.includes?("porn")
      super(args)
    end

    after do
      Spy.analyse.send_info_to([:government, :facebook, :google, :james_bond])
    end

  end

Hopefully no headache.

WHAT GOLEM DOES NOT

Support templates other than ERB (I plan to use Tilt more cleverly though in order to achieve that without selling my soul)
Session/Cookies administration (Like for many things, use a middleware instead ex: Rack::Session::Cookies)
Prepare the coffee (Emacs does but Ed is the standard text editor)
So many things, why bother...

rack-backend-api

2011-09-21 15:25:51 UTC

The purpose of this Rack Middleware is to provide an API that interfaces with database actions in order to build a CMS.

HOW TO USE IT

BackendAPI is a Rack middleware that you have to put before your actual backend/CMS, and generally after an authentication middleware. And it takes care of everything involving interaction with your database.

In reality, it does not HAVE to be with the Backend but it makes sense and that way, both share the authentication middleware.

A rackup stack for your application might look like this:

map '/' do
  run Frontend
end

map '/admin' do
  use Rack::Auth::Basic, "your-realm" do |username, password|
    [username, password] == ['username', 'password']
  end
  use BackendAPI
  run Backend.new
end

Your backend receives every request that the Restful API doesn't recognise. The BackendAPI recognises requests following this scheme:

METHOD /Backend-path/model_class/ID

The ID is not always relevant. So if you have a model class called BlogPost and you want to get the form for the entry with ID 4:

GET /admin/blog_post/4

If you don't put an ID, it means you want the form for a brand new entry:

GET /admin/blog_post

Then if you need to delete the entry with ID 4:

DELETE /admin/blog_post/4

The API also understands a CamelCased class name:

DELETE /admin/BlogPost/4

This is my fave personally, but unfortunately it seems that windows servers are case insensitive. Which means that if you have one, you need to stick with the under_scored names.

To be honest, that is almost everything you need because the ORM adapter builds the forms and therefore use the right action and method for POST and PUT requests.

The problem sometimes with a Restful API is that in real life, in spite of the fact that not every requests are GET or POST it is sometimes forced. The href of a link is always a GET, and the method for a form is overridden if it is not GET or POST.

This is why Rack has a very handy middleware called MethodOverride. You don't have to use it because BackendAPI puts it on the stack for you. Basically when you have it, you can send the method you really wanted in the POSTed parameter called "_method", and the middleware override the method for you. This is how the adapter makes forms with PUT requests.

But unfortunately you can only use MethodOverride on POST requests, but you might want to have it on links.

Here is a concrete example:
You want to put in your CMS a link for deleting blog post. But a link is going to be a GET request. Of course you could use Ajax and anyway you probably will, but it is a good practice to make it possible without javascript. So your link could look like this:

<a href="/admin/blog_post/4?_method=DELETE"> X </a>

But it doesn't work because links are GET requests. Fortunately this is a common task so there is a method that makes DELETE buttons available as a form:

@blog_post.backend_delete_form("/admin/blog_post/4", { :destination => "/admin/list/blog_post" })

The :destination is where you go when the job is done. You also can change the option :submit_text which is what the button says. By default, the DELETE form button says "X".

The :destination option is also in the API as _destination. Use it in order to specify where to go when the entry is validated. Because before it is validated you'll get the form again with error messages.

Say we need a link for creating a blog post, and then when validated, we want to go back to the list page:

<a href="/admin/blog_post?_destination=%2Fadmin%2Flist%2Fblog_post"> Create new Blog Post </a>

Of course, the page /admin/list/blog_post is a page of your Backend/CMS. The form will be POSTed because there is no ID, which means it is a new entry. On that list page, you could have a list of your posts with an "Edit" link:

My Interesting Post Number 4 - <a href="/admin/blog_post/4?_destination=%2Fadmin%2Flist%2Fblog_post"> Edit </a>

You also have another option called fields which allows you to say which fields you want in that form. The purpose of that is mainly to be able to edit a single value at a time:

Title: My Super Blog - <a href="/admin/blog_post/4?fields[]=title&_destination=%2Fadmin%2Flist%2Fblog_post"> Edit </a>

This will make a link to a form for editing the title of that Blog Post. Please note that the option fields is an array.

Also don't forget to escape the URI like in the examples above. You can do that with Rack::Utils :

::Rack::Utils.escape "/admin/list/blog_post"

The option :submit_text is also available through the API as _submit_text. It says "SAVE" by default but you might want it to say "CREATE" and "UPDATE" in appropriate cases, like we did in the example.

Another thing to note is that you don't have to use a destination for when something is created or updated. If you do not use destination, the API will call the instance method Model#backend_show on the entry. By default it just says 'OK' but you can override the method in order to send whatever you want. This comes handy when you use ajax and want a representation of the entry once it's created.

More Info

For further details on how to use the middleware, please visit the github page of the project.

rack-cerberus

2011-09-21 15:19:34 UTC

A Rack middleware for form-based authentication. Aim is a compromise between fonctionality, beauty and customization.

Cerberus

Cerberus is a Rack middleware for form-based authentication. Its purpose is only to offer a nicer (or more actual) replacement for Basic HTTP authentication.

Install with:

# sudo gem install rack-cerberus

You can use it almost the same way you use Rack::Auth::Basic:

require 'cerberus'
use Rack::Session::Cookie, :secret => 'change_me'
use Cerberus do |login, pass|
  pass=='secret'
end

Like in that example, make sure you have a session, because Cerberus use it for persistent login.

There is an optional hash you can add for customisation it. Options are:

:company_name
:fg_color (foreground color)
:bg_color (background color)
:text_color
:icon_url (for a company logo or any icon)
:css_location

Which is used that way:

use Cerberus, {:company_name => 'Nintendo'} do |login, pass|
  pass=='secret'
end

The purpose of Cerberus is to be basic, which is why there are enough options to have a page fairly customized with colors and logo (:icon_url). The logo can even replace the company name if you leave :company_name blank. But should you be fussy, this is possible to have more control using an external CSS file with the option :css_location.

Just like Rack::Auth::Basic, Cerberus yields login and pass, and delegate authentication to the block you send it which should return a boolean.

If you want to see a concrete example, go into the Cerberus directory and run:

# rackup example.ru

It's gonna start the example at http://localhost:9292

Logout

Any request to /logout on the path where the middleware is mounted will log you out. In other words, if you put the middleware at /admin, query /admin/logout to be logged out. Pretty simple.

Ennou

2011-08-28 14:38:30 UTC

Rack middleware for Windows (Http.sys).

Ennou interacts between Rack and Http.sys without GVL. It consists two different middleware. Ennou – for developing server for single process and EnnouMu – for production level server for management multiple processes.

rackup -s Ennou
or
rackup -s Ennoumu

rack-track

2011-08-03 09:09:56 UTC

Makes it easy to manage and document tracking pixels on different pages and areas by keeping them all in a central location.

MyApp::Application.config.middleware.use(Rack::Track) do
  area :confirmation_pages, "/checkout/order_confirmation", "/basket/complete"

  pixel "Generic GA", :on => :all_pages do
    %Q{
      <!-- GOOGLE ANALYTICS --> 
      blah
      <!-- END GOOGLE ANALYTICS --> 
    }
  end

  pixel "Goal GA", :on => :confirmation_pages do
    %Q{
      <!-- GOOGLE ANALYTICS --> 
      blah
      <!-- END GOOGLE ANALYTICS --> 
    }
  end
end

Closed

2011-07-02 22:02:02 UTC

For websites that are open 9 till 5

During office hours website displays as usual. Outside of office hours a closed page is displayed.

see github readme