Class: Rack::StripCookies

Inherits:

Object

• Object
• Rack::StripCookies

Defined in:

lib/rack/strip-cookies.rb,
lib/rack/strip-cookies/version.rb

Constant Summary

VERSION =

"2.0.0"

Instance Attribute Summary

• #app ⇒ Object readonly

  Returns the value of attribute app.

• #invert ⇒ Object readonly

  Returns the value of attribute invert.

• #patterns ⇒ Object readonly

  Returns the value of attribute patterns.

Instance Method Summary

• #call(env) ⇒ Array

  Entry point of the middleware.

• #initialize(app, options = {}) ⇒ StripCookies constructor

  Initializes the middleware.

Constructor Details

#initialize(app, options = {}) ⇒ StripCookies

Initializes the middleware.

Parameters:

• app (Rack application) —

  The Rack application.

• options (Hash) (defaults to: {}) —

  The options to customize the middleware behavior.

Options Hash (options):

• :paths (Array<String>) —

  The paths or patterns where cookies should be deleted.

  • Exact paths: “/api”

  • Wildcard paths: “/api/*”

• :invert (Boolean) —

  Whether to invert the paths where cookies are deleted.

# File 'lib/rack/strip-cookies.rb', line 14

def initialize(app, options = {})
  @app = app
  @invert = options.fetch(:invert, false)
  @patterns = compile_patterns(options[:paths] || [])
end

Instance Attribute Details

#app ⇒ Object (readonly)

Returns the value of attribute app.

# File 'lib/rack/strip-cookies.rb', line 4

def app
  @app
end

#invert ⇒ Object (readonly)

Returns the value of attribute invert.

# File 'lib/rack/strip-cookies.rb', line 4

def invert
  @invert
end

#patterns ⇒ Object (readonly)

Returns the value of attribute patterns.

# File 'lib/rack/strip-cookies.rb', line 4

def patterns
  @patterns
end

Instance Method Details

#call(env) ⇒ Array

Entry point of the middleware.

This method is called for each HTTP request that passes through the middleware. It determines whether to strip cookies from the request and response based on the configured paths/patterns and the invert flag.

Parameters:

• env (Hash) —

  The request environment.

Returns:

• (Array) —

  The response containing the status, headers, and body.

# File 'lib/rack/strip-cookies.rb', line 28

def call(env)
  # Extract the request path from the environment.
  # 'PATH_INFO' contains the path portion of the URL, e.g., "/dashboard".
  path = env["PATH_INFO"] || "/"

  # Determine if the current path matches any of the compiled patterns.
  # Each pattern is a regex that represents either an exact match or a wildcard match.
  matched = patterns.any? { |regex| regex.match?(path) }

  # Decide whether to strip cookies based on the matching result and the invert flag.
  # If 'invert' is false:
  #   - Cookies are stripped if the path matches any of the specified patterns.
  # If 'invert' is true:
  #   - Cookies are stripped if the path does NOT match any of the specified patterns.
  strip_out = (matched && !invert) || (!matched && invert)

  if strip_out
    # Remove the 'HTTP_COOKIE' header from the request environment.
    # This prevents any cookies from being sent to the application.
    env.delete("HTTP_COOKIE")

    # Call the next middleware or application in the stack with the modified environment.
    # This returns the HTTP status, headers, and body of the response.
    status, headers, body = @app.call(env)

    # Remove the 'Set-Cookie' header from the response headers.
    headers.delete("set-cookie")

    # Add a custom header 'Cookies-Stripped' to indicate that cookies were stripped.
    headers["cookies-stripped"] = "true"
  else
    # If cookies are not to be stripped, simply call the next middleware or application.
    # The original request and response headers remain untouched.
    status, headers, body = @app.call(env)
  end

  # Return the final response to the client.
  # The response is an array containing the status code, headers hash, and body array.
  [status, headers, body]
end