Merge pull request #30 from SonicGarden/fix-maintenance

[review] メンテナンス画面判定にもrequest.remote_ipを利用するように
SonicGarden · Nov 8, 2023 · fb76d8c · fb76d8c
2 parents 68c8ac0 + 8fcd0c2
commit fb76d8c
Show file tree

Hide file tree

Showing 3 changed files with 7 additions and 5 deletions.
diff --git a/lib/sg_fargate_rails/config.rb b/lib/sg_fargate_rails/config.rb
@@ -1,13 +1,15 @@
 module SgFargateRails
   class Config
     attr_reader :proxy_ip_addresses
+    attr_accessor :middleware_enabled
 
     # NOTE: good_jobダッシュボードへのアクセスをproxy経由のアクセスに制限するかどうか
     attr_accessor :restrict_access_to_good_job_dashboard
 
     def initialize
       self.proxy_ip_addresses = ENV['SG_PROXY_IP_ADDRESSES']
       self.restrict_access_to_good_job_dashboard = Rails.env.production?
+      self.middleware_enabled = !Rails.env.development? && !Rails.env.test?
     end
 
     def proxy_ip_addresses=(ip_addresses)

diff --git a/lib/sg_fargate_rails/maintenance.rb b/lib/sg_fargate_rails/maintenance.rb
@@ -9,7 +9,7 @@ def initialize(app, options = {})
     end
 
     def call(env)
-      if maintenance_mode?(env) && !public_file_access?(env) && !proxy_access?(Rack::Request.new(env))
+      if maintenance_mode?(env) && !public_file_access?(env) && !proxy_access?(ActionDispatch::Request.new(env))
         headers = { 'Content-Type' => 'text/html' }
         [503, headers, File.open(maintenance_file_path)]
       else
@@ -38,7 +38,7 @@ def maintenance_file_path
     end
 
     def proxy_access?(req)
-      SgFargateRails.config.proxy_access?(req.ip) || req.forwarded_for&.any? { |forwarded_for| SgFargateRails.config.proxy_access?(forwarded_for) }
+      SgFargateRails.config.proxy_access?(req.remote_ip)
     end
   end
 end
diff --git a/lib/sg_fargate_rails/railtie.rb b/lib/sg_fargate_rails/railtie.rb
@@ -10,12 +10,12 @@ class Railtie < ::Rails::Railtie
       load File.expand_path('../tasks/sg_fargate_rails.rake', __dir__)
     end
 
-    initializer :initialize_sg_fargate_rails do |app|
-      unless ::Rails.env.in?(%w[development test])
+    initializer :initialize_sg_fargate_rails, after: :load_config_initializers do |app|
+      if SgFargateRails.config.middleware_enabled
         app.config.middleware.insert 0, SgFargateRails::AdjustCloudfrontHeaders
         app.config.middleware.insert 1, SgFargateRails::Healthcheck
-        app.config.middleware.insert 2, SgFargateRails::Maintenance
         app.config.middleware.swap ActionDispatch::RemoteIp, SgFargateRails::RemoteIp, app.config.action_dispatch.ip_spoofing_check, app.config.action_dispatch.trusted_proxies
+        app.config.middleware.insert_after SgFargateRails::RemoteIp, SgFargateRails::Maintenance
       end
 
       ActiveSupport.on_load(:good_job_application_controller) do