RubyGems - async-background - Versions diffs - 1.0.0 → 1.0.1 - Mend

async-background 1.0.0 → 1.0.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (12) hide show

checksums.yaml +4 -4
data/CHANGELOG.md +319 -276
data/README.md +91 -109
data/lib/async/background/version.rb +1 -1
data/lib/async/background/web/app.rb +39 -18
data/lib/async/background/web/auth.rb +7 -2
data/lib/async/background/web/configuration.rb +17 -3
data/lib/async/background/web/event_hub.rb +25 -148
data/lib/async/background/web/response.rb +31 -9
data/lib/async/background/web/router.rb +3 -1
data/lib/async/background/web/stream.rb +54 -15
metadata +2 -2

data/lib/async/background/web/response.rb CHANGED Viewed

@@ -15,9 +15,27 @@ module Async
         CSS_TYPE = 'text/css; charset=utf-8'
         NO_STORE = 'no-store'
         ASSET_CACHE = 'public, max-age=31536000, immutable'
-        UNAUTHORIZED_BODY = 'unauthorized'
-        NOT_FOUND_BODY = 'not found'
+        BASE_SECURITY_HEADERS = {
+          'x-content-type-options' => 'nosniff',
+          'referrer-policy' => 'no-referrer',
+          'cross-origin-resource-policy' => 'same-origin'
+        }.freeze
+        HTML_SECURITY_HEADERS = BASE_SECURITY_HEADERS.merge(
+          'x-frame-options' => 'DENY',
+          'content-security-policy' =>
+            "default-src 'none'; " \
+            "script-src 'self'; " \
+            "style-src 'self'; " \
+            "img-src 'self' data:; " \
+            "connect-src 'self'; " \
+            "frame-ancestors 'none'; " \
+            "base-uri 'none'; " \
+            "form-action 'none'"
+        ).freeze
+        UNAUTHORIZED_BODY = JSON.generate(error: 'unauthorized').freeze
+        NOT_FOUND_BODY = JSON.generate(error: 'not_found').freeze
         BAD_REQUEST_BODY = JSON.generate(error: 'invalid_request').freeze
         UNAVAILABLE_BODY = JSON.generate(error: 'service_unavailable').freeze
         INTERNAL_ERROR_BODY = JSON.generate(error: 'internal_error').freeze
@@ -32,7 +50,7 @@ module Async
         end
         def html(body)
-          [200, no_store_headers(HTML_TYPE), [body]]
+          [200, html_headers, [body]]
         end
         def javascript(body)
@@ -44,11 +62,11 @@ module Async
         end
         def unauthorized
-          [401, no_store_headers(TEXT_TYPE), [UNAUTHORIZED_BODY]]
+          [401, no_store_headers(JSON_TYPE), [UNAUTHORIZED_BODY]]
         end
         def not_found
-          [404, no_store_headers(TEXT_TYPE), [NOT_FOUND_BODY]]
+          [404, no_store_headers(JSON_TYPE), [NOT_FOUND_BODY]]
         end
         def bad_request(message = nil)
@@ -65,11 +83,15 @@ module Async
         end
         def no_store_headers(content_type)
-          {'content-type' => content_type, 'cache-control' => NO_STORE}
+          {'content-type' => content_type, 'cache-control' => NO_STORE}.merge(BASE_SECURITY_HEADERS)
+        end
+        def html_headers
+          {'content-type' => HTML_TYPE, 'cache-control' => NO_STORE}.merge(HTML_SECURITY_HEADERS)
         end
         def asset_headers(content_type)
-          {'content-type' => content_type, 'cache-control' => ASSET_CACHE}
+          {'content-type' => content_type, 'cache-control' => ASSET_CACHE}.merge(BASE_SECURITY_HEADERS)
         end
         def sse_headers
@@ -77,7 +99,7 @@ module Async
             'content-type' => EVENT_STREAM_TYPE,
             'cache-control' => 'no-cache, no-transform',
             'x-accel-buffering' => 'no'
-          }
+          }.merge(BASE_SECURITY_HEADERS)
         end
       end
     end

data/lib/async/background/web/router.rb CHANGED Viewed

@@ -19,8 +19,10 @@ module Async
           '/api/stream' => :stream
         }.freeze
+        ALLOWED_METHODS = %w[GET HEAD].freeze
         def match(env)
-          return unless env['REQUEST_METHOD'] == 'GET'
+          return unless ALLOWED_METHODS.include?(env['REQUEST_METHOD'])
           GET_ROUTES[env['PATH_INFO'] || '/']
         end

data/lib/async/background/web/stream.rb CHANGED Viewed

@@ -1,41 +1,80 @@
 # frozen_string_literal: true
+require_relative '../clock'
 module Async
   module Background
     module Web
       class Stream
-        def initialize(hub, heartbeat_seconds:, retry_ms:)
+        include Clock
+        def initialize(hub, heartbeat_seconds:, retry_ms:, poll_seconds:, logger: nil)
           @hub = hub
           @heartbeat_seconds = heartbeat_seconds
           @retry_ms = retry_ms
+          @poll_seconds = poll_seconds
+          @logger = logger
         end
         def each
-          subscription, initial_frame = @hub.subscribe
           yield "retry: #{@retry_ms}\n\n"
-          yield initial_frame
+          version, frame = initial_state
+          if version.nil?
+            yield EventHub::UNAVAILABLE_FRAME
+            return
+          end
+          yield frame
+          last_yield = monotonic_now
+          unavailable_announced = false
           loop do
-            frame = subscription.pop(timeout: @heartbeat_seconds)
-            break if frame.nil? && subscription.closed?
+            sleep_for_poll
+            begin
+              new_version = @hub.current_version
-            yield(frame || EventHub::HEARTBEAT_FRAME)
+              if new_version != version
+                version = new_version
+                yield @hub.frame_for(version)
+                last_yield = monotonic_now
+              elsif (monotonic_now - last_yield) >= @heartbeat_seconds
+                yield EventHub::HEARTBEAT_FRAME
+                last_yield = monotonic_now
+              end
+              unavailable_announced = false
+            rescue ClosedError
+              break
+            rescue UnavailableError
+              unless unavailable_announced
+                yield EventHub::UNAVAILABLE_FRAME
+                unavailable_announced = true
+                last_yield = monotonic_now
+              end
+            end
           end
-        rescue Errno::EPIPE, IOError
+        rescue Errno::EPIPE, Errno::ECONNRESET, IOError
           nil
-        rescue ClosedError, UnavailableError
-          safe_yield(EventHub::UNAVAILABLE_FRAME) { |frame| yield frame }
+        rescue StandardError => error
+          @logger&.error(
+            "[async-background-web] SSE stream terminated: " \
+            "#{error.class}: #{error.message}"
+          )
           nil
-        ensure
-          @hub.unsubscribe(subscription) if subscription
         end
         private
-        def safe_yield(frame)
-          yield frame
-        rescue Errno::EPIPE, IOError
-          nil
+        def initial_state
+          @hub.initial_frame
+        rescue ClosedError, UnavailableError
+          [nil, nil]
+        end
+        def sleep_for_poll
+          sleep(@poll_seconds)
         end
       end
     end

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: async-background
 version: !ruby/object:Gem::Version
-  version: 1.0.0
+  version: 1.0.1
 platform: ruby
 authors:
 - Roman Hajdarov
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2026-06-28 00:00:00.000000000 Z
+date: 2026-06-29 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: async