blix-rest 0.7.2 → 0.8.2

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: cf93b3d5836172b6cf1b4ac5df21dfe14e1e998e31e774f9b4fdb4bc5bdec323
-  data.tar.gz: 622db8bf8d0052fd25f3727656ac6b641bc63a2667e97eb3f93f7dc4884e03ee
+  metadata.gz: 5db97b519f38052ee2b7272f3a25d6ec4d5e3ba71cae44bdcd83e25cdd6902f2
+  data.tar.gz: e7fb1c1da94eb622629a718bd81763d6874dc14028bed0ba8328b42cac5c2152
 SHA512:
-  metadata.gz: 32516afd36a4a6c36c81650e50f84970cf2436b7cf682a51cae83d1300f736d4dbfe49d04d590ac8ffde841d2dac7f236d0979b3b5c1d5bec230112584eb6e0d
-  data.tar.gz: 7f106344ec03beb691d5870c5809f379285d578ba17cb9b8edd1ea86c5c64dfa31b0a9747a75adab7730ba514cecca3a508cb36f5560343f147cd64d866ca3d4
+  metadata.gz: fb48999da4fffe47e1d52cb85319c7ed6473c756a55d6e87edef288a9a118f971c90d709ea73aaf566e1f927a7779056547a91d1cfae71b2cd1a157658c3d2a4
+  data.tar.gz: 93d06074a5b66da9099c1d1bee4fb23a00ac18f994809efb9fb28f0be7d6bf3a889fdad45a2fb349dbabeec6c816c77a34975a8cd7de70efbcce4cff2af1acb2

data/README.md

@@ -231,6 +231,7 @@ have access to a number of methods
     method             : the request method lowercase( 'get'/'post' ..)
     req                : the rack request
     body               : the request body as a string
+    path               : the request path
     query_params       : a hash of parameters as passed in the url as parameters
     path_params        : a hash of parameters constructed from variable parts of the path
     post_params        : a hash of parameters passed in the body of the request
@@ -246,7 +247,7 @@ have access to a number of methods
     render_erb         : (template_name [,:layout=>name])
     server_cache       : get the server cache object
     server_cache_get   : retrieve/store value in cache
-    path_for           : (path) give the correct path for an internal path
+    path_for           : (path) give the external path for an internal path
     url_for            : (path) give the full url for an internal path
     h                  : escape html string to avoid XSS
     escape_javascript  : escape  a javascript string
@@ -291,22 +292,27 @@ is ok though.
 
 the `before_route` hook can be used to modify the path or options of a route.
 
-*NOTE* ! when manipulating the path you have to modify the string object in place.
-
 the verb can not be modified
 
 example:
 
     class MyController < Blix::Rest::Controller
 
-      before_route do |verb, path, opts|
-        opts[:level] = :visitor unless opts[:level]
-        path.prepend('/') unless path[0] == '/'
-        path.prepend('/app') unless path[0, 4] == '/app'
+      before_route do |route|
+        route.default_option(:level,:visitor)
+        route.prefix_path('/app')
       end
       ...
     end
 
+the following methods are available on the route:
+
+    verb                        # readonly, the 'GET','POST' etc verb of the route
+    path                        # the path of the route
+    options                     # the options associated with the route eg :accept
+    path_prefix('/xx')          # ensure the path has the given prefix
+    default_option(:xxx,'foo')  # ensure that option has the given default value
+
 ### Sessions
 
 the following methods are available in the controller for managing sessions.
@@ -321,11 +327,53 @@ this will generate a new session_id and setup the relevant headers
 
 options can include:
 
-    :secure => true    # secure cookies only
-    :http = >true      # cookies for http only not javascript requests
+    :secure => true      # secure cookies only
+    :http = >true        # cookies for http only not javascript requests
     :samesite =>:strict  # use strict x-site policy
     :samesite =>:lax     # use lax x-site policy
 
+For more complete session management:
+
+    class MyController < Blix::Rest::Controller
+      include Blix::Rest::Session
+
+      session_name :xxx               # optional default'blix'
+      session_opts :http=>true        # optional
+      session_manager: MyManager.new  # optional , default Blix::Redis::Store
+
+
+      def myroutine
+        @xxx = session['xxx']
+
+        session['yyy'] = true
+      end
+
+    end
+
+options can include:
+
+    :secure                 # false
+    :http                   # false
+    :samesite               # lax
+    :path                   # '/'
+    :expire_secs            # 30 mins
+    :cleanup_every_secs     # 5 minutes
+    :max_age                # nil
+
+the following methods are available:
+
+    reset_session           # gen new session id
+    session                 # session hash
+    csrf_token              # the session csrf token
+
+route options that affect sessions:
+
+    :nosession=>true        # no session will be set/retrieved
+    :cache=>true            # no session will be set/retrieved
+    :csrf=>true             # request will be validated for calid csrf token.
+                            # token must be in header X_CSRF_TOKEN field
+
+session configuration is inherited from superclass controllers unless overridden.
 
 ## Cache
 
@@ -400,6 +448,31 @@ the cache is not used in development/testmode , only in production mode.
 
 only cache pages with **HEADERS** and **CONTENT** that is not user specific.
 
+## CORS
+
+cross origin site requests
+
+    MyController < Blix::Rest::Controller
+
+      get '/info/crosssite' do
+        set_accept_cors
+        {:data=>'foo'}
+      end
+
+      options '/info/' crosssite' do
+        set_accept_cors, :headers=>'Content-Type',
+      end
+
+    end
+
+within an `options` response the following parameters can be passes.
+
+    :origin=>'www.othersite.com'            # specify specific allowed origin.
+    :methods => [:get]                      # allowed methods
+    :max_age => 86400                       # maximum age this auth is valid
+    :headers => ['Content-Type','X-OTHER']  # allow additional headers
+    :credentials => true                    # allow requests with credentials
+
 ## Views
 
 the location of your views defaults to `app/views` otherwise set it manually with:
@@ -488,6 +561,9 @@ NOTE : if you need to set up your database with users then you can use the follo
 
 in features/support/world.rb .........
 
+
+    require 'blix/rest/cucumber'
+
     class RestWorld
 
       # add a hook to create the user in the  database -

data/lib/blix/rest/controller.rb

@@ -94,6 +94,7 @@ module Blix::Rest
       end
     end
 
+
     def form_hash
       StringHash.new(req.POST)
     end
@@ -166,6 +167,14 @@ module Blix::Rest
       @_parameters
     end
 
+    def route_params
+      @_parameters
+    end
+
+    def route_options
+      @_parameters
+    end
+
     def response
       @_response
     end
@@ -232,6 +241,30 @@ module Blix::Rest
       [login, password]
     end
 
+    # set the cors headers
+    def set_accept_cors(opts={})
+      origin  = opts[:origin] || env['HTTP_ORIGIN'] || '*'
+      origin  = origin.to_s
+      if method=='options'
+        methods = [opts[:methods] || []].to_a.flatten
+        max_age = opts[:max_age] || 86400
+        headers = [opts[:headers] || []].to_a.flatten
+        credentials = opts.key?(:credentials) ? !!opts[:credentials] : true
+        methods = [:get] if methods.empty?
+        methods = methods.map{|m| m.to_s.upcase}
+        headers = ['Content-Type'] if headers.empty?
+        max_age = max_age.to_i
+
+        add_headers 'Access-Control-Allow-Origin' => origin,
+           'Access-Control-Allow-Methods'=>methods.join(', '),
+           'Access-Control-Allow-Headers'=>headers,
+           'Access-Control-Max-Age'=>max_age, #86400,
+           'Access-Control-Allow-Credentials'=>'true'
+      else
+        add_headers 'Access-Control-Allow-Origin' => origin
+      end
+    end
+
     def set_status(value)
       @_response.status = value.to_i
     end
@@ -392,6 +425,9 @@ module Blix::Rest
       response
     end
 
+    def session_before(opts); end  # empty session before  hooh
+    def session_after; end  # empty session after hook
+
     #----------------------------------------------------------------------------------------------------------
 
     def _setup(context, _verb, _path, _parameters)
@@ -524,16 +560,18 @@ module Blix::Rest
         raise ServiceError, 'invalid format for this request' unless accept.index format
       end
 
-      def _do_route_hook(verb, path, opts)
+      def _do_route_hook(route)
         if @_route_hook
-          superclass._do_route_hook(verb, path, opts) if superclass.respond_to? :_do_route_hook
-          @_route_hook.call(verb, path, opts)
+          superclass._do_route_hook(route) if superclass.respond_to? :_do_route_hook
+          @_route_hook.call(route)
         end
       end
 
       def route(verb, path, opts = {}, &blk)
+        path = '/' + path unless path[0] == '/'
         path = String.new(path)  # in case frozen.
-        _do_route_hook(verb.dup, path, opts)
+        route = Route.new(verb, path, opts)
+        _do_route_hook(route)
         proc = lambda do |context|
           unless opts[:force] && (opts[:accept] == :*)
             check_format(opts[:accept], context.format)
@@ -541,6 +579,7 @@ module Blix::Rest
           app = new
           app._setup(context, verb, path, opts)
           begin
+            app.session_before(opts)
             app.before(opts)
             app.__before
             context.response = app.instance_eval( &blk )
@@ -549,6 +588,7 @@ module Blix::Rest
           ensure
             app.__after
             app.after(opts, context.response)
+            app.session_after
             context.response
           end
         end

data/lib/blix/rest/route.rb

@@ -0,0 +1,33 @@
+module Blix::Rest
+
+  # class used to represent a route and to allow manipulation of the
+  # options and path of the route before registrATION
+
+  class Route
+
+    attr_reader :verb, :path, :opts
+    alias_method :method, :verb
+    alias_method :options, :opts
+
+    def initialize(verb, path, opts)
+      @verb = verb.dup
+      @path = path
+      @opts = opts
+    end
+
+    def default_option(key, val)
+      opts[key.to_sym] = val unless opts.key?(key) || opts.key?(key.to_sym)
+    end
+
+    def path_prefix(prefix)
+      prefix = prefix.to_s
+      prefix = '/' + prefix unless prefix[0] == '/'
+      path.replace( prefix + path) unless path.start_with?(prefix)
+    end
+
+    def path=(val)
+      path.replace(val.to_s)
+    end
+
+  end
+end

data/lib/blix/rest/session.rb

@@ -0,0 +1,138 @@
+module Blix::Rest
+
+  module Session
+    #----------------------------------------------------------------------------
+    #
+    #  manage the session and authorization
+    #
+    #----------------------------------------------------------------------------
+
+    DAY = 24 * 60 * 60
+    MIN = 60
+    SESSION_NAME = 'blix'
+
+    SESSION_OPTS = {
+      #:secure=>true,
+      :http => false,
+      :samesite => :lax,
+      :path => Blix::Rest.full_path('/'),
+      :expire_secs => 30 * MIN,       # 30 mins
+      :cleanup_every_secs => 5 * 60   # 5 minutes
+      #:max_age => nil # session cookie
+    }.freeze
+
+
+    def session_manager
+      self.class.get_session_manager
+    end
+
+    def session_name
+      self.class.get_session_name
+    end
+
+    def session_opts
+      self.class.get_session_opts
+    end
+
+    def session
+      @__session
+    end
+
+    def csrf_token
+      @__session['csrf'] ||= SecureRandom.hex(32)
+    end
+
+    def reset_session
+      raise 'login_session missing' unless @__session && @__session_id
+      session_manager.delete_session(@__session_id)
+      @__session_id = refresh_session_id(session_name, session_opts)
+      @__session['csrf'] = SecureRandom.hex(32)
+      session_manager.store_session(@__session_id, @__session)
+    end
+
+    # get a session id and use this to retrieve the session information - if any.
+    #
+    def session_before(opts)
+      @__session = {}
+
+      # do not set session on pages. that will be cached.
+      unless opts[:nosession] || opts[:cache]
+        @__session_id = get_session_id(session_name, session_opts)
+        @__session =
+          begin
+            session_manager.get_session(@__session_id)
+          rescue SessionExpiredError
+            @__session_id = refresh_session_id(session_name, session_opts)
+            session_manager.get_session(@__session_id)
+          end
+      end
+
+      if opts[:csrf]
+        if env["HTTP_X_CSRF_TOKEN"] != csrf_token
+          send_error("invalid csrf token")
+        end
+      end
+
+    end
+
+    # save the session hash before we go.
+    def session_after
+      session_manager.store_session(@__session_id, @__session) if @__session_id
+    end
+
+    private
+
+    def self.included(mod)
+      mod.extend Session::ClassMethods
+    end
+
+    module ClassMethods
+
+      def session_name(name)
+        @_sess_name = name.to_s
+      end
+
+      def session_opts(opts)
+        @_sess_custom_opts = opts
+      end
+
+      def session_manager(man)
+        raise ArgumentError, "incompatible session store" unless man.respond_to?(:get_session)
+        raise ArgumentError, "incompatible session store" unless man.respond_to?(:store_session)
+        raise ArgumentError, "incompatible session store" unless man.respond_to?(:delete_session)
+        @_sess_manager= man
+      end
+
+      def get_session_name
+        @_sess_name ||= begin
+          if superclass.respond_to?(:get_session_name)
+            superclass.get_session_name
+          else
+            SESSION_NAME
+          end
+        end
+      end
+
+      def get_session_opts
+        @_session_opts ||= begin
+          if superclass.respond_to?(:get_session_opts)
+            superclass.get_session_opts.merge(@_sess_custom_opts || {})
+          else
+            SESSION_OPTS.merge(@_sess_custom_opts || {})
+          end
+        end
+      end
+
+      def get_session_manager
+        @_sess_manager ||= begin
+          if superclass.respond_to?(:get_session_manager)
+            superclass.get_session_manager
+          else
+            Blix::RedisStore.new(get_session_opts)
+          end
+        end
+      end
+
+    end # ClassMethods
+  end # Session
+end  # Blix::Rest

data/lib/blix/rest/version.rb

@@ -1,5 +1,5 @@
 module Blix
   module Rest
-    VERSION = "0.7.2"
+    VERSION = "0.8.2"
   end
 end

data/lib/blix/rest.rb

@@ -150,7 +150,7 @@ require 'blix/rest/format_parser'
 require 'blix/rest/request_mapper'
 require 'blix/rest/cache'
 require 'blix/rest/server'
-# require 'blix/rest/provider'
+require 'blix/rest/route'
 require 'blix/rest/controller'
 # require 'blix/rest/provider_controller'
 

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: blix-rest
 version: !ruby/object:Gem::Version
-  version: 0.7.2
+  version: 0.8.2
 platform: ruby
 authors:
 - Clive Andrews
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2023-09-12 00:00:00.000000000 Z
+date: 2023-09-24 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: httpclient
@@ -109,7 +109,9 @@ files:
 - lib/blix/rest/request_mapper.rb
 - lib/blix/rest/resource_cache.rb
 - lib/blix/rest/response.rb
+- lib/blix/rest/route.rb
 - lib/blix/rest/server.rb
+- lib/blix/rest/session.rb
 - lib/blix/rest/string_hash.rb
 - lib/blix/rest/version.rb
 - lib/blix/utils.rb