couchrest_session_store 0.0.9 → 0.1.0
Sign up to get free protection for your applications and to get access to all the features.
- data/lib/couchrest_session_store.rb +10 -4
- metadata +2 -2
@@ -51,7 +51,7 @@ class CouchRestSessionStore < ActionDispatch::Session::AbstractStore
|
|
51
51
|
|
52
52
|
def get_session(env, sid)
|
53
53
|
if sid
|
54
|
-
doc =
|
54
|
+
doc = secure_get(sid)
|
55
55
|
session = self.class.unmarshal(doc["data"])
|
56
56
|
[sid, session]
|
57
57
|
else
|
@@ -69,21 +69,27 @@ class CouchRestSessionStore < ActionDispatch::Session::AbstractStore
|
|
69
69
|
end
|
70
70
|
|
71
71
|
def destroy_session(env, sid, options)
|
72
|
-
doc =
|
72
|
+
doc = secure_get(sid)
|
73
73
|
database.delete_doc(doc)
|
74
74
|
options[:drop] ? nil : generate_sid
|
75
75
|
rescue RestClient::ResourceNotFound
|
76
76
|
# already destroyed - we're done.
|
77
77
|
end
|
78
78
|
|
79
|
-
|
80
79
|
def build_or_update_doc(sid, data)
|
81
|
-
doc =
|
80
|
+
doc = secure_get(sid)
|
82
81
|
doc["data"] = data
|
83
82
|
return doc
|
84
83
|
rescue RestClient::ResourceNotFound
|
85
84
|
return CouchRest::Document.new "_id" => sid, "data" => data
|
86
85
|
end
|
87
86
|
|
87
|
+
# prevent access to design docs
|
88
|
+
# this should be prevented on a couch permission level as well.
|
89
|
+
# but better be save than sorry.
|
90
|
+
def secure_get(sid)
|
91
|
+
raise RestClient::ResourceNotFound if /^_design\/(.*)/ =~ sid
|
92
|
+
database.get(sid)
|
93
|
+
end
|
88
94
|
end
|
89
95
|
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: couchrest_session_store
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.0
|
4
|
+
version: 0.1.0
|
5
5
|
prerelease:
|
6
6
|
platform: ruby
|
7
7
|
authors:
|
@@ -9,7 +9,7 @@ authors:
|
|
9
9
|
autorequire:
|
10
10
|
bindir: bin
|
11
11
|
cert_chain: []
|
12
|
-
date: 2013-02-
|
12
|
+
date: 2013-02-25 00:00:00.000000000 Z
|
13
13
|
dependencies:
|
14
14
|
- !ruby/object:Gem::Dependency
|
15
15
|
name: couchrest
|