cuba 3.0.0 → 3.0.1.rc1
Sign up to get free protection for your applications and to get access to all the features.
- data/README.md +28 -1
- data/cuba.gemspec +1 -1
- data/lib/cuba.rb +16 -7
- data/test/captures.rb +37 -0
- data/test/integration.rb +1 -1
- data/test/redirect.rb +3 -1
- metadata +12 -12
data/README.md
CHANGED
@@ -148,6 +148,33 @@ Cuba.define do
|
|
148
148
|
end
|
149
149
|
```
|
150
150
|
|
151
|
+
Security
|
152
|
+
--------
|
153
|
+
|
154
|
+
The favorite security layer for Cuba is
|
155
|
+
[Rack::Protection](https://github.com/rkh/rack-protection). It is not
|
156
|
+
included by default because there are legitimate uses for plain Cuba
|
157
|
+
(for instance, when designing an API).
|
158
|
+
|
159
|
+
If you are building a web application, by all means make sure to
|
160
|
+
include a security layer. As it is the convention for unsafe
|
161
|
+
operations, only POST, PUT and DELETE requests are monitored.
|
162
|
+
|
163
|
+
``` ruby
|
164
|
+
require "cuba"
|
165
|
+
require "rack/protection"
|
166
|
+
|
167
|
+
Cuba.use Rack::Session::Cookie
|
168
|
+
Cuba.use Rack::Protection
|
169
|
+
Cuba.use Rack::Protection::RemoteReferrer
|
170
|
+
|
171
|
+
Cuba.define do
|
172
|
+
|
173
|
+
# Now your app is protected against a wide range of attacks.
|
174
|
+
...
|
175
|
+
end
|
176
|
+
```
|
177
|
+
|
151
178
|
HTTP Verbs
|
152
179
|
----------
|
153
180
|
|
@@ -177,7 +204,7 @@ Captures
|
|
177
204
|
You may have noticed that some matchers yield a value to the block. The rules
|
178
205
|
for determining if a matcher will yield a value are simple:
|
179
206
|
|
180
|
-
1. Regex captures: `"posts/(
|
207
|
+
1. Regex captures: `"posts/(\\d+)-(.*)"` will yield two values, corresponding to each capture.
|
181
208
|
2. Placeholders: `"users/:id"` will yield the value in the position of :id.
|
182
209
|
3. Symbols: `:foobar` will yield if a segment is available.
|
183
210
|
4. File extensions: `extension("css")` will yield the basename of the matched file.
|
data/cuba.gemspec
CHANGED
data/lib/cuba.rb
CHANGED
@@ -7,7 +7,7 @@ class Cuba
|
|
7
7
|
|
8
8
|
attr :headers
|
9
9
|
|
10
|
-
def initialize(status = 200, headers = { "Content-Type" => "text/html" })
|
10
|
+
def initialize(status = 200, headers = { "Content-Type" => "text/html; charset=utf-8" })
|
11
11
|
@status = status
|
12
12
|
@headers = headers
|
13
13
|
@body = []
|
@@ -88,9 +88,6 @@ class Cuba
|
|
88
88
|
child.settings.replace(settings)
|
89
89
|
end
|
90
90
|
|
91
|
-
attr :env
|
92
|
-
attr :req
|
93
|
-
attr :res
|
94
91
|
attr :captures
|
95
92
|
|
96
93
|
def initialize(&blk)
|
@@ -106,10 +103,22 @@ class Cuba
|
|
106
103
|
dup.call!(env)
|
107
104
|
end
|
108
105
|
|
106
|
+
def req
|
107
|
+
Thread.current[:_cuba_req]
|
108
|
+
end
|
109
|
+
|
110
|
+
def res
|
111
|
+
Thread.current[:_cuba_res]
|
112
|
+
end
|
113
|
+
|
114
|
+
def env
|
115
|
+
Thread.current[:_cuba_env]
|
116
|
+
end
|
117
|
+
|
109
118
|
def call!(env)
|
110
|
-
|
111
|
-
|
112
|
-
|
119
|
+
Thread.current[:_cuba_env] = env
|
120
|
+
Thread.current[:_cuba_req] = Rack::Request.new(env)
|
121
|
+
Thread.current[:_cuba_res] = Cuba::Response.new
|
113
122
|
|
114
123
|
# This `catch` statement will either receive a
|
115
124
|
# rack response tuple via a `halt`, or will
|
data/test/captures.rb
CHANGED
@@ -123,3 +123,40 @@ test "consumes a slash if needed" do
|
|
123
123
|
|
124
124
|
assert_response resp, ["foo/bar.css"]
|
125
125
|
end
|
126
|
+
|
127
|
+
test "regex captures in string format" do
|
128
|
+
Cuba.define do
|
129
|
+
on get, "posts/(\\d+)-(.*)" do |id, slug|
|
130
|
+
res.write id
|
131
|
+
res.write slug
|
132
|
+
end
|
133
|
+
end
|
134
|
+
|
135
|
+
|
136
|
+
env = { "REQUEST_METHOD" => "GET",
|
137
|
+
"PATH_INFO" => "/posts/123-postal-service",
|
138
|
+
"SCRIPT_NAME" => "/" }
|
139
|
+
|
140
|
+
_, _, resp = Cuba.call(env)
|
141
|
+
|
142
|
+
|
143
|
+
assert_response resp, ["123", "postal-service"]
|
144
|
+
end
|
145
|
+
|
146
|
+
test "regex captures in regex format" do
|
147
|
+
Cuba.define do
|
148
|
+
on get, %r{posts/(\d+)-(.*)} do |id, slug|
|
149
|
+
res.write id
|
150
|
+
res.write slug
|
151
|
+
end
|
152
|
+
end
|
153
|
+
|
154
|
+
env = { "REQUEST_METHOD" => "GET",
|
155
|
+
"PATH_INFO" => "/posts/123-postal-service",
|
156
|
+
"SCRIPT_NAME" => "/" }
|
157
|
+
|
158
|
+
_, _, resp = Cuba.call(env)
|
159
|
+
|
160
|
+
|
161
|
+
assert_response resp, ["123", "postal-service"]
|
162
|
+
end
|
data/test/integration.rb
CHANGED
@@ -78,7 +78,7 @@ test "reset and use" do
|
|
78
78
|
status, headers, resp = Cuba.call(env)
|
79
79
|
|
80
80
|
assert 200 == status
|
81
|
-
assert "text/html" == headers["Content-Type"]
|
81
|
+
assert "text/html; charset=utf-8" == headers["Content-Type"]
|
82
82
|
assert_response resp, ["2nd Default"]
|
83
83
|
|
84
84
|
assert "1" == env["m.first"]
|
data/test/redirect.rb
CHANGED
@@ -16,6 +16,8 @@ test "redirect" do
|
|
16
16
|
status, headers, body = Cuba.call(env)
|
17
17
|
|
18
18
|
assert_equal status, 302
|
19
|
-
assert_equal headers, {
|
19
|
+
assert_equal headers, {
|
20
|
+
"Content-Type" => "text/html; charset=utf-8",
|
21
|
+
"Location" => "/hello" }
|
20
22
|
assert_response body, []
|
21
23
|
end
|
metadata
CHANGED
@@ -1,19 +1,19 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: cuba
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 3.0.
|
5
|
-
prerelease:
|
4
|
+
version: 3.0.1.rc1
|
5
|
+
prerelease: 6
|
6
6
|
platform: ruby
|
7
7
|
authors:
|
8
8
|
- Michel Martens
|
9
9
|
autorequire:
|
10
10
|
bindir: bin
|
11
11
|
cert_chain: []
|
12
|
-
date: 2012-
|
12
|
+
date: 2012-06-25 00:00:00.000000000 Z
|
13
13
|
dependencies:
|
14
14
|
- !ruby/object:Gem::Dependency
|
15
15
|
name: rack
|
16
|
-
requirement: &
|
16
|
+
requirement: &2151841840 !ruby/object:Gem::Requirement
|
17
17
|
none: false
|
18
18
|
requirements:
|
19
19
|
- - ! '>='
|
@@ -21,10 +21,10 @@ dependencies:
|
|
21
21
|
version: '0'
|
22
22
|
type: :runtime
|
23
23
|
prerelease: false
|
24
|
-
version_requirements: *
|
24
|
+
version_requirements: *2151841840
|
25
25
|
- !ruby/object:Gem::Dependency
|
26
26
|
name: cutest
|
27
|
-
requirement: &
|
27
|
+
requirement: &2151838760 !ruby/object:Gem::Requirement
|
28
28
|
none: false
|
29
29
|
requirements:
|
30
30
|
- - ! '>='
|
@@ -32,10 +32,10 @@ dependencies:
|
|
32
32
|
version: '0'
|
33
33
|
type: :development
|
34
34
|
prerelease: false
|
35
|
-
version_requirements: *
|
35
|
+
version_requirements: *2151838760
|
36
36
|
- !ruby/object:Gem::Dependency
|
37
37
|
name: capybara
|
38
|
-
requirement: &
|
38
|
+
requirement: &2151837240 !ruby/object:Gem::Requirement
|
39
39
|
none: false
|
40
40
|
requirements:
|
41
41
|
- - ! '>='
|
@@ -43,7 +43,7 @@ dependencies:
|
|
43
43
|
version: '0'
|
44
44
|
type: :development
|
45
45
|
prerelease: false
|
46
|
-
version_requirements: *
|
46
|
+
version_requirements: *2151837240
|
47
47
|
description: Cuba is a microframework for web applications.
|
48
48
|
email:
|
49
49
|
- michel@soveran.com
|
@@ -96,12 +96,12 @@ required_ruby_version: !ruby/object:Gem::Requirement
|
|
96
96
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
97
97
|
none: false
|
98
98
|
requirements:
|
99
|
-
- - ! '
|
99
|
+
- - ! '>'
|
100
100
|
- !ruby/object:Gem::Version
|
101
|
-
version:
|
101
|
+
version: 1.3.1
|
102
102
|
requirements: []
|
103
103
|
rubyforge_project:
|
104
|
-
rubygems_version: 1.8.
|
104
|
+
rubygems_version: 1.8.11
|
105
105
|
signing_key:
|
106
106
|
specification_version: 3
|
107
107
|
summary: Microframework for web applications.
|