gloo 3.7.0 → 3.9.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: c1dfa24d10974fad30c699b9935d765525ceda2eef22c642be9f30fd8f717ce7
-  data.tar.gz: c631fafd6862b14c03994767ad520cc95380868ea9a1c60a68f0da67399d9fab
+  metadata.gz: afc950a2a2470041f3a3d990480cf26bee1005e6f4e00bcc95feb4e38d8de394
+  data.tar.gz: fe2cf5549734e2779ed1ed1f90bc5974fcae7c0b8245b22626a9828d2f54c54e
 SHA512:
-  metadata.gz: a020b85943d3fa84e2940dc37a4bf61d541a89e55de775b0a22fd001b7e57de84a852748d0084e92bf1490e5f561761b62cbea9c94cbfa57e422632bf77134c5
-  data.tar.gz: 04ca71cc0e8c3c483d31155799876e336d372d2bee8f1a923f429c3aee0c2902528af4ebe289d3a6e5709274205ca7d5feaaf164e1f8187c48ce6a5c4315a847
+  metadata.gz: 7eed261a94581ca0a1e7f5c9a61657bd8e39f1455d55f4754bc4530641fe33ef359d7055f191dd204c505b31e501291803f5ef5822672640a280845c5c27b0d1
+  data.tar.gz: 643bd6cc65823bf8d1a8d1666e0b5b51abf5c44d0a8f2b25b51c901a1f18c3efda08264c5e686fe34efb0063a7e9e56b7040c50befa353e17369f0c04f32b186

data/lib/VERSION

@@ -1 +1 @@
-3.7.0
+3.9.0

data/lib/VERSION_NOTES

@@ -1,3 +1,18 @@
+3.9.0 - 2025.02.21
+ - Fixes alias in page parameters
+ - Adds comparison operators
+ - Renames some verb shortcuts for compatibility
+ - Adds Group-By option in for each child loop
+ - Adds starts_with?, ends_with?, contains?, and format_for_html messages to string
+
+
+
+3.8.0 - 2025.01.23
+- Fixes issue with sessions
+- Adds authenticity token tag and supporting session id and validation
+
+
+
 3.7.0 - 2025.01.09
  - Adds File message to get SHA256 hash
  - Asset Fingerprinting

data/lib/gloo/app/log.rb

@@ -169,7 +169,7 @@ module Gloo
       # Also write to the console unless quiet.
       #
       def error( msg, ex = nil, engine = nil )
-        engine&.heap&.error&.set_to msg
+        engine&.heap&.error&.set_to( msg ) if engine
         @logger.error msg
         @error.error msg
         if ex

data/lib/gloo/core/op.rb

@@ -13,19 +13,39 @@ module Gloo
       # Is the token an operator?
       #
       def self.op?( token )
-        return [ '+', '-', '*', '/' ].include?( token.strip )
+        return [ 
+          Gloo::Expr::OpPlus::SYMBOL,
+          Gloo::Expr::OpMinus::SYMBOL,
+          Gloo::Expr::OpMult::SYMBOL,
+          Gloo::Expr::OpDiv::SYMBOL,
+          Gloo::Expr::OpEq::SYMBOL,
+          Gloo::Expr::OpEq::ALT_SYMBOL,
+          Gloo::Expr::OpIneq::SYMBOL,
+          Gloo::Expr::OpGt::SYMBOL,
+          Gloo::Expr::OpLt::SYMBOL,
+          Gloo::Expr::OpGteq::SYMBOL,
+          Gloo::Expr::OpLteq::SYMBOL
+          ].include?( token.strip )
       end
 
       #
       # Create the operator for the given token.
       #
       def self.create_op( token )
-        return Gloo::Expr::OpMinus.new if token == '-'
-        return Gloo::Expr::OpMult.new if token == '*'
-        return Gloo::Expr::OpDiv.new if token == '/'
-        return Gloo::Expr::OpPlus.new if token == '+'
-
-        return default_op
+        case token
+          when Gloo::Expr::OpPlus::SYMBOL then Gloo::Expr::OpPlus.new
+          when Gloo::Expr::OpMinus::SYMBOL then Gloo::Expr::OpMinus.new
+          when Gloo::Expr::OpMult::SYMBOL then Gloo::Expr::OpMult.new
+          when Gloo::Expr::OpDiv::SYMBOL then Gloo::Expr::OpDiv.new
+          when Gloo::Expr::OpEq::SYMBOL then return Gloo::Expr::OpEq.new
+          when Gloo::Expr::OpEq::ALT_SYMBOL then return Gloo::Expr::OpEq.new
+          when Gloo::Expr::OpIneq::SYMBOL then return Gloo::Expr::OpIneq.new
+          when Gloo::Expr::OpGt::SYMBOL then return Gloo::Expr::OpGt.new
+          when Gloo::Expr::OpLt::SYMBOL then return Gloo::Expr::OpLt.new
+          when Gloo::Expr::OpGteq::SYMBOL then return Gloo::Expr::OpGteq.new
+          when Gloo::Expr::OpLteq::SYMBOL then return Gloo::Expr::OpLteq.new
+        else return default_op
+        end
       end
 
       #

data/lib/gloo/expr/op_div.rb

@@ -8,6 +8,8 @@ module Gloo
   module Expr
     class OpDiv < Gloo::Core::Op
 
+      SYMBOL = '/'.freeze
+
       #
       # Perform the operation and return the result.
       #

data/lib/gloo/expr/op_eq.rb

@@ -0,0 +1,29 @@
+# Author::    Eric Crane  (mailto:eric.crane@mac.com)
+# Copyright:: Copyright (c) 2025 Eric Crane.  All rights reserved.
+#
+# Equality operator.
+#
+
+module Gloo
+  module Expr
+    class OpEq < Gloo::Core::Op
+
+      SYMBOL = '='.freeze
+      ALT_SYMBOL = '=='.freeze
+
+      #
+      # Perform the operation and return the result.
+      #
+      def perform( left, right )
+        return left == right.to_s if left.is_a? String
+
+        return left == right.to_i if left.is_a? Integer
+
+        return left == right.to_f if left.is_a? Numeric
+
+        return false
+      end
+
+    end
+  end
+end

data/lib/gloo/expr/op_gt.rb

@@ -0,0 +1,26 @@
+# Author::    Eric Crane  (mailto:eric.crane@mac.com)
+# Copyright:: Copyright (c) 2025 Eric Crane.  All rights reserved.
+#
+# Greater than operator.
+#
+
+module Gloo
+  module Expr
+    class OpGt < Gloo::Core::Op
+
+      SYMBOL = '>'.freeze
+
+      #
+      # Perform the operation and return the result.
+      #
+      def perform( left, right )
+        return left > right.to_i if left.is_a? Integer
+
+        return left > right.to_f if left.is_a? Numeric
+
+        return false
+      end
+
+    end
+  end
+end

data/lib/gloo/expr/op_gteq.rb

@@ -0,0 +1,26 @@
+# Author::    Eric Crane  (mailto:eric.crane@mac.com)
+# Copyright:: Copyright (c) 2025 Eric Crane.  All rights reserved.
+#
+# Greater than or equal operator.
+#
+
+module Gloo
+  module Expr
+    class OpGteq < Gloo::Core::Op
+
+      SYMBOL = '>='.freeze
+
+      #
+      # Perform the operation and return the result.
+      #
+      def perform( left, right )
+        return left >= right.to_i if left.is_a? Integer
+
+        return left >= right.to_f if left.is_a? Numeric
+
+        return false
+      end
+
+    end
+  end
+end

data/lib/gloo/expr/op_ineq.rb

@@ -0,0 +1,28 @@
+# Author::    Eric Crane  (mailto:eric.crane@mac.com)
+# Copyright:: Copyright (c) 2025 Eric Crane.  All rights reserved.
+#
+# Inequality operator.
+#
+
+module Gloo
+  module Expr
+    class OpIneq < Gloo::Core::Op
+
+      SYMBOL = '!='.freeze
+
+      #
+      # Perform the operation and return the result.
+      #
+      def perform( left, right )
+        return left != right.to_s if left.is_a? String
+
+        return left != right.to_i if left.is_a? Integer
+
+        return left != right.to_f if left.is_a? Numeric
+        
+        return false
+      end
+
+    end
+  end
+end

data/lib/gloo/expr/op_lt.rb

@@ -0,0 +1,26 @@
+# Author::    Eric Crane  (mailto:eric.crane@mac.com)
+# Copyright:: Copyright (c) 2025 Eric Crane.  All rights reserved.
+#
+# Less than operator.
+#
+
+module Gloo
+  module Expr
+    class OpLt < Gloo::Core::Op
+
+      SYMBOL = '<'.freeze
+
+      #
+      # Perform the operation and return the result.
+      #
+      def perform( left, right )
+        return left < right.to_i if left.is_a? Integer
+
+        return left < right.to_f if left.is_a? Numeric
+
+        return false
+      end
+
+    end
+  end
+end

data/lib/gloo/expr/op_lteq.rb

@@ -0,0 +1,26 @@
+# Author::    Eric Crane  (mailto:eric.crane@mac.com)
+# Copyright:: Copyright (c) 2025 Eric Crane.  All rights reserved.
+#
+# Less than or equal operator.
+#
+
+module Gloo
+  module Expr
+    class OpLteq < Gloo::Core::Op
+
+      SYMBOL = '<='.freeze
+
+      #
+      # Perform the operation and return the result.
+      #
+      def perform( left, right )
+        return left <= right.to_i if left.is_a? Integer
+
+        return left <= right.to_f if left.is_a? Numeric
+
+        return false
+      end
+
+    end
+  end
+end

data/lib/gloo/expr/op_minus.rb

@@ -8,6 +8,8 @@ module Gloo
   module Expr
     class OpMinus < Gloo::Core::Op
 
+      SYMBOL = '-'.freeze
+
       #
       # Perform the operation and return the result.
       #

data/lib/gloo/expr/op_mult.rb

@@ -8,6 +8,8 @@ module Gloo
   module Expr
     class OpMult < Gloo::Core::Op
 
+      SYMBOL = '*'.freeze
+
       #
       # Perform the operation and return the result.
       #

data/lib/gloo/expr/op_plus.rb

@@ -8,6 +8,8 @@ module Gloo
   module Expr
     class OpPlus < Gloo::Core::Op
 
+      SYMBOL = '+'.freeze
+
       #
       # Perform the operation and return the result.
       #

data/lib/gloo/objs/basic/string.rb

@@ -12,6 +12,7 @@ module Gloo
 
       KEYWORD = 'string'.freeze
       KEYWORD_SHORT = 'str'.freeze
+      MISSING_PARAM_MSG = 'Missing parameter!'.freeze
 
       #
       # The name of the object type.
@@ -42,10 +43,95 @@ module Gloo
       # Get a list of message names that this object receives.
       #
       def self.messages
-        return super + %w[up down size encode64 decode64 escape unescape
+        return super + %w[up down size starts_with? ends_with? contains? 
+          format_for_html encode64 decode64 escape unescape
           gen_alphanumeric gen_uuid gen_hex gen_base64]
       end
 
+      # 
+      # Convert whitespace to HTML friendly spaces.
+      # 
+      def msg_format_for_html
+        text = self.value
+        out = ""
+        return out unless text
+
+        # indentation
+        text.each_line do |line|
+          i = 0
+          while line[i] == ' '
+            i += 1
+            out << "&nbsp;"
+          end
+    
+          i = 0
+          while line[i] == "\t"
+            i += 1
+            out << "&nbsp;&nbsp;&nbsp;&nbsp;"
+          end
+          out << line
+        end
+    
+        self.value = out.gsub( "\n", "<br/>" )
+      end
+
+      # 
+      # Does the string start with the given string?
+      # 
+      def msg_starts_with?
+        if @params&.token_count&.positive?
+          expr = Gloo::Expr::Expression.new( @engine, @params.tokens )
+          data = expr.evaluate
+
+          result = self.value.start_with?( data )
+          @engine.heap.it.set_to result
+          return result
+        else
+          # Error
+          @engine.log.error MISSING_PARAM_MSG
+          @engine.heap.it.set_to false
+          return false
+        end
+      end
+
+      # 
+      # Does the string end with the given string?
+      # 
+      def msg_ends_with?
+        if @params&.token_count&.positive?
+          expr = Gloo::Expr::Expression.new( @engine, @params.tokens )
+          data = expr.evaluate
+
+          result = value.end_with?( data )
+          @engine.heap.it.set_to result
+          return result
+        else
+          # Error
+          @engine.log.error MISSING_PARAM_MSG
+          @engine.heap.it.set_to false
+          return false
+        end
+      end
+
+      # 
+      # Does the string contain the given string?
+      #
+      def msg_contains?
+        if @params&.token_count&.positive?
+          expr = Gloo::Expr::Expression.new( @engine, @params.tokens )
+          data = expr.evaluate
+
+          result = value.include?( data )
+          @engine.heap.it.set_to result
+          return result
+        else
+          # Error
+          @engine.log.error MISSING_PARAM_MSG
+          @engine.heap.it.set_to false
+          return false
+        end
+      end
+
       #
       # Get the size of the string.
       #

data/lib/gloo/objs/ctrl/each_child.rb

@@ -10,6 +10,11 @@ module Gloo
 
       CHILD = 'child'.freeze
       IN = 'IN'.freeze
+
+      GROUP_BY = 'group_by'.freeze
+      ON_GROUP_START = 'on_group_start'.freeze
+      ON_GROUP_END = 'on_group_end'.freeze
+
       
       # ---------------------------------------------------------------------
       #    Create Iterator
@@ -34,6 +39,61 @@ module Gloo
         return false
       end
 
+      
+      # ---------------------------------------------------------------------
+      #    Group By
+      # ---------------------------------------------------------------------
+      
+      # 
+      # If the iterator has a group by,
+      # then we need to group by that value.
+      # Otherwise, we just loop for each child.
+      #
+      def has_group_by?
+        child = @iterator_obj.find_child GROUP_BY
+        return false unless child
+
+        return true
+      end
+
+      # 
+      # Get the child that is the group by.
+      # Return nil if there is no group by.
+      #
+      def group_by_value obj_can
+        return nil unless obj_can
+
+        child = @iterator_obj.find_child GROUP_BY
+        return nil unless child
+
+        group_by_child_name = child.value
+
+        obj = obj_can.find_child( group_by_child_name )
+        return nil unless obj
+
+        return obj.value
+      end
+
+      #
+      # Run the on group start script.
+      #
+      def run_on_group_start
+        o = @iterator_obj.find_child ON_GROUP_START
+        return unless o
+
+        Gloo::Exec::Dispatch.message( @engine, 'run', o )
+      end
+
+      #
+      # Run the on group end script.
+      #
+      def run_on_group_end
+        o = @iterator_obj.find_child ON_GROUP_END
+        return unless o
+
+        Gloo::Exec::Dispatch.message( @engine, 'run', o )
+      end
+
 
       # ---------------------------------------------------------------------
       #    Iterate
@@ -46,11 +106,38 @@ module Gloo
         o = @iterator_obj.find_child IN
         return unless o
 
+        # Set up for optional groups.
+        group_mode = false
+        if has_group_by?
+          group_mode = true
+          last_group = nil
+          first_time = true
+        end
+
         o = Gloo::Objs::Alias.resolve_alias( @engine, o )
         o.children.each do |child|
+          if group_mode
+            group_value = group_by_value( child )
+            # puts "last group = #{last_group}, group_value = #{group_value}"
+            if last_group != group_value
+              last_group = group_value
+              # puts "New group: #{group_value}"
+              if first_time
+                first_time = false
+              else
+                run_on_group_end
+              end
+              run_on_group_start
+            end
+          end
+
           set_child child
           @iterator_obj.run_do
         end
+
+        if group_mode && !first_time
+          run_on_group_end
+        end
       end
 
       #

data/lib/gloo/objs/security/csrf_token.rb

@@ -0,0 +1,72 @@
+# Author::    Eric Crane  (mailto:eric.crane@mac.com)
+# Copyright:: Copyright (c) 2025 Eric Crane.  All rights reserved.
+#
+# Helper class to generate and verify a csrf token.
+#
+require 'securerandom'
+require 'base64'
+require 'active_support/security_utils'
+
+module Gloo
+  module Objs
+    class CsrfToken
+
+      TOKEN_LENGTH = 32
+      AUTHENTICITY_TOKEN = 'authenticity_token'.freeze
+
+      # 
+      # Generate a random token
+      #
+      def self.generate_csrf_token
+        SecureRandom.base64( TOKEN_LENGTH ) 
+      end
+
+      # 
+      # Generate a masked token.
+      #
+      def self.mask_token( base_token )
+        one_time_pad = SecureRandom.random_bytes( base_token.bytesize )
+        masked_token = one_time_pad.bytes.zip( base_token.bytes ).map { |a, b| a ^ b }.pack('C*')
+        return Base64.urlsafe_encode64( one_time_pad + masked_token ) # Encode the result
+      end
+
+      # 
+      # Unmask a masked token.
+      #
+      def self.unmask_token( masked_token )
+        decoded = Base64.urlsafe_decode64( masked_token )
+        one_time_pad, masked_token = decoded[0...decoded.length / 2], decoded[decoded.length / 2..]
+        return one_time_pad.bytes.zip( masked_token.bytes ).map { |a, b| (a ^ b).chr }.join
+      end
+
+      # 
+      # Compare two tokens.
+      # Use ActiveSupport::SecurityUtils.secure_compare to avoid timing attacks.
+      #
+      def self.compare_tokens( token1, token2 )
+        return ActiveSupport::SecurityUtils.secure_compare( token1, token2 )
+      end
+
+      # 
+      # Return a hidden field with the masked csrf token.
+      #
+      def self.get_csrf_token_hidden_field( base_token )
+        form_token = mask_token( base_token )
+   
+        return "<input type='hidden' name='#{AUTHENTICITY_TOKEN}' value='#{form_token}' />"
+      end
+
+      # 
+      # Validate a masked csrf token that came from a form submit.
+      #
+      def self.valid_csrf_token?( base_token, masked_token )
+        return false unless base_token && masked_token
+
+        unmasked_token = unmask_token( masked_token )
+
+        return compare_tokens( base_token, unmasked_token )
+      end
+
+    end
+  end
+end

data/lib/gloo/objs/web_svr/page.rb

@@ -137,6 +137,8 @@ module Gloo
 
         h = {}
         params_can.children.each do |o|
+          # resolve aliases
+          o = Gloo::Objs::Alias.resolve_alias( @engine, o )
           h[ o.name ] = o.value
         end
 

data/lib/gloo/objs/web_svr/svr.rb

@@ -51,7 +51,8 @@ module Gloo
       ELAPSED = 'elapsed'.freeze
       DB = 'db'.freeze
       PAGE = 'page'.freeze
-
+      CURRENT_PAGE = 'current_page'.freeze
+      
       # Container with pages in the web app.
       PAGES = 'pages'.freeze
 
@@ -303,7 +304,7 @@ module Gloo
       # Important to do this after the response is sent
       # to avoid holding on to data that is no longer needed.
       # 
-      def clear_session_data
+      def reset_session_data
         session_container.children.each do |session_var|
           session_var.value = ''
         end
@@ -407,6 +408,7 @@ module Gloo
       def self.messages
         return super + [ 'start', 'stop', 
           'list_routes', 'list_assets', 
+          'add_session_to_response', 'clear_session_data',
           'list_asset_img', 'list_asset_css', 'list_asset_js' ]
       end
 
@@ -494,6 +496,22 @@ module Gloo
         end
       end
 
+      # 
+      # Add the session data to the response.
+      # This will be done for the current (next) request only.
+      # 
+      def msg_add_session_to_response
+        @session.add_session_to_response if @session
+      end
+
+      # 
+      # Clear out the session data, and remove it from the response.
+      # 
+      def msg_clear_session_data
+        reset_session_data
+        @session.clear_session_data if @session
+      end
+
 
       # ---------------------------------------------------------------------
       #    Start and Stop Events
@@ -533,7 +551,7 @@ module Gloo
         @engine.log.info "Stopping web server…"
 
         # Last chance to clear out session data.
-        clear_session_data
+        reset_session_data
 
         @web_server.stop
         @web_server = nil
@@ -570,13 +588,18 @@ module Gloo
 
       #
       # Run the on request script if there is one.
+      # Set thee current page object so the app knows
+      # which page is being requested.
       #
-      def run_on_request
+      def run_on_request current_page
+        for_page = find_child CURRENT_PAGE
+        alias_value = current_page.pn
+        for_page.set_value( alias_value ) if for_page
         o = find_child ON_REQUEST
         return unless o
         o = Gloo::Objs::Alias.resolve_alias( @engine, o )
 
-        Gloo::Exec::Dispatch.message( @engine, 'run', o )
+        Gloo::Exec::Dispatch.message( @engine, 'run', o, CURRENT_PAGE => current_page )
       end
 
       #
@@ -595,6 +618,10 @@ module Gloo
       # This is done before the on_request event is fired.
       # 
       def set_request_data( request )
+        # Clear out the redirect if there is one since this is the start of
+        # a new request.
+        @redirect = nil
+
         data = find_child RESQUEST_DATA
         return unless data
         data = Gloo::Objs::Alias.resolve_alias( @engine, data )

data/lib/gloo/verbs/load.rb

@@ -9,7 +9,7 @@ module Gloo
     class Load < Gloo::Core::Verb
 
       KEYWORD = 'load'.freeze
-      KEYWORD_SHORT = '<'.freeze
+      KEYWORD_SHORT = 'ld'.freeze
       MISSING_EXPR_ERR = 'Missing Expression!'.freeze
 
       #

data/lib/gloo/verbs/save.rb

@@ -9,7 +9,7 @@ module Gloo
     class Save < Gloo::Core::Verb
 
       KEYWORD = 'save'.freeze
-      KEYWORD_SHORT = '>'.freeze
+      KEYWORD_SHORT = 'sv'.freeze
 
       #
       # Run the verb.

data/lib/gloo/verbs/show.rb

@@ -9,7 +9,7 @@ module Gloo
     class Show < Gloo::Core::Verb
 
       KEYWORD = 'show'.freeze
-      KEYWORD_SHORT = '='.freeze
+      KEYWORD_SHORT = 'print'.freeze
 
       #
       # Run the verb.

data/lib/gloo/web_svr/embedded_renderer.rb

@@ -72,6 +72,14 @@ module Gloo
         return "<link rel='stylesheet' media='all' href='#{published_name}' />"
       end
 
+      # 
+      # Embed a hidden field with the autenticity token.
+      # 
+      def autenticity_token_tag
+        session_id = @engine.running_app.obj&.session&.get_session_id
+        return Gloo::Objs::CsrfToken.get_csrf_token_hidden_field( session_id )
+      end
+
 
       # ---------------------------------------------------------------------
       #    Obj Helper Functions

data/lib/gloo/web_svr/handler.rb

@@ -46,6 +46,9 @@ module Gloo
         request.request_params.log_id_keys
 
         if page
+          # Run the on_request script with the found page.
+          @server_obj.run_on_request( page )
+
           if page.is_a? Gloo::Objs::FileHandle
             result = handle_file page
           else

data/lib/gloo/web_svr/request.rb

@@ -59,9 +59,15 @@ module Gloo
 
         # Run the on_request script if there is one.
         @handler.server_obj.set_request_data self
-        @handler.server_obj.run_on_request
         
-        result, page_obj = @handler.handle self
+        # Check authenticity token if it's given.
+        if @request_params.check_authenticity_token( @engine )
+          result, page_obj = @handler.handle self
+        else
+          # Render the error page.
+          result = @handler.server_error_result
+        end
+
         finish_timer
 
         # Run the on_response script if there is one.

data/lib/gloo/web_svr/request_params.rb

@@ -56,6 +56,29 @@ module Gloo
       end
 
 
+      # ---------------------------------------------------------------------
+      #    Authenticity Token checking
+      # ---------------------------------------------------------------------
+
+      # 
+      # Check the authenticity token if it is present.
+      # Returns true if it is present and valid, and
+      # also if it is not present.
+      # Returns false if it is present but not valid.
+      # 
+      def check_authenticity_token engine
+        auth_token = @query_params[ Gloo::Objs::CsrfToken::AUTHENTICITY_TOKEN ]
+        if auth_token
+          session_id = engine.running_app.obj&.session&.get_session_id
+          return false unless session_id
+
+          return Gloo::Objs::CsrfToken.valid_csrf_token?( session_id, auth_token )
+        end
+
+        return true
+      end
+
+
       # ---------------------------------------------------------------------
       #    Helper functions
       # ---------------------------------------------------------------------

data/lib/gloo/web_svr/response.rb

@@ -122,9 +122,12 @@ module Gloo
           headers[ 'Location' ] = @location
         end
 
-        session = @engine&.running_app&.obj&.session      
+        session = @engine&.running_app&.obj&.session
         headers = session.add_session_for_response( headers ) if session
   
+        # Clear out session data after the response is prepared.
+        @engine&.running_app&.obj&.reset_session_data
+
         return headers
       end
 

data/lib/gloo/web_svr/session.rb

@@ -15,6 +15,7 @@ module Gloo
     class Session
 
       SESSION_CONTAINER = 'session'.freeze
+      SESSION_ID_NAME = 'session_id'.freeze
 
       
       # ---------------------------------------------------------------------
@@ -29,6 +30,8 @@ module Gloo
         @log = @engine.log
 
         @server_obj = server_obj
+        @include_in_response = false
+        @clearing_session = false
       end
 
 
@@ -52,8 +55,12 @@ module Gloo
               data = decode_decrypt( data ) 
               return unless data
               
+              @session_id = data[ SESSION_ID_NAME ]
+
               data.each do |key, value|
-                @server_obj.set_session_var( key, value )
+                unless key == SESSION_ID_NAME
+                  @server_obj.set_session_var( key, value )
+                end
               end
             end
           end
@@ -64,18 +71,62 @@ module Gloo
 
 
       # ---------------------------------------------------------------------
-      #    Get Session Data for Response
+      #    Set Session Data for Response
       # ---------------------------------------------------------------------
 
+      # 
+      # Temporarily set the flag to add the session data to the response.
+      # Once this is done, the flag will be cleared and it will not
+      # be added to the next request unless specifically set.
+      # 
+      def add_session_to_response
+        @include_in_response = true
+      end
+
+      def init_session_id
+        @session_id = Gloo::Objs::CsrfToken.generate_csrf_token
+        return @session_id
+      end
+
+      # 
+      # Initialize the session id and add it to the data.
+      # Use the current session ID if it is there.
+      # 
+      def get_session_id
+        if @clearing_session
+          @clearing_session = false
+          return nil
+        end
+
+        init_session_id if @session_id.blank?
+
+        return @session_id
+      end
+
+      # 
+      # Clear out the session Id.
+      # Set the flag to add the session data to the response.
+      # 
+      def clear_session_data
+        @session_id = nil
+        @clearing_session = true
+        add_session_to_response
+      end
+
       # 
       # If there is session data, encrypt and add it to the response.
       # Once done, clear out the session data.
       # 
       def add_session_for_response( headers )
         # Are we using sessions?
-        if @server_obj.use_session?
+        if @server_obj.use_session? && @include_in_response
+          # Reset the flag because we are adding to the session data now
+          @include_in_response = false
+
           # Build and add encrypted session data
           data = @server_obj.get_session_data
+          data[ SESSION_ID_NAME ] = get_session_id
+
           unless data.empty?
             data = encrypt_encode( data )
             session_hash = { 
@@ -90,9 +141,6 @@ module Gloo
 
             Rack::Utils.set_cookie_header!( headers, session_name, session_hash )
           end
-
-          # Clear out session data
-          @server_obj.clear_session_data
         end
 
         return headers

data/lib/gloo/web_svr/table_renderer.rb

@@ -73,8 +73,8 @@ module Gloo
           end
 
           str += "<tr class='#{styles[ ROW ]}'>"
-          str += "<th style='#{styles[ HEAD_CELL ]}'>#{head[ :title ]}</th>"
-          str += "<td style='#{styles[ CELL ]}'>#{cell_value}</td>"
+          str += "<th class='#{styles[ HEAD_CELL ]}'>#{head[ :title ]}</th>"
+          str += "<td class='#{styles[ CELL ]}'>#{cell_value}</td>"
           str += "</tr>"
         end
 
@@ -113,7 +113,7 @@ module Gloo
             else
               cell_value = cell
             end
-            str += "<td style='#{styles[ CELL ]}'>#{cell_value}</td>"
+            str += "<td class='#{styles[ CELL ]}'>#{cell_value}</td>"
           end
           str += "</tr>"
         end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: gloo
 version: !ruby/object:Gem::Version
-  version: 3.7.0
+  version: 3.9.0
 platform: ruby
 authors:
 - Eric Crane
 autorequire:
 bindir: exe
 cert_chain: []
-date: 2025-01-09 00:00:00.000000000 Z
+date: 2025-02-21 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler
@@ -419,6 +419,12 @@ files:
 - lib/gloo/expr/l_integer.rb
 - lib/gloo/expr/l_string.rb
 - lib/gloo/expr/op_div.rb
+- lib/gloo/expr/op_eq.rb
+- lib/gloo/expr/op_gt.rb
+- lib/gloo/expr/op_gteq.rb
+- lib/gloo/expr/op_ineq.rb
+- lib/gloo/expr/op_lt.rb
+- lib/gloo/expr/op_lteq.rb
 - lib/gloo/expr/op_minus.rb
 - lib/gloo/expr/op_mult.rb
 - lib/gloo/expr/op_plus.rb
@@ -462,6 +468,7 @@ files:
 - lib/gloo/objs/ror/erb.rb
 - lib/gloo/objs/ror/eval.rb
 - lib/gloo/objs/security/cipher.rb
+- lib/gloo/objs/security/csrf_token.rb
 - lib/gloo/objs/security/password.rb
 - lib/gloo/objs/system/file_handle.rb
 - lib/gloo/objs/system/ssh_exec.rb