leanweb 0.1.3 → 0.3.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: c3068af18fa92b34c6129894552a74e184c8ebea84cab6d90066a6e004ce9cc5
-  data.tar.gz: 4fb4f1a3361cc7d986456de08c463899338743d58abc4c8f5099919347df6d1b
+  metadata.gz: d4e80c5813858b838b39fea56bb96b2fb28f7749d22f02ab04694662a8595d96
+  data.tar.gz: c2fdc8ebf92d647516db11352e5a6cb7bc36f1489dfabe69c095e7090f1b7970
 SHA512:
-  metadata.gz: 3896c65a6db177ac696a580ae3667ec43981969dd7654eaa87469016712cdfc022a5a64bd8fe48aed97c15e09beb009d97dd79ca85f7328a16293925f52031cf
-  data.tar.gz: 72489e08ddfd2c08176af510c4b8cfddf6b7e4e0a8846b79173f18676d27dc63540ed359708aa679cfe351c2f9e69b75e28639de895368f97faa0a71cc3bcc2e
+  metadata.gz: 1bed8458a93a2f0139609f17fe3402f69065182607b6b6664cc0c6d90ab3815f4dca7cd08c165dab17e5448d9c3f7d3c44ef8e1f28468cd3e4c42a66b096c8b8
+  data.tar.gz: 320c619aedd70c9bd0ed5e698ef456e293d3cf754bbe3ca939a7669b45ad117a371089db15737edf0c5c271ad638b84784e6ee3a730093a82a16843828a1074c

data/bin/leanweb

@@ -3,10 +3,10 @@
 
 # Copyright 2022 Felix Freeman <libsys@hacktivista.org>
 #
-# This file is part of "LeanWeb" and licensed under the terms of the Hacktivista
-# General Public License version 0.1 or (at your option) any later version. You
-# should have received a copy of this license along with the software. If not,
-# see <https://hacktivista.org/licenses/>.
+# This file is part of "LeanWeb" and licensed under the terms of the GNU Affero
+# General Public License version 3 with permissions for compatibility with the
+# Hacktivista General Public License. You should have received a copy of this
+# license along with the software. If not, see <https://gnu.org/licenses/>.
 
 require 'fileutils'
 require 'leanweb'
@@ -22,6 +22,9 @@ files = [
       source 'https://rubygems.org'
 
       gem 'leanweb', '~> #{LeanWeb::VERSION}'
+      gem 'haml', '~> 5.2.2'
+      gem 'rake'
+      gem 'puma'
     RUBY
   }, {
     filename: 'config.ru',
@@ -29,21 +32,21 @@ files = [
       # frozen_string_literal: true
 
       require 'leanweb'
+      require_relative 'routes'
 
       if ENV['RACK_ENV'] == 'development'
         use(Rack::Reloader, 0)
-        use(Rack::Static, urls: [''], root: 'public', cascade: true)
+        use(Rack::Static, urls: ['/assets'], root: 'public', cascade: true)
       end
 
-      app = LeanWeb::App.init
-      run app
+      run LeanWeb::App.new(ROUTES)
     RUBY
   }, {
     filename: 'routes.rb',
     content: <<~RUBY
       # frozen_string_literal: true
 
-      [{ path: '/' }]
+      ROUTES = [{ path: '/' }].freeze
     RUBY
   }, {
     filename: 'Rakefile',
@@ -52,23 +55,24 @@ files = [
 
       require 'leanweb'
 
-      task default: %w[build]
+      task default: %w[build_static]
 
-      task :build do
-        LeanWeb::App.init.build_static
+      task :build_static do
+        require_relative 'routes'
+        LeanWeb::App.new(ROUTES).build_static
       end
     RUBY
   }, {
-    filename: 'src/controllers/main.rb',
+    filename: 'src/controllers/main_controller.rb',
     content: <<~RUBY
       # frozen_string_literal: true
 
       require 'leanweb'
 
-      # Main controller is the default controller
+      # Main controller is the default controller.
       class MainController < LeanWeb::Controller
         def index_get
-          render 'index.haml'
+          render_response 'index.haml'
         end
       end
     RUBY
@@ -96,9 +100,10 @@ begin
   path = ARGV[1] || '.'
   FileUtils.mkdir_p(path)
   FileUtils.cd(path)
-  FileUtils.mkdir_p(['public', 'src/controllers', 'src/views'])
-  files.each { |file| File.write(file[:filename], file[:content]) }
+  FileUtils.mkdir_p(['public/assets', 'src/controllers', 'src/views'])
+  files.each{ |file| File.write(file[:filename], file[:content]) }
   `git init`
+  `bundle install`
   puts("Project '#{File.basename(Dir.getwd)}' successfully created.")
 rescue # rubocop:disable Style/RescueStandardError
   puts('Woops! Something went wrong.')

data/contrib/lib/hawese.rb

@@ -0,0 +1,62 @@
+# frozen_string_literal: true
+
+# Copyright 2022 Felix Freeman <libsys@hacktivista.org>
+#
+# This file is part of "LeanWeb" and licensed under the terms of the GNU Affero
+# General Public License version 3 with permissions for compatibility with the
+# Hacktivista General Public License. You should have received a copy of this
+# license along with the software. If not, see <https://gnu.org/licenses/>.
+
+require 'json'
+require 'net/http'
+require 'openssl'
+require 'tilt'
+require 'uri'
+
+# Hawese client.
+#
+# **Environment variables**
+#
+# - HAWESE_RETURN_URL defaults to `LEANWEB_ENDPOINT/checkout`.
+# - HAWESE_ENDPOINT
+# - HAWESE_ORIGIN
+class Hawese
+  class << self
+    ENDPOINT = ENV.fetch('HAWESE_ENDPOINT')
+    RETURN_URL = ENV.fetch('HAWESE_RETURN_URL') do
+      "#{ENV.fetch('LEANWEB_ENDPOINT')}/checkout"
+    end
+    ORIGIN = ENV.fetch('HAWESE_ORIGIN')
+
+    def payment_methods
+      uri = URI("#{ENDPOINT}/gateways/payment-methods/purchase")
+      JSON.parse(Net::HTTP.get(uri))
+    end
+
+    def gateway_schema(gateway, query_params, schema = 'purchase')
+      uri = URI("#{ENDPOINT}/gateways/#{gateway}/schemas/#{schema}")
+      uri.query = URI.encode_www_form(query_params)
+      JSON.parse(Net::HTTP.get(uri))
+    end
+
+    def purchase(gateway, fields)
+      fields[:origin] = ORIGIN
+      uri = URI("#{ENDPOINT}/gateways/#{gateway}/purchase")
+      uri.query = URI.encode_www_form(return_url: RETURN_URL)
+      response = Net::HTTP.post(
+        uri,
+        fields.to_json,
+        'Content-Type' => 'application/json'
+      )
+      JSON.parse(response.body)
+    end
+
+    def purchase_from_schema(gateway, schema)
+      fields = {}
+      schema['properties'].each do |property, contents|
+        fields[property] = contents['default'] if contents.include?('default')
+      end
+      purchase(gateway, fields)
+    end
+  end
+end

data/contrib/lib/lean_mail.rb

@@ -0,0 +1,125 @@
+# frozen_string_literal: true
+
+# Copyright 2022 Felix Freeman <libsys@hacktivista.org>
+#
+# This file is part of "LeanWeb" and licensed under the terms of the GNU Affero
+# General Public License version 3 with permissions for compatibility with the
+# Hacktivista General Public License. You should have received a copy of this
+# license along with the software. If not, see <https://gnu.org/licenses/>.
+
+require 'net/smtp'
+require 'securerandom'
+require 'socket'
+require 'time'
+
+# Send an email with SMTP easily.
+#
+# Environment variables:
+#
+# - SMTP_HOST: Where to connect to.
+# - SMTP_PORT: Port, optional (default: 25).
+# - SMTP_SECURITY: `tls` or `starttls`, optional (default: `nil`).
+# - SMTP_USER: User, optional.
+# - SMTP_PASSWORD: Password, optional.
+# - SMTP_FROM: In the format `Name <user@mail>` or `user@mail`.
+#
+# @example Single address
+#   LeanMail.deliver('to@mail', 'subject', 'body')
+#
+# @example Multiple addresses
+#   LeanMail.deliver(['to@mail', 'to2@mail'], 'subject', 'body')
+module LeanMail
+  # RFC 2821 message data representation.
+  class Data
+    attr_reader :from, :to, :subject, :message
+
+    def initialize(from, to, subject, message)
+      @from = from
+      @to = to
+      @subject = subject
+      @message = message
+    end
+
+    def to_s
+      <<~MAIL
+        From: #{@from}
+        To: #{to.instance_of?(Array) ? to.join(', ') : to}
+        Subject: #{subject}
+        Date: #{Time.new.rfc2822}
+        Message-Id: <#{SecureRandom.uuid}@#{Socket.gethostname}>
+
+        #{@message}
+      MAIL
+    end
+  end
+
+  # Email deliverer.
+  class Deliver
+    attr_reader :data
+
+    def initialize
+      @user = ENV.fetch('SMTP_USER', nil)
+      @password = ENV.fetch('SMTP_PASSWORD', nil)
+      @from = ENV.fetch('SMTP_FROM')
+
+      @host = ENV.fetch('SMTP_HOST')
+      @port = ENV.fetch('SMTP_PORT', 25)
+      @security = ENV.fetch('SMTP_SECURITY', nil)
+
+      initialize_smtp
+    end
+
+    # Send email.
+    #
+    # @param to [Array, String] In the format `Name <user@mail>` or `user@mail`.
+    # @param subject [String]
+    # @param body [String]
+    # @return [Deliver]
+    def call(to, subject, body)
+      @data = Data.new(@from, to, subject, body)
+
+      @smtp.start(Socket.gethostname, @user, @password, :plain) do |smtp|
+        smtp.send_message(@data.to_s, extract_addr(@from), extract_addrs(to))
+      end
+
+      self
+    end
+
+    protected
+
+    def initialize_smtp
+      @smtp = Net::SMTP.new(@host, @port)
+      maybe_enable_security(@security)
+    end
+
+    def maybe_enable_security(security)
+      case security
+      when 'tls' then @smtp.enable_tls
+      when 'starttls' then @smtp.enable_starttls
+      end
+    end
+
+    def extract_addr(str)
+      match = str.match(%r{<([^/]+)>})
+      return match[1] if match
+
+      str
+    end
+
+    def extract_addrs(to)
+      return to.map{ |addr| extract_addr(addr) } if to.instance_of?(Array)
+
+      extract_addr(to)
+    end
+  end
+
+  # Deliver email.
+  #
+  # @param to [Array, String] In the format `Name <user@mail>` or `user@mail`.
+  # @param subject [String]
+  # @param body [String]
+  # @return [Deliver]
+  def self.deliver(to, subject, body)
+    LeanMail::Deliver.new.call(to, subject, body)
+  end
+end

data/contrib/lib/leanweb/controller_mixins/render_with_layout.rb

@@ -0,0 +1,170 @@
+# frozen_string_literal: true
+
+# Copyright 2022 Felix Freeman <libsys@hacktivista.org>
+#
+# This file is part of "LeanWeb" and licensed under the terms of the GNU Affero
+# General Public License version 3 with permissions for compatibility with the
+# Hacktivista General Public License. You should have received a copy of this
+# license along with the software. If not, see <https://gnu.org/licenses/>.
+
+
+module LeanWeb
+  module ControllerMixins
+    # {render_with_layout} for {Controller} with ERB, HAML, Tilt::EmacsOrg and
+    # Redcarpet Markdown support.
+    module RenderWithLayout
+      # Render a response with a layout.
+      #
+      # Depending on the `path` file contents and options `@content_for` might
+      # be filled. These contents must be inserted on the `head` or `body` of
+      # your layout file.
+      #
+      # All paths used on parameters can be relative to {VIEW_PATH} or absolute.
+      #
+      # @param path [String] Path to file to rendered.
+      # @param title [String] `@content_for[:title]` content.
+      # @param head [Hash] Things to be inserted on `@content_for[:head]`.
+      # @option head [String|Array] :js Javascript file path(s).
+      # @option head [String|Array] :jsm Javascript module file path (s).
+      # @option head [String|Array] :css CSS file path(s).
+      # @option head [String|Array] :raw Raw headers in HTML format.
+      # @param layout [String] Layout file path.
+      # @param sub_layout [String] Layout file to be inserted within layout.
+      # @param options [Hash] Options hash, to be given to the template engine
+      #   based on file extension: `Tilt::EmacsOrg` for `.org` and `Redcarpet`
+      #   for `.md`.
+      # @option options [String] :setupfile For `.org`.
+      # @option options [true] :toc For `.md`. To fill `@content_for[:toc]`
+      #   render with option `:with_toc_data`.
+      # @yield On dynamic templates (such as Haml and ERB) you can yield.
+      def render_with_layout( # rubocop:disable Metrics/ParameterLists
+        path,
+        title: nil,
+        head: nil,
+        layout: 'layout.haml',
+        sub_layout: nil,
+        options: {},
+        &block
+      )
+        @content_for[:title] = title unless title.nil?
+        content = render_by_extension(path, sub_layout, options, &block)
+        prepare_head(head) unless head.nil?
+        render_response(layout, 'text/html'){ content }
+      end
+
+      protected
+
+      # @param path [String]
+      # @param layout [String]
+      # @param options [Hash] Check `Tilt::EmacsOrg` options.
+      # @option options [String] :setupfile can be absolute or relative to
+      #   {VIEW_PATH}.
+      def render_org(path, layout: nil, options: {})
+        options[:setupfile] = "#{VIEW_PATH}/#{options[:setupfile]}" \
+          if options.include?(:setupfile) && options[:setupfile][0] != '/'
+
+        org_template = create_template(path, options)
+
+        @content_for[:title] = org_template.title \
+          unless @content_for.include?(:title)
+
+        if layout
+          create_template(layout).render(self){ org_template.render(self) }
+        else
+          org_template.render(self)
+        end
+      end
+
+      # @param path [String]
+      # @param layout [String]
+      # @param options [Hash] Check `RedCarpet` `render_options`.
+      # @option options [true] :toc To place an HTML based table of contents on
+      #   `@content_for[:toc]` and render with option `:with_toc_data`.
+      def render_markdown(path, layout: nil, options: {})
+        maybe_render_markdown_toc!(path, options)
+        markdown_template = create_template(path, options)
+        if layout
+          create_template(layout).render(self){ markdown_template.render(self) }
+        else
+          markdown_template.render(self)
+        end
+      end
+
+      # If `options[:toc]` is set, deletes options `:toc` and adds
+      # `:with_toc_data`. Also adds `@content_for[:toc]`.
+      def maybe_render_markdown_toc!(path, options)
+        return unless options.include?(:toc)
+
+        require('redcarpet')
+        @content_for[:toc] = create_template(
+          path, { renderer: Redcarpet::Render::HTML_TOC }
+        ).render
+
+        options.delete(:toc)
+        options[:with_toc_data] = true
+      end
+
+      # @param path [String]
+      # @param layout [String]
+      # @param options [Hash] Check `Haml` options.
+      # @yield If block given.
+      def render_other(path, layout: nil, options: {})
+        template = create_template(path, options)
+        if layout
+          create_template(layout).render(self) do
+            template.render(self){ yield if block_given? }
+          end
+        else
+          template.render(self){ yield if block_given? }
+        end
+      end
+
+      def render_by_extension(path, layout, options, &block)
+        case File.extname(path)
+        when '.org'
+          render_org(path, layout: layout, options: options)
+        when '.md'
+          render_markdown(path, layout: layout, options: options)
+        else
+          render_other(path, layout: layout, options: options, &block)
+        end
+      end
+
+      def prepare_head(js: nil, jsm: nil, css: nil, raw: nil)
+        head = String.new
+        head << prepare_head_js(js) unless js.nil?
+        head << prepare_head_js(jsm, 'module') unless jsm.nil?
+        head << prepare_head_css(css) unless css.nil?
+        head << prepare_head_raw(raw) unless raw.nil?
+        @content_for[:head] = head
+      end
+
+      def prepare_head_js(js, type = 'application/javascript')
+        head = String.new
+        js = [js] if js.instance_of?(String)
+        js.each do |src|
+          head << "<script type='#{type}' src='#{src}'"
+          head << ' defer' if type != 'module'
+          head << "></script>\n"
+        end
+        head
+      end
+
+      def prepare_head_css(css)
+        head = String.new
+        css = [css] if css.instance_of?(String)
+        css.each do |src|
+          head << "<link rel='stylesheet' type='text/css' href='#{src}'>\n"
+        end
+        head
+      end
+
+      def prepare_head_raw(raw)
+        head = String.new
+        raw = [raw] if raw.instance_of?(String)
+        raw.each{ |src| head << "#{src}\n" }
+        head
+      end
+    end
+  end
+end

data/contrib/lib/rack/session/json_file.rb

@@ -0,0 +1,84 @@
+# frozen_string_literal: true
+
+# Copyright 2022 Felix Freeman <libsys@hacktivista.org>
+#
+# This file is part of "LeanWeb" and licensed under the terms of the GNU Affero
+# General Public License version 3 with permissions for compatibility with the
+# Hacktivista General Public License. You should have received a copy of this
+# license along with the software. If not, see <https://gnu.org/licenses/>.
+
+require 'date'
+require 'fileutils'
+require 'json'
+require 'rack/session/abstract/id'
+
+module Rack
+  module Session
+    # A JSON File based session storage.
+    class JsonFile < Abstract::PersistedSecure
+      # Cleans session files that have not been used.
+      # @param to [Time|Date] Time from which file has not been accessed.
+      #   Defaults to 00:00 hrs 1 month ago.
+      # @param dir [String] Directory from which to clean files. Defaults to
+      #   `/tmp/rack.session`.
+      def self.clean(
+        to = Date.today.prev_month,
+        dir = "#{Dir.tmpdir}/rack.session"
+      )
+        to = to.to_time if to.instance_of?(Date)
+        Dir["#{dir}/*"].each do |file|
+          FileUtils.rm(file, force: true) if ::File.atime(file) < to
+        end
+      end
+
+      # @param options [Hash] Accepts a :session_dir path which defaults to
+      #   `/tmp/rack.session`.
+      def initialize(app, options = {})
+        super(
+          app,
+          {
+            secure: ENV['RACK_ENV'] != 'development', # HTTPS unless in dev env
+            same_site: 'Strict' # don't allow cross-site sessions
+          }.merge!(options)
+        )
+        @session_dir = "#{Dir.tmpdir}/#{@key}" || @default_options[:session_dir]
+      end
+
+      # @return [Array] [self, Hash].
+      def find_session(_req, sid)
+        sid = generate_sid if sid.nil?
+
+        [sid, JSON.parse(::File.read("#{@session_dir}/#{sid}"))]
+      rescue Errno::ENOENT
+        [generate_sid, {}]
+      rescue JSON::ParserError
+        [sid, {}]
+      end
+
+      # @param sid [String] Only known ids are allowed, to avoid session
+      #   fixation attacks.
+      # @return [self|false] session_id or false.
+      def write_session(_req, sid, session, _options)
+        return false unless ::File.exist?("#{@session_dir}/#{sid}")
+
+        ::File.open("#{@session_dir}/#{sid}", 'w', 0o600) do |f|
+          f << JSON.generate(session)
+        end
+        sid
+      end
+
+      # @return [self|nil] new session id or nil if options[:drop].
+      def delete_session(_req, sid, options)
+        FileUtils.rm("#{@session_dir}/#{sid}", force: true)
+        options&.include?(:drop) ? nil : generate_sid
+      end
+
+      def generate_sid(*)
+        sid = super
+        FileUtils.mkdir_p(@session_dir, mode: 0o700)
+        ::File.new("#{@session_dir}/#{sid}", 'w', 0o600).close
+        sid
+      end
+    end
+  end
+end

data/lib/leanweb/app.rb

@@ -2,10 +2,10 @@
 
 # Copyright 2022 Felix Freeman <libsys@hacktivista.org>
 #
-# This file is part of "LeanWeb" and licensed under the terms of the Hacktivista
-# General Public License version 0.1 or (at your option) any later version. You
-# should have received a copy of this license along with the software. If not,
-# see <https://hacktivista.org/licenses/>.
+# This file is part of "LeanWeb" and licensed under the terms of the GNU Affero
+# General Public License version 3 with permissions for compatibility with the
+# Hacktivista General Public License. You should have received a copy of this
+# license along with the software. If not, see <https://gnu.org/licenses/>.
 
 require 'rack'
 
@@ -20,19 +20,15 @@ module LeanWeb
     end
 
     # Entry point for dynamic routes (Rack).
+    #
     # @param env [Hash] `env` for Rack.
     def call(env)
       request = Rack::Request.new(env)
-      route = @routes.find do |r|
-        (r[:method] || 'GET') == request.request_method && begin
-          r[:path] =~ request.path
-        rescue TypeError
-          r[:path] == request.path
-        end
-      end
-      return [404, {}, ['Not found']] unless route_exists?(route)
+      route = find_route(request)
+      route = Route.new(**route) unless route.nil?
+      return [404, {}, ['Not found']] unless route&.available?
 
-      Route.new(**route).respond(request)
+      route.respond(request)
     end
 
     # Build static routes to files.
@@ -42,31 +38,23 @@ module LeanWeb
         next unless route.static
 
         begin
-          route.static.each { |seed| route.build(route.seed_path(seed)) }
+          route.static.each{ |seed| route.build(route.seed_path(seed)) }
         rescue NoMethodError
           route.build
         end
       end
     end
 
-    # Initialize by evaluating the routes file.
-    # Do this here so users don't freak out for using eval and rubocop is happy
-    # on client side.
-    # @param file [String] Routes file.
-    def self.init(file = 'routes.rb')
-      new(eval(File.read(file))) # rubocop:disable Security/Eval
-    end
-
     protected
 
-    # Check if route exists.
-    # If not on development environment, serve only dynamic routes.
-    # @param route [Hash]
-    def route_exists?(route)
-      return false if route.nil? \
-        || (ENV['RACK_ENV'] != 'development' && route[:static] != false)
-
-      true
+    def find_route(request)
+      @routes.find do |r|
+        (r[:method] || 'GET') == request.request_method && begin
+          r[:path] =~ request.path
+        rescue TypeError
+          r[:path] == request.path
+        end
+      end
     end
   end
 end