macaw_framework 1.2.3 → 1.2.5

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 6b8d8af2c8dfcaf1b23ec98aa59552d18ba7922db8829ceb6d3969a13b780c16
-  data.tar.gz: d55ae5ebfe0d6cbb5019bcfaeb7aedbaa808c15a0ad13c7b6e5f96a036496d3f
+  metadata.gz: fd7f1b0bfc6306d0d86f2228f3a51cf955cad0db12031920cf9f0f131d664f6d
+  data.tar.gz: 92ea7a2854218fb31726c37bc6cbe99399159cdb0cc08a3c72ce62e4b27e72c2
 SHA512:
-  metadata.gz: 0a53413f64b5a2c25bb026d961690b78490cf45b1e58e03f695d7bfad54b0e4d461b04351a3b8aaf23ab991bb5b7450fd481f8f25bced1a6b3f818b035934635
-  data.tar.gz: 3a503e0618a7af98b43f26b284fedcbf238bb128c7bd1cb8013c8b36485c9539a2a0a242e78af675e51b7df23ad16e4d00e5cbe368ee9faf448359930892605c
+  metadata.gz: 1a06342e79d24109aa1b47058e7a973009e9e19a0a898f95c653a13dd3558b5576be34b628f5fbf488aa0b019f35ed6f941fd1b3808c7894bac9dd1b9d9c85e5
+  data.tar.gz: cfff2868edfd0314006a36cdeb21d1f69ed6388b2c9a5181cec7f67c1c101818f6feb58e865d3672c84b55c3d71372a3850e9dd6b0ee6f3f948baec5af2a726c

data/CHANGELOG.md

@@ -123,3 +123,12 @@
 ## [1.2.3]
 
 - Fixing import of pathname
+
+## [1.2.4]
+
+- Fixing small bug on lof during endpoint declaration
+- Disclosing security issue on session storage
+
+## [1.2.5]
+
+- Improvements to cache usability

data/Gemfile

@@ -2,20 +2,15 @@
 
 source "https://rubygems.org"
 
-# Specify your gem's dependencies in macaw_framework.gemspec
 gemspec
 
-gem "rake", "~> 13.0"
-
-gem "minitest", "~> 5.0"
-
-gem "rubocop", "~> 1.21"
-
-gem "prometheus-client", "~> 4.1"
-
 gem "openssl"
+gem "prometheus-client", "~> 4.1"
 
 group :test do
+  gem "minitest", "~> 5.0"
+  gem "rake", "~> 13.0"
+  gem "rubocop", "~> 1.21"
   gem "simplecov", "~> 0.21.2"
   gem "simplecov-json"
   gem "simplecov_json_formatter", "~> 0.1.2"

data/README.md

@@ -104,14 +104,14 @@ m.start!
 ### Caching: Improve performance by caching responses and configuring cache invalidation
 
 ```ruby
-m.get('/cached_data', cache: true) do |context|
+m.get('/cached_data', cache: ["header_to_cache", "query_param_to_cache"]) do |context|
   # Retrieve data
 end
 ```
 
 *Observation: To activate caching, you also have to set its properties in the `application.json` file. If you don't, the caching strategy will not work. See the Configuration section below for more details.*
 
-### Session management: Handle user sessions securely with server-side in-memory storage
+### Session management: Handle user sessions with server-side in-memory storage
 
 ```ruby
 m.get('/login') do |context|
@@ -129,6 +129,8 @@ m.get('/dashboard') do |context|
 end
 ```
 
+**Caution: This feature is vulnerable to IP spoofing and may disrupt sessions on devices sharing the same network (e.g., Wi-Fi).**
+
 ### Configuration: Customize various aspects of the framework through the application.json configuration file, such as rate limiting, SSL support, and Prometheus integration
 
 ```json
@@ -138,11 +140,7 @@ end
     "bind": "localhost",
     "threads": 200,
     "cache": {
-      "cache_invalidation": 3600,
-      "ignore_headers": [
-        "header-to-be-ignored-from-caching-strategy",
-        "another-header-to-be-ignored-from-caching-strategy"
-      ]
+      "cache_invalidation": 3600
     },
     "prometheus": {
       "endpoint": "/metrics"

data/lib/macaw_framework/aspects/cache_aspect.rb

@@ -6,7 +6,7 @@ module CacheAspect
   def call_endpoint(cache, *args)
     return super(*args) unless !cache[:cache].nil? && cache[:endpoints_to_cache]&.include?(args[0])
 
-    cache_filtered_name = cache_name_filter(args[1], cache[:ignored_headers])
+    cache_filtered_name = cache_name_filter(args[1], cache[:cached_methods][args[0]])
 
     cache[:cache].mutex.synchronize do
       return cache[:cache].cache[cache_filtered_name][0] unless cache[:cache].cache[cache_filtered_name].nil?
@@ -19,9 +19,10 @@ module CacheAspect
 
   private
 
-  def cache_name_filter(client_data, ignored_headers)
-    filtered_headers = client_data[:headers].filter { |key, _value| !ignored_headers&.include?(key) }
-    [{ body: client_data[:body], params: client_data[:params], headers: filtered_headers }].to_s.to_sym
+  def cache_name_filter(client_data, cached_methods_params)
+    filtered_headers = client_data[:headers]&.filter { |key, _value| cached_methods_params&.include?(key) }
+    filtered_params = client_data[:params]&.filter { |key, _value| cached_methods_params&.include?(key) }
+    [{ params: filtered_params, headers: filtered_headers }].to_s.to_sym
   end
 
   def should_cache_response?(status)

data/lib/macaw_framework/core/common/server_base.rb

@@ -83,12 +83,6 @@ module ServerBase
     )
   end
 
-  def set_cache_ignored_h
-    return unless @macaw.config&.dig("macaw", "cache", "ignore_headers")
-
-    @macaw.config["macaw"]["cache"]["ignore_headers"] || []
-  end
-
   def set_ssl
     ssl_config = @macaw.config["macaw"]["ssl"] if @macaw.config&.dig("macaw", "ssl")
     ssl_config ||= nil

data/lib/macaw_framework/core/thread_server.rb

@@ -32,11 +32,13 @@ class ThreadServer
     @macaw_log = macaw.macaw_log
     @num_threads = macaw.threads
     @work_queue = Queue.new
-    ignored_headers = set_cache_ignored_h
     set_features
     @rate_limit ||= nil
-    ignored_headers ||= nil
-    @cache = { cache: cache, endpoints_to_cache: endpoints_to_cache || [], ignored_headers: ignored_headers }
+    @cache = {
+      cache: cache,
+      endpoints_to_cache: endpoints_to_cache || [],
+      cached_methods: macaw.cached_methods
+    }
     @prometheus = prometheus
     @prometheus_middleware = prometheus_mw
     @workers = []

data/lib/macaw_framework/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module MacawFramework
-  VERSION = "1.2.3"
+  VERSION = "1.2.5"
 end

data/lib/macaw_framework.rb

@@ -19,16 +19,18 @@ module MacawFramework
   # Class responsible for creating endpoints and
   # starting the web server.
   class Macaw
-    ##
-    # Array containing the routes defined in the application
-    attr_reader :routes, :macaw_log, :config, :jobs
+    attr_reader :routes, :macaw_log, :config, :jobs, :cached_methods
     attr_accessor :port, :bind, :threads
 
     ##
+    # Initialize Macaw Class
     # @param {Logger} custom_log
+    # @param {ThreadServer} server
+    # @param {String?} dir
     def initialize(custom_log: Logger.new($stdout), server: ThreadServer, dir: nil)
       begin
         @routes = []
+        @cached_methods = {}
         @macaw_log ||= custom_log
         @config = JSON.parse(File.read("application.json"))
         @port = @config["macaw"]["port"] || 8080
@@ -65,7 +67,7 @@ module MacawFramework
     # macaw.get("/hello") do |context|
     #   return "Hello World!", 200, { "Content-Type" => "text/plain" }
     # end
-    def get(path, cache: false, &block)
+    def get(path, cache: [], &block)
       map_new_endpoint("get", cache, path, &block)
     end
 
@@ -81,7 +83,7 @@ module MacawFramework
     # macaw.post("/hello") do |context|
     #   return "Hello World!", 200, { "Content-Type" => "text/plain" }
     # end
-    def post(path, cache: false, &block)
+    def post(path, cache: [], &block)
       map_new_endpoint("post", cache, path, &block)
     end
 
@@ -96,7 +98,7 @@ module MacawFramework
     # macaw.put("/hello") do |context|
     #   return "Hello World!", 200, { "Content-Type" => "text/plain" }
     # end
-    def put(path, cache: false, &block)
+    def put(path, cache: [], &block)
       map_new_endpoint("put", cache, path, &block)
     end
 
@@ -111,7 +113,7 @@ module MacawFramework
     # macaw.patch("/hello") do |context|
     #   return "Hello World!", 200, { "Content-Type" => "text/plain" }
     # end
-    def patch(path, cache: false, &block)
+    def patch(path, cache: [], &block)
       map_new_endpoint("patch", cache, path, &block)
     end
 
@@ -126,7 +128,7 @@ module MacawFramework
     # macaw.delete("/hello") do |context|
     #   return "Hello World!", 200, { "Content-Type" => "text/plain" }
     # end
-    def delete(path, cache: false, &block)
+    def delete(path, cache: [], &block)
       map_new_endpoint("delete", cache, path, &block)
     end
 
@@ -196,9 +198,11 @@ module MacawFramework
     end
 
     def map_new_endpoint(prefix, cache, path, &block)
-      @endpoints_to_cache << "#{prefix}.#{RequestDataFiltering.sanitize_method_name(path)}" if cache
+      @endpoints_to_cache << "#{prefix}.#{RequestDataFiltering.sanitize_method_name(path)}" unless cache.empty?
+      @cached_methods["#{prefix}.#{RequestDataFiltering.sanitize_method_name(path)}"] = cache unless cache.empty?
       path_clean = RequestDataFiltering.extract_path(path)
-      @macaw_log&.info("Defining #{prefix.upcase} endpoint at /#{path}")
+      slash = path[0] == "/" ? "" : "/"
+      @macaw_log&.info("Defining #{prefix.upcase} endpoint at #{slash}#{path}")
       define_singleton_method("#{prefix}.#{path_clean}", block || lambda {
         |context = { headers: {}, body: "", params: {} }|
       })

data/sig/macaw_framework/macaw.rbs

@@ -2,6 +2,7 @@ module MacawFramework
   class Macaw
     @bind: String
     @cache: untyped
+    @cached_methods: Hash[String, Array[String]]
     @config: Hash[String, untyped]
     @cron_runner: CronRunner
     @endpoints_to_cache: Array[String]

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: macaw_framework
 version: !ruby/object:Gem::Version
-  version: 1.2.3
+  version: 1.2.5
 platform: ruby
 authors:
 - Aria Diniz
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2023-12-18 00:00:00.000000000 Z
+date: 2024-04-14 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: prometheus-client