macaw_framework 1.0.1 → 1.0.2
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +6 -0
- data/README.md +5 -2
- data/SECURITY.md +16 -2
- data/lib/macaw_framework/core/server.rb +5 -7
- data/lib/macaw_framework/version.rb +1 -1
- data/main/CODEOWNERS +1 -0
- metadata +3 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 6e3d33329ff53ab220c857c255d70b687d50f0703054ecef2866a17676867eed
|
4
|
+
data.tar.gz: 2c340f529123646d86a261630f2bcb5bb89dbbfda10a65f4820f1db8ece73504
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 79abf5fdf0729ef0464245c8765c88516b5445bff3123160e8f84fe1e43fa5360f311fceb731cb9f2823c49ac0caac5a78e3f35812ef3fe5e38cec2ab373cd81
|
7
|
+
data.tar.gz: db3b2bec7d0999497c752d9d1664d2bd99e0b35bb1bd67f95d5e529c7a46950ae62a02334f65016b4a947373a4a3871d5aa75832f33765e930dc7c0c4367dd45
|
data/CHANGELOG.md
CHANGED
@@ -47,3 +47,9 @@
|
|
47
47
|
- Introducing server-side session management
|
48
48
|
- Fixing a bug with cache
|
49
49
|
- Improving README
|
50
|
+
|
51
|
+
## [1.0.2] - 2023-05-06
|
52
|
+
|
53
|
+
- Fixing a bug with cache where ignored_headers where not being properly loaded
|
54
|
+
- Fixed a bug with cache where URL parameters were not being considered in the strategy
|
55
|
+
- Updating SECURITY.md with more information
|
data/README.md
CHANGED
@@ -56,17 +56,20 @@ m.get('/cached_data', cache: true) do |context|
|
|
56
56
|
end
|
57
57
|
```
|
58
58
|
|
59
|
+
Observation: To activate caching you also have to set it's properties on the application.json file. If you don't, caching strategy will not work.
|
60
|
+
See section below for configurations.
|
61
|
+
|
59
62
|
### Session management: Handle user sessions securely with server-side in-memory storage
|
60
63
|
|
61
64
|
```ruby
|
62
65
|
m.get('/login') do |context|
|
63
66
|
# Authenticate user
|
64
|
-
context[:
|
67
|
+
context[:client][:user_id] = user_id
|
65
68
|
end
|
66
69
|
|
67
70
|
m.get('/dashboard') do |context|
|
68
71
|
# Check if the user is logged in
|
69
|
-
if context[:
|
72
|
+
if context[:client][:user_id]
|
70
73
|
# Show dashboard
|
71
74
|
else
|
72
75
|
# Redirect to login
|
data/SECURITY.md
CHANGED
@@ -2,12 +2,26 @@
|
|
2
2
|
|
3
3
|
## Supported Versions
|
4
4
|
|
5
|
+
We are committed to addressing security issues in a timely manner. The following versions of MacawFramework are currently supported with security updates:
|
6
|
+
|
5
7
|
| Version | Supported |
|
6
8
|
| ------- | ------------------ |
|
7
9
|
| 1.0.x | :white_check_mark: |
|
8
10
|
| < 1.x | :x: |
|
9
11
|
|
10
|
-
|
11
12
|
## Reporting a Vulnerability
|
12
13
|
|
13
|
-
If you find a vulnerability, please
|
14
|
+
We encourage responsible disclosure of security vulnerabilities. If you find a vulnerability in MacawFramework, please follow the steps below:
|
15
|
+
|
16
|
+
1. Open an issue on the [GitHub repository](https://github.com/ariasdiniz/macaw_framework/issues) describing the vulnerability. Please include as much detail as possible, such as the affected version, the steps to reproduce the issue, and the potential impact of the vulnerability.
|
17
|
+
|
18
|
+
Alternatively, you can send an email to aria.diniz.dev@gmail.com with the same information.
|
19
|
+
|
20
|
+
2. We will review and acknowledge the report within a reasonable time frame. We may ask for additional information or guidance to help us understand and reproduce the issue.
|
21
|
+
|
22
|
+
3. We will work on addressing the vulnerability and will provide updates on the progress.
|
23
|
+
|
24
|
+
4. Once the issue is resolved, we will release a new version of MacawFramework with the necessary security fixes.
|
25
|
+
|
26
|
+
Please remember to follow the project's [Code of Conduct](https://github.com/ariasdiniz/macaw_framework/blob/main/CODE_OF_CONDUCT.md) when reporting security vulnerabilities.
|
27
|
+
|
@@ -123,11 +123,9 @@ class Server
|
|
123
123
|
end
|
124
124
|
|
125
125
|
def set_cache_ignored_h
|
126
|
-
|
127
|
-
|
128
|
-
|
129
|
-
end
|
130
|
-
ignored_headers
|
126
|
+
return unless @macaw.config&.dig("macaw", "cache", "ignore_headers")
|
127
|
+
|
128
|
+
@macaw.config["macaw"]["cache"]["ignore_headers"] || []
|
131
129
|
end
|
132
130
|
|
133
131
|
def set_ssl
|
@@ -166,13 +164,13 @@ class Server
|
|
166
164
|
{
|
167
165
|
headers: client_data[:headers],
|
168
166
|
body: client_data[:body],
|
169
|
-
params: client_data[:
|
167
|
+
params: client_data[:params],
|
170
168
|
client: @session[client_ip][0]
|
171
169
|
}
|
172
170
|
)
|
173
171
|
end
|
174
172
|
|
175
173
|
def get_client_data(body, headers, parameters)
|
176
|
-
{ body: body, headers: headers,
|
174
|
+
{ body: body, headers: headers, params: parameters }
|
177
175
|
end
|
178
176
|
end
|
data/main/CODEOWNERS
ADDED
@@ -0,0 +1 @@
|
|
1
|
+
* @ariasdiniz
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: macaw_framework
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 1.0.
|
4
|
+
version: 1.0.2
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Aria Diniz
|
8
8
|
autorequire:
|
9
9
|
bindir: exe
|
10
10
|
cert_chain: []
|
11
|
-
date: 2023-05-
|
11
|
+
date: 2023-05-07 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: prometheus-client
|
@@ -56,6 +56,7 @@ files:
|
|
56
56
|
- lib/macaw_framework/utils/http_status_code.rb
|
57
57
|
- lib/macaw_framework/version.rb
|
58
58
|
- macaw_logo.png
|
59
|
+
- main/CODEOWNERS
|
59
60
|
- sig/http_status_code.rbs
|
60
61
|
- sig/logging_aspect.rbs
|
61
62
|
- sig/macaw_framework.rbs
|