macaw_framework 1.2.3 → 1.2.4

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 6b8d8af2c8dfcaf1b23ec98aa59552d18ba7922db8829ceb6d3969a13b780c16
-  data.tar.gz: d55ae5ebfe0d6cbb5019bcfaeb7aedbaa808c15a0ad13c7b6e5f96a036496d3f
+  metadata.gz: 17a2ff330e9f546997fcbbcbbc8bc0e08af19c08980056999b60f3307aaf898d
+  data.tar.gz: 2af901040509fcd7feecaa5bc9cc762967f9530cd6277b6fc0d4ac1fe5a3bb20
 SHA512:
-  metadata.gz: 0a53413f64b5a2c25bb026d961690b78490cf45b1e58e03f695d7bfad54b0e4d461b04351a3b8aaf23ab991bb5b7450fd481f8f25bced1a6b3f818b035934635
-  data.tar.gz: 3a503e0618a7af98b43f26b284fedcbf238bb128c7bd1cb8013c8b36485c9539a2a0a242e78af675e51b7df23ad16e4d00e5cbe368ee9faf448359930892605c
+  metadata.gz: 07127b57e24d02a95a9bc444bc444bb3ce44d9f80c6fc9f08b5155c88a3355bd20ee93ae5831f028596b114a4cb200c31bd5247bff8ba043d65f844c426a6bd7
+  data.tar.gz: 4ca1a0f63ea1feb4de1b712f63b786286b791bc9df255011b4ef7acf5a740076c65821b13311bf5c3741bfde945ba0f83dae8ad0073bb56dab6962295b1dc7b5

data/CHANGELOG.md

@@ -123,3 +123,8 @@
 ## [1.2.3]
 
 - Fixing import of pathname
+
+## [1.2.4]
+
+- Fixing small bug on lof during endpoint declaration
+- Disclosing security issue on session storage

data/Gemfile

@@ -2,20 +2,15 @@
 
 source "https://rubygems.org"
 
-# Specify your gem's dependencies in macaw_framework.gemspec
 gemspec
 
-gem "rake", "~> 13.0"
-
-gem "minitest", "~> 5.0"
-
-gem "rubocop", "~> 1.21"
-
-gem "prometheus-client", "~> 4.1"
-
 gem "openssl"
+gem "prometheus-client", "~> 4.1"
 
 group :test do
+  gem "minitest", "~> 5.0"
+  gem "rake", "~> 13.0"
+  gem "rubocop", "~> 1.21"
   gem "simplecov", "~> 0.21.2"
   gem "simplecov-json"
   gem "simplecov_json_formatter", "~> 0.1.2"

data/README.md

@@ -111,7 +111,7 @@ end
 
 *Observation: To activate caching, you also have to set its properties in the `application.json` file. If you don't, the caching strategy will not work. See the Configuration section below for more details.*
 
-### Session management: Handle user sessions securely with server-side in-memory storage
+### Session management: Handle user sessions with server-side in-memory storage
 
 ```ruby
 m.get('/login') do |context|
@@ -129,6 +129,8 @@ m.get('/dashboard') do |context|
 end
 ```
 
+**Caution: This feature is vulnerable to IP spoofing and may disrupt sessions on devices sharing the same network (e.g., Wi-Fi).**
+
 ### Configuration: Customize various aspects of the framework through the application.json configuration file, such as rate limiting, SSL support, and Prometheus integration
 
 ```json

data/lib/macaw_framework/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module MacawFramework
-  VERSION = "1.2.3"
+  VERSION = "1.2.4"
 end

data/lib/macaw_framework.rb

@@ -198,7 +198,8 @@ module MacawFramework
     def map_new_endpoint(prefix, cache, path, &block)
       @endpoints_to_cache << "#{prefix}.#{RequestDataFiltering.sanitize_method_name(path)}" if cache
       path_clean = RequestDataFiltering.extract_path(path)
-      @macaw_log&.info("Defining #{prefix.upcase} endpoint at /#{path}")
+      slash = path[0] == "/" ? "" : "/"
+      @macaw_log&.info("Defining #{prefix.upcase} endpoint at #{slash}#{path}")
       define_singleton_method("#{prefix}.#{path_clean}", block || lambda {
         |context = { headers: {}, body: "", params: {} }|
       })

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: macaw_framework
 version: !ruby/object:Gem::Version
-  version: 1.2.3
+  version: 1.2.4
 platform: ruby
 authors:
 - Aria Diniz
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2023-12-18 00:00:00.000000000 Z
+date: 2024-02-18 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: prometheus-client