mayu-live 0.0.3 → 0.0.4

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 913188c20ab0304da5f9bf5c9dd0f82e3fbfc26a1f4b9207dc19e7e87fb01932
-  data.tar.gz: beef66574a2f14c57a4b5a8f14d76818a3a41e8ffa6bf6fa7cf2d064cd834dbc
+  metadata.gz: 3f819e4512b624c496e60ad22b2461db0ed9afbe13b2b5b528358266dd83cbe7
+  data.tar.gz: 4185727d1855c3eb019d27c0f2ab82d17d2941d3b8101043cb55d6fa9d31d350
 SHA512:
-  metadata.gz: e0d5bd062fcf1ed0058c49c3da133a4859ceb6a0c6711b5429b737b0dfa496d3ccbad3390e406eae1721744f2df48cb6194cfecbc0dacab7f1ee2c91c8c643cf
-  data.tar.gz: 8529908ec520dd9c2e27b8f0216a5025c94b01d224656f1b049ccceaf92a7b916122a3442ed54283bc619825242668a8176d8d6488c7669c74bd4002677d744d
+  metadata.gz: 314a09735d9870f64c4ce7635ff072281c87e11dc6414786957188158f047e70bef8757b5bb9bc038b0de7a4d298e5f4ea1a0fecd3ffeb485fc01c6b1f4ac54a
+  data.tar.gz: 3ec46f730741fcb7d6918b3a997704a298eef23572e3ffcf57903f97c2809bf82591bec9d70da4f33f0f9ce992bcc802a55df626dcc1ae1f7e83c57cba64466e

data/README.md

@@ -1,4 +1,4 @@
-# <img alt="Mayu Live" width="337" src="https://user-images.githubusercontent.com/41148/192179194-f44aed92-74a3-4b59-a25e-bf2a8d313796.png">
+# ![Mayu Live](https://raw.githubusercontent.com/mayu-live/logo/main/logo-with-text.svg)
 
 [![Tests](https://img.shields.io/github/actions/workflow/status/mayu-live/framework/.github/workflows/test.yml?branch=main&label=Tests&style=flat-square)](https://github.com/mayu-live/framework/actions/workflows/test.yml)
 [![Release](https://img.shields.io/github/v/release/mayu-live/framework?sort=semver&style=flat-square)](https://github.com/mayu-live/framework/releases)
@@ -9,7 +9,7 @@
 
 # Description
 
-Mayu is a live streaming server side component-based
+Mayu is a live updating server side component-based
 VirtualDOM rendering framework written in Ruby.
 
 Everything runs on the server, except for a tiny little runtime that

data/lib/mayu/encrypted_marshal.rb

@@ -0,0 +1,119 @@
+# typed: true
+# frozen_string_literal: true
+
+require "sorbet-runtime"
+require "rbnacl"
+require "brotli"
+
+module Mayu
+  class EncryptedMarshal
+    class Error < StandardError
+    end
+
+    class IssuedInTheFutureError < Error
+    end
+
+    class ExpiredError < Error
+    end
+
+    class DecryptError < Error
+    end
+
+    AdditionalData =
+      Data.define(:issued_at, :ttl) do
+        def self.create(ttl:, now: Time.now) = new(now.to_f, ttl)
+
+        def self.unpack(data)
+          data.unpack("D S") => [issued_at, ttl]
+          new(issued_at, ttl)
+        end
+
+        def pack = [issued_at, ttl].pack("D S")
+        def expired?(now: Time.now) = now > expires_at
+        def expires_at = Time.at(issued_at + ttl)
+      end
+
+    Message =
+      Data.define(:nonce, :ad, :ciphertext) do
+        def self.unpack(data)
+          data.unpack("S a*") => [nonce_length, data]
+          data.unpack("a#{nonce_length} S a*") => [nonce, ad_length, data]
+          data.unpack("a#{ad_length} a*") => [ad, ciphertext]
+          new(nonce, AdditionalData.unpack(ad), ciphertext)
+        end
+
+        def pack
+          packed_ad = ad.pack
+          [
+            nonce.bytesize,
+            nonce,
+            packed_ad.bytesize,
+            packed_ad,
+            ciphertext
+          ].pack("S a* S a* a*")
+        end
+
+        def expired?(now: Time.now) = ad.expired?(now:)
+        def expires_at = ad.expires_at
+
+        def verify_timestamps!(now: Time.now)
+          if ad.expired?(now:)
+            raise ExpiredError, "Message expired at #{ad.expires_at}"
+          end
+
+          if ad.issued_at > now.to_f
+            raise IssuedInTheFutureError,
+                  "Message was issued in the future, #{Time.at(ad.issued_at)}"
+          end
+
+          self
+        end
+      end
+
+    extend T::Sig
+
+    Cipher = RbNaCl::AEAD::ChaCha20Poly1305IETF
+
+    DEFAULT_TTL_SECONDS = 10
+
+    sig { returns(String) }
+    def self.random_key = RbNaCl::Random.random_bytes(Cipher::KEYBYTES)
+
+    sig { params(base_key: String, default_ttl: Integer).void }
+    def initialize(base_key, default_ttl: DEFAULT_TTL_SECONDS)
+      @cipher = Cipher.new(RbNaCl::Hash.sha256(base_key))
+      @default_ttl = default_ttl
+    end
+
+    sig { params(object: T.untyped, ttl: Integer).returns(String) }
+    def dump(object, ttl: @default_ttl) =
+      object
+        .then { Marshal.dump(_1) }
+        .then { Brotli.deflate(_1) }
+        .then { encrypt(_1, ttl:) }
+
+    sig { params(encrypted: String).returns(T.untyped) }
+    def load(encrypted) =
+      encrypted
+        .then { Message.unpack(_1) }
+        .then { _1.verify_timestamps! }
+        .then { decrypt(_1) }
+        .then { Brotli.inflate(_1) }
+        .then { Marshal.load(_1) }
+
+    private
+
+    def encrypt(message, ttl:)
+      nonce = RbNaCl::Random.random_bytes(@cipher.nonce_bytes)
+      ad = AdditionalData.create(ttl:)
+      ciphertext = @cipher.encrypt(nonce, message, ad.pack)
+      Message.new(nonce, ad, ciphertext).pack
+    end
+
+    def decrypt(message)
+      @cipher.decrypt(message.nonce, message.ciphertext, message.ad.pack)
+    rescue RbNaCl::CryptoError => e
+      raise DecryptError, e.message
+    end
+  end
+end

data/lib/mayu/environment.rb

@@ -10,7 +10,7 @@ require_relative "metrics"
 require_relative "app_metrics"
 require_relative "resources/registry"
 require_relative "fetch"
-require_relative "message_cipher"
+require_relative "encrypted_marshal"
 require_relative "configuration"
 
 module Mayu
@@ -34,8 +34,8 @@ module Mayu
     attr_reader :resources
     sig { returns(Fetch) }
     attr_reader :fetch
-    sig { returns(MessageCipher) }
-    attr_reader :message_cipher
+    sig { returns(EncryptedMarshal) }
+    attr_reader :encrypted_marshal
     sig { returns(AppMetrics) }
     attr_reader :metrics
 
@@ -44,8 +44,11 @@ module Mayu
       @root = T.let(config.root, String)
       @app_root = T.let(File.join(config.root, "app"), String)
       @config = config
-      @message_cipher =
-        T.let(MessageCipher.new(key: config.secret_key, ttl: 30), MessageCipher)
+      @encrypted_marshal =
+        T.let(
+          EncryptedMarshal.new(config.secret_key, default_ttl: 30),
+          EncryptedMarshal
+        )
       # TODO: Reload routes when things change in /pages...
       # Should probably make routes into a resource type.
       @routes =

data/lib/mayu/resources/transformers/__test__/css/media_queries.out.css

@@ -1,5 +1,5 @@
-@layer app\/components\/MyComponent\?zQoPHO29 {
-@media (min-width: 8em) and (max-width: 32em) {
+@layer app\/components\/MyComponent\?E59aOM9B {
+@media (width >= 8em) and (width <= 32em) {
   .app\/components\/MyComponent\.foo\?Ef7fDeuq {
     color: #f0f;
   }
@@ -9,4 +9,4 @@
   color: #00f;
 }
 
-}
+}

data/lib/mayu/resources/types/svg.rb

@@ -1,7 +1,6 @@
 # frozen_string_literal: true
 # typed: strict
 
-require "svg_optimizer"
 require_relative "base"
 
 module Mayu
@@ -10,30 +9,16 @@ module Mayu
       class SVG < Base
         extend T::Sig
 
-        SVG_OPTIMIZER_PLUGINS =
-          T.let(
-            SvgOptimizer::DEFAULT_PLUGINS -
-              [
-                # The following plugin sets fill="none" in some cases
-                # which breaks the fontawesome icons... That's why
-                # it's disabled...
-                SvgOptimizer::Plugins::RemoveUselessStrokeAndFill
-              ],
-            T::Array[T.class_of(SvgOptimizer::Plugins::Base)]
-          )
-
         sig { params(resource: Resource).void }
         def initialize(resource)
           @resource = resource
 
-          original = resource.read(encoding: "utf-8")
-          optimized = SvgOptimizer.optimize(original, SVG_OPTIMIZER_PLUGINS)
+          source = resource.read(encoding: "utf-8")
 
-          content_hash =
-            Base64.urlsafe_encode64(Digest::SHA256.digest(optimized))
+          content_hash = Base64.urlsafe_encode64(Digest::SHA256.digest(source))
 
           @filename = T.let("#{content_hash}.svg", String)
-          @source = T.let("#{optimized}\n", String)
+          @source = T.let(source, String)
         end
 
         sig { returns(T::Array[Asset]) }

data/lib/mayu/server/app.rb

@@ -433,7 +433,7 @@ module Mayu
           )
         end
 
-        @environment.message_cipher.load(body) => String => dumped
+        @environment.encrypted_marshal.load(body) => String => dumped
         session = Session.restore(environment: @environment, dumped:)
         @sessions.store(session.id, session)
       end
@@ -454,7 +454,7 @@ module Mayu
           EventStream::Message.new(
             :"session.transfer",
             EventStream::Blob.new(
-              @environment.message_cipher.dump(
+              @environment.encrypted_marshal.dump(
                 Session::SerializedSession.dump_session(session)
               )
             )

data/lib/mayu/server/errors.rb

@@ -64,9 +64,9 @@ module Mayu
         text_response(403, "session cookie not set")
       rescue SessionNotFound => e
         text_response(404, "session not found")
-      rescue Mayu::MessageCipher::DecryptError => e
+      rescue Mayu::EncryptedMarshal::DecryptError => e
         text_response(403, "decrypt error")
-      rescue Mayu::MessageCipher::ExpiredError => e
+      rescue Mayu::EncryptedMarshal::ExpiredError => e
         text_response(403, "session expired")
       rescue InvalidToken => e
         text_response(403, "invalid token")

data/lib/mayu/session.rb

@@ -2,6 +2,7 @@
 
 require "time"
 require "nanoid"
+require "rbnacl"
 require_relative "environment"
 require_relative "vdom/vtree"
 require_relative "vdom/marshalling"
@@ -77,11 +78,7 @@ module Mayu
 
     sig { params(token: String).returns(T::Boolean) }
     def authorized?(token)
-      if self.token.length == token.length
-        OpenSSL.fixed_length_secure_compare(self.token, token)
-      else
-        false
-      end
+      RbNaCl::Util.verify64(self.token, token)
     end
 
     Marshaled = T.type_alias { [String, String, String, String, String] }
@@ -166,7 +163,7 @@ module Mayu
       # freeze
 
       # encrypted_session =
-      #   @environment.message_cipher.dump(SerializedSession.dump_session(self))
+      #   @environment.encrypted_marshal.dump(SerializedSession.dump_session(self))
 
       links = [
         %{<script async type="module" src="/__mayu/runtime/#{environment.init_js}##{id}" crossorigin="same-origin" fetchpriority="high"></script>},

data/lib/mayu/version.rb

@@ -2,5 +2,5 @@
 # frozen_string_literal: true
 
 module Mayu
-  VERSION = "0.0.3"
+  VERSION = "0.0.4"
 end

data/mayu-live.gemspec

@@ -11,7 +11,7 @@ Gem::Specification.new do |spec|
   spec.summary = "Server side VDOM framework"
 
   spec.description = <<~EOF
-    Mayu Live is a live streaming server side VirtualDOM framework for Ruby,
+    Mayu Live is a live updating server side VirtualDOM framework for Ruby,
     inspired by modern frontend tools that exist in the JavaScript ecosystem.
   EOF
 
@@ -53,8 +53,9 @@ Gem::Specification.new do |spec|
   spec.add_dependency "prometheus-client", "~> 4.0.0"
   spec.add_dependency "protocol-http", "~> 0.23.12"
   spec.add_dependency "pry", "~> 0.14.2"
-  spec.add_dependency "rack", "~> 3.0.4.1"
+  spec.add_dependency "rack", ">= 3.0.4.1", "< 3.0.9.0"
   spec.add_dependency "rake", "~> 13.0.6"
+  spec.add_dependency "rbnacl", "~> 7.1.1"
   spec.add_dependency "sorbet-runtime", "~> 0.5.10634"
   spec.add_dependency "terminal-table", "~> 3.0.2"
   spec.add_dependency "toml-rb", "~> 2.2.0"
@@ -67,9 +68,8 @@ Gem::Specification.new do |spec|
   spec.add_dependency "image_size", "~> 3.2.0"
   spec.add_dependency "kramdown", "~> 2.4.0"
   spec.add_dependency "rouge", "~> 4.0.0"
-  spec.add_dependency "mayu-css", "~> 0.0.1"
+  spec.add_dependency "mayu-css", "~> 0.0.3"
   spec.add_dependency "source_map", "~> 3.0.1"
-  spec.add_dependency "svg_optimizer", "~> 0.2.6"
   spec.add_dependency "syntax_tree", "~> 5.3.0"
   spec.add_dependency "syntax_tree-haml", "~> 3.0.0"
   spec.add_dependency "syntax_tree-xml", "~> 0.1.0"

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: mayu-live
 version: !ruby/object:Gem::Version
-  version: 0.0.3
+  version: 0.0.4
 platform: ruby
 authors:
 - Andreas Alin
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2023-06-10 00:00:00.000000000 Z
+date: 2023-12-10 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: async
@@ -154,16 +154,22 @@ dependencies:
   name: rack
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
         version: 3.0.4.1
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: 3.0.9.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
         version: 3.0.4.1
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: 3.0.9.0
 - !ruby/object:Gem::Dependency
   name: rake
   requirement: !ruby/object:Gem::Requirement
@@ -178,6 +184,20 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: 13.0.6
+- !ruby/object:Gem::Dependency
+  name: rbnacl
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 7.1.1
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 7.1.1
 - !ruby/object:Gem::Dependency
   name: sorbet-runtime
   requirement: !ruby/object:Gem::Requirement
@@ -296,14 +316,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 0.0.1
+        version: 0.0.3
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 0.0.1
+        version: 0.0.3
 - !ruby/object:Gem::Dependency
   name: source_map
   requirement: !ruby/object:Gem::Requirement
@@ -318,20 +338,6 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: 3.0.1
-- !ruby/object:Gem::Dependency
-  name: svg_optimizer
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: 0.2.6
-  type: :runtime
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: 0.2.6
 - !ruby/object:Gem::Dependency
   name: syntax_tree
   requirement: !ruby/object:Gem::Requirement
@@ -375,7 +381,7 @@ dependencies:
       - !ruby/object:Gem::Version
         version: 0.1.0
 description: |
-  Mayu Live is a live streaming server side VirtualDOM framework for Ruby,
+  Mayu Live is a live updating server side VirtualDOM framework for Ruby,
   inspired by modern frontend tools that exist in the JavaScript ecosystem.
 email:
 - andreas.alin@gmail.com
@@ -450,12 +456,12 @@ files:
 - lib/mayu/component/wrapper.rb
 - lib/mayu/configuration.rb
 - lib/mayu/disable_sorbet.rb
+- lib/mayu/encrypted_marshal.rb
 - lib/mayu/environment.rb
 - lib/mayu/event_stream.rb
 - lib/mayu/fetch.rb
 - lib/mayu/html.rb
 - lib/mayu/html.yaml
-- lib/mayu/message_cipher.rb
 - lib/mayu/metrics.rb
 - lib/mayu/metrics/collector.rb
 - lib/mayu/metrics/exporter.rb

data/lib/mayu/message_cipher.rb

@@ -1,172 +0,0 @@
-# typed: strict
-# frozen_string_literal: true
-
-require "sorbet-runtime"
-require "time"
-require "digest/sha2"
-require "openssl"
-require "securerandom"
-require "brotli"
-
-module Mayu
-  class MessageCipher
-    extend T::Sig
-
-    DEFAULT_TTL_SECONDS = T.let(10, Integer)
-
-    Message = T.type_alias { { iss: Float, exp: Float, payload: T.untyped } }
-
-    class Error < StandardError
-    end
-    class ExpiredError < Error
-    end
-    class IssuedInTheFutureError < Error
-    end
-    class EncryptError < Error
-    end
-    class DecryptError < Error
-    end
-    class InvalidHMACError < Error
-    end
-
-    sig { params(key: String, ttl: Integer).void }
-    def initialize(key:, ttl: DEFAULT_TTL_SECONDS)
-      raise ArgumentError, "ttl must be positive" unless ttl.positive?
-      @default_ttl_seconds = ttl
-      @key = T.let(Digest::SHA256.digest(key), String)
-    end
-
-    sig do
-      params(payload: T.untyped, auth_data: String, ttl: Integer).returns(
-        String
-      )
-    end
-    def dump(payload, auth_data: "", ttl: @default_ttl_seconds)
-      raise ArgumentError, "ttl must be positive" unless ttl.positive?
-      now = Time.now.to_f
-      message = { iss: now, exp: now + ttl, payload: Marshal.dump(payload) }
-      encode_message(message, auth_data:)
-    end
-
-    sig { params(data: String, auth_data: String).returns(T.untyped) }
-    def load(data, auth_data: "")
-      Marshal.load(decode_message(data, auth_data:))
-    end
-
-    private
-
-    sig { params(message: Message, auth_data: String).returns(String) }
-    def encode_message(message, auth_data: "")
-      message
-        .then { Marshal.dump(_1) }
-        .then { prepend_hmac(_1) }
-        .then { Brotli.deflate(_1) }
-        .then { encrypt(_1, auth_data:) }
-    end
-
-    sig { params(message: String, auth_data: String).returns(String) }
-    def decode_message(message, auth_data: "")
-      message
-        .then { decrypt(_1, auth_data:) }
-        .then { Brotli.inflate(_1) }
-        .then { validate_hmac(_1) }
-        .then { Marshal.load(_1) }
-        .tap { validate_times(_1) }
-        .fetch(:payload)
-    end
-
-    sig { params(input: String).returns(String) }
-    def prepend_hmac(input)
-      hmac = Digest::SHA256.digest(input)
-      input.prepend(hmac)
-    end
-
-    sig { params(input: String).returns(String) }
-    def validate_hmac(input)
-      hmac, message = input.unpack("a32 a*")
-
-      unless OpenSSL.fixed_length_secure_compare(
-               hmac,
-               Digest::SHA256.digest(message.to_s)
-             )
-        raise InvalidHMACError
-      end
-
-      message.to_s
-    end
-
-    sig { params(message: { iss: Float, exp: Float, payload: String }).void }
-    def validate_times(message)
-      message => { iss:, exp: }
-      now = Time.now.to_f
-      validate_iss(now, iss)
-      validate_exp(now, exp)
-    end
-
-    sig { params(now: Float, iss: Float).void }
-    def validate_iss(now, iss)
-      return if iss < now
-
-      raise IssuedInTheFutureError,
-            "The message was issued at #{Time.at(iss).iso8601}, which is in the future"
-    end
-
-    sig { params(now: Float, exp: Float).void }
-    def validate_exp(now, exp)
-      return if exp > now
-
-      raise ExpiredError,
-            "The message expired at #{Time.at(exp).iso8601}, which is in the past"
-    end
-
-    sig { params(message: String, auth_data: String).returns(String) }
-    def encrypt(message, auth_data: "")
-      cipher = OpenSSL::Cipher.new("aes-256-gcm")
-      cipher.encrypt
-      salt = SecureRandom.random_bytes(8)
-      cipher.key = generate_key(salt)
-      cipher.iv = iv = cipher.random_iv
-      cipher.auth_data = auth_data
-      cipher_text = cipher.update(message) + cipher.final
-      auth_tag = cipher.auth_tag
-      [auth_tag.bytesize, auth_tag, salt, iv, cipher_text].pack("C a* a* a* a*")
-    rescue OpenSSL::Cipher::CipherError
-      raise EncryptError
-    end
-
-    sig { params(data: String, auth_data: String).returns(String) }
-    def decrypt(data, auth_data: "")
-      data.unpack("C a*") => [Integer => auth_tag_len, String => data]
-
-      data.unpack("a#{auth_tag_len} a8 a12 a*") => [
-        auth_tag,
-        salt,
-        iv,
-        cipher_text
-      ]
-
-      cipher = OpenSSL::Cipher.new("aes-256-gcm")
-      cipher.iv = iv
-      cipher.key = generate_key(salt)
-      cipher.auth_data = auth_data
-      cipher.auth_tag = auth_tag
-      cipher.update(cipher_text) + cipher.final
-    rescue NoMatchingPatternError
-      raise DecryptError
-    rescue OpenSSL::Cipher::CipherError
-      raise DecryptError
-    end
-
-    sig { params(salt: String).returns(String) }
-    def generate_key(salt)
-      OpenSSL::KDF.scrypt(
-        @key,
-        salt:, # Salt.
-        N: 2**14, # CPU/memory cost parameter. This must be a power of 2.
-        r: 8, # Block size parameter.
-        p: 1, # Parallelization parameter
-        length: 32 # Length in octets of the derived key
-      )
-    end
-  end
-end