nano-sharp-gem 0.0.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +7 -0
- data/cuba-4.0.3/CHANGELOG +71 -0
- data/cuba-4.0.3/CONTRIBUTING +19 -0
- data/cuba-4.0.3/LICENSE +23 -0
- data/cuba-4.0.3/README.md +781 -0
- data/cuba-4.0.3/cuba.gemspec +18 -0
- data/cuba-4.0.3/examples/config.ru +18 -0
- data/cuba-4.0.3/examples/measure.rb +17 -0
- data/cuba-4.0.3/examples/rack-response.ru +21 -0
- data/cuba-4.0.3/examples/views/home.mote +7 -0
- data/cuba-4.0.3/examples/views/layout.mote +11 -0
- data/cuba-4.0.3/lib/cuba/capybara.rb +13 -0
- data/cuba-4.0.3/lib/cuba/render.rb +63 -0
- data/cuba-4.0.3/lib/cuba/safe/csrf.rb +47 -0
- data/cuba-4.0.3/lib/cuba/safe/secure_headers.rb +43 -0
- data/cuba-4.0.3/lib/cuba/safe.rb +23 -0
- data/cuba-4.0.3/lib/cuba/test.rb +11 -0
- data/cuba-4.0.3/lib/cuba.rb +436 -0
- data/cuba-4.0.3/makefile +4 -0
- data/cuba-4.0.3/test/accept.rb +77 -0
- data/cuba-4.0.3/test/captures.rb +162 -0
- data/cuba-4.0.3/test/composition.rb +103 -0
- data/cuba-4.0.3/test/cookie.rb +34 -0
- data/cuba-4.0.3/test/csrf.rb +140 -0
- data/cuba-4.0.3/test/extension.rb +21 -0
- data/cuba-4.0.3/test/helper.rb +11 -0
- data/cuba-4.0.3/test/host.rb +29 -0
- data/cuba-4.0.3/test/integration.rb +114 -0
- data/cuba-4.0.3/test/match.rb +86 -0
- data/cuba-4.0.3/test/middleware.rb +47 -0
- data/cuba-4.0.3/test/number.rb +36 -0
- data/cuba-4.0.3/test/on.rb +157 -0
- data/cuba-4.0.3/test/param.rb +66 -0
- data/cuba-4.0.3/test/path.rb +86 -0
- data/cuba-4.0.3/test/plugin.rb +68 -0
- data/cuba-4.0.3/test/rack.rb +22 -0
- data/cuba-4.0.3/test/redirect.rb +21 -0
- data/cuba-4.0.3/test/render.rb +128 -0
- data/cuba-4.0.3/test/root.rb +83 -0
- data/cuba-4.0.3/test/run.rb +23 -0
- data/cuba-4.0.3/test/safe.rb +74 -0
- data/cuba-4.0.3/test/segment.rb +45 -0
- data/cuba-4.0.3/test/session.rb +21 -0
- data/cuba-4.0.3/test/settings.rb +52 -0
- data/cuba-4.0.3/test/views/about.erb +1 -0
- data/cuba-4.0.3/test/views/about.str +1 -0
- data/cuba-4.0.3/test/views/content-yield.erb +1 -0
- data/cuba-4.0.3/test/views/custom/abs_path.mote +1 -0
- data/cuba-4.0.3/test/views/frag.mote +1 -0
- data/cuba-4.0.3/test/views/home.erb +2 -0
- data/cuba-4.0.3/test/views/home.mote +1 -0
- data/cuba-4.0.3/test/views/home.str +2 -0
- data/cuba-4.0.3/test/views/layout-alternative.erb +2 -0
- data/cuba-4.0.3/test/views/layout-yield.erb +3 -0
- data/cuba-4.0.3/test/views/layout.erb +2 -0
- data/cuba-4.0.3/test/views/layout.mote +2 -0
- data/cuba-4.0.3/test/views/layout.str +2 -0
- data/cuba-4.0.3/test/views/test.erb +1 -0
- data/cuba-4.0.3/test/with.rb +42 -0
- data/nano-sharp-gem.gemspec +11 -0
- metadata +99 -0
|
@@ -0,0 +1,18 @@
|
|
|
1
|
+
Gem::Specification.new do |s|
|
|
2
|
+
s.name = "cuba"
|
|
3
|
+
s.version = "4.0.3"
|
|
4
|
+
s.summary = "Microframework for web applications."
|
|
5
|
+
s.description = "Cuba is a microframework for web applications."
|
|
6
|
+
s.authors = ["Michel Martens"]
|
|
7
|
+
s.email = ["michel@soveran.com"]
|
|
8
|
+
s.homepage = "https://github.com/soveran/cuba"
|
|
9
|
+
s.license = "MIT"
|
|
10
|
+
|
|
11
|
+
s.files = `git ls-files`.split("\n")
|
|
12
|
+
|
|
13
|
+
s.add_dependency "rack", ">= 3.0.0"
|
|
14
|
+
s.add_dependency "rack-session", ">= 2.0.0"
|
|
15
|
+
s.add_development_dependency "cutest"
|
|
16
|
+
s.add_development_dependency "rack-test"
|
|
17
|
+
s.add_development_dependency "tilt"
|
|
18
|
+
end
|
|
@@ -0,0 +1,18 @@
|
|
|
1
|
+
require "../lib/cuba"
|
|
2
|
+
require "cuba/contrib"
|
|
3
|
+
|
|
4
|
+
Cuba.plugin Cuba::Mote
|
|
5
|
+
|
|
6
|
+
ITEMS = ("A".."Z").to_a
|
|
7
|
+
|
|
8
|
+
Cuba.define do
|
|
9
|
+
def mote_vars(content)
|
|
10
|
+
{ content: content }
|
|
11
|
+
end
|
|
12
|
+
|
|
13
|
+
on default do
|
|
14
|
+
res.write view("home", list: ITEMS)
|
|
15
|
+
end
|
|
16
|
+
end
|
|
17
|
+
|
|
18
|
+
run Cuba
|
|
@@ -0,0 +1,17 @@
|
|
|
1
|
+
require "benchmark"
|
|
2
|
+
require "rack"
|
|
3
|
+
|
|
4
|
+
Benchmark.bmbm do |x|
|
|
5
|
+
|
|
6
|
+
x.report "Rack::HeaderHash" do
|
|
7
|
+
1000.times do
|
|
8
|
+
Rack::Utils::HeaderHash.new("Content-Type" => "text/html")
|
|
9
|
+
end
|
|
10
|
+
end
|
|
11
|
+
|
|
12
|
+
x.report "Hash" do
|
|
13
|
+
1000.times do
|
|
14
|
+
{ "Content-Type" => "text/html" }
|
|
15
|
+
end
|
|
16
|
+
end
|
|
17
|
+
end
|
|
@@ -0,0 +1,21 @@
|
|
|
1
|
+
require "../lib/cuba"
|
|
2
|
+
require "cuba/contrib"
|
|
3
|
+
|
|
4
|
+
Cuba.plugin Cuba::Mote
|
|
5
|
+
|
|
6
|
+
ITEMS = ("A".."Z").to_a
|
|
7
|
+
|
|
8
|
+
Cuba.send :remove_const, :Response
|
|
9
|
+
Cuba::Response = Rack::Response
|
|
10
|
+
|
|
11
|
+
Cuba.define do
|
|
12
|
+
def mote_vars(content)
|
|
13
|
+
{ content: content }
|
|
14
|
+
end
|
|
15
|
+
|
|
16
|
+
on default do
|
|
17
|
+
res.write view("home", list: ITEMS)
|
|
18
|
+
end
|
|
19
|
+
end
|
|
20
|
+
|
|
21
|
+
run Cuba
|
|
@@ -0,0 +1,63 @@
|
|
|
1
|
+
require "tilt"
|
|
2
|
+
|
|
3
|
+
class Cuba
|
|
4
|
+
module Render
|
|
5
|
+
def self.setup(app)
|
|
6
|
+
app.settings[:render] ||= {}
|
|
7
|
+
app.settings[:render][:template_engine] ||= "erb"
|
|
8
|
+
app.settings[:render][:layout] ||= "layout"
|
|
9
|
+
app.settings[:render][:views] ||= File.expand_path("views", Dir.pwd)
|
|
10
|
+
app.settings[:render][:options] ||= {
|
|
11
|
+
default_encoding: Encoding.default_external
|
|
12
|
+
}
|
|
13
|
+
end
|
|
14
|
+
|
|
15
|
+
def render(template, locals = {}, layout = settings[:render][:layout])
|
|
16
|
+
res.headers[Rack::CONTENT_TYPE] ||= "text/html; charset=utf-8"
|
|
17
|
+
res.write(view(template, locals, layout))
|
|
18
|
+
end
|
|
19
|
+
|
|
20
|
+
def view(template, locals = {}, layout = settings[:render][:layout])
|
|
21
|
+
partial(layout, locals.merge(content: partial(template, locals)))
|
|
22
|
+
end
|
|
23
|
+
|
|
24
|
+
def partial(template, locals = {})
|
|
25
|
+
_render(template_path(template), locals, settings[:render][:options])
|
|
26
|
+
end
|
|
27
|
+
|
|
28
|
+
def template_path(template)
|
|
29
|
+
dir = settings[:render][:views]
|
|
30
|
+
ext = settings[:render][:template_engine]
|
|
31
|
+
|
|
32
|
+
return File.join(dir, "#{ template }.#{ ext }")
|
|
33
|
+
end
|
|
34
|
+
|
|
35
|
+
# @private Renders any type of template file supported by Tilt.
|
|
36
|
+
#
|
|
37
|
+
# @example
|
|
38
|
+
#
|
|
39
|
+
# # Renders home, and is assumed to be HAML.
|
|
40
|
+
# _render("home.haml")
|
|
41
|
+
#
|
|
42
|
+
# # Renders with some local variables
|
|
43
|
+
# _render("home.haml", site_name: "My Site")
|
|
44
|
+
#
|
|
45
|
+
# # Renders with HAML options
|
|
46
|
+
# _render("home.haml", {}, ugly: true, format: :html5)
|
|
47
|
+
#
|
|
48
|
+
# # Renders in layout
|
|
49
|
+
# _render("layout.haml") { _render("home.haml") }
|
|
50
|
+
#
|
|
51
|
+
def _render(template, locals = {}, options = {}, &block)
|
|
52
|
+
_cache.fetch(template) {
|
|
53
|
+
Tilt.new(template, 1, options.merge(outvar: '@_output'))
|
|
54
|
+
}.render(self, locals, &block)
|
|
55
|
+
end
|
|
56
|
+
|
|
57
|
+
# @private Used internally by #_render to cache the
|
|
58
|
+
# Tilt templates.
|
|
59
|
+
def _cache
|
|
60
|
+
Thread.current[:_cache] ||= Tilt::Cache.new
|
|
61
|
+
end
|
|
62
|
+
end
|
|
63
|
+
end
|
|
@@ -0,0 +1,47 @@
|
|
|
1
|
+
class Cuba
|
|
2
|
+
module Safe
|
|
3
|
+
module CSRF
|
|
4
|
+
def csrf
|
|
5
|
+
@csrf ||= Cuba::Safe::CSRF::Helper.new(req)
|
|
6
|
+
end
|
|
7
|
+
|
|
8
|
+
class Helper
|
|
9
|
+
attr :req
|
|
10
|
+
|
|
11
|
+
def initialize(req)
|
|
12
|
+
@req = req
|
|
13
|
+
end
|
|
14
|
+
|
|
15
|
+
def token
|
|
16
|
+
session[:csrf_token] ||= SecureRandom.base64(32)
|
|
17
|
+
end
|
|
18
|
+
|
|
19
|
+
def reset!
|
|
20
|
+
session.delete(:csrf_token)
|
|
21
|
+
end
|
|
22
|
+
|
|
23
|
+
def safe?
|
|
24
|
+
return req.get? || req.head? ||
|
|
25
|
+
req.params["csrf_token"] == token ||
|
|
26
|
+
req.env["HTTP_X_CSRF_TOKEN"] == token
|
|
27
|
+
end
|
|
28
|
+
|
|
29
|
+
def unsafe?
|
|
30
|
+
return !safe?
|
|
31
|
+
end
|
|
32
|
+
|
|
33
|
+
def form_tag
|
|
34
|
+
return %Q(<input type="hidden" name="csrf_token" value="#{ token }">)
|
|
35
|
+
end
|
|
36
|
+
|
|
37
|
+
def meta_tag
|
|
38
|
+
return %Q(<meta name="csrf_token" content="#{ token }">)
|
|
39
|
+
end
|
|
40
|
+
|
|
41
|
+
def session
|
|
42
|
+
return req.env["rack.session"]
|
|
43
|
+
end
|
|
44
|
+
end
|
|
45
|
+
end
|
|
46
|
+
end
|
|
47
|
+
end
|
|
@@ -0,0 +1,43 @@
|
|
|
1
|
+
# == Secure HTTP Headers
|
|
2
|
+
#
|
|
3
|
+
# This plugin will automatically apply several headers that are
|
|
4
|
+
# related to security. This includes:
|
|
5
|
+
#
|
|
6
|
+
# - HTTP Strict Transport Security (HSTS) [2].
|
|
7
|
+
# - X-Frame-Options [3].
|
|
8
|
+
# - X-XSS-Protection [4].
|
|
9
|
+
# - X-Content-Type-Options [5].
|
|
10
|
+
# - X-Download-Options [6].
|
|
11
|
+
# - X-Permitted-Cross-Domain-Policies [7].
|
|
12
|
+
#
|
|
13
|
+
# Due to HTTP/2 specifications and Rack specifications, field names are applied in all lowercase.
|
|
14
|
+
#
|
|
15
|
+
# == References
|
|
16
|
+
#
|
|
17
|
+
# [1]: https://github.com/twitter/secureheaders
|
|
18
|
+
# [2]: https://tools.ietf.org/html/rfc6797
|
|
19
|
+
# [3]: https://tools.ietf.org/html/draft-ietf-websec-x-frame-options-02
|
|
20
|
+
# [4]: http://msdn.microsoft.com/en-us/library/dd565647(v=vs.85).aspx
|
|
21
|
+
# [5]: http://msdn.microsoft.com/en-us/library/ie/gg622941(v=vs.85).aspx
|
|
22
|
+
# [6]: http://msdn.microsoft.com/en-us/library/ie/jj542450(v=vs.85).aspx
|
|
23
|
+
# [7]: https://www.adobe.com/devnet/adobe-media-server/articles/cross-domain-xml-for-streaming.html
|
|
24
|
+
# [8]: https://datatracker.ietf.org/doc/html/rfc9113#name-http-fields
|
|
25
|
+
#
|
|
26
|
+
class Cuba
|
|
27
|
+
module Safe
|
|
28
|
+
module SecureHeaders
|
|
29
|
+
HEADERS = {
|
|
30
|
+
"x-content-type-options" => "nosniff",
|
|
31
|
+
"x-download-options" => "noopen",
|
|
32
|
+
"x-frame-options" => "SAMEORIGIN",
|
|
33
|
+
"x-permitted-cross-domain-policies" => "none",
|
|
34
|
+
"x-xss-protection" => "1; mode=block",
|
|
35
|
+
"strict-transport-security" => "max-age=2628000"
|
|
36
|
+
}
|
|
37
|
+
|
|
38
|
+
def self.setup(app)
|
|
39
|
+
app.settings[:default_headers].merge!(HEADERS)
|
|
40
|
+
end
|
|
41
|
+
end
|
|
42
|
+
end
|
|
43
|
+
end
|
|
@@ -0,0 +1,23 @@
|
|
|
1
|
+
require_relative "safe/csrf"
|
|
2
|
+
require_relative "safe/secure_headers"
|
|
3
|
+
|
|
4
|
+
class Cuba
|
|
5
|
+
# == Cuba::Safe
|
|
6
|
+
#
|
|
7
|
+
# This plugin contains security related features for Cuba
|
|
8
|
+
# applications. It takes ideas from secureheaders[1].
|
|
9
|
+
#
|
|
10
|
+
# == Usage
|
|
11
|
+
#
|
|
12
|
+
# require "cuba"
|
|
13
|
+
# require "cuba/safe"
|
|
14
|
+
#
|
|
15
|
+
# Cuba.plugin(Cuba::Safe)
|
|
16
|
+
#
|
|
17
|
+
module Safe
|
|
18
|
+
def self.setup(app)
|
|
19
|
+
app.plugin(Safe::SecureHeaders)
|
|
20
|
+
app.plugin(Safe::CSRF)
|
|
21
|
+
end
|
|
22
|
+
end
|
|
23
|
+
end
|