rack-combobot 0.0.2 → 0.0.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -1,7 +1,7 @@
1
1
  PATH
2
2
  remote: .
3
3
  specs:
4
- rack-combobot (0.0.1)
4
+ rack-combobot (0.0.2)
5
5
  rack
6
6
  rake
7
7
 
@@ -1,6 +1,6 @@
1
1
  require "rack/combobot/config"
2
2
  require "pathname"
3
- require 'uri'
3
+ require "uri"
4
4
 
5
5
  module Rack
6
6
  class Combobot
@@ -24,25 +24,42 @@ module Rack
24
24
  file_names = params.split("&")
25
25
  extention = file_names[0].split(".").last
26
26
 
27
- # TODO: create a simple key value hash with the query string as key
28
- combo = Combination.new(@config.root, file_names).combine
27
+ begin
28
+ combo = Combination.new(@config.root, file_names).combine
29
+ [200, {"Content-Type" => MIME_TYPES[extention]}, [combo]]
30
+ rescue Combination::PathError
31
+ not_found
32
+ end
33
+ end
29
34
 
30
- [200, {"Content-Type" => MIME_TYPES[extention]}, combo]
35
+ def not_found
36
+ [404, {'Content-Type' => 'text/html'}, ['File not found']]
31
37
  end
32
38
 
33
39
  class Combination
34
40
  def initialize(root, file_names)
35
- @file_contents = []
41
+ @file_contents = combine_files(root, file_names)
42
+ end
43
+
44
+ def combine_files(root, file_names = [])
45
+ file_names.map do |file_name|
46
+
47
+ raise PathError if file_name.include?('..') || file_name.include?("~")
36
48
 
37
- file_names.each do |file_name|
38
- @file_contents << ::File.open("#{root}/#{file_name}", 'r') { |f| f.read }
49
+ root_prefix = ::File.expand_path(".", root) + "/"
50
+ file_path = ::File.expand_path(file_name, root)
51
+
52
+ raise PathError unless file_path.start_with?(root_prefix) && ::File.exist?(file_path)
53
+
54
+ file_content = ::File.open(file_path, 'r') { |f| f.read }
39
55
  end
40
56
  end
41
57
 
42
58
  def combine
43
59
  @combo ||= @file_contents.join
44
60
  end
45
- end
46
61
 
62
+ class PathError < ArgumentError; end
63
+ end
47
64
  end
48
65
  end
@@ -4,7 +4,7 @@ $:.push File.expand_path("../lib", __FILE__)
4
4
 
5
5
  Gem::Specification.new do |s|
6
6
  s.name = "rack-combobot"
7
- s.version = "0.0.2"
7
+ s.version = "0.0.3"
8
8
  s.authors = ["Simon Højberg", "Christopher Meiklejohn"]
9
9
  s.email = ["r.hackr@gmail.com", "christopher.meiklejohn@gmail.com"]
10
10
  s.homepage = "https://github.com/hojberg/rack-combobot"
@@ -13,7 +13,7 @@ describe "combing assets from query string" do
13
13
  }).must_equal([
14
14
  200,
15
15
  {"Content-Type" => "text/javascript"},
16
- "function lorem() { return \"a\"; }\nfunction ipsum() { return \"b\"; }\n"
16
+ ["function lorem() { return \"a\"; }\nfunction ipsum() { return \"b\"; }\n"]
17
17
  ])
18
18
  end
19
19
 
@@ -23,7 +23,27 @@ describe "combing assets from query string" do
23
23
  }).must_equal([
24
24
  200,
25
25
  {"Content-Type" => "text/css"},
26
- ".lorem { background: blue; }\n#lipsum { border: 1px solid red }\n"
26
+ [".lorem { background: blue; }\n#lipsum { border: 1px solid red }\n"]
27
+ ])
28
+ end
29
+
30
+ it "returns 404 when it can't find files" do
31
+ @app.call({
32
+ "QUERY_STRING" => "js3.js&js4.js"
33
+ }).must_equal([
34
+ 404,
35
+ {'Content-Type' => 'text/html'},
36
+ ['File not found']
37
+ ])
38
+ end
39
+
40
+ it 'returns 404 when trying to move up from the root dir' do
41
+ @app.call({
42
+ "QUERY_STRING" => "js3.js&../../js4.js"
43
+ }).must_equal([
44
+ 404,
45
+ {'Content-Type' => 'text/html'},
46
+ ['File not found']
27
47
  ])
28
48
  end
29
49
 
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: rack-combobot
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.0.2
4
+ version: 0.0.3
5
5
  prerelease:
6
6
  platform: ruby
7
7
  authors:
@@ -10,11 +10,11 @@ authors:
10
10
  autorequire:
11
11
  bindir: bin
12
12
  cert_chain: []
13
- date: 2012-01-06 00:00:00.000000000 Z
13
+ date: 2012-03-09 00:00:00.000000000 Z
14
14
  dependencies:
15
15
  - !ruby/object:Gem::Dependency
16
16
  name: rake
17
- requirement: &2152913280 !ruby/object:Gem::Requirement
17
+ requirement: &2154066720 !ruby/object:Gem::Requirement
18
18
  none: false
19
19
  requirements:
20
20
  - - ! '>='
@@ -22,10 +22,10 @@ dependencies:
22
22
  version: '0'
23
23
  type: :runtime
24
24
  prerelease: false
25
- version_requirements: *2152913280
25
+ version_requirements: *2154066720
26
26
  - !ruby/object:Gem::Dependency
27
27
  name: rack
28
- requirement: &2152912480 !ruby/object:Gem::Requirement
28
+ requirement: &2154066280 !ruby/object:Gem::Requirement
29
29
  none: false
30
30
  requirements:
31
31
  - - ! '>='
@@ -33,10 +33,10 @@ dependencies:
33
33
  version: '0'
34
34
  type: :runtime
35
35
  prerelease: false
36
- version_requirements: *2152912480
36
+ version_requirements: *2154066280
37
37
  - !ruby/object:Gem::Dependency
38
38
  name: minitest
39
- requirement: &2152910980 !ruby/object:Gem::Requirement
39
+ requirement: &2154065860 !ruby/object:Gem::Requirement
40
40
  none: false
41
41
  requirements:
42
42
  - - ! '>='
@@ -44,10 +44,10 @@ dependencies:
44
44
  version: '0'
45
45
  type: :development
46
46
  prerelease: false
47
- version_requirements: *2152910980
47
+ version_requirements: *2154065860
48
48
  - !ruby/object:Gem::Dependency
49
49
  name: rack-test
50
- requirement: &2152902700 !ruby/object:Gem::Requirement
50
+ requirement: &2154065440 !ruby/object:Gem::Requirement
51
51
  none: false
52
52
  requirements:
53
53
  - - ! '>='
@@ -55,10 +55,10 @@ dependencies:
55
55
  version: '0'
56
56
  type: :development
57
57
  prerelease: false
58
- version_requirements: *2152902700
58
+ version_requirements: *2154065440
59
59
  - !ruby/object:Gem::Dependency
60
60
  name: guard
61
- requirement: &2152901820 !ruby/object:Gem::Requirement
61
+ requirement: &2154065020 !ruby/object:Gem::Requirement
62
62
  none: false
63
63
  requirements:
64
64
  - - ! '>='
@@ -66,10 +66,10 @@ dependencies:
66
66
  version: '0'
67
67
  type: :development
68
68
  prerelease: false
69
- version_requirements: *2152901820
69
+ version_requirements: *2154065020
70
70
  - !ruby/object:Gem::Dependency
71
71
  name: guard-minitest
72
- requirement: &2152900400 !ruby/object:Gem::Requirement
72
+ requirement: &2154064600 !ruby/object:Gem::Requirement
73
73
  none: false
74
74
  requirements:
75
75
  - - ! '>='
@@ -77,7 +77,7 @@ dependencies:
77
77
  version: '0'
78
78
  type: :development
79
79
  prerelease: false
80
- version_requirements: *2152900400
80
+ version_requirements: *2154064600
81
81
  description: combines assets to server 1 file
82
82
  email:
83
83
  - r.hackr@gmail.com