rack_hashed_cookie_session 0.0.2

data/LICENSE.rdoc

@@ -0,0 +1,23 @@
+= LICENSE
+
+(The MIT License)
+
+Copyright (c) 2008, 2009 Emanuele Vicentini
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the 'Software'), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED 'AS IS', WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

data/Manifest

@@ -0,0 +1,6 @@
+lib/rack/session/hashed_cookie.rb
+LICENSE.rdoc
+Manifest
+rack_hashed_cookie_session.gemspec
+Rakefile
+README.rdoc

data/README.rdoc

@@ -0,0 +1,48 @@
+= Rack's hashed cookie-based session store
+
+Rack::Session::HashedCookie is just a simple port to Rack of the Action
+Controller's cookie-based session store. All the praises to the Rails team,
+all the blames to me.
+
+Remember that the session's content is just hashed to ensure that nobody will
+tamper with it, so do not store sensitive data in it.
+
+== Basic usage
+
+First, install it with:
+
+  $ sudo gem install rack_hashed_cookie_session
+
+Here is how I use it with Sinatra. A rackup-file, a bit spiced up:
+
+  require 'rubygems'
+  require 'sinatra'
+  require 'rack/session/hashed_cookie'
+
+  root_dir = File.dirname(__FILE__)
+
+  Sinatra::Application.default_options.merge!(
+    :views    => File.join(root_dir, 'views'),
+    :app_file => File.join(root_dir, 'app.rb'),
+    :run      => false,
+    # Explicitly turn off standard cookie session store.
+    :sessions => false,
+    :env      => ENV['RACK_ENV'].nil? ? :development : ENV['RACK_ENV'].to_sym
+  )
+
+  use Rack::Session::HashedCookie, :secret => 'my long, difficultly guessable secret'
+
+  run Sinatra.application
+
+The Sinatra application will use the session normally:
+
+  get '/' do
+    session['user_id'] = 123456
+    session['just_a_string'] = 'Hello world!'
+    erb :show_the_session
+  end
+
+  template :show_the_session do
+    "Hi! Reload the page to see the session:<br>
+    <%= session.inspect %>"
+  end

data/Rakefile

@@ -0,0 +1,15 @@
+require 'rubygems'
+require 'echoe'
+
+Echoe.new('rack_hashed_cookie_session', '0.0.2') do |s|
+  s.author = 'Emanuele Vicentini'
+  s.email = 'emanuele.vicentini@gmail.com'
+  s.summary = 'Hashed cookie-based session store for Rack'
+  s.runtime_dependencies = ['rack']
+  s.need_tar_gz = false
+  s.project = 'rackhcs'
+  s.gemspec_format = :yaml
+  s.retain_gemspec = true
+  s.rdoc_pattern = /^README|^LICENSE/
+  s.url = 'http://github.com/baldowl/rack_hashed_cookie_session'
+end

data/lib/rack/session/hashed_cookie.rb

@@ -0,0 +1,101 @@
+require 'openssl'
+
+module Rack
+  module Session
+    # Port of Action Controller's cookie-based session store (Copyright (c)
+    # 2004-2008 David Heinemeier Hansson).
+    #
+    # Rack::Session::HashedCookie provides simple cookie based session
+    # management. The session is a Ruby Hash stored as base64 encoded
+    # marshalled data set to :key (default: rack.session).
+    #
+    # Example:
+    #
+    #     use Rack::Session::Cookie, :key => 'rack.session',
+    #                                :domain => 'foo.com',
+    #                                :path => '/',
+    #                                :expire_after => 2592000,
+    #                                :digest => 'SHA256',
+    #                                :secret => 'my long secret string'
+    #
+    # All parameters but :secret are optional.
+
+    class HashedCookie < Cookie
+      # Cookies can typically store 4096 bytes.
+      MAX = 4096
+      SECRET_MIN_LENGTH = 30 # characters
+
+      def initialize(app, options = {})
+        @secret = options.delete(:secret)
+        @digest = options.delete(:digest) || 'SHA1'
+        super
+        ensure_secret_secure(@secret)
+      end
+
+      private
+
+      # To prevent users from using something insecure like "Password" we make
+      # sure that the secret they've provided is at least 30 characters in
+      # length.
+      def ensure_secret_secure(secret)
+        # There's no way we can do this check if they've provided a proc for
+        # the secret.
+        return true if secret.is_a?(Proc)
+
+        if secret.nil? || secret.empty? || secret !~ /\S/
+          raise ArgumentError, "A secret is required to generate an integrity hash for cookie session data"
+        end
+
+        if secret.length < SECRET_MIN_LENGTH
+          raise ArgumentError, %Q(The value you provided for :secret, "#{secret}", is shorter than the minimum length of #{SECRET_MIN_LENGTH} characters)
+        end
+      end
+
+      def generate_digest(data)
+        key = @secret.respond_to?(:call) ? @secret.call(@session) : @secret
+        OpenSSL::HMAC.hexdigest(OpenSSL::Digest::Digest.new(@digest), key, data)
+      end
+
+      def load_session(env)
+        request = Rack::Request.new(env)
+        session_data = request.cookies[@key]
+
+        begin
+          session_data, digest = session_data.split('--')
+          unless digest == generate_digest(session_data)
+            env["rack.errors"].puts("Warning! Rack::Session::HashedCookie detected tampered data in the cookie session. Content dropped.")
+            raise
+          end
+          session_data = session_data.unpack("m*").first
+          session_data = Marshal.load(session_data)
+          env["rack.session"] = session_data
+        rescue
+          env["rack.session"] = Hash.new
+        end
+
+        env["rack.session.options"] = @default_options.dup
+      end
+
+      def commit_session(env, status, headers, body)
+        session_data = Marshal.dump(env["rack.session"])
+        session_data = [session_data].pack("m*")
+
+        digest = generate_digest(session_data)
+        session_data = "#{session_data}--#{digest}"
+
+        options = env["rack.session.options"]
+        cookie = Hash.new
+        if session_data.size > (MAX - @key.size)
+          env["rack.errors"].puts("Warning! Rack::Session::HashedCookie data size exceeds 4K. Content dropped.")
+          cookie[:value] = ""
+        else
+          cookie[:value] = session_data
+        end
+        cookie[:expires] = Time.now + options[:expire_after] unless options[:expire_after].nil?
+        response = Rack::Response.new(body, status, headers)
+        response.set_cookie(@key, cookie.merge(options))
+        response.to_a
+      end
+    end
+  end
+end

data/rack_hashed_cookie_session.gemspec

@@ -0,0 +1,80 @@
+--- !ruby/object:Gem::Specification 
+name: rack_hashed_cookie_session
+version: !ruby/object:Gem::Version 
+  version: 0.0.2
+platform: ruby
+authors: 
+- Emanuele Vicentini
+autorequire: 
+bindir: bin
+
+date: 2009-01-05 00:00:00 +01:00
+default_executable: 
+dependencies: 
+- !ruby/object:Gem::Dependency 
+  name: rack
+  type: :runtime
+  version_requirement: 
+  version_requirements: !ruby/object:Gem::Requirement 
+    requirements: 
+    - - ">="
+      - !ruby/object:Gem::Version 
+        version: "0"
+    version: 
+- !ruby/object:Gem::Dependency 
+  name: echoe
+  type: :development
+  version_requirement: 
+  version_requirements: !ruby/object:Gem::Requirement 
+    requirements: 
+    - - ">="
+      - !ruby/object:Gem::Version 
+        version: "0"
+    version: 
+description: Hashed cookie-based session store for Rack
+email: emanuele.vicentini@gmail.com
+executables: []
+
+extensions: []
+
+extra_rdoc_files: 
+- LICENSE.rdoc
+- README.rdoc
+files: 
+- lib/rack/session/hashed_cookie.rb
+- LICENSE.rdoc
+- Manifest
+- rack_hashed_cookie_session.gemspec
+- Rakefile
+- README.rdoc
+has_rdoc: true
+homepage: http://github.com/baldowl/rack_hashed_cookie_session
+post_install_message: 
+rdoc_options: 
+- --line-numbers
+- --inline-source
+- --title
+- Rack_hashed_cookie_session
+- --main
+- README.rdoc
+require_paths: 
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement 
+  requirements: 
+  - - ">="
+    - !ruby/object:Gem::Version 
+      version: "0"
+  version: 
+required_rubygems_version: !ruby/object:Gem::Requirement 
+  requirements: 
+  - - ">="
+    - !ruby/object:Gem::Version 
+      version: "1.2"
+  version: 
+requirements: []
+
+rubyforge_project: rackhcs
+rubygems_version: 1.3.1
+specification_version: 2
+summary: Hashed cookie-based session store for Rack
+test_files: []

metadata

@@ -0,0 +1,83 @@
+--- !ruby/object:Gem::Specification 
+name: rack_hashed_cookie_session
+version: !ruby/object:Gem::Version 
+  version: 0.0.2
+platform: ruby
+authors: 
+- Emanuele Vicentini
+autorequire: 
+bindir: bin
+cert_chain: []
+
+date: 2009-01-05 00:00:00 +01:00
+default_executable: 
+dependencies: 
+- !ruby/object:Gem::Dependency 
+  name: rack
+  type: :runtime
+  version_requirement: 
+  version_requirements: !ruby/object:Gem::Requirement 
+    requirements: 
+    - - ">="
+      - !ruby/object:Gem::Version 
+        version: "0"
+    version: 
+- !ruby/object:Gem::Dependency 
+  name: echoe
+  type: :development
+  version_requirement: 
+  version_requirements: !ruby/object:Gem::Requirement 
+    requirements: 
+    - - ">="
+      - !ruby/object:Gem::Version 
+        version: "0"
+    version: 
+description: Hashed cookie-based session store for Rack
+email: emanuele.vicentini@gmail.com
+executables: []
+
+extensions: []
+
+extra_rdoc_files: 
+- LICENSE.rdoc
+- README.rdoc
+files: 
+- lib/rack/session/hashed_cookie.rb
+- LICENSE.rdoc
+- Manifest
+- rack_hashed_cookie_session.gemspec
+- Rakefile
+- README.rdoc
+has_rdoc: true
+homepage: http://github.com/baldowl/rack_hashed_cookie_session
+post_install_message: 
+rdoc_options: 
+- --line-numbers
+- --inline-source
+- --title
+- Rack_hashed_cookie_session
+- --main
+- README.rdoc
+require_paths: 
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement 
+  requirements: 
+  - - ">="
+    - !ruby/object:Gem::Version 
+      version: "0"
+  version: 
+required_rubygems_version: !ruby/object:Gem::Requirement 
+  requirements: 
+  - - ">="
+    - !ruby/object:Gem::Version 
+      version: "1.2"
+  version: 
+requirements: []
+
+rubyforge_project: rackhcs
+rubygems_version: 1.3.1
+signing_key: 
+specification_version: 2
+summary: Hashed cookie-based session store for Rack
+test_files: []
+