RubyGems - rage-rb - Versions diffs - 1.19.0 → 1.19.1 - Mend

rage-rb 1.19.0 → 1.19.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (9) hide show

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 847e3debe188b3b34ffdd6b7306edeca0a053b82c0e5106b3faa37a6e43f20bf
-  data.tar.gz: 202db65e0a17d27ae94178d93ddfca940a95237450095b06c0fa4e080a6fd09a
+  metadata.gz: 80ca2fffb3bfe313c4be9218461d8346872ea1384472e74ed0236ece99288cfa
+  data.tar.gz: e516241ce7ffa73973b22e4abffeeb40aa0cba342d3566e3517549de979dddf6
 SHA512:
-  metadata.gz: 74610482cca2fd1394e3ffd4bd2cf577ed78a980140e39bf359ece4050bed7497dc1845a472a3c403a6fb0cbd48c1124a1714b8e7c8352b0ed720287177418c9
-  data.tar.gz: cd7cec704b0019012d1a08aea63b97dd83e0a6ee17155228d9517575e7882482c58b4b227d6663b053cc77a2edc551e34da53d0bf9bc0463e254ca917f9e8af4
+  metadata.gz: 5b3ea8087b89085a05946a6efd296d3d0bae2f40184356b41d17a49f62a1ad348a0ee4d0295694e6de845465ea004d9d2fb710e0d04316c132533952d9164fae
+  data.tar.gz: 8bf64fcb40ed0beccc1f975bec376ebeeadfe84e815e10e801b69ab8820d1ddbaf8b6c87bb3bcbab04e421376b963ee905bfcf13a44443c5391a3b3fb73e30d7

data/CHANGELOG.md CHANGED Viewed

@@ -1,5 +1,11 @@
 ## [Unreleased]
+## [1.19.1] - 2025-12-26
+### Changed
+- Use app-specific cookie keys for sessions (#189).
 ## [1.19.0] - 2025-12-03
 ### Added

data/lib/rage/cable/cable.rb CHANGED Viewed

@@ -1,5 +1,33 @@
 # frozen_string_literal: true
+##
+# `Rage::Cable` provides built-in WebSocket support for Rage apps, similar to Action Cable in Rails. It lets you mount a separate WebSocket application, define channels and connections, subscribe clients to named streams, and broadcast messages in real time.
+#
+# Define a channel:
+# ```ruby
+# class ChatChannel < Rage::Cable::Channel
+#   def subscribed
+#     stream_from "chat"
+#   end
+#
+#   def receive(data)
+#     puts "Received message: #{data['message']}"
+#   end
+# end
+# ```
+#
+# Mount the Cable application:
+# ```ruby
+# Rage.routes.draw do
+#   mount Rage::Cable.application, at: "/cable"
+# end
+# ```
+#
+# Broadcast a message to a stream:
+# ```ruby
+# Rage.cable.broadcast("chat", { message: "Hello, world!" })
+# ```
+#
 module Rage::Cable
   # Create a new Cable application.
   #

data/lib/rage/configuration.rb CHANGED Viewed

@@ -203,6 +203,14 @@ class Rage::Configuration
   end
   # @!endgroup
+  # @!group Session Configuration
+  # Allows configuring session settings.
+  # @return [Rage::Configuration::Session]
+  def session
+    @session ||= Session.new
+  end
+  # @!endgroup
   # @private
   def internal
     @internal ||= Internal.new
@@ -773,6 +781,17 @@ class Rage::Configuration
     end
   end
+  class Session
+    # @!attribute key
+    #   Specify the name of the session cookie.
+    #   @return [String]
+    #   @example Change the session cookie name
+    #     Rage.configure do
+    #       config.session.key = "_myapp_session"
+    #     end
+    attr_accessor :key
+  end
   # @private
   class Internal
     attr_accessor :rails_mode

data/lib/rage/cookies.rb CHANGED Viewed

@@ -12,6 +12,92 @@ if !defined?(DomainName)
   ERR
 end
+##
+# Cookies provide a convenient way to store small amounts of data on the client side that persists across requests.
+# They are commonly used for session management, personalization, and tracking user preferences.
+#
+# Rage cookies support both simple string-based cookies and encrypted cookies for sensitive data.
+#
+# To use cookies, add the `domain_name` gem to your `Gemfile`:
+#
+# ```bash
+# bundle add domain_name
+# ```
+#
+# Additionally, if you need to use encrypted cookies, see {Session} for setup steps.
+#
+# ## Usage
+#
+# ### Basic Cookies
+#
+# Read and write simple string values:
+#
+# ```ruby
+# # Set a cookie
+# cookies[:user_name] = "Alice"
+#
+# # Read a cookie
+# cookies[:user_name] # => "Alice"
+#
+# # Delete a cookie
+# cookies.delete(:user_name)
+# ```
+#
+# ### Cookie Options
+#
+# Set cookies with additional options for security and control:
+#
+# ```ruby
+# cookies[:user_id] = {
+#   value: "12345",
+#   expires: 1.year.from_now,
+#   secure: true,
+#   httponly: true,
+#   same_site: :lax
+# }
+# ```
+#
+# ### Encrypted Cookies
+#
+# Store sensitive data securely with automatic encryption:
+#
+# ```ruby
+# # Set an encrypted cookie
+# cookies.encrypted[:api_token] = "secret-token"
+#
+# # Read an encrypted cookie
+# cookies.encrypted[:api_token] # => "secret-token"
+#
+# ```
+#
+# ### Permanent Cookies
+#
+# Create cookies that expire 20 years from now:
+#
+# ```ruby
+# cookies.permanent[:remember_token] = "token-value"
+#
+# # Can be combined with encrypted
+# cookies.permanent.encrypted[:user_id] = current_user.id
+# ```
+#
+# ### Domain Configuration
+#
+# Control which domains can access your cookies:
+#
+# ```ruby
+# # Specific domain
+# cookies[:cross_domain] = { value: "data", domain: "example.com" }
+#
+# # All subdomains
+# cookies[:shared] = { value: "data", domain: :all }
+#
+# # Multiple allowed domains
+# cookies[:limited] = { value: "data", domain: ["app.example.com", "api.example.com"] }
+# ```
+#
+# @see Session
+#
 class Rage::Cookies
   # @private
   def initialize(env, headers)
@@ -190,10 +276,13 @@ class Rage::Cookies
         begin
           box.decrypt(Base64.urlsafe_decode64(value).byteslice(2..))
         rescue ArgumentError
+          Rage.logger.debug("Failed to decode encrypted cookie")
           nil
         rescue RbNaCl::CryptoError
+          Rage.logger.debug("Failed to decrypt encrypted cookie")
           i ||= 0
           if (box = fallback_boxes[i])
+            Rage.logger.debug("Trying to decrypt with fallback key ##{i + 1}")
             i += 1
             retry
           end

data/lib/rage/logger/logger.rb CHANGED Viewed

@@ -209,13 +209,7 @@ class Rage::Logger
         RUBY
       elsif @external_logger.is_a?(External::Dynamic)
         # a callable object is used as a logger
-        call_method = if @external_logger.wrapped.is_a?(Proc)
-          @external_logger.wrapped
-        else
-          @external_logger.wrapped.method(:call)
-        end
-        parameters = Rage::Internal.build_arguments(call_method, {
+        parameters = Rage::Internal.build_arguments(@external_logger.wrapped, {
           severity: ":#{level_name}",
           tags: "logger[:tags].freeze",
           context: "logger[:context].freeze",

data/lib/rage/session.rb CHANGED Viewed

@@ -2,9 +2,68 @@
 require "json"
+##
+# Sessions securely store data between requests using cookies and are typically one of the most convenient and secure
+# authentication mechanisms for browser-based clients.
+#
+# Rage sessions are encrypted using a secret key. This prevents clients from reading or tampering with session data.
+#
+# ## Setup
+#
+# 1. Add the required gems to your `Gemfile`:
+#
+#     ```bash
+#     bundle add base64 domain_name rbnacl
+#     ```
+#
+# 2. Generate a secret key base (keep this value private and out of version control):
+#
+#     ```bash
+#     ruby -r securerandom -e 'puts SecureRandom.hex(64)'
+#     ```
+#
+# 3. Configure your application to use the generated key, either via configuration:
+#
+#     ```ruby
+#     Rage.configure do |config|
+#       config.secret_key_base = "my-secret-key"
+#     end
+#     ```
+#
+#     or via the `SECRET_KEY_BASE` environment variable:
+#
+#     ```bash
+#     export SECRET_KEY_BASE="my-secret-key"
+#     ```
+#
+# ## System Dependencies
+#
+# Rage sessions use libsodium (via RbNaCl) for encryption. On many Debian-based systems
+# it is installed by default; if not, install it with:
+#
+# - Ubuntu / Debian:
+#
+#     ```bash
+#     sudo apt install libsodium23
+#     ```
+#
+# - Fedora / RHEL / Amazon Linux:
+#
+#     ```bash
+#     sudo yum install libsodium
+#     ```
+#
+# - macOS (using Homebrew):
+#
+#     ```bash
+#     brew install libsodium
+#     ```
+#
 class Rage::Session
   # @private
-  KEY = Rack::RACK_SESSION.to_sym
+  def self.key
+    @key ||= Rage.config.session.key&.to_sym || :"_#{Rage.root.basename.to_s.gsub(/\W/, "_").downcase}_session"
+  end
   # @private
   def initialize(cookies)
@@ -92,13 +151,15 @@ class Rage::Session
       read_session.clear
     end
-    @cookies[KEY] = { httponly: true, same_site: :lax, value: read_session.to_json }
+    @cookies[self.class.key] = { httponly: true, same_site: :lax, value: read_session.to_json }
   end
   def read_session
     @session ||= begin
-      JSON.parse(@cookies[KEY] || "{}", symbolize_names: true)
+      session_value = @cookies[self.class.key] || @cookies[Rack::RACK_SESSION.to_sym] || "{}"
+      JSON.parse(session_value, symbolize_names: true)
     rescue JSON::ParserError
+      Rage.logger.debug("Failed to parse session cookie, resetting session")
       {}
     end
   end

data/lib/rage/version.rb CHANGED Viewed

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 module Rage
-  VERSION = "1.19.0"
+  VERSION = "1.19.1"
 end

metadata CHANGED Viewed

@@ -1,13 +1,13 @@
 --- !ruby/object:Gem::Specification
 name: rage-rb
 version: !ruby/object:Gem::Version
-  version: 1.19.0
+  version: 1.19.1
 platform: ruby
 authors:
 - Roman Samoilov
 bindir: exe
 cert_chain: []
-date: 2025-12-03 00:00:00.000000000 Z
+date: 2025-12-26 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: thor