ramaze 2011.12.28 → 2012.03.07
Sign up to get free protection for your applications and to get access to all the features.
- data/.gems +34 -0
- data/.travis.yml +0 -1
- data/.yardopts +3 -2
- data/README.md +8 -6
- data/examples/app/blog/controller/init.rb +0 -1
- data/examples/app/blog/controller/posts.rb +0 -9
- data/examples/app/blog/controller/users.rb +0 -8
- data/examples/app/blog/model/comment.rb +0 -3
- data/examples/app/blog/model/post.rb +0 -2
- data/examples/app/blog/model/user.rb +1 -6
- data/examples/app/wikore/spec/wikore.rb +2 -2
- data/examples/app/wikore/src/model.rb +2 -8
- data/examples/app/wikore/start.rb +2 -2
- data/examples/misc/memleak_detector.rb +1 -1
- data/guide/AUTHORS +5 -2
- data/guide/CHANGELOG +203 -0
- data/guide/LICENSE +19 -0
- data/guide/general/contributing.md +74 -1
- data/guide/general/helpers.md +14 -0
- data/guide/general/middlewares.md +35 -16
- data/guide/general/sessions.md +39 -13
- data/lib/proto/layout/default.xhtml +1 -1
- data/lib/ramaze.rb +1 -1
- data/lib/ramaze/cache.rb +1 -1
- data/lib/ramaze/cache/localmemcache.rb +1 -1
- data/lib/ramaze/cache/lru.rb +1 -1
- data/lib/ramaze/controller.rb +1 -1
- data/lib/ramaze/dependencies.rb +3 -2
- data/lib/ramaze/gestalt.rb +1 -1
- data/lib/ramaze/helper.rb +1 -1
- data/lib/ramaze/helper/auth.rb +1 -1
- data/lib/ramaze/helper/cache.rb +1 -1
- data/lib/ramaze/helper/csrf.rb +14 -21
- data/lib/ramaze/helper/erector.rb +1 -1
- data/lib/ramaze/helper/flash.rb +1 -1
- data/lib/ramaze/helper/formatting.rb +1 -1
- data/lib/ramaze/helper/identity.rb +1 -1
- data/lib/ramaze/helper/link.rb +1 -1
- data/lib/ramaze/helper/markaby.rb +1 -1
- data/lib/ramaze/helper/stack.rb +1 -1
- data/lib/ramaze/helper/tagz.rb +1 -1
- data/lib/ramaze/helper/thread.rb +1 -1
- data/lib/ramaze/helper/user.rb +68 -30
- data/lib/ramaze/log.rb +1 -1
- data/lib/ramaze/log/analogger.rb +1 -1
- data/lib/ramaze/log/growl.rb +1 -1
- data/lib/ramaze/log/hub.rb +1 -1
- data/lib/ramaze/log/informer.rb +1 -1
- data/lib/ramaze/log/knotify.rb +1 -1
- data/lib/ramaze/log/logger.rb +1 -1
- data/lib/ramaze/log/logging.rb +1 -1
- data/lib/ramaze/log/syslog.rb +1 -1
- data/lib/ramaze/log/xosd.rb +1 -1
- data/lib/ramaze/plugin.rb +1 -1
- data/lib/ramaze/reloader.rb +1 -1
- data/lib/ramaze/request.rb +1 -1
- data/lib/ramaze/response.rb +1 -1
- data/lib/ramaze/snippets.rb +1 -1
- data/lib/ramaze/snippets/array/put_within.rb +1 -1
- data/lib/ramaze/snippets/kernel/pretty_inspect.rb +1 -1
- data/lib/ramaze/snippets/numeric/filesize_format.rb +1 -1
- data/lib/ramaze/snippets/object/__dir__.rb +1 -1
- data/lib/ramaze/snippets/object/instance_variable_defined.rb +1 -1
- data/lib/ramaze/snippets/ordered_set.rb +1 -1
- data/lib/ramaze/snippets/ramaze/acquire.rb +1 -1
- data/lib/ramaze/snippets/ramaze/struct.rb +1 -1
- data/lib/ramaze/snippets/string/camel_case.rb +1 -1
- data/lib/ramaze/snippets/string/color.rb +1 -1
- data/lib/ramaze/snippets/string/end_with.rb +1 -1
- data/lib/ramaze/snippets/string/ord.rb +1 -1
- data/lib/ramaze/snippets/string/snake_case.rb +1 -1
- data/lib/ramaze/snippets/thread/into.rb +1 -1
- data/lib/ramaze/spec/helper/template_examples.rb +1 -1
- data/lib/ramaze/version.rb +1 -1
- data/lib/ramaze/view.rb +3 -2
- data/lib/ramaze/view/erector.rb +16 -14
- data/lib/ramaze/view/erubis.rb +4 -3
- data/lib/ramaze/view/ezamar.rb +3 -1
- data/lib/ramaze/view/haml.rb +4 -0
- data/lib/ramaze/view/liquid.rb +4 -3
- data/lib/ramaze/view/lokar.rb +3 -1
- data/lib/ramaze/view/mustache.rb +3 -1
- data/lib/ramaze/view/nagoro.rb +4 -1
- data/lib/ramaze/view/remarkably.rb +4 -0
- data/lib/ramaze/view/sass.rb +5 -1
- data/lib/ramaze/view/slim.rb +45 -0
- data/lib/ramaze/view/slippers.rb +8 -6
- data/lib/ramaze/view/tagz.rb +3 -1
- data/lib/ramaze/view/tenjin.rb +3 -1
- data/ramaze.gemspec +1 -1
- data/spec/examples/templates/template_erubis.rb +1 -1
- data/spec/examples/templates/template_ezamar.rb +1 -1
- data/spec/examples/templates/template_haml.rb +1 -1
- data/spec/examples/templates/template_liquid.rb +1 -1
- data/spec/examples/templates/template_markaby.rb +1 -1
- data/spec/examples/templates/template_mustache.rb +1 -1
- data/spec/examples/templates/template_nagoro.rb +1 -1
- data/spec/examples/templates/template_remarkably.rb +1 -1
- data/spec/examples/templates/template_tenjin.rb +1 -1
- data/spec/ramaze/action/render.rb +1 -1
- data/spec/ramaze/app.rb +1 -1
- data/spec/ramaze/app/location.rb +1 -1
- data/spec/ramaze/cache/localmemcache.rb +1 -1
- data/spec/ramaze/cache/lru.rb +1 -1
- data/spec/ramaze/cache/memcache.rb +1 -1
- data/spec/ramaze/cache/redis.rb +1 -1
- data/spec/ramaze/cache/sequel.rb +1 -1
- data/spec/ramaze/controller/actionless_templates.rb +1 -1
- data/spec/ramaze/controller/lonely_mapping.rb +1 -1
- data/spec/ramaze/controller/mapping.rb +1 -1
- data/spec/ramaze/controller/provide_inheritance.rb +1 -1
- data/spec/ramaze/controller/resolve.rb +1 -1
- data/spec/ramaze/controller/subclass.rb +1 -1
- data/spec/ramaze/controller/template_resolving.rb +1 -1
- data/spec/ramaze/dispatcher/directory.rb +1 -1
- data/spec/ramaze/dispatcher/file.rb +1 -1
- data/spec/ramaze/error.rb +1 -1
- data/spec/ramaze/files.rb +1 -1
- data/spec/ramaze/gestalt.rb +1 -1
- data/spec/ramaze/helper/auth.rb +1 -1
- data/spec/ramaze/helper/bench.rb +1 -1
- data/spec/ramaze/helper/cache.rb +1 -1
- data/spec/ramaze/helper/csrf.rb +10 -19
- data/spec/ramaze/helper/flash.rb +1 -1
- data/spec/ramaze/helper/formatting.rb +1 -1
- data/spec/ramaze/helper/gestalt.rb +1 -1
- data/spec/ramaze/helper/gravatar.rb +1 -1
- data/spec/ramaze/helper/layout.rb +1 -1
- data/spec/ramaze/helper/link.rb +1 -1
- data/spec/ramaze/helper/localize.rb +1 -1
- data/spec/ramaze/helper/maruku.rb +1 -1
- data/spec/ramaze/helper/paginate.rb +1 -1
- data/spec/ramaze/helper/request_accessor.rb +1 -1
- data/spec/ramaze/helper/simple_captcha.rb +1 -1
- data/spec/ramaze/helper/stack.rb +1 -1
- data/spec/ramaze/helper/user.rb +1 -1
- data/spec/ramaze/helper/xhtml.rb +1 -1
- data/spec/ramaze/log/informer.rb +1 -1
- data/spec/ramaze/log/logging.rb +1 -1
- data/spec/ramaze/log/syslog.rb +1 -1
- data/spec/ramaze/params.rb +1 -1
- data/spec/ramaze/request.rb +1 -1
- data/spec/ramaze/session/memcache.rb +1 -1
- data/spec/ramaze/struct.rb +1 -1
- data/spec/ramaze/view.rb +1 -1
- data/spec/ramaze/view/erubis.rb +1 -1
- data/spec/ramaze/view/ezamar.rb +1 -1
- data/spec/ramaze/view/gestalt.rb +1 -1
- data/spec/ramaze/view/haml.rb +1 -1
- data/spec/ramaze/view/liquid.rb +1 -1
- data/spec/ramaze/view/lokar.rb +1 -1
- data/spec/ramaze/view/mustache.rb +1 -1
- data/spec/ramaze/view/nagoro.rb +1 -1
- data/spec/ramaze/view/remarkably.rb +1 -1
- data/spec/ramaze/view/sass.rb +1 -1
- data/spec/ramaze/view/slim.rb +49 -0
- data/spec/ramaze/view/slim/external.slim +5 -0
- data/spec/ramaze/view/slim/external_vars.slim +5 -0
- data/spec/ramaze/view/tagz.rb +1 -1
- data/spec/ramaze/view/tenjin.rb +1 -1
- data/spec/snippets/array/put_within.rb +1 -1
- data/spec/snippets/binding/locals.rb +1 -1
- data/spec/snippets/numeric/filesize_format.rb +1 -1
- data/spec/snippets/numeric/time.rb +1 -1
- data/spec/snippets/object/__dir__.rb +1 -1
- data/spec/snippets/ordered_set.rb +1 -1
- data/spec/snippets/ramaze/acquire.rb +1 -1
- data/spec/snippets/ramaze/dictionary.rb +1 -1
- data/spec/snippets/ramaze/lru_hash.rb +1 -1
- data/spec/snippets/ramaze/struct.rb +1 -1
- data/spec/snippets/string/camel_case.rb +1 -1
- data/spec/snippets/string/color.rb +1 -1
- data/spec/snippets/string/snake_case.rb +1 -1
- data/spec/snippets/string/unindent.rb +1 -1
- data/spec/snippets/thread/into.rb +1 -1
- metadata +75 -60
- data/guide/GPL_LICENSE +0 -339
- data/guide/RUBY_LICENSE +0 -53
data/guide/LICENSE
ADDED
@@ -0,0 +1,19 @@
|
|
1
|
+
Copyright (c) 2006 - 2012, Michael Fellinger
|
2
|
+
|
3
|
+
Permission is hereby granted, free of charge, to any person obtaining a copy
|
4
|
+
of this software and associated documentation files (the "Software"), to deal
|
5
|
+
in the Software without restriction, including without limitation the rights
|
6
|
+
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
|
7
|
+
copies of the Software, and to permit persons to whom the Software is
|
8
|
+
furnished to do so, subject to the following conditions:
|
9
|
+
|
10
|
+
The above copyright notice and this permission notice shall be included in
|
11
|
+
all copies or substantial portions of the Software.
|
12
|
+
|
13
|
+
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
14
|
+
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
15
|
+
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
|
16
|
+
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
17
|
+
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
|
18
|
+
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
|
19
|
+
THE SOFTWARE.
|
@@ -4,6 +4,10 @@ Everybody is welcome to contribute to Ramaze and/or the guide. This guide is
|
|
4
4
|
meant to be a starting point for those interested in contributing code, writing
|
5
5
|
documentation or advertising Ramaze.
|
6
6
|
|
7
|
+
A small guide containing details about the general workflow of Github projects
|
8
|
+
can be found [here][workflow]. If you're new to Github/Git it's recommended to
|
9
|
+
read this guide (as well as the various Github help pages).
|
10
|
+
|
7
11
|
## Coding Standards
|
8
12
|
|
9
13
|
* 2 spaces per indentation level for Ruby code.
|
@@ -64,11 +68,22 @@ request][pull requests] page on Github.
|
|
64
68
|
|
65
69
|
## Writing Documentation
|
66
70
|
|
67
|
-
The documentation (both the guides and the API documentation)
|
71
|
+
The documentation (both the guides and the API documentation) uses
|
68
72
|
[Markdown][markdown] as its markup engine. All the text should be written in
|
69
73
|
English. Try writing as clear as possible and remove as much spelling/grammar
|
70
74
|
errors as you can find before submitting it to Ramaze.
|
71
75
|
|
76
|
+
When writing guides (or modifying existing ones) make sure that each line is no
|
77
|
+
longer than 80 characters and that there is no trailing whitespace in the file.
|
78
|
+
If you're using Vim you can configure it to automatically insert
|
79
|
+
characters/words on new lines using the following settings:
|
80
|
+
|
81
|
+
set nowrap
|
82
|
+
set tw=80
|
83
|
+
|
84
|
+
Other editors will have different settings so refer to the documentation of your
|
85
|
+
editor for more information.
|
86
|
+
|
72
87
|
Linking to classes and methods can be done by wrapping the namespace/method in
|
73
88
|
``{}``:
|
74
89
|
|
@@ -79,11 +94,68 @@ instead:
|
|
79
94
|
|
80
95
|
{file:path/to/file Title}
|
81
96
|
|
97
|
+
<div class="note todo">
|
98
|
+
<p>
|
99
|
+
Keep in mind that the above syntax for linking to files does not work
|
100
|
+
for files located outside of the guide/ directory.
|
101
|
+
</p>
|
102
|
+
</div>
|
103
|
+
|
82
104
|
Markdown files should be lower cased, spaces should be replaced with
|
83
105
|
underscores. Examples of this are ``ramaze_command.md`` and
|
84
106
|
``special_thanks.md``. Just like the Ruby code the text for the guide should be
|
85
107
|
wrapped at 80 characters.
|
86
108
|
|
109
|
+
### Testing Documentation
|
110
|
+
|
111
|
+
After you've made some changes you'll have to test it. Building the
|
112
|
+
documentation can be done in two different ways, either by building the Ramaze
|
113
|
+
only documentation or the documentation of both Ramaze and Innate.
|
114
|
+
|
115
|
+
Lets assume that you don't have a local copy of Ramaze' Git repository yet, you
|
116
|
+
can add such a copy by running the following Git command:
|
117
|
+
|
118
|
+
$ git clone git://github.com/Ramaze/ramaze.git
|
119
|
+
|
120
|
+
Once the cloning process has been completed you'll have to ``cd`` into the
|
121
|
+
"ramaze" directory. If you happen to have RVM installed doing this will most
|
122
|
+
likely trigger a warning about an untrusted .rvmrc file being detected. If you
|
123
|
+
decide to trust this file RVM will load it and automatically install all the
|
124
|
+
required gems (these can be found in the .gems file in the root directory of the
|
125
|
+
repository).
|
126
|
+
|
127
|
+
If you don't have RVM installed you'll have to install the dependencies of
|
128
|
+
Ramaze yourself, but fear not for it is very easy and only requires you to run
|
129
|
+
the following command:
|
130
|
+
|
131
|
+
$ rake setup
|
132
|
+
|
133
|
+
Similar to using RVM this command installs all required gems with a small
|
134
|
+
difference: it only installs what is supported by your platform. For example, on
|
135
|
+
OS X the "localmemcache" gem is not installed since it doesn't support this
|
136
|
+
operating system.
|
137
|
+
|
138
|
+
Once installed you can build the documentaton using the command ``rake yard``.
|
139
|
+
This command optionally takes a parameter that can be used to specify the path
|
140
|
+
to the **lib** directory of Innate. When specifying this path Innate's
|
141
|
+
documentation will be included as well (this is what we use for
|
142
|
+
<http://ramaze.net/>).
|
143
|
+
|
144
|
+
Of course for this to work you'll need to have a local copy of Innate as well.
|
145
|
+
Assuming you're still in the "ramaze" directory you can get a local copy of
|
146
|
+
Innate by running the following commands:
|
147
|
+
|
148
|
+
$ cd ..
|
149
|
+
$ git clone git://github.com/Ramaze/innate.git
|
150
|
+
$ cd ramaze
|
151
|
+
|
152
|
+
Now run the ``rake yard`` task as following:
|
153
|
+
|
154
|
+
$ rake yard[../innate/lib]
|
155
|
+
|
156
|
+
Once the documentation has been built (either by including or excluding Innate)
|
157
|
+
you can simply point your browser to the "doc" directory to view it.
|
158
|
+
|
87
159
|
## Spreading The Word
|
88
160
|
|
89
161
|
Maybe you're not familiar with Git or perhaps you just don't have the time to
|
@@ -106,3 +178,4 @@ file and a PNG of which both are displayed below.
|
|
106
178
|
[cc license]: http://creativecommons.org/licenses/by-sa/3.0/
|
107
179
|
[logo svg]: _static/logo.svg "The logo in SVG format"
|
108
180
|
[logo png]: _static/logo.png "The logo in PNG format"
|
181
|
+
[workflow]: https://github.com/thessaloniki/rb/wiki/Workflow
|
data/guide/general/helpers.md
CHANGED
@@ -74,3 +74,17 @@ load all helpers the Ramaze way.
|
|
74
74
|
* {Ramaze::Helper::Upload}: uploading files made easy.
|
75
75
|
* {Ramaze::Helper::UserHelper}: authenticate users using a model.
|
76
76
|
* {Ramaze::Helper::XHTML}
|
77
|
+
|
78
|
+
## Innate Helpers
|
79
|
+
|
80
|
+
Note that you may also find some popular helpers, that are used by default in
|
81
|
+
Ramaze, under the Innate project.
|
82
|
+
|
83
|
+
* {Innate::Helper::Aspect}: provides before/after wrappers for actions.
|
84
|
+
* {Innate::Helper::CGI}: gives shortcuts to some CGI methods.
|
85
|
+
* {Innate::Helper::Flash}: gives simple access to session.flash.
|
86
|
+
* {Innate::Helper::Link}: provides the path to a given Node and action.
|
87
|
+
* {Innate::Helper::Redirect}: provides the request redirect, raw_redirect
|
88
|
+
and respond convenience methods.
|
89
|
+
* {Innate::Helper::Render}: provides variants for partial, custom, full
|
90
|
+
view rendering.
|
@@ -1,10 +1,12 @@
|
|
1
1
|
# Rack Middlewares
|
2
2
|
|
3
|
-
Ramaze is a Rack based framework and thus allows you to create so called
|
4
|
-
middlewares. Middlewares are basically
|
5
|
-
|
6
|
-
|
7
|
-
|
3
|
+
Ramaze is a Rack based framework and thus allows you to create so called Rack
|
4
|
+
middlewares. Middlewares are basically objects that are stacked together
|
5
|
+
in order to intercept and process sequentially each incoming request and outgoing
|
6
|
+
response between Rack and Ramaze. You can think of a collection of middlewares
|
7
|
+
as a stack at whose bottom lies your Ramaze app.
|
8
|
+
|
9
|
+
The flow of a Rack request (including middlewares) looks as following::
|
8
10
|
|
9
11
|
Request --> Server (Thin, Unicorn, etc) --> Rack --> Middleware(s) -->
|
10
12
|
Ramaze --> Controller
|
@@ -81,20 +83,37 @@ banned". Our final middleware looks like the following:
|
|
81
83
|
## Using Middlewares
|
82
84
|
|
83
85
|
Now it's time to tell Ramaze to actually use the middleware. This can be done
|
84
|
-
by calling Ramaze#middleware!. This method
|
85
|
-
middlewares to use for
|
86
|
-
|
86
|
+
by calling Ramaze#middleware!. This method accepts a block in which one defines
|
87
|
+
which middlewares to use for a specific mode and the name for this Ramaze mode
|
88
|
+
(Ramaze comes with "live" and "dev").
|
89
|
+
|
90
|
+
In the block you can call two Innate#MiddlewareCompiler methods
|
91
|
+
```use()``` and ```run()```. The ```use()``` method is used in order to add and
|
92
|
+
configure a middleware, while ```run()``` is used to determine what class is used
|
93
|
+
to run our Ramaze application. Unless you're using a custom class this should
|
94
|
+
always be set to {Ramaze::AppMap}.
|
95
|
+
|
96
|
+
Assuming we're running in "dev" mode our call will look like the following:
|
87
97
|
|
88
98
|
Ramaze.middleware! :dev do |m|
|
89
99
|
m.use(Banlist)
|
90
100
|
m.run(Ramaze::AppMap)
|
91
101
|
end
|
92
102
|
|
93
|
-
|
94
|
-
|
95
|
-
|
96
|
-
|
97
|
-
|
98
|
-
|
99
|
-
|
100
|
-
|
103
|
+
Note that when you use Ramaze#middleware! you also replace the previously setup
|
104
|
+
stack of middlewares. Therefore in order to add your new middleware on top of
|
105
|
+
the existing ones you either have to read-in each one using
|
106
|
+
``Innate#MiddlewareCompiler#middlewares`` and re-add it to the newly created
|
107
|
+
middleware stack or simply copy (lets say in your app.rb) what has been setup
|
108
|
+
inside ``lib/ramaze.rb``.
|
109
|
+
|
110
|
+
current_mw = Ramaze.middleware(:dev).middlewares
|
111
|
+
Ramaze.middleware! :dev do |mode|
|
112
|
+
current_mw.each do |mw|
|
113
|
+
mode.use(mw[0],*mw[1], &mw[2]) # middleware, args, block
|
114
|
+
end
|
115
|
+
|
116
|
+
mode.use(Banlist)
|
117
|
+
mode.run(Ramaze::AppMap)
|
118
|
+
end
|
119
|
+
|
data/guide/general/sessions.md
CHANGED
@@ -19,6 +19,36 @@ session until the client's session is destroyed (or the data is removed) it's
|
|
19
19
|
best to use session, if you only want to store something until the client is
|
20
20
|
redirected to another page (or just visits a page himself) you should use flash.
|
21
21
|
|
22
|
+
## Changing Drivers
|
23
|
+
|
24
|
+
Out of the box Ramaze uses the driver {Ramaze::Cache::LRU}. This driver
|
25
|
+
stores all session related data in the memory of the current process. While this
|
26
|
+
is fine during development it's something you most likely don't want to use in a
|
27
|
+
multi process based environment as data stored in a process' memory isn't
|
28
|
+
shared. To work around this you can use an alternative driver, such a driver can
|
29
|
+
be set as following:
|
30
|
+
|
31
|
+
Ramaze::Cache.options.session = Ramaze::Cache::MemCache
|
32
|
+
|
33
|
+
This particular example tells Ramaze to use Memcached for storing session
|
34
|
+
related data. Where you set this doesn't really matter as long as it's done
|
35
|
+
before calling ``Ramaze.start``. Generally you'd want to put this in a
|
36
|
+
configuration file that's loaded in your app.rb file, if your application is a
|
37
|
+
small one you can just put it in the app.rb file directly.
|
38
|
+
|
39
|
+
## Available Drivers
|
40
|
+
|
41
|
+
* {Ramaze::Cache::Sequel}
|
42
|
+
* {Ramaze::Cache::LRU}
|
43
|
+
* {Ramaze::Cache::MemCache}
|
44
|
+
* {Ramaze::Cache::Redis}
|
45
|
+
* {Ramaze::Cache::LocalMemCache}
|
46
|
+
* {Innate::Cache::FileBased}
|
47
|
+
* {Innate::Cache::DRb}
|
48
|
+
* {Innate::Cache::Marshal}
|
49
|
+
* {Innate::Cache::Memory}
|
50
|
+
* {Innate::Cache::YAML}
|
51
|
+
|
22
52
|
## The Session Object
|
23
53
|
|
24
54
|
As mentioned earlier session is used for data that should be stored until the
|
@@ -61,7 +91,7 @@ has a few extra methods besides [] and []=. These methods are delete(), clear(),
|
|
61
91
|
flush(), resid!() and sid(). We're not going to cover all methods but we will
|
62
92
|
look at the delete() and resid() methods.
|
63
93
|
|
64
|
-
|
94
|
+
### session.delete
|
65
95
|
|
66
96
|
The method Session.delete can be used to remove a chunk of data from the
|
67
97
|
client's session. In order to delete our amount of visits all we'd have to do
|
@@ -72,7 +102,7 @@ is the following:
|
|
72
102
|
From this point on the "visits" key is set to nil until the user visits the
|
73
103
|
index page again.
|
74
104
|
|
75
|
-
|
105
|
+
### session.resid!
|
76
106
|
|
77
107
|
Session.resid! can be used to regenerate the client's session ID without
|
78
108
|
destroying the session data. This method is extremely useful for authentication
|
@@ -83,16 +113,14 @@ following to be done:
|
|
83
113
|
|
84
114
|
session.resid!
|
85
115
|
|
86
|
-
##
|
116
|
+
## Flashdata
|
87
117
|
|
88
|
-
|
89
|
-
|
90
|
-
|
91
|
-
|
92
|
-
|
93
|
-
|
94
|
-
Storing data in the flash works similar to storing data in the session and can
|
95
|
-
be done by calling the flash object:
|
118
|
+
Flashdata is a form of session data that is removed as soon as the client
|
119
|
+
requests a new resource. This means that if something is stored in the flash and
|
120
|
+
the user is redirected the data will be automatically removed. One of the things
|
121
|
+
the flash data can be used for is storing notifications that are displayed if a
|
122
|
+
blog post has been saved successfully. Storing data in the flash works similar
|
123
|
+
to storing data in the session and can be done by calling the flash object:
|
96
124
|
|
97
125
|
flash[:message] = "Hello, Ramaze!"
|
98
126
|
|
@@ -137,5 +165,3 @@ displayed because the flash data isn't there yet. As soon as the client visits
|
|
137
165
|
"Hello, Ramaze!" would be displayed. Refreshing the page would clear the flash
|
138
166
|
data and the message would no longer be displayed until the client visits
|
139
167
|
/set\_message again.
|
140
|
-
|
141
|
-
[the flash]: http://en.wikipedia.org/wiki/The_Flash_(comic_book)
|
@@ -45,7 +45,7 @@
|
|
45
45
|
|
46
46
|
<footer id="footer">
|
47
47
|
<p>
|
48
|
-
Ramaze is free software and is licensed under the
|
48
|
+
Ramaze is free software and is licensed under the MIT license.<br />
|
49
49
|
All textual content is licensed under a
|
50
50
|
<a href="http://creativecommons.org/licenses/by-nc-sa/3.0/">
|
51
51
|
Creative Commons license.
|
data/lib/ramaze.rb
CHANGED
data/lib/ramaze/cache.rb
CHANGED
data/lib/ramaze/cache/lru.rb
CHANGED
data/lib/ramaze/controller.rb
CHANGED
data/lib/ramaze/dependencies.rb
CHANGED
@@ -13,7 +13,7 @@ module Ramaze
|
|
13
13
|
# Array containing the names and versions of all the gems required by Ramaze
|
14
14
|
# along with the name of how the gem should be required.
|
15
15
|
DEPENDENCIES = [
|
16
|
-
{:name => 'innate', :version => ['>=
|
16
|
+
{:name => 'innate', :version => ['>= 2012.03']}
|
17
17
|
]
|
18
18
|
|
19
19
|
# Array containing all the development dependencies.
|
@@ -40,7 +40,8 @@ module Ramaze
|
|
40
40
|
{:name => 'tenjin' , :version => ['>= 0.6.1']},
|
41
41
|
{:name => 'yard' , :version => ['>= 0.7.2']},
|
42
42
|
{:name => 'redis' , :version => ['>= 2.2.2']},
|
43
|
-
{:name => 'rdiscount' , :version => ['>= 1.6.8']}
|
43
|
+
{:name => 'rdiscount' , :version => ['>= 1.6.8']},
|
44
|
+
{:name => 'slim' , :version => ['>= 1.1.0']}
|
44
45
|
]
|
45
46
|
|
46
47
|
# Lokar requires Ruby >= 1.9
|
data/lib/ramaze/gestalt.rb
CHANGED
data/lib/ramaze/helper.rb
CHANGED
data/lib/ramaze/helper/auth.rb
CHANGED
data/lib/ramaze/helper/cache.rb
CHANGED
data/lib/ramaze/helper/csrf.rb
CHANGED
@@ -75,8 +75,6 @@ module Ramaze
|
|
75
75
|
# end
|
76
76
|
# end
|
77
77
|
#
|
78
|
-
# @author Yorick Peterse
|
79
|
-
#
|
80
78
|
module CSRF
|
81
79
|
##
|
82
80
|
# Method that can be used to protect the specified methods against CSRF
|
@@ -84,7 +82,6 @@ module Ramaze
|
|
84
82
|
# a field called "csrf_token". This method will then validate that token
|
85
83
|
# against the current token in the session.
|
86
84
|
#
|
87
|
-
# @author Yorick Peterse
|
88
85
|
# @param [Strings/Symbol] *methods Methods that will be
|
89
86
|
# protected/unprotected.
|
90
87
|
# @param [Block] Block that will be executed if the token is invalid.
|
@@ -101,7 +98,8 @@ module Ramaze
|
|
101
98
|
if methods.include?(action.name) or methods.include?(action.name.to_sym)
|
102
99
|
# THINK: For now the field name is hard-coded to "csrf_token". While
|
103
100
|
# this is perfectly fine in most cases it might be a good idea
|
104
|
-
# to allow developers to change the name of this field (for whatever
|
101
|
+
# to allow developers to change the name of this field (for whatever
|
102
|
+
# the reason).
|
105
103
|
yield unless validate_csrf_token(request.params['csrf_token'])
|
106
104
|
end
|
107
105
|
end
|
@@ -117,20 +115,13 @@ module Ramaze
|
|
117
115
|
#
|
118
116
|
# Note that this method will be automatically called if no CSRF token exists.
|
119
117
|
#
|
120
|
-
# @
|
121
|
-
# @param [Hash] Additional arguments that can be set such as the TTL.
|
118
|
+
# @param [Hash] Additional arguments that can be set such as the TTL.
|
122
119
|
#
|
123
120
|
def generate_csrf_token(args = {})
|
124
|
-
|
125
|
-
ttl = args[:ttl] || (15 * 60)
|
126
|
-
|
127
|
-
# Get some good entropy
|
121
|
+
ttl = args[:ttl] || (15 * 60)
|
128
122
|
random = SecureRandom.random_bytes(512)
|
129
|
-
|
130
|
-
|
131
|
-
|
132
|
-
# Hash it together
|
133
|
-
token = Digest::SHA512.hexdigest(random + time.to_s)
|
123
|
+
time = Time.now.to_f
|
124
|
+
token = Digest::SHA512.hexdigest(random + time.to_s)
|
134
125
|
|
135
126
|
# Time to store all the data we want to check later.
|
136
127
|
session[:_csrf] = {
|
@@ -142,14 +133,12 @@ module Ramaze
|
|
142
133
|
:ttl => ttl
|
143
134
|
}
|
144
135
|
|
145
|
-
# Prevent this method from returning any value (it isn't needed anyway)
|
146
136
|
return
|
147
137
|
end
|
148
138
|
|
149
139
|
##
|
150
140
|
# Retrieves the current value of the CSRF token.
|
151
141
|
#
|
152
|
-
# @author Yorick Peterse
|
153
142
|
# @return [String] The current CSRF token.
|
154
143
|
# @example
|
155
144
|
# form(@data, :method => :post) do |f|
|
@@ -161,7 +150,6 @@ module Ramaze
|
|
161
150
|
self.generate_csrf_token
|
162
151
|
end
|
163
152
|
|
164
|
-
# Land ho!
|
165
153
|
return session[:_csrf][:token]
|
166
154
|
end
|
167
155
|
|
@@ -175,7 +163,6 @@ module Ramaze
|
|
175
163
|
# If any of these checks fail this method will return FALSE. It's your
|
176
164
|
# job to take action based on the results of this method.
|
177
165
|
#
|
178
|
-
# @author Yorick Peterse
|
179
166
|
# @param [String] input_token The CSRF token to validate.
|
180
167
|
# @return [TrueClass|FalseClass]
|
181
168
|
# @example
|
@@ -194,12 +181,18 @@ module Ramaze
|
|
194
181
|
|
195
182
|
_csrf = session[:_csrf]
|
196
183
|
|
197
|
-
|
198
|
-
session[:_csrf][:token] == input_token &&
|
184
|
+
valid = session[:_csrf][:token] == input_token &&
|
199
185
|
(Time.now.to_f - _csrf[:time]) <= _csrf[:ttl] &&
|
200
186
|
_csrf[:host] == request.host &&
|
201
187
|
_csrf[:ip] == request.ip &&
|
202
188
|
_csrf[:agent] == request.env['HTTP_USER_AGENT']
|
189
|
+
|
190
|
+
if valid
|
191
|
+
generate_csrf_token
|
192
|
+
return true
|
193
|
+
else
|
194
|
+
return false
|
195
|
+
end
|
203
196
|
end
|
204
197
|
end # CSRF
|
205
198
|
end # Helper
|