ramaze 2012.04.14 → 2012.12.08b
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- data/.gems +28 -35
- data/.gitignore +4 -0
- data/.travis.yml +3 -3
- data/Gemfile +3 -0
- data/README.md +1 -5
- data/Rakefile +9 -20
- data/examples/app/blog/app.rb +5 -14
- data/examples/app/todolist/start.rb +1 -5
- data/guide/AUTHORS +8 -3
- data/guide/CHANGELOG +587 -0
- data/guide/general/cache.md +1 -0
- data/guide/general/configuration.md +2 -1
- data/guide/general/contributing.md +1 -0
- data/guide/general/controllers.md +105 -10
- data/guide/general/helpers.md +6 -7
- data/guide/general/installation.md +2 -1
- data/guide/general/logging.md +1 -4
- data/guide/general/middlewares.md +15 -23
- data/guide/general/models.md +1 -0
- data/guide/general/principles.md +1 -0
- data/guide/general/ramaze_command.md +9 -54
- data/guide/general/routes.md +1 -0
- data/guide/general/sessions.md +3 -2
- data/guide/general/special_thanks.md +1 -0
- data/guide/general/testing.md +1 -0
- data/guide/general/views.md +35 -22
- data/lib/proto/Gemfile +4 -0
- data/lib/proto/README.md +35 -0
- data/lib/proto/Rakefile +1 -0
- data/lib/proto/app.rb +2 -6
- data/lib/proto/spec/helper.rb +39 -0
- data/lib/proto/task/ramaze.rake +57 -0
- data/lib/ramaze.rb +12 -39
- data/lib/ramaze/bin/create.rb +1 -3
- data/lib/ramaze/bin/runner.rb +0 -14
- data/lib/ramaze/cache.rb +21 -0
- data/lib/ramaze/cache/memcache.rb +1 -3
- data/lib/ramaze/cache/redis.rb +2 -4
- data/lib/ramaze/cache/sequel.rb +4 -5
- data/lib/ramaze/controller.rb +10 -3
- data/lib/ramaze/default_middleware.rb +24 -0
- data/lib/ramaze/files.rb +5 -5
- data/lib/ramaze/gestalt.rb +10 -10
- data/lib/ramaze/helper/blue_form.rb +33 -6
- data/lib/ramaze/helper/csrf.rb +22 -30
- data/lib/ramaze/helper/flash.rb +1 -1
- data/lib/ramaze/helper/upload.rb +5 -3
- data/lib/ramaze/helper/user.rb +1 -0
- data/lib/ramaze/log.rb +0 -5
- data/lib/ramaze/log/informer.rb +3 -3
- data/lib/ramaze/log/logging.rb +4 -4
- data/lib/ramaze/log/syslog.rb +2 -2
- data/lib/ramaze/response.rb +1 -1
- data/lib/ramaze/snippets.rb +0 -20
- data/lib/ramaze/spec/bacon.rb +5 -13
- data/lib/ramaze/version.rb +1 -1
- data/lib/ramaze/view/erector.rb +1 -3
- data/lib/ramaze/view/erubis.rb +1 -3
- data/lib/ramaze/view/ezamar.rb +1 -3
- data/lib/ramaze/view/haml.rb +1 -4
- data/lib/ramaze/view/liquid.rb +1 -3
- data/lib/ramaze/view/lokar.rb +1 -3
- data/lib/ramaze/view/mustache.rb +1 -3
- data/lib/ramaze/view/nagoro.rb +1 -4
- data/lib/ramaze/view/remarkably.rb +1 -4
- data/lib/ramaze/view/sass.rb +2 -5
- data/lib/ramaze/view/slim.rb +1 -3
- data/lib/ramaze/view/slippers.rb +1 -3
- data/lib/ramaze/view/tagz.rb +1 -3
- data/lib/ramaze/view/tenjin.rb +1 -3
- data/ramaze.gemspec +45 -16
- data/spec/helper.rb +0 -1
- data/spec/ramaze/cache/localmemcache.rb +0 -4
- data/spec/ramaze/controller/mapping.rb +17 -0
- data/spec/ramaze/dispatcher/directory.rb +6 -5
- data/spec/ramaze/dispatcher/file.rb +7 -4
- data/spec/ramaze/files.rb +0 -2
- data/spec/ramaze/helper/csrf.rb +0 -26
- data/spec/ramaze/helper/upload.rb +1 -0
- data/spec/ramaze/helper/user.rb +12 -0
- data/spec/ramaze/log/syslog.rb +5 -1
- data/spec/ramaze/view/lokar.rb +1 -1
- data/spec/ramaze/view/nagoro.rb +1 -1
- data/tasks/bacon.rake +1 -1
- data/tasks/gems.rake +15 -0
- data/tasks/release.rake +37 -8
- metadata +106 -139
- data/guide/_static/ramaze_console.png +0 -0
- data/guide/tutorials/introduction.md +0 -263
- data/lib/proto/model/init.rb +0 -6
- data/lib/proto/public/.htaccess +0 -24
- data/lib/proto/public/dispatch.fcgi +0 -11
- data/lib/proto/spec/main.rb +0 -20
- data/lib/proto/start.rb +0 -20
- data/lib/ramaze/app_graph.rb +0 -105
- data/lib/ramaze/bin/console.rb +0 -87
- data/lib/ramaze/bin/helper.rb +0 -107
- data/lib/ramaze/bin/restart.rb +0 -95
- data/lib/ramaze/bin/start.rb +0 -221
- data/lib/ramaze/bin/status.rb +0 -152
- data/lib/ramaze/bin/stop.rb +0 -112
- data/lib/ramaze/dependencies.rb +0 -84
- data/lib/ramaze/helper/disqus.rb +0 -27
- data/lib/ramaze/helper/ultraviolet.rb +0 -49
- data/lib/ramaze/log/analogger.rb +0 -50
- data/lib/ramaze/log/growl.rb +0 -55
- data/lib/ramaze/log/knotify.rb +0 -31
- data/lib/ramaze/log/xosd.rb +0 -94
- data/lib/ramaze/middleware_compiler.rb +0 -36
- data/lib/ramaze/plugin.rb +0 -69
- data/lib/ramaze/setup.rb +0 -210
- data/lib/ramaze/snippets/array/put_within.rb +0 -38
- data/lib/ramaze/snippets/binding/locals.rb +0 -20
- data/lib/ramaze/snippets/fiber.rb +0 -41
- data/lib/ramaze/snippets/kernel/pretty_inspect.rb +0 -18
- data/lib/ramaze/snippets/metaid.rb +0 -17
- data/lib/ramaze/snippets/numeric/filesize_format.rb +0 -30
- data/lib/ramaze/snippets/numeric/time.rb +0 -59
- data/lib/ramaze/snippets/object/instance_variable_defined.rb +0 -16
- data/lib/ramaze/snippets/object/pretty.rb +0 -12
- data/lib/ramaze/snippets/object/scope.rb +0 -16
- data/lib/ramaze/snippets/ordered_set.rb +0 -51
- data/lib/ramaze/snippets/proc/locals.rb +0 -19
- data/lib/ramaze/snippets/ramaze/acquire.rb +0 -32
- data/lib/ramaze/snippets/ramaze/dictionary.rb +0 -400
- data/lib/ramaze/snippets/ramaze/fiber.rb +0 -24
- data/lib/ramaze/snippets/ramaze/struct.rb +0 -43
- data/lib/ramaze/snippets/string/end_with.rb +0 -17
- data/lib/ramaze/snippets/string/ord.rb +0 -16
- data/lib/ramaze/snippets/string/start_with.rb +0 -14
- data/lib/ramaze/snippets/thread/into.rb +0 -16
- data/lib/ramaze/spec.rb +0 -4
- data/spec/ramaze/bin/start.rb +0 -34
- data/spec/ramaze/log/growl.rb +0 -45
- data/spec/ramaze/struct.rb +0 -50
- data/spec/snippets/array/put_within.rb +0 -38
- data/spec/snippets/binding/locals.rb +0 -12
- data/spec/snippets/numeric/filesize_format.rb +0 -15
- data/spec/snippets/numeric/time.rb +0 -15
- data/spec/snippets/ordered_set.rb +0 -66
- data/spec/snippets/ramaze/acquire.rb +0 -80
- data/spec/snippets/ramaze/dictionary.rb +0 -113
- data/spec/snippets/ramaze/struct.rb +0 -15
- data/spec/snippets/thread/into.rb +0 -12
- data/tasks/gem.rake +0 -21
- data/tasks/setup.rake +0 -14
data/lib/ramaze/cache/redis.rb
CHANGED
|
@@ -1,6 +1,4 @@
|
|
|
1
|
-
|
|
2
|
-
gem 'redis'
|
|
3
|
-
end
|
|
1
|
+
require 'redis'
|
|
4
2
|
|
|
5
3
|
module Ramaze
|
|
6
4
|
class Cache
|
|
@@ -122,7 +120,7 @@ module Ramaze
|
|
|
122
120
|
# Removes a number of keys from the cache.
|
|
123
121
|
#
|
|
124
122
|
# @author Michael Fellinger
|
|
125
|
-
# @param [Array]
|
|
123
|
+
# @param [Array] keys An array of key names to remove.
|
|
126
124
|
#
|
|
127
125
|
def cache_delete(*keys)
|
|
128
126
|
@client.del(*keys.map{|key| namespaced_key(key) })
|
data/lib/ramaze/cache/sequel.rb
CHANGED
|
@@ -1,6 +1,4 @@
|
|
|
1
|
-
|
|
2
|
-
gem 'sequel'
|
|
3
|
-
end
|
|
1
|
+
require 'sequel'
|
|
4
2
|
|
|
5
3
|
module Ramaze
|
|
6
4
|
class Cache
|
|
@@ -212,7 +210,7 @@ module Ramaze
|
|
|
212
210
|
@dataset.filter(:key => nkey).delete
|
|
213
211
|
# Remove multiple keys
|
|
214
212
|
else
|
|
215
|
-
nkeys = [key, keys].flatten.map! { |
|
|
213
|
+
nkeys = [key, keys].flatten.map! { |n| namespaced(n) }
|
|
216
214
|
result = dataset.select(:value).filter(:key => nkeys)
|
|
217
215
|
|
|
218
216
|
result.map! do |row|
|
|
@@ -285,7 +283,8 @@ module Ramaze
|
|
|
285
283
|
serialized_value = serialize(value)
|
|
286
284
|
|
|
287
285
|
if serialized_value
|
|
288
|
-
@dataset.
|
|
286
|
+
@dataset.filter(:key => nkey) \
|
|
287
|
+
.update(:value => serialize(value), :expires => expires)
|
|
289
288
|
end
|
|
290
289
|
# The row doesn't exist yet.
|
|
291
290
|
else
|
data/lib/ramaze/controller.rb
CHANGED
|
@@ -148,10 +148,17 @@ module Ramaze
|
|
|
148
148
|
return if chunks.empty?
|
|
149
149
|
|
|
150
150
|
last = chunks.last
|
|
151
|
-
return IRREGULAR_MAPPING[last] if IRREGULAR_MAPPING.key?(last)
|
|
152
151
|
|
|
153
|
-
|
|
154
|
-
|
|
152
|
+
if IRREGULAR_MAPPING.key?(last)
|
|
153
|
+
irregular = IRREGULAR_MAPPING[last]
|
|
154
|
+
return irregular if irregular.nil? || chunks.size == 1
|
|
155
|
+
chunks.pop
|
|
156
|
+
chunks << irregular
|
|
157
|
+
end
|
|
158
|
+
|
|
159
|
+
chunks.unshift ''
|
|
160
|
+
chunks.last.sub!(/Controller$/, '')
|
|
161
|
+
chunks.map{|chunk| chunk.snake_case }.join('/').squeeze('/')
|
|
155
162
|
end
|
|
156
163
|
|
|
157
164
|
##
|
|
@@ -0,0 +1,24 @@
|
|
|
1
|
+
Ramaze.middleware(:dev) do
|
|
2
|
+
use Rack::Lint
|
|
3
|
+
use Rack::CommonLogger, Ramaze::Log
|
|
4
|
+
use Rack::ShowExceptions
|
|
5
|
+
use Rack::ShowStatus
|
|
6
|
+
use Rack::RouteExceptions
|
|
7
|
+
use Rack::ConditionalGet
|
|
8
|
+
use Rack::ETag, 'public'
|
|
9
|
+
use Rack::Head
|
|
10
|
+
use Ramaze::Reloader
|
|
11
|
+
|
|
12
|
+
run Ramaze.core
|
|
13
|
+
end
|
|
14
|
+
|
|
15
|
+
Ramaze.middleware(:live) do
|
|
16
|
+
use Rack::CommonLogger, Ramaze::Log
|
|
17
|
+
use Rack::RouteExceptions
|
|
18
|
+
use Rack::ShowStatus
|
|
19
|
+
use Rack::ConditionalGet
|
|
20
|
+
use Rack::ETag, 'public'
|
|
21
|
+
use Rack::Head
|
|
22
|
+
|
|
23
|
+
run Ramaze.core
|
|
24
|
+
end
|
data/lib/ramaze/files.rb
CHANGED
|
@@ -8,12 +8,12 @@ module Ramaze
|
|
|
8
8
|
#
|
|
9
9
|
class Files
|
|
10
10
|
##
|
|
11
|
-
# Creates a new instance of the class, stores the given root directories
|
|
12
|
-
# syncs the changes with Rack::Cascade.
|
|
11
|
+
# Creates a new instance of the class, stores the given root directories
|
|
12
|
+
# and syncs the changes with Rack::Cascade.
|
|
13
13
|
#
|
|
14
14
|
# @author Michael Fellinger
|
|
15
15
|
# @since 14-03-2009
|
|
16
|
-
# @param [Array]
|
|
16
|
+
# @param [Array] roots A set of root directories that contain a number of
|
|
17
17
|
# public directories.
|
|
18
18
|
#
|
|
19
19
|
def initialize(*roots)
|
|
@@ -52,8 +52,8 @@ module Ramaze
|
|
|
52
52
|
# @since 14-03-2009
|
|
53
53
|
#
|
|
54
54
|
def sync
|
|
55
|
-
file_apps = @roots.map{|root|
|
|
56
|
-
@cascade
|
|
55
|
+
file_apps = @roots.map { |root| Rack::File.new(root) }
|
|
56
|
+
@cascade = Rack::Cascade.new(file_apps)
|
|
57
57
|
end
|
|
58
58
|
end # Files
|
|
59
59
|
end # Ramaze
|
data/lib/ramaze/gestalt.rb
CHANGED
|
@@ -26,7 +26,7 @@ module Ramaze
|
|
|
26
26
|
# The default way to start building your markup.
|
|
27
27
|
# Takes a block and returns the markup.
|
|
28
28
|
#
|
|
29
|
-
# @param [
|
|
29
|
+
# @param [Proc] block
|
|
30
30
|
#
|
|
31
31
|
def self.build(&block)
|
|
32
32
|
self.new(&block).to_s
|
|
@@ -39,7 +39,7 @@ module Ramaze
|
|
|
39
39
|
#
|
|
40
40
|
# Useful for distributed building of one page.
|
|
41
41
|
#
|
|
42
|
-
# @param [
|
|
42
|
+
# @param [Proc] block
|
|
43
43
|
#
|
|
44
44
|
def initialize(&block)
|
|
45
45
|
@out = []
|
|
@@ -49,9 +49,9 @@ module Ramaze
|
|
|
49
49
|
##
|
|
50
50
|
# Catching all the tags. passing it to _gestalt_build_tag
|
|
51
51
|
#
|
|
52
|
-
# @param [String]
|
|
52
|
+
# @param [String] meth The method that was called.
|
|
53
53
|
# @param [Hash] args Additional arguments passed to the called method.
|
|
54
|
-
# @param [
|
|
54
|
+
# @param [Proc] block
|
|
55
55
|
#
|
|
56
56
|
def method_missing(meth, *args, &block)
|
|
57
57
|
_gestalt_call_tag meth, args, &block
|
|
@@ -62,7 +62,7 @@ module Ramaze
|
|
|
62
62
|
#
|
|
63
63
|
# @param [Hash] args Extra arguments that should be processed before
|
|
64
64
|
# creating the paragraph tag.
|
|
65
|
-
# @param [
|
|
65
|
+
# @param [Proc] block
|
|
66
66
|
#
|
|
67
67
|
def p(*args, &block)
|
|
68
68
|
_gestalt_call_tag :p, args, &block
|
|
@@ -71,9 +71,9 @@ module Ramaze
|
|
|
71
71
|
##
|
|
72
72
|
# Workaround for Kernel#select to make <select></select> work.
|
|
73
73
|
#
|
|
74
|
-
# @param [
|
|
74
|
+
# @param [Array] args Extra arguments that should be processed before
|
|
75
75
|
# creating the select tag.
|
|
76
|
-
# @param [
|
|
76
|
+
# @param [Proc] block
|
|
77
77
|
#
|
|
78
78
|
def select(*args, &block)
|
|
79
79
|
_gestalt_call_tag(:select, args, &block)
|
|
@@ -84,7 +84,7 @@ module Ramaze
|
|
|
84
84
|
#
|
|
85
85
|
# @param [String] name
|
|
86
86
|
# @param [Hash] args
|
|
87
|
-
# @param [
|
|
87
|
+
# @param [Proc] block
|
|
88
88
|
#
|
|
89
89
|
def _gestalt_call_tag(name, args, &block)
|
|
90
90
|
if args.size == 1 and args[0].kind_of? Hash
|
|
@@ -140,8 +140,8 @@ module Ramaze
|
|
|
140
140
|
# Shortcut for building tags,
|
|
141
141
|
#
|
|
142
142
|
# @param [String] name
|
|
143
|
-
# @param [
|
|
144
|
-
# @param [
|
|
143
|
+
# @param [Array] args
|
|
144
|
+
# @param [Proc] block
|
|
145
145
|
#
|
|
146
146
|
def tag(name, *args, &block)
|
|
147
147
|
_gestalt_call_tag(name.to_s, args, &block)
|
|
@@ -25,6 +25,11 @@ module Ramaze
|
|
|
25
25
|
# f.input_text 'Username', :username
|
|
26
26
|
# end
|
|
27
27
|
#
|
|
28
|
+
# The object comes handy when you want to do server-side form validation:
|
|
29
|
+
# if the form can not be validated, just send back the object with keys
|
|
30
|
+
# containing what the user has filled. The fields will be populated with
|
|
31
|
+
# these values, so the user doesn't have to retype everything.
|
|
32
|
+
#
|
|
28
33
|
# If you don't want to use an object you can simply set the first parameter
|
|
29
34
|
# to nil.
|
|
30
35
|
#
|
|
@@ -32,15 +37,27 @@ module Ramaze
|
|
|
32
37
|
#
|
|
33
38
|
# The form helper uses Gestalt, Ramaze's custom HTML builder that works
|
|
34
39
|
# somewhat like Erector. The output is very minimalistic, elements such as
|
|
35
|
-
# legends and fieldsets have to be added manually.
|
|
36
|
-
#
|
|
40
|
+
# legends and fieldsets have to be added manually.
|
|
41
|
+
#
|
|
42
|
+
# If you need to add elements not covered by Form methods (e.g. `<div>`
|
|
43
|
+
# tags), you can access the form Gestalt instance with the g() method and
|
|
44
|
+
# generate your tags like this :
|
|
45
|
+
#
|
|
46
|
+
# form_for(@result, :method => :post) do |f|
|
|
47
|
+
# f.g.div(:class => "awesome") do
|
|
48
|
+
# ...
|
|
49
|
+
# end
|
|
50
|
+
# end
|
|
51
|
+
#
|
|
52
|
+
# Each combination of a label and input element will be wrapped in
|
|
53
|
+
# `<p>` tags.
|
|
37
54
|
#
|
|
38
55
|
# When using the form helper as a block in your templates it's important to
|
|
39
56
|
# remember that the result is returned and not displayed in the browser
|
|
40
57
|
# directly. When using Etanni this would result in something like the
|
|
41
58
|
# following:
|
|
42
59
|
#
|
|
43
|
-
# #{form_for(@result, :method => :post) do |f|
|
|
60
|
+
# #{form_for(@result, :method => :post) do |f|
|
|
44
61
|
# f.input_text 'Text label', :textname, 'Chunky bacon!'
|
|
45
62
|
# end}
|
|
46
63
|
#
|
|
@@ -49,6 +66,16 @@ module Ramaze
|
|
|
49
66
|
# f.input_text 'Username', :username
|
|
50
67
|
# end
|
|
51
68
|
#
|
|
69
|
+
# @example Adding custom elements inside a form
|
|
70
|
+
# form_for(@result, :method => :post) do |f|
|
|
71
|
+
# f.fieldset do
|
|
72
|
+
# f.g.div(:class => "control-group") do
|
|
73
|
+
# f.input_text 'Text label', :textname, { :placeholder => 'Chunky bacon!',
|
|
74
|
+
# :class => :bigsize }
|
|
75
|
+
# end
|
|
76
|
+
# end
|
|
77
|
+
# end
|
|
78
|
+
#
|
|
52
79
|
module BlueForm
|
|
53
80
|
##
|
|
54
81
|
# The form method generates the basic structure of the form. It should be
|
|
@@ -169,7 +196,7 @@ module Ramaze
|
|
|
169
196
|
end
|
|
170
197
|
|
|
171
198
|
##
|
|
172
|
-
# Generate a
|
|
199
|
+
# Generate a `<legend>` tag.
|
|
173
200
|
#
|
|
174
201
|
# @param [String] text The text to display inside the legend tag.
|
|
175
202
|
# @example
|
|
@@ -184,7 +211,7 @@ module Ramaze
|
|
|
184
211
|
##
|
|
185
212
|
# Generate a fieldset tag.
|
|
186
213
|
#
|
|
187
|
-
# @param [
|
|
214
|
+
# @param [Proc] block The form elements to display inside the fieldset.
|
|
188
215
|
# @example
|
|
189
216
|
# form_for(@data, :method => :post) do |f|
|
|
190
217
|
# f.fieldset do
|
|
@@ -317,7 +344,7 @@ module Ramaze
|
|
|
317
344
|
# @option args [Array] :values An array containing the possible values
|
|
318
345
|
# for the checkboxes.
|
|
319
346
|
# @option args [String/Symbol] :span_class The class to use for the
|
|
320
|
-
#
|
|
347
|
+
# `<span>` element that's wrapped around the checkbox.
|
|
321
348
|
# @option args [TrueClass/FalseClass] :show_value When set to false the
|
|
322
349
|
# value of each checkbox won't be displayed to the right of the
|
|
323
350
|
# checkbox. This option is set to true by default.
|
data/lib/ramaze/helper/csrf.rb
CHANGED
|
@@ -76,15 +76,21 @@ module Ramaze
|
|
|
76
76
|
# end
|
|
77
77
|
#
|
|
78
78
|
module CSRF
|
|
79
|
+
include Innate::Optioned
|
|
80
|
+
|
|
81
|
+
options.dsl do
|
|
82
|
+
o 'The name of the token field', :field_name, 'csrf_token'
|
|
83
|
+
end
|
|
84
|
+
|
|
79
85
|
##
|
|
80
86
|
# Method that can be used to protect the specified methods against CSRF
|
|
81
87
|
# exploits. Each protected method will require the token to be stored in
|
|
82
88
|
# a field called "csrf_token". This method will then validate that token
|
|
83
89
|
# against the current token in the session.
|
|
84
90
|
#
|
|
85
|
-
# @param
|
|
86
|
-
#
|
|
87
|
-
#
|
|
91
|
+
# @param [Array] methods Array of method names that should be checked.
|
|
92
|
+
# @param [Proc] block Block that will be executed if the token is
|
|
93
|
+
# invalid.
|
|
88
94
|
# @example
|
|
89
95
|
# # Protect "create" and "save" against CSRF exploits
|
|
90
96
|
# before_all do
|
|
@@ -94,43 +100,35 @@ module Ramaze
|
|
|
94
100
|
# end
|
|
95
101
|
#
|
|
96
102
|
def csrf_protection(*methods, &block)
|
|
97
|
-
|
|
98
|
-
|
|
99
|
-
|
|
100
|
-
|
|
101
|
-
|
|
102
|
-
# the reason).
|
|
103
|
-
yield unless validate_csrf_token(request.params['csrf_token'])
|
|
103
|
+
if methods.include?(action.name) \
|
|
104
|
+
or methods.include?(action.name.to_sym)
|
|
105
|
+
unless validate_csrf_token(request.params[CSRF.options.field_name])
|
|
106
|
+
yield
|
|
107
|
+
end
|
|
104
108
|
end
|
|
105
109
|
end
|
|
106
110
|
|
|
107
111
|
##
|
|
108
112
|
# Generate a new token and create the session array that will be used to
|
|
109
|
-
# validate the client.
|
|
110
|
-
#
|
|
111
|
-
# * token: An unique hash that will be stored in each form
|
|
112
|
-
# * agent: The visitor's user agent
|
|
113
|
-
# * ip: The IP address of the visitor
|
|
114
|
-
# * time: Timestamp that indicates at what time the data was generated.
|
|
113
|
+
# validate the client.
|
|
115
114
|
#
|
|
116
|
-
# Note that this method will be automatically called if no CSRF token
|
|
115
|
+
# Note that this method will be automatically called if no CSRF token
|
|
116
|
+
# exists.
|
|
117
117
|
#
|
|
118
|
-
# @param [Hash] Additional arguments that can be set such as the
|
|
118
|
+
# @param [Hash] args Additional arguments that can be set such as the
|
|
119
|
+
# TTL.
|
|
119
120
|
#
|
|
120
121
|
def generate_csrf_token(args = {})
|
|
121
|
-
ttl = args[:ttl] || (15 * 60)
|
|
122
122
|
random = SecureRandom.random_bytes(512)
|
|
123
123
|
time = Time.now.to_f
|
|
124
124
|
token = Digest::SHA512.hexdigest(random + time.to_s)
|
|
125
125
|
|
|
126
126
|
# Time to store all the data we want to check later.
|
|
127
127
|
session[:_csrf] = {
|
|
128
|
-
:time => time.to_i,
|
|
129
128
|
:token => token,
|
|
130
129
|
:ip => request.ip,
|
|
131
130
|
:agent => request.env['HTTP_USER_AGENT'],
|
|
132
|
-
:host => request.host
|
|
133
|
-
:ttl => ttl
|
|
131
|
+
:host => request.host
|
|
134
132
|
}
|
|
135
133
|
|
|
136
134
|
return
|
|
@@ -155,13 +153,7 @@ module Ramaze
|
|
|
155
153
|
|
|
156
154
|
##
|
|
157
155
|
# Validates the request based on the current session date stored in
|
|
158
|
-
# _csrf.
|
|
159
|
-
#
|
|
160
|
-
# * Do the user agent, ip and token match those supplied by the visitor?
|
|
161
|
-
# * Has the token been expired? (after 15 minutes).
|
|
162
|
-
#
|
|
163
|
-
# If any of these checks fail this method will return FALSE. It's your
|
|
164
|
-
# job to take action based on the results of this method.
|
|
156
|
+
# _csrf.
|
|
165
157
|
#
|
|
166
158
|
# @param [String] input_token The CSRF token to validate.
|
|
167
159
|
# @return [TrueClass|FalseClass]
|
|
@@ -182,13 +174,13 @@ module Ramaze
|
|
|
182
174
|
_csrf = session[:_csrf]
|
|
183
175
|
|
|
184
176
|
valid = session[:_csrf][:token] == input_token &&
|
|
185
|
-
(Time.now.to_f - _csrf[:time]) <= _csrf[:ttl] &&
|
|
186
177
|
_csrf[:host] == request.host &&
|
|
187
178
|
_csrf[:ip] == request.ip &&
|
|
188
179
|
_csrf[:agent] == request.env['HTTP_USER_AGENT']
|
|
189
180
|
|
|
190
181
|
if valid
|
|
191
182
|
generate_csrf_token
|
|
183
|
+
|
|
192
184
|
return true
|
|
193
185
|
else
|
|
194
186
|
return false
|
data/lib/ramaze/helper/flash.rb
CHANGED
|
@@ -36,7 +36,7 @@ module Ramaze
|
|
|
36
36
|
# Use in your template to display all flash messages that may be stored.
|
|
37
37
|
# For example, given you stored:
|
|
38
38
|
#
|
|
39
|
-
# flash # => { :error => '
|
|
39
|
+
# flash # => { :error => 'Please enter your name'
|
|
40
40
|
# :info => 'Do you see the fnords?' }
|
|
41
41
|
#
|
|
42
42
|
# Then a flashbox would display:
|
data/lib/ramaze/helper/upload.rb
CHANGED
|
@@ -246,8 +246,8 @@ module Ramaze
|
|
|
246
246
|
# handle_uploads_for :baz, [:qux, /^up.*/]
|
|
247
247
|
# end
|
|
248
248
|
#
|
|
249
|
-
# @param
|
|
250
|
-
# (and optionally patterns) that should handle file uploads
|
|
249
|
+
# @param [Array] args An arbitrary long list of arguments with action
|
|
250
|
+
# names (and optionally patterns) that should handle file uploads
|
|
251
251
|
# automatically. Each argument can either be a symbol or a two-element
|
|
252
252
|
# array consisting of a symbol and a reqexp.
|
|
253
253
|
# @see #handle_all_uploads
|
|
@@ -391,7 +391,7 @@ module Ramaze
|
|
|
391
391
|
# but if you provide a complete path this method it will try to identify
|
|
392
392
|
# the filename and use that instead.
|
|
393
393
|
#
|
|
394
|
-
# @param [String] The new suggested filename.
|
|
394
|
+
# @param [String] name The new suggested filename.
|
|
395
395
|
#
|
|
396
396
|
def filename=(name)
|
|
397
397
|
@filename = File.basename(name)
|
|
@@ -493,6 +493,8 @@ module Ramaze
|
|
|
493
493
|
# Update the realfile property, indicating that the file has been
|
|
494
494
|
# saved
|
|
495
495
|
@realfile = File.new(path)
|
|
496
|
+
# But no need to keep it open
|
|
497
|
+
@realfile.close
|
|
496
498
|
|
|
497
499
|
# If the unlink_tempfile option is set to true, delete the temporary
|
|
498
500
|
# file created by Rack
|
data/lib/ramaze/helper/user.rb
CHANGED
data/lib/ramaze/log.rb
CHANGED
|
@@ -21,14 +21,9 @@ module Ramaze
|
|
|
21
21
|
# @since 11-08-2009
|
|
22
22
|
#
|
|
23
23
|
module Logger
|
|
24
|
-
autoload :Analogger , 'ramaze/log/analogger'
|
|
25
|
-
autoload :Growl , 'ramaze/log/growl'
|
|
26
24
|
autoload :LogHub , 'ramaze/log/hub'
|
|
27
|
-
autoload :Knotify , 'ramaze/log/knotify'
|
|
28
25
|
autoload :RotatingInformer, 'ramaze/log/rotatinginformer'
|
|
29
26
|
autoload :Syslog , 'ramaze/log/syslog'
|
|
30
|
-
autoload :Growl , 'ramaze/log/growl'
|
|
31
|
-
autoload :Xosd , 'ramaze/log/xosd'
|
|
32
27
|
autoload :Logger , 'ramaze/log/logger'
|
|
33
28
|
end
|
|
34
29
|
end
|