roda 0.9.0 → 1.0.0

data/lib/roda/plugins/_erubis_escaping.rb

@@ -0,0 +1,28 @@
+require 'erubis'
+
+class Roda
+  module RodaPlugins
+    # The _erubis_escaping plugin is an internal plugin that provides a
+    # subclass of Erubis::EscapedEruby with a bugfix and an optimization.
+    module ErubisEscaping
+      # Optimized subclass that fixes escaping of postfix conditionals.
+      class Eruby < Erubis::EscapedEruby
+        # Set escaping class to a local variable, so you don't need a
+        # constant lookup per escape.
+        def convert_input(codebuf, input)
+          codebuf << '_erubis_xml_helper = Erubis::XmlHelper;'
+          super
+        end
+
+        # Fix bug in Erubis::EscapedEruby where postfix conditionals inside
+        # <%= %> are broken (e.g. <%= foo if bar %> ), and optimize by using
+        # a local variable instead of a constant lookup.
+        def add_expr_escaped(src, code)
+          src << " #{@bufvar} << _erubis_xml_helper.escape_xml((" << code << '));'
+        end
+      end
+    end
+
+    register_plugin(:_erubis_escaping, ErubisEscaping)
+  end
+end

data/lib/roda/plugins/all_verbs.rb

@@ -16,7 +16,7 @@ class Roda
     #   plugin :all_verbs
     #
     #   route do |r|
-    #     r.delete
+    #     r.delete do
     #       # Handle DELETE
     #     end
     #     r.put do
@@ -30,14 +30,12 @@ class Roda
     # The verb methods are defined via metaprogramming, so there
     # isn't documentation for the individual methods created.
     module AllVerbs
-      module RequestMethods
-        %w'delete head options link patch put trace unlink'.each do |t|
-          if ::Rack::Request.method_defined?("#{t}?")
-            class_eval(<<-END, __FILE__, __LINE__+1)
-              def #{t}(*args, &block)
-                is_or_on(*args, &block) if #{t}?
-              end
-            END
+      def self.configure(app)
+        %w'delete head options link patch put trace unlink'.each do |v|
+          if ::Rack::Request.method_defined?("#{v}?")
+            app.request_module do
+              app::RodaRequest.def_verb_method(self, v)
+            end
           end
         end
       end

data/lib/roda/plugins/backtracking_array.rb

@@ -0,0 +1,92 @@
+class Roda
+  module RodaPlugins
+    # The backtracking_array plugin changes the handling of array
+    # matchers such that if one of the array entries matches, but
+    # a later match argument fails, it will backtrack and try the
+    # next entry in the array.  For example, the following match
+    # block does not match +/a/b+ by default:
+    #
+    #   r.is ['a', 'a/b'] do |path|
+    #     # ...
+    #   end
+    #
+    # This is because the <tt>'a'</tt> entry in the array matches, which
+    # makes the array match.  However, the next matcher is the
+    # terminal matcher (since +r.is+ was used), and since the
+    # path is not terminal as it still contains +/b+ after
+    # matching <tt>'a'</tt>.
+    #
+    # With the backtracking_array plugin, when the terminal matcher
+    # fails, matching will go on to the next entry in the array,
+    # <tt>'a/b'</tt>, which will also match.  Since <tt>'a/b'</tt>
+    # matches the path fully, the terminal matcher also matches,
+    # and the match block yields.
+    module BacktrackingArray
+      module RequestMethods
+        PATH_INFO = "PATH_INFO".freeze
+        SCRIPT_NAME = "SCRIPT_NAME".freeze
+
+        private
+
+        # When matching for a single array, after a successful
+        # array element match, attempt to match all remaining
+        # elements.  If the remaining elements could not be
+        # matched, reset the state and continue to the next
+        # entry in the array.
+        def _match_array(arg, rest=nil)
+          return super unless rest
+          env = @env
+
+          script = env[SCRIPT_NAME]
+          path = env[PATH_INFO]
+          caps = captures.dup
+          arg.each do |v|
+            if match(v, rest)
+              if v.is_a?(String)
+                captures.push(v)
+              end
+
+              if match_all(rest)
+                return true
+              end
+
+              # Matching all remaining elements failed, reset state
+              captures.replace(caps)
+              env[SCRIPT_NAME] = script
+              env[PATH_INFO] = path
+            end
+          end
+          false
+        end
+
+        # If any of the args are an array, handle backtracking such
+        # that if a later matcher fails, we roll back to the current
+        # matcher and proceed to the next entry in the array.
+        def match_all(args)
+          args = args.dup
+          until args.empty?
+            arg = args.shift
+            if match(arg, args)
+              return true if arg.is_a?(Array)
+            else
+              return
+            end
+          end
+          true
+        end
+
+        # When matching an array, include the remaining arguments,
+        # otherwise, just match the single argument.
+        def match(v, rest = nil)
+          if v.is_a?(Array)
+            _match_array(v, rest)
+          else
+            super(v)
+          end
+        end
+      end
+    end
+
+    register_plugin(:backtracking_array, BacktrackingArray)
+  end
+end

data/lib/roda/plugins/content_for.rb

@@ -0,0 +1,46 @@
+class Roda
+  module RodaPlugins
+    # The content_for plugin is designed to be used with the
+    # render plugin, allowing you to store content inside one
+    # template, and retrieve that content inside a separate
+    # template.  Most commonly, this is so view templates
+    # can set content for the layout template to display outside
+    # of the normal content pane.
+    #
+    # The content_for template probably only works with erb
+    # templates, and requires that you don't override the
+    # +:outvar+ render option.  In the template in which you
+    # want to store content, call content_for with a block:
+    #
+    #   <% content_for :foo do %>
+    #     Some content here.
+    #   <% end %>
+    #
+    # In the template in which you want to retrieve content,
+    # call content_for without the block:
+    #
+    #   <%= content_for :foo %>
+    module ContentFor
+      module InstanceMethods
+        # If called with a block, store content enclosed by block
+        # under the given key.  If called without a block, retrieve
+        # stored content with the given key, or return nil if there
+        # is no content stored with that key.
+        def content_for(key, &block)
+          if block
+            @_content_for ||= {}
+            buf_was = @_out_buf
+            @_out_buf = ''
+            yield
+            @_content_for[key] = @_out_buf
+            @_out_buf = buf_was
+          elsif @_content_for
+            @_content_for[key]
+          end
+        end
+      end
+    end
+
+    register_plugin(:content_for, ContentFor)
+  end
+end

data/lib/roda/plugins/csrf.rb

@@ -0,0 +1,60 @@
+require 'rack/csrf'
+
+class Roda
+  module RodaPlugins
+    # The csrf plugin adds CSRF protection using rack_csrf, along with
+    # some csrf helper methods to use in your views.  To use it, load
+    # the plugin, with the options hash passed to Rack::Csrf:
+    #
+    #   plugin :csrf, :raise=>true
+    #
+    # This adds the following instance methods:
+    #
+    # csrf_field :: The field name to use for the hidden/meta csrf tag.
+    # csrf_header :: The http header name to use for submitting csrf token via
+    #                headers (useful for javascript).
+    # csrf_metatag :: An html meta tag string containing the token, suitable
+    #                 for placing in the page header
+    # csrf_tag :: An html hidden input tag string containing the token, suitable
+    #             for placing in an html form.
+    # csrf_token :: The value of the csrf token, in case it needs to be accessed
+    #               directly.
+    module Csrf
+      CSRF = ::Rack::Csrf
+
+      # Load the Rack::Csrf middleware into the app with the given options.
+      def self.configure(app, opts={})
+        app.use CSRF, opts
+      end
+
+      module InstanceMethods
+        # The name of the hidden/meta csrf tag.
+        def csrf_field
+          CSRF.field
+        end
+
+        # The http header name to use for submitting csrf token via headers.
+        def csrf_header
+          CSRF.header
+        end
+
+        # An html meta tag string containing the token.
+        def csrf_metatag(opts={})
+          CSRF.metatag(env, opts)
+        end
+
+        # An html hidden input tag string containing the token.
+        def csrf_tag
+          CSRF.tag(env)
+        end
+
+        # The value of the csrf token.
+        def csrf_token
+          CSRF.token(env)
+        end
+      end
+    end
+
+    register_plugin(:csrf, Csrf)
+  end
+end

data/lib/roda/plugins/flash.rb

@@ -1,4 +1,4 @@
-require 'sinatra/flash/hash'
+require 'delegate'
 
 class Roda
   module RodaPlugins
@@ -25,20 +25,66 @@ class Roda
     #       end
     #     end
     #   end
-    #
-    # The flash plugin uses sinatra-flash internally, so you
-    # must install sinatra-flash in order to use it.
     module Flash
-      FlashHash = ::Sinatra::Flash::FlashHash
+      # Simple flash hash, where assiging to the hash updates the flash
+      # used in the following request.
+      class FlashHash < DelegateClass(Hash)
+        # The flash hash for the next request.  This
+        # is what gets written to by #[]=.
+        attr_reader :next 
+
+        # The flash hash for the current request
+        alias now __getobj__
+
+        # Setup the next hash when initializing, and handle treat nil
+        # as a new empty hash.
+        def initialize(hash={})
+          super(hash||{})
+          @next = {}
+        end
+
+        # Update the next hash with the given key and value.
+        def []=(k, v)
+          @next[k] = v
+        end
+
+        # Remove given key from the next hash, or clear the next hash if
+        # no argument is given.
+        def discard(key=(no_arg=true))
+          if no_arg
+            @next.clear
+          else
+            @next.delete(key)
+          end
+        end
+
+        # Copy the entry with the given key from the current hash to the
+        # next hash, or copy all entries from the current hash to the
+        # next hash if no argument is given.
+        def keep(key=(no_arg=true))
+          if no_arg
+            @next.merge!(self)
+          else
+            self[key] = self[key]
+          end
+        end
+
+        # Replace the current hash with the next hash and clear the next hash.
+        def sweep
+          replace(@next)
+          @next.clear
+          self
+        end
+      end
 
       module InstanceMethods
         # The internal session key used to store the flash.
-        KEY = :flash
+        KEY = :_flash
 
         # Access the flash hash for the current request, loading
         # it from the session if it is not already loaded.
         def flash
-          @_flash ||= FlashHash.new((session ? session[KEY] : {}))
+          @_flash ||= FlashHash.new(session[KEY])
         end
 
         private

data/lib/roda/plugins/halt.rb

@@ -1,18 +1,12 @@
 class Roda
   module RodaPlugins
-    # The halt plugin augments the standard request +halt+ method to handle more than
-    # just rack response arrays.
+    # The halt plugin augments the standard request +halt+ method to allow the response
+    # status, body, or headers to be changed when halting.
     #
     # After loading the halt plugin:
     #
     #   plugin :halt
     #
-    # You can call halt with no arguments to immediately stop processing:
-    #
-    #   route do |r|
-    #     r.halt
-    #   end
-    #
     # You can call the halt method with an integer to set the response status and return:
     #   
     #   route do |r|
@@ -22,23 +16,23 @@ class Roda
     # Or set the response body and return:
     #
     #   route do |r|
-    #     r.halt("body')
+    #     r.halt('body')
     #   end
     #
     # Or set both:
     #
     #   route do |r|
-    #     r.halt(403, "body')
+    #     r.halt(403, 'body')
     #   end
     #
     # Or set response status, headers, and body:
     #
     #   route do |r|
-    #     r.halt(403, {'Content-Type'=>'text/csv'}, "body')
+    #     r.halt(403, {'Content-Type'=>'text/csv'}, 'body')
     #   end
     #
     # Note that there is a difference between provide status, headers, and body as separate
-    # arguments and providing them as a rack response array.  With a rack response array,
+    # arguments and providing them as a single rack response array.  With a rack response array,
     # the values are used directly, while with 3 arguments, the headers given are merged into
     # the existing headers and the given body is written to the existing response body.
     module Halt
@@ -54,7 +48,7 @@ class Roda
             when String
               response.write v
             when Array
-              super
+              throw :halt, v
             else
               raise Roda::RodaError, "singular argument to #halt must be Integer, String, or Array"
             end
@@ -69,7 +63,7 @@ class Roda
             raise Roda::RodaError, "too many arguments given to #halt (accepts 0-3, received #{res.length})"
           end
 
-          _halt response.finish
+          super()
         end
       end
     end

data/lib/roda/plugins/head.rb

@@ -0,0 +1,56 @@
+class Roda
+  module RodaPlugins
+    # The head plugin attempts to automatically handle HEAD requests,
+    # by treating them as GET requests and returning an empty body
+    # without modifying the response status or response headers.
+    #
+    # So for the following routes,
+    #
+    #   route do |r|
+    #     r.root do
+    #       'root'
+    #     end
+    #
+    #     r.get 'a' do
+    #       'a'
+    #     end
+    #
+    #     r.is 'b', :method=>[:get, :post] do
+    #       'b'
+    #     end
+    #   end
+    #
+    # HEAD requests for +/+, +/a+, and +/b+ will all return 200 status
+    # with an empty body.
+    module Head
+      module InstanceMethods
+        # Always use an empty response body for head requests, with a
+        # content length of 0.
+        def call(*)
+          res = super
+          if request.head?
+            res[2] = []
+          end
+          res
+        end
+      end
+
+      module RequestMethods
+        # Consider HEAD requests as GET requests.
+        def is_get?
+          super || head?
+        end
+
+        private
+
+        # If the current request is a HEAD request, match if one of
+        # the given methods is a GET request.
+        def match_method(method)
+          super || (!method.is_a?(Array) && head? && method.to_s.upcase == 'GET')
+        end
+      end
+    end
+
+    register_plugin(:head, Head)
+  end
+end