roda 3.101.0 → 3.103.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: a7b1458c27a93cf829302766fa6299abadc1b52a7cc45375c23e588d0a28bbf7
-  data.tar.gz: d9312bd50698b9eba385272903d3c12a04f5d699185f299b5ddc250fdcbac2ac
+  metadata.gz: d9809241399d00f1fc975608188f61e99c76c5818d7775a4fe8f0b7eeb9715e3
+  data.tar.gz: e04d8e54e041a4f96e998ebdd0431aada5e6d201fb1b6acc4b8c2a3fab50ea79
 SHA512:
-  metadata.gz: 1483575934392739f5ee8c79cd74ca78f434ba9d798d9c2066f24f737f39fbfd0c0ad818acbd28b113ffaedf7751b3c45302ee17f8590c1dd47d6072de785453
-  data.tar.gz: 20f6bc4308bcebd17abc063c4303487d80fd2ac63a1a35b35b99ae0ed2a2a82cf2c5effb480464817a3c1fbed343006a74547743022b1b2e2717c16164f06740
+  metadata.gz: 19235fd38195015a2b7392ebbf97d34d2f7bda2977c6d45c42fd3b2fd86b1cdee5eff2b65bccf485157955ad474994567ae1b99e93c9459a3a9601df65800f6c
+  data.tar.gz: 628a775ff0bbb503e18d3cc1989ddfb8dcafec407b890b96adf30684674f5ca749cc6ae6fdc9c4ff9ec59e7779f878f55ae37e76c0e52c26da4e8127a5a0f0f9

data/lib/roda/plugins/hash_public.rb

@@ -0,0 +1,105 @@
+# frozen-string-literal: true
+
+require 'digest/sha2'
+
+class Roda
+  module RodaPlugins
+    # The hash_public plugin adds a +hash_path+ method for constructing
+    # content-hash-based paths, and a +r.hash_public+ routing method to serve
+    # static files from a directory (using the public plugin).  This plugin is
+    # useful when you want to modify the path to static files when the content
+    # of the file changes, ensuring that requests for the static file will not
+    # be cached.
+    #
+    # Unlike the timestamp_public plugin, which uses file modification times,
+    # hash_public uses a SHA256 digest of the file content.  This makes paths
+    # stable across different build environments (e.g. Docker images built in
+    # CI/CD pipelines), where file modification times may vary even when the
+    # file content has not changed.
+    #
+    # Note that while this plugin will not serve files outside of the public
+    # directory, for performance reasons it does not check the path of the file
+    # is inside the public directory when computing the content hash.  If the
+    # +hash_path+ method is called with untrusted input, it is possible for an
+    # attacker to read the content hash of any file on the file system.
+    #
+    # This plugin caches the digest of file content on first read. That means
+    # if you change the file after that, it will continue to show the old hash.
+    # This can cause problems in development mode if you are modifying the
+    # content of files served by the plugin.
+    #
+    # Examples:
+    #
+    #   # Use public folder as location of files, and static as the path prefix
+    #   plugin :hash_public
+    #
+    #   # Use /path/to/app/static as location of files, and public as the path prefix
+    #   opts[:root] = '/path/to/app'
+    #   plugin :hash_public, root: 'static', prefix: 'public'
+    #
+    #   # Assuming public is the location of files, and static as the path prefix
+    #   route do
+    #     # Make GET /static/any-string/images/foo.png look for public/images/foo.png
+    #     r.hash_public
+    #
+    #     r.get "example" do
+    #       # "/static/sha256-url-safe-base64-encoded-file-digest-/images/foo.png"
+    #       hash_path("images/foo.png")
+    #     end
+    #   end
+    module HashPublic
+      # Use options given to setup content-hash-based file serving.  The
+      # following options are recognized by the plugin:
+      #
+      # :prefix :: The prefix for paths, before the hash segment
+      # :length :: The number of characters of the digest to use in paths
+      #            (default: full 43-character SHA256 URL safe base64 digest)
+      #
+      # The options given are also passed to the public plugin.
+      def self.configure(app, opts = {})
+        app.plugin :public, opts
+        app.opts[:hash_public_prefix] = (opts[:prefix] || app.opts[:hash_public_prefix] || 'static').dup.freeze
+        app.opts[:hash_public_length] = opts[:length] || app.opts[:hash_public_length]
+        app.opts[:hash_public_mutex] ||= Mutex.new
+        app.opts[:hash_public_cache] ||= {}
+      end
+
+      module InstanceMethods
+        # Return a path to the static file that could be served by r.hash_public.
+        # This does not check the file is inside the directory for performance
+        # reasons, so this should not be called with untrusted input.
+        def hash_path(file)
+          opts = self.opts
+          cache = opts[:hash_public_cache]
+          mutex = opts[:hash_public_mutex]
+          unless digest = mutex.synchronize{cache[file]}
+            digest = ::Digest::SHA256.file(File.join(opts[:public_root], file)).base64digest
+            digest.chomp!("=")
+            digest.tr!("+/", "-_")
+            if length = opts[:hash_public_length]
+              digest = digest[0, length]
+            end
+            digest.freeze
+            mutex.synchronize{cache[file] = digest}
+          end
+          "/#{opts[:hash_public_prefix]}/#{digest}/#{file}"
+        end
+      end
+
+      module RequestMethods
+        # Serve files from the public directory if the file exists,
+        # it includes the hash_public prefix segment followed by
+        # a string segment for the content hash, and this is a GET request.
+        def hash_public
+          if is_get?
+            on roda_class.opts[:hash_public_prefix], String do |_|
+              public
+            end
+          end
+        end
+      end
+    end
+
+    register_plugin(:hash_public, HashPublic)
+  end
+end

data/lib/roda/plugins/host_authorization.rb

@@ -5,7 +5,7 @@ class Roda
   module RodaPlugins
     # The host_authorization plugin allows configuring an authorized host or
     # an array of authorized hosts.  Then in the routing tree, you can check
-    # whether the request uses an authorized host via the +check_host_authorized!+
+    # whether the request uses an authorized host via the +check_host_authorization!+
     # method.
     # 
     # If the request doesn't match one of the authorized hosts, the
@@ -16,7 +16,7 @@ class Roda
     # By default, an empty response using status 403 will be returned for requests
     # with unauthorized hosts.
     #
-    # Because +check_host_authorized!+ is an instance method, you can easily choose
+    # Because +check_host_authorization!+ is an instance method, you can easily choose
     # to only check for authorization in certain routes, or to check it after
     # other processing.  For example, you could check for authorized hosts after
     # serving static files, since the serving of static files should not be
@@ -24,7 +24,7 @@ class Roda
     #
     # = Usage
     #
-    # In your routing tree, call the +check_host_authorized!+ method at the point you
+    # In your routing tree, call the +check_host_authorization!+ method at the point you
     # want to check for authorized hosts:
     #
     #   plugin :host_authorization, 'www.example.com'
@@ -32,7 +32,7 @@ class Roda
     #
     #   route do |r|
     #    r.public
-    #    check_host_authorized!
+    #    check_host_authorization!
     #
     #    # ...
     #   end
@@ -153,4 +153,3 @@ class Roda
     register_plugin(:host_authorization, HostAuthorization)
   end
 end
-

data/lib/roda/plugins/ip_from_header.rb

@@ -0,0 +1,34 @@
+# frozen-string-literal: true
+
+#
+class Roda
+  module RodaPlugins
+    # The ip_from_header plugin allows for overriding +request.ip+ to return
+    # the value contained in a specific header. This is useful when the
+    # application is behind a proxy that sets a specific header, especially
+    # when the proxy does not use a fixed IP address range. Example showing 
+    # usage with Cloudflare:
+    #
+    #   plugin :ip_from_header, "CF-Connecting-IP"
+    #
+    # This plugin assumes that if the header is set, it contains a valid IP
+    # address, it does not check the format of the header value, just as
+    # <tt>Rack::Request#ip</tt> does not check the IP address it returns is
+    # actually valid.
+    module IPFromHeader
+      def self.configure(app, header)
+        app.opts[:ip_from_header_env_key] = "HTTP_#{header.upcase.tr('-', '_')}".freeze
+      end
+
+      module RequestMethods
+        # Return the IP address continained in the configured header, if present.
+        # Fallback to the default behavior if not present.
+        def ip
+          @env[roda_class.opts[:ip_from_header_env_key]] || super
+        end
+      end
+    end
+
+    register_plugin(:ip_from_header, IPFromHeader)
+  end
+end

data/lib/roda/plugins/response_attachment.rb

@@ -0,0 +1,94 @@
+# frozen-string-literal: true
+
+require 'rack/mime'
+
+#
+class Roda
+  module RodaPlugins
+    # The attachment plugin adds a response.attachment method.
+    # When called with no filename, +attachment+ sets the Content-Disposition
+    # to attachment.  When called with a filename,+attachment+ sets the Content-Disposition
+    # to attachment with the appropriate filename parameter, and if the filename
+    # extension is recognized, this also sets the Content-Type to the appropriate
+    # MIME type if not already set.
+    #
+    #   # set Content-Disposition to 'attachment'
+    #   response.attachment
+    #
+    #   # set Content-Disposition to 'attachment; filename="a.csv"',
+    #   # also set Content-Type to 'text/csv'
+    #   response.attachment 'a.csv'
+    #
+    # == License
+    #
+    # The implementation was originally taken from Sinatra,
+    # which is also released under the MIT License:
+    #
+    # Copyright (c) 2007, 2008, 2009 Blake Mizerany
+    # Copyright (c) 2010, 2011, 2012, 2013, 2014 Konstantin Haase
+    # 
+    # Permission is hereby granted, free of charge, to any person
+    # obtaining a copy of this software and associated documentation
+    # files (the "Software"), to deal in the Software without
+    # restriction, including without limitation the rights to use,
+    # copy, modify, merge, publish, distribute, sublicense, and/or sell
+    # copies of the Software, and to permit persons to whom the
+    # Software is furnished to do so, subject to the following
+    # conditions:
+    # 
+    # The above copyright notice and this permission notice shall be
+    # included in all copies or substantial portions of the Software.
+    # 
+    # THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+    # EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES
+    # OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+    # NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT
+    # HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
+    # WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
+    # FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR
+    # OTHER DEALINGS IN THE SOFTWARE.
+    module ResponseAttachment
+      UTF8_ENCODING = Encoding.find('UTF-8')
+      ISO88591_ENCODING = Encoding.find('ISO-8859-1')
+      BINARY_ENCODING = Encoding.find('BINARY')
+
+      module ResponseMethods
+        # Set the Content-Disposition to "attachment" with the specified filename,
+        # instructing the user agents to prompt to save.
+        def attachment(filename = nil, disposition='attachment')
+          if filename
+            param_filename = File.basename(filename)
+            encoding = param_filename.encoding
+
+            needs_encoding = param_filename.gsub!(/[^ 0-9a-zA-Z!\#$&\+\.\^_`\|~]+/, '-')
+            params = "; filename=#{param_filename.inspect}"
+
+            if needs_encoding && (encoding == UTF8_ENCODING || encoding == ISO88591_ENCODING)
+              # File name contains non attr-char characters from RFC 5987 Section 3.2.1
+
+              encoded_filename = File.basename(filename).force_encoding(BINARY_ENCODING)
+              # Similar regexp as above, but treat each byte separately, and encode
+              # space characters, since those aren't allowed in attr-char
+              encoded_filename.gsub!(/[^0-9a-zA-Z!\#$&\+\.\^_`\|~]/) do |c|
+                "%%%X" % c.ord
+              end
+
+              encoded_params = "; filename*=#{encoding.to_s}''#{encoded_filename}"
+            end
+
+            unless @headers[RodaResponseHeaders::CONTENT_TYPE]
+              ext = File.extname(filename)
+              if !ext.empty? && (content_type = Rack::Mime.mime_type(ext, nil))
+                @headers[RodaResponseHeaders::CONTENT_TYPE] = content_type
+              end
+            end
+          end
+
+          @headers[RodaResponseHeaders::CONTENT_DISPOSITION] = "#{disposition}#{params}#{encoded_params}"
+        end
+      end
+    end
+
+    register_plugin(:response_attachment, ResponseAttachment)
+  end
+end

data/lib/roda/plugins/send_file.rb

@@ -0,0 +1,127 @@
+# frozen-string-literal: true
+
+begin
+  require 'rack/files'
+rescue LoadError
+  require 'rack/file'
+end
+
+#
+class Roda
+  module RodaPlugins
+    # The send_file plugin adds a send_file method, used for
+    # returning the contents of a file as the body of a request.
+    # It also loads the response_attachment plugin to set the
+    # Content-Disposition and Content-Type based on the file's
+    # extension.
+    #
+    # senf_file will serve the file with the given path from the file system:
+    #
+    #   send_file 'path/to/file.txt'
+    #
+    # Options:
+    #
+    # :disposition :: Set the Content-Disposition to the given disposition.
+    # :filename :: Set the Content-Disposition to attachment (unless :disposition is set),
+    #              and set the filename parameter to the value.
+    # :last_modified :: Explicitly set the Last-Modified header to the given value, and
+    #                   return a not modified response if there has not been modified since
+    #                   the previous request.  This option requires the caching plugin.
+    # :status :: Override the status for the response.
+    # :type :: Set the Content-Type to use for this response.
+    #
+    # == License
+    #
+    # The implementation was originally taken from Sinatra,
+    # which is also released under the MIT License:
+    #
+    # Copyright (c) 2007, 2008, 2009 Blake Mizerany
+    # Copyright (c) 2010, 2011, 2012, 2013, 2014 Konstantin Haase
+    # 
+    # Permission is hereby granted, free of charge, to any person
+    # obtaining a copy of this software and associated documentation
+    # files (the "Software"), to deal in the Software without
+    # restriction, including without limitation the rights to use,
+    # copy, modify, merge, publish, distribute, sublicense, and/or sell
+    # copies of the Software, and to permit persons to whom the
+    # Software is furnished to do so, subject to the following
+    # conditions:
+    # 
+    # The above copyright notice and this permission notice shall be
+    # included in all copies or substantial portions of the Software.
+    # 
+    # THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+    # EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES
+    # OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+    # NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT
+    # HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
+    # WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
+    # FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR
+    # OTHER DEALINGS IN THE SOFTWARE.
+    module SendFile
+      RACK_FILES = defined?(Rack::Files) ? Rack::Files : Rack::File
+
+      # Depend on the status_303 plugin.
+      def self.load_dependencies(app)
+        app.plugin :response_attachment
+      end
+
+      module InstanceMethods
+        # Use the contents of the file at +path+ as the response body.  See plugin documentation for options.
+        def send_file(path, opts = OPTS)
+          r = @_request
+          res = @_response
+          headers = res.headers
+          if (type = opts[:type]) || !headers[RodaResponseHeaders::CONTENT_TYPE]
+            type_str = type.to_s
+
+            if type_str.include?('/')
+              type = type_str
+            else
+              if type
+                type = ".#{type}" unless type_str.start_with?(".")
+              else
+                type = ::File.extname(path)
+              end
+
+              type &&= Rack::Mime.mime_type(type, nil)
+              type ||= 'application/octet-stream'
+            end
+            
+            headers[RodaResponseHeaders::CONTENT_TYPE] = type
+          end
+
+          disposition = opts[:disposition]
+          filename    = opts[:filename]
+          if disposition || filename
+            disposition ||= 'attachment'
+            filename = path if filename.nil?
+            res.attachment(filename, disposition)
+          end
+
+          if lm = opts[:last_modified]
+            r.last_modified(lm)
+          end
+
+          file = RACK_FILES.new nil
+          s, h, b = if Rack.release > '2'
+            file.serving(r, path)
+          else
+            file.path = path
+            file.serving(env)
+          end
+
+          res.status = opts[:status] || s
+          headers.delete(RodaResponseHeaders::CONTENT_LENGTH)
+          headers.replace(h.merge!(headers))
+          r.halt res.finish_with_body(b)
+        rescue Errno::ENOENT
+          response.status = 404
+          r.halt
+        end
+      end
+    end
+
+    register_plugin(:send_file, SendFile)
+  end
+end

data/lib/roda/plugins/sinatra_helpers.rb

@@ -1,12 +1,6 @@
 # frozen-string-literal: true
 
 require 'rack/mime'
-begin
-  require 'rack/files'
-rescue LoadError
-  require 'rack/file'
-end
-
 
 #
 class Roda
@@ -91,20 +85,7 @@ class Roda
     #
     # === send_file
     #
-    # This will serve the file with the given path from the file system:
-    #
-    #   send_file 'path/to/file.txt'
-    #
-    # Options:
-    #
-    # :disposition :: Set the Content-Disposition to the given disposition.
-    # :filename :: Set the Content-Disposition to attachment (unless :disposition is set),
-    #              and set the filename parameter to the value.
-    # :last_modified :: Explicitly set the Last-Modified header to the given value, and
-    #                   return a not modified response if there has not been modified since
-    #                   the previous request.  This option requires the caching plugin.
-    # :status :: Override the status for the response.
-    # :type :: Set the Content-Type to use for this response.
+    # See send_file plugin documentation for details.
     #
     # == Response Methods Added
     #
@@ -166,15 +147,7 @@ class Roda
     #
     # === attachment
     #
-    # When called with no filename, +attachment+ just sets the Content-Disposition
-    # to attachment.  When called with a filename, this sets the Content-Disposition
-    # to attachment with the appropriate filename parameter, and if the filename
-    # extension is recognized, this also sets the Content-Type to the appropriate
-    # MIME type if not already set.
-    #
-    #   attachment          # set Content-Disposition to 'attachment'
-    #   attachment 'a.csv'  # set Content-Disposition to 'attachment;filename="a.csv"',
-    #                       # also set Content-Type to 'text/csv'
+    # See response_attachment plugin for details.
     #
     # === status predicates
     #
@@ -219,15 +192,10 @@ class Roda
     # FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR
     # OTHER DEALINGS IN THE SOFTWARE.
     module SinatraHelpers
-      UTF8_ENCODING = Encoding.find('UTF-8')
-      ISO88591_ENCODING = Encoding.find('ISO-8859-1')
-      BINARY_ENCODING = Encoding.find('BINARY')
-
-      RACK_FILES = defined?(Rack::Files) ? Rack::Files : Rack::File
-
       # Depend on the status_303 plugin.
       def self.load_dependencies(app, _opts = nil)
         app.plugin :status_303
+        app.plugin :send_file
       end
 
       # Add delegate methods to the route block scope
@@ -323,40 +291,9 @@ class Roda
           super(path, status)
         end
 
-        # Use the contents of the file at +path+ as the response body.  See plugin documentation for options.
+        # Backwards compatibility for callers of r.send_file.
         def send_file(path, opts = OPTS)
-          res = response
-          headers = res.headers
-          if opts[:type] || !headers[RodaResponseHeaders::CONTENT_TYPE]
-            res.content_type(opts[:type] || ::File.extname(path), :default => 'application/octet-stream')
-          end
-
-          disposition = opts[:disposition]
-          filename    = opts[:filename]
-          if disposition || filename
-            disposition ||= 'attachment'
-            filename = path if filename.nil?
-            res.attachment(filename, disposition)
-          end
-
-          if lm = opts[:last_modified]
-            last_modified(lm)
-          end
-
-          file = RACK_FILES.new nil
-          s, h, b = if Rack.release > '2'
-            file.serving(self, path)
-          else
-            file.path = path
-            file.serving(@env)
-          end
-
-          res.status = opts[:status] || s
-          headers.delete(RodaResponseHeaders::CONTENT_LENGTH)
-          headers.replace(h.merge!(headers))
-          halt res.finish_with_body(b)
-        rescue Errno::ENOENT
-          not_found
+          scope.send_file(path, opts)
         end
 
         # Generates the absolute URI for a given path in the app.
@@ -438,39 +375,6 @@ class Roda
           @headers[RodaResponseHeaders::CONTENT_TYPE] = mime_type
         end
 
-        # Set the Content-Disposition to "attachment" with the specified filename,
-        # instructing the user agents to prompt to save.
-        def attachment(filename = nil, disposition='attachment')
-          if filename
-            param_filename = File.basename(filename)
-            encoding = param_filename.encoding
-
-            needs_encoding = param_filename.gsub!(/[^ 0-9a-zA-Z!\#$&\+\.\^_`\|~]+/, '-')
-            params = "; filename=#{param_filename.inspect}"
-
-            if needs_encoding && (encoding == UTF8_ENCODING || encoding == ISO88591_ENCODING)
-              # File name contains non attr-char characters from RFC 5987 Section 3.2.1
-
-              encoded_filename = File.basename(filename).force_encoding(BINARY_ENCODING)
-              # Similar regexp as above, but treat each byte separately, and encode
-              # space characters, since those aren't allowed in attr-char
-              encoded_filename.gsub!(/[^0-9a-zA-Z!\#$&\+\.\^_`\|~]/) do |c|
-                "%%%X" % c.ord
-              end
-
-              encoded_params = "; filename*=#{encoding.to_s}''#{encoded_filename}"
-            end
-
-            unless @headers[RodaResponseHeaders::CONTENT_TYPE]
-              ext = File.extname(filename)
-              unless ext.empty?
-                content_type(ext)
-              end
-            end
-          end
-          @headers[RodaResponseHeaders::CONTENT_DISPOSITION] = "#{disposition}#{params}#{encoded_params}"
-        end
-
         # Whether or not the status is set to 1xx. Returns nil if status not yet set.
         def informational?
           @status.between?(100, 199) if @status
@@ -521,7 +425,7 @@ class Roda
         [:logger, :back].each do |meth|
           define_method(meth){@_request.public_send(meth)}
         end
-        [:redirect, :uri, :url, :to, :send_file, :error, :not_found].each do |meth|
+        [:redirect, :uri, :url, :to, :error, :not_found].each do |meth|
           define_method(meth){|*v, &block| @_request.public_send(meth, *v, &block)}
         end
 

data/lib/roda/version.rb

@@ -4,7 +4,7 @@ class Roda
   RodaMajorVersion = 3
 
   # The minor version of Roda, updated for new feature releases of Roda.
-  RodaMinorVersion = 101
+  RodaMinorVersion = 103
 
   # The patch version of Roda, updated only for bug fixes from the last
   # feature release.

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: roda
 version: !ruby/object:Gem::Version
-  version: 3.101.0
+  version: 3.103.0
 platform: ruby
 authors:
 - Jeremy Evans
@@ -218,6 +218,7 @@ files:
 - lib/roda/plugins/hash_branches.rb
 - lib/roda/plugins/hash_matcher.rb
 - lib/roda/plugins/hash_paths.rb
+- lib/roda/plugins/hash_public.rb
 - lib/roda/plugins/hash_routes.rb
 - lib/roda/plugins/head.rb
 - lib/roda/plugins/header_matchers.rb
@@ -230,6 +231,7 @@ files:
 - lib/roda/plugins/indifferent_params.rb
 - lib/roda/plugins/inject_erb.rb
 - lib/roda/plugins/invalid_request_body.rb
+- lib/roda/plugins/ip_from_header.rb
 - lib/roda/plugins/json.rb
 - lib/roda/plugins/json_parser.rb
 - lib/roda/plugins/link_to.rb
@@ -278,6 +280,7 @@ files:
 - lib/roda/plugins/render_locals.rb
 - lib/roda/plugins/request_aref.rb
 - lib/roda/plugins/request_headers.rb
+- lib/roda/plugins/response_attachment.rb
 - lib/roda/plugins/response_content_type.rb
 - lib/roda/plugins/response_request.rb
 - lib/roda/plugins/route_block_args.rb
@@ -286,6 +289,7 @@ files:
 - lib/roda/plugins/run_handler.rb
 - lib/roda/plugins/run_require_slash.rb
 - lib/roda/plugins/sec_fetch_site_csrf.rb
+- lib/roda/plugins/send_file.rb
 - lib/roda/plugins/sessions.rb
 - lib/roda/plugins/shared_vars.rb
 - lib/roda/plugins/sinatra_helpers.rb