roda 3.18.0 → 3.19.0

data/lib/roda/plugins/match_hook.rb

@@ -0,0 +1,69 @@
+# frozen-string-literal: true
+
+#
+class Roda
+  module RodaPlugins
+    # The match_hook plugin adds hooks that are called upon a successful match
+    # by any of the matchers.
+    #
+    #   plugin :match_hook
+    #
+    #   match_hook do
+    #     logger.debug("#{request.matched_path} matched. #{request.remaining_path} remaining.")
+    #   end
+    module MatchHook
+      def self.configure(app)
+        app.opts[:match_hooks] ||= []
+      end
+
+      module ClassMethods
+        # Freeze the array of hook methods when freezing the app
+        def freeze
+          opts[:match_hooks].freeze
+          super
+        end
+
+        # Add a match hook.
+        def match_hook(&block)
+          opts[:match_hooks] << define_roda_method("match_hook", 0, &block)
+
+          if opts[:match_hooks].length == 1
+            class_eval("alias _match_hook #{opts[:match_hooks].first}", __FILE__, __LINE__)
+          else
+            class_eval("def _match_hook; #{opts[:match_hooks].join(';')} end", __FILE__, __LINE__)
+          end
+
+          public :_match_hook
+
+          nil
+        end
+      end
+
+      module InstanceMethods
+        # Default empty method if no match hooks are defined.
+        def _match_hook
+        end
+      end
+
+      module RequestMethods
+        private
+
+        # Call the match hook if yielding to the block before yielding to the block.
+        def if_match(_)
+          super do |*a|
+            scope._match_hook
+            yield(*a)
+          end
+        end
+
+        # Call the match hook before yielding to the block
+        def always
+          scope._match_hook
+          super
+        end
+      end
+    end
+
+    register_plugin :match_hook, MatchHook
+  end
+end

data/lib/roda/plugins/multi_route.rb

@@ -13,6 +13,10 @@ class Roda
     # if the first segment in the path matches a named route, and dispatch
     # to that named route.
     #
+    # The hash_routes plugin offers a +r.hash_routes+ method that is similar to
+    # and performs better than the +r.multi_route+ method, and it is recommended
+    # to consider using that instead of this plugin.
+    #
     # Example:
     #
     #   plugin :multi_route

data/lib/roda/plugins/multi_view.rb

@@ -16,6 +16,10 @@ class Roda
     # +multi_view_compile+ class method that will take an array of view template
     # names and construct a regexp that can be passed to +r.multi_view+.
     #
+    # The hash_routes plugin offers a views method that is similar to and performs
+    # better than the +r.multi_view+ method, and it is recommended to consider
+    # using that instead of this plugin.
+    #
     # Example:
     #
     #   plugin :multi_view

data/lib/roda/plugins/optimized_string_matchers.rb

@@ -34,7 +34,7 @@ class Roda
         def is_exactly(s)
           rp = @remaining_path
           if _match_string(s)
-            if @remaining_path == ''
+            if @remaining_path.empty?
               always{yield}
             else
               @remaining_path = rp

data/lib/roda/plugins/sessions.rb

@@ -20,8 +20,9 @@ class Roda
     # The sessions plugin adds support for sessions using cookies. It is the recommended
     # way to support sessions in Roda applications.
     #
-    # The session cookies are encrypted with AES-256-CTR and then signed with HMAC-SHA-256.
-    # By default, session data is padded to reduce information leaked based on the session size.
+    # The session cookies are encrypted with AES-256-CTR using a separate encryption key per cookie,
+    # and then signed with HMAC-SHA-256.  By default, session data is padded to reduce information
+    # leaked based on the session size.
     #
     # Sessions are serialized via JSON, so session information should only store data that
     # allows roundtrips via JSON (String, Integer, Float, Array, Hash, true, false, and nil).
@@ -77,6 +78,12 @@ class Roda
     #                bytes if given.
     # :pad_size :: Pad session data (after possible compression, before encryption), to a multiple of this
     #              many bytes (default: 32).  This can be between 2-4096 bytes, or +nil+ to disable padding.
+    # :per_cookie_cipher_secret :: Uses a separate cipher key for every cookie, with the key used generated using
+    #                              HMAC-SHA-256 of 32 bytes of random data with the default cipher secret. This
+    #                              offers additional protection in case the random initialization vector used when
+    #                              encrypting the session data has been reused. Odds of that are 1 in 2**64 if
+    #                              initialization vector is truly random, but weaknesses in the random number
+    #                              generator could make the odds much higher.  Default is +true+.
     # :parser :: The parser for the serialized session data (default: <tt>JSON.method(:parse)</tt>).
     # :serializer :: The serializer for the session data (default +:to_json.to_proc+).
     # :skip_within :: If the last update time for the session cookie is less than this number of seconds from the
@@ -105,13 +112,18 @@ class Roda
     #
     # = Session Cookie Cryptography/Format
     #
-    # Session cookies created by this plugin use the following format:
+    # Session cookies created by this plugin by default use the following format:
     #
-    #   urlsafe_base64(version + IV + auth tag + encrypted session data + HMAC)
+    #   urlsafe_base64("\1" + random_data + IV + encrypted session data + HMAC)
+    #
+    # If +:per_cookie_cipher_secret+ option is set to +false+, an older format is used:
+    #
+    #   urlsafe_base64("\0" + IV + encrypted session data + HMAC)
     #
     # where:
     #
-    # version :: 1 byte, currently must be 0, other values reserved for future expansion.
+    # version :: 1 byte, currently must be 1 or 0, other values reserved for future expansion.
+    # random_data :: 32 bytes, used for generating the per-cookie secret
     # IV :: 16 bytes, initialization vector for AES-256-CTR cipher.
     # encrypted session data :: >=12 bytes of data encrypted with AES-256-CTR cipher, see below.
     # HMAC :: 32 bytes, HMAC-SHA-256 of all preceding data plus cookie key (so that a cookie value
@@ -141,6 +153,7 @@ class Roda
       SESSION_CREATED_AT = 'roda.session.created_at'.freeze
       SESSION_UPDATED_AT = 'roda.session.updated_at'.freeze
       SESSION_SERIALIZED = 'roda.session.serialized'.freeze
+      SESSION_VERSION_NUM = 'roda.session.version'.freeze
       SESSION_DELETE_RACK_COOKIE = 'roda.session.delete_rack_session_cookie'.freeze
 
       # Exception class used when creating a session cookie that would exceed the
@@ -166,6 +179,9 @@ class Roda
         opts[:parser] ||= app.opts[:json_parser] || JSON.method(:parse)
         opts[:serializer] ||= app.opts[:json_serializer] || :to_json.to_proc
 
+        opts[:per_cookie_cipher_secret] = true unless opts.has_key?(:per_cookie_cipher_secret)
+        opts[:session_version_num] = opts[:per_cookie_cipher_secret] ? 1 : 0
+
         if opts[:upgrade_from_rack_session_cookie_secret]
           opts[:upgrade_from_rack_session_cookie_key] ||= 'rack.session'
           rsco = opts[:upgrade_from_rack_session_cookie_options] = Hash[opts[:upgrade_from_rack_session_cookie_options] || OPTS]
@@ -317,10 +333,13 @@ class Roda
           rescue ArgumentError
             return _session_serialization_error("Unable to decode session: invalid base64")
           end
-          length = data.bytesize
-          if data.length < 61
-            # minimum length (1+16+12+32) (version+cipher_iv+minimum session+hmac)
+
+          case version = data.getbyte(0)
+          when 1
+            per_cookie_secret = true
+            # minimum length (1+32+16+12+32) (version+random_data+cipher_iv+minimum session+hmac)
             # 1 : version
+            # 32 : random_data (if per_cookie_cipher_secret)
             # 16 : cipher_iv
             # 12 : minimum_session
             #      2 : bitmap for gzip + padding info
@@ -328,12 +347,20 @@ class Roda
             #      4 : update time
             #      2 : data
             # 32 : HMAC-SHA-256
-            return _session_serialization_error("Unable to decode session: data too short")
+            min_data_length = 93
+          when 0
+            per_cookie_secret = false
+            # minimum length (1+16+12+32) (version+cipher_iv+minimum session+hmac)
+            min_data_length = 61
+          when nil
+            return _session_serialization_error("Unable to decode session: no data")
+          else
+            return _session_serialization_error("Unable to decode session: version marker unsupported")
           end
 
-          unless data.getbyte(0) == 0
-            # version marker
-            return _session_serialization_error("Unable to decode session: version marker unsupported")
+          length = data.bytesize
+          if data.length < min_data_length
+            return _session_serialization_error("Unable to decode session: data too short")
           end
 
           encrypted_data = data.slice!(0, length-32)
@@ -345,7 +372,15 @@ class Roda
             end
           end
 
+          # Remove version
           encrypted_data.slice!(0)
+
+          cipher_secret = opts[use_old_cipher_secret ? :old_cipher_secret : :cipher_secret]
+          if per_cookie_secret
+            cipher_secret = OpenSSL::HMAC.digest(OpenSSL::Digest::SHA256.new, cipher_secret, encrypted_data.slice!(0, 32))
+          end
+          cipher_iv = encrypted_data.slice!(0, 16)
+
           cipher = OpenSSL::Cipher.new("aes-256-ctr")
 
           # Not rescuing cipher errors.  If there is an error in the decryption, that's
@@ -353,8 +388,8 @@ class Roda
           # able to forge a valid HMAC, in which case the error should be raised to
           # alert the application owner about the problem.
           cipher.decrypt
-          cipher.key = opts[use_old_cipher_secret ? :old_cipher_secret : :cipher_secret]
-          cipher_iv = cipher.iv = encrypted_data.slice!(0, 16)
+          cipher.key = cipher_secret
+          cipher.iv = cipher_iv
           data = cipher.update(encrypted_data) << cipher.final
 
           bitmap, created_at, updated_at = data.unpack('vVV')
@@ -376,6 +411,7 @@ class Roda
           env[SESSION_CREATED_AT] = created_at
           env[SESSION_UPDATED_AT] = updated_at
           env[SESSION_SERIALIZED] = data
+          env[SESSION_VERSION_NUM] = version
 
           opts[:parser].call(data)
         end
@@ -387,6 +423,7 @@ class Roda
           json_data = opts[:serializer].call(session).force_encoding('BINARY')
 
           if (serialized_session = env[SESSION_SERIALIZED]) &&
+             (opts[:session_version_num] == env[SESSION_VERSION_NUM]) &&
              (updated_at = env[SESSION_UPDATED_AT]) &&
              (now - updated_at < opts[:skip_within]) &&
              (serialized_session == json_data)
@@ -418,14 +455,24 @@ class Roda
           serialized_data << padding_data if padding_data
           serialized_data << json_data
 
+          cipher_secret = opts[:cipher_secret]
+          if per_cookie_secret = opts[:per_cookie_cipher_secret]
+            version = "\1"
+            per_cookie_secret_base = SecureRandom.random_bytes(32)
+            cipher_secret = OpenSSL::HMAC.digest(OpenSSL::Digest::SHA256.new, cipher_secret, per_cookie_secret_base)
+          else
+            version = "\0"
+          end
+
           cipher = OpenSSL::Cipher.new("aes-256-ctr")
           cipher.encrypt
-          cipher.key = opts[:cipher_secret]
+          cipher.key = cipher_secret
           cipher_iv = cipher.random_iv
           encrypted_data = cipher.update(serialized_data) << cipher.final
 
           data = String.new
-          data << "\0" # version marker
+          data << version
+          data << per_cookie_secret_base if per_cookie_secret_base
           data << cipher_iv
           data << encrypted_data
           data << OpenSSL::HMAC.digest(OpenSSL::Digest::SHA256.new, opts[:hmac_secret], data+opts[:key])

data/lib/roda/plugins/static_routing.rb

@@ -36,7 +36,7 @@ class Roda
     # leading slash in the path argument.
     #
     # Second, the static_* routing methods only take a single string argument for
-    # the path, they do not acccept other options, and do not handle placeholders
+    # the path, they do not accept other options, and do not handle placeholders
     # in strings.  For any routes needing placeholders, you should use Roda's
     # routing tree.
     #
@@ -49,56 +49,26 @@ class Roda
     # static_route block to have shared behavior for different request methods,
     # while still handling the request methods differently.
     module StaticRouting
-      def self.configure(app)
-        app.opts[:static_routes] ||= {}
+      def self.load_dependencies(app)
+        app.plugin :hash_routes
       end
 
       module ClassMethods
-        # Freeze the static route metadata when freezing the app.
-        def freeze
-          opts[:static_routes].freeze.each_value(&:freeze)
-          super
-        end
-
-        # Duplicate static route metadata in subclass.
-        def inherited(subclass)
-          super
-          static_routes = subclass.opts[:static_routes]
-          opts[:static_routes].each do |k, v|
-            static_routes[k] = v.dup
-          end
-        end
-
         # Add a static route for any request method.  These are
         # tried after the request method specific static routes (e.g.
         # static_get), but allow you to use Roda's routing tree
         # methods inside the route for handling shared behavior while
         # still allowing request method specific handling.
         def static_route(path, &block)
-          add_static_route(nil, path, &block)
+          hash_path(:static_routing, path, &block)
         end
         
-        # Return the static route for the given request method and path.
-        def static_route_for(method, path)
-          if h = opts[:static_routes][path]
-            h[method] || h[nil]
-          end
-        end
-
         [:get, :post, :delete, :head, :options, :link, :patch, :put, :trace, :unlink].each do |meth|
           request_method = meth.to_s.upcase
           define_method("static_#{meth}") do |path, &block|
-            add_static_route(request_method, path, &block)
+            hash_path(request_method, path, &block)
           end
         end
-
-        private
-
-        # Add a static route for the given method.
-        def add_static_route(method, path, &block)
-          routes = opts[:static_routes][path] ||= {}
-          routes[method] = define_roda_method(routes[method] || "static_route_#{method}_#{path}", 1, &convert_route_block(block))
-        end
       end
 
       module InstanceMethods
@@ -108,11 +78,8 @@ class Roda
         # instead having the routing tree handle the request.
         def _roda_before_30__static_routing
           r = @_request
-          if meth = self.class.static_route_for(r.request_method, r.path_info)
-            r.instance_variable_set(:@remaining_path, '')
-            r.send(:block_result, send(meth, r))
-            throw :halt, @_response.finish
-          end
+          r.hash_paths(r.request_method)
+          r.hash_paths(:static_routing)
         end
       end
     end

data/lib/roda/version.rb

@@ -4,7 +4,7 @@ class Roda
   RodaMajorVersion = 3
 
   # The minor version of Roda, updated for new feature releases of Roda.
-  RodaMinorVersion = 18
+  RodaMinorVersion = 19
 
   # The patch version of Roda, updated only for bug fixes from the last
   # feature release.

data/spec/define_roda_method_spec.rb

@@ -55,6 +55,9 @@ describe "Roda.define_roda_method" do
 
     m1 = app.define_roda_method("x", 1){2}
     @scope.send(m1, 3).must_equal 2
+
+    m1 = app.define_roda_method("x", 1){|x, y| [x, y]}
+    @scope.send(m1, 4).must_equal [4, nil]
   end
 
   it "should raise for unexpected expected_arity" do

data/spec/freeze_spec.rb

@@ -2,7 +2,16 @@ require_relative "spec_helper"
 
 describe "Roda.freeze" do
   before do
-    app{}.freeze
+    app{'a'}.freeze
+  end
+
+  it "should result in a working application" do
+    body.must_equal 'a'
+  end
+
+  it "should not break if called more than once" do
+    app.freeze
+    body.must_equal 'a'
   end
 
   it "should make opts not be modifiable after calling finalize!" do

data/spec/integration_spec.rb

@@ -195,7 +195,7 @@ describe "integration" do
   end
 
   it "should have app return the rack application to call" do
-    app(:bare){}.app.must_be_nil
+    app(:bare){}.app.must_be_kind_of(Proc)
     app.route{|r|}
     app.app.must_be_kind_of(Proc)
     c = Class.new{def initialize(app) @app = app end; def call(env) @app.call(env) end} 

data/spec/plugin/assets_spec.rb

@@ -196,6 +196,22 @@ if run_tests
       js.must_include('console.log')
     end
 
+    it 'should handle rendering assets, linking to them, and accepting requests for them when :timestamp_paths plugin option is used with string value' do
+      app.plugin :assets, :timestamp_paths=>'-'
+      html = body('/test')
+      html.scan(/<link/).length.must_equal 2
+      html =~ %r{href="(/assets/css/\d+-app\.scss)"}
+      css = body($1)
+      html =~ %r{href="(/assets/css/\d+-raw\.css)"}
+      css2 = body($1)
+      html.scan(/<script/).length.must_equal 1
+      html =~ %r{src="(/assets/js/\d+-head/app\.js)"}
+      js = body($1)
+      css.must_match(/color: red;/)
+      css2.must_match(/color: blue;/)
+      js.must_include('console.log')
+    end
+
     it 'should handle early hints if the :early_hints option is used' do
       app.plugin :assets, :early_hints=>true
       eh = []

data/spec/plugin/delay_build_spec.rb

@@ -1,6 +1,6 @@
 require_relative "../spec_helper"
 
-describe "delay_build plugin" do 
+describe "delay_build plugin" do
   it "does not build rack app until app is called" do
     app(:delay_build){"a"}
     app.instance_variable_get(:@app).must_be_nil
@@ -9,7 +9,7 @@ describe "delay_build plugin" do
     refute_equal app.instance_variable_get(:@app), nil
   end
 
-  it "only rebuilds the app if build! is called" do
+  it "supports the build! method for backwards compatibility" do
     app(:delay_build){"a"}
     body.must_equal "a"
     c = Class.new do
@@ -17,7 +17,6 @@ describe "delay_build plugin" do
       def call(_) [200, {}, ["b"]] end
     end
     app.use c
-    body.must_equal "a"
     app.build!
     body.must_equal "b"
   end