roda 2.23.0 → 2.24.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: c091dcf6b8bb44694c2ea16a6244e3534662e2ed
-  data.tar.gz: cff4ce05dd629994658d4470bf2d3f339b6c11c7
+  metadata.gz: b17a05c593a91658be1194fb29c9564dcd6e3fe2
+  data.tar.gz: 153d3095509dd43d37e9297c963aea4e39ef2cbe
 SHA512:
-  metadata.gz: 4571d9602f0a17a330110bfcb4c319ff1c36476b16f8a488c0c081c5e651ddcbd8fe2df7c6d01f667dcc30445946f91131820e48fc22340c32a3465e21d5b756
-  data.tar.gz: d7d6fc717405752f1b4eabd14fc23587f4cf2d9c25db32ab6f9425f1a67cda19ea0cb84a0c42173f07cdf722b0c8ab0b962d74fb898fc47fd5ae9382406c7995
+  metadata.gz: d3871a3650c8490435fd94d13148a5ba90c636779cb1235c94c0bb61d76ef35efa8cf5c504e29271a3e34bcc818c179ed8a709e1576ccbeb53fb8c4825da2272
+  data.tar.gz: 0ab43b3207200bfc783a00d714b058d04220a1ab1dd333670b8c2d590530cab87564e9323f4023a6c8e48f63a50fd3cf82f842429ae395bdf8f192905fb035bd

data/CHANGELOG

@@ -1,3 +1,23 @@
+= 2.24.0 (2017-03-15)
+
+* Have h plugin use cgi/escape if available for faster escaping (jeremyevans)
+
+* Add disallow_file_uploads plugin for raising an exception if a multipart file upload is attempted (jeremyevans)
+
+* Add strip_path_prefix plugin for stripping prefixes off of internal absolute paths, making them relative paths (jeremyevans)
+
+* Add Roda.expand_path method to DRY up path expansion (jeremyevans)
+
+* Support :freeze_middleware option, which freezes all middleware instances when building the rack app (jeremyevans)
+
+* Allow middleware plugin to accept a block that will be used to configure the application when used as middleware (jeremyevans)
+
+* Support an options hash when loading the cookies plugin, that will be used as the defaults for setting and deleting cookies (mwpastore, jeremyevans) (#112)
+
+* Make the static_routing plugin work with the hooks plugin if the hooks plugin is loaded first (jeremyevans) (#110)
+
+* Do not modify the render plugin's cache if loading the plugin multiple times (jeremyevans)
+
 = 2.23.0 (2017-02-24)
 
 * Add :inherit_cache render plugin option, to create a copy of the cache for subclasses, instead of using an empty cache (jeremyevans)

data/README.rdoc

@@ -635,6 +635,7 @@ The following options are respected by the default library or multiple plugins:
 
 :add_script_name :: Prepend the SCRIPT_NAME for the request to paths.  This is
                     useful if you mount the app as a path under another app.
+:freeze_middleware :: Whether to freeze all middleware when building the rack app.
 :root :: Set the root path for the app.  This defaults to the current working
          directory of the process.
 :unsupported_block_result :: If set to :raise, raises an error if a match or

data/doc/release_notes/2.24.0.txt

@@ -0,0 +1,65 @@
+= New Features
+
+* The middleware plugin now accepts a block that can be used to
+  implement configurable middleware.  This allows you to load the
+  Roda application as middleware in another application, and provide
+  options/block that are passed to the block you passed when loading
+  the middleware plugin.  Example:
+
+    class Mid < Roda
+      plugin :middleware do |middleware, *args, &block|
+        middleware.opts[:middleware_args] = args
+        block.call(middleware)
+      end
+    end
+
+    class App < Roda
+      use Mid, :foo, :bar do |middleware|
+        middleware.opts[:middleware_args] << :baz
+      end
+    end
+
+  Note that when passing a block when loading the middleware plugin,
+  using the middleware in another rack application will actually
+  load a subclass of the middleware (Mid in the example above).
+  This allows you to use the Roda middleware multiple times in the
+  same process with different configurations.
+
+* The cookies plugin now accepts options that are used as the default
+  options when setting and deleting cookies:
+
+    plugin :cookies, :path => '/foo', :domain => 'example.com'
+
+* A strip_path_prefix plugin has been added, which can be used to
+  strip prefixes from internal paths.  Internally Sequel stores
+  most paths as absolute paths, but there are cases where this
+  doesn't work well, such as symlink changes and chroot.  This
+  plugin supports those scenarios.
+
+* A disallow_file_uploads plugin has been added, which raises
+  an exception if the user attempts a multipart file upload.
+  More exactly, it makes the application raise an exception if
+  attempting to parse a request body when the user has submitted
+  a multipart file upload.  This is useful if you don't need to
+  support file uploads in your application, or cases where no
+  paths are writable by the application (due to chroot or system call
+  filtering).
+
+* The :freeze_middleware option has been added, which freezes all
+  middleware instances when building the rack application.  This
+  can help find thread safety issues in middleware.
+
+= Other Improvements
+
+* The h plugin is now about 6x faster on ruby 2.3+ due to the use
+  of cgi/escape.
+
+* The static_routing plugin now works with the hooks plugin if the
+  hooks plugin is loaded first.
+
+* The render plugin's render cache is no longer cleared when loading
+  the plugin multiple times.
+
+= Backwards Compatibility
+
+* The h plugin now escapes ' as &#39; instead of &#x27;.

data/lib/roda.rb

@@ -123,6 +123,11 @@ class Roda
           build_rack_app
         end
 
+        # Expand the given path, using the root argument as the base directory.
+        def expand_path(path, root=opts[:root])
+          ::File.expand_path(path, root)
+        end
+
         # Freeze the internal state of the class, to avoid thread safety issues at runtime.
         # It's optional to call this method, as nothing should be modifying the
         # internal state at runtime anyway, but this makes sure an exception will
@@ -220,10 +225,13 @@ class Roda
         # Build the rack app to use
         def build_rack_app
           if block = @route_block
-            builder = Rack::Builder.new
-            @middleware.each{|a, b| builder.use(*a, &b)}
-            builder.run lambda{|env| new(env).call(&block)}
-            @app = builder.to_app
+            app = lambda{|env| new(env).call(&block)}
+            @middleware.reverse_each do |args, bl|
+              mid, *args = args
+              app = mid.new(app, *args, &bl)
+              app.freeze if opts[:freeze_middleware]
+            end
+            @app = app
           end
         end
       end

data/lib/roda/plugins/assets.rb

@@ -354,8 +354,8 @@ class Roda
           app.opts[:assets][:orig_opts] = opts
         end
         opts = app.opts[:assets]
-        opts[:path] = File.expand_path(opts[:path]||"assets", app.opts[:root]).freeze
-        opts[:public] = File.expand_path(opts[:public]||"public", app.opts[:root]).freeze
+        opts[:path] = app.expand_path(opts[:path]||"assets").freeze
+        opts[:public] = app.expand_path(opts[:public]||"public").freeze
 
         # Combine multiple values into a path, ignoring trailing slashes
         j = lambda do |*v|

data/lib/roda/plugins/cookies.rb

@@ -9,7 +9,18 @@ class Roda
     #
     #   response.set_cookie('foo', 'bar')
     #   response.delete_cookie('foo')
+    #
+    # Pass a hash of cookie options when loading the plugin to set some
+    # defaults for all cookies upon setting and deleting. This is particularly
+    # useful for configuring the +domain+ and +path+ of all cookies.
+    #
+    #   plugin :cookies, :domain=>'example.com', :path=>'/api'
     module Cookies
+      # Allow setting default cookie options when loading the cookies plugin.
+      def self.configure(app, opts={})
+        app.opts[:cookies_opts] = (app.opts[:cookies_opts]||{}).merge(opts).freeze
+      end
+
       module ResponseMethods
         # Modify the headers to include a Set-Cookie value that
         # deletes the cookie.  A value hash can be provided to
@@ -19,7 +30,7 @@ class Roda
         #   response.delete_cookie('foo')
         #   response.delete_cookie('foo', :domain=>'example.org')
         def delete_cookie(key, value = {})
-          ::Rack::Utils.delete_cookie_header!(@headers, key, value)
+          ::Rack::Utils.delete_cookie_header!(@headers, key, roda_class.opts[:cookies_opts].merge(value))
         end
 
         # Set the cookie with the given key in the headers.
@@ -27,7 +38,8 @@ class Roda
         #   response.set_cookie('foo', 'bar')
         #   response.set_cookie('foo', :value=>'bar', :domain=>'example.org')
         def set_cookie(key, value)
-          ::Rack::Utils.set_cookie_header!(@headers, key, value)
+          value = { :value=>value } unless value.respond_to?(:keys)
+          ::Rack::Utils.set_cookie_header!(@headers, key, roda_class.opts[:cookies_opts].merge(value))
         end
       end
     end

data/lib/roda/plugins/disallow_file_uploads.rb

@@ -0,0 +1,38 @@
+# frozen-string-literal: true
+
+raise LoadError, "disallow_file_uploads plugin not supported on Rack <1.6" if Rack.release < '1.6'
+
+#
+class Roda
+  module RodaPlugins
+    # The disallow_file_uploads plugin raises a Roda::RodaPlugins::DisallowFileUploads::Error
+    # if there is an attempt to upload a file.  This plugin is useful for applications where
+    # multipart file uploads are not expected and you want to remove the ability for rack
+    # to create temporary files.  Example:
+    #
+    #   plugin :disallow_file_uploads
+    #
+    # This plugin is only supported on Rack 1.6+.  This plugin does not technically
+    # block users from uploading files, it only blocks the parsing of request bodies containing
+    # multipart file uploads.  So if you do not call +r.POST+ (or something that calls it such as
+    # +r.params+), then Roda will not attempt to parse the request body, and an exception will not
+    # be raised.
+    module DisallowFileUploads
+      # Exception class used when a multipart file upload is attempted.
+      class Error < RodaError; end
+
+      NO_TEMPFILE = lambda{|_,_| raise Error, "Support for uploading files has been disabled"}
+
+      module RequestMethods
+        # HTML escape the input and return the escaped version.
+        def initialize(_, env)
+          env['rack.multipart.tempfile_factory'] = NO_TEMPFILE
+          super
+        end
+      end
+    end
+
+    register_plugin(:disallow_file_uploads, DisallowFileUploads)
+  end
+end
+

data/lib/roda/plugins/h.rb

@@ -14,23 +14,37 @@ class Roda
     #     h('<foo>')
     #   end
     module H
-      # A Hash of entities and their escaped equivalents,
-      # to be escaped by h().
-      ESCAPE_HTML = {
-        "&" => "&amp;".freeze,
-        "<" => "&lt;".freeze,
-        ">" => "&gt;".freeze,
-        "'" => "&#x27;".freeze,
-        '"' => "&quot;".freeze,
-      }.freeze
+      begin
+        require 'cgi/escape'
+        unless CGI.respond_to?(:escapeHTML) # work around for JRuby 9.1
+          CGI = Object.new
+          CGI.extend(::CGI::Util)
+        end
+
+        module InstanceMethods
+          # HTML escape the input and return the escaped version.
+          def h(string)
+            CGI.escapeHTML(string.to_s)
+          end
+        end
+      rescue LoadError
+        # A Hash of entities and their escaped equivalents,
+        # to be escaped by h().
+        ESCAPE_HTML = {
+          "&" => "&amp;".freeze,
+          "<" => "&lt;".freeze,
+          ">" => "&gt;".freeze,
+          "'" => "&#39;".freeze,
+          '"' => "&quot;".freeze,
+        }.freeze
 
-      # A Regexp of HTML entities to match for escaping.
-      ESCAPE_HTML_PATTERN = Regexp.union(*ESCAPE_HTML.keys)
+        # A Regexp of HTML entities to match for escaping.
+        ESCAPE_HTML_PATTERN = Regexp.union(*ESCAPE_HTML.keys)
 
-      module InstanceMethods
-        # HTML escape the input and return the escaped version.
-        def h(string)
-          string.to_s.gsub(ESCAPE_HTML_PATTERN){|c| ESCAPE_HTML[c] }
+        module InstanceMethods
+          def h(string)
+            string.to_s.gsub(ESCAPE_HTML_PATTERN){|c| ESCAPE_HTML[c] }
+          end
         end
       end
     end

data/lib/roda/plugins/middleware.rb

@@ -35,22 +35,60 @@ class Roda
     #
     # It is possible to use the Roda app as a regular app even when using
     # the middleware plugin.
+    #
+    # You can support configurable middleware by passing a block when loading
+    # the plugin:
+    #
+    #   class Mid < Roda
+    #     plugin :middleware do |middleware, *args, &block|
+    #       middleware.opts[:middleware_args] = args
+    #       block.call(middleware)
+    #     end
+    #
+    #     route do |r|
+    #       r.is "mid" do
+    #         opts[:middleware_args].join(' ')
+    #       end
+    #     end
+    #   end
+    #
+    #   class App < Roda
+    #     use Mid, :foo, :bar do |middleware|
+    #       middleware.opts[:middleware_args] << :baz
+    #     end
+    #   end
+    #
+    #   # Request to App for /mid returns
+    #   # "foo bar baz"
+    #
+    # Note that when supporting configurable middleware via a block, the middleware
+    # used is a subclass of the class loading the plugin, instead of the class itself.
+    # This is done so the same class can be used as middleware with multiple separate
+    # configurations.
     module Middleware
       # Configure the middleware plugin.  Options:
       # :env_var :: Set the environment variable to use to indicate to the roda
       #             application that the current request is a middleware request.
       #             You should only need to override this if you are using multiple
       #             roda middleware in the same application.
-      def self.configure(app, opts={})
+      def self.configure(app, opts={}, &block)
         app.opts[:middleware_env_var] = opts[:env_var] if opts.has_key?(:env_var)
         app.opts[:middleware_env_var] ||= 'roda.forward_next'
+        app.opts[:middleware_configure] = block if block
       end
 
       # Forward instances are what is actually used as middleware.
       class Forwarder
         # Store the current middleware and the next middleware to call.
-        def initialize(mid, app)
-          @mid = mid
+        def initialize(mid, app, *args, &block)
+          @mid = if configure = mid.opts[:middleware_configure]
+            mid = Class.new(mid)
+            configure.call(mid, *args, &block)
+            mid
+          else
+            raise RodaError, "cannot provide middleware args or block unless loading middleware plugin with a block" if block || !args.empty?
+            mid
+          end
           @app = app
         end
 
@@ -76,11 +114,11 @@ class Roda
 
       module ClassMethods
         # Create a Forwarder instead of a new instance if a non-Hash is given.
-        def new(app)
+        def new(app, *args, &block)
           if app.is_a?(Hash)
             super
           else
-            Forwarder.new(self, app)
+            Forwarder.new(self, app, *args, &block)
           end
         end
 

data/lib/roda/plugins/precompile_templates.rb

@@ -71,7 +71,7 @@ class Roda
           compile_opts = if pattern.is_a?(Hash)
             [opts]
           else
-            Dir[pattern].map{|file| opts.merge(:path=>File.expand_path(file))}
+            Dir[pattern].map{|file| opts.merge(:path=>File.expand_path(file, nil))}
           end
 
           instance = allocate

data/lib/roda/plugins/public.rb

@@ -32,7 +32,7 @@ class Roda
       # :headers :: A hash of headers to use for statically served files
       # :root :: Use this option for the root of the public directory (default: "public")
       def self.configure(app, opts={})
-        root =  File.expand_path(opts[:root]||"public", app.opts[:root])
+        root =  app.expand_path(opts[:root]||"public")
         app.opts[:public_server] = ::Rack::File.new(root, opts[:headers]||{}, opts[:default_mime] || 'text/plain')
         app.opts[:public_gzip] = opts[:gzip]
       end

data/lib/roda/plugins/render.rb

@@ -157,6 +157,7 @@ class Roda
       # Setup default rendering options.  See Render for details.
       def self.configure(app, opts=OPTS)
         if app.opts[:render]
+          orig_cache = app.opts[:render][:cache]
           opts = app.opts[:render][:orig_opts].merge(opts)
         end
         app.opts[:render] = opts.dup
@@ -164,12 +165,14 @@ class Roda
 
         opts = app.opts[:render]
         opts[:engine] = (opts[:engine] || opts[:ext] || "erb").dup.freeze
-        opts[:views] = File.expand_path(opts[:views]||"views", app.opts[:root]).freeze
+        opts[:views] = app.expand_path(opts[:views]||"views").freeze
         opts[:allowed_paths] ||= [opts[:views]].freeze
-        opts[:allowed_paths] = opts[:allowed_paths].map{|f| ::File.expand_path(f)}.uniq.freeze
+        opts[:allowed_paths] = opts[:allowed_paths].map{|f| app.expand_path(f, nil)}.uniq.freeze
 
         if opts.fetch(:cache, true)
-          if cache_class = opts[:cache_class]
+          if orig_cache
+            opts[:cache] = orig_cache
+          elsif cache_class = opts[:cache_class]
             opts[:cache] = cache_class.new
           else
             opts[:cache] = app.thread_safe_cache
@@ -396,7 +399,7 @@ class Roda
         def template_path(opts)
           path = "#{opts[:views]}/#{template_name(opts)}.#{opts[:engine]}"
           if opts.fetch(:check_paths){render_opts[:check_paths]}
-            full_path = ::File.expand_path(path)
+            full_path = self.class.expand_path(path)
             unless render_opts[:allowed_paths].any?{|f| full_path.start_with?(f)}
               raise RodaError, "attempt to render path not in allowed_paths: #{path} (allowed: #{render_opts[:allowed_paths].join(', ')})"
             end

data/lib/roda/plugins/static.rb

@@ -30,7 +30,7 @@ class Roda
       def self.configure(app, paths, opts={})
         opts = opts.dup
         opts[:urls] = paths
-        opts[:root] =  File.expand_path(opts[:root]||"public", app.opts[:root])
+        opts[:root] =  app.expand_path(opts[:root]||"public")
         app.use ::Rack::Static, opts
       end
     end

data/lib/roda/plugins/static_routing.rb

@@ -48,6 +48,9 @@ class Roda
     # As shown above, you can use Roda's routing tree methods inside the
     # static_route block to have shared behavior for different request methods,
     # while still having handling the request methods differently.
+    #
+    # Note that if you want to use the static_routing plugin and the hooks
+    # plugin at the same time, you should load the hooks plugin first.
     module StaticRouting
       def self.configure(app)
         app.opts[:static_routes] = {}
@@ -104,12 +107,13 @@ class Roda
       module InstanceMethods
         # If there is a static routing method for the given path, call it
         # instead having the routing tree handle the request.
-        def call
-          r = @_request
-          if route = self.class.static_route_for(r.request_method, r.path_info)
-            catch(:halt){r.static_route(&route)}
-          else
-            super
+        def call(&block)
+          super do |r|
+            if route = self.class.static_route_for(r.request_method, r.path_info)
+              r.static_route(&route)
+            else
+              instance_exec(r, &block)
+            end
           end
         end
       end

data/lib/roda/plugins/strip_path_prefix.rb

@@ -0,0 +1,33 @@
+# frozen-string-literal: true
+
+#
+class Roda
+  module RodaPlugins
+    # The strip_path_prefix plugin makes Roda strip a given prefix off internal absolute paths,
+    # turning them to relative paths.  Roda by default stores internal paths as absolute paths.
+    # The main reason to use this plugin is when the internal absolute path could change at
+    # runtime, either due to a symlink change or chroot call, or you really want to use
+    # relative links instead of absolute links.
+    # 
+    # Examples:
+    #
+    #   plugin :strip_path_prefix # Defaults to Dir.pwd
+    #   plugin :strip_path_prefix, File.dirname(Dir.pwd)
+    module StripPathPrefix
+      # Set the regexp to use when stripping prefixes from internal paths.
+      def self.configure(app, prefix=Dir.pwd)
+        prefix += '/' unless prefix=~ /\/\z/
+        app.opts[:strip_path_prefix] = /\A#{Regexp.escape(prefix)}/
+      end
+
+      module ClassMethods
+        # Strip the path prefix from the gien path if it starts with the prefix.
+        def expand_path(path, root=opts[:root])
+          super.sub(opts[:strip_path_prefix], '')
+        end
+      end
+    end
+
+    register_plugin(:strip_path_prefix, StripPathPrefix)
+  end
+end

data/lib/roda/version.rb

@@ -4,7 +4,7 @@ class Roda
   RodaMajorVersion = 2
 
   # The minor version of Roda, updated for new feature releases of Roda.
-  RodaMinorVersion = 23
+  RodaMinorVersion = 24
 
   # The patch version of Roda, updated only for bug fixes from the last
   # feature release.

data/spec/integration_spec.rb

@@ -54,6 +54,27 @@ describe "integration" do
     body('/hello').must_equal 'D   '
   end
 
+  it "should freeze middleware if opts[:freeze_middleware] is true" do
+    c = Class.new do
+      def initialize(app) @app = app end
+      def call(env) @a = 1; @app.call(env) end
+    end
+
+    app do 
+      "D"
+    end
+
+    body.must_equal 'D'
+
+    app.use c
+    body.must_equal 'D'
+
+    app.clear_middleware!
+    app.opts[:freeze_middleware] = true
+    app.use c
+    proc{body}.must_raise RuntimeError, TypeError
+  end
+
   it "should support adding middleware using use after route block setup" do
     c = @c
     app(:bare) do 

data/spec/plugin/cookies_spec.rb

@@ -22,4 +22,30 @@ describe "cookies plugin" do
     header('Set-Cookie').must_match(/foo=; (max-age=0; )?expires=Thu, 01[ -]Jan[ -]1970 00:00:00 (-0000|GMT)/)
     body.must_equal 'Hello'
   end
+
+  it "should pass default cookie options when setting" do
+    app.plugin :cookies, :path => '/foo'
+    app.route { response.set_cookie("foo", "bar") }
+    header('Set-Cookie').must_equal "foo=bar; path=/foo"
+
+    app.route { response.set_cookie("foo", :value=>"bar", :path=>'/baz') }
+    header('Set-Cookie').must_equal "foo=bar; path=/baz"
+  end
+
+  it "should pass default cookie options when deleting" do
+    app.plugin :cookies, :domain => 'example.com'
+    app.route { response.delete_cookie("foo") }
+    header('Set-Cookie').must_match(/foo=; domain=example.com; (max-age=0; )?expires=Thu, 01[ -]Jan[ -]1970 00:00:00 (-0000|GMT)/)
+
+    app.route { response.delete_cookie("foo", :domain=>'bar.com') }
+    header('Set-Cookie').must_match(/foo=; domain=bar.com; (max-age=0; )?expires=Thu, 01[ -]Jan[ -]1970 00:00:00 (-0000|GMT)/)
+  end
+
+  it "should not override existing default cookie options" do
+    app.plugin :cookies, :path => '/foo'
+    app.plugin :cookies
+    app.route { response.set_cookie("foo", "bar") }
+
+    header('Set-Cookie').must_equal "foo=bar; path=/foo"
+  end
 end

data/spec/plugin/disallow_file_uploads_spec.rb

@@ -0,0 +1,25 @@
+require File.expand_path("spec_helper", File.dirname(File.dirname(__FILE__)))
+
+if Rack.release < '1.6'
+  warn "Rack #{Rack.release} used, skipping disallow_file_uploads plugin test"  
+else
+describe "disallow_file_uploads plugin" do 
+  it "disallows the uploading of files" do
+    app do |r|
+      r['foo'][:tempfile].read
+    end
+
+    request_body = StringIO.new("------WebKitFormBoundarymwHIM9XjTTVHn3YP\r\nContent-Disposition: form-data; name=\"foo\"; filename=\"bar.txt\"\r\nContent-Type: text/plain\r\n\r\nfoo\n\r\n------WebKitFormBoundarymwHIM9XjTTVHn3YP--\r\n")
+
+    h = {
+      'rack.input'=>request_body,
+      'CONTENT_TYPE'=>'multipart/form-data; boundary=----WebKitFormBoundarymwHIM9XjTTVHn3YP',
+      'CONTENT_LENGTH'=>'184',
+      'REQUEST_METHOD'=>'POST'
+    }
+    body(h.dup).must_equal "foo\n"
+    app.plugin :disallow_file_uploads
+    proc{body(h.dup)}.must_raise Roda::RodaPlugins::DisallowFileUploads::Error
+  end
+end
+end

data/spec/plugin/h_spec.rb

@@ -6,6 +6,6 @@ describe "h plugin" do
       h("<form>") + h(:form) + h("test&<>/'")
     end
 
-    body.must_equal '&lt;form&gt;formtest&amp;&lt;&gt;/&#x27;'
+    body.must_equal '&lt;form&gt;formtest&amp;&lt;&gt;/&#39;'
   end
 end

data/spec/plugin/middleware_spec.rb

@@ -57,6 +57,43 @@ describe "middleware plugin" do
     body.must_equal 'a'
   end
 
+  it "should raise error if attempting to use options for Roda application that does not support configurable middleware" do
+    a1 = app(:bare){plugin :middleware}
+    proc{app(:bare){use a1, :foo; route{}; build_rack_app}}.must_raise Roda::RodaError
+    proc{app(:bare){use(a1){}; route{}; build_rack_app}}.must_raise Roda::RodaError
+  end
+
+  it "supports configuring middleware via a block" do
+    a1 = app(:bare) do
+      plugin :middleware do |mid, *args, &block|
+        mid.opts[:a] = args.concat(block.call(:quux)).join(' ')
+      end
+      opts[:a] = 'a1'
+
+      route do |r|
+        r.is 'a' do opts[:a] end
+      end
+    end
+
+    body('/a').must_equal 'a1'
+    
+    app(:bare) do
+      use a1, :foo, :bar do |baz|
+        [baz, :a1]
+      end
+
+      route do
+        'b1'
+      end
+    end
+
+    body.must_equal 'b1'
+    body('/a').must_equal 'foo bar quux a1'
+
+    @app = a1
+    body('/a').must_equal 'a1'
+  end
+
   it "is compatible with the multi_route plugin" do
     app(:bare) do
       plugin :multi_route

data/spec/plugin/render_spec.rb

@@ -499,7 +499,7 @@ describe "render plugin" do
     sc.render_opts[:cache][:foo].must_be_nil
   end
 
-  it "should use same render_opts as superclass when inheriting if :inherit_cache option is used" do
+  it "should use a copy of superclass's cache when inheriting if :inherit_cache option is used" do
     c = Class.new(Roda)
     c.plugin :render, :inherit_cache=>true
     c.render_opts[:cache][:foo] = 1
@@ -510,6 +510,19 @@ describe "render plugin" do
     sc.render_opts[:cache][:foo].must_equal 1
   end
 
+  it "should not modifying existing cache if loading the plugin a separate time" do
+    c = Class.new(Roda)
+    c.plugin :render
+    cache = c.render_opts[:cache]
+    c.plugin :render
+    c.render_opts[:cache].must_be_same_as cache
+
+    c.plugin :render, :cache=>false
+    c.render_opts[:cache].must_equal false
+    c.plugin :render
+    c.render_opts[:cache].must_equal false
+  end
+
   it "render plugin call should not override existing options" do
     c = Class.new(Roda)
     c.plugin :render, :layout=>:foo

data/spec/plugin/static_routing_spec.rb

@@ -46,6 +46,26 @@ describe "static_routing plugin" do
     end
   end
 
+  it "works with hooks plugin if loaded after" do
+    a = []
+    app(:bare) do
+      plugin :hooks
+      plugin :static_routing
+
+      before{a << 1}
+      after{a << 2}
+
+      static_route "/foo" do |r|
+        a << 3
+        "bar"
+      end
+
+      route{}
+    end
+    body('/foo').must_equal 'bar'
+    a.must_equal [1,3,2]
+  end
+
   it "does not allow placeholders in static routes" do
     app(:bare) do
       plugin :static_routing

data/spec/plugin/strip_path_prefix_spec.rb

@@ -0,0 +1,24 @@
+require File.expand_path("spec_helper", File.dirname(File.dirname(__FILE__)))
+
+describe "strip_path_prefix plugin" do 
+  it "strips path prefix when expanding paths" do
+    app(:bare){}
+    abs_dir = app.expand_path('spec')
+
+    app.plugin :strip_path_prefix
+    app.expand_path('spec').must_equal 'spec'
+    File.expand_path(app.expand_path('spec'), Dir.pwd).must_equal abs_dir
+
+    app.expand_path('/foo').must_equal '/foo'
+    app.expand_path('bar', '/foo').must_equal '/foo/bar'
+
+    app.opts[:root] = '/foo'
+    app.expand_path('bar').must_equal '/foo/bar'
+    app.plugin :strip_path_prefix, '/foo'
+    app.expand_path('bar').must_equal 'bar'
+
+    app.opts[:root] = '/foo/bar'
+    app.expand_path('baz').must_equal 'bar/baz'
+  end
+end
+

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: roda
 version: !ruby/object:Gem::Version
-  version: 2.23.0
+  version: 2.24.0
 platform: ruby
 authors:
 - Jeremy Evans
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2017-02-24 00:00:00.000000000 Z
+date: 2017-03-15 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rack
@@ -203,6 +203,7 @@ extra_rdoc_files:
 - doc/release_notes/2.21.0.txt
 - doc/release_notes/2.22.0.txt
 - doc/release_notes/2.23.0.txt
+- doc/release_notes/2.24.0.txt
 files:
 - CHANGELOG
 - MIT-LICENSE
@@ -230,6 +231,7 @@ files:
 - doc/release_notes/2.21.0.txt
 - doc/release_notes/2.22.0.txt
 - doc/release_notes/2.23.0.txt
+- doc/release_notes/2.24.0.txt
 - doc/release_notes/2.3.0.txt
 - doc/release_notes/2.4.0.txt
 - doc/release_notes/2.5.0.txt
@@ -255,6 +257,7 @@ files:
 - lib/roda/plugins/delay_build.rb
 - lib/roda/plugins/delegate.rb
 - lib/roda/plugins/delete_empty_headers.rb
+- lib/roda/plugins/disallow_file_uploads.rb
 - lib/roda/plugins/drop_body.rb
 - lib/roda/plugins/empty_root.rb
 - lib/roda/plugins/environments.rb
@@ -307,6 +310,7 @@ files:
 - lib/roda/plugins/static_routing.rb
 - lib/roda/plugins/status_handler.rb
 - lib/roda/plugins/streaming.rb
+- lib/roda/plugins/strip_path_prefix.rb
 - lib/roda/plugins/symbol_matchers.rb
 - lib/roda/plugins/symbol_status.rb
 - lib/roda/plugins/symbol_views.rb
@@ -343,6 +347,7 @@ files:
 - spec/plugin/delay_build_spec.rb
 - spec/plugin/delegate_spec.rb
 - spec/plugin/delete_empty_headers_spec.rb
+- spec/plugin/disallow_file_uploads_spec.rb
 - spec/plugin/drop_body_spec.rb
 - spec/plugin/empty_root_spec.rb
 - spec/plugin/environments_spec.rb
@@ -394,6 +399,7 @@ files:
 - spec/plugin/static_spec.rb
 - spec/plugin/status_handler_spec.rb
 - spec/plugin/streaming_spec.rb
+- spec/plugin/strip_path_prefix_spec.rb
 - spec/plugin/symbol_matchers_spec.rb
 - spec/plugin/symbol_status_spec.rb
 - spec/plugin/symbol_views_spec.rb