roda 3.80.0 → 3.81.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 0cebe935d536e1f903b212075108ba9cbcade4aa2e8d2abf1c5e0d6e6f539ce8
-  data.tar.gz: 9b0c576aaa36c5a05596c1bc1bec23d3ab0f37c56dc72342bfa962b10442928f
+  metadata.gz: a9d94f31e568bd2774c3e582152f0bcdbffdf3fcd7e5a95241e73b3fd5b7ac3c
+  data.tar.gz: b9ad44642acdbaa0035cbd6ece521ca3432d2e7c23d75a331172ecd6c6288c60
 SHA512:
-  metadata.gz: 0e83d0fe8e1f70bb196ea5f285f7a00590ab1669e4b1d686f859d1e5c65a8e760d1320b345306740d00c7d063f0f6bada1af88433b3b04c6b429f439bb7e2521
-  data.tar.gz: e9b0ffd5b5fb7e976a971f11fbed4f0beb35868dcb7aa70c41c005046a9053cb6c62caf29f669c02cd53e67cd5db51a28076f058824c90a1c1b917a9b7f0f4fb
+  metadata.gz: 1cd64e84b47a1a7a01d9165d16e14d95d2c43287b58f2557d9492a201832c1388157152eab1fd12052c7691e3969e5ce1cb9c0ad706e73ad6de822dcc29e1590
+  data.tar.gz: 86320c603d0c9b90e2c82f16cc5229b76afe66dde5bdbccce9b28ce076e80808a35410098fe0eae5cb3f5b3180b79f4265b3d525e7861a9dd65890315d274fad

data/CHANGELOG

@@ -1,3 +1,11 @@
+= 3.81.0 (2024-06-12)
+
+* Make assets plugin :early_hints option follow Rack 3 SPEC if using Rack 3 (jeremyevans)
+
+* Correctly parse Ruby 3.4 backtraces in exception_page plugin (jeremyevans)
+
+* Support :until and :seconds option in hmac_paths plugin, for paths valid only until a specific time (jeremyevans)
+
 = 3.80.0 (2024-05-10)
 
 * Support :namespace option in hmac_paths plugin, allowing for easy per-user/per-group HMAC paths (jeremyevans)

data/doc/release_notes/3.81.0.txt

@@ -0,0 +1,24 @@
+= New Features
+
+* The hmac_paths plugin now supports :until and :seconds options for
+  hmac_path, to create a path that is only valid for a specific amount of
+  time.  :until sets a specific time that the path will be valid until,
+  and :seconds makes the path only valid for the given number of seconds.
+
+    hmac_path('/widget/1', until: Time.utc(2100))
+    # =>  "/dc8b6e56e4cbe7815df7880d42f0e02956b2e4c49881b6060ceb0e49745a540d/t/4102444800/widget/1"
+
+  Requests for the path after the given time will not be matched by
+  r.hmac_path.
+
+= Other Improvements
+
+* The early_hints plugin now correctly follows the Rack 3 SPEC when
+  using Rack 3.  This was not caught previously because Rack only
+  added official support for early_hints in the last month.
+
+* Ruby 3.4 backtraces are now parsed correctly in the exception_page
+  plugin.
+
+* Some plugins that accept a block no longer issue an unused block
+  warning on Ruby 3.4.

data/lib/roda/plugins/assets.rb

@@ -736,7 +736,9 @@ class Roda
           paths = assets_paths(type)
           if o[:early_hints]
             early_hint_as = ltype == :js ? 'script' : 'style'
-            send_early_hints('Link'=>paths.map{|p| "<#{p}>; rel=preload; as=#{early_hint_as}"}.join("\n"))
+            early_hints = paths.map{|p| "<#{p}>; rel=preload; as=#{early_hint_as}"}
+            early_hints = early_hints.join("\n") if Rack.release < '3'
+            send_early_hints(RodaResponseHeaders::LINK=>early_hints)
           end
           paths.map{|p| "#{tag_start}#{h(p)}#{tag_end}"}.join("\n")
         end

data/lib/roda/plugins/exception_page.rb

@@ -245,7 +245,7 @@ END
 
             frames = exception.backtrace.map.with_index do |line, i|
               frame = {:id=>i}
-              if line =~ /\A(.*?):(\d+)(?::in `(.*)')?\Z/
+              if line =~ /\A(.*?):(\d+)(?::in [`'](.*)')?\Z/
                 filename = frame[:filename] = $1
                 lineno = frame[:lineno] = $2.to_i
                 frame[:function] = $3

data/lib/roda/plugins/filter_common_logger.rb

@@ -21,7 +21,7 @@ class Roda
     #     !request.path.start_with?('/admin/')
     #   end
     module FilterCommonLogger
-      def self.load_dependencies(app)
+      def self.load_dependencies(app, &_)
         app.plugin :common_logger
       end
 

data/lib/roda/plugins/hmac_paths.rb

@@ -112,6 +112,16 @@ class Roda
     # this for POST requests (or other HTTP verbs that can have request bodies), use +r.GET+
     # instead of +r.params+ to specifically check query string parameters.
     #
+    # The generated paths can be timestamped, so that they are only valid until a given time
+    # or for a given number of seconds after they are generated, using the :until or :seconds
+    # options:
+    #
+    #   hmac_path('/widget/1', until: Time.utc(2100))
+    #   # =>  "/dc8b6e56e4cbe7815df7880d42f0e02956b2e4c49881b6060ceb0e49745a540d/t/4102444800/widget/1"
+    #
+    #   hmac_path('/widget/1', seconds: Time.utc(2100).to_i - Time.now.to_i)
+    #   # =>  "/dc8b6e56e4cbe7815df7880d42f0e02956b2e4c49881b6060ceb0e49745a540d/t/4102444800/widget/1"
+    #
     # The :namespace option, if provided, should be a string, and it modifies the generated HMACs
     # to only match those in the same namespace.  This can be used to provide different paths to
     # different users or groups of users.
@@ -190,6 +200,11 @@ class Roda
     #  r.hmac_path('/1', params: {k: 2})
     #  HMAC_hex(HMAC_hex(secret, ''), '/p/1?k=2')
     #
+    # The +:until+ and +:seconds+ option include the timestamp in the HMAC:
+    #
+    #  r.hmac_path('/1', until: Time.utc(2100))
+    #  HMAC_hex(HMAC_hex(secret, ''), '/t/4102444800/1')
+    #
     # If a +:namespace+ option is provided, the original secret used before the +:root+ option is
     # an HMAC of the +:secret+ plugin option and the given namespace.
     # 
@@ -232,6 +247,8 @@ class Roda
         #          the already matched path of the routing tree using r.hmac_path. Defaults
         #          to the empty string, which will returns paths valid for r.hmac_path at
         #          the top level of the routing tree.
+        # :seconds :: Make the given path valid for the given integer number of seconds.
+        # :until :: Make the given path valid until the given Time.
         def hmac_path(path, opts=OPTS)
           unless path.is_a?(String) && path.getbyte(0) == 47
             raise RodaError, "path must be a string starting with /"
@@ -242,6 +259,12 @@ class Roda
             raise RodaError, "root must be empty string or string starting with /"
           end
 
+          if valid_until = opts[:until]
+            valid_until = valid_until.to_i
+          elsif seconds = opts[:seconds]
+            valid_until = Time.now.to_i + seconds
+          end
+
           flags = String.new
           path = path.dup
 
@@ -258,6 +281,11 @@ class Roda
             flags << 'n'
           end
 
+          if valid_until
+            flags << 't'
+            path = "/#{valid_until}#{path}"
+          end
+
           flags << '0' if flags.empty?
           
           hmac_path = if method
@@ -335,7 +363,19 @@ class Roda
                   end
 
                   if hmac_path_valid?(mpath, rpath, submitted_hmac, opts)
-                    always(&block)
+                    if flags.include?('t')
+                      on Integer do |int|
+                        if int >= Time.now.to_i
+                          always(&block)
+                        else
+                          # Return from method without matching
+                          @remaining_path = orig_path
+                          return
+                        end
+                      end
+                    else
+                      always(&block)
+                    end
                   end
                 end
 

data/lib/roda/plugins/indifferent_params.rb

@@ -53,13 +53,10 @@ class Roda
           
           class Params < Rack::QueryParser::Params
             if Rack.release >= '3'
-              # rack main branch compatibility
-              # :nocov:
               if Params < Hash
                 def initialize
                   super(&INDIFFERENT_PROC)
                 end
-              # :nocov:
               else
                 def initialize
                   @size   = 0

data/lib/roda/plugins/not_found.rb

@@ -31,7 +31,7 @@ class Roda
     # still exists mainly for backward compatibility.
     module NotFound
       # Require the status_handler plugin
-      def self.load_dependencies(app)
+      def self.load_dependencies(app, &_)
         app.plugin :status_handler
       end
 

data/lib/roda/plugins/route_csrf.rb

@@ -172,7 +172,7 @@ class Roda
       # a valid CSRF token was not provided.
       class InvalidToken < RodaError; end
 
-      def self.load_dependencies(app, opts=OPTS)
+      def self.load_dependencies(app, opts=OPTS, &_)
         app.plugin :_base64
       end
 

data/lib/roda/plugins/sessions.rb

@@ -476,7 +476,7 @@ class Roda
           serialized_data << json_data
 
           cipher_secret = opts[:cipher_secret]
-          if per_cookie_secret = opts[:per_cookie_cipher_secret]
+          if opts[:per_cookie_cipher_secret]
             version = "\1"
             per_cookie_secret_base = SecureRandom.random_bytes(32)
             cipher_secret = OpenSSL::HMAC.digest(OpenSSL::Digest::SHA256.new, cipher_secret, per_cookie_secret_base)

data/lib/roda/version.rb

@@ -4,7 +4,7 @@ class Roda
   RodaMajorVersion = 3
 
   # The minor version of Roda, updated for new feature releases of Roda.
-  RodaMinorVersion = 80
+  RodaMinorVersion = 81
 
   # The patch version of Roda, updated only for bug fixes from the last
   # feature release.

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: roda
 version: !ruby/object:Gem::Version
-  version: 3.80.0
+  version: 3.81.0
 platform: ruby
 authors:
 - Jeremy Evans
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2024-05-10 00:00:00.000000000 Z
+date: 2024-06-12 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rack
@@ -255,6 +255,7 @@ extra_rdoc_files:
 - doc/release_notes/3.79.0.txt
 - doc/release_notes/3.8.0.txt
 - doc/release_notes/3.80.0.txt
+- doc/release_notes/3.81.0.txt
 - doc/release_notes/3.9.0.txt
 files:
 - CHANGELOG
@@ -342,6 +343,7 @@ files:
 - doc/release_notes/3.79.0.txt
 - doc/release_notes/3.8.0.txt
 - doc/release_notes/3.80.0.txt
+- doc/release_notes/3.81.0.txt
 - doc/release_notes/3.9.0.txt
 - lib/roda.rb
 - lib/roda/cache.rb