simple_session 0.1.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: 0b7f7c72b9d113d34ba0692f2088ec4937e1bac0
+  data.tar.gz: 26605252efbf549d4b51f29e3075b897289241f8
+SHA512:
+  metadata.gz: 2ce6cb3733b86fd8b8b2ba6d66d6b2ef41aebdf06d692de9a1a547e5128d96dfb5970e577ee737faab8ca4af962b25fe273f3b0c9d5a5b0f3e5998ad57d7e9ac
+  data.tar.gz: 19078bd164571ef77f2a40d107f2474791a1384e0ab9d00db38126432a75a1bfa69ea0fb2709d09ed5bbb4ae48c36f0acb0e8ed40d39fd2cd6973867d2f12881

data/.gitignore

@@ -0,0 +1,9 @@
+/.bundle/
+/.yardoc
+/Gemfile.lock
+/_yardoc/
+/coverage/
+/doc/
+/pkg/
+/spec/reports/
+/tmp/

data/.travis.yml

@@ -0,0 +1,4 @@
+language: ruby
+rvm:
+  - 2.2.2
+before_install: gem install bundler -v 1.10.6

data/CODE_OF_CONDUCT.md

@@ -0,0 +1,13 @@
+# Contributor Code of Conduct
+
+As contributors and maintainers of this project, we pledge to respect all people who contribute through reporting issues, posting feature requests, updating documentation, submitting pull requests or patches, and other activities.
+
+We are committed to making participation in this project a harassment-free experience for everyone, regardless of level of experience, gender, gender identity and expression, sexual orientation, disability, personal appearance, body size, race, ethnicity, age, or religion.
+
+Examples of unacceptable behavior by participants include the use of sexual language or imagery, derogatory comments or personal attacks, trolling, public or private harassment, insults, or other unprofessional conduct.
+
+Project maintainers have the right and responsibility to remove, edit, or reject comments, commits, code, wiki edits, issues, and other contributions that are not aligned to this Code of Conduct. Project maintainers who do not follow the Code of Conduct may be removed from the project team.
+
+Instances of abusive, harassing, or otherwise unacceptable behavior may be reported by opening an issue or contacting one or more of the project maintainers.
+
+This Code of Conduct is adapted from the [Contributor Covenant](http://contributor-covenant.org), version 1.0.0, available at [http://contributor-covenant.org/version/1/0/0/](http://contributor-covenant.org/version/1/0/0/)

data/Gemfile

@@ -0,0 +1,4 @@
+source 'https://rubygems.org'
+
+# Specify your gem's dependencies in simple_session.gemspec
+gemspec

data/LICENSE.txt

@@ -0,0 +1,21 @@
+The MIT License (MIT)
+
+Copyright (c) 2015 hayduke19us
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.

data/README.md

@@ -0,0 +1,119 @@
+# SimpleSession
+
+This is a drop in replacement for rack session. By default
+the session cookie is encrypted in AES-256-CBC and requires a secret
+which is recommended to be kept in an .env file or something similar. 
+
+<a href='#install-sect'><h4>Installation</h4></a>
+
+<a href='#usage-sect'><h4>Usage</h4></a>
+
+<a href='#overview-sect'><h4>Overview</h4></a>
+
+<a href='#default-sect'><h4>Default Options</h4></a>
+
+	
+<h2 id='install-sect'>Installation</h2>
+
+Add this line to your application's Gemfile:
+
+```ruby
+gem 'simple_session'
+```
+
+And then execute:
+
+    $ bundle
+
+Or install it yourself as:
+
+    $ gem install simple_session
+    
+<h2 id='usage-sect'>Usage</h2>
+Full examples are in the *test/simple_session_test.rb* and 
+*test/simple_app.rb*. It's just a middleware so throw it on top of the stack.
+
+```ruby
+use SimpleSession::Session, secret: 'some secret', expire_after: 7200
+```
+
+<h4 id='overview-sect'>Overview</h4>
+SimpleSession is a simple Middleware that processes the session cookie
+with 5 steps.
+
+1. Extract the session from the request if there is one. If there is no session 
+create a new one that looks like this:
+
+```ruby
+{ session_id: 'some secret id' }
+```
+
+2. Load the session data into the app environment so they are accessible with racks request methods like this:
+
+```ruby
+get '/'
+request.session 
+  session
+  request.session_options
+end
+```
+				
+3. Clear the session if the time has expired and create a new one.
+
+4. Update the options if they have been changed like this.  
+
+```ruby
+# This changes the session to expire one minute after 
+# the current time. 
+get '/'  
+  request.session_options[:expire_after] = 60
+end
+```
+
+5. Create the new session cookie, encrypt it and return the response. 
+
+<h4 id='default-sect'>Default Options</h4>
+
+* secret: nil
+* key: 'rack.session'
+* expire_after: 7200
+
+The following is a simple example. The only **required argument is :secret**.
+
+```ruby
+require 'sinatra'
+require 'simple_session'
+
+class SimpleApp < Sinatra::Base
+
+  use SimpleSession::Session, secret: 'Your Secret'
+
+  get '/signin' do
+	if session[:user_id] 
+	  "Already Signed in"
+	else
+	  session[:user_id] = '!Green3ggsandHam!'
+	  "Id:  #{ session[:user_id] }"
+	end
+  end
+
+end
+```
+
+## Development
+
+After checking out the repo, run `bin/setup` to install dependencies. Then, run `rake test` to run the tests. You can also run `bin/console` for an interactive prompt that will allow you to experiment.
+
+To install this gem onto your local machine, run `bundle exec rake install`. To release a new version, update the version number in `version.rb`, and then run `bundle exec rake release`, which will create a git tag for the version, push git commits and tags, and push the `.gem` file to [rubygems.org](https://rubygems.org).
+
+## Contributing
+
+**Write a test** and go for it.
+
+Bug reports and pull requests are welcome on GitHub at https://github.com/[USERNAME]/simple_session. This project is intended to be a safe, welcoming space for collaboration, and contributors are expected to adhere to the [Contributor Covenant](contributor-covenant.org) code of conduct.
+
+
+## License
+
+The gem is available as open source under the terms of the [MIT License](http://opensource.org/licenses/MIT).
+

data/Rakefile

@@ -0,0 +1,10 @@
+require "bundler/gem_tasks"
+require "rake/testtask"
+
+Rake::TestTask.new(:test) do |t|
+  t.libs << "test"
+  t.libs << "lib"
+  t.test_files = FileList['test/**/*_test.rb']
+end
+
+task :default => :test

data/bin/console

@@ -0,0 +1,14 @@
+#!/usr/bin/env ruby
+
+require "bundler/setup"
+require "simple_session"
+
+# You can add fixtures and/or initialization code here to make experimenting
+# with your gem easier. You can also use a different console, if you like.
+
+# (If you use this, don't forget to add pry to your Gemfile!)
+# require "pry"
+# Pry.start
+
+require "irb"
+IRB.start

data/bin/setup

@@ -0,0 +1,7 @@
+#!/bin/bash
+set -euo pipefail
+IFS=$'\n\t'
+
+bundle install
+
+# Do any other automated setup that you need to do here

data/lib/simple_session/base.rb

@@ -0,0 +1,250 @@
+require 'rack/request'
+require 'securerandom'
+require 'openssl'
+require 'byebug'
+
+module SimpleSession
+
+  class Base
+
+    attr_reader :request, :session
+
+    def initialize app, options = {}
+      @app          = app
+      @key          = options.fetch :key, 'rack.session'
+      @secret       = options[:secret]
+      @cipher_key   = cipher_key
+      @options_key  = options.fetch :options_key, 'rack.session.options'
+      @default_opts = options
+    end
+
+    def req_session
+      request.cookies[@key] if request
+    end
+
+    def req_options
+      session[:options] if session
+    end
+
+    def clear_session
+      @session = new_session_hash
+      @options = {options: OptionHash.new(@default_opts).opts}
+    end
+
+    def time_expired?
+      req_options && req_options[:expire] && req_options[:expire] <= Time.now
+    end
+
+    def new_session_hash
+      { session_id: SecureRandom.hex(32) }
+    end
+
+    def call env
+      # Decrypt request session and store it 
+      extract_session env
+
+      original_opts = @options[:options].dup
+
+      # Process options
+      clear_session if time_expired?
+
+      # Load session into app env
+      load_environment env
+
+      # Pass on request
+      status, headers, body = @app.call env
+
+      # Check session for changes and update options
+      update_options if options_changed? original_opts
+
+      # Encrypt and add session to headers
+      add_session headers
+
+      [status, headers, body]
+    end
+
+    private
+
+    def update_options
+      @options = {options: OptionHash.new(@options[:options]).opts}
+    end
+
+    def options_changed? original
+      original != @options[:options]
+    end
+
+    # If the session is nil create a new one
+    # If the session is unable to be decrypted throw an
+    # error and create a new one.
+    # encrypted data is not allowed in the app env
+    def extract_session env
+      begin
+        @request = Rack::Request.new env
+        @session = req_session ? decrypt(req_session) : new_session_hash
+
+        unless @session
+          raise ArgumentError, "Unable to decrypt session  #{caller[0]}"
+        end
+
+      rescue => e
+        @session = new_session_hash
+        puts e.message
+      end
+
+      @options = options_hash
+    end
+
+    def load_environment env
+      env[@key] = session[:value] || session
+      env[@options_key] = @options[:options]
+    end
+
+    def add_session headers
+      cookie = Hash.new
+      cookie[:value]   = session[:value] || session
+      cookie[:expires] = @options[:options][:expire]
+      set_cookie_header headers, @key, encrypt(cookie.merge!(@options))
+    end
+
+    def set_cookie_header headers, key, cookie
+      Rack::Utils.set_cookie_header! headers, key, cookie
+    end
+
+    def options_hash
+      o = session[:options] || OptionHash.new(@default_opts).opts
+      { options: o }
+    end
+
+    def encrypt data
+      begin
+        if data.is_a? Hash
+          # Serialize
+          m = Marshal.dump data
+
+          # Cipher
+          c = load_cipher m
+
+          # Base64
+          [c].pack('m')
+        else
+          raise ArgumentError, "Internal session data must be a hash"
+        end
+      rescue => e
+        puts e.message
+      end
+    end
+
+    def decrypt data
+      begin
+        if data.is_a? String
+          # Decode Base64
+          b = data.unpack('m').first
+
+          # Decipher
+          c = unload_cipher b
+
+          # Deserialize
+          Marshal.load c
+        else
+          raise ArgumentError, "External session data must be a string."
+        end
+      rescue => e
+        puts e.message
+      end
+    end
+
+    def digest
+      OpenSSL::Digest.new 'sha256', @secret
+    end
+
+    def hmac data
+      OpenSSL::HMAC.digest digest, @key, data
+    end
+
+    def new_cipher
+      OpenSSL::Cipher::AES.new(256, :CBC)
+    end
+
+    def load_cipher marshaled_data
+      cipher = new_cipher
+      cipher.encrypt
+      iv = cipher.random_iv
+      cipher.iv  = iv
+      cipher.key = @cipher_key
+
+      iv + cipher.update(marshaled_data) + cipher.final
+    end
+
+    def unload_cipher data
+      cipher = new_cipher
+      cipher.decrypt
+      cipher.iv  = data[0, 16]
+      cipher.key = @cipher_key
+      cipher.update(data[16..-1]) + cipher.final
+    end
+
+    def cipher_key
+      hmac("A red, red fox has had three socks but all have holes")
+    end
+
+    class OptionHash
+
+      SANITATION = [:key, :secret, :options_key]
+
+      def initialize args
+        @opts = sanitize args.dup
+        process_request_options
+        set_instance_variables
+        create_readers
+      end
+
+      def opts
+        @opts
+      end
+
+      def create_reader name 
+        self.class.send(:define_method, name, &Proc.new)
+      end
+
+      def create_readers
+        @opts.keys.each do |k|
+          create_reader(k) { instance_variable_get "@#{k}"}
+        end
+      end
+
+      def set_instance_variables
+        @opts.each { |k, v| instance_variable_set "@#{k.to_s}", v}
+      end
+
+      def process_request_options
+        begin
+          p_time
+        rescue => e
+          puts e.message
+        end
+      end
+
+      def p_time
+        @opts[:expire_after] ||= default_time
+        @opts[:expire] = Time.now + @opts[:expire_after].to_i if @opts[:expire_after]
+      end
+
+      private
+      def sanitize args
+        dup_args = args
+        SANITATION.each do |key|
+          dup_args.delete(key) if args[key]
+        end
+        dup_args
+      end
+
+      def default_time
+        60 * 60 * 2
+      end
+
+    end
+
+  end
+
+end
+

data/lib/simple_session/version.rb

@@ -0,0 +1,3 @@
+module SimpleSession
+  VERSION = "0.1.0"
+end

data/lib/simple_session.rb

@@ -0,0 +1,24 @@
+require "simple_session/version"
+require "simple_session/base.rb"
+
+# Options 
+# =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
+# key          = options.fetch :key, 'rack.session'
+# secret       = options[:secret]
+# options_key  = options.fetch :options_key, 'rack.session.options'
+
+module SimpleSession
+
+  class Session < Base
+
+    def initalize app, options={}
+      super app, options
+    end
+
+    def call env
+      super env
+    end
+
+  end
+
+end

data/simple_session.gemspec

@@ -0,0 +1,34 @@
+# coding: utf-8
+lib = File.expand_path('../lib', __FILE__)
+$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
+require 'simple_session/version'
+
+Gem::Specification.new do |spec|
+  spec.name          = "simple_session"
+  spec.version       = SimpleSession::VERSION
+  spec.authors       = ["hayduke19us"]
+  spec.email         = ["hayduke19us@gmail.com"]
+
+  spec.summary       = %q{A simple middleware providing rack with a session cookie.}
+  spec.description   = %q{Provides the a light version of racks session options 
+                          and honers rack's naming conventions. HMAC AES-128-CBC 
+                          encryption included}
+  spec.homepage      = "https://github.com/hayduke19us/simple_session"
+  spec.license       = "MIT"
+
+  spec.files         = `git ls-files -z`.split("\x0").reject { |f| f.match(%r{^(test|spec|features)/}) }
+  spec.bindir        = "exe"
+  spec.executables   = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
+  spec.require_paths = ["lib"]
+
+  spec.add_development_dependency "bundler", "~> 1.10"
+  spec.add_development_dependency "rake", "~> 10.0"
+  spec.add_development_dependency "minitest"
+  spec.add_development_dependency "byebug"
+  spec.add_development_dependency "rack-test"
+  spec.add_development_dependency "sinatra"
+  spec.add_development_dependency "timecop"
+  spec.add_development_dependency "minitest-focus"
+
+  spec.add_runtime_dependency "rack"
+end

metadata

@@ -0,0 +1,185 @@
+--- !ruby/object:Gem::Specification
+name: simple_session
+version: !ruby/object:Gem::Version
+  version: 0.1.0
+platform: ruby
+authors:
+- hayduke19us
+autorequire: 
+bindir: exe
+cert_chain: []
+date: 2015-11-10 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: bundler
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.10'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.10'
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '10.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '10.0'
+- !ruby/object:Gem::Dependency
+  name: minitest
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: byebug
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: rack-test
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: sinatra
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: timecop
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: minitest-focus
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: rack
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+description: "Provides the a light version of racks session options \n                          and
+  honers rack's naming conventions. HMAC AES-128-CBC \n                          encryption
+  included"
+email:
+- hayduke19us@gmail.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- ".gitignore"
+- ".travis.yml"
+- CODE_OF_CONDUCT.md
+- Gemfile
+- LICENSE.txt
+- README.md
+- Rakefile
+- bin/console
+- bin/setup
+- lib/simple_session.rb
+- lib/simple_session/base.rb
+- lib/simple_session/version.rb
+- simple_session.gemspec
+homepage: https://github.com/hayduke19us/simple_session
+licenses:
+- MIT
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.4.5
+signing_key: 
+specification_version: 4
+summary: A simple middleware providing rack with a session cookie.
+test_files: []