simple_session 0.2.3 → 0.3.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/Gemfile +1 -0
- data/README.md +5 -2
- data/lib/simple_session/base.rb +34 -26
- data/lib/simple_session/version.rb +1 -1
- data/simple_session.gemspec +6 -3
- metadata +7 -7
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 83dc3c7b1992f0d05a7166de51c41c350e908dad
|
4
|
+
data.tar.gz: 9c562864c93af1b1a23d09de26b469708d017b57
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 7ba09f3c14291e46e361a215e30e6b213a2389d55143491ea98f40106ccc618b15ddaf97f38ea5dc30700feca9b5612bec4b19af431ac22a0c0736a91cf94655
|
7
|
+
data.tar.gz: b20f02781c54a948ffedaddea97ce0994444626cae4dc8b4c126021af67ac4129c834da49eb0f7d436f1fbc9c209c247f483bd320907fe281c2e0c029aa2a87f
|
data/Gemfile
CHANGED
data/README.md
CHANGED
@@ -1,9 +1,12 @@
|
|
1
1
|
# SimpleSession
|
2
2
|

|
3
3
|
|
4
|
+

|
5
|
+
|
4
6
|
This is a drop in replacement for rack session. By default
|
5
|
-
the session cookie is encrypted in AES-256-CBC and requires a secret
|
6
|
-
|
7
|
+
the session cookie is encrypted in AES-256-CBC and requires a secret which is
|
8
|
+
recommended to be kept in an .env file or something similar. The session is also
|
9
|
+
signed with an HMAC signature in a double ended fashion that prevents tampering.
|
7
10
|
|
8
11
|
<a href='#install-sect'><h4>Installation</h4></a>
|
9
12
|
|
data/lib/simple_session/base.rb
CHANGED
@@ -36,10 +36,6 @@ module SimpleSession
|
|
36
36
|
request.cookies[@key] if request
|
37
37
|
end
|
38
38
|
|
39
|
-
def req_options
|
40
|
-
session[:options] if session
|
41
|
-
end
|
42
|
-
|
43
39
|
def new_session_hash
|
44
40
|
{ session_id: SecureRandom.hex(32) }
|
45
41
|
end
|
@@ -64,20 +60,18 @@ module SimpleSession
|
|
64
60
|
[status, headers, body]
|
65
61
|
end
|
66
62
|
|
67
|
-
private
|
68
63
|
def extract_session env
|
69
64
|
begin
|
70
65
|
@request = Rack::Request.new env
|
71
66
|
@session = req_session ? decrypt(req_session) : new_session_hash
|
67
|
+
session.merge!(options_hash)
|
68
|
+
raise ArgumentError, "Unable to decrypt session" unless session
|
72
69
|
|
73
|
-
|
74
|
-
|
75
|
-
|
76
|
-
@session = new_session_hash
|
77
|
-
puts e.message
|
70
|
+
rescue Exception => e
|
71
|
+
@session = new_session_hash.merge!(options_hash)
|
72
|
+
print e.message
|
78
73
|
end
|
79
74
|
|
80
|
-
@options = options_hash
|
81
75
|
end
|
82
76
|
|
83
77
|
def options_hash
|
@@ -87,13 +81,13 @@ module SimpleSession
|
|
87
81
|
|
88
82
|
def load_environment env
|
89
83
|
env[@key] = session.dup
|
90
|
-
env[@options_key] =
|
84
|
+
env[@options_key] = session[:options].dup
|
91
85
|
end
|
92
86
|
|
93
87
|
def add_session headers
|
94
88
|
cookie = Hash.new
|
95
|
-
cookie
|
96
|
-
cookie
|
89
|
+
cookie.merge!(session.fetch(:options, @default_opts))
|
90
|
+
cookie[:value] = encrypt session
|
97
91
|
|
98
92
|
set_cookie_header headers, @key, cookie
|
99
93
|
end
|
@@ -103,21 +97,25 @@ module SimpleSession
|
|
103
97
|
end
|
104
98
|
|
105
99
|
def update_options
|
106
|
-
|
100
|
+
session[:options] = {options: OptionHash.new(request.session_options).opts}
|
107
101
|
end
|
108
102
|
|
109
103
|
def options_changed?
|
110
|
-
request.session_options !=
|
104
|
+
request.session_options != session[:options]
|
111
105
|
end
|
112
106
|
|
113
107
|
def session_changed?
|
114
|
-
request.session !=
|
108
|
+
request.session != session
|
115
109
|
end
|
116
110
|
|
117
111
|
def update_session
|
118
112
|
@session = request.session
|
119
113
|
end
|
120
114
|
|
115
|
+
def signature
|
116
|
+
hmac(cipher_key)
|
117
|
+
end
|
118
|
+
|
121
119
|
def encrypt data
|
122
120
|
# Serialize
|
123
121
|
m = Marshal.dump data
|
@@ -125,19 +123,29 @@ module SimpleSession
|
|
125
123
|
# Cipher
|
126
124
|
c = load_cipher m
|
127
125
|
|
126
|
+
# Sign
|
127
|
+
h = signature + c + signature
|
128
|
+
|
128
129
|
# Encode Base64
|
129
|
-
[
|
130
|
+
[h].pack('m0')
|
130
131
|
end
|
131
132
|
|
132
133
|
def decrypt data
|
133
134
|
# Decode Base64
|
134
|
-
b = data.unpack('
|
135
|
-
|
136
|
-
#
|
137
|
-
|
138
|
-
|
139
|
-
|
140
|
-
|
135
|
+
b = data.unpack('m0').first
|
136
|
+
|
137
|
+
# Parse Signature
|
138
|
+
h1 = b[0, 32]
|
139
|
+
data = b[32..-1]
|
140
|
+
h2 = data.reverse[0, 32].reverse
|
141
|
+
data = data.reverse[32..-1].reverse
|
142
|
+
|
143
|
+
if h1 == signature.to_s && h2 == signature.to_s
|
144
|
+
# Decipher
|
145
|
+
Marshal.load unload_cipher data
|
146
|
+
else
|
147
|
+
raise SecurityError
|
148
|
+
end
|
141
149
|
end
|
142
150
|
|
143
151
|
def digest
|
@@ -171,7 +179,7 @@ module SimpleSession
|
|
171
179
|
end
|
172
180
|
|
173
181
|
def cipher_key
|
174
|
-
hmac("A red, red fox has had three socks but all have holes")
|
182
|
+
hmac("A red, red fox has had three socks but all have holes" + @secret)
|
175
183
|
end
|
176
184
|
|
177
185
|
class OptionHash
|
data/simple_session.gemspec
CHANGED
@@ -9,9 +9,12 @@ Gem::Specification.new do |spec|
|
|
9
9
|
spec.authors = ["hayduke19us"]
|
10
10
|
spec.email = ["hayduke19us@gmail.com"]
|
11
11
|
|
12
|
-
spec.summary = %q{A simple middleware providing rack with
|
13
|
-
|
14
|
-
|
12
|
+
spec.summary = %q{A simple middleware providing rack with an
|
13
|
+
encrypted session cookie.}
|
14
|
+
spec.description = %q{Provides an AES-256-CBC encrypted session cookie signed
|
15
|
+
with and HMAC digest in a double ended manor.
|
16
|
+
Cookie options include max-age, path, domain, http-only,
|
17
|
+
and secure. Honors Rack's
|
15
18
|
methods like session and request.session_options}
|
16
19
|
spec.homepage = "https://github.com/hayduke19us/simple_session"
|
17
20
|
spec.license = "MIT"
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: simple_session
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.
|
4
|
+
version: 0.3.3
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- hayduke19us
|
8
8
|
autorequire:
|
9
9
|
bindir: exe
|
10
10
|
cert_chain: []
|
11
|
-
date: 2015-11-
|
11
|
+
date: 2015-11-19 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: bundler
|
@@ -122,10 +122,10 @@ dependencies:
|
|
122
122
|
- - ">="
|
123
123
|
- !ruby/object:Gem::Version
|
124
124
|
version: '0'
|
125
|
-
description:
|
126
|
-
|
127
|
-
|
128
|
-
|
125
|
+
description: "Provides an AES-256-CBC encrypted session cookie signed\n with
|
126
|
+
and HMAC digest in a double ended manor. \n Cookie options
|
127
|
+
include max-age, path, domain, http-only,\n and secure.
|
128
|
+
Honors Rack's\n methods like session and request.session_options"
|
129
129
|
email:
|
130
130
|
- hayduke19us@gmail.com
|
131
131
|
executables: []
|
@@ -168,5 +168,5 @@ rubyforge_project:
|
|
168
168
|
rubygems_version: 2.4.5
|
169
169
|
signing_key:
|
170
170
|
specification_version: 4
|
171
|
-
summary: A simple middleware providing rack with
|
171
|
+
summary: A simple middleware providing rack with an encrypted session cookie.
|
172
172
|
test_files: []
|