strelka 0.0.1.pre.244 → 0.0.1.pre.252

data/lib/strelka/app/sessions.rb

@@ -64,16 +64,18 @@ require 'strelka/httpresponse/session'
 #   # it uses
 #   sessions:
 #     session_class: default
-#     options:
+#
+#   defaultsession:
 #       cookie_name: acme-session
 #
-#   # Load a (hypothetical) Sequel-backed session type and point it
+#   # Use the database-backed session type and point it
 #   # at a database
 #   sessions:
-#     session_class: sequel
-#     options:
-#       db: "postgres://pg.example.com/db01"
-#       table: sessions
+#     session_class: db
+#
+#   dbsession:
+#       connect: "postgres://pg.example.com/db01"
+#       table_name: sessions
 #
 # The +type+ value will be used to look up the class (see Strelka::Session
 # for more information about how this works), and the +options+ section
@@ -97,15 +99,6 @@ module Strelka::App::Sessions
 	run_after :templating, :filters, :parameters
 
 
-	# Default options to pass to the session object
-	DEFAULT_OPTIONS = {}
-
-
-	##
-	# What session class to use (Class object)
-	singleton_attr_writer :session_class
-
-
 	# Class methods and instance variables to add to classes with sessions.
 	module ClassMethods # :nodoc:
 
@@ -132,33 +125,34 @@ module Strelka::App::Sessions
 	end # module ClassMethods
 
 
+	# Default options to pass to the session object
+	CONFIG_DEFAULTS = {
+		session_class: 'default',
+	}
+
 
-	### Get the configured session class (Strelka::Session subclass)
-	def self::session_class
-		@session_class ||= Strelka::Session.get_subclass( :default )
-	end
+	##
+	# What session class to use (String, Symbol, or Class); passed to
+	# Strelka::Session.create.
+	singleton_attr_reader :session_class
 
 
 	### Configurability API -- set up session type and options with values from
 	### the +config+.
 	def self::configure( config=nil )
-		options = DEFAULT_OPTIONS.dup
-
 		# Figure out which session class is going to be used, or choose a default one
 		if config
-			self.session_class = Strelka::Session.get_subclass( config[:session_class] ) if
-				config.key?( :session_class )
-			if config[:options]
-				options.merge!( config[:options] ) do |key, oldval, newval|
-					oldval.merge( newval )
-				end
-			end
+			self.session_class = config[:session_class]
 		else
-			self.session_class = Strelka::Session.get_subclass( :default )
+			self.session_class = CONFIG_DEFAULTS[:session_class]
 		end
 
-		# Configure the session class if it can be
-		self.session_class.configure( options ) if self.session_class.respond_to?( :configure )
+	end
+
+
+	### Get the configured session class (Strelka::Session subclass)
+	def self::session_class=( newclass )
+		@session_class = Strelka::Session.get_subclass( newclass )
 	end
 
 

data/lib/strelka/authprovider/basic.rb

@@ -1,7 +1,7 @@
 # -*- ruby -*-
 # vim: set nosta noet ts=4 sw=4:
 
-require 'loggability'
+require 'openssl'
 require 'configurability'
 
 require 'strelka' unless defined?( Strelka )
@@ -31,17 +31,26 @@ require 'strelka/mixins'
 #       kmurgen: "MZj9+VhZ8C9+aJhmwp+kWBL76Vs="
 #
 class Strelka::AuthProvider::Basic < Strelka::AuthProvider
-	extend Loggability,
-	       Configurability,
+	extend Configurability,
 	       Strelka::MethodUtilities
 	include Strelka::Constants
 
 	# Configurability API - set the section of the config
-	config_key :auth
+	config_key :basicauth
 
+	# Configurability API -- configuration defaults
+	CONFIG_DEFAULTS = {
+		realm: nil,
+		users: {},
+	}
+
+	# The amount of work to do while encrypting -- higher number == more work == less suceptable
+	# to brute-force attacks
+	ENCRYPT_ITERATIONS = 20_000
+
+	# The Digest class to use when encrypting passwords
+	DIGEST_CLASS = OpenSSL::Digest::SHA256
 
-	@users = nil
-	@realm = nil
 
 	##
 	# The Hash of users and their SHA1+Base64'ed passwords
@@ -54,11 +63,12 @@ class Strelka::AuthProvider::Basic < Strelka::AuthProvider
 
 	### Configurability API -- configure the auth provider instance.
 	def self::configure( config=nil )
-		if config
+		if config && config[:realm]
 			self.log.debug "Configuring Basic authprovider: %p" % [ config ]
-			self.realm = config['realm'] if config['realm']
-			self.users = config['users'] if config['users']
+			self.realm = config[:realm]
+			self.users = config[:users]
 		else
+			self.log.warn "No 'basicauth' config section; using the (empty) defaults"
 			self.realm = nil
 			self.users = {}
 		end
@@ -132,4 +142,18 @@ class Strelka::AuthProvider::Basic < Strelka::AuthProvider
 		finish_with( HTTP::AUTH_REQUIRED, "Requires authentication.", www_authenticate: header )
 	end
 
+
+	### (undocumented)
+	def encrypt( pass, salt=nil )
+		salt   ||= OpenSSL::Random.random_bytes( 16 ) #store this with the generated value
+		iter   = ENCRYPT_ITERATIONS
+		digest = DIGEST_CLASS.new
+		len    = digest.digest_length
+
+		value  = OpenSSL::PKCS5.pbkdf2_hmac( pass, salt, iter, len, digest )
+
+		return [ value, salt ].join( ':' )
+	end
+
+
 end # class Strelka::AuthProvider::Basic

data/lib/strelka/authprovider/hostaccess.rb

@@ -45,7 +45,7 @@ class Strelka::AuthProvider::HostAccess < Strelka::AuthProvider
 		self.allowed_netblocks = DEFAULT_ALLOWED_NETBLOCKS
 
 		# Register this instance with Configurability
-		config_key :auth
+		config_key :hostaccess
 	end
 
 

data/lib/strelka/constants.rb

@@ -11,17 +11,6 @@ module Strelka::Constants
 	# Import Mongrel2's constants, too
 	include Mongrel2::Constants
 
-	# The data directory in the project if that exists, otherwise the gem datadir
-	DEFAULT_DATADIR = if ENV['STRELKA_DATADIR']
-			Pathname( ENV['STRELKA_DATADIR'] )
-		elsif File.directory?( 'data/strelka' )
-			Pathname( 'data/strelka' )
-		elsif path = Gem.datadir('strelka')
-			Pathname( path )
-		else
-			raise ScriptError, "can't find the data directory!"
-		end
-
 	# Extend Mongrel2's HTTP constants collection
 	module HTTP
 		include Mongrel2::Constants::HTTP

data/lib/strelka/cookie.rb

@@ -155,7 +155,23 @@ class Strelka::Cookie
 	#################################################################
 
 	### Create a new Strelka::Cookie object with the specified +name+ and
-	### +values+.
+	### +values+. Valid options are:
+	###
+	### [\version]
+	###   The cookie version. 0 (the default) is fine for most uses
+	### [\domain]
+	###   The domain the cookie belongs to.
+	### [\path]
+	###   The path the cookie applies to.
+	### [\secure]
+	###   The cookie's 'secure' flag.
+	### [\expires]
+	###   The cookie's expiration (a Time object). See expires= for valid
+	###   values.
+	### [\max_age]
+	###   The lifetime of the cookie, in seconds.
+	### [\comment]
+	###   Cookie comment; see #comment= for details.
 	def initialize( name, values, options={} )
 		values   = [ values ] unless values.is_a?( Array )
 		@name    = name

data/lib/strelka/httpresponse/negotiation.rb

@@ -334,7 +334,7 @@ module Strelka::HTTPResponse::Negotiation
 			STRINGIFIERS.key?( mimetype ) && !new_body.is_a?( String )
 
 		self.body = new_body
-		self.content_type = mimetype
+		self.content_type = mimetype.dup # :TODO: Why is this frozen?
 		self.status ||= HTTP::OK
 
 		return true

data/lib/strelka/session/db.rb

@@ -15,29 +15,43 @@ require 'strelka/session/default'
 # any database that Sequel supports.  It defaults to non-persistent, in memory Sqlite.
 #
 class Strelka::Session::Db < Strelka::Session::Default
-	extend Loggability,
+	extend Configurability,
 	       Forwardable,
 	       Strelka::MethodUtilities
 
-	# Loggability API -- set up logging under the 'strelka' log host
-	log_to :strelka
 
+	##
+	# Configurability API -- use the 'dbsession' section of the config
+	config_key :dbsession
+
+
+	# Configuration defaults
+	CONFIG_DEFAULTS = {
+		connect: nil,
+		table_name: 'sessions',
+		cookie_name: 'strelka-session',
+		cookie_options: {
+			expires: "+1d",
+		}
+	}
 
 	# Class-instance variables
 	@table_name   = :sessions
 	@db           = nil
 	@dataset      = nil
-	@cookie_options = {
-		:name => 'strelka-session'
-	}
+
 
 	##
 	# The Sequel dataset connection
-	singleton_attr_reader :db
+	singleton_attr_accessor :db
 
 	##
 	# The Sequel dataset for the sessions table
-	singleton_attr_reader :dataset
+	singleton_attr_accessor :dataset
+
+	##
+	# The name of the table to use for storing sessions
+	singleton_attr_accessor :table_name
 
 	##
 	# The configured session cookie parameters
@@ -51,21 +65,31 @@ class Strelka::Session::Db < Strelka::Session::Default
 	### Configure the session class with the given +options+, which should be a
 	### Hash or an object that has a Hash-like interface.
 	###
-	### Valid options:
-	###    cookie     -> A hash that contains valid Strelka::Cookie options
-	###    connect    -> The Sequel connection string
-	###    table_name -> The name of the sessions table
-	def self::configure( options={} )
-		options ||= {}
-
-		self.cookie_options.merge!( options[:cookie] ) if options[:cookie]
-		@table_name      = options[:table_name]  || :sessions
-
-		@db = options[ :connect ].nil? ?
-			 Mongrel2::Config.in_memory_db :
-			 Sequel.connect( options[:connect] )
-		@db.logger = Loggability[ Mongrel2 ].proxy_for( @db )
+	### Valid options (in addition to those ):
+	###
+	### [cookie_name]::
+	###   The name of the cookie to use for the session ID
+	### [cookie_options]::
+	###   Options to pass to Strelka::Cookie's constructor.
+	### [connect]::
+	###   The Sequel connection string; if nil, an in-memory DB will be used.
+	### [table_name]::
+	###   The name of the sessions table. Defaults to 'sessions'.
+	def self::configure( options=nil )
+		super
+
+		if options
+			self.table_name = options[:table_name]
+			self.db = options[ :connect ].nil? ?
+				 Mongrel2::Config.in_memory_db :
+				 Sequel.connect( options[:connect] )
+		else
+			self.table_name = CONFIG_DEFAULTS[:table_name]
+			self.db = Mongrel2::Config.in_memory_db
+		end
 
+		self.db.logger = Loggability[ Mongrel2 ].proxy_for( self.db )
+		self.db.sql_log_level = :debug
 		self.initialize_sessions_table
 	end
 
@@ -74,12 +98,12 @@ class Strelka::Session::Db < Strelka::Session::Default
 	### attribute to a Sequel dataset on the configured DB table.
 	###
 	def self::initialize_sessions_table
-		if self.db.table_exists?( @table_name )
+		if self.db.table_exists?( self.table_name )
 			self.log.debug "Using existing sessions table for %p" % [ db ]
 
 		else
 			self.log.debug "Creating new sessions table for %p" % [ db ]
-			self.db.create_table( @table_name ) do
+			self.db.create_table( self.table_name ) do
 				text :session_id, :index => true
 				text :session
 				timestamp :created
@@ -88,7 +112,7 @@ class Strelka::Session::Db < Strelka::Session::Default
 			end
 		end
 
-		@dataset = self.db[ @table_name ]
+		self.dataset = self.db[ self.table_name.to_sym ]
 	end
 
 

data/lib/strelka/session/default.rb

@@ -12,45 +12,64 @@ require 'strelka/session'
 require 'strelka/mixins'
 
 # Default session class -- simple in-memory, cookie-based base-bones session.
-#
-# == Hash Interface
-#
-# The following methods are delegated to the inner Hash via the #namespaced_hash method:
-# #[], #[]=, #delete, #key?
 class Strelka::Session::Default < Strelka::Session
-	extend Loggability,
+	extend Configurability,
 	       Forwardable,
 	       Strelka::MethodUtilities,
 	       Strelka::Delegation
 	include Strelka::DataUtilities
 
+
+	##
+	# Configurability API -- use the 'defaultsession' section of the config
+	config_key :defaultsession
+
 	# Default configuration
-	DEFAULT_COOKIE_OPTIONS = {
-		:name => 'strelka-session'
+	CONFIG_DEFAULTS = {
+		cookie_name: 'strelka-session',
+		cookie_options: {
+			expires: "+1d",
+		}
 	}.freeze
 
 
 	# Class-instance variables
-	@cookie_options = DEFAULT_COOKIE_OPTIONS.dup
-	@sessions = {}
+	@sessions       = {}
+	@cookie_name    = CONFIG_DEFAULTS[:cookie_name]
+	@cookie_options = {}
 
 	##
 	# In-memory session store
 	singleton_attr_reader :sessions
 
 	##
-	# The configured session cookie parameters
+	# The name of the session cookie
+	singleton_attr_accessor :cookie_name
+
+	##
+	# Session cookie options; see {Strelka::Cookie}[rdoc-ref://Strelka::Cookie.new]
+	# for available options.
 	singleton_attr_accessor :cookie_options
 
 
 	### Configure the session class with the given +options+, which should be a
-	### Hash or an object that has a Hash-like interface. Sets cookie options
-	### for the session if the +:cookie+ key is set.
-	def self::configure( options=nil )
-		if options
-			self.cookie_options.merge!( options[:cookie] ) if options[:cookie]
+	### Hash or an object that has a Hash-like interface.
+	###
+	### Valid keys:
+	###
+	### [\cookie_name]
+	###   The name of the cookie that will be used for persisting the session key.
+	### [\cookie_options]
+	###   A hash of options for the session cookie; see
+	###   {Strelka::Cookie}[rdoc-ref://Strelka::Cookie.new]
+	###   for available options.
+	def self::configure( config=nil )
+		if config
+			self.cookie_name = config[:cookie_name]
+			self.cookie_options = config[:cookie_options]
 		else
-			self.cookie_options = DEFAULT_COOKIE_OPTIONS.dup
+			self.cookie_name = CONFIG_DEFAULTS[:cookie_name]
+			self.cookie_options = CONFIG_DEFAULTS[:cookie_options].dup
 		end
 	end
 
@@ -77,7 +96,7 @@ class Strelka::Session::Default < Strelka::Session
 	### Try to fetch a session ID from the specified +request+, returning +nil+
 	### if there isn't one.
 	def self::get_existing_session_id( request )
-		cookie = request.cookies[ self.cookie_options[:name] ] or return nil
+		cookie = request.cookies[ self.cookie_name ] or return nil
 
 		if cookie.value =~ /^([[:xdigit:]]+)$/i
 			return $1.untaint
@@ -141,6 +160,7 @@ class Strelka::Session::Default < Strelka::Session
 	# to the application.
 	attr_reader :namespace
 
+	##
 	# Delegate Hash methods to whichever Hash is the current namespace
 	def_method_delegators :namespaced_hash, :[], :[]=, :delete, :key?
 
@@ -160,7 +180,7 @@ class Strelka::Session::Default < Strelka::Session
 		self.log.debug "Adding session cookie to the request."
 
 		session_cookie = Strelka::Cookie.new(
-			self.class.cookie_options[ :name ],
+			self.class.cookie_name,
 			self.session_id,
 			self.class.cookie_options
 		)