tdiary 4.1.1 → 4.1.2

data/lib/tdiary/application.rb

@@ -7,7 +7,7 @@ require 'tdiary/rack'
 # FIXME too dirty hack :-<
 class CGI
 	def env_table_rack
-		$RACK_ENV
+		$RACK_ENV || ENV
 	end
 
 	alias :env_table_orig :env_table
@@ -27,53 +27,76 @@ module TDiary
 		end
 
 		def initialize( base_dir = '/' )
-			@app = ::Rack::Builder.app {
+			@app = ::Rack::Builder.app do
 				map base_dir do
-					# call extensions setup before the core setup (fixed #442)
-					Application.config.builder_procs.reverse.each do |builder_proc|
-						instance_eval &builder_proc
+					map Application.config.path[:index] do
+						use TDiary::Rack::HtmlAnchor
+						use TDiary::Rack::Static, "public"
+						use TDiary::Rack::ValidRequestPath
+						run TDiary::Dispatcher.index
 					end
+
+					map Application.config.path[:update] do
+						use TDiary::Rack::Auth
+						run TDiary::Dispatcher.update
+					end
+
+					map Application.config.path[:assets] do
+						environment = Sprockets::Environment.new
+						TDiary::Application.config.assets_paths.each {|assets_path|
+							environment.append_path assets_path
+						}
+
+						if Application.config.assets_precompile
+							require 'tdiary/rack/assets/precompile'
+							use TDiary::Rack::Assets::Precompile, environment
+						end
+
+						run environment
+					end	
 				end
-			}
+			end
+			run_plugin_startup_procs
 		end
 
 		def call( env )
-			@app.call( env )
-		end
-	end
-
-	Application.configure do
-		config.builder do
-			map Application.config.path[:index] do
-				use TDiary::Rack::HtmlAnchor
-				use TDiary::Rack::Static, "public"
-				use TDiary::Rack::ValidRequestPath
-				run TDiary::Dispatcher.index
+			begin
+				@app.call( env )
+			rescue Exception => e
+				body = ["#{e.class}: #{e}\n"]
+				body << e.backtrace.join("\n")
+				[500, {'Content-Type' => 'text/plain'}, body]
 			end
+		end
 
-			map Application.config.path[:update] do
-				instance_eval &Application.config.authenticate_proc
-				run TDiary::Dispatcher.update
-			end
+	private
+		def run_plugin_startup_procs
+			# avoid offline mode at CGI.new
+			ARGV.replace([""])
+			cgi = RackCGI.new
 
-			map Application.config.path[:assets] do
-				environment = Sprockets::Environment.new
-				TDiary::Extensions::constants.map {|extension|
-					TDiary::Extensions::const_get( extension ).assets_path
-				}.flatten.uniq.each {|assets_path|
-					environment.append_path assets_path
-				}
+			request = TDiary::Request.new(ENV, cgi)
+			conf = TDiary::Configuration.new(cgi, request)
+			tdiary = TDiary::TDiaryBase.new(cgi, '', conf)
+			io = conf.io_class.new(tdiary)
 
-				if Application.config.assets_precompile
-					require 'tdiary/rack/assets/precompile'
-					use TDiary::Rack::Assets::Precompile, environment
-				end
+			plugin = TDiary::Plugin.new(
+				'conf' => conf,
+				'mode' => 'startup',
+				'diaries' => tdiary.diaries,
+				'cgi' => cgi,
+				'years' => nil,
+				'cache_path' => io.cache_path,
+				'date' => Time.now,
+				'comment' => nil,
+				'last_modified' => Time.now,  # FIXME
+				'logger' => TDiary.logger,
+				# 'debug' => true
+			)
 
-				run environment
-			end
+			# run startup plugin
+			plugin.__send__(:startup_proc, self)
 		end
-
-		config.authenticate TDiary::Rack::Auth::Basic, '.htpasswd'
 	end
 end
 

data/lib/tdiary/cli.rb

@@ -58,7 +58,7 @@ module TDiary
 
 		desc "assets_copy", "copy assets files"
 		def assets_copy
-			require 'tdiary/environment'
+			require 'tdiary'
 			assets_path = File.join(TDiary.server_root, 'public/assets')
 			TDiary::Application.config.assets_paths.each do |path|
 				Dir.glob(File.join(path, '*')).each do |entity|
@@ -96,7 +96,10 @@ module TDiary
 			"bind to the IP"
 		method_option "port", aliases: "p", type: :numeric, default: 19292, banner:
 			"use PORT"
+		method_option "log", aliases: "l", type: :string, banner:
+			"File to redirect output"
 		def server
+			require 'tdiary'
 			require 'tdiary/environment'
 
 			if options[:cgi]
@@ -105,12 +108,13 @@ module TDiary
 					:bind   => options[:bind],
 					:port   => options[:port],
 					:logger => $stderr,
-					:access_log => $stderr,
+					:access_log => options[:log] ? File.open(options[:log], 'a') : $stderr
 				}
 				TDiary::Server.run( opts )
 			elsif
 				# --rack option
 				# Rack::Server reads ARGV as :config, so delete it
+				require 'webrick'
 				ARGV.shift
 				opts = {
 					:environment => ENV['RACK_ENV'] || "development",
@@ -118,9 +122,11 @@ module TDiary
 					:Host        => options[:bind],
 					:Port        => options[:port],
 					:pid         => File.expand_path("tdiary.pid"),
-					:AccessLog   => $stderr,
 					:config      => File.expand_path("config.ru")
 				}
+				if options[:log]
+					opts[:AccessLog] = [[File.open(options[:log], 'a'), WEBrick::AccessLog::CLF]]
+				end
 				::Rack::Server.start( opts )
 			end
 		end

data/lib/tdiary/core_ext.rb

@@ -37,7 +37,7 @@ class String
 	end
 
 	def emojify
-		self.gsub(/:([a-zA-Z0-9_+-]+):/) do |match|
+		self.to_str.gsub(/:([a-zA-Z0-9_+-]+):/) do |match|
 			emoji_alias = $1.downcase
 			emoji_url = %Q[<img src='http://www.emoji-cheat-sheet.com/graphics/emojis/%s.png' width='20' height='20' title='%s' alt='%s' class='emoji' />]
 			if emoji_alias == 'plus1' or emoji_alias == '+1'

data/lib/tdiary/diary_container.rb

@@ -0,0 +1,55 @@
+module TDiary
+	class DiaryContainer
+		# YYYYMMDD
+		def self.find_by_day(conf, date)
+			# date: YYYYMMDD
+			m = date.match(/^(?<year>\d{4})(?<month>\d{2})(?<day>\d{2})$/)
+			raise ArgumentError.new("date must be YYYYMMDD format") unless m
+			new(conf, m[:year], m[:month], m[:day])
+		end
+
+		def self.find_by_month(conf, date)
+			# date: YYYYMM
+			m = date.match(/^(?<year>\d{4})(?<month>\d{2})$/)
+			raise ArgumentError.new("date must be YYYYMM format") unless m
+			new(conf, m[:year], m[:month])
+		end
+
+		def initialize(conf, year, month, day = nil)
+			cgi = FakeCGI.new
+			if year && month && day
+				cgi.params['date'] = ["#{year}#{month}#{day}"]
+				@controller = TDiaryDayWithoutFilter::new(cgi, '', conf)
+			elsif year && month
+				cgi.params['date'] = ["#{year}#{month}"]
+				@controller = TDiaryMonthWithoutFilter::new(cgi, '', conf)
+			else
+				raise StandardError.new
+			end
+		end
+
+		def conf
+			@controller.conf
+		end
+
+		def diaries
+			# Hash of 'YYYYMMDD' => TDiary::Style::WikiDiary
+			@controller.diaries
+		end
+
+		class FakeCGI < CGI
+			def refeter; nil end
+			def user_agent; nil; end
+			def mobile_agent?; nil; end
+			def request_method; 'GET'; end
+		end
+	end
+end
+
+# Local Variables:
+# mode: ruby
+# indent-tabs-mode: t
+# tab-width: 3
+# ruby-indent-level: 3
+# End:
+# vim: ts=3

data/lib/tdiary/environment.rb

@@ -9,6 +9,9 @@ ENV['BUNDLE_GEMFILE'] ||= File.expand_path('../../../Gemfile', __FILE__)
 
 require 'bundler/setup' if File.exist?(ENV['BUNDLE_GEMFILE'])
 
+# FIXME: workaround fix for tainted path from Gemfile.local
+$LOAD_PATH.each{|lp| $LOAD_PATH << $LOAD_PATH.shift.dup.untaint}
+
 if defined?(Bundler)
   env = [:default]
   env << :development if ENV['RACK_ENV'].nil? || ENV['RACK_ENV'].empty?

data/lib/tdiary/plugin/00default.rb

@@ -342,12 +342,13 @@ def default_ogp
 		uri = @conf.index.dup
 		uri[0, 0] = base_url if %r|^https?://|i !~ @conf.index
 		uri.gsub!( %r|/\./|, '/' )
+		image = File.join(uri, "#{theme_url}/ogimage.png")
 		if @mode == 'day' then
 			uri += anchor( @date.strftime( '%Y%m%d' ) )
 		end
 		%Q[<meta content="#{title_tag.gsub(/<[^>]*>/, "")}" property="og:title">
 		<meta content="#{(@mode == 'day') ? 'article' : 'website'}" property="og:type">
-		<meta content="#{h uri}#{h theme_url}/ogimage.png" property="og:image">
+		<meta content="#{h image}" property="og:image">
 		<meta content="#{h uri}" property="og:url">]
 	end
 end
@@ -383,7 +384,7 @@ def script_tag
 	require 'uri'
 	query = script_tag_query_string
 	html = @javascripts.sort.map {|script|
-		if URI(script).scheme
+		if URI(script).scheme or script =~ %r|\A//|
 			%Q|<script src="#{script}" type="text/javascript"></script>|
 		else
 			%Q|<script src="#{js_url}/#{script}#{query}" type="text/javascript"></script>|
@@ -1001,7 +1002,7 @@ end
 # old ruby alert
 #
 def old_ruby_alert
-	if RUBY_VERSION < '1.9' and !@conf['old_ruby_alert.hide']
+	if RUBY_VERSION < '2.0.0' and !@conf['old_ruby_alert.hide']
 		%Q|<div class="alert-warn">
 			<a href="#" class="action-button" id="alert-old-ruby">&times;</a>
 			#{old_ruby_alert_message}

data/lib/tdiary/plugin/05referer.rb

@@ -117,13 +117,15 @@ def referer_update( diary )
 		end
 
 	when 'day'
-		referer_load_current( diary )
-		referer_save_current( diary, @cgi.referer )
-		if latest_day?( diary ) then
-			referer_load_volatile( @referer_volatile )
-		elsif @cgi.referer
-			referer_load_volatile( @referer_volatile )
-			referer_save_volatile( @referer_volatile, @cgi.referer )
+		if diary
+			referer_load_current( diary )
+			referer_save_current( diary, @cgi.referer )
+			if latest_day?( diary ) then
+				referer_load_volatile( @referer_volatile )
+			elsif @cgi.referer
+				referer_load_volatile( @referer_volatile )
+				referer_save_volatile( @referer_volatile, @cgi.referer )
+			end
 		end
 
 	when "edit"

data/lib/tdiary/plugin.rb

@@ -31,6 +31,7 @@ module TDiary
 			@conf_procs = {}
 			@conf_genre_label = {}
 			@content_procs = {}
+			@startup_procs = []
 			@cookies = []
 			@javascripts = []
 			@javascript_setting = []
@@ -337,6 +338,16 @@ module TDiary
 			@content_procs[key].call( date )
 		end
 
+		def add_startup_proc( block = Proc::new )
+			@startup_procs << block
+		end
+
+		def startup_proc( app )
+			@startup_procs.each do |proc|
+				proc.call( app )
+			end
+		end
+
 		def remove_tag( str )
 			str.gsub( /<[^"'<>]*(?:"[^"]*"[^"'<>]*|'[^']*'[^"'<>]*)*(?:>|(?=<)|$)/, '' )
 		end
@@ -344,8 +355,8 @@ module TDiary
 		def apply_plugin( str, remove_tag = false )
 			return '' unless str
 			r = str.dup
-			if @conf.options['apply_plugin'] and str.index( '<%' ) then
-				r = str.untaint if $SAFE < 3
+			if @conf.options['apply_plugin'] and r.index( '<%' ) then
+				r = r.untaint if $SAFE < 3
 				Safe::safe( @conf.secure ? 4 : 1 ) do
 					begin
 						r = ERB::new( r ).result( binding )

data/lib/tdiary/rack/auth/basic.rb

@@ -3,7 +3,7 @@ require 'webrick/httpauth/htpasswd'
 
 module TDiary
 	module Rack
-		module Auth
+		class Auth
 			class PasswordFileNotFound < StandardError; end
 
 			class Basic

data/lib/tdiary/rack/auth/omniauth/authorization.rb

@@ -0,0 +1,64 @@
+require 'omniauth'
+
+module TDiary
+	module Rack
+		class Auth
+			class OmniAuth
+				class Authorization
+					def initialize(app, provider, &block)
+						@app = app
+						@provider = provider
+						@authz = block
+					end
+
+					def call(env)
+						if not authenticate?(env)
+							# phase 1: request phase
+							login(env)
+						elsif env['REQUEST_PATH'].match(%r|auth/#{@provider}/callback|)
+							# phase 2: callback phase
+							callback(env)
+						else
+							# phase 3: authorization phase
+							auth = env['rack.session']['auth']
+							env['REMOTE_USER'] = "#{auth.uid}@#{auth.provider}"
+							return forbidden unless @authz.call(auth)
+							@app.call(env)
+						end
+					end
+
+					def login(env)
+						STDERR.puts "use #{@provider} authentication strategy"
+						req = ::Rack::Request.new(env)
+						env['rack.session']['tdiary.auth.redirect'] = "#{req.base_url}#{req.fullpath}"
+						redirect = File.join("#{req.base_url}#{req.path}", "#{::OmniAuth.config.path_prefix}/#{@provider}")
+						[302, {'Content-Type' => 'text/plain', 'Location' => redirect}, []]
+					end
+
+					def logout(env)
+						env['rack.session']['user_id'] = nil
+					end
+
+					def forbidden
+						[403, {'Content-Type' => 'text/plain'}, ['forbidden']]
+					end
+
+					def callback(env)
+						# reset sesstion to prevend session fixation attack
+						# see: http://www.ipa.go.jp/security/vuln/documents/website_security.pdf (section 1.4)
+						env['rack.session.options'][:renew] = true
+						auth = env['omniauth.auth']
+						env['rack.session']['auth'] = auth
+						env['REMOTE_USER'] = "#{auth.uid}@#{auth.provider}"
+						redirect = env['rack.session']['tdiary.auth.redirect'] || '/'
+						[302, {'Content-Type' => 'text/plain', 'Location' => redirect}, []]
+					end
+
+					def authenticate?(env)
+						env['omniauth.auth'] || env['rack.session']['auth']
+					end
+				end
+			end
+		end
+	end
+end

data/lib/tdiary/rack/auth/omniauth.rb

@@ -1,51 +1,83 @@
 require 'omniauth'
+require 'tdiary/rack/auth/omniauth/authorization'
 
-module TDiary
-	module Rack
-		module Auth
-			class OmniAuth
-				def initialize(app, provider, &block)
-					@app = app
-					@provider = provider
-					@authz = block
-				end
-
-				def call(env)
-					auth = env['rack.session']['auth']
-					return login(env) unless auth
-					env['REMOTE_USER'] = "#{auth.uid}@#{auth.provider}"
-					return forbidden unless @authz.call(auth)
-					@app.call(env)
-				end
-
-				def login(env)
-					env['rack.session']['tdiary.auth.redirect'] =
-						"#{env['REQUEST_PATH']}?#{env['QUERY_STRING']}"
-					redirect = File.join(File.dirname(env['REQUEST_PATH']), "#{::OmniAuth.config.path_prefix}/#{@provider}")
-					[302, {'Content-Type' => 'text/plain', 'Location' => redirect}, []]
-				end
-
-				def logout(env)
-					env['rack.session']['user_id'] = nil
-				end
-
-				def forbidden
-					[403, {'Content-Type' => 'text/plain'}, ['forbidden']]
-				end
-
-				class CallbackHandler
-					def call(env)
-						# reset sesstion to prevend session fixation attack
-						# see: http://www.ipa.go.jp/security/vuln/documents/website_security.pdf (section 1.4)
-						env['rack.session.options'][:renew] = true
-						auth = env['omniauth.auth']
-						env['rack.session']['auth'] = auth
-						env['REMOTE_USER'] = "#{auth.uid}@#{auth.provider}"
-						redirect = env['rack.session']['tdiary.auth.redirect'] || '/'
-						[302, {'Content-Type' => 'text/plain', 'Location' => redirect}, []]
-					end
-				end
-			end
+class TDiary::Rack::Auth::OmniAuth
+	class NoStrategyFoundError < StandardError; end
+	@provider_procs = {}
+
+	class << self
+		attr_reader :provider_procs
+	end
+
+	def self.add_provider(name, &block)
+		@provider_procs[name] = block
+	end
+
+	def initialize(app)
+		provider = enabled_providers.first
+		unless provider
+			raise NoStrategyFoundError.new("Not found any strategies. Write the omniauth strategy in your Gemfile.local.")
+		end
+
+		@builder = ::Rack::Builder.new(app) {
+			use TDiary::Rack::Session
+		}
+		@builder.instance_eval(&self.class.provider_procs[provider])
+	end
+
+	def call(env)
+		@builder.call(env)
+	end
+
+	add_provider(:Twitter) do
+		# https://apps.twitter.com/
+		# https://github.com/arunagw/omniauth-twitter
+		use ::OmniAuth::Builder do
+			provider :twitter, ENV['TWITTER_KEY'], ENV['TWITTER_SECRET']
+		end
+		use TDiary::Rack::Auth::OmniAuth::Authorization, :twitter do |auth|
+			ENV['TWITTER_NAME'].split(/,/).include?(auth.info.nickname)
+		end
+	end
+
+	add_provider(:Facebook) do
+		# https://developers.facebook.com/apps/
+		# https://github.com/mkdynamic/omniauth-facebook
+		use ::OmniAuth::Builder do
+			provider :facebook, ENV['FACEBOOK_KEY'], ENV['FACEBOOK_SECRET']
+		end
+		use TDiary::Rack::Auth::OmniAuth::Authorization, :facebook do |auth|
+			ENV['FACEBOOK_EMAIL'].split(/,/).include?(auth.info.email)
+		end
+	end
+
+	add_provider(:GitHub) do
+		# https://github.com/settings/applications
+		# https://github.com/intridea/omniauth-github
+		use ::OmniAuth::Builder do
+			provider :github, ENV['GITHUB_KEY'], ENV['GITHUB_SECRET']
+		end
+		use TDiary::Rack::Auth::OmniAuth::Authorization, :github do |auth|
+			ENV['GITHUB_NAME'].split(/,/).include?(auth.info.nickname)
+		end
+	end
+
+	add_provider(:GoogleOauth2) do
+		# https://code.google.com/apis/console/
+		# https://github.com/zquestz/omniauth-google-oauth2
+		use ::OmniAuth::Builder do
+			provider :google_oauth2, ENV["GOOGLE_CLIENT_ID"], ENV["GOOGLE_CLIENT_SECRET"]
+		end
+		use TDiary::Rack::Auth::OmniAuth::Authorization, :google_oauth2 do |auth|
+			ENV['GOOGLE_EMAIL'].split(/,/).include?(auth.info.email)
+		end
+	end
+
+private
+
+	def enabled_providers
+		::OmniAuth::Strategies.constants.select do |name|
+			self.class.provider_procs.has_key?(name)
 		end
 	end
 end

data/lib/tdiary/rack/auth.rb

@@ -0,0 +1,20 @@
+module TDiary
+	module Rack
+		class Auth
+			autoload :Basic,         'tdiary/rack/auth/basic'
+			autoload :OmniAuth,      'tdiary/rack/auth/omniauth'
+
+			def initialize(app)
+				if defined? ::OmniAuth
+					@app = TDiary::Rack::Auth::OmniAuth.new(app)
+				else
+					@app = TDiary::Rack::Auth::Basic.new(app, '.htpasswd')
+				end
+			end
+
+			def call(env)
+				@app.call(env)
+			end
+		end
+	end
+end

data/lib/tdiary/rack/session.rb

@@ -0,0 +1,35 @@
+begin
+	require 'rack/session/dalli'
+rescue LoadError
+end
+
+module TDiary
+	module Rack
+		class Session
+			def initialize(app)
+				@app = session_middleware(app)
+			end
+
+			def call(env)
+				@app.call(env)
+			end
+
+		private
+
+			def session_middleware(app)
+				if ::Rack::Session.const_defined? :Dalli
+					::Rack::Session::Dalli.new(
+						app,
+						cache: Dalli::Client.new,
+						expire_after: 2592000
+					)
+				else
+					::Rack::Session::Pool.new(
+						app,
+						expire_after: 2592000
+					)
+				end
+			end
+		end
+	end
+end

data/lib/tdiary/rack.rb

@@ -4,16 +4,13 @@ module TDiary
 	module Rack
 		autoload :HtmlAnchor,       'tdiary/rack/html_anchor'
 		autoload :ValidRequestPath, 'tdiary/rack/valid_request_path'
+		autoload :Session,          'tdiary/rack/session'
 		autoload :Static,           'tdiary/rack/static'
+		autoload :Auth,             'tdiary/rack/auth'
 
 		module Assets
 			autoload :Precompile,    'tdiary/rack/assets/precompile'
 		end
-
-		module Auth
-			autoload :Basic,         'tdiary/rack/auth/basic'
-			autoload :OmniAuth,      'tdiary/rack/auth/omniauth'
-		end
 	end
 end
 

data/lib/tdiary/style.rb

@@ -2,6 +2,7 @@
 
 require 'tdiary/comment_manager'
 require 'tdiary/referer_manager'
+require 'erb'
 
 module TDiary
 	module Style
@@ -46,7 +47,7 @@ module TDiary
 		end
 
 		module BaseDiary
-			include ERB::Util
+			include ::ERB::Util
 			include CommentManager
 			include RefererManager
 

data/lib/tdiary/tasks/assets.rake

@@ -13,7 +13,7 @@ namespace :assets do
 	desc "copy assets files"
 	task :copy do
 		require 'fileutils'
-		assets_path = File.dirname(__FILE__) + '/../../public/assets'
+		assets_path = File.dirname(__FILE__) + '/../../../public/assets'
 
 		FileUtils.mkdir_p assets_path
 		FileList['{js,theme}/*'].each do |file|