tina4ruby 3.10.21 → 3.10.24

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (4) hide show
  1. checksums.yaml +4 -4
  2. data/lib/tina4/frond.rb +30 -15
  3. data/lib/tina4/version.rb +1 -1
  4. metadata +1 -1
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 29aa756b32ea3d0051d1b5d26cb8b1312bb77c871fec39fea3e4ce2a8d5c5afd
4
- data.tar.gz: 326553173c9e4753b6b0bf0471729c065d169d62f609c663b0c3400847e889e8
3
+ metadata.gz: 6bbf81019e88de5f456938818de88c5f8219dcb691d647c26d504f6aacdf229a
4
+ data.tar.gz: a0b70c415d26e8727cfec8337fc957a58cb4d4895565bc0c1922ef9ebd2383c8
5
5
  SHA512:
6
- metadata.gz: 2f23cc2b84be7fdc7d7f6b9e21ce400a124a95d51b78e5d5b458313516d4aba930e166fc32120df8c1c6f317df78e3d4937b9722d3459bcfbb00cd2cd7c731c0
7
- data.tar.gz: db8f5ac24ff747c59cb6b93b4877b99ac5790b3234b1f7e360d811fb002bb00618215d32fb2fa1a707108b68257de31dfd937f4c312e41f7b63f8caf65b359e7
6
+ metadata.gz: a10cdebeca708e63aebaa1f75e8d18e1b77429560f42a0bedcec9247792c9ce7451d93a233f4b6c1bdd8865e7ce4bae3440ae33cded8974e8dbcf4cfac060e93
7
+ data.tar.gz: f613505809da1d5d5868e52a368f09a82e7f24905f5f51011b6747d4b45877e4151d5830f45a943764ba84f42d5b76aa40a47284038dafb8d40406164d748570
data/lib/tina4/frond.rb CHANGED
@@ -13,6 +13,7 @@ require "cgi"
13
13
  require "uri"
14
14
  require "date"
15
15
  require "time"
16
+ require "securerandom"
16
17
 
17
18
  module Tina4
18
19
  # Marker class for strings that should not be auto-escaped in Frond.
@@ -196,20 +197,14 @@ module Tina4
196
197
  raise "Template not found: #{path}" unless File.exist?(path)
197
198
 
198
199
  debug_mode = ENV.fetch("TINA4_DEBUG", "").downcase == "true"
199
- cached = @compiled[template]
200
200
 
201
- if cached
202
- if debug_mode
203
- # Dev mode: check if file changed
204
- mtime = File.mtime(path)
205
- if cached[1] == mtime
206
- return execute_cached(cached[0], context)
207
- end
208
- else
209
- # Production: skip mtime check, cache is permanent
210
- return execute_cached(cached[0], context)
211
- end
201
+ unless debug_mode
202
+ # Production: use permanent cache (no filesystem checks)
203
+ cached = @compiled[template]
204
+ return execute_cached(cached[0], context) if cached
212
205
  end
206
+ # Dev mode: skip cache entirely — always re-read and re-tokenize
207
+ # so edits to partials and extended base templates are detected
213
208
 
214
209
  # Cache miss — load, tokenize, cache
215
210
  source = File.read(path, encoding: "utf-8")
@@ -1839,6 +1834,8 @@ module Tina4
1839
1834
 
1840
1835
  def register_builtin_globals
1841
1836
  @globals["form_token"] = ->(descriptor = "") { Frond.generate_form_token(descriptor.to_s) }
1837
+ @globals["formTokenValue"] = ->(descriptor = "") { Frond.generate_form_token_value(descriptor.to_s) }
1838
+ @globals["form_token_value"] = ->(descriptor = "") { Frond.generate_form_token_value(descriptor.to_s) }
1842
1839
  end
1843
1840
 
1844
1841
  # Generate a JWT form token and return a hidden input element.
@@ -1857,11 +1854,19 @@ module Tina4
1857
1854
  attr_accessor :form_token_session_id
1858
1855
  end
1859
1856
 
1860
- def self.generate_form_token(descriptor = "")
1857
+ # Generate a raw JWT form token string.
1858
+ #
1859
+ # @param descriptor [String] Optional string to enrich the token payload.
1860
+ # - Empty: payload is {"type" => "form"}
1861
+ # - "admin_panel": payload is {"type" => "form", "context" => "admin_panel"}
1862
+ # - "checkout|order_123": payload is {"type" => "form", "context" => "checkout", "ref" => "order_123"}
1863
+ #
1864
+ # @return [String] The raw JWT token string.
1865
+ def self.generate_form_jwt(descriptor = "")
1861
1866
  require_relative "log"
1862
1867
  require_relative "auth"
1863
1868
 
1864
- payload = { "type" => "form" }
1869
+ payload = { "type" => "form", "nonce" => SecureRandom.hex(8) }
1865
1870
  if descriptor && !descriptor.empty?
1866
1871
  if descriptor.include?("|")
1867
1872
  parts = descriptor.split("|", 2)
@@ -1878,8 +1883,18 @@ module Tina4
1878
1883
 
1879
1884
  ttl_minutes = (ENV["TINA4_TOKEN_LIMIT"] || "60").to_i
1880
1885
  expires_in = ttl_minutes * 60
1881
- token = Tina4::Auth.create_token(payload, expires_in: expires_in)
1886
+ Tina4::Auth.create_token(payload, expires_in: expires_in)
1887
+ end
1888
+
1889
+ def self.generate_form_token(descriptor = "")
1890
+ token = generate_form_jwt(descriptor)
1882
1891
  Tina4::SafeString.new(%(<input type="hidden" name="formToken" value="#{CGI.escapeHTML(token)}">))
1883
1892
  end
1893
+
1894
+ # Return just the raw JWT form token string (no <input> wrapper).
1895
+ # Registered as both formTokenValue and form_token_value template globals.
1896
+ def self.generate_form_token_value(descriptor = "")
1897
+ Tina4::SafeString.new(generate_form_jwt(descriptor))
1898
+ end
1884
1899
  end
1885
1900
  end
data/lib/tina4/version.rb CHANGED
@@ -1,5 +1,5 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  module Tina4
4
- VERSION = "3.10.21"
4
+ VERSION = "3.10.24"
5
5
  end
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: tina4ruby
3
3
  version: !ruby/object:Gem::Version
4
- version: 3.10.21
4
+ version: 3.10.24
5
5
  platform: ruby
6
6
  authors:
7
7
  - Tina4 Team