tynn 1.0.0.rc2 → 1.0.0.rc3

data/lib/tynn/secure_headers.rb

@@ -1,45 +1,44 @@
 class Tynn
-  # Adds security related HTTP headers.
+  # Public: Adds security related HTTP headers.
   #
-  # ```
-  # require "tynn"
-  # require "tynn/secure_headers"
+  # Examples
   #
-  # Tynn.helpers(Tynn::SecureHeaders)
-  # ```
+  #   require "tynn"
+  #   require "tynn/secure_headers"
+  #
+  #   Tynn.helpers(Tynn::SecureHeaders)
   #
   # This helper applies the following headers:
   #
-  # * **X-Content-Type-Options:** Prevents IE and Chrome from
-  #   [content type sniffing][mime-sniffing].
+  # *X-Content-Type-Options:* <tt>"nosniff"</tt>
+  #
+  # Prevents IE and Chrome from
+  # {content type sniffing}[https://msdn.microsoft.com/library/gg622941(v=vs.85).aspx]
+  #
+  # *X-Frame-Options:* <tt>"SAMEORIGIN"</tt>
+  #
+  # Provides {Clickjacking}[https://www.owasp.org/index.php/Clickjacking]
+  # protection.
   #
-  # * **X-Frame-Options (XFO):** Provides [Clickjacking][clickjacking]
-  #   protection. Check the [X-Frame-Options draft][x-frame-options] for
-  #   more information.
+  # *X-Permitted-Cross-Domain-Policies:* <tt>"none"</tt>
   #
-  # * **X-Permitted-Cross-Domain-Policies:** Restricts Adobe Flash Player's
-  #   access to data. Check this [article][pcdp] for more information.
+  # Restricts Adobe Flash Player's access to data.
   #
-  # * **X-XSS-Protection:** Enables the [XSS][xss] protection filter built
-  #   into IE, Chrome and Safari. This filter is usually enabled by default,
-  #   the use of this header is to re-enable it if it was disabled by the user.
+  # *X-XSS-Protection:* <tt>"1; mode=block"</tt>
   #
-  # [clickjacking]: https://www.owasp.org/index.php/Clickjacking
-  # [mime-sniffing]: https://msdn.microsoft.com/library/gg622941(v=vs.85).aspx
-  # [pcdp]: https://www.adobe.com/devnet/adobe-media-server/articles/cross-domain-xml-for-streaming.html
-  # [x-frame-options]: https://tools.ietf.org/html/draft-ietf-websec-x-frame-options-02
-  # [xss]: https://www.owasp.org/index.php/Cross-site_Scripting_(XSS)
+  # Enables the XSS protection filter built into IE, Chrome and Safari.
+  # This filter is usually enabled by default, the use of this header
+  # is to re-enable it if it was disabled by the user.
   #
   module SecureHeaders
-    HEADERS = {
-      "X-Content-Type-Options" => "nosniff",
-      "X-Frame-Options" => "SAMEORIGIN",
-      "X-Permitted-Cross-Domain-Policies" => "none",
-      "X-XSS-Protection" => "1; mode=block"
-    } # :nodoc:
-
-    def default_headers # :nodoc:
-      return super.merge(HEADERS)
+    # Internal: Sets the default HTTP secure headers.
+    def self.setup(app)
+      app.settings[:default_headers].update(
+        "X-Content-Type-Options" => "nosniff",
+        "X-Frame-Options" => "SAMEORIGIN",
+        "X-Permitted-Cross-Domain-Policies" => "none",
+        "X-XSS-Protection" => "1; mode=block"
+      )
     end
   end
 end

data/lib/tynn/session.rb

@@ -1,87 +1,85 @@
 class Tynn
-  # Adds simple cookie based session management. If a secret token is
-  # given, it signs the cookie data to ensure that it cannot be altered
-  # by unauthorized means.
+  # Public: Adds simple cookie based session management. You can pass a secret
+  # token to sign the cookie data, thus unauthorized means can't alter it.
   #
-  # ```
-  # require "tynn"
-  # require "tynn/session"
+  # Examples
   #
-  # Tynn.helpers(Tynn::Session, secret: "__change_me__")
+  #   require "tynn"
+  #   require "tynn/session"
   #
-  # Tynn.define do
-  #   root do
-  #     res.write(sprintf("hei %s", session[:username]))
-  #   end
+  #   Tynn.helpers(Tynn::Session, secret: "__change_me__")
+  #
+  #   Tynn.define do
+  #     root do
+  #       res.write(sprintf("hei %s", session[:username]))
+  #     end
   #
-  #   on(:username) do |username|
-  #     session[:username] = username
+  #     on(:username) do |username|
+  #       session[:username] = username
+  #     end
   #   end
-  # end
-  # ```
   #
   # The following command generates a cryptographically secure secret ready
   # to use:
   #
-  # ```
-  # $ ruby -r securerandom -e "puts SecureRandom.hex(64)"
-  # ```
+  #   $ ruby -r securerandom -e "puts SecureRandom.hex(64)"
   #
   # It's important to keep the token secret. Knowing the token allows an
   # attacker to tamper the data. So, it's recommended to load the token
   # from the environment.
   #
-  # ```
-  # Tynn.helpers(Tynn::Session, secret: ENV["SESSION_SECRET"])
-  # ```
-  #
-  # Under the hood, Tynn::Session uses the [Rack::Session::Cookie][rack-session]
-  # middleware. Thus, supports all the options available for this middleware.
-  #
-  # * `:key` - the name of the cookie. Defaults to `"rack.session"`.
-  # * `:expire_after` - sets the lifespan of the cookie. If `nil`,
-  #     the cookie will be deleted after the user close the browser.
-  #     Defaults to `nil`.
-  # * `:httponly` - if `true`, sets the [HttpOnly][cookie-httponly] attribute.
-  #   This mitigates the risk of client side scripting accessing the cookie.
-  #   Defaults to `true`.
-  # * `:secure` - if `true`, sets the [Secure][cookie-secure] attribute.
-  #   This tells the browser to only transmit the cookie over HTTPS. Defaults
-  #   to `false`.
-  #
-  # ```
-  # Tynn.helpers(
-  #   Tynn::Session,
-  #   key: "app",
-  #   secret: ENV["SESSION_SECRET"],
-  #   expire_after: 36_000, # seconds
-  #   httponly: true,
-  #   secure: true
-  # )
-  # ```
-  #
-  # [cookie-httponly]: https://www.owasp.org/index.php/Session_Management_Cheat_Sheet#HttpOnly_Attribute
-  # [cookie-secure]: https://www.owasp.org/index.php/Session_Management_Cheat_Sheet#Secure_Attribute
-  # [rack-session]: http://www.rubydoc.info/gems/rack/Rack/Session/Cookie
+  # Examples
+  #
+  #   Tynn.helpers(Tynn::Session, secret: ENV["SESSION_SECRET"])
+  #
+  # Under the hood, Tynn::Session uses the +Rack::Session::Cookie+ middleware.
+  # Thus, supports all the options available for this middleware:
+  #
+  # key          - The name of the cookie. Defaults to <tt>"rack.session"</tt>.
+  #
+  # httponly     - If +true+, sets the +HttpOnly+ flag. This mitigates the
+  #                risk of client side scripting accessing the cookie. Defaults
+  #                to +true+.
+  #
+  # secure       - If +true+, sets the +Secure+ flag. This tells the browser
+  #                to only transmit the cookie over HTTPS. Defaults to `false`.
+  #
+  # expire_after - The lifespan of the cookie. If +nil+, the session cookie
+  #                is temporary and is no retained after the browser is
+  #                closed. Defaults to +nil+.
+  #
+  # Examples
+  #
+  #   Tynn.helpers(
+  #     Tynn::Session,
+  #     key: "app",
+  #     secret: ENV["SESSION_SECRET"],
+  #     expire_after: 36_000, # seconds
+  #     httponly: true,
+  #     secure: true
+  #   )
   #
   module Session
-    RACK_SESSION = "rack.session".freeze # :nodoc:
+    # Internal: Configures Rack::Session::Cookie middleware.
+    def self.setup(app, options = {})
+      defaults = { secure: app.settings[:ssl] }
 
-    def self.setup(app, options = {}) # :nodoc:
-      app.use(Rack::Session::Cookie, options)
+      app.use(Rack::Session::Cookie, defaults.merge(options))
     end
 
-    # Returns the session hash.
-    #
-    # ```
-    # session # => {}
-    #
-    # session[:foo] = "foo"
-    # session[:foo] # => "foo"
-    # ```
-    #
-    def session
-      return env[RACK_SESSION]
+    module InstanceMethods
+      # Public: Returns the session hash.
+      #
+      # Examples
+      #
+      #   session # => {}
+      #
+      #   session[:foo] = "foo"
+      #   session[:foo] # => "foo"
+      #
+      def session
+        return env["rack.session".freeze]
+      end
     end
   end
 end

data/lib/tynn/settings.rb

@@ -0,0 +1,28 @@
+class Tynn
+  module Settings # :nodoc: all
+    def self.deepclone(hash)
+      default_proc, hash.default_proc = hash.default_proc, nil
+
+      return Marshal.load(Marshal.dump(hash))
+    ensure
+      hash.default_proc = default_proc
+    end
+
+    module InstanceMethods # :nodoc: all
+      def settings
+        return self.class.settings
+      end
+    end
+
+    module ClassMethods # :nodoc: all
+      def inherited(subclass)
+        subclass.settings.replace(Tynn::Settings.deepclone(settings))
+        subclass.settings.default_proc = proc { |h, k| h[k] = settings[k] }
+      end
+
+      def settings
+        return @settings ||= {}
+      end
+    end
+  end
+end

data/lib/tynn/static.rb

@@ -1,33 +1,36 @@
 class Tynn
-  # Adds support for static files (javascript files, images, stylesheets, etc).
+  # Public: Adds support for static files (javascript files, images,
+  # stylesheets, etc).
   #
-  # ```
-  # require "tynn"
-  # require "tynn/static"
+  # Examples
   #
-  # Tynn.helpers(Tynn::Static, ["/js", "/css"])
-  # ```
+  #   require "tynn"
+  #   require "tynn/static"
   #
-  # By default, serve all requests beginning with the given paths from the folder
-  # `public` in the current directory (e.g. `public/js/*`, `public/css/*`). You
-  # can change the default by passing the `:root` option.
+  #   Tynn.helpers(Tynn::Static, ["/js", "/css"])
   #
-  # ```
-  # Tynn.helpers(Tynn::Static, ["/js", "/css"], root: "assets")
-  # ```
+  # By default, serves all requests beginning with the given paths from
+  # the folder +public+ in the current directory (e.g. +public/js/*+,
+  # +public/css/*+). You can change the default by passing the +:root+
+  # option.
   #
-  # Under the hood, it uses the [Rack::Static][rack-static] middleware.
-  # Thus, supports all the options available for this middleware.
+  # Examples
   #
-  # ```
-  # Tynn.helpers(Tynn::Static, ["/js", "/css"], index: "index.html")
-  # ```
+  #   Tynn.helpers(Tynn::Static, ["/js", "/css"], root: "assets")
   #
-  # [rack-static]: http://www.rubydoc.info/gems/rack/Rack/Static
+  # Under the hood, it uses the +Rack::Static+ middleware. Thus,
+  # supports all the options available by the middleware. Check
+  # {Rack::Static}[http://www.rubydoc.info/gems/rack/Rack/Static]
+  # for more information.
+  #
+  # Examples
+  #
+  #   Tynn.helpers(Tynn::Static, ["/js", "/css"], index: "index.html")
   #
   module Static
-    def self.setup(app, urls, options = {}) # :nodoc:
-      options = options.dup
+    # Internal: Configures Rack::Static middleware.
+    def self.setup(app, urls, opts = {})
+      options = opts.dup
 
       options[:urls] ||= urls
       options[:root] ||= File.expand_path("public", Dir.pwd)

data/lib/tynn/test.rb

@@ -1,50 +1,49 @@
 require "rack/test"
 
 class Tynn
-  # A simple helper class that uses [rack-test][rack-test] to simulate requests
-  # to your application.
+  # Public: A simple helper class to simulate requests to your application.
   #
-  # ```
-  # require "tynn"
-  # require "tynn/test"
+  # Examples
   #
-  # Tynn.define do
-  #   root do
-  #     res.write("hei")
-  #   end
-  # end
+  #   require "tynn"
+  #   require "tynn/test"
   #
-  # app = Tynn::Test.new
-  # app.get("/")
+  #   Tynn.define do
+  #     root do
+  #       res.write("hei")
+  #     end
+  #   end
   #
-  # 200   == app.res.status # => true
-  # "hei" == app.res.body   # => true
-  # ```
+  #   app = Tynn::Test.new
+  #   app.get("/")
   #
-  # **NOTE:** Tynn doesn't ship with [rack-test][rack-test]. In order to
-  # use this plugin, you need to install it first.
+  #   200   == app.res.status # => true
+  #   "hei" == app.res.body   # => true
   #
-  # [rack-test]: http://rubygems.org/gems/rack-test
+  # In order to use this plugin, you need to install
+  # {rack-test}[https://rubygems.org/gems/rack-test].
   #
   class Test
     include Rack::Test::Methods
 
-    # Instantiates a new Tynn::Test object with the given `application` to test.
+    # Internal: Returns the application class that handles the
+    # mock requests. Required by Rack::Test::Methods.
+    attr_reader :app
+
+    # Public: Initializes a new Tynn::Test object.
     #
-    # ```
-    # class API < Tynn
-    # end
+    # app - The application class to test (default: Tynn).
     #
-    # app = Tynn::Test.new(API)
-    # app.get("/json")
-    # ```
+    # Examples
     #
-    def initialize(application = Tynn)
-      @app = application
-    end
-
-    def app # :nodoc:
-      return @app
+    #   class API < Tynn
+    #   end
+    #
+    #   app = Tynn::Test.new(API)
+    #   app.get("/json")
+    #
+    def initialize(app = Tynn)
+      @app = app
     end
 
     alias_method :res, :last_response

data/lib/tynn/version.rb

@@ -3,6 +3,6 @@ class Tynn # :nodoc: all
     MAJOR_VERSION = 1,
     MINOR_VERSION = 0,
     PATCH_VERSION = 0,
-    PRE_VERSION   = "rc2"
+    PRE_VERSION   = "rc3"
   ].compact.join(".")
 end

data/test/default_headers_test.rb

@@ -0,0 +1,14 @@
+test "default headers" do
+  Tynn.set(:default_headers, "Content-Type" => "text/plain")
+
+  Tynn.define do
+    root do
+      res.write("hei")
+    end
+  end
+
+  app = Tynn::Test.new(Tynn)
+  app.get("/")
+
+  assert_equal "text/plain", app.res.headers["Content-Type"]
+end

data/test/environment_test.rb

@@ -1,31 +1,27 @@
 require_relative "../lib/tynn/environment"
 
-test "default" do
-  Tynn.helpers(Tynn::Environment)
-
-  assert_equal(:development, Tynn.environment)
-end
-
-test "helpers" do
-  Tynn.helpers(Tynn::Environment)
-
-  assert Tynn.development?
-  assert !Tynn.test?
-  assert !Tynn.production?
-end
-
 test "use RACK_ENV by default" do
-  ENV["RACK_ENV"] = "production"
+  begin
+    old, ENV["RACK_ENV"] = ENV["RACK_ENV"], "production"
+
+    Tynn.helpers(Tynn::Environment)
 
-  Tynn.helpers(Tynn::Environment)
+    assert_equal(:production, Tynn.environment)
 
-  assert_equal(:production, Tynn.environment)
+    assert !Tynn.development?
+    assert !Tynn.test?
+    assert Tynn.production?
 
-  ENV.delete("RACK_ENV")
+  ensure
+    ENV["RACK_ENV"] = old
+  end
 end
 
 test "use custom value" do
   Tynn.helpers(Tynn::Environment, env: "development")
 
   assert_equal(:development, Tynn.environment)
+  assert Tynn.development?
+  assert !Tynn.test?
+  assert !Tynn.production?
 end