tynn 2.0.0.beta3 → 2.0.0.beta4

data/lib/tynn/request.rb

@@ -3,57 +3,15 @@
 require "rack/request"
 
 class Tynn
-  # It provides convenience methods for pulling out information from a request.
-  #
-  #   env = {
-  #     "REQUEST_METHOD" => "GET",
-  #     "QUERY_STRING"   => "q=great",
-  #     # ...
-  #   }
-  #
-  #   req = Tynn::Request.new(env)
-  #
-  #   req.get?   # => true
-  #   req.path   # => "/search"
-  #   req.params # => { "q" => "great" }
-  #
   class Request < Rack::Request
-    # Returns the content length of the request as an integer.
-    #
-    #   req.headers["content-length"]
-    #   # => "20"
-    #
-    #   req.content_length
-    #   # => 20
-    #
     def content_length
       super.to_i
     end
 
-    # Provides access to the request's HTTP headers.
-    #
-    #   req.headers["content-type"] # => "application/json"
-    #   req.headers.fetch("host")   # => "example.org"
-    #   req.headers.key?("https")   # => true
-    #
     def headers
       @headers ||= Headers.new(env)
     end
 
-    # Provides a uniform way to access HTTP headers from the request.
-    #
-    #   headers = Tynn::Request::Headers.new(
-    #     "CONTENT_TYPE" => "appplication/json"
-    #     "HTTP_HOST" => "example.org"
-    #     "HTTPS" => "on"
-    #   )
-    #
-    #   headers["content-type"] # => "application/json"
-    #   headers.fetch("host")   # => "example.org"
-    #   headers.key?("https")   # => true
-    #
-    # This helper class is used by Tynn::Request#headers.
-    #
     class Headers
       CGI_VARIABLES = %w(
         AUTH_TYPE
@@ -74,58 +32,20 @@ class Tynn
         SERVER_PORT
         SERVER_PROTOCOL
         SERVER_SOFTWARE
-      ).freeze # :nodoc:
+      ).freeze
 
-      def initialize(env) # :nodoc:
+      def initialize(env)
         @env = env
       end
 
-      # Returns the value for the given <tt>key</tt> mapped
-      # to the request environment (<tt>req.env</tt>).
-      #
-      #   req.headers["content-type"]
-      #   # => "application/json"
-      #
-      #   req.headers["host"]
-      #   # => "127.0.0.1"
-      #
       def [](key)
         @env[transform_key(key)]
       end
 
-      # Returns the value for the given <tt>key</tt> mapped
-      # to the request environment. If the key is not found
-      # and a optional argument or code block is not provided,
-      # raises a <tt>KeyError</tt> exception. If an optional
-      # argument is provided, then it returns its value. If
-      # a code block is provided, then it will be run and its
-      # result returned.
-      #
-      #   req.headers.fetch("content-type")
-      #   # => "application/json"
-      #
-      #   req.headers.fetch("https")
-      #   # => KeyError: key not found: "HTTPS"
-      #
-      #   req.headers.fetch("https", "")
-      #   # => ""
-      #
-      #   req.headers.fetch("https") { req.headers["x_forwarded_ssl"] }
-      #   # => "on"
-      #
       def fetch(key, *args, &block)
         @env.fetch(transform_key(key), *args, &block)
       end
 
-      # Returns <tt>true</tt> if the given <tt>key</tt> exists in the
-      # request environment. Otherwise, returns <tt>false</tt>.
-      #
-      #   req.headers.key?("content-type")
-      #   # => true
-      #
-      #   req.headers.key?("https")
-      #   # => false
-      #
       def key?(key)
         @env.key?(transform_key(key))
       end

data/lib/tynn/response.rb

@@ -1,135 +1,52 @@
 # frozen_string_literal: true
 
 class Tynn
-  # It provides convenience methods to construct a Rack response.
-  #
-  #   res = Tynn::Response.new
-  #
-  #   res.status = 200
-  #   res.headers["Content-Type"] = "text/plain"
-  #   res.write("hei!")
-  #
-  #   res.finish
-  #   # => [200, { "Content-Type" => "text/plain", "Content-Length" => 4 }, ["hei!"]]
-  #
   class Response
-    # Initializes a new response object. An optional hash of HTTP headers can be
-    # passed.
-    #
-    #   res = Tynn::Response.new("Content-Type" => "text/plain")
-    #
-    #   res.write("hei!")
-    #
-    #   res.finish
-    #   # => [200, { "Content-Type" => "text/plain", "Content-Length" => "4" }, ["hei!"]]
-    #
-    def initialize(headers = {})
-      @status = nil
+    def initialize(status = nil, headers = {}, body = [])
+      @status = status
       @headers = headers
       @body = []
       @length = 0
+
+      body.each { |s| write(s) }
     end
 
-    # Returns the status of the response.
-    #
-    #   res.status # => 200
-    #
     def status
       @status
     end
 
-    # Sets the status of the response.
-    #
-    #   res.status = 200
-    #
     def status=(status)
       @status = status.to_i
     end
 
-    # Returns a hash with the response headers.
-    #
-    #   res.headers
-    #   # => { "Content-Type" => "text/html", "Content-Length" => "42" }
-    #
     def headers
       @headers
     end
 
-    # Returns the body of the response.
-    #
-    #   res.body
-    #   # => []
-    #
-    #   res.write("there is")
-    #   res.write("no try")
-    #
-    #   res.body
-    #   # => ["there is", "no try"]
-    #
     def body
       @body
     end
 
-    # Returns response <tt>Content-Length</tt> header as an integer. If it
-    # is not present, it returns <tt>nil</tt>.
-    #
-    #   res.headers["Content-Length"] # => "42"
-    #   res.content_length            # => 42
-    #
     def content_length
       (c = @headers["Content-Length"]) ? c.to_i : c
     end
 
-    # Returns response <tt>Content-Type</tt> header.
-    #
-    #   res.content_type = "text/html"
-    #   res.content_type # => "text/html"
-    #
     def content_type
       @headers["Content-Type"]
     end
 
-    # Sets response <tt>Content-Type</tt> header to <tt>type</tt>.
-    #
-    #   res.content_type = "text/html"
-    #   res.content_type # => "text/html"
-    #
     def content_type=(type)
       @headers["Content-Type"] = type
     end
 
-    # Returns response <tt>Location</tt> header.
-    #
-    #   res.location = "/users"
-    #   res.location # => "/users"
-    #
     def location
       @headers["Location"]
     end
 
-    # Sets response <tt>Location</tt> header to <tt>url</tt>.
-    #
-    #   res.content_type = "text/html"
-    #   res.content_type # => "text/html"
-    #
     def location=(url)
       @headers["Location"] = url
     end
 
-    # Appends <tt>str</tt> to the response body and updates the
-    # <tt>Content-Length</tt> header.
-    #
-    #   res.body # => []
-    #
-    #   res.write("foo")
-    #   res.write("bar")
-    #
-    #   res.body
-    #   # => ["foo", "bar"]
-    #
-    #   res.headers["Content-Length"]
-    #   # => 6
-    #
     def write(str)
       s = str.to_s
 
@@ -142,43 +59,12 @@ class Tynn
       nil
     end
 
-    # Returns an Array with three elements: the status, headers and body.
-    # If the status is not set, the status is set to <tt>404</tt> if empty body,
-    # otherwise the status is set to <tt>200</tt>.
-    #
-    #   res.status = 200
-    #   res.finish
-    #   # => [200, {}, []]
-    #
-    #   res.status = nil
-    #   res.finish
-    #   # => [404, {}, []]
-    #
-    #   res.status = nil
-    #   res.content_type = "text/html"
-    #   res.write("hei!")
-    #   res.finish
-    #   # => [200, { "Content-Type" => "text/html", "Content-Length" => "4" }, ["hei!"]]
-    #
     def finish
       @status ||= ((@body.empty?) ? 404 : 200)
 
       [@status, @headers, @body]
     end
 
-    # Sets the <tt>Location</tt> header to <tt>url</tt> and updates the status
-    # to <tt>status</tt>. By default, <tt>status</tt> is <tt>302</tt>.
-    #
-    #   res.redirect("/path")
-    #
-    #   res.status   # => 302
-    #   res.location # => "/path"
-    #
-    #   res.redirect("https://google.com", 303)
-    #
-    #   res.status   # => 303
-    #   res.location # => "https://google.com"
-    #
     def redirect(path, status = 302)
       self.status = status
       self.location = path

data/lib/tynn/secure_headers.rb

@@ -1,36 +1,14 @@
 # frozen_string_literal: true
 
 class Tynn
-  # Adds the following security related HTTP headers:
-  #
-  # [X-Content-Type-Options]
-  #   Prevents IE and Chrome from {content type sniffing}[https://msdn.microsoft.com/library/gg622941(v=vs.85).aspx].
-  #   Defaults to <tt>"nosniff"</tt>.
-  #
-  # [X-Frame-Options]
-  #   Provides {Clickjacking}[https://www.owasp.org/index.php/Clickjacking]
-  #   protection. Defaults to <tt>"deny"</tt>.
-  #
-  # [X-XSS-Protection]
-  #   Enables the XSS protection filter built into IE, Chrome and Safari.
-  #   This filter is usually enabled by default, the use of this header is to
-  #   re-enable it if it was turned off by the user. Defaults to <tt>"1; mode=block"</tt>.
-  #
-  # <tt></tt>
-  #
-  #   require "tynn"
-  #   require "tynn/secure_headers"
-  #
-  #   Tynn.plugin(Tynn::SecureHeaders)
-  #
   module SecureHeaders
     HEADERS = {
       "X-Content-Type-Options" => "nosniff",
       "X-Frame-Options" => "deny",
       "X-XSS-Protection" => "1; mode=block"
-    }.freeze # :nodoc:
+    }.freeze
 
-    def self.setup(app) # :nodoc:
+    def self.setup(app)
       app.set!(:default_headers, HEADERS.merge(app.default_headers))
     end
   end

data/lib/tynn/session.rb

@@ -4,94 +4,20 @@ require "rack/session/cookie"
 require_relative "utils"
 
 class Tynn
-  # Adds simple cookie based session management. You can pass a secret
-  # token to sign the cookie data, thus unauthorized means can't alter it.
-  #
-  #   require "tynn"
-  #   require "tynn/session"
-  #
-  #   Tynn.plugin(Tynn::Session, secret: "__change_me_not_secure__")
-  #
-  #   Tynn.define do
-  #     on "login" do
-  #       on post do
-  #         # ...
-  #
-  #         session[:user_id] = user.id
-  #
-  #         res.redirect("/admin")
-  #       end
-  #     end
-  #   end
-  #
-  # The following command generates a cryptographically secure secret ready
-  # to use:
-  #
-  #   $ ruby -r securerandom -e "puts SecureRandom.hex(64)"
-  #
-  # It's important to keep the token secret. Knowing the token allows an
-  # attacker to tamper the data. So, it's recommended to load the token
-  # from the environment.
-  #
-  #   Tynn.plugin(Tynn::Session, secret: ENV["SESSION_SECRET"])
-  #
-  # Under the hood, Tynn::Session uses the <tt>Rack::Session::Cookie</tt>
-  # middleware. Thus, supports all the options available for this middleware:
-  #
-  # [key]
-  #   The name of the cookie. Defaults to <tt>"rack.session"</tt>.
-  #
-  # [httponly]
-  #   If <tt>true</tt>, sets the <tt>HttpOnly</tt> flag. This mitigates the
-  #   risk of client side scripting accessing the cookie. Defaults to <tt>true</tt>.
-  #
-  # [secure]
-  #   If <tt>true</tt>, sets the <tt>Secure</tt> flag. This tells the browser
-  #   to only transmit the cookie over HTTPS. Defaults to <tt>false</tt>.
-  #
-  # [same_site]
-  #   Disables third-party usage for cookies. There are two possible values
-  #   <tt>:Lax</tt> and <tt>:Strict</tt>. In <tt>Strict</tt> mode, the cookie
-  #   is restrain to any cross-site usage; in <tt>Lax</tt> mode, some cross-site
-  #   usage is allowed. Defaults to <tt>:Lax</tt>. If <tt>nil</tt> is passed,
-  #   the flag is not included. Check this article[http://www.sjoerdlangkemper.nl/2016/04/14/preventing-csrf-with-samesite-cookie-attribute/]
-  #   for more information. Supported by Chrome 51+.
-  #
-  # [expire_after]
-  #   The lifespan of the cookie. If <tt>nil</tt>, the session cookie is temporary
-  #   and is no retained after the browser is closed. Defaults to <tt>nil</tt>.
-  #
-  # <tt></tt>
-  #
-  #   Tynn.plugin(
-  #     Tynn::Session,
-  #     key: "app",
-  #     secret: ENV["SESSION_SECRET"],
-  #     expire_after: 36_000, # seconds
-  #     httponly: true,
-  #     secure: true,
-  #     same_site: :Strict
-  #   )
-  #
   module Session
-    SECRET_MIN_LENGTH = 30 # :nodoc:
+    SECRET_MIN_LENGTH = 30
 
-    def self.setup(app, options = {}) # :nodoc:
+    def self.setup(app, options = {})
       secret = options[:secret]
 
       if secret.nil?
-        Tynn::Utils.raise_error(
-          "Secret key is required",
-          error: ArgumentError,
-          tag: :no_secret_key
-        )
+        Tynn::Utils.raise_error("Secret key is required", ArgumentError)
       end
 
       if secret.length < SECRET_MIN_LENGTH
         Tynn::Utils.raise_error(
           "Secret key is shorter than #{ SECRET_MIN_LENGTH } characters",
-          error: ArgumentError,
-          tag: :short_secret_key
+          ArgumentError
         )
       end
 
@@ -103,15 +29,6 @@ class Tynn
     end
 
     module InstanceMethods
-      # Returns the session hash.
-      #
-      #   session
-      #   # => {}
-      #
-      #   session[:foo] = "foo"
-      #   session[:foo]
-      #   # => "foo"
-      #
       def session
         req.session
       end