tynn 2.0.0.beta3 → 2.0.0.beta4

data/lib/tynn/ssl.rb

@@ -3,74 +3,12 @@
 require_relative "request"
 
 class Tynn
-  # Enforces secure HTTP requests by:
-  #
-  # 1. Redirecting HTTP requests to their HTTPS counterparts.
-  #
-  # 2. Setting the HTTP <tt>Strict-Transport-Security</tt> header (HSTS).
-  #    This ensures the browser never visits the http version of a website.
-  #    This reduces the impact of leaking session data through cookies
-  #    and external links, and defends against Man-in-the-middle attacks.
-  #
-  # 3. Setting the <tt>secure</tt> flag on cookies. This tells the browser to
-  #    only transmit them over HTTPS.
-  #
-  # You can configure HSTS passing through the <tt>:hsts</tt> option.
-  # The following options are supported:
-  #
-  # [expires]
-  #   The time, in seconds, that the browser access the site only by HTTPS.
-  #   Defaults to 180 days.
-  #
-  # [subdomains]
-  #   If this is <tt>true</tt>, the rule applies to all the site's subdomains as
-  #   well. Defaults to <tt>true</tt>.
-  #
-  # [preload]
-  #   A limitation of HSTS is that the initial request remains unprotected if it
-  #   uses HTTP. The same applies to the first request after the activity period
-  #   specified by <tt>max-age</tt>. Modern browsers implements a "HSTS preload
-  #   list", which contains known sites supporting HSTS. If you would like to
-  #   include your website into the list, set this option to <tt>true</tt> and
-  #   submit your domain to this form[https://hstspreload.appspot.com/].
-  #   Supported by Chrome, Firefox, IE11+ and IE Edge.
-  #
-  # To disable HSTS, you will need to tell the browser to expire it immediately.
-  # Setting <tt>hsts: false</tt> is a shortcut for <tt>hsts: { expires: 0 }</tt>.
-  #
-  #   require "tynn"
-  #   require "tynn/ssl"
-  #   require "tynn/test"
-  #
-  #   Tynn.plugin(Tynn::SSL)
-  #
-  #   Tynn.define { }
-  #
-  #   app = Tynn::Test.new
-  #   app.get("/", {}, "HTTP_HOST" => "tynn.xyz")
-  #
-  #   app.res.status   # => 301
-  #   app.res.location # => "https://tynn.xyz/"
-  #
-  #   # Using different HSTS options
-  #   Tynn.plugin(
-  #     Tynn::SSL,
-  #     hsts: {
-  #       expires: 31_536_000,
-  #       includeSubdomains: false,
-  #       preload: true
-  #     }
-  #   )
-  #
-  #   # Disabling HSTS
-  #   Tynn.plugin(Tynn::SSL, hsts: false)
-  #
   module SSL
-    def self.setup(app, hsts: {}) # :nodoc:
+    def self.setup(app, hsts: {})
       app.use(Tynn::SSL::Middleware, hsts: hsts)
     end
 
-    class Middleware # :nodoc:
+    class Middleware
       HSTS_MAX_AGE = 15_552_000 # 180 days
 
       def initialize(app, hsts: {})
@@ -86,7 +24,7 @@ class Tynn
         @app.call(env).tap do |_, headers, _|
           set_hsts_header!(headers)
 
-          flag_cookies_as_secure!(headers)
+          set_secure_flag!(headers)
         end
       end
 
@@ -115,13 +53,16 @@ class Tynn
         headers["Strict-Transport-Security"] ||= @hsts_header
       end
 
-      def flag_cookies_as_secure!(headers)
-        return unless cookies = headers["Set-Cookie"]
+      def set_secure_flag!(headers)
+        return unless header = headers["Set-Cookie"]
 
-        headers["Set-Cookie"] = cookies.split("\n").map do |cookie|
-          cookie << "; secure" if cookie !~ /;\s*secure\s*(;|$)/i
-          cookie
-        end.join("\n")
+        cookies = header.split("\n")
+
+        cookies.each do |c|
+          c << "; secure" if c !~ /;\s*secure\s*(;|$)/i
+        end
+
+        headers["Set-Cookie"] = cookies.join("\n")
       end
     end
   end

data/lib/tynn/static.rb

@@ -3,26 +3,8 @@
 require "rack/static"
 
 class Tynn
-  # Serves static files (javascript files, images, stylesheets, etc).
-  #
-  # By default, these files are served from the <tt>./public</tt> folder.
-  # A different location can be specified through the <tt>:root</tt> option.
-  #
-  # Under the hood, it uses the Rack::Static middleware.
-  # Thus, supports all the options available by the middleware.
-  #
-  #   require "tynn"
-  #   require "tynn/static"
-  #
-  #   Tynn.plugin(Tynn::Static, ["/js", "/css"])
-  #   Tynn.plugin(Tynn::Static, ["/js", "/css"], root: "assets")
-  #   Tynn.plugin(Tynn::Static, ["/js", "/css"], index: "index.html")
-  #
-  # For more information on the supported options, please see
-  # Rack::Static[http://www.rubydoc.info/gems/rack/Rack/Static].
-  #
   module Static
-    def self.setup(app, urls, opts = {}) # :nodoc:
+    def self.setup(app, urls, opts = {})
       options = opts.dup
 
       options[:urls] ||= urls

data/lib/tynn/test.rb

@@ -1,160 +1,46 @@
 # frozen_string_literal: true
 
 class Tynn
-  # A simple helper class to simulate requests to the application.
-  #
-  #   require "tynn"
-  #   require "tynn/test"
-  #
-  #   Tynn.define do
-  #     on get do
-  #       res.write("Hei!")
-  #     end
-  #   end
-  #
-  #   ts = Tynn::Test.new
-  #   ts.get("/")
-  #
-  #   ts.res.status    # => 200
-  #   ts.res.body.join # => "Hei!"
-  #
   class Test
-    attr_reader :app # :nodoc:
+    attr_reader :app
 
-    # Initializes a new Tynn::Test object.
-    #
-    #   class API < Tynn
-    #   end
-    #
-    #   ts = Tynn::Test.new(API)
-    #   ts.get("/user.json")
-    #
     def initialize(app = Tynn)
       @app = app
     end
 
-    # This module provides the Tynn::Test API methods. If the stand-alone
-    # version is not preferred, this module can be integrated into the
-    # testing environment. The following example uses Minitest:
-    #
-    #   class HomeTest < Minitest::Test
-    #     include Tynn::Test::Methods
-    #
-    #     def app
-    #       return Tynn
-    #     end
-    #
-    #     def test_home
-    #       get("/")
-    #
-    #       assert_equal 200, res.status
-    #     end
-    #   end
-    #
     module Methods
-      # If a request has been issued, returns an instance of Tynn::Request.
-      # Otherwise, returns <tt>nil</tt>.
-      #
-      #   ts = Tynn::Test.new
-      #   ts.get("/", { foo: "foo" }, { "HTTP_USER_AGENT" => "Tynn::Test" })
-      #
-      #   ts.req.get?
-      #   # => true
-      #
-      #   ts.req.params["foo"]
-      #   # => "foo"
-      #
-      #   ts.req.env["HTTP_USER_AGENT"]
-      #   # => "Tynn::Test"
-      #
       def req
         @__req
       end
 
-      # If a request has been issued, returns an instance of Tynn::Response
-      # Otherwise, returns <tt>nil</tt>.
-      #
-      #   ts = Tynn::Test.new
-      #   ts.get("/", name: "Jane")
-      #
-      #   ts.res.status
-      #   # => 200
-      #
-      #   ts.res.body.join
-      #   # => "Hello Jane!"
-      #
-      #   ts.res.headers["Content-Type"]
-      #   # => "text/html"
-      #
       def res
         @__res
       end
 
-      # Issues a <tt>GET</tt> request.
-      #
-      # [path]   A request path.
-      # [params] A Hash of query/post parameters, a String request body,
-      #          or <tt>nil</tt>.
-      # [env]    A Hash of Rack environment values.
-      #
-      #   ts = Tynn::Test.new
-      #   ts.get("/search", name: "jane")
-      #   ts.get("/cart", {}, { "HTTPS" => "on" })
-      #
       def get(path, params = {}, env = {})
         request(path, env.merge(method: "GET", params: params))
       end
 
-      # Issues a <tt>POST</tt> request. See #get for more information.
-      #
-      #   ts = Tynn::Test.new
-      #   ts.post("/signup", username: "janedoe", password: "secret")
-      #
       def post(path, params = {}, env = {})
         request(path, env.merge(method: "POST", params: params))
       end
 
-      # Issues a <tt>PUT</tt> request. See #get for more information.
-      #
-      #   ts = Tynn::Test.new
-      #   ts.put("/users/1", username: "johndoe", name: "John")
-      #
       def put(path, params = {}, env = {})
         request(path, env.merge(method: "PUT", params: params))
       end
 
-      # Issues a <tt>PATCH</tt> request. See #get for more information.
-      #
-      #   ts = Tynn::Test.new
-      #   ts.patch("/users/1", username: "janedoe")
-      #
       def patch(path, params = {}, env = {})
         request(path, env.merge(method: "PATCH", params: params))
       end
 
-      # Issues a <tt>DELETE</tt> request. See #get for more information.
-      #
-      #   ts = Tynn::Test.new
-      #   ts.delete("/users/1")
-      #
       def delete(path, params = {}, env = {})
         request(path, env.merge(method: "DELETE", params: params))
       end
 
-      # Issues a <tt>HEAD</tt> request. See #get for more information.
-      #
-      #   ts = Tynn::Test.new
-      #   ts.head("/users/1")
-      #
       def head(path, params = {}, env = {})
         request(path, env.merge(method: Rack::HEAD, params: params))
       end
 
-      # Issues a <tt>OPTIONS</tt> request. See #get for more information.
-      #
-      #   ts = Tynn::Test.new
-      #   ts.options("/users")
-      #
       def options(path, params = {}, env = {})
         request(path, env.merge(method: "OPTIONS", params: params))
       end
@@ -163,16 +49,7 @@ class Tynn
 
       def request(path, opts = {})
         @__req = Tynn::Request.new(Rack::MockRequest.env_for(path, opts))
-        @__res = make_response(*app.call(@__req.env))
-      end
-
-      def make_response(status, headers, body)
-        res = Tynn::Response.new(headers)
-        res.status = status
-
-        body.each { |b| res.write(b) }
-
-        res
+        @__res = Tynn::Response.new(*app.call(@__req.env))
       end
     end
 

data/lib/tynn/utils.rb

@@ -1,17 +1,60 @@
+# frozen_string_literal: true
+
 class Tynn
-  module Utils # :nodoc:
+  module Utils
     module_function
 
-    def deepclone_hash(hash)
-      default_proc, hash.default_proc = hash.default_proc, nil
+    def deep_dup(obj)
+      case obj
+      when Array then deep_dup_array(obj)
+      when Hash  then deep_dup_hash(obj)
+      else obj
+      end
+    end
+
+    def deep_dup_hash(hash)
+      hash.each_with_object(hash.dup) do |(k, v), h|
+        h[k] = deep_dup(v)
+      end
+    end
+
+    def deep_dup_array(array)
+      array.map { |v| deep_dup(v) }
+    end
+
+    def deep_freeze!(obj)
+      case obj
+      when Array then deep_freeze_array!(obj)
+      when Hash  then deep_freeze_hash!(obj)
+      end
+    end
 
-      Marshal.load(Marshal.dump(hash))
-    ensure
-      hash.default_proc = default_proc
+    def deep_freeze_array!(array)
+      array.freeze.each { |v| deep_freeze!(v) }
     end
 
-    def raise_error(message, error: RuntimeError, tag: "troubleshooting")
-      raise error, sprintf("%s. See http://tynn.xyz/#%s.", message, tag)
+    def deep_freeze_hash!(hash)
+      hash.freeze.each { |_, v| deep_freeze!(v) }
+    end
+
+    HTML_ESCAPE = {
+      "&" => "&",
+      ">" => ">",
+      "<" => "&lt;",
+      '"' => "&#39;",
+      "'" => "&#34;"
+    }.freeze
+
+    UNSAFE = /[&"'><]/
+
+    def h(str)
+      str.gsub(UNSAFE, HTML_ESCAPE)
+    end
+
+    ERROR_URL = "%s. For more information, see http://tynn.rtfd.io/en/latest/troubleshooting#%s"
+
+    def raise_error(message, error = RuntimeError)
+      raise error, sprintf(ERROR_URL, message, message.downcase.gsub(" ", "-"))
     end
   end
 end

data/lib/tynn/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 class Tynn
-  VERSION = "2.0.0.beta3" # :nodoc:
+  VERSION = "2.0.0.beta4"
 end

data/lib/tynn/x/versioning.rb

@@ -0,0 +1,29 @@
+# frozen_string_literal: true
+
+class Tynn
+  module Versioning
+    module InstanceMethods
+      def version(default: nil, vendor: "api")
+        lambda do
+          version, format = nil
+          accepts = req.headers["Accept"]
+
+          if accepts && !accepts.empty?
+            accepts.split(",").each do |accept|
+              break if version
+
+              matcher = /application\/vnd\.#{ vendor }\+(.+);\s*version\s*=\s*(\d+)/
+              matcher.match(accept) do |match|
+                version, format = match[2], match[1]
+              end
+            end
+          end
+
+          version ||= default
+
+          captures.push(version.to_i, format) if version
+        end
+      end
+    end
+  end
+end

data/test/json_test.rb

@@ -8,24 +8,144 @@ class JSONTest < Minitest::Test
     @app = new_app
   end
 
-  def test_respond_json_object
+  def test_read_hash
+    @app.plugin(Tynn::JSON)
+
+    @app.define do
+      on post do
+        json(json_params)
+      end
+    end
+
+    json = JSON.generate(ok: true)
+
+    ts = Tynn::Test.new(@app)
+    ts.post("/", json)
+
+    assert_equal %({"ok":true}), ts.res.body.join
+  end
+
+  def test_read_array
+    @app.plugin(Tynn::JSON)
+
+    @app.define do
+      on post do
+        json(json_params)
+      end
+    end
+
+    json = JSON.generate(%w(foo bar baz))
+
+    ts = Tynn::Test.new(@app)
+    ts.post("/", json)
+
+    assert_equal %(["foo","bar","baz"]), ts.res.body.join
+  end
+
+  def test_read_rewinds_body
+    @app.plugin(Tynn::JSON)
+
+    @app.define do
+      on post do
+        _ = json_params
+
+        res.write(req.body.read)
+      end
+    end
+
+    json = JSON.generate(%w(foo bar baz))
+
+    ts = Tynn::Test.new(@app)
+    ts.post("/", json)
+
+    assert_equal json, ts.res.body.join
+  end
+
+  def test_read_on_parse_error
+    @app.plugin(Tynn::JSON)
+
+    @app.define do
+      on post do
+        json_params
+      end
+    end
+
+    ts = Tynn::Test.new(@app)
+    ts.post("/", "")
+
+    assert_equal 400, ts.res.status
+    assert_empty ts.res.headers
+    assert_empty ts.res.body
+  end
+
+  def test_read_on_parse_error_proc
+    @app.plugin(Tynn::JSON, on_parse_error: proc {
+      res.status = 400
+
+      json(ok: false)
+
+      halt(res.finish)
+    })
+
+    @app.define do
+      on post do
+        json_params
+      end
+    end
+
+    ts = Tynn::Test.new(@app)
+    ts.post("/", "")
+
+    assert_equal 400, ts.res.status
+    assert_equal "application/json", ts.res.content_type
+    assert_equal %({"ok":false}), ts.res.body.join
+  end
+
+  def test_read_on_parse_error_method
+    @app.plugin(Tynn::JSON, on_parse_error: :custom_bad_request)
+
+    @app.class_eval do
+      def custom_bad_request
+        res.status = 400
+
+        json(ok: false)
+
+        halt(res.finish)
+      end
+    end
+
+    @app.define do
+      on post do
+        json_params
+      end
+    end
+
+    ts = Tynn::Test.new(@app)
+    ts.post("/", "")
+
+    assert_equal 400, ts.res.status
+    assert_equal "application/json", ts.res.content_type
+    assert_equal %({"ok":false}), ts.res.body.join
+  end
+
+  def test_write_hash
     @app.plugin(Tynn::JSON)
 
     @app.define do
       on get do
-        json(foo: "foo")
+        json(ok: true)
       end
     end
 
     ts = Tynn::Test.new(@app)
     ts.get("/")
 
-    object = JSON.parse(ts.res.body.join)
+    hash = JSON.parse(ts.res.body.join)
 
-    assert_equal "foo", object["foo"]
+    assert hash["ok"]
   end
 
-  def test_respond_json_array
+  def test_write_array
     @app.plugin(Tynn::JSON)
 
     @app.define do
@@ -40,7 +160,60 @@ class JSONTest < Minitest::Test
     assert_equal %w(foo bar baz), JSON.parse(ts.res.body.join)
   end
 
-  def test_content_type
+  def test_write_object
+    @app.plugin(Tynn::JSON)
+
+    @app.define do
+      on get do
+        object = Object.new
+
+        def object.to_json(_)
+          JSON.generate(ok: true)
+        end
+
+        json(object)
+      end
+    end
+
+    ts = Tynn::Test.new(@app)
+    ts.get("/")
+
+    hash = JSON.parse(ts.res.body.join)
+
+    assert hash["ok"]
+  end
+
+  def test_write_custom_options
+    @app.plugin(Tynn::JSON, write_opts: JSON::PRETTY_STATE_PROTOTYPE)
+
+    @app.define do
+      on get do
+        json(ok: true)
+      end
+    end
+
+    ts = Tynn::Test.new(@app)
+    ts.get("/")
+
+    assert_equal JSON.pretty_generate(ok: true), ts.res.body.join
+  end
+
+  def test_write_options
+    @app.plugin(Tynn::JSON)
+
+    @app.define do
+      on get do
+        json({ ok: true }, JSON::PRETTY_STATE_PROTOTYPE)
+      end
+    end
+
+    ts = Tynn::Test.new(@app)
+    ts.get("/")
+
+    assert_equal JSON.pretty_generate(ok: true), ts.res.body.join
+  end
+
+  def test_write_content_type
     @app.plugin(Tynn::JSON)
 
     @app.define do
@@ -55,7 +228,7 @@ class JSONTest < Minitest::Test
     assert_equal "application/json", ts.res.content_type
   end
 
-  def test_custom_content_type
+  def test_write_custom_content_type
     @app.plugin(Tynn::JSON, content_type: "application/js")
 
     @app.define do
@@ -69,4 +242,21 @@ class JSONTest < Minitest::Test
 
     assert_equal "application/js", ts.res.content_type
   end
+
+  def test_write_alias
+    @app.plugin(Tynn::JSON)
+
+    @app.define do
+      on get do
+        json(ok: true)
+      end
+    end
+
+    ts = Tynn::Test.new(@app)
+    ts.get("/")
+
+    hash = JSON.parse(ts.res.body.join)
+
+    assert hash["ok"]
+  end
 end