RubyGems - tynn - Versions diffs - 1.2.0 → 1.3.0 - Mend

tynn 1.2.0 → 1.3.0

Files changed (15) hide show

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: a6cd976ef2725374c76761726c9c86a4714a0aed
-  data.tar.gz: f769dcbcabcc8ac1941a175e2280d860cdf3304e
+  metadata.gz: c01166fc9c243f8e396f2b5f0f9007681524c7f0
+  data.tar.gz: f09380715acf0839c39dba34ead60ff161ec4aaf
 SHA512:
-  metadata.gz: 304636238779f980affe65c6028814bcbe63823264baf249e599ec8fbf1dd002dd70947c0a3cce5b4e801afea6a20210dfcf1c64d07bd65b0835285d382ce53c
-  data.tar.gz: f48e2523ac152117c16c79972a8ada5ed7962fca259904fdd4ae1f3b562931ce0bf480c0684154b43379c0c739164578d3623697d14a3797760eb5807105702b
+  metadata.gz: 8e14f1f08ec671c79ed112f81b1420569498ea7e172a4e6faf6ecc2ed45aea7ac1cdc6c7307183fc71944c0c4ddf947ebf2e7b95d2f24544a0880efca47682e1
+  data.tar.gz: f99c0c15c44108e86a2cc8514fea0f16d323671a706209b5a05a6e1d8f297b5b8828e369483fbf1aaff70fcef37a81c43cd347656d01ca17bc66bb0cc5d441e6

data/README.md CHANGED Viewed

@@ -1,4 +1,4 @@
-tynn [![Build Status](https://travis-ci.org/frodsan/tynn.svg)](https://travis-ci.org/frodsan/tynn)
+Tynn [![Build Status](https://travis-ci.org/frodsan/tynn.svg)](https://travis-ci.org/frodsan/tynn)
 ====
 A thin library for web development.
@@ -27,27 +27,24 @@ end
 run(Tynn)
 ```
-You can run `rackup` and open <http://localhost:9292/> to see the greeting
-message.
+Check [Getting Started][start] for more information.
-Installation
-------------
+Documentation
+-------------
-```
-$ gem install tynn
-```
+See our website: <http://tynn.xyz/>.
 Contributing
 ------------
-- Fork the project.
-- Use `make install` to install dependencies.
-- Use `make test` to run the test suite.
-- Create a pull request with your changes.
+Please see the [CONTRIBUTING][contributing] file for more information.
+License
+-------
-You can install the gems globally, but we recommend [gs][gs] (or
-[gst][gst] if you're using chruby) to keep things isolated.
+Tynn is released under the [MIT License][mit].
+[contributing]: https://github.com/frodsan/tynn/blob/master/CONTRIBUTING.md
+[mit]: http://www.opensource.org/licenses/MIT
+[start]: http://tynn.xyz/getting-started.html
 [syro]: http://soveran.github.io/syro/
-[gs]: https://github.com/soveran/gs
-[gst]: https://github.com/tonchis/gst

data/lib/tynn.rb CHANGED Viewed

@@ -69,7 +69,7 @@ class Tynn
   #   Tynn.use(Rack::ShowExceptions)
   #
   def self.use(middleware, *args, &block)
-    __middleware << proc { |app| middleware.new(app, *args, &block) }
+    self.middleware << proc { |app| middleware.new(app, *args, &block) }
   end
   def self.call(env) # :nodoc:
@@ -77,14 +77,15 @@ class Tynn
   end
   def self.build_app(syro) # :nodoc:
-    if __middleware.empty?
+    if middleware.empty?
       @app = syro
     else
-      @app = __middleware.reverse.inject(syro) { |a, m| m.call(a) }
+      @app = middleware.reverse.inject(syro) { |a, m| m.call(a) }
     end
   end
-  def self.__middleware # :nodoc:
+  # Internal: Returns middleware stack.
+  def self.middleware
     return @middleware ||= []
   end

data/lib/tynn/protection.rb CHANGED Viewed

@@ -26,27 +26,19 @@ class Tynn
   #
   # If the +:ssl+ option is +true+, includes:
   #
-  # - Tynn::HSTS
-  #
-  # - Tynn::ForceSSL
+  # - Tynn::SSL
   #
   module Protection
     # Internal: Configures security related plugins.
-    def self.setup(app, ssl: false, force_ssl: ssl, hsts: {})
+    def self.setup(app, ssl: false, hsts: {})
       app.plugin(Tynn::SecureHeaders)
       if ssl
         app.settings[:ssl] = true
-        require_relative "hsts"
-        app.plugin(Tynn::HSTS, hsts)
-      end
-      if force_ssl
-        require_relative "force_ssl"
+        require_relative "ssl"
-        app.plugin(Tynn::ForceSSL)
+        app.plugin(Tynn::SSL, hsts: hsts)
       end
     end
   end

data/lib/tynn/session.rb CHANGED Viewed

@@ -62,9 +62,11 @@ class Tynn
   module Session
     # Internal: Configures Rack::Session::Cookie middleware.
     def self.setup(app, options = {})
-      defaults = { secure: app.settings[:ssl] }
+      if app.settings[:ssl]
+        options = { secure: true }.merge(options)
+      end
-      app.use(Rack::Session::Cookie, defaults.merge(options))
+      app.use(Rack::Session::Cookie, options)
     end
     module InstanceMethods
@@ -78,7 +80,7 @@ class Tynn
       #   session[:foo] # => "foo"
       #
       def session
-        return env["rack.session".freeze]
+        return req.session
       end
     end
   end

data/lib/tynn/ssl.rb ADDED Viewed

@@ -0,0 +1,115 @@
+class Tynn
+  # Public: Enforces secure HTTP requests by:
+  #
+  # 1. Redirecting HTTP requests to their HTTPS counterparts.
+  #
+  # 2. Setting the +Strict-Transport-Security+ header. This ensures the
+  #    browser never visits the http version of a website. This reduces
+  #    the impact of leaking session data through cookies and external
+  #    links, and defends against Man-in-the-middle attacks.
+  #
+  # Examples
+  #
+  #   require "tynn"
+  #   require "tynn/ssl"
+  #   require "tynn/test"
+  #
+  #   Tynn.plugin(Tynn::SSL)
+  #
+  #   Tynn.define { }
+  #
+  #   app = Tynn::Test.new
+  #   app.get("/", {}, "HTTP_HOST" => "tynn.xyz")
+  #
+  #   app.res.headers["Location"]
+  #   # => "https://tynn.xyz/"
+  #
+  # You can configure HSTS with <tt>{ hsts: { ... } }</tt>. It supports the
+  # following options:
+  #
+  # expires    - The time, in seconds, that the browser access the site only
+  #              by HTTPS. Defaults to 180 days.
+  # subdomains - If this is +true+, the rule applies to all the site's
+  #              subdomains as well. Defaults to +true+.
+  # preload    - A limitation of HSTS is that the initial request remains
+  #              unprotected if it uses HTTP. The same applies to the first
+  #              request after the activity period specified by +max-age+.
+  #              Modern browsers implements a "STS preloaded list", which
+  #              contains known sites supporting HSTS. If you would like to
+  #              include your website into the list, set this options to +true+
+  #              and submit your domain to this {form}[https://hstspreload.appspot.com/].
+  #              Supported by Chrome, Firefox, IE11+ and IE Edge.
+  #
+  # Examples
+  #
+  #   Tynn.plugin(
+  #     Tynn::SSL,
+  #     hsts: {
+  #       expires: 31_536_000,
+  #       includeSubdomains: true,
+  #       preload: true
+  #     }
+  #   )
+  #
+  #   app = Tynn::Test.new
+  #   app.get("/", {}, "HTTPS" => "on")
+  #
+  #   app.res.headers["Strict-Transport-Security"]
+  #   # => "max-age=31536000; includeSubdomains; preload"
+  #
+  # To disable HSTS, you will need to tell the browser to expire it
+  # immediately.
+  #
+  # Examples
+  #
+  #   Tynn.plugin(Tynn::SSL, hsts: { expires: 0 })
+  #
+  class SSL
+    def self.setup(app, hsts: {}) # :nodoc:
+      app.use(self, hsts: hsts)
+    end
+    def initialize(app, hsts: {}) # :nodoc:
+      @app = app
+      @hsts_header = build_hsts_header(hsts)
+    end
+    def call(env) # :nodoc:
+      request = Rack::Request.new(env)
+      if request.ssl?
+        response = @app.call(env)
+        set_hsts_header!(response[1])
+        return response
+      else
+        return [301, redirect_headers(request), []]
+      end
+    end
+    private
+    def build_hsts_header(options)
+      header = sprintf("max-age=%i", options.fetch(:expires, 15_552_000))
+      header << "; includeSubdomains" if options.fetch(:subdomains, true)
+      header << "; preload" if options[:preload]
+      return header
+    end
+    def set_hsts_header!(headers)
+      headers["Strict-Transport-Security".freeze] ||= @hsts_header
+    end
+    def redirect_headers(request)
+      return { "Location" => https_location(request) }
+    end
+    HTTPS_LOCATION = "https://%s%s".freeze
+    def https_location(request)
+      return sprintf(HTTPS_LOCATION, request.host, request.fullpath)
+    end
+  end
+end

data/lib/tynn/version.rb CHANGED Viewed

@@ -1,7 +1,7 @@
 class Tynn # :nodoc: all
   VERSION = [
     MAJOR_VERSION = 1,
-    MINOR_VERSION = 2,
+    MINOR_VERSION = 3,
     PATCH_VERSION = 0,
     PRE_VERSION   = nil
   ].compact.join(".")

data/test/ssl_test.rb ADDED Viewed

@@ -0,0 +1,60 @@
+require_relative "../lib/tynn/ssl"
+setup do
+  Tynn::Test.new
+end
+test "redirects to https" do |app|
+  Tynn.plugin(Tynn::SSL)
+  Tynn.define do
+  end
+  app.get("/")
+  assert_equal 301, app.res.status
+  assert_equal "https://example.org/", app.res.location
+end
+test "https request" do |app|
+  Tynn.plugin(Tynn::SSL)
+  Tynn.define do
+    root do
+      res.write("secure")
+    end
+  end
+  app.get("/", {}, "HTTPS" => "on")
+  assert_equal 200, app.res.status
+  assert_equal "secure", app.res.body
+end
+test "hsts header" do |app|
+  Tynn.plugin(Tynn::SSL)
+  Tynn.define do
+  end
+  app = Tynn::Test.new
+  app.get("/", {}, "HTTPS" => "on")
+  header = app.res.headers["Strict-Transport-Security"]
+  assert_equal "max-age=15552000; includeSubdomains", header
+end
+test "hsts header options" do |app|
+  Tynn.plugin(Tynn::SSL, hsts: { expires: 1, subdomains: false, preload: true })
+  Tynn.define do
+  end
+  app = Tynn::Test.new
+  app.get("/", {}, "HTTPS" => "on")
+  header = app.res.headers["Strict-Transport-Security"]
+  assert_equal "max-age=1; preload", header
+end

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: tynn
 version: !ruby/object:Gem::Version
-  version: 1.2.0
+  version: 1.3.0
 platform: ruby
 authors:
 - Francesco Rodríguez
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2015-10-30 00:00:00.000000000 Z
+date: 2015-11-10 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rack
@@ -106,11 +106,8 @@ files:
 - lib/tynn.rb
 - lib/tynn/all_methods.rb
 - lib/tynn/environment.rb
-- lib/tynn/force_ssl.rb
 - lib/tynn/hmote.rb
-- lib/tynn/hsts.rb
 - lib/tynn/json.rb
-- lib/tynn/matchers.rb
 - lib/tynn/not_found.rb
 - lib/tynn/protection.rb
 - lib/tynn/render.rb
@@ -119,6 +116,7 @@ files:
 - lib/tynn/secure_headers.rb
 - lib/tynn/session.rb
 - lib/tynn/settings.rb
+- lib/tynn/ssl.rb
 - lib/tynn/static.rb
 - lib/tynn/test.rb
 - lib/tynn/version.rb
@@ -126,18 +124,16 @@ files:
 - test/core_test.rb
 - test/default_headers_test.rb
 - test/environment_test.rb
-- test/force_ssl_test.rb
 - test/helper.rb
 - test/hmote_test.rb
-- test/hsts_test.rb
 - test/json_test.rb
-- test/matchers_test.rb
 - test/middleware_test.rb
 - test/not_found_test.rb
 - test/protection_test.rb
 - test/render_test.rb
 - test/secure_headers_test.rb
 - test/session_test.rb
+- test/ssl_test.rb
 - test/static_test.rb
 homepage: https://github.com/frodsan/tynn
 licenses:
@@ -168,17 +164,15 @@ test_files:
 - test/core_test.rb
 - test/default_headers_test.rb
 - test/environment_test.rb
-- test/force_ssl_test.rb
 - test/helper.rb
 - test/hmote_test.rb
-- test/hsts_test.rb
 - test/json_test.rb
-- test/matchers_test.rb
 - test/middleware_test.rb
 - test/not_found_test.rb
 - test/protection_test.rb
 - test/render_test.rb
 - test/secure_headers_test.rb
 - test/session_test.rb
+- test/ssl_test.rb
 - test/static_test.rb
 has_rdoc:

data/lib/tynn/force_ssl.rb DELETED Viewed

@@ -1,55 +0,0 @@
-class Tynn
-  # Public: HTTP requests are permanently redirected to their HTTPS
-  # counterparts.
-  #
-  # Examples
-  #
-  #   require "tynn"
-  #   require "tynn/force_ssl"
-  #   require "tynn/test"
-  #
-  #   Tynn.plugin(Tynn::ForceSSL)
-  #
-  #   Tynn.define { }
-  #
-  #   app = Tynn::Test.new
-  #   app.get("/", {}, "HTTP_HOST" => "tynn.xyz")
-  #
-  #   app.res.headers["Location"]
-  #   # => "https://tynn.xyz/"
-  #
-  module ForceSSL
-    # Internal: Sets the HTTPS redirect middleware.
-    def self.setup(app)
-      app.use(Tynn::ForceSSL::Middleware)
-    end
-    class Middleware # :nodoc:
-      def initialize(app)
-        @app = app
-      end
-      def call(env)
-        request = Rack::Request.new(env)
-        if request.ssl?
-          return @app.call(env)
-        else
-          return [301, redirect_headers(request), []]
-        end
-      end
-      private
-      def redirect_headers(request)
-        return { "Location" => https_location(request) }
-      end
-      HTTPS_LOCATION = "https://%s%s".freeze
-      def https_location(request)
-        return sprintf(HTTPS_LOCATION, request.host, request.fullpath)
-      end
-    end
-  end
-end

data/lib/tynn/hsts.rb DELETED Viewed

@@ -1,64 +0,0 @@
-class Tynn
-  # Public: Sets the +Strict-Transport-Security+ header. This ensures the
-  # browser never visits the http version of a website. This reduces the
-  # impact of leaking session data through cookies and external links, and
-  # defends against Man-in-the-middle attacks.
-  #
-  # Examples
-  #
-  #   require "tynn"
-  #   require "tynn/hsts"
-  #
-  #   Tynn.plugin(Tynn::HSTS)
-  #
-  #   Tynn.define { }
-  #
-  #   Tynn.call("PATH_INFO" => "/")[1]["Strict-Transport-Security"]
-  #   # => "max-age=15552000; includeSubdomains"
-  #
-  # It supports the following options:
-  #
-  # expires    - The time, in seconds, that the browser access the site only
-  #              by HTTPS. Defaults to 180 days.
-  # subdomains - If this is +true+, the rule applies to all the site's
-  #              subdomains as well. Defaults to +true+.
-  # preload    - A limitation of HSTS is that the initial request remains
-  #              unprotected if it uses HTTP. The same applies to the first
-  #              request after the activity period specified by +max-age+.
-  #              Modern browsers implements a "STS preloaded list", which
-  #              contains known sites supporting HSTS. If you would like to
-  #              include your website into the list, set this options to +true+
-  #              and submit your domain to this {form}[https://hstspreload.appspot.com/].
-  #              Supported by Chrome, Firefox, IE11+ and IE Edge.
-  #
-  # Examples
-  #
-  #   Tynn.plugin(
-  #     Tynn::HSTS,
-  #     expires: 31_536_000,
-  #     includeSubdomains: true,
-  #     preload: true
-  #   )
-  #
-  #   Tynn.define { }
-  #
-  #   Tynn.call("PATH_INFO" => "/")[1]["Strict-Transport-Security"]
-  #   # => "max-age=31536000; includeSubdomains; preload"
-  #
-  # To disable HSTS, you will need to tell the browser to expire it immediately.
-  #
-  # Examples
-  #
-  #   Tynn.plugin(Tynn::HSTS, expires: 0)
-  #
-  module HSTS
-    # Internal: Sets the HSTS header as a default header.
-    def self.setup(app, options = {})
-      header = sprintf("max-age=%i", options.fetch(:expires, 15_552_000))
-      header << "; includeSubdomains" if options.fetch(:subdomains, true)
-      header << "; preload" if options[:preload]
-      app.settings[:default_headers]["Strict-Transport-Security"] = header
-    end
-  end
-end

data/lib/tynn/matchers.rb DELETED Viewed

@@ -1,60 +0,0 @@
-class Tynn
-  # Public: Adds extra matchers to Tynn.
-  #
-  # Examples
-  #
-  #   require "tynn"
-  #   require "tynn/matchers"
-  #
-  #   Tynn.plugin(Tynn::Matchers)
-  #
-  module Matchers
-    module InstanceMethods
-      # Public: A catch-all matcher. Always executes the given block.
-      #
-      # Examples
-      #
-      #   Tynn.define do
-      #     authenticated? do
-      #       # ...
-      #     end
-      #
-      #     default do # on true
-      #       # ...
-      #     end
-      #   end
-      #
-      def default
-        yield
-        halt(res.finish)
-      end
-      # Public: Executes the given block if +key+ is present in +req.params+.
-      #
-      # key - Any object that responds to +to_s+.
-      #
-      # Examples
-      #
-      #   Tynn.define do
-      #     param(:user) do |params|
-      #       user = User.create(params)
-      #
-      #       # ...
-      #     end
-      #
-      #     default do
-      #       res.write("missing [user] param")
-      #     end
-      #   end
-      #
-      def param(key)
-        if (v = req[key]) && !v.empty?
-          yield(v)
-          halt(res.finish)
-        end
-      end
-    end
-  end
-end

data/test/force_ssl_test.rb DELETED Viewed

@@ -1,32 +0,0 @@
-require_relative "../lib/tynn/force_ssl"
-setup do
-  Tynn::Test.new
-end
-test "redirects to https" do |app|
-  Tynn.plugin(Tynn::ForceSSL)
-  Tynn.define do
-  end
-  app.get("/")
-  assert_equal 301, app.res.status
-  assert_equal "https://example.org/", app.res.location
-end
-test "https request" do |app|
-  Tynn.plugin(Tynn::ForceSSL)
-  Tynn.define do
-    root do
-      res.write("secure")
-    end
-  end
-  app.get("/", {}, "HTTPS" => "on")
-  assert_equal 200, app.res.status
-  assert_equal "secure", app.res.body
-end

data/test/hsts_test.rb DELETED Viewed

@@ -1,29 +0,0 @@
-require_relative "../lib/tynn/hsts"
-test "hsts header" do |app|
-  Tynn.plugin(Tynn::HSTS)
-  Tynn.define do
-  end
-  app = Tynn::Test.new
-  app.get("/", {})
-  header = app.res.headers["Strict-Transport-Security"]
-  assert_equal "max-age=15552000; includeSubdomains", header
-end
-test "hsts header options" do |app|
-  Tynn.plugin(Tynn::HSTS, expires: 1, subdomains: false, preload: true)
-  Tynn.define do
-  end
-  app = Tynn::Test.new
-  app.get("/", {})
-  header = app.res.headers["Strict-Transport-Security"]
-  assert_equal "max-age=1; preload", header
-end

data/test/matchers_test.rb DELETED Viewed

@@ -1,40 +0,0 @@
-require_relative "../lib/tynn/matchers"
-setup do
-  Tynn.plugin(Tynn::Matchers)
-  Tynn::Test.new
-end
-test "default" do |app|
-  Tynn.define do
-    default do
-      res.write("foo")
-    end
-  end
-  app.get("/")
-  assert_equal 200, app.res.status
-  assert_equal "foo", app.res.body
-end
-test "param" do |app|
-  Tynn.define do
-    param(:foo) do |foo|
-      res.write(foo)
-    end
-    param("bar") do |bar|
-      res.write(bar)
-    end
-  end
-  app.get("/", foo: "foo")
-  assert_equal "foo", app.res.body
-  app.get("/", foo: "bar")
-  assert_equal "bar", app.res.body
-end