RubyGems - tynn - Versions diffs - 1.2.0 → 1.3.0 - Mend

tynn 1.2.0 → 1.3.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (15) hide show

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: a6cd976ef2725374c76761726c9c86a4714a0aed
-  data.tar.gz: f769dcbcabcc8ac1941a175e2280d860cdf3304e
+  metadata.gz: c01166fc9c243f8e396f2b5f0f9007681524c7f0
+  data.tar.gz: f09380715acf0839c39dba34ead60ff161ec4aaf
 SHA512:
-  metadata.gz: 304636238779f980affe65c6028814bcbe63823264baf249e599ec8fbf1dd002dd70947c0a3cce5b4e801afea6a20210dfcf1c64d07bd65b0835285d382ce53c
-  data.tar.gz: f48e2523ac152117c16c79972a8ada5ed7962fca259904fdd4ae1f3b562931ce0bf480c0684154b43379c0c739164578d3623697d14a3797760eb5807105702b
+  metadata.gz: 8e14f1f08ec671c79ed112f81b1420569498ea7e172a4e6faf6ecc2ed45aea7ac1cdc6c7307183fc71944c0c4ddf947ebf2e7b95d2f24544a0880efca47682e1
+  data.tar.gz: f99c0c15c44108e86a2cc8514fea0f16d323671a706209b5a05a6e1d8f297b5b8828e369483fbf1aaff70fcef37a81c43cd347656d01ca17bc66bb0cc5d441e6

data/README.md CHANGED Viewed

@@ -1,4 +1,4 @@
-tynn [![Build Status](https://travis-ci.org/frodsan/tynn.svg)](https://travis-ci.org/frodsan/tynn)
+Tynn [![Build Status](https://travis-ci.org/frodsan/tynn.svg)](https://travis-ci.org/frodsan/tynn)
 ====
 A thin library for web development.
@@ -27,27 +27,24 @@ end
 run(Tynn)
 ```
-You can run `rackup` and open <http://localhost:9292/> to see the greeting
-message.
+Check [Getting Started][start] for more information.
-Installation
-------------
+Documentation
+-------------
-```
-$ gem install tynn
-```
+See our website: <http://tynn.xyz/>.
 Contributing
 ------------
-- Fork the project.
-- Use `make install` to install dependencies.
-- Use `make test` to run the test suite.
-- Create a pull request with your changes.
+Please see the [CONTRIBUTING][contributing] file for more information.
+License
+-------
-You can install the gems globally, but we recommend [gs][gs] (or
-[gst][gst] if you're using chruby) to keep things isolated.
+Tynn is released under the [MIT License][mit].
+[contributing]: https://github.com/frodsan/tynn/blob/master/CONTRIBUTING.md
+[mit]: http://www.opensource.org/licenses/MIT
+[start]: http://tynn.xyz/getting-started.html
 [syro]: http://soveran.github.io/syro/
-[gs]: https://github.com/soveran/gs
-[gst]: https://github.com/tonchis/gst

data/lib/tynn.rb CHANGED Viewed

@@ -69,7 +69,7 @@ class Tynn
   #   Tynn.use(Rack::ShowExceptions)
   #
   def self.use(middleware, *args, &block)
-    __middleware << proc { |app| middleware.new(app, *args, &block) }
+    self.middleware << proc { |app| middleware.new(app, *args, &block) }
   end
   def self.call(env) # :nodoc:
@@ -77,14 +77,15 @@ class Tynn
   end
   def self.build_app(syro) # :nodoc:
-    if __middleware.empty?
+    if middleware.empty?
       @app = syro
     else
-      @app = __middleware.reverse.inject(syro) { |a, m| m.call(a) }
+      @app = middleware.reverse.inject(syro) { |a, m| m.call(a) }
     end
   end
-  def self.__middleware # :nodoc:
+  # Internal: Returns middleware stack.
+  def self.middleware
     return @middleware ||= []
   end

data/lib/tynn/protection.rb CHANGED Viewed

@@ -26,27 +26,19 @@ class Tynn
   #
   # If the +:ssl+ option is +true+, includes:
   #
-  # - Tynn::HSTS
-  #
-  # - Tynn::ForceSSL
+  # - Tynn::SSL
   #
   module Protection
     # Internal: Configures security related plugins.
-    def self.setup(app, ssl: false, force_ssl: ssl, hsts: {})
+    def self.setup(app, ssl: false, hsts: {})
       app.plugin(Tynn::SecureHeaders)
       if ssl
         app.settings[:ssl] = true
-        require_relative "hsts"
-        app.plugin(Tynn::HSTS, hsts)
-      end
-      if force_ssl
-        require_relative "force_ssl"
+        require_relative "ssl"
-        app.plugin(Tynn::ForceSSL)
+        app.plugin(Tynn::SSL, hsts: hsts)
       end
     end
   end

data/lib/tynn/session.rb CHANGED Viewed

@@ -62,9 +62,11 @@ class Tynn
   module Session
     # Internal: Configures Rack::Session::Cookie middleware.
     def self.setup(app, options = {})
-      defaults = { secure: app.settings[:ssl] }
+      if app.settings[:ssl]
+        options = { secure: true }.merge(options)
+      end
-      app.use(Rack::Session::Cookie, defaults.merge(options))
+      app.use(Rack::Session::Cookie, options)
     end
     module InstanceMethods
@@ -78,7 +80,7 @@ class Tynn
       #   session[:foo] # => "foo"
       #
       def session
-        return env["rack.session".freeze]
+        return req.session
       end
     end
   end

data/lib/tynn/ssl.rb ADDED Viewed

@@ -0,0 +1,115 @@
+class Tynn
+  # Public: Enforces secure HTTP requests by:
+  #
+  # 1. Redirecting HTTP requests to their HTTPS counterparts.
+  #
+  # 2. Setting the +Strict-Transport-Security+ header. This ensures the
+  #    browser never visits the http version of a website. This reduces
+  #    the impact of leaking session data through cookies and external
+  #    links, and defends against Man-in-the-middle attacks.
+  #
+  # Examples
+  #
+  #   require "tynn"
+  #   require "tynn/ssl"
+  #   require "tynn/test"
+  #
+  #   Tynn.plugin(Tynn::SSL)
+  #
+  #   Tynn.define { }
+  #
+  #   app = Tynn::Test.new
+  #   app.get("/", {}, "HTTP_HOST" => "tynn.xyz")
+  #
+  #   app.res.headers["Location"]
+  #   # => "https://tynn.xyz/"
+  #
+  # You can configure HSTS with <tt>{ hsts: { ... } }</tt>. It supports the
+  # following options:
+  #
+  # expires    - The time, in seconds, that the browser access the site only
+  #              by HTTPS. Defaults to 180 days.
+  # subdomains - If this is +true+, the rule applies to all the site's
+  #              subdomains as well. Defaults to +true+.
+  # preload    - A limitation of HSTS is that the initial request remains
+  #              unprotected if it uses HTTP. The same applies to the first
+  #              request after the activity period specified by +max-age+.
+  #              Modern browsers implements a "STS preloaded list", which
+  #              contains known sites supporting HSTS. If you would like to
+  #              include your website into the list, set this options to +true+
+  #              and submit your domain to this {form}[https://hstspreload.appspot.com/].
+  #              Supported by Chrome, Firefox, IE11+ and IE Edge.
+  #
+  # Examples
+  #
+  #   Tynn.plugin(
+  #     Tynn::SSL,
+  #     hsts: {
+  #       expires: 31_536_000,
+  #       includeSubdomains: true,
+  #       preload: true
+  #     }
+  #   )
+  #
+  #   app = Tynn::Test.new
+  #   app.get("/", {}, "HTTPS" => "on")
+  #
+  #   app.res.headers["Strict-Transport-Security"]
+  #   # => "max-age=31536000; includeSubdomains; preload"
+  #
+  # To disable HSTS, you will need to tell the browser to expire it
+  # immediately.
+  #
+  # Examples
+  #
+  #   Tynn.plugin(Tynn::SSL, hsts: { expires: 0 })
+  #
+  class SSL
+    def self.setup(app, hsts: {}) # :nodoc:
+      app.use(self, hsts: hsts)
+    end
+    def initialize(app, hsts: {}) # :nodoc:
+      @app = app
+      @hsts_header = build_hsts_header(hsts)
+    end
+    def call(env) # :nodoc:
+      request = Rack::Request.new(env)
+      if request.ssl?
+        response = @app.call(env)
+        set_hsts_header!(response[1])
+        return response
+      else
+        return [301, redirect_headers(request), []]
+      end
+    end
+    private
+    def build_hsts_header(options)
+      header = sprintf("max-age=%i", options.fetch(:expires, 15_552_000))
+      header << "; includeSubdomains" if options.fetch(:subdomains, true)
+      header << "; preload" if options[:preload]
+      return header
+    end
+    def set_hsts_header!(headers)
+      headers["Strict-Transport-Security".freeze] ||= @hsts_header
+    end
+    def redirect_headers(request)
+      return { "Location" => https_location(request) }
+    end
+    HTTPS_LOCATION = "https://%s%s".freeze
+    def https_location(request)
+      return sprintf(HTTPS_LOCATION, request.host, request.fullpath)
+    end
+  end
+end

data/lib/tynn/version.rb CHANGED Viewed

@@ -1,7 +1,7 @@
 class Tynn # :nodoc: all
   VERSION = [
     MAJOR_VERSION = 1,
-    MINOR_VERSION = 2,
+    MINOR_VERSION = 3,
     PATCH_VERSION = 0,
     PRE_VERSION   = nil
   ].compact.join(".")

data/test/ssl_test.rb ADDED Viewed

@@ -0,0 +1,60 @@
+require_relative "../lib/tynn/ssl"
+setup do
+  Tynn::Test.new
+end
+test "redirects to https" do |app|
+  Tynn.plugin(Tynn::SSL)
+  Tynn.define do
+  end
+  app.get("/")
+  assert_equal 301, app.res.status
+  assert_equal "https://example.org/", app.res.location
+end
+test "https request" do |app|
+  Tynn.plugin(Tynn::SSL)
+  Tynn.define do
+    root do
+      res.write("secure")
+    end
+  end
+  app.get("/", {}, "HTTPS" => "on")
+  assert_equal 200, app.res.status
+  assert_equal "secure", app.res.body
+end
+test "hsts header" do |app|
+  Tynn.plugin(Tynn::SSL)
+  Tynn.define do
+  end
+  app = Tynn::Test.new
+  app.get("/", {}, "HTTPS" => "on")
+  header = app.res.headers["Strict-Transport-Security"]
+  assert_equal "max-age=15552000; includeSubdomains", header
+end
+test "hsts header options" do |app|
+  Tynn.plugin(Tynn::SSL, hsts: { expires: 1, subdomains: false, preload: true })
+  Tynn.define do
+  end
+  app = Tynn::Test.new
+  app.get("/", {}, "HTTPS" => "on")
+  header = app.res.headers["Strict-Transport-Security"]
+  assert_equal "max-age=1; preload", header
+end

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: tynn
 version: !ruby/object:Gem::Version
-  version: 1.2.0
+  version: 1.3.0
 platform: ruby
 authors:
 - Francesco Rodríguez
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2015-10-30 00:00:00.000000000 Z
+date: 2015-11-10 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rack
@@ -106,11 +106,8 @@ files:
 - lib/tynn.rb
 - lib/tynn/all_methods.rb
 - lib/tynn/environment.rb
-- lib/tynn/force_ssl.rb
 - lib/tynn/hmote.rb
-- lib/tynn/hsts.rb
 - lib/tynn/json.rb
-- lib/tynn/matchers.rb
 - lib/tynn/not_found.rb
 - lib/tynn/protection.rb
 - lib/tynn/render.rb
@@ -119,6 +116,7 @@ files:
 - lib/tynn/secure_headers.rb
 - lib/tynn/session.rb
 - lib/tynn/settings.rb
+- lib/tynn/ssl.rb
 - lib/tynn/static.rb
 - lib/tynn/test.rb
 - lib/tynn/version.rb
@@ -126,18 +124,16 @@ files:
 - test/core_test.rb
 - test/default_headers_test.rb
 - test/environment_test.rb
-- test/force_ssl_test.rb
 - test/helper.rb
 - test/hmote_test.rb
-- test/hsts_test.rb
 - test/json_test.rb
-- test/matchers_test.rb
 - test/middleware_test.rb
 - test/not_found_test.rb
 - test/protection_test.rb
 - test/render_test.rb
 - test/secure_headers_test.rb
 - test/session_test.rb
+- test/ssl_test.rb
 - test/static_test.rb
 homepage: https://github.com/frodsan/tynn
 licenses:
@@ -168,17 +164,15 @@ test_files:
 - test/core_test.rb
 - test/default_headers_test.rb
 - test/environment_test.rb
-- test/force_ssl_test.rb
 - test/helper.rb
 - test/hmote_test.rb
-- test/hsts_test.rb
 - test/json_test.rb
-- test/matchers_test.rb
 - test/middleware_test.rb
 - test/not_found_test.rb
 - test/protection_test.rb
 - test/render_test.rb
 - test/secure_headers_test.rb
 - test/session_test.rb
+- test/ssl_test.rb
 - test/static_test.rb
 has_rdoc:

data/lib/tynn/force_ssl.rb DELETED Viewed

@@ -1,55 +0,0 @@
-class Tynn
-  # Public: HTTP requests are permanently redirected to their HTTPS
-  # counterparts.
-  #
-  # Examples
-  #
-  #   require "tynn"
-  #   require "tynn/force_ssl"
-  #   require "tynn/test"
-  #
-  #   Tynn.plugin(Tynn::ForceSSL)
-  #
-  #   Tynn.define { }
-  #
-  #   app = Tynn::Test.new
-  #   app.get("/", {}, "HTTP_HOST" => "tynn.xyz")
-  #
-  #   app.res.headers["Location"]
-  #   # => "https://tynn.xyz/"
-  #
-  module ForceSSL
-    # Internal: Sets the HTTPS redirect middleware.
-    def self.setup(app)
-      app.use(Tynn::ForceSSL::Middleware)
-    end
-    class Middleware # :nodoc:
-      def initialize(app)
-        @app = app
-      end
-      def call(env)
-        request = Rack::Request.new(env)
-        if request.ssl?
-          return @app.call(env)
-        else
-          return [301, redirect_headers(request), []]
-        end
-      end
-      private
-      def redirect_headers(request)
-        return { "Location" => https_location(request) }
-      end
-      HTTPS_LOCATION = "https://%s%s".freeze
-      def https_location(request)
-        return sprintf(HTTPS_LOCATION, request.host, request.fullpath)
-      end
-    end
-  end
-end

data/lib/tynn/hsts.rb DELETED Viewed

@@ -1,64 +0,0 @@
-class Tynn
-  # Public: Sets the +Strict-Transport-Security+ header. This ensures the
-  # browser never visits the http version of a website. This reduces the
-  # impact of leaking session data through cookies and external links, and
-  # defends against Man-in-the-middle attacks.
-  #
-  # Examples
-  #
-  #   require "tynn"
-  #   require "tynn/hsts"
-  #
-  #   Tynn.plugin(Tynn::HSTS)
-  #
-  #   Tynn.define { }
-  #
-  #   Tynn.call("PATH_INFO" => "/")[1]["Strict-Transport-Security"]
-  #   # => "max-age=15552000; includeSubdomains"
-  #
-  # It supports the following options:
-  #
-  # expires    - The time, in seconds, that the browser access the site only
-  #              by HTTPS. Defaults to 180 days.
-  # subdomains - If this is +true+, the rule applies to all the site's
-  #              subdomains as well. Defaults to +true+.
-  # preload    - A limitation of HSTS is that the initial request remains
-  #              unprotected if it uses HTTP. The same applies to the first
-  #              request after the activity period specified by +max-age+.
-  #              Modern browsers implements a "STS preloaded list", which
-  #              contains known sites supporting HSTS. If you would like to
-  #              include your website into the list, set this options to +true+
-  #              and submit your domain to this {form}[https://hstspreload.appspot.com/].
-  #              Supported by Chrome, Firefox, IE11+ and IE Edge.
-  #
-  # Examples
-  #
-  #   Tynn.plugin(
-  #     Tynn::HSTS,
-  #     expires: 31_536_000,
-  #     includeSubdomains: true,
-  #     preload: true
-  #   )
-  #
-  #   Tynn.define { }
-  #
-  #   Tynn.call("PATH_INFO" => "/")[1]["Strict-Transport-Security"]
-  #   # => "max-age=31536000; includeSubdomains; preload"
-  #
-  # To disable HSTS, you will need to tell the browser to expire it immediately.
-  #
-  # Examples
-  #
-  #   Tynn.plugin(Tynn::HSTS, expires: 0)
-  #
-  module HSTS
-    # Internal: Sets the HSTS header as a default header.
-    def self.setup(app, options = {})
-      header = sprintf("max-age=%i", options.fetch(:expires, 15_552_000))
-      header << "; includeSubdomains" if options.fetch(:subdomains, true)
-      header << "; preload" if options[:preload]
-      app.settings[:default_headers]["Strict-Transport-Security"] = header
-    end
-  end
-end

data/lib/tynn/matchers.rb DELETED Viewed

@@ -1,60 +0,0 @@
-class Tynn
-  # Public: Adds extra matchers to Tynn.
-  #
-  # Examples
-  #
-  #   require "tynn"
-  #   require "tynn/matchers"
-  #
-  #   Tynn.plugin(Tynn::Matchers)
-  #
-  module Matchers
-    module InstanceMethods
-      # Public: A catch-all matcher. Always executes the given block.
-      #
-      # Examples
-      #
-      #   Tynn.define do
-      #     authenticated? do
-      #       # ...
-      #     end
-      #
-      #     default do # on true
-      #       # ...
-      #     end
-      #   end
-      #
-      def default
-        yield
-        halt(res.finish)
-      end
-      # Public: Executes the given block if +key+ is present in +req.params+.
-      #
-      # key - Any object that responds to +to_s+.
-      #
-      # Examples
-      #
-      #   Tynn.define do
-      #     param(:user) do |params|
-      #       user = User.create(params)
-      #
-      #       # ...
-      #     end
-      #
-      #     default do
-      #       res.write("missing [user] param")
-      #     end
-      #   end
-      #
-      def param(key)
-        if (v = req[key]) && !v.empty?
-          yield(v)
-          halt(res.finish)
-        end
-      end
-    end
-  end
-end

data/test/force_ssl_test.rb DELETED Viewed

@@ -1,32 +0,0 @@
-require_relative "../lib/tynn/force_ssl"
-setup do
-  Tynn::Test.new
-end
-test "redirects to https" do |app|
-  Tynn.plugin(Tynn::ForceSSL)
-  Tynn.define do
-  end
-  app.get("/")
-  assert_equal 301, app.res.status
-  assert_equal "https://example.org/", app.res.location
-end
-test "https request" do |app|
-  Tynn.plugin(Tynn::ForceSSL)
-  Tynn.define do
-    root do
-      res.write("secure")
-    end
-  end
-  app.get("/", {}, "HTTPS" => "on")
-  assert_equal 200, app.res.status
-  assert_equal "secure", app.res.body
-end

data/test/hsts_test.rb DELETED Viewed

@@ -1,29 +0,0 @@
-require_relative "../lib/tynn/hsts"
-test "hsts header" do |app|
-  Tynn.plugin(Tynn::HSTS)
-  Tynn.define do
-  end
-  app = Tynn::Test.new
-  app.get("/", {})
-  header = app.res.headers["Strict-Transport-Security"]
-  assert_equal "max-age=15552000; includeSubdomains", header
-end
-test "hsts header options" do |app|
-  Tynn.plugin(Tynn::HSTS, expires: 1, subdomains: false, preload: true)
-  Tynn.define do
-  end
-  app = Tynn::Test.new
-  app.get("/", {})
-  header = app.res.headers["Strict-Transport-Security"]
-  assert_equal "max-age=1; preload", header
-end

data/test/matchers_test.rb DELETED Viewed

@@ -1,40 +0,0 @@
-require_relative "../lib/tynn/matchers"
-setup do
-  Tynn.plugin(Tynn::Matchers)
-  Tynn::Test.new
-end
-test "default" do |app|
-  Tynn.define do
-    default do
-      res.write("foo")
-    end
-  end
-  app.get("/")
-  assert_equal 200, app.res.status
-  assert_equal "foo", app.res.body
-end
-test "param" do |app|
-  Tynn.define do
-    param(:foo) do |foo|
-      res.write(foo)
-    end
-    param("bar") do |bar|
-      res.write(bar)
-    end
-  end
-  app.get("/", foo: "foo")
-  assert_equal "foo", app.res.body
-  app.get("/", foo: "bar")
-  assert_equal "bar", app.res.body
-end