tynn 2.0.0.beta1 → 2.0.0.beta2
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/README.md +72 -0
- data/lib/tynn/base.rb +6 -13
- data/lib/tynn/request.rb +2 -0
- data/lib/tynn/response.rb +2 -0
- data/lib/tynn/session.rb +13 -23
- data/lib/tynn/ssl.rb +2 -0
- data/lib/tynn/static.rb +2 -0
- data/lib/tynn/utils.rb +4 -2
- data/lib/tynn/version.rb +1 -1
- data/test/middleware_test.rb +1 -1
- data/test/routing_test.rb +1 -1
- data/test/session_test.rb +3 -3
- metadata +4 -5
- data/lib/tynn/errors.rb +0 -7
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: a5bd012f5ff0f594ab60d1fa1a3f657e433558b4
|
4
|
+
data.tar.gz: 8d82f66b729cc4ed0ab9298e90c5dedce400b5dc
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: a8798001b4bc3f4d4a3503e159e45a9516d8ce2310dbedfbd219f5d3cdfd1f5b24be7927b055c32d7db2d3feb2f37365ca94a888385248a34dccac60c0e71162
|
7
|
+
data.tar.gz: 7406e6aa902dab2bab7d46ce7b9cc5ca8378d4f8e40b8dfd309744cb84368f357d57b2113706b44bf34d6a50b6c25d30f8d28cef1b332ff82a73901bd00f568c
|
data/README.md
CHANGED
@@ -43,6 +43,11 @@ A thin library for web development in Ruby.
|
|
43
43
|
* [HTTPS](#https)
|
44
44
|
* [Testing](#testing)
|
45
45
|
* [API Reference](http://api.tynn.xyz/2.0.0)
|
46
|
+
* [Troubleshooting](#troubleshooting)
|
47
|
+
* [Application handler is missing](#missing_handler)
|
48
|
+
* [Application middleware is frozen](#frozen_middleware)
|
49
|
+
* [Secret key is required](#no_secret_key)
|
50
|
+
* [Secret key is shorter than 30 characters](#short_secret_key)
|
46
51
|
* [Changelog](#changelog)
|
47
52
|
* [Development](#development)
|
48
53
|
* [Contributing](#contributing)
|
@@ -645,6 +650,73 @@ end
|
|
645
650
|
|
646
651
|
If this is not of your flavor, you can use any Rack-based testing library or framework, like: [Rack::Test] or [Capybara].
|
647
652
|
|
653
|
+
## Troubleshooting
|
654
|
+
|
655
|
+
If you have problems with running Tynn, see below or [ask in GitHub Issues](https://github.com/frodsan/tynn/issues/new).
|
656
|
+
|
657
|
+
* <a name="missing_handler"></a>
|
658
|
+
**Application handler is missing**
|
659
|
+
<sup>[[link](#missing_handler)]</sup>
|
660
|
+
|
661
|
+
Application handler is probably not set. Try `#define`:
|
662
|
+
|
663
|
+
```ruby
|
664
|
+
MyApp.define do
|
665
|
+
# ...
|
666
|
+
end
|
667
|
+
|
668
|
+
run(MyApp)
|
669
|
+
```
|
670
|
+
|
671
|
+
* <a name="frozen_middleware"></a>
|
672
|
+
**Application middleware is frozen**
|
673
|
+
<sup>[[link](#frozen_middleware)]</sup>
|
674
|
+
|
675
|
+
Application middleware is frozen when application handler is set. Please, set the middleware before setting the application handler.
|
676
|
+
|
677
|
+
```ruby
|
678
|
+
# bad
|
679
|
+
MyApp.define do
|
680
|
+
# ...
|
681
|
+
end
|
682
|
+
|
683
|
+
MyApp.use(Middleware)
|
684
|
+
|
685
|
+
# good
|
686
|
+
MyApp.use(Middleware)
|
687
|
+
|
688
|
+
MyApp.define do
|
689
|
+
# ...
|
690
|
+
end
|
691
|
+
```
|
692
|
+
|
693
|
+
* <a name="no_secret_key"></a>
|
694
|
+
**Secret key is required**
|
695
|
+
<sup>[[link](#no_secret_key)]</sup>
|
696
|
+
|
697
|
+
[Tynn::Session] uses a secret key to sign the cookie's data, thus unauthorized means can't alter it. Please, add the secret option to your code:
|
698
|
+
|
699
|
+
```ruby
|
700
|
+
MyApp.plugin(Tynn::Session, secret: "__change_me__", ...)
|
701
|
+
```
|
702
|
+
|
703
|
+
If you're sharing your code publicly, make sure the secret key is kept private. Knowing the secret allows an attacker to tamper the data. You can use environment variables to store the secret key:
|
704
|
+
|
705
|
+
```ruby
|
706
|
+
MyApp.plugin(Tynn::Session, secret: ENV.fetch("SESSION_SECRET"), ...)
|
707
|
+
```
|
708
|
+
|
709
|
+
* <a name="short_secret_key"></a>
|
710
|
+
**Secret key is shorter than 30 characters**
|
711
|
+
<sup>[[link](#short_secret_key)]</sup>
|
712
|
+
|
713
|
+
The secret provided is shorter than the minimum length. Make sure the secret is long and all random. You can generate a secure secret key with:
|
714
|
+
|
715
|
+
```
|
716
|
+
$ ruby -r securerandom -e "puts SecureRandom.hex(64)"
|
717
|
+
929234f24e8c7450166a88142a...
|
718
|
+
```
|
719
|
+
|
648
720
|
## Changelog
|
649
721
|
|
650
722
|
To learn about new features, bug fixes, and changes, please refer to the [CHANGELOG](https://github.com/frodsan/tynn/blob/master/CHANGELOG.md).
|
data/lib/tynn/base.rb
CHANGED
@@ -23,7 +23,6 @@
|
|
23
23
|
|
24
24
|
require "rack"
|
25
25
|
require "seg"
|
26
|
-
require_relative "errors"
|
27
26
|
require_relative "request"
|
28
27
|
require_relative "response"
|
29
28
|
require_relative "utils"
|
@@ -77,15 +76,7 @@ class Tynn
|
|
77
76
|
#
|
78
77
|
def use(middleware, *args, &block)
|
79
78
|
if self.middleware.frozen?
|
80
|
-
|
81
|
-
Application middleware is frozen and cannot be changed.
|
82
|
-
|
83
|
-
Please, set the middleware before setting the application handler:
|
84
|
-
|
85
|
-
#{ self }.use(#{ middleware })
|
86
|
-
|
87
|
-
#{ self }.define { ... }
|
88
|
-
MSG
|
79
|
+
Tynn::Utils.raise_error("Application middleware is frozen", tag: :frozen_middleware)
|
89
80
|
else
|
90
81
|
self.middleware.push(proc { |app| middleware.new(app, *args, &block) })
|
91
82
|
end
|
@@ -101,7 +92,7 @@ class Tynn
|
|
101
92
|
|
102
93
|
def app # :nodoc:
|
103
94
|
(defined?(@__app) && @__app) or
|
104
|
-
|
95
|
+
Tynn::Utils.raise_error("Application handler is missing", tag: :missing_handler)
|
105
96
|
end
|
106
97
|
|
107
98
|
# Copies settings into the subclass. If a setting is not found,
|
@@ -317,7 +308,9 @@ class Tynn
|
|
317
308
|
|
318
309
|
@__env["PATH_INFO"] = @__seg.curr
|
319
310
|
@__env["SCRIPT_NAME"] = @__seg.prev
|
320
|
-
|
311
|
+
|
312
|
+
@__env.delete("tynn.inbox")
|
313
|
+
@__env["tynn.inbox"] = inbox if inbox
|
321
314
|
|
322
315
|
halt(app.call(@__env))
|
323
316
|
ensure
|
@@ -341,7 +334,7 @@ class Tynn
|
|
341
334
|
# end
|
342
335
|
#
|
343
336
|
def inbox
|
344
|
-
@__env
|
337
|
+
@__env.fetch("tynn.inbox", {})
|
345
338
|
end
|
346
339
|
|
347
340
|
# Returns <tt>true</tt> if the request method is <tt>GET</tt> and
|
data/lib/tynn/request.rb
CHANGED
data/lib/tynn/response.rb
CHANGED
data/lib/tynn/session.rb
CHANGED
@@ -1,5 +1,8 @@
|
|
1
1
|
# frozen_string_literal: true
|
2
2
|
|
3
|
+
require "rack/session/cookie"
|
4
|
+
require_relative "utils"
|
5
|
+
|
3
6
|
class Tynn
|
4
7
|
# Adds simple cookie based session management. You can pass a secret
|
5
8
|
# token to sign the cookie data, thus unauthorized means can't alter it.
|
@@ -77,32 +80,19 @@ class Tynn
|
|
77
80
|
secret = options[:secret]
|
78
81
|
|
79
82
|
if secret.nil?
|
80
|
-
|
81
|
-
|
82
|
-
|
83
|
-
|
84
|
-
|
85
|
-
to your code:
|
86
|
-
|
87
|
-
#{ app }.plugin(Tynn::Session, secret: "__a_long_random_secret__", ...)
|
88
|
-
|
89
|
-
If you're sharing your code publicly, make sure the secret key
|
90
|
-
is kept private. Knowing the secret allows an attacker to tamper
|
91
|
-
the data. You can use environment variables to store the secret:
|
92
|
-
|
93
|
-
#{ app }.plugin(Tynn::Session, secret: ENV.fetch("SESSION_SECRET"), ...)
|
94
|
-
MSG
|
83
|
+
Tynn::Utils.raise_error(
|
84
|
+
"Secret key is required",
|
85
|
+
error: ArgumentError,
|
86
|
+
tag: :no_secret_key
|
87
|
+
)
|
95
88
|
end
|
96
89
|
|
97
90
|
if secret.length < SECRET_MIN_LENGTH
|
98
|
-
|
99
|
-
|
100
|
-
|
101
|
-
|
102
|
-
|
103
|
-
|
104
|
-
$ ruby -r securerandom -e "puts SecureRandom.hex(64)"
|
105
|
-
MSG
|
91
|
+
Tynn::Utils.raise_error(
|
92
|
+
"Secret key is shorter than #{ SECRET_MIN_LENGTH } characters",
|
93
|
+
error: ArgumentError,
|
94
|
+
tag: :short_secret_key
|
95
|
+
)
|
106
96
|
end
|
107
97
|
|
108
98
|
app.use(Rack::Session::Cookie, {
|
data/lib/tynn/ssl.rb
CHANGED
data/lib/tynn/static.rb
CHANGED
data/lib/tynn/utils.rb
CHANGED
@@ -1,5 +1,3 @@
|
|
1
|
-
# frozen_string_literal: true
|
2
|
-
|
3
1
|
class Tynn
|
4
2
|
module Utils # :nodoc:
|
5
3
|
module_function
|
@@ -11,5 +9,9 @@ class Tynn
|
|
11
9
|
ensure
|
12
10
|
hash.default_proc = default_proc
|
13
11
|
end
|
12
|
+
|
13
|
+
def raise_error(message, error: RuntimeError, tag: "troubleshooting")
|
14
|
+
raise error, sprintf("%s. See http://tynn.xyz/#%s.", message, tag)
|
15
|
+
end
|
14
16
|
end
|
15
17
|
end
|
data/lib/tynn/version.rb
CHANGED
data/test/middleware_test.rb
CHANGED
data/test/routing_test.rb
CHANGED
data/test/session_test.rb
CHANGED
@@ -8,12 +8,12 @@ class SessionTest < Minitest::Test
|
|
8
8
|
@app = new_app
|
9
9
|
end
|
10
10
|
|
11
|
-
def
|
12
|
-
assert_raises(
|
11
|
+
def test_raise_error_if_secret_is_nil
|
12
|
+
assert_raises(ArgumentError) { @app.plugin(Tynn::Session) }
|
13
13
|
end
|
14
14
|
|
15
15
|
def test_raise_error_if_secret_is_short
|
16
|
-
assert_raises(
|
16
|
+
assert_raises(ArgumentError) { @app.plugin(Tynn::Session, secret: "__not_secure__") }
|
17
17
|
end
|
18
18
|
|
19
19
|
def test_set_and_get_session
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: tynn
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 2.0.0.
|
4
|
+
version: 2.0.0.beta2
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Francesco Rodriguez
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2016-05-
|
11
|
+
date: 2016-05-22 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: rack
|
@@ -30,14 +30,14 @@ dependencies:
|
|
30
30
|
requirements:
|
31
31
|
- - "~>"
|
32
32
|
- !ruby/object:Gem::Version
|
33
|
-
version:
|
33
|
+
version: 1.x
|
34
34
|
type: :runtime
|
35
35
|
prerelease: false
|
36
36
|
version_requirements: !ruby/object:Gem::Requirement
|
37
37
|
requirements:
|
38
38
|
- - "~>"
|
39
39
|
- !ruby/object:Gem::Version
|
40
|
-
version:
|
40
|
+
version: 1.x
|
41
41
|
- !ruby/object:Gem::Dependency
|
42
42
|
name: hmote
|
43
43
|
requirement: !ruby/object:Gem::Requirement
|
@@ -91,7 +91,6 @@ files:
|
|
91
91
|
- lib/tynn.rb
|
92
92
|
- lib/tynn/base.rb
|
93
93
|
- lib/tynn/environment.rb
|
94
|
-
- lib/tynn/errors.rb
|
95
94
|
- lib/tynn/json.rb
|
96
95
|
- lib/tynn/render.rb
|
97
96
|
- lib/tynn/request.rb
|