tzispa 0.6.0 → 0.6.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +4 -0
- data/lib/tzispa/controller/auth_layout.rb +1 -1
- data/lib/tzispa/http/context.rb +17 -5
- data/lib/tzispa/http/response.rb +2 -1
- data/lib/tzispa/http/session_flash_bag.rb +1 -1
- data/lib/tzispa/version.rb +1 -1
- metadata +2 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 1e7d9bdf85429d1bbe0fd303daff3853049aa4f6
|
4
|
+
data.tar.gz: 61aecb036fb1501b56572e8f5504ed9911e51242
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 79493c3072124348bc1e9458615da7a75665c4a9ee6f29ef138ede3df6bdae48648402c7ecfb3058fc93357905717ed034f6e17b4f0929d18993603927981560
|
7
|
+
data.tar.gz: f38fabe97d6d006bfde4e0e2d9f2349d96a428c68f7fa818e38e33cb836b8f8a04257b7cd4137d06f69206e48c03f1d20610eba913411a61f2d45edf6081a435
|
data/CHANGELOG.md
CHANGED
@@ -2,6 +2,10 @@ Tzispa
|
|
2
2
|
|
3
3
|
General purpose web framework
|
4
4
|
|
5
|
+
## v0.6.1
|
6
|
+
- sessions security improvements
|
7
|
+
- added "x-frame-option: sameorigin" header to security improvement
|
8
|
+
|
5
9
|
## v0.6.0
|
6
10
|
- code refactoring & templates namespace simplification
|
7
11
|
- added auth_layout controller
|
@@ -12,7 +12,7 @@ module Tzispa
|
|
12
12
|
include Tzispa::Helpers::Response
|
13
13
|
|
14
14
|
def render!
|
15
|
-
if (layout_name == login_layout) || context.
|
15
|
+
if (layout_name == login_layout) || context.logged?
|
16
16
|
rig = Tzispa::Rig::Engine.layout name: layout_name, domain: application.domain, content_type: context.router_params[:format] || config.default_format
|
17
17
|
response.body << rig.render(context)
|
18
18
|
content_type rig.content_type
|
data/lib/tzispa/http/context.rb
CHANGED
@@ -17,9 +17,10 @@ module Tzispa
|
|
17
17
|
include Tzispa::Helpers::Security
|
18
18
|
|
19
19
|
attr_reader :request, :response
|
20
|
-
def_delegators :@request, :session
|
20
|
+
def_delegators :@request, :session
|
21
21
|
|
22
22
|
SESSION_LAST_ACCESS = :__last_access
|
23
|
+
SESSION_ID = :__session_id
|
23
24
|
SESSION_AUTH_USER = :__auth__user
|
24
25
|
GLOBAL_MESSAGE_FLASH = :__global_message_flash
|
25
26
|
|
@@ -28,7 +29,7 @@ module Tzispa
|
|
28
29
|
super(app, environment)
|
29
30
|
@request = Tzispa::Http::Request.new(environment)
|
30
31
|
@response = Tzispa::Http::Response.new
|
31
|
-
session[
|
32
|
+
generate_session_id unless session[SESSION_ID]
|
32
33
|
end
|
33
34
|
|
34
35
|
def router_params
|
@@ -48,15 +49,19 @@ module Tzispa
|
|
48
49
|
end
|
49
50
|
|
50
51
|
def flash
|
51
|
-
SessionFlashBag.new(session, GLOBAL_MESSAGE_FLASH)
|
52
|
+
@flash ||= SessionFlashBag.new(session, GLOBAL_MESSAGE_FLASH)
|
53
|
+
end
|
54
|
+
|
55
|
+
def session?
|
56
|
+
(not session[SESSION_ID].nil?) and (session[SESSION_ID] == session.id)
|
52
57
|
end
|
53
58
|
|
54
59
|
def logged?
|
55
|
-
not session[SESSION_AUTH_USER].nil?
|
60
|
+
session? and (not session[SESSION_AUTH_USER].nil?)
|
56
61
|
end
|
57
62
|
|
58
63
|
def login=(user)
|
59
|
-
session[SESSION_AUTH_USER] = user
|
64
|
+
session[SESSION_AUTH_USER] = user unless user.nil?
|
60
65
|
end
|
61
66
|
|
62
67
|
def login
|
@@ -131,6 +136,13 @@ module Tzispa
|
|
131
136
|
|
132
137
|
private
|
133
138
|
|
139
|
+
def generate_session_id
|
140
|
+
SecureRandom.uuid.tap { |uuid|
|
141
|
+
session.id = uuid
|
142
|
+
session[SESSION_ID] = uuid
|
143
|
+
}
|
144
|
+
end
|
145
|
+
|
134
146
|
def normalize_format(params)
|
135
147
|
params.tap { |pmm|
|
136
148
|
pmm[:format] = config.default_format unless pmm[:format]
|
data/lib/tzispa/http/response.rb
CHANGED
@@ -41,7 +41,8 @@ module Tzispa
|
|
41
41
|
# currently, this would be the static file-handler
|
42
42
|
headers["Content-Length"] = body.inject(0) { |l, p| l + p.bytesize }.to_s
|
43
43
|
end
|
44
|
-
headers['X-
|
44
|
+
headers['X-Frame-Options'] = 'SAMEORIGIN'
|
45
|
+
headers['X-Powered-By'] = "#{Tzispa::FRAMEWORK_NAME} #{Tzispa::VERSION}"
|
45
46
|
[status.to_i, headers, result]
|
46
47
|
end
|
47
48
|
|
data/lib/tzispa/version.rb
CHANGED
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: tzispa
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.6.
|
4
|
+
version: 0.6.1
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Juan Antonio Piñero
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2017-02-
|
11
|
+
date: 2017-02-16 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: rack
|