tzispa 0.6.0 → 0.6.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG.md +4 -0
- data/lib/tzispa/controller/auth_layout.rb +1 -1
- data/lib/tzispa/http/context.rb +17 -5
- data/lib/tzispa/http/response.rb +2 -1
- data/lib/tzispa/http/session_flash_bag.rb +1 -1
- data/lib/tzispa/version.rb +1 -1
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 1e7d9bdf85429d1bbe0fd303daff3853049aa4f6
|
|
4
|
+
data.tar.gz: 61aecb036fb1501b56572e8f5504ed9911e51242
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 79493c3072124348bc1e9458615da7a75665c4a9ee6f29ef138ede3df6bdae48648402c7ecfb3058fc93357905717ed034f6e17b4f0929d18993603927981560
|
|
7
|
+
data.tar.gz: f38fabe97d6d006bfde4e0e2d9f2349d96a428c68f7fa818e38e33cb836b8f8a04257b7cd4137d06f69206e48c03f1d20610eba913411a61f2d45edf6081a435
|
data/CHANGELOG.md
CHANGED
|
@@ -2,6 +2,10 @@ Tzispa
|
|
|
2
2
|
|
|
3
3
|
General purpose web framework
|
|
4
4
|
|
|
5
|
+
## v0.6.1
|
|
6
|
+
- sessions security improvements
|
|
7
|
+
- added "x-frame-option: sameorigin" header to security improvement
|
|
8
|
+
|
|
5
9
|
## v0.6.0
|
|
6
10
|
- code refactoring & templates namespace simplification
|
|
7
11
|
- added auth_layout controller
|
|
@@ -12,7 +12,7 @@ module Tzispa
|
|
|
12
12
|
include Tzispa::Helpers::Response
|
|
13
13
|
|
|
14
14
|
def render!
|
|
15
|
-
if (layout_name == login_layout) || context.
|
|
15
|
+
if (layout_name == login_layout) || context.logged?
|
|
16
16
|
rig = Tzispa::Rig::Engine.layout name: layout_name, domain: application.domain, content_type: context.router_params[:format] || config.default_format
|
|
17
17
|
response.body << rig.render(context)
|
|
18
18
|
content_type rig.content_type
|
data/lib/tzispa/http/context.rb
CHANGED
|
@@ -17,9 +17,10 @@ module Tzispa
|
|
|
17
17
|
include Tzispa::Helpers::Security
|
|
18
18
|
|
|
19
19
|
attr_reader :request, :response
|
|
20
|
-
def_delegators :@request, :session
|
|
20
|
+
def_delegators :@request, :session
|
|
21
21
|
|
|
22
22
|
SESSION_LAST_ACCESS = :__last_access
|
|
23
|
+
SESSION_ID = :__session_id
|
|
23
24
|
SESSION_AUTH_USER = :__auth__user
|
|
24
25
|
GLOBAL_MESSAGE_FLASH = :__global_message_flash
|
|
25
26
|
|
|
@@ -28,7 +29,7 @@ module Tzispa
|
|
|
28
29
|
super(app, environment)
|
|
29
30
|
@request = Tzispa::Http::Request.new(environment)
|
|
30
31
|
@response = Tzispa::Http::Response.new
|
|
31
|
-
session[
|
|
32
|
+
generate_session_id unless session[SESSION_ID]
|
|
32
33
|
end
|
|
33
34
|
|
|
34
35
|
def router_params
|
|
@@ -48,15 +49,19 @@ module Tzispa
|
|
|
48
49
|
end
|
|
49
50
|
|
|
50
51
|
def flash
|
|
51
|
-
SessionFlashBag.new(session, GLOBAL_MESSAGE_FLASH)
|
|
52
|
+
@flash ||= SessionFlashBag.new(session, GLOBAL_MESSAGE_FLASH)
|
|
53
|
+
end
|
|
54
|
+
|
|
55
|
+
def session?
|
|
56
|
+
(not session[SESSION_ID].nil?) and (session[SESSION_ID] == session.id)
|
|
52
57
|
end
|
|
53
58
|
|
|
54
59
|
def logged?
|
|
55
|
-
not session[SESSION_AUTH_USER].nil?
|
|
60
|
+
session? and (not session[SESSION_AUTH_USER].nil?)
|
|
56
61
|
end
|
|
57
62
|
|
|
58
63
|
def login=(user)
|
|
59
|
-
session[SESSION_AUTH_USER] = user
|
|
64
|
+
session[SESSION_AUTH_USER] = user unless user.nil?
|
|
60
65
|
end
|
|
61
66
|
|
|
62
67
|
def login
|
|
@@ -131,6 +136,13 @@ module Tzispa
|
|
|
131
136
|
|
|
132
137
|
private
|
|
133
138
|
|
|
139
|
+
def generate_session_id
|
|
140
|
+
SecureRandom.uuid.tap { |uuid|
|
|
141
|
+
session.id = uuid
|
|
142
|
+
session[SESSION_ID] = uuid
|
|
143
|
+
}
|
|
144
|
+
end
|
|
145
|
+
|
|
134
146
|
def normalize_format(params)
|
|
135
147
|
params.tap { |pmm|
|
|
136
148
|
pmm[:format] = config.default_format unless pmm[:format]
|
data/lib/tzispa/http/response.rb
CHANGED
|
@@ -41,7 +41,8 @@ module Tzispa
|
|
|
41
41
|
# currently, this would be the static file-handler
|
|
42
42
|
headers["Content-Length"] = body.inject(0) { |l, p| l + p.bytesize }.to_s
|
|
43
43
|
end
|
|
44
|
-
headers['X-
|
|
44
|
+
headers['X-Frame-Options'] = 'SAMEORIGIN'
|
|
45
|
+
headers['X-Powered-By'] = "#{Tzispa::FRAMEWORK_NAME} #{Tzispa::VERSION}"
|
|
45
46
|
[status.to_i, headers, result]
|
|
46
47
|
end
|
|
47
48
|
|
data/lib/tzispa/version.rb
CHANGED
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: tzispa
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.6.
|
|
4
|
+
version: 0.6.1
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Juan Antonio Piñero
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2017-02-
|
|
11
|
+
date: 2017-02-16 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: rack
|