utopia 1.9.7 → 1.9.9

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: f9bc54b61be14c1139beeb8ae6d9b0471af71ed3
-  data.tar.gz: d02c8b632f6a178de9d5dacca45fdd57bc60187b
+  metadata.gz: 7de52a1351fcb76d75ab943aec244d0e99073efb
+  data.tar.gz: 32969072fce26646b6d2ce0eba41237df56f0ade
 SHA512:
-  metadata.gz: be7aebb371a373877f1dce7821c610da79108c0f0c06199333fa1760fbf4a43d55ec729e77f2c8534da966405a3fd21c78402b59b5298210149b0cccb9c4c088
-  data.tar.gz: 0766cbf74bdb393329b3ee5d1c037e20b6c3cc6f0d7d63308f655648894b22ae0dc9ccff6fd8578d6c047e8702142dcd5a89dee4f56e67972b9b44e85201cf7f
+  metadata.gz: 34065160efd55c5a1c1f764a4ac5bad05439f59cfe0d5136d8c6f9c774686d8d4470fbd223ed9dcf88b73fb1bc027b3b0034655b7b6fb3e654e301b7e0ddd781
+  data.tar.gz: 3afdb9c05d5e2dec4e55c2d70f81c1880d7db49a0420cc57928c220a0808bc6ecd1d5d4e78cc6cc8cc42d950d0a4174e73125248c215867d35eb31bbb3d338b4

data/.travis.yml

@@ -7,6 +7,7 @@ before_install:
 rvm:
   - 2.2.4
   - 2.3.2
+  - 2.4.0
   - ruby-head
   - rbx-3.65
 env: COVERAGE=true BENCHMARK=true

data/documentation/pages/wiki/middleware/session/content.md

@@ -9,3 +9,21 @@ use Utopia::Session,
 ```
 
 All session data is stored on the client, but it's encrypted with a salt and the secret key. It would be hard for the client to decrypt the data without the secret.
+
+## Using `environment.yaml`
+
+The session secret should not be shared or ideally, not stored in source code. This can be easily achieved using an environment variable, stored in `environment.yaml` on the production server:
+
+```ruby
+use Utopia::Session,
+	:expires_after => 3600,
+	:secret => ENV['UTOPIA_SESSION_SECRET']
+```
+
+In development, the secret would be reset every time the server is restarted. To set a fixed secret on production, run the following:
+
+```bash
+$ utopia server environment UTOPIA_SESSION_SECRET=$(head /dev/urandom | shasum | base64 | head -c 40)
+```
+
+This is done by default when using `utopia server create` and `utopia server update`.

data/lib/utopia/command.rb

@@ -26,6 +26,7 @@ require 'find'
 require 'yaml/store'
 
 require 'samovar'
+require 'securerandom'
 
 module Utopia
 	module Command
@@ -58,6 +59,15 @@ module Utopia
 						yield store
 					end
 				end
+				
+				# Set some useful defaults for the environment:
+				def self.update_default_environment(root)
+					# Set up some useful defaults for server environment:
+					environment(root) do |store|
+						store['RACK_ENV'] ||= 'production'
+						store['UTOPIA_SESSION_SECRET'] ||= SecureRandom.hex(40)
+					end
+				end
 			end
 		end
 		
@@ -80,6 +90,8 @@ module Utopia
 					# Copy git hooks:
 					system("cp", "-r", File.join(Setup::Server::ROOT, 'git', 'hooks'), File.join(destination_root, '.git'))
 					
+					Setup::Server.update_default_environment(destination_root)
+					
 					# Print out helpful git remote add message:
 					hostname = `hostname`.chomp
 					puts "Now add the git remote to your local repository:\n\tgit remote add production ssh://#{hostname}#{destination_root}"
@@ -100,6 +112,7 @@ module Utopia
 					
 					# Copy git hooks:
 					system("cp", "-r", File.join(Setup::Server::ROOT, 'git', 'hooks'), File.join(destination_root, '.git'))
+					Setup::Server.update_default_environment(destination_root)
 				end
 			end
 			

data/lib/utopia/session.rb

@@ -42,9 +42,9 @@ module Utopia
 			@session_name = session_name || RACK_SESSION
 			@cookie_name = @session_name + ".encrypted"
 			
-			if secret.nil?
+			if secret.nil? or secret.empty?
 				secret = SecureRandom.hex(32)
-				warn "#{self.class} secret is nil, generating transient secret key!"
+				warn "#{self.class} secret is #{secret.inspect}, generating transient secret key!"
 			end
 			
 			# This generates a 32-byte key suitable for aes.

data/lib/utopia/version.rb

@@ -19,5 +19,5 @@
 # THE SOFTWARE.
 
 module Utopia
-	VERSION = "1.9.7"
+	VERSION = "1.9.9"
 end

data/setup/site/config.ru

@@ -31,6 +31,11 @@ use Utopia::Localization,
 	:locales => ['en', 'de', 'ja', 'zh'],
 	:nonlocalized => ['/_static/', '/_cache/', '/_components/']
 
+require 'utopia/session'
+use Utopia::Session,
+	:expires_after => 3600 * 24,
+	:secret => ENV['UTOPIA_SESSION_SECRET']
+
 use Utopia::Controller,
 	cache_controllers: (RACK_ENV == :production),
 	base: Utopia::Controller::Base

data/spec/utopia/setup_spec.rb

@@ -73,6 +73,9 @@ RSpec.describe "utopia executable" do
 			expect(result).to be == 0
 			
 			expect(Dir.entries(dir)).to include(".git")
+			
+			environment = YAML.load_file(File.join(dir, 'config/environment.yaml'))
+			expect(environment).to include('RACK_ENV', 'UTOPIA_SESSION_SECRET')
 		end
 	end
 	

data/utopia.gemspec

@@ -1,7 +1,5 @@
 # -*- encoding: utf-8 -*-
-lib = File.expand_path('../lib', __FILE__)
-$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
-require 'utopia/version'
+require_relative 'lib/utopia/version'
 
 Gem::Specification.new do |spec|
 	spec.name          = 'utopia'

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: utopia
 version: !ruby/object:Gem::Version
-  version: 1.9.7
+  version: 1.9.9
 platform: ruby
 authors:
 - Samuel Williams
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2016-12-19 00:00:00.000000000 Z
+date: 2017-01-14 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: trenni
@@ -392,7 +392,6 @@ files:
 - materials/utopia.png
 - materials/utopia.svg
 - setup/.bowerrc
-- setup/server/config/environment.yaml
 - setup/server/git/hooks/post-receive
 - setup/site/.bowerrc
 - setup/site/.rspec

data/setup/server/config/environment.yaml

@@ -1 +0,0 @@
-RACK_ENV=production