utopia 2.7.0 → 2.8.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: b9b8589a3313f00ec6c24f36f42a17beb9daa7b07b45051f5cd7d08adc593960
-  data.tar.gz: d79f6ad3105f73acf2abd1e77698540578e98821f70c85ce9a15112c20b455ed
+  metadata.gz: 477858ba9b55a11f0f5736f0e354b93ca411a7df255729f9e9d26aa35cad1553
+  data.tar.gz: 3429ad6e6a28e5ea03f6258a494a9e5c091cfa79862d1a984d861b9c2353f271
 SHA512:
-  metadata.gz: 67c0162c3bea51d90699b68d25dd599dc1576a7a2ee7369ed52c42f00a54c8eeccda3884b34c432002160cd97d425fe9605cdcae223e495c414df8c49f64e7c2
-  data.tar.gz: 661de3edd3e48871e2d6bd7c786e2d3db39ec4bbd77c0eb8df4cbb86ccd634782333ff667bb9f6a466eb014a535d76557a7b94b7dd75a76f2c46666006ed8702
+  metadata.gz: f0197e55bebe111947c04b36e5e3285edc8d4df58ffbf2f0e3e37b81fe813b7ae0eef18d75050bee3f90e43cb70e273ebae9c403650adaf88b69db943f2e92d5
+  data.tar.gz: da791eaebbac5ff5d77ed69e6cc8d4c2b3600a27b483d211e1ab8c17f74bd9e50ed63f9cb16d32abd5b89219e09c2291a43eb74c89ced7c73c0ec57b73538a07

data/Gemfile

@@ -13,9 +13,8 @@ group :development do
 	gem 'kramdown-parser-gfm'
 	
 	gem 'json'
-	gem 'msgpack'
 	
-	gem "rackula"
+	gem 'rackula'
 end
 
 group :test do

data/bin/utopia

@@ -20,6 +20,6 @@
 # OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
 # THE SOFTWARE.
 
-require 'utopia/command'
+require_relative '../lib/utopia/command'
 
-Utopia::Command.parse(ARGV).invoke
+Utopia::Command.call

data/lib/utopia/command/server.rb

@@ -32,12 +32,12 @@ module Utopia
 			class Create < Samovar::Command
 				self.description = "Create a remote Utopia website suitable for deployment using git."
 				
-				def invoke(parent)
+				def call
 					destination_root = parent.root
 					
 					FileUtils.mkdir_p File.join(destination_root, "public")
 					
-					Update.new.invoke(parent)
+					Update[parent: parent].call
 					
 					# Print out helpful git remote add message:
 					hostname = `hostname`.chomp
@@ -55,7 +55,7 @@ module Utopia
 					File.join(SETUP_ROOT, 'server')
 				end
 				
-				def invoke(parent)
+				def call
 					destination_root = parent.root
 					
 					Dir.chdir(destination_root) do
@@ -91,12 +91,16 @@ module Utopia
 			
 			self.description = "Manage server deployments."
 			
-			nested '<command>',
+			nested :command,
 				'create' => Create,
 				'update' => Update
 			
-			def invoke(parent)
-				@command.invoke(parent)
+			def root
+				@parent.root
+			end
+			
+			def call
+				@command.call
 			end
 		end
 	end

data/lib/utopia/command/site.rb

@@ -46,7 +46,7 @@ module Utopia
 			class Create < Samovar::Command
 				self.description = "Create a new local Utopia website using the default template."
 				
-				def invoke(parent)
+				def call
 					destination_root = parent.root
 					
 					$stderr.puts "Setting up initial site in #{destination_root} for Utopia v#{Utopia::VERSION}..."
@@ -135,7 +135,7 @@ module Utopia
 					end
 				end
 				
-				def invoke(parent)
+				def call
 					destination_root = parent.root
 					branch_name = "utopia-upgrade-#{Utopia::VERSION}"
 					
@@ -195,14 +195,18 @@ module Utopia
 				end
 			end
 			
-			nested '<command>',
+			nested :command,
 				'create' => Create,
 				'update' => Update
 			
 			self.description = "Manage local utopia sites."
 			
-			def invoke(parent)
-				@command.invoke(parent)
+			def root
+				@parent.root
+			end
+			
+			def call
+				@command.call
 			end
 		end
 	end

data/lib/utopia/command.rb

@@ -26,8 +26,8 @@ require_relative 'command/environment'
 
 module Utopia
 	module Command
-		def self.parse(*args)
-			Top.parse(*args)
+		def self.call(*args)
+			Top.call(*args)
 		end
 		
 		# The top level utopia command.
@@ -40,23 +40,24 @@ module Utopia
 				option '-v/--version', "Print out the application version."
 			end
 			
-			nested '<command>',
+			nested :command, {
 				'site' => Site,
 				'server' => Server,
 				'environment' => Environment
+			}
 			
 			# The root directory for the site.
 			def root
 				File.expand_path(@options.fetch(:root, ''), Dir.getwd)
 			end
 			
-			def invoke(program_name: File.basename($0))
+			def call
 				if @options[:version]
-					puts "utopia v#{VERSION}"
-				elsif @options[:help] or @command.nil?
-					print_usage(program_name)
+					puts "#{self.name} v#{VERSION}"
+				elsif @options[:help]
+					print_usage(output: $stdout)
 				else
-					@command.invoke(self)
+					@command.call
 				end
 			end
 		end

data/lib/utopia/session/serialization.rb

@@ -0,0 +1,48 @@
+# Copyright, 2014, by Samuel G. D. Williams. <http://www.codeotaku.com>
+# 
+# Permission is hereby granted, free of charge, to any person obtaining a copy
+# of this software and associated documentation files (the "Software"), to deal
+# in the Software without restriction, including without limitation the rights
+# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+# copies of the Software, and to permit persons to whom the Software is
+# furnished to do so, subject to the following conditions:
+# 
+# The above copyright notice and this permission notice shall be included in
+# all copies or substantial portions of the Software.
+# 
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+# THE SOFTWARE.
+
+require 'time'
+require 'date'
+
+module Utopia
+	class Session
+		class Serialization
+			def initialize
+				@factory = MessagePack::Factory.new
+				
+				@factory.register_type(0x00, Symbol, packer: :to_msgpack_ext, unpacker: :from_msgpack_ext)
+				
+				@factory.register_type(0x01, Time, packer: :iso8601, unpacker: :parse)
+				@factory.register_type(0x02, Date, packer: :iso8601, unpacker: :parse)
+				@factory.register_type(0x03, DateTime, packer: :iso8601, unpacker: :parse)
+			end
+			
+			attr :factory
+			
+			def load(data)
+				@factory.unpack(data)
+			end
+			
+			def dump(object)
+				@factory.pack(object)
+			end
+		end
+	end
+end

data/lib/utopia/session.rb

@@ -22,11 +22,19 @@ require 'openssl'
 require 'securerandom'
 require 'digest/sha2'
 
+require 'json'
+
 require_relative 'session/lazy_hash'
+require_relative 'session/serialization'
 
 module Utopia
 	# A middleware which provides a secure client-side session storage using a private symmetric encrpytion key.
 	class Session
+		class PayloadError < StandardError
+		end
+		
+		MAXIMUM_SIZE = 1024*32
+		
 		SECRET_KEY = 'UTOPIA_SESSION_SECRET'.freeze
 		
 		RACK_SESSION = "rack.session".freeze
@@ -42,7 +50,7 @@ module Utopia
 		# @param secret [Array] The secret text used to generate a symetric encryption key for the coookie data.
 		# @param expires_after [String] The cache-control header to set for static content.
 		# @param options [Hash<Symbol,Object>] Additional defaults used for generating the cookie by `Rack::Utils.set_cookie_header!`.
-		def initialize(app, session_name: RACK_SESSION, secret: nil, expires_after: DEFAULT_EXPIRES_AFTER, update_timeout: DEFAULT_UPDATE_TIMEOUT, secure: false, **options)
+		def initialize(app, session_name: RACK_SESSION, secret: nil, expires_after: DEFAULT_EXPIRES_AFTER, update_timeout: DEFAULT_UPDATE_TIMEOUT, secure: false, maximum_size: MAXIMUM_SIZE, **options)
 			@app = app
 			
 			@session_name = session_name
@@ -67,6 +75,9 @@ module Utopia
 				# The HttpOnly attribute directs browsers not to expose cookies through channels other than HTTP (and HTTPS) requests. This means that the cookie cannot be accessed via client-side scripting languages (notably JavaScript), and therefore cannot be stolen easily via cross-site scripting (a pervasive attack technique).
 				http_only: true,
 			}.merge(options)
+			
+			@serialization = Serialization.new
+			@maximum_size = maximum_size
 		end
 		
 		attr :cookie_name
@@ -135,8 +146,14 @@ module Utopia
 			
 			# Decrypt the data from the user if possible:
 			if data = request.cookies[@cookie_name]
-				if values = decrypt(data) and valid_session?(request, values)
-					return values
+				begin
+					if values = decrypt(data)
+						validate_session!(request, values)
+						
+						return values
+					end
+				rescue => error
+					request.logger&.error(error)
 				end
 			end
 			
@@ -144,11 +161,9 @@ module Utopia
 			return build_initial_session(request)
 		end
 		
-		def valid_session?(request, values)
+		def validate_session!(request, values)
 			if values[:user_agent] != request.user_agent
-				warn "Invalid session because #{values[:user_agent]} doesn't match #{request.user_agent}!" if $VERBOSE
-				
-				return false
+				raise PayloadError, "Invalid session because supplied user agent #{request.user_agent.inspect} does not match session user agent #{values[:user_agent].inspect}!"
 			end
 			
 			return true
@@ -177,13 +192,17 @@ module Utopia
 			c.key = @key
 			c.iv = iv = c.random_iv
 			
-			e = c.update(Marshal.dump(hash))
+			e = c.update(@serialization.dump(hash))
 			e << c.final
 			
 			return [iv, e].pack("m16m*")
 		end
 		
 		def decrypt(data)
+			if @maximum_size and data.bytesize > @maximum_size
+				raise PayloadError, "Session payload size #{data.bytesize}bytes exceeds maximum allowed size #{@maximum_size}bytes!"
+			end
+			
 			iv, e = data.unpack("m16m*")
 			
 			c = OpenSSL::Cipher.new(CIPHER_ALGORITHM)
@@ -195,9 +214,7 @@ module Utopia
 			d = c.update(e)
 			d << c.final
 			
-			return Marshal.load(d)
-		rescue
-			return nil
+			return @serialization.load(d)
 		end
 	end
 end

data/lib/utopia/version.rb

@@ -19,5 +19,5 @@
 # THE SOFTWARE.
 
 module Utopia
-	VERSION = "2.7.0"
+	VERSION = "2.8.0"
 end

data/utopia.gemspec

@@ -25,8 +25,9 @@ Gem::Specification.new do |spec|
 	
 	spec.add_dependency 'trenni', '~> 3.0'
 	spec.add_dependency 'mime-types', '~> 3.0'
+	spec.add_dependency 'msgpack'
 	
-	spec.add_dependency 'samovar', '~> 1.2'
+	spec.add_dependency 'samovar', '~> 2.1'
 	spec.add_dependency 'event', '~> 1.1'
 	
 	spec.add_dependency 'rack', '~> 2.0'

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: utopia
 version: !ruby/object:Gem::Version
-  version: 2.7.0
+  version: 2.8.0
 platform: ruby
 authors:
 - Samuel Williams
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2019-03-17 00:00:00.000000000 Z
+date: 2019-03-26 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: trenni
@@ -38,20 +38,34 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: '3.0'
+- !ruby/object:Gem::Dependency
+  name: msgpack
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
 - !ruby/object:Gem::Dependency
   name: samovar
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.2'
+        version: '2.1'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.2'
+        version: '2.1'
 - !ruby/object:Gem::Dependency
   name: event
   requirement: !ruby/object:Gem::Requirement
@@ -584,6 +598,7 @@ files:
 - lib/utopia/redirection.rb
 - lib/utopia/session.rb
 - lib/utopia/session/lazy_hash.rb
+- lib/utopia/session/serialization.rb
 - lib/utopia/setup.rb
 - lib/utopia/static.rb
 - lib/utopia/static/local_file.rb
@@ -745,7 +760,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.0.2
+rubygems_version: 3.0.3
 signing_key: 
 specification_version: 4
 summary: Utopia is a framework for building dynamic content-driven websites.