wsv 0.9.0 → 0.10.0

data/test/response_test.rb

@@ -46,6 +46,14 @@ class ResponseTest < Minitest::Test
     assert_includes io.string, "HTTP/1.1 404 Not Found"
   end
 
+  def test_write_to_emits_nosniff_header
+    response = Wsv::Response.text(200)
+    io = StringIO.new
+    response.write_to(io)
+
+    assert_includes io.string, "X-Content-Type-Options: nosniff"
+  end
+
   def test_file_response_streams_via_io_copy_stream
     Dir.mktmpdir do |dir|
       path = File.join(dir, "data.bin")

data/test/server_test.rb

@@ -198,6 +198,23 @@ class ServerTest < Minitest::Test
     refute_includes err.string, "WARNING"
   end
 
+  def test_banner_brackets_ipv6_address_in_url
+    out = StringIO.new
+    server = Wsv::Server.new(host: "::1", port: 8000, root: @dir, out: out, err: StringIO.new)
+    server.send(:log_startup)
+
+    assert_includes out.string, "http://[::1]:8000/"
+    refute_includes out.string, "http://::1:8000/"
+  end
+
+  def test_banner_percent_encodes_ipv6_zone_identifier
+    out = StringIO.new
+    server = Wsv::Server.new(host: "fe80::1%eth0", port: 8000, root: @dir, out: out, err: StringIO.new)
+    server.send(:log_startup)
+
+    assert_includes out.string, "http://[fe80::1%25eth0]:8000/"
+  end
+
   def test_accept_loop_survives_transient_accept_error
     File.write(File.join(@dir, "x.txt"), "ok")
     err = StringIO.new
@@ -253,6 +270,37 @@ class ServerTest < Minitest::Test
     assert_equal "304", response.code
   end
 
+  def test_serves_over_tls
+    File.write(File.join(@dir, "x.txt"), "secret")
+    start_server(tls: build_ephemeral_tls)
+
+    response = Net::HTTP.start("127.0.0.1", @server.port, use_ssl: true,
+                                                          verify_mode: OpenSSL::SSL::VERIFY_NONE) do |http|
+      http.get("/x.txt")
+    end
+
+    assert_equal "200", response.code
+    assert_equal "secret", response.body
+  end
+
+  def test_logs_https_scheme_when_tls_enabled
+    out = StringIO.new
+    @server = Wsv::Server.new(host: "127.0.0.1", port: 0, root: @dir,
+                              out: out, err: StringIO.new, tls: build_ephemeral_tls)
+    @server.send(:log_startup)
+
+    assert_includes out.string, "https://"
+  end
+
+  def test_warns_about_self_signed_cert
+    err = StringIO.new
+    @server = Wsv::Server.new(host: "127.0.0.1", port: 0, root: @dir,
+                              out: StringIO.new, err: err, tls: build_ephemeral_tls)
+    @server.send(:log_startup)
+
+    assert_includes err.string, "self-signed"
+  end
+
   def test_unsupported_method
     start_server
 
@@ -264,14 +312,15 @@ class ServerTest < Minitest::Test
 
   private
 
-  def start_server(read_timeout: Wsv::Server::DEFAULT_READ_TIMEOUT)
+  def start_server(read_timeout: Wsv::Server::DEFAULT_READ_TIMEOUT, tls: nil)
     @server = Wsv::Server.new(
       host: "127.0.0.1",
       port: free_port,
       root: @dir,
       out: StringIO.new,
       err: StringIO.new,
-      read_timeout: read_timeout
+      read_timeout: read_timeout,
+      tls: tls
     )
     @thread = Thread.new { @server.start }
     wait_until_ready
@@ -298,6 +347,12 @@ class ServerTest < Minitest::Test
     end
   end
 
+  def build_ephemeral_tls
+    key = OpenSSL::PKey::RSA.new(2048)
+    cert = Wsv::TlsContext::SelfSignedCert.build(key)
+    Wsv::TlsContext.new(cert: cert, key: key, ephemeral: true)
+  end
+
   def free_port
     server = TCPServer.new("127.0.0.1", 0)
     server.addr[1]

data/test/tls_context_test.rb

@@ -0,0 +1,169 @@
+# frozen_string_literal: true
+
+require_relative "test_helper"
+
+class TlsContextTest < Minitest::Test
+  def test_to_ssl_context_returns_configured_ssl_context
+    key = OpenSSL::PKey::RSA.new(2048)
+    cert = Wsv::TlsContext::SelfSignedCert.build(key)
+    tls = Wsv::TlsContext.new(cert: cert, key: key)
+
+    ssl = tls.to_ssl_context
+
+    assert_kind_of OpenSSL::SSL::SSLContext, ssl
+    assert_equal cert, ssl.cert
+    assert_equal key, ssl.key
+  end
+
+  def test_ephemeral_predicate
+    key = OpenSSL::PKey::RSA.new(2048)
+    cert = Wsv::TlsContext::SelfSignedCert.build(key)
+
+    refute_predicate Wsv::TlsContext.new(cert: cert, key: key), :ephemeral?
+    assert_predicate Wsv::TlsContext.new(cert: cert, key: key, ephemeral: true), :ephemeral?
+  end
+end
+
+class SelfSignedCertTest < Minitest::Test
+  def test_subject_is_localhost
+    cert = build
+
+    assert_equal "/CN=localhost", cert.subject.to_s
+  end
+
+  def test_san_includes_localhost_and_loopback
+    san = build.extensions.find { |ext| ext.oid == "subjectAltName" }.value
+
+    assert_includes san, "DNS:localhost"
+    assert_includes san, "IP Address:127.0.0.1"
+    assert_includes san, "IP Address:0:0:0:0:0:0:0:1"
+  end
+
+  def test_signed_with_provided_key
+    key = OpenSSL::PKey::RSA.new(2048)
+    cert = Wsv::TlsContext::SelfSignedCert.build(key)
+
+    assert cert.verify(key.public_key)
+  end
+
+  private
+
+  def build
+    Wsv::TlsContext::SelfSignedCert.build(OpenSSL::PKey::RSA.new(2048))
+  end
+end
+
+class TlsContextResolverTest < Minitest::Test
+  def test_resolves_explicit_paths
+    Dir.mktmpdir do |dir|
+      cert_path, key_path = write_self_signed(dir)
+
+      tls = Wsv::TlsContext::Resolver.resolve(cert_path: cert_path, key_path: key_path)
+
+      refute_predicate tls, :ephemeral?
+    end
+  end
+
+  def test_requires_both_cert_and_key
+    assert_raises(ArgumentError) do
+      Wsv::TlsContext::Resolver.resolve(cert_path: "/some/cert.pem", key_path: nil)
+    end
+
+    assert_raises(ArgumentError) do
+      Wsv::TlsContext::Resolver.resolve(cert_path: nil, key_path: "/some/key.pem")
+    end
+  end
+
+  def test_uses_xdg_when_present
+    Dir.mktmpdir do |xdg|
+      wsv_dir = File.join(xdg, "wsv")
+      FileUtils.mkdir_p(wsv_dir)
+      write_self_signed(wsv_dir, cert_name: "cert.pem", key_name: "key.pem")
+
+      with_env("XDG_CONFIG_HOME" => xdg) do
+        tls = Wsv::TlsContext::Resolver.resolve
+
+        refute_predicate tls, :ephemeral?
+      end
+    end
+  end
+
+  def test_falls_back_to_ephemeral_when_no_xdg
+    Dir.mktmpdir do |xdg|
+      with_env("XDG_CONFIG_HOME" => xdg) do
+        tls = Wsv::TlsContext::Resolver.resolve
+
+        assert_predicate tls, :ephemeral?
+      end
+    end
+  end
+
+  def test_errors_when_only_one_xdg_file_present
+    Dir.mktmpdir do |xdg|
+      wsv_dir = File.join(xdg, "wsv")
+      FileUtils.mkdir_p(wsv_dir)
+      File.write(File.join(wsv_dir, "cert.pem"), "stub")
+
+      with_env("XDG_CONFIG_HOME" => xdg) do
+        assert_raises(ArgumentError) { Wsv::TlsContext::Resolver.resolve }
+      end
+    end
+  end
+
+  def test_raises_openssl_error_for_malformed_cert
+    Dir.mktmpdir do |dir|
+      _cert_path, key_path = write_self_signed(dir)
+      bad_cert = File.join(dir, "bad-cert.pem")
+      File.write(bad_cert, "this is not a PEM\n")
+
+      assert_raises(OpenSSL::X509::CertificateError) do
+        Wsv::TlsContext::Resolver.resolve(cert_path: bad_cert, key_path: key_path)
+      end
+    end
+  end
+
+  def test_raises_openssl_error_for_malformed_key
+    Dir.mktmpdir do |dir|
+      cert_path, _key_path = write_self_signed(dir)
+      bad_key = File.join(dir, "bad-key.pem")
+      File.write(bad_key, "this is not a PEM\n")
+
+      assert_raises(OpenSSL::PKey::PKeyError) do
+        Wsv::TlsContext::Resolver.resolve(cert_path: cert_path, key_path: bad_key)
+      end
+    end
+  end
+
+  def test_raises_argument_error_when_cert_and_key_do_not_match
+    Dir.mktmpdir do |dir|
+      cert_path, = write_self_signed(dir, cert_name: "a.pem", key_name: "a.key")
+      _, foreign_key = write_self_signed(dir, cert_name: "b.pem", key_name: "b.key")
+
+      err = assert_raises(ArgumentError) do
+        Wsv::TlsContext::Resolver.resolve(cert_path: cert_path, key_path: foreign_key)
+      end
+
+      assert_includes err.message, "does not match"
+    end
+  end
+
+  private
+
+  def write_self_signed(dir, cert_name: "test-cert.pem", key_name: "test-key.pem")
+    key = OpenSSL::PKey::RSA.new(2048)
+    cert = Wsv::TlsContext::SelfSignedCert.build(key)
+    cert_path = File.join(dir, cert_name)
+    key_path = File.join(dir, key_name)
+    File.write(cert_path, cert.to_pem)
+    File.write(key_path, key.to_pem)
+    [cert_path, key_path]
+  end
+
+  def with_env(overrides)
+    original = ENV.to_h
+    overrides.each { |k, v| ENV[k] = v }
+    yield
+  ensure
+    ENV.replace(original)
+  end
+end

metadata

@@ -1,13 +1,13 @@
 --- !ruby/object:Gem::Specification
 name: wsv
 version: !ruby/object:Gem::Version
-  version: 0.9.0
+  version: 0.10.0
 platform: ruby
 authors:
 - takahashim
 bindir: bin
 cert_chain: []
-date: 2026-05-06 00:00:00.000000000 Z
+date: 2026-05-07 00:00:00.000000000 Z
 dependencies: []
 description: wsv serves a local directory over HTTP from a zero-config CLI.
 email:
@@ -24,25 +24,35 @@ files:
 - lib/wsv.rb
 - lib/wsv/app.rb
 - lib/wsv/cli.rb
+- lib/wsv/cors.rb
 - lib/wsv/mime_types.rb
 - lib/wsv/path_resolver.rb
 - lib/wsv/request.rb
 - lib/wsv/request/parser.rb
+- lib/wsv/request/too_large.rb
 - lib/wsv/response.rb
 - lib/wsv/response/file_body.rb
 - lib/wsv/response/file_builder.rb
 - lib/wsv/response/string_body.rb
 - lib/wsv/response/text_builder.rb
 - lib/wsv/server.rb
+- lib/wsv/server/banner.rb
+- lib/wsv/server/browser_launcher.rb
+- lib/wsv/server/deadline_reader.rb
 - lib/wsv/status.rb
+- lib/wsv/tls_context.rb
+- lib/wsv/tls_context/resolver.rb
+- lib/wsv/tls_context/self_signed_cert.rb
 - lib/wsv/version.rb
 - test/app_test.rb
+- test/browser_launcher_test.rb
 - test/cli_test.rb
 - test/path_resolver_test.rb
 - test/request_test.rb
 - test/response_test.rb
 - test/server_test.rb
 - test/test_helper.rb
+- test/tls_context_test.rb
 - wsv.gemspec
 homepage: https://rubygems.org/gems/wsv
 licenses: