From 176c1686655f0e88bc45902faf1006b2d2f60312 Mon Sep 17 00:00:00 2001 From: Matthew Kelly Date: Sat, 21 Aug 2021 14:25:09 +0100 Subject: [PATCH 01/10] #810: fix csrf docs --- docs/Tutorials/Middleware/Types/CSRF.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/Tutorials/Middleware/Types/CSRF.md b/docs/Tutorials/Middleware/Types/CSRF.md index e3322a06b..52cf312f6 100644 --- a/docs/Tutorials/Middleware/Types/CSRF.md +++ b/docs/Tutorials/Middleware/Types/CSRF.md @@ -77,7 +77,7 @@ Start-PodeServer { Set-PodeViewEngine -Type Pode # setup session and csrf middleware - Enable-PodeSessionMiddleware -Secret 'vegeta' + Enable-PodeSessionMiddleware -Duration 120 Enable-PodeCsrfMiddleware # this route will work, as GET methods are ignored by CSRF by default From 94cf2a4be8161615eb141a09bde9029d8224c456 Mon Sep 17 00:00:00 2001 From: Matthew Kelly Date: Tue, 24 Aug 2021 20:12:12 +0100 Subject: [PATCH 02/10] #810: fixes for csrf docs --- docs/Tutorials/Middleware/Types/CSRF.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/docs/Tutorials/Middleware/Types/CSRF.md b/docs/Tutorials/Middleware/Types/CSRF.md index 52cf312f6..8783ffb0f 100644 --- a/docs/Tutorials/Middleware/Types/CSRF.md +++ b/docs/Tutorials/Middleware/Types/CSRF.md @@ -21,7 +21,7 @@ The secret used to generate a token is, by default, stored using sessions (so yo The below code will setup default CSRF middleware, which will store the random secret using sessions (so session middleware is required), and will ignore the default HTTP methods of GET, HEAD, OPTIONS, TRACE: ```powershell -Enable-PodeSessionMiddleware -Secret 'toss-a-coin' +Enable-PodeSessionMiddleware -Duration 120 Enable-PodeCsrfMiddleware ``` @@ -55,7 +55,7 @@ To generate the token, you could use the following example: ```powershell Start-PodeServer { - Enable-PodeSessionMiddleware -Secret 'vegeta' + Enable-PodeSessionMiddleware -Duration 120 Enable-PodeCsrfMiddleware Add-PodeRoute -Method Get -Path '/' -ScriptBlock { @@ -94,7 +94,7 @@ Start-PodeServer { } ``` -*index.pode* +*views/index.pode* ```html From c02efe4368838db04baf0d271981419372ce62ea Mon Sep 17 00:00:00 2001 From: phatmandrake Date: Thu, 9 Sep 2021 09:40:05 -0500 Subject: [PATCH 03/10] Update LoginPage.md Extra parentheses broke link to "sessions" page. --- docs/Tutorials/Routes/Examples/LoginPage.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/Tutorials/Routes/Examples/LoginPage.md b/docs/Tutorials/Routes/Examples/LoginPage.md index f18165db8..fc0a7725d 100644 --- a/docs/Tutorials/Routes/Examples/LoginPage.md +++ b/docs/Tutorials/Routes/Examples/LoginPage.md @@ -1,6 +1,6 @@ # Creating a Login Page -This is an example of having a website with a login and home page - with a logout button. The pages will all be done using `.pode` files, and authentication will be done using [Form authentication](../../../Authentication/Methods/Form) with [Sessions]((../../../Middleware/Types/Sessions)). +This is an example of having a website with a login and home page - with a logout button. The pages will all be done using `.pode` files, and authentication will be done using [Form authentication](../../../Authentication/Methods/Form) with [Sessions](../../../Middleware/Types/Sessions). !!! info The full example can be seen on GitHub in [`examples/web-auth-form.ps1`](https://github.com/Badgerati/Pode/blob/develop/examples/web-auth-form.ps1). From 42148c67e05ed5d34adefdaaf4505f6e2fd9ab3c Mon Sep 17 00:00:00 2001 From: Matthew Kelly Date: Fri, 10 Sep 2021 20:03:10 +0100 Subject: [PATCH 04/10] #810: convert cookie timestamp to UTC --- src/Private/Sessions.ps1 | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/src/Private/Sessions.ps1 b/src/Private/Sessions.ps1 index cadb7a21d..be5fd833f 100644 --- a/src/Private/Sessions.ps1 +++ b/src/Private/Sessions.ps1 @@ -111,7 +111,11 @@ function Get-PodeSession # get details from cookie $name = $cookie.Name $value = $cookie.Value + $timestamp = $cookie.TimeStamp + if ($null -ne $timestamp) { + $timestamp = $timestamp.ToUniversalTime() + } } # generate the session data @@ -200,6 +204,9 @@ function Get-PodeSessionExpiry $expiry = [DateTime]::UtcNow if (!([bool]$Session.Properties.Extend)) { $expiry = $Session.Properties.TimeStamp + if ($null -ne $expiry) { + $expiry = $expiry.ToUniversalTime() + } } $expiry = $expiry.AddSeconds($Session.Properties.Duration) From 290f3a88704a452c788cea5e5c6b8b75d6c66f92 Mon Sep 17 00:00:00 2001 From: Matthew Kelly Date: Fri, 10 Sep 2021 20:07:35 +0100 Subject: [PATCH 05/10] #810: add missing Add-PodeEndpoint to sessions example --- docs/Tutorials/Middleware/Types/Sessions.md | 1 + 1 file changed, 1 insertion(+) diff --git a/docs/Tutorials/Middleware/Types/Sessions.md b/docs/Tutorials/Middleware/Types/Sessions.md index 12dc8f4d3..19669e5db 100644 --- a/docs/Tutorials/Middleware/Types/Sessions.md +++ b/docs/Tutorials/Middleware/Types/Sessions.md @@ -101,6 +101,7 @@ An example of using sessions in a Route to increment a views counter could be do ```powershell Start-PodeServer { + Add-PodeEndpoint -Address localhost -Port 8080 -Protocol Http Enable-PodeSessionMiddleware -Duration 120 Add-PodeRoute -Method Get -Path '/' -ScriptBlock { From 70ebe41918e8d4371aee99a4610dc917c2744ea0 Mon Sep 17 00:00:00 2001 From: Matthew Kelly Date: Fri, 10 Sep 2021 20:27:40 +0100 Subject: [PATCH 06/10] #811: fix parameter sets on Start-PodeStaticServer --- src/Public/Core.ps1 | 18 ++++++++++-------- 1 file changed, 10 insertions(+), 8 deletions(-) diff --git a/src/Public/Core.ps1 b/src/Public/Core.ps1 index a364d9fe7..91ef47e82 100644 --- a/src/Public/Core.ps1 +++ b/src/Public/Core.ps1 @@ -264,7 +264,7 @@ The IP/Hostname of the endpoint. The Port number of the endpoint. .PARAMETER Https -Start the server using HTTPS. +Start the server using HTTPS, if no certificate details are supplied a self-signed certificate will be generated. .PARAMETER Certificate The path to a certificate that can be use to enable HTTPS. @@ -319,23 +319,22 @@ function Start-PodeStaticServer [int] $Port = 0, - [Parameter(ParameterSetName='Https')] + [Parameter()] [switch] $Https, - [Parameter(ParameterSetName='Https')] + [Parameter()] [string] $Certificate = $null, - [Parameter(ParameterSetName='Https')] + [Parameter()] [string] $CertificatePassword = $null, - [Parameter(ParameterSetName='CertFile')] + [Parameter()] [string] $CertificateKey = $null, - [Parameter(ParameterSetName='Https')] [Parameter()] [X509Certificate] $X509Certificate = $null, @@ -358,11 +357,14 @@ function Start-PodeStaticServer Start-PodeServer -RootPath $RootPath -Threads $Threads -Browse:$Browse -ScriptBlock { # add either an http or https endpoint if ($Https) { - if ($null -eq $X509Certificate) { + if ($null -ne $X509Certificate) { + Add-PodeEndpoint -Address $Address -Port $Port -Protocol Https -X509Certificate $X509Certificate + } + elseif (![string]::IsNullOrWhiteSpace($Certificate)) { Add-PodeEndpoint -Address $Address -Port $Port -Protocol Https -Certificate $Certificate -CertificatePassword $CertificatePassword -CertificateKey $CertificateKey } else { - Add-PodeEndpoint -Address $Address -Port $Port -Protocol Https -X509Certificate $X509Certificate + Add-PodeEndpoint -Address $Address -Port $Port -Protocol Https -SelfSigned } } else { From 237fedf41da5c685dc6be633217ca327e4f486f4 Mon Sep 17 00:00:00 2001 From: Matthew Kelly Date: Fri, 10 Sep 2021 20:46:12 +0100 Subject: [PATCH 07/10] #814: set paths definitions to be an ordered hashtable --- src/Private/OpenApi.ps1 | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/Private/OpenApi.ps1 b/src/Private/OpenApi.ps1 index 303c6c0cc..50120a472 100644 --- a/src/Private/OpenApi.ps1 +++ b/src/Private/OpenApi.ps1 @@ -281,11 +281,11 @@ function Get-PodeOpenApiDefinitionInternal } # paths - $def['paths'] = @{} + $def['paths'] = [ordered]@{} $filter = "^$($RouteFilter)" foreach ($method in $PodeContext.Server.Routes.Keys) { - foreach ($path in $PodeContext.Server.Routes[$method].Keys) { + foreach ($path in ($PodeContext.Server.Routes[$method].Keys | Sort-Object)) { # does it match the route? if ($path -inotmatch $filter) { continue From ac018c10aeade164150c5eaeedfcd40842b87f03 Mon Sep 17 00:00:00 2001 From: Matthew Kelly Date: Sat, 11 Sep 2021 11:11:16 +0100 Subject: [PATCH 08/10] #818: bump docker to PS7.1.4 --- Dockerfile | 2 +- alpine.dockerfile | 2 +- arm32.dockerfile | 2 +- docs/Getting-Started/Installation.md | 2 +- docs/Hosting/Docker.md | 4 ++-- packers/docker/arm32/Dockerfile | 2 +- 6 files changed, 7 insertions(+), 7 deletions(-) diff --git a/Dockerfile b/Dockerfile index 491887e92..f0919ea6d 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,4 @@ -FROM mcr.microsoft.com/powershell:7.1.3-ubuntu-18.04 +FROM mcr.microsoft.com/powershell:7.1.4-ubuntu-18.04 LABEL maintainer="Matthew Kelly (Badgerati)" RUN mkdir -p /usr/local/share/powershell/Modules/Pode COPY ./pkg/ /usr/local/share/powershell/Modules/Pode \ No newline at end of file diff --git a/alpine.dockerfile b/alpine.dockerfile index b8a871013..30230d7a7 100644 --- a/alpine.dockerfile +++ b/alpine.dockerfile @@ -1,4 +1,4 @@ -FROM mcr.microsoft.com/powershell:7.1.3-alpine-3.12-20210316 +FROM mcr.microsoft.com/powershell:7.1.4-alpine-3.12-20210819 LABEL maintainer="Matthew Kelly (Badgerati)" RUN mkdir -p /usr/local/share/powershell/Modules/Pode COPY ./pkg/ /usr/local/share/powershell/Modules/Pode \ No newline at end of file diff --git a/arm32.dockerfile b/arm32.dockerfile index 00cd0e443..c7aa45650 100644 --- a/arm32.dockerfile +++ b/arm32.dockerfile @@ -1,4 +1,4 @@ -FROM mcr.microsoft.com/powershell:7.1.3-arm32v7-ubuntu-18.04-20210316 +FROM mcr.microsoft.com/powershell:7.1.4-arm32v7-ubuntu-18.04-20210819 LABEL maintainer="Matthew Kelly (Badgerati)" RUN mkdir -p /usr/local/share/powershell/Modules/Pode COPY ./pkg/ /usr/local/share/powershell/Modules/Pode \ No newline at end of file diff --git a/docs/Getting-Started/Installation.md b/docs/Getting-Started/Installation.md index 2bb880c15..0197fccf4 100644 --- a/docs/Getting-Started/Installation.md +++ b/docs/Getting-Started/Installation.md @@ -41,7 +41,7 @@ Install-Module -Name Pode [![Docker](https://img.shields.io/docker/stars/badgerati/pode.svg?label=Stars)](https://hub.docker.com/r/badgerati/pode/) [![Docker](https://img.shields.io/docker/pulls/badgerati/pode.svg?label=Pulls)](https://hub.docker.com/r/badgerati/pode/) -Pode can run on *nix environments, therefore it only makes sense for there to be Docker images for you to use! The images use PowerShell v7.1.3 on either an Ubuntu Bionic image (default), an Alpine image, or an ARM32 image (for Raspberry Pis). +Pode can run on *nix environments, therefore it only makes sense for there to be Docker images for you to use! The images use PowerShell v7.1.4 on either an Ubuntu Bionic image (default), an Alpine image, or an ARM32 image (for Raspberry Pis). * To pull down the latest Pode image you can do: diff --git a/docs/Hosting/Docker.md b/docs/Hosting/Docker.md index 6ec1a3e72..cf02d0b1a 100644 --- a/docs/Hosting/Docker.md +++ b/docs/Hosting/Docker.md @@ -2,7 +2,7 @@ Pode has a Docker image that you can use to host your server, for instructions on pulling these images you can [look here](../../Installation). -The images use PowerShell v7.1.3 on either an Ubuntu Bionic (default), Alpine, or ARM32 image. +The images use PowerShell v7.1.4 on either an Ubuntu Bionic (default), Alpine, or ARM32 image. ## Images @@ -11,7 +11,7 @@ The images use PowerShell v7.1.3 on either an Ubuntu Bionic (default), Alpine, o ### Default -The default Pode image is an Ubuntu Bionic image with PowerShell v7.1.3 and Pode installed. An example of using this image in your Dockerfile could be as follows: +The default Pode image is an Ubuntu Bionic image with PowerShell v7.1.4 and Pode installed. An example of using this image in your Dockerfile could be as follows: ```dockerfile # pull down the pode image diff --git a/packers/docker/arm32/Dockerfile b/packers/docker/arm32/Dockerfile index 384abdec5..f301d654e 100644 --- a/packers/docker/arm32/Dockerfile +++ b/packers/docker/arm32/Dockerfile @@ -1,6 +1,6 @@ FROM arm32v7/ubuntu:bionic -ENV PS_VERSION=7.1.3 +ENV PS_VERSION=7.1.4 ENV PS_PACKAGE=powershell-${PS_VERSION}-linux-arm32.tar.gz ENV PS_PACKAGE_URL=https://github.com/PowerShell/PowerShell/releases/download/v${PS_VERSION}/${PS_PACKAGE} From 421f33b7aeceea94f0043cd1973e327ee5014173 Mon Sep 17 00:00:00 2001 From: Matthew Kelly Date: Sat, 11 Sep 2021 11:32:42 +0100 Subject: [PATCH 09/10] #818: bump main image to ubuntu 20.04 --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index f0919ea6d..aff807d09 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,4 @@ -FROM mcr.microsoft.com/powershell:7.1.4-ubuntu-18.04 +FROM mcr.microsoft.com/powershell:7.1.4-ubuntu-20.04 LABEL maintainer="Matthew Kelly (Badgerati)" RUN mkdir -p /usr/local/share/powershell/Modules/Pode COPY ./pkg/ /usr/local/share/powershell/Modules/Pode \ No newline at end of file From a27a80f5ef889c9a773faa54cc61e942746ef548 Mon Sep 17 00:00:00 2001 From: Matthew Kelly Date: Mon, 13 Sep 2021 21:07:34 +0100 Subject: [PATCH 10/10] add v2.4.2 release notes --- docs/release-notes.md | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/docs/release-notes.md b/docs/release-notes.md index 1cd95302d..83edbdef7 100644 --- a/docs/release-notes.md +++ b/docs/release-notes.md @@ -1,5 +1,20 @@ # Release Notes +## v2.4.2 + +```plain +### Bugs +* #810: Fixes a Local/UTC datetime issue on Cookies, expiring sessions early +* #811: Fixes the HTTPS parameter set on `Start-PodeStaticServer` +* #814: Fixes a route ordering issue on Swagger pages + +### Documentation +* #816: Fixes a typo on LoginPage (thanks @phatmandrake!) + +### Packaging +* #818: Bumps PowerShell to v7.1.4 in Docker images +``` + ## v2.4.1 ```plain