/
cookies.rb
146 lines (130 loc) · 4.53 KB
/
cookies.rb
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
module Merb
class Cookies < Mash
# :api: private
def initialize(constructor = {})
@_options_lookup = Mash.new
@_cookie_defaults = { "domain" => Merb::Controller._default_cookie_domain, "path" => '/' }
super constructor
end
# Implicit assignment of cookie key and value.
#
# ==== Parameters
# name<~to_s>:: Name of the cookie.
# value<~to_s>:: Value of the cookie.
#
# ==== Notes
# By using this method, a cookie key is marked for being
# included in the Set-Cookie response header.
#
# :api: public
def []=(key, value)
@_options_lookup[key] ||= {}
super
end
# Explicit assignment of cookie key, value and options
#
# ==== Parameters
# name<~to_s>:: Name of the cookie.
# value<~to_s>:: Value of the cookie.
# options<Hash>:: Additional options for the cookie (see below).
#
# ==== Options (options)
# :path<String>:: The path for which this cookie applies. Defaults to "/".
# :expires<Time>:: Cookie expiry date.
# :domain<String>:: The domain for which this cookie applies.
# :secure<Boolean>:: Security flag.
# :http_only<Boolean>:: HttpOnly cookies
#
# ==== Notes
# By using this method, a cookie key is marked for being
# included in the Set-Cookie response header.
#
# :api: private
def set_cookie(name, value, options = {})
@_options_lookup[name] = options
self[name] = value
end
# Removes the cookie on the client machine by setting the value to an empty
# string and setting its expiration date into the past.
#
# ==== Parameters
# name<~to_s>:: Name of the cookie to delete.
# options<Hash>:: Additional options to pass to +set_cookie+.
#
# :api: public
def delete(name, options = {})
set_cookie(name, "", options.merge("expires" => Time.at(0)))
end
# Generate any necessary headers.
#
# ==== Returns
# Hash:: The headers to set, or an empty array if no cookies are set.
#
# :api: private
def extract_headers(controller_defaults = {})
defaults = @_cookie_defaults.merge(controller_defaults)
cookies = []
self.each do |name, value|
# Only set cookies that marked for inclusion in the response header.
next unless @_options_lookup[name]
options = defaults.merge(@_options_lookup[name])
if (expiry = options["expires"]).respond_to?(:gmtime)
options["expires"] = expiry.gmtime.strftime(Merb::Const::COOKIE_EXPIRATION_FORMAT)
end
secure = options.delete("secure")
http_only = options.delete("http_only")
kookie = "#{name}=#{Merb::Parse.escape(value)}; "
# WebKit in particular doens't like empty cookie options - skip them.
options.each { |k, v| kookie << "#{k}=#{v}; " unless v.blank? }
kookie << 'secure; ' if secure
kookie << 'HttpOnly; ' if http_only
cookies << kookie.rstrip
end
cookies.empty? ? {} : { 'Set-Cookie' => cookies }
end
end
module CookiesMixin
def self.included(base)
# Allow per-controller default cookie domains (see callback below)
base.class_inheritable_accessor :_default_cookie_domain
base._default_cookie_domain = Merb::Config[:default_cookie_domain]
# Add a callback to enable Set-Cookie headers
base._after_dispatch_callbacks << lambda do |c|
headers = c.request.cookies.extract_headers("domain" => c._default_cookie_domain)
c.headers.update(headers)
end
end
# ==== Returns
# Merb::Cookies::
# A new Merb::Cookies instance representing the cookies that came in
# from the request object
#
# ==== Notes
# Headers are passed into the cookie object so that you can do:
# cookies[:foo] = "bar"
#
# :api: public
def cookies
request.cookies
end
module RequestMixin
# ==== Returns
# Hash:: The cookies for this request.
#
# ==== Notes
# If a method #default_cookies is defined it will be called. This can
# be used for session fixation purposes for example. The method returns
# a Hash of key => value pairs.
#
# :api: public
def cookies
@cookies ||= begin
values = Merb::Parse.query(@env[Merb::Const::HTTP_COOKIE], ';,')
cookies = Merb::Cookies.new(values)
cookies.update(default_cookies) if respond_to?(:default_cookies)
cookies
end
end
end
end
end