lib/tynn/session.rb in tynn-2.0.0.beta3 vs lib/tynn/session.rb in tynn-2.0.0.beta4

@@ -2,98 +2,24 @@
 
 require "rack/session/cookie"
 require_relative "utils"
 
 class Tynn
-  # Adds simple cookie based session management. You can pass a secret
-  # token to sign the cookie data, thus unauthorized means can't alter it.
-  #
-  #   require "tynn"
-  #   require "tynn/session"
-  #
-  #   Tynn.plugin(Tynn::Session, secret: "__change_me_not_secure__")
-  #
-  #   Tynn.define do
-  #     on "login" do
-  #       on post do
-  #         # ...
-  #
-  #         session[:user_id] = user.id
-  #
-  #         res.redirect("/admin")
-  #       end
-  #     end
-  #   end
-  #
-  # The following command generates a cryptographically secure secret ready
-  # to use:
-  #
-  #   $ ruby -r securerandom -e "puts SecureRandom.hex(64)"
-  #
-  # It's important to keep the token secret. Knowing the token allows an
-  # attacker to tamper the data. So, it's recommended to load the token
-  # from the environment.
-  #
-  #   Tynn.plugin(Tynn::Session, secret: ENV["SESSION_SECRET"])
-  #
-  # Under the hood, Tynn::Session uses the <tt>Rack::Session::Cookie</tt>
-  # middleware. Thus, supports all the options available for this middleware:
-  #
-  # [key]
-  #   The name of the cookie. Defaults to <tt>"rack.session"</tt>.
-  #
-  # [httponly]
-  #   If <tt>true</tt>, sets the <tt>HttpOnly</tt> flag. This mitigates the
-  #   risk of client side scripting accessing the cookie. Defaults to <tt>true</tt>.
-  #
-  # [secure]
-  #   If <tt>true</tt>, sets the <tt>Secure</tt> flag. This tells the browser
-  #   to only transmit the cookie over HTTPS. Defaults to <tt>false</tt>.
-  #
-  # [same_site]
-  #   Disables third-party usage for cookies. There are two possible values
-  #   <tt>:Lax</tt> and <tt>:Strict</tt>. In <tt>Strict</tt> mode, the cookie
-  #   is restrain to any cross-site usage; in <tt>Lax</tt> mode, some cross-site
-  #   usage is allowed. Defaults to <tt>:Lax</tt>. If <tt>nil</tt> is passed,
-  #   the flag is not included. Check this article[http://www.sjoerdlangkemper.nl/2016/04/14/preventing-csrf-with-samesite-cookie-attribute/]
-  #   for more information. Supported by Chrome 51+.
-  #
-  # [expire_after]
-  #   The lifespan of the cookie. If <tt>nil</tt>, the session cookie is temporary
-  #   and is no retained after the browser is closed. Defaults to <tt>nil</tt>.
-  #
-  # <tt></tt>
-  #
-  #   Tynn.plugin(
-  #     Tynn::Session,
-  #     key: "app",
-  #     secret: ENV["SESSION_SECRET"],
-  #     expire_after: 36_000, # seconds
-  #     httponly: true,
-  #     secure: true,
-  #     same_site: :Strict
-  #   )
-  #
   module Session
-    SECRET_MIN_LENGTH = 30 # :nodoc:
+    SECRET_MIN_LENGTH = 30
 
-    def self.setup(app, options = {}) # :nodoc:
+    def self.setup(app, options = {})
       secret = options[:secret]
 
       if secret.nil?
-        Tynn::Utils.raise_error(
-          "Secret key is required",
-          error: ArgumentError,
-          tag: :no_secret_key
-        )
+        Tynn::Utils.raise_error("Secret key is required", ArgumentError)
       end
 
       if secret.length < SECRET_MIN_LENGTH
         Tynn::Utils.raise_error(
           "Secret key is shorter than #{ SECRET_MIN_LENGTH } characters",
-          error: ArgumentError,
-          tag: :short_secret_key
+          ArgumentError
         )
       end
 
       app.use(Rack::Session::Cookie, {
         coder: Rack::Session::Cookie::Base64::JSON.new,
@@ -101,18 +27,9 @@
         same_site: :Lax
       }.merge(options))
     end
 
     module InstanceMethods
-      # Returns the session hash.
-      #
-      #   session
-      #   # => {}
-      #
-      #   session[:foo] = "foo"
-      #   session[:foo]
-      #   # => "foo"
-      #
       def session
         req.session
       end
     end
   end