-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathapp.rb
More file actions
96 lines (82 loc) · 2.49 KB
/
app.rb
File metadata and controls
96 lines (82 loc) · 2.49 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
require_relative 'models'
require 'roda'
class Seq < Roda
opts[:check_dynamic_arity] = false
opts[:check_arity] = :warn
plugin :default_headers,
'Content-Type'=>'text/html',
#'Strict-Transport-Security'=>'max-age=16070400;', # Uncomment if only allowing https:// access
'X-Frame-Options'=>'deny',
'X-Content-Type-Options'=>'nosniff',
'X-XSS-Protection'=>'1; mode=block'
plugin :content_security_policy do |csp|
csp.default_src :none
csp.style_src :self, 'https://maxcdn.bootstrapcdn.com'
csp.form_action :self
csp.script_src :self
csp.connect_src :self
csp.base_uri :none
csp.frame_ancestors :none
end
plugin :route_csrf
plugin :flash
plugin :assets, css: 'app.scss', css_opts: {style: :compressed, cache: false}, timestamp_paths: true
plugin :render, escape: true, layout: './layout'
plugin :public
plugin :Integer_matcher_max
plugin :typecast_params_sized_integers, :sizes=>[64], :default_size=>64
plugin :hash_branch_view_subdir
logger = if ENV['RACK_ENV'] == 'test'
Class.new{def write(_) end}.new
else
$stderr
end
plugin :common_logger, logger
plugin :not_found do
@page_title = "File Not Found"
view(:content=>"")
end
if ENV['RACK_ENV'] == 'development'
plugin :exception_page
class RodaRequest
def assets
exception_page_assets
super
end
end
else
def self.freeze
Sequel::Model.freeze_descendents
DB.freeze
super
end
end
plugin :error_handler do |e|
case e
when Roda::RodaPlugins::RouteCsrf::InvalidToken
@page_title = "Invalid Security Token"
response.status = 400
view(:content=>"<p>An invalid security token was submitted with this request, and this request could not be processed.</p>")
else
$stderr.print "#{e.class}: #{e.message}\n"
$stderr.puts e.backtrace
next exception_page(e, :assets=>true) if ENV['RACK_ENV'] == 'development'
@page_title = "Internal Server Error"
view(:content=>"")
end
end
plugin :sessions,
key: '_Seq.session',
#cookie_options: {secure: ENV['RACK_ENV'] != 'test'}, # Uncomment if only allowing https:// access
secret: ENV.send((ENV['RACK_ENV'] == 'development' ? :[] : :delete), 'SEQ_SESSION_SECRET')
Unreloader.require('routes', :delete_hook=>proc{|f| hash_branch(File.basename(f).delete_suffix('.rb'))}){}
route do |r|
r.public
r.assets
check_csrf!
r.hash_branches('')
r.root do
view 'index'
end
end
end