Bump version numbers for release

[gitmo/MooseX-Storage.git] / lib / MooseX / Storage / Base / WithChecksum.pm

diff --git a/lib/MooseX/Storage/Base/WithChecksum.pm b/lib/MooseX/Storage/Base/WithChecksum.pm
index 6db3a56..d7a888d 100644 (file)
--- a/lib/MooseX/Storage/Base/WithChecksum.pm
+++ b/lib/MooseX/Storage/Base/WithChecksum.pm
@@ -2,11 +2,13 @@
 package MooseX::Storage::Base::WithChecksum;
 use Moose::Role;
 
-use Digest ();
-use Storable ();
+use Digest       ();
+use Data::Dumper ();
+
 use MooseX::Storage::Engine;
 
-our $VERSION = '0.01';
+our $VERSION   = '0.18';
+our $AUTHORITY = 'cpan:STEVAN';
 
 our $DIGEST_MARKER = '__DIGEST__';
 
@@ -15,7 +17,7 @@ sub pack {
 
     my $e = MooseX::Storage::Engine->new( object => $self );
 
-    my $collapsed = $e->collapse_object;
+    my $collapsed = $e->collapse_object(@args);
     
     $collapsed->{$DIGEST_MARKER} = $self->_digest_packed($collapsed, @args);
     
@@ -27,8 +29,7 @@ sub unpack {
 
     # check checksum on data
     
-    my $old_checksum = $data->{$DIGEST_MARKER};
-    delete $data->{$DIGEST_MARKER};
+    my $old_checksum = delete $data->{$DIGEST_MARKER};
     
     my $checksum = $class->_digest_packed($data, @args);
 
@@ -36,36 +37,61 @@ sub unpack {
         || confess "Bad Checksum got=($checksum) expected=($old_checksum)";    
 
     my $e = MooseX::Storage::Engine->new(class => $class);
-    $class->new($e->expand_object($data));
+    $class->new($e->expand_object($data, @args));
 }
 
 
 sub _digest_packed {
     my ( $self, $collapsed, @args ) = @_;
 
-    my $d = shift @args;
+    my $d = $self->_digest_object(@args);
+
+    {
+        local $Data::Dumper::Indent   = 0;
+        local $Data::Dumper::Sortkeys = 1;
+        local $Data::Dumper::Terse    = 1;
+        local $Data::Dumper::Useqq    = 0;
+        local $Data::Dumper::Deparse  = 0; # FIXME?
+        my $str = Data::Dumper::Dumper($collapsed);
+        # NOTE:
+        # Canonicalize numbers to strings even if it 
+        # mangles numbers inside strings. It really 
+        # does not matter since its just the checksum
+        # anyway.
+        # - YK/SL
+        $str =~ s/(?<! ['"] ) \b (\d+) \b (?! ['"] )/'$1'/gx; 
+        $d->add( $str );
+    }
+
+    return $d->hexdigest;
+}
+
+sub _digest_object {
+    my ( $self, %options ) = @_;
+    my $digest_opts = $options{digest};
+    
+    $digest_opts = [ $digest_opts ] 
+        if !ref($digest_opts) or ref($digest_opts) ne 'ARRAY';
+        
+    my ( $d, @args ) = @$digest_opts;
 
     if ( ref $d ) {
         if ( $d->can("clone") ) {
-            $d = $d->clone;
-        } elsif ( $d->can("reset") ) {
+            return $d->clone;
+        } 
+        elsif ( $d->can("reset") ) {
             $d->reset;
-        } else {
+            return $d;
+        } 
+        else {
             die "Can't clone or reset digest object: $d";
         }
-    } else {
-        $d = Digest->new($d || "SHA1", @args);
+    } 
+    else {
+        return Digest->new($d || "SHA1", @args);
     }
-
-    {
-        local $Storable::canonical = 1;
-        $d->add( Storable::nfreeze($collapsed) );
-    }
-
-    return $d->hexdigest;
 }
 
-
 1;
 
 __END__
@@ -74,12 +100,17 @@ __END__
 
 =head1 NAME
 
-MooseX::Storage::Base::WithChecksum
-
-=head1 SYNOPSIS
+MooseX::Storage::Base::WithChecksum - A more secure serialization role
 
 =head1 DESCRIPTION
 
+This is an early implementation of a more secure Storage role, 
+which does integrity checks on the data. It is still being 
+developed so I recommend using it with caution. 
+
+Any thoughts, ideas or suggestions on improving our technique 
+are very welcome.
+
 =head1 METHODS
 
 =over 4
@@ -108,9 +139,11 @@ to cpan-RT.
 
 Stevan Little E<lt>stevan.little@iinteractive.comE<gt>
 
+Yuval Kogman
+
 =head1 COPYRIGHT AND LICENSE
 
-Copyright 2007 by Infinity Interactive, Inc.
+Copyright 2007-2008 by Infinity Interactive, Inc.
 
 L<http://www.iinteractive.com>