actioncable 5.0.0.1 → 5.0.1.rc1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: f43514fcc46cfd5617c2d196bcff9428d27ec104
-  data.tar.gz: 82c7c9deca20b9aa6dadcdd1b6e7d054596ef6c2
+  metadata.gz: 1e71477ad06403305b2d7cb74ae7154a6ca54d8a
+  data.tar.gz: 375e2e323c8c7e987410a5fff1f035d3dba94081
 SHA512:
-  metadata.gz: e80bf03f4cd1aad741bcec6621f39070dfa1c2ac65b13aa3b7e6af4e2beedb863bf497249d469643b48e765a6198ff4222c175195040106f81cfc30df669258b
-  data.tar.gz: c9f4ef262508a5aed0077be0f537bb66d3c47c57a2c3d61c3b47a3323ea5ffb92b926247cc5a90027055b10e8334070c56d14ac4602c2b894ca8c21d4bf11066
+  metadata.gz: 1c6c756bfca7b69592aadc17004a36f993cd86c1de5010d8e98c7a52897823e5a7164b4a9dfdf433127c4b4b41dfb56d5ae6ab9f79ea1831c97d3259aaa12ed7
+  data.tar.gz: 93862ebfe578dc52dc841f47258031ffc58938138631c101de4cb89c0fa09ceaf4eae2c18103d6e694fc86a7e879094f8bfe19598b00c1938ae5c46cf31452ce

data/CHANGELOG.md

@@ -1,3 +1,56 @@
+## Rails 5.0.1.rc1 (December 01, 2016) ##
+
+*   Permit same-origin connections by default.
+
+    New option `config.action_cable.allow_same_origin_as_host = false`
+    to disable.
+
+    *Dávid Halász*, *Matthew Draper*
+
+*   Fixed and added a workaround to avoid race condition, when one
+    thread closed the IO, when an another thread was still trying read
+    from IO on a connection.
+
+    *Matthew Draper*
+
+*   Shutdown pubsub connection before classes are reloaded, to avoid
+    hangups caused by pubsub still holding reference to Active Record
+    connection from the pool, and Active Record trying to cleanup the pool.
+
+    *Jon Moss*
+
+*   Prevent race where the client could receive and act upon a
+    subscription confirmation before the channel's `subscribed` method
+    completed.
+
+    Fixes #25381.
+
+    *Vladimir Dementyev*
+
+*   Buffer writes to websocket connections, to avoid blocking threads
+    that could be doing more useful things.
+
+    *Matthew Draper*, *Tinco Andringa*
+
+*   Invocation of channel action is now prevented, if subscription
+    connection was rejected.
+
+    Fixes #23757.
+
+    *Jon Moss*
+
+*   Protect against concurrent writes to a websocket connection from
+    multiple threads; the underlying OS write is not always threadsafe.
+
+    *Tinco Andringa*
+
+*   Close hijacked socket when connection is shut down.
+
+    Fixes #25613.
+
+    *Tinco Andringa*
+
+
 ## Rails 5.0.0 (June 30, 2016) ##
 
 *   Fix development reloading support: new cable connections are now correctly

data/README.md

@@ -323,7 +323,10 @@ Rails.application.paths.add "config/cable", with: "somewhere/else/cable.yml"
 
 ### Allowed Request Origins
 
-Action Cable will only accept requests from specified origins, which are passed to the server config as an array. The origins can be instances of strings or regular expressions, against which a check for match will be performed.
+Action Cable will only accept requests from specific origins.
+
+By default, only an origin matching the cable server itself will be permitted.
+Additional origins can be specified using strings or regular expressions, provided in an array.
 
 ```ruby
 Rails.application.config.action_cable.allowed_request_origins = ['http://rubyonrails.com', /http:\/\/ruby.*/]
@@ -331,12 +334,19 @@ Rails.application.config.action_cable.allowed_request_origins = ['http://rubyonr
 
 When running in the development environment, this defaults to "http://localhost:3000".
 
-To disable and allow requests from any origin:
+To disable protection and allow requests from any origin:
 
 ```ruby
 Rails.application.config.action_cable.disable_request_forgery_protection = true
 ```
 
+To disable automatic access for same-origin requests, and strictly allow
+only the configured origins:
+
+```ruby
+Rails.application.config.action_cable.allow_same_origin_as_host = false
+```
+
 ### Consumer Configuration
 
 Once you have decided how to run your cable server (see below), you must provide the server URL (or path) to your client-side setup.

data/lib/action_cable/channel/base.rb

@@ -144,13 +144,14 @@ module ActionCable
 
         # When a channel is streaming via pubsub, we want to delay the confirmation
         # transmission until pubsub subscription is confirmed.
-        @defer_subscription_confirmation = false
+        #
+        # The counter starts at 1 because it's awaiting a call to #subscribe_to_channel
+        @defer_subscription_confirmation_counter = Concurrent::AtomicFixnum.new(1)
 
         @reject_subscription = nil
         @subscription_confirmation_sent = nil
 
         delegate_connection_identifiers
-        subscribe_to_channel
       end
 
       # Extract the action name from the passed data and process it via the channel. The process will ensure
@@ -169,6 +170,17 @@ module ActionCable
         end
       end
 
+      # This method is called after subscription has been added to the connection
+      # and confirms or rejects the subscription.
+      def subscribe_to_channel
+        run_callbacks :subscribe do
+          subscribed
+        end
+
+        reject_subscription if subscription_rejected?
+        ensure_confirmation_sent
+      end
+
       # Called by the cable connection when it's cut, so the channel has a chance to cleanup with callbacks.
       # This method is not intended to be called directly by the user. Instead, overwrite the #unsubscribed callback.
       def unsubscribe_from_channel # :nodoc:
@@ -202,12 +214,18 @@ module ActionCable
           end
         end
 
+        def ensure_confirmation_sent
+          return if subscription_rejected?
+          @defer_subscription_confirmation_counter.decrement
+          transmit_subscription_confirmation unless defer_subscription_confirmation?
+        end
+
         def defer_subscription_confirmation!
-          @defer_subscription_confirmation = true
+          @defer_subscription_confirmation_counter.increment
         end
 
         def defer_subscription_confirmation?
-          @defer_subscription_confirmation
+          @defer_subscription_confirmation_counter.value > 0
         end
 
         def subscription_confirmation_sent?
@@ -231,24 +249,12 @@ module ActionCable
           end
         end
 
-        def subscribe_to_channel
-          run_callbacks :subscribe do
-            subscribed
-          end
-
-          if subscription_rejected?
-            reject_subscription
-          else
-            transmit_subscription_confirmation unless defer_subscription_confirmation?
-          end
-        end
-
         def extract_action(data)
           (data['action'].presence || :receive).to_sym
         end
 
         def processable_action?(action)
-          self.class.action_methods.include?(action.to_s)
+          self.class.action_methods.include?(action.to_s) unless subscription_rejected?
         end
 
         def dispatch_action(action, data)

data/lib/action_cable/channel/streams.rb

@@ -84,7 +84,7 @@ module ActionCable
 
         connection.server.event_loop.post do
           pubsub.subscribe(broadcasting, handler, lambda do
-            transmit_subscription_confirmation
+            ensure_confirmation_sent
             logger.info "#{self.class.name} is streaming from #{broadcasting}"
           end)
         end

data/lib/action_cable/connection/base.rb

@@ -195,7 +195,10 @@ module ActionCable
         def allow_request_origin?
           return true if server.config.disable_request_forgery_protection
 
-          if Array(server.config.allowed_request_origins).any? { |allowed_origin|  allowed_origin === env['HTTP_ORIGIN'] }
+          proto = Rack::Request.new(env).ssl? ? "https" : "http"
+          if server.config.allow_same_origin_as_host && env["HTTP_ORIGIN"] == "#{proto}://#{env['HTTP_HOST']}"
+            true
+          elsif Array(server.config.allowed_request_origins).any? { |allowed_origin|  allowed_origin === env["HTTP_ORIGIN"] }
             true
           else
             logger.error("Request origin not allowed: #{env['HTTP_ORIGIN']}")

data/lib/action_cable/connection/stream.rb

@@ -1,3 +1,5 @@
+require 'thread'
+
 module ActionCable
   module Connection
     #--
@@ -11,6 +13,10 @@ module ActionCable
         @stream_send   = socket.env['stream.send']
 
         @rack_hijack_io = nil
+        @write_lock = Mutex.new
+
+        @write_head = nil
+        @write_buffer = Queue.new
       end
 
       def each(&callback)
@@ -27,12 +33,62 @@ module ActionCable
       end
 
       def write(data)
-        return @rack_hijack_io.write(data) if @rack_hijack_io
-        return @stream_send.call(data) if @stream_send
+        if @stream_send
+          return @stream_send.call(data)
+        end
+
+        if @write_lock.try_lock
+          begin
+            if @write_head.nil? && @write_buffer.empty?
+              written = @rack_hijack_io.write_nonblock(data, exception: false)
+
+              case written
+              when :wait_writable
+                # proceed below
+              when data.bytesize
+                return data.bytesize
+              else
+                @write_head = data.byteslice(written, data.bytesize)
+                @event_loop.writes_pending @rack_hijack_io
+
+                return data.bytesize
+              end
+            end
+          ensure
+            @write_lock.unlock
+          end
+        end
+
+        @write_buffer << data
+        @event_loop.writes_pending @rack_hijack_io
+
+        data.bytesize
       rescue EOFError, Errno::ECONNRESET
         @socket_object.client_gone
       end
 
+      def flush_write_buffer
+        @write_lock.synchronize do
+          loop do
+            if @write_head.nil?
+              return true if @write_buffer.empty?
+              @write_head = @write_buffer.pop
+            end
+
+            written = @rack_hijack_io.write_nonblock(@write_head, exception: false)
+            case written
+            when :wait_writable
+              return false
+            when @write_head.bytesize
+              @write_head = nil
+            else
+              @write_head = @write_head.byteslice(written, @write_head.bytesize)
+              return false
+            end
+          end
+        end
+      end
+
       def receive(data)
         @socket_object.parse(data)
       end

data/lib/action_cable/connection/stream_event_loop.rb

@@ -5,7 +5,7 @@ module ActionCable
   module Connection
     class StreamEventLoop
       def initialize
-        @nio = @thread = nil
+        @nio = @executor = @thread = nil
         @map = {}
         @stopping = false
         @todo = Queue.new
@@ -20,13 +20,14 @@ module ActionCable
       def post(task = nil, &block)
         task ||= block
 
-        Concurrent.global_io_executor << task
+        spawn
+        @executor << task
       end
 
       def attach(io, stream)
         @todo << lambda do
-          @map[io] = stream
-          @nio.register(io, :r)
+          @map[io] = @nio.register(io, :r)
+          @map[io].value = stream
         end
         wakeup
       end
@@ -35,6 +36,16 @@ module ActionCable
         @todo << lambda do
           @nio.deregister io
           @map.delete io
+          io.close
+        end
+        wakeup
+      end
+
+      def writes_pending(io)
+        @todo << lambda do
+          if monitor = @map[io]
+            monitor.interests = :rw
+          end
         end
         wakeup
       end
@@ -52,6 +63,13 @@ module ActionCable
             return if @thread && @thread.status
 
             @nio ||= NIO::Selector.new
+
+            @executor ||= Concurrent::ThreadPoolExecutor.new(
+              min_threads: 1,
+              max_threads: 10,
+              max_queue: 0,
+            )
+
             @thread = Thread.new { run }
 
             return true
@@ -77,12 +95,25 @@ module ActionCable
 
             monitors.each do |monitor|
               io = monitor.io
-              stream = @map[io]
+              stream = monitor.value
 
               begin
-                stream.receive io.read_nonblock(4096)
-              rescue IO::WaitReadable
-                next
+                if monitor.writable?
+                  if stream.flush_write_buffer
+                    monitor.interests = :r
+                  end
+                  next unless monitor.readable?
+                end
+
+                incoming = io.read_nonblock(4096, exception: false)
+                case incoming
+                when :wait_readable
+                  next
+                when nil
+                  stream.close
+                else
+                  stream.receive incoming
+                end
               rescue
                 # We expect one of EOFError or Errno::ECONNRESET in
                 # normal operation (when the client goes away). But if

data/lib/action_cable/connection/subscriptions.rb

@@ -26,10 +26,14 @@ module ActionCable
         id_key = data['identifier']
         id_options = ActiveSupport::JSON.decode(id_key).with_indifferent_access
 
+        return if subscriptions.key?(id_key)
+
         subscription_klass = id_options[:channel].safe_constantize
 
         if subscription_klass && ActionCable::Channel::Base >= subscription_klass
-          subscriptions[id_key] ||= subscription_klass.new(connection, id_key, id_options)
+          subscription = subscription_klass.new(connection, id_key, id_options)
+          subscriptions[id_key] = subscription
+          subscription.subscribe_to_channel
         else
           logger.error "Subscription class not found: #{id_options[:channel].inspect}"
         end

data/lib/action_cable/gem_version.rb

@@ -7,8 +7,8 @@ module ActionCable
   module VERSION
     MAJOR = 5
     MINOR = 0
-    TINY  = 0
-    PRE   = "1"
+    TINY  = 1
+    PRE   = "rc1"
 
     STRING = [MAJOR, MINOR, TINY, PRE].compact.join(".")
   end

data/lib/action_cable/server/base.rb

@@ -37,9 +37,13 @@ module ActionCable
         connections.each(&:close)
 
         @mutex.synchronize do
-          worker_pool.halt if @worker_pool
-
+          # Shutdown the worker pool
+          @worker_pool.halt if @worker_pool
           @worker_pool = nil
+
+          # Shutdown the pub/sub adapter
+          @pubsub.shutdown if @pubsub
+          @pubsub = nil
         end
       end
 

data/lib/action_cable/server/configuration.rb

@@ -5,7 +5,7 @@ module ActionCable
     class Configuration
       attr_accessor :logger, :log_tags
       attr_accessor :use_faye, :connection_class, :worker_pool_size
-      attr_accessor :disable_request_forgery_protection, :allowed_request_origins
+      attr_accessor :disable_request_forgery_protection, :allowed_request_origins, :allow_same_origin_as_host
       attr_accessor :cable, :url, :mount_path
 
       def initialize
@@ -15,6 +15,7 @@ module ActionCable
         @worker_pool_size = 4
 
         @disable_request_forgery_protection = false
+        @allow_same_origin_as_host = true
       end
 
       # Returns constant of subscription adapter specified in config/cable.yml.

data/lib/action_cable/server/worker.rb

@@ -25,7 +25,7 @@ module ActionCable
       # Stop processing work: any work that has not already started
       # running will be discarded from the queue
       def halt
-        @executor.kill
+        @executor.shutdown
       end
 
       def stopping?