actionpack 5.2.3

data/lib/action_dispatch/middleware/stack.rb

@@ -0,0 +1,116 @@
+# frozen_string_literal: true
+
+require "active_support/inflector/methods"
+require "active_support/dependencies"
+
+module ActionDispatch
+  class MiddlewareStack
+    class Middleware
+      attr_reader :args, :block, :klass
+
+      def initialize(klass, args, block)
+        @klass = klass
+        @args  = args
+        @block = block
+      end
+
+      def name; klass.name; end
+
+      def ==(middleware)
+        case middleware
+        when Middleware
+          klass == middleware.klass
+        when Class
+          klass == middleware
+        end
+      end
+
+      def inspect
+        if klass.is_a?(Class)
+          klass.to_s
+        else
+          klass.class.to_s
+        end
+      end
+
+      def build(app)
+        klass.new(app, *args, &block)
+      end
+    end
+
+    include Enumerable
+
+    attr_accessor :middlewares
+
+    def initialize(*args)
+      @middlewares = []
+      yield(self) if block_given?
+    end
+
+    def each
+      @middlewares.each { |x| yield x }
+    end
+
+    def size
+      middlewares.size
+    end
+
+    def last
+      middlewares.last
+    end
+
+    def [](i)
+      middlewares[i]
+    end
+
+    def unshift(klass, *args, &block)
+      middlewares.unshift(build_middleware(klass, args, block))
+    end
+
+    def initialize_copy(other)
+      self.middlewares = other.middlewares.dup
+    end
+
+    def insert(index, klass, *args, &block)
+      index = assert_index(index, :before)
+      middlewares.insert(index, build_middleware(klass, args, block))
+    end
+
+    alias_method :insert_before, :insert
+
+    def insert_after(index, *args, &block)
+      index = assert_index(index, :after)
+      insert(index + 1, *args, &block)
+    end
+
+    def swap(target, *args, &block)
+      index = assert_index(target, :before)
+      insert(index, *args, &block)
+      middlewares.delete_at(index + 1)
+    end
+
+    def delete(target)
+      middlewares.delete_if { |m| m.klass == target }
+    end
+
+    def use(klass, *args, &block)
+      middlewares.push(build_middleware(klass, args, block))
+    end
+
+    def build(app = Proc.new)
+      middlewares.freeze.reverse.inject(app) { |a, e| e.build(a) }
+    end
+
+    private
+
+      def assert_index(index, where)
+        i = index.is_a?(Integer) ? index : middlewares.index { |m| m.klass == index }
+        raise "No such middleware to insert #{where}: #{index.inspect}" unless i
+        i
+      end
+
+      def build_middleware(klass, args, block)
+        Middleware.new(klass, args, block)
+      end
+  end
+end

data/lib/action_dispatch/middleware/static.rb

@@ -0,0 +1,130 @@
+# frozen_string_literal: true
+
+require "rack/utils"
+require "active_support/core_ext/uri"
+
+module ActionDispatch
+  # This middleware returns a file's contents from disk in the body response.
+  # When initialized, it can accept optional HTTP headers, which will be set
+  # when a response containing a file's contents is delivered.
+  #
+  # This middleware will render the file specified in <tt>env["PATH_INFO"]</tt>
+  # where the base path is in the +root+ directory. For example, if the +root+
+  # is set to +public/+, then a request with <tt>env["PATH_INFO"]</tt> of
+  # +assets/application.js+ will return a response with the contents of a file
+  # located at +public/assets/application.js+ if the file exists. If the file
+  # does not exist, a 404 "File not Found" response will be returned.
+  class FileHandler
+    def initialize(root, index: "index", headers: {})
+      @root          = root.chomp("/").b
+      @file_server   = ::Rack::File.new(@root, headers)
+      @index         = index
+    end
+
+    # Takes a path to a file. If the file is found, has valid encoding, and has
+    # correct read permissions, the return value is a URI-escaped string
+    # representing the filename. Otherwise, false is returned.
+    #
+    # Used by the +Static+ class to check the existence of a valid file
+    # in the server's +public/+ directory (see Static#call).
+    def match?(path)
+      path = ::Rack::Utils.unescape_path path
+      return false unless ::Rack::Utils.valid_path? path
+      path = ::Rack::Utils.clean_path_info path
+
+      paths = [path, "#{path}#{ext}", "#{path}/#{@index}#{ext}"]
+
+      if match = paths.detect { |p|
+        path = File.join(@root, p.b)
+        begin
+          File.file?(path) && File.readable?(path)
+        rescue SystemCallError
+          false
+        end
+
+      }
+        return ::Rack::Utils.escape_path(match).b
+      end
+    end
+
+    def call(env)
+      serve(Rack::Request.new(env))
+    end
+
+    def serve(request)
+      path      = request.path_info
+      gzip_path = gzip_file_path(path)
+
+      if gzip_path && gzip_encoding_accepted?(request)
+        request.path_info           = gzip_path
+        status, headers, body       = @file_server.call(request.env)
+        if status == 304
+          return [status, headers, body]
+        end
+        headers["Content-Encoding"] = "gzip"
+        headers["Content-Type"]     = content_type(path)
+      else
+        status, headers, body = @file_server.call(request.env)
+      end
+
+      headers["Vary"] = "Accept-Encoding" if gzip_path
+
+      return [status, headers, body]
+    ensure
+      request.path_info = path
+    end
+
+    private
+      def ext
+        ::ActionController::Base.default_static_extension
+      end
+
+      def content_type(path)
+        ::Rack::Mime.mime_type(::File.extname(path), "text/plain".freeze)
+      end
+
+      def gzip_encoding_accepted?(request)
+        request.accept_encoding.any? { |enc, quality| enc =~ /\bgzip\b/i }
+      end
+
+      def gzip_file_path(path)
+        can_gzip_mime = content_type(path) =~ /\A(?:text\/|application\/javascript)/
+        gzip_path     = "#{path}.gz"
+        if can_gzip_mime && File.exist?(File.join(@root, ::Rack::Utils.unescape_path(gzip_path).b))
+          gzip_path.b
+        else
+          false
+        end
+      end
+  end
+
+  # This middleware will attempt to return the contents of a file's body from
+  # disk in the response. If a file is not found on disk, the request will be
+  # delegated to the application stack. This middleware is commonly initialized
+  # to serve assets from a server's +public/+ directory.
+  #
+  # This middleware verifies the path to ensure that only files
+  # living in the root directory can be rendered. A request cannot
+  # produce a directory traversal using this middleware. Only 'GET' and 'HEAD'
+  # requests will result in a file being returned.
+  class Static
+    def initialize(app, path, index: "index", headers: {})
+      @app = app
+      @file_handler = FileHandler.new(path, index: index, headers: headers)
+    end
+
+    def call(env)
+      req = Rack::Request.new env
+
+      if req.get? || req.head?
+        path = req.path_info.chomp("/".freeze)
+        if match = @file_handler.match?(path)
+          req.path_info = match
+          return @file_handler.serve(req)
+        end
+      end
+
+      @app.call(req.env)
+    end
+  end
+end

data/lib/action_dispatch/middleware/templates/rescues/_request_and_response.html.erb

@@ -0,0 +1,22 @@
+<% unless @exception.blamed_files.blank? %>
+  <% if (hide = @exception.blamed_files.length > 8) %>
+    <a href="#" onclick="return toggleTrace()">Toggle blamed files</a>
+  <% end %>
+  <pre id="blame_trace" <%='style="display:none"' if hide %>><code><%= @exception.describe_blame %></code></pre>
+<% end %>
+
+<h2 style="margin-top: 30px">Request</h2>
+<p><b>Parameters</b>:</p> <pre><%= debug_params(@request.filtered_parameters) %></pre>
+
+<div class="details">
+  <div class="summary"><a href="#" onclick="return toggleSessionDump()">Toggle session dump</a></div>
+  <div id="session_dump" style="display:none"><pre><%= debug_hash @request.session %></pre></div>
+</div>
+
+<div class="details">
+  <div class="summary"><a href="#" onclick="return toggleEnvDump()">Toggle env dump</a></div>
+  <div id="env_dump" style="display:none"><pre><%= debug_hash @request.env.slice(*@request.class::ENV_METHODS) %></pre></div>
+</div>
+
+<h2 style="margin-top: 30px">Response</h2>
+<p><b>Headers</b>:</p> <pre><%= debug_headers(defined?(@response) ? @response.headers : {}) %></pre>

data/lib/action_dispatch/middleware/templates/rescues/_request_and_response.text.erb

@@ -0,0 +1,23 @@
+<%
+  clean_params = @request.filtered_parameters.clone
+  clean_params.delete("action")
+  clean_params.delete("controller")
+
+  request_dump = clean_params.empty? ? 'None' : clean_params.inspect.gsub(',', ",\n")
+
+  def debug_hash(object)
+    object.to_hash.sort_by { |k, _| k.to_s }.map { |k, v| "#{k}: #{v.inspect rescue $!.message}" }.join("\n")
+  end unless self.class.method_defined?(:debug_hash)
+%>
+
+Request parameters
+<%= request_dump %>
+
+Session dump
+<%= debug_hash @request.session %>
+
+Env dump
+<%= debug_hash @request.env.slice(*@request.class::ENV_METHODS) %>
+
+Response headers
+<%= defined?(@response) ? @response.headers.inspect.gsub(',', ",\n") : 'None' %>

data/lib/action_dispatch/middleware/templates/rescues/_source.html.erb

@@ -0,0 +1,27 @@
+<% @source_extracts.each_with_index do |source_extract, index| %>
+  <% if source_extract[:code] %>
+    <div class="source <%="hidden" if @show_source_idx != index%>" id="frame-source-<%=index%>">
+      <div class="info">
+        Extracted source (around line <strong>#<%= source_extract[:line_number] %></strong>):
+      </div>
+      <div class="data">
+        <table cellpadding="0" cellspacing="0" class="lines">
+          <tr>
+            <td>
+              <pre class="line_numbers">
+                <% source_extract[:code].each_key do |line_number| %>
+<span><%= line_number -%></span>
+                <% end %>
+              </pre>
+            </td>
+<td width="100%">
+<pre>
+<% source_extract[:code].each do |line, source| -%><div class="line<%= " active" if line == source_extract[:line_number] -%>"><%= source -%></div><% end -%>
+</pre>
+</td>
+          </tr>
+        </table>
+      </div>
+    </div>
+  <% end %>
+<% end %>

data/lib/action_dispatch/middleware/templates/rescues/_source.text.erb

@@ -0,0 +1,8 @@
+<% @source_extracts.first(3).each do |source_extract| %>
+<% if source_extract[:code] %>
+Extracted source (around line #<%= source_extract[:line_number] %>):
+
+<% source_extract[:code].each do |line, source| -%>
+<%= line == source_extract[:line_number] ? "*#{line}" : "##{line}" -%> <%= source -%><% end -%>
+<% end %>
+<% end %>

data/lib/action_dispatch/middleware/templates/rescues/_trace.html.erb

@@ -0,0 +1,52 @@
+<% names = @traces.keys %>
+
+<p><code>Rails.root: <%= defined?(Rails) && Rails.respond_to?(:root) ? Rails.root : "unset" %></code></p>
+
+<div id="traces">
+  <% names.each do |name| %>
+    <%
+      show = "show('#{name.gsub(/\s/, '-')}');"
+      hide = (names - [name]).collect {|hide_name| "hide('#{hide_name.gsub(/\s/, '-')}');"}
+    %>
+    <a href="#" onclick="<%= hide.join %><%= show %>; return false;"><%= name %></a> <%= '|' unless names.last == name %>
+  <% end %>
+
+  <% @traces.each do |name, trace| %>
+    <div id="<%= name.gsub(/\s/, '-') %>" style="display: <%= (name == @trace_to_show) ? 'block' : 'none' %>;">
+      <pre><code><% trace.each do |frame| %><a class="trace-frames" data-frame-id="<%= frame[:id] %>" href="#"><%= frame[:trace] %></a><br><% end %></code></pre>
+    </div>
+  <% end %>
+
+  <script type="text/javascript">
+    var traceFrames = document.getElementsByClassName('trace-frames');
+    var selectedFrame, currentSource = document.getElementById('frame-source-0');
+
+    // Add click listeners for all stack frames
+    for (var i = 0; i < traceFrames.length; i++) {
+      traceFrames[i].addEventListener('click', function(e) {
+        e.preventDefault();
+        var target = e.target;
+        var frame_id = target.dataset.frameId;
+
+        if (selectedFrame) {
+          selectedFrame.className = selectedFrame.className.replace("selected", "");
+        }
+
+        target.className += " selected";
+        selectedFrame = target;
+
+        // Change the extracted source code
+        changeSourceExtract(frame_id);
+      });
+
+      function changeSourceExtract(frame_id) {
+        var el = document.getElementById('frame-source-' + frame_id);
+        if (currentSource && el) {
+          currentSource.className += " hidden";
+          el.className = el.className.replace(" hidden", "");
+          currentSource = el;
+        }
+      }
+    }
+  </script>
+</div>

data/lib/action_dispatch/middleware/templates/rescues/_trace.text.erb

@@ -0,0 +1,9 @@
+Rails.root: <%= defined?(Rails) && Rails.respond_to?(:root) ? Rails.root : "unset" %>
+
+<% @traces.each do |name, trace| %>
+<% if trace.any? %>
+<%= name %>
+<%= trace.map { |t| t[:trace] }.join("\n") %>
+
+<% end %>
+<% end %>

data/lib/action_dispatch/middleware/templates/rescues/diagnostics.html.erb

@@ -0,0 +1,16 @@
+<header>
+  <h1>
+    <%= @exception.class.to_s %>
+    <% if @request.parameters['controller'] %>
+      in <%= @request.parameters['controller'].camelize %>Controller<% if @request.parameters['action'] %>#<%= @request.parameters['action'] %><% end %>
+    <% end %>
+  </h1>
+</header>
+
+<div id="container">
+  <h2><%= h @exception.message %></h2>
+
+  <%= render template: "rescues/_source" %>
+  <%= render template: "rescues/_trace" %>
+  <%= render template: "rescues/_request_and_response" %>
+</div>

data/lib/action_dispatch/middleware/templates/rescues/diagnostics.text.erb

@@ -0,0 +1,9 @@
+<%= @exception.class.to_s %><%
+  if @request.parameters['controller']
+%> in <%= @request.parameters['controller'].camelize %>Controller<% if @request.parameters['action'] %>#<%= @request.parameters['action'] %><% end %>
+<% end %>
+
+<%= @exception.message %>
+<%= render template: "rescues/_source" %>
+<%= render template: "rescues/_trace" %>
+<%= render template: "rescues/_request_and_response" %>

data/lib/action_dispatch/middleware/templates/rescues/invalid_statement.html.erb

@@ -0,0 +1,21 @@
+<header>
+  <h1>
+    <%= @exception.class.to_s %>
+    <% if @request.parameters['controller'] %>
+      in <%= @request.parameters['controller'].camelize %>Controller<% if @request.parameters['action'] %>#<%= @request.parameters['action'] %><% end %>
+    <% end %>
+  </h1>
+</header>
+
+<div id="container">
+  <h2>
+    <%= h @exception.message %>
+    <% if %r{#{ActiveStorage::Blob.table_name}|#{ActiveStorage::Attachment.table_name}}.match?(@exception.message) %>
+      <br />To resolve this issue run: bin/rails active_storage:install
+    <% end %>
+  </h2>
+
+  <%= render template: "rescues/_source" %>
+  <%= render template: "rescues/_trace" %>
+  <%= render template: "rescues/_request_and_response" %>
+</div>