actionpack 0.9.0

data/lib/action_controller/benchmarking.rb

@@ -0,0 +1,49 @@
+require 'benchmark'
+
+module ActionController #:nodoc:
+  # The benchmarking module times the performance of actions and reports to the logger. If the Active Record
+  # package has been included, a separate timing section for database calls will be added as well.
+  module Benchmarking #:nodoc:
+    def self.append_features(base)
+      super
+      base.class_eval {
+        alias_method :perform_action_without_benchmark, :perform_action
+        alias_method :perform_action, :perform_action_with_benchmark
+
+        alias_method :render_without_benchmark, :render
+        alias_method :render, :render_with_benchmark
+      }
+    end
+
+    def render_with_benchmark(template_name = "#{controller_name}/#{action_name}", status = "200 OK")
+      if logger.nil?
+        render_without_benchmark(template_name, status)
+      else
+        @rendering_runtime = Benchmark::measure{ render_without_benchmark(template_name, status) }.real
+      end
+    end    
+
+    def perform_action_with_benchmark
+      if logger.nil?
+        perform_action_without_benchmark
+      else
+        runtime = [Benchmark::measure{ perform_action_without_benchmark }.real, 0.0001].max
+        log_message  = "Completed in #{sprintf("%4f", runtime)} (#{(1 / runtime).floor} reqs/sec)"
+        log_message << rendering_runtime(runtime) if @rendering_runtime
+        log_message << active_record_runtime(runtime) if Object.const_defined?("ActiveRecord") && ActiveRecord::Base.connected?
+        logger.info(log_message)
+      end
+    end
+    
+    private
+      def rendering_runtime(runtime)
+        " | Rendering: #{sprintf("%f", @rendering_runtime)} (#{sprintf("%d", (@rendering_runtime / runtime) * 100)}%)"
+      end
+
+      def active_record_runtime(runtime)
+        db_runtime    = ActiveRecord::Base.connection.reset_runtime
+        db_percentage = (db_runtime / runtime) * 100
+        " | DB: #{sprintf("%f", db_runtime)} (#{sprintf("%d", db_percentage)}%)"
+      end
+  end
+end

data/lib/action_controller/cgi_ext/cgi_ext.rb

@@ -0,0 +1,43 @@
+require 'cgi'
+require 'cgi/session'
+require 'cgi/session/pstore'
+require 'action_controller/cgi_ext/cgi_methods'
+
+# Wrapper around the CGIMethods that have been secluded to allow testing without 
+# an instatiated CGI object
+class CGI #:nodoc:
+  class << self
+    alias :escapeHTML_fail_on_nil :escapeHTML
+
+    def escapeHTML(string)
+      escapeHTML_fail_on_nil(string) unless string.nil?
+    end
+  end
+  
+  # Returns a parameter hash including values from both the request (POST/GET)
+  # and the query string with the latter taking precedence.
+  def parameters
+    request_parameters.update(query_parameters)
+  end
+
+  def query_parameters
+    CGIMethods.parse_query_parameters(query_string)
+  end
+
+  def request_parameters
+    CGIMethods.parse_request_parameters(params)
+  end
+
+  def redirect(where)
+     header({ 
+       "Status" => "302 Moved", 
+       "location" => "#{where}"
+    })
+  end
+  
+  def session(parameters = nil)
+    parameters = {} if parameters.nil?
+    parameters['database_manager'] = CGI::Session::PStore
+    CGI::Session.new(self, parameters)
+  end
+end

data/lib/action_controller/cgi_ext/cgi_methods.rb

@@ -0,0 +1,91 @@
+require 'cgi'
+
+# Static methods for parsing the query and request parameters that can be used in
+# a CGI extension class or testing in isolation.
+class CGIMethods #:nodoc:
+  public
+    # Returns a hash with the pairs from the query string. The implicit hash construction that is done in
+    # parse_request_params is not done here.
+    def CGIMethods.parse_query_parameters(query_string)
+      parsed_params = {}
+  
+      query_string.split(/[&;]/).each { |p| 
+        k, v = p.split('=')
+
+        k = CGI.unescape(k) unless k.nil?
+        v = CGI.unescape(v) unless v.nil?
+
+        if k =~ /(.*)\[\]$/
+            if parsed_params.has_key? $1
+                parsed_params[$1] << v
+            else
+                parsed_params[$1] = [v]
+            end
+        else
+            parsed_params[k] = v.nil? ? nil : v
+        end
+      }
+  
+      return parsed_params
+    end
+  
+    # Returns the request (POST/GET) parameters in a parsed form where pairs such as "customer[address][street]" / 
+    # "Somewhere cool!" are translated into a full hash hierarchy, like
+    # { "customer" => { "address" => { "street" => "Somewhere cool!" } } }
+    def CGIMethods.parse_request_parameters(params)
+      parsed_params = {}
+
+      for key, value in params
+        value = [value] if key =~ /.*\[\]$/
+        CGIMethods.build_deep_hash(
+          CGIMethods.get_typed_value(value[0]),
+          parsed_params, 
+          CGIMethods.get_levels(key)
+        )
+      end
+    
+      return parsed_params
+    end
+
+  private
+    def CGIMethods.get_typed_value(value)
+      if value.respond_to?(:content_type) && !value.content_type.empty?
+        # Uploaded file
+        value
+      elsif value.respond_to?(:read)
+        # Value as part of a multipart request
+        value.read
+      elsif value.class == Array
+          value
+      else
+        # Standard value (not a multipart request)
+        value.to_s
+      end
+    end
+  
+    def CGIMethods.get_levels(key_string)
+      return [] if key_string.nil? or key_string.empty?
+
+      levels = []
+      main, existance = /(\w+)(\[)?.?/.match(key_string).captures
+      levels << main
+      
+      unless existance.nil?
+        hash_part = key_string.sub(/\w+\[/, "")
+        hash_part.slice!(-1, 1)
+        levels += hash_part.split(/\]\[/)
+      end
+      
+      levels
+    end
+    
+    def CGIMethods.build_deep_hash(value, hash, levels)
+      if levels.length == 0
+        value;
+      elsif hash.nil?
+        { levels.first => CGIMethods.build_deep_hash(value, nil, levels[1..-1]) }
+      else
+        hash.update({ levels.first => CGIMethods.build_deep_hash(value, hash[levels.first], levels[1..-1]) })
+      end
+    end
+end

data/lib/action_controller/cgi_process.rb

@@ -0,0 +1,123 @@
+require 'action_controller/cgi_ext/cgi_ext'
+require 'action_controller/support/cookie_performance_fix'
+require 'action_controller/session/drb_store'
+require 'action_controller/session/active_record_store'
+
+module ActionController #:nodoc:
+  class Base
+    # Process a request extracted from an CGI object and return a response. Pass false as <tt>session_options</tt> to disable
+    # sessions (large performance increase if sessions are not needed). The <tt>session_options</tt> are the same as for CGI::Session:
+    #
+    # * <tt>:database_manager</tt> - standard options are CGI::Session::FileStore, CGI::Session::MemoryStore, and CGI::Session::PStore
+    #   (default). Additionally, there is CGI::Session::DRbStore and CGI::Session::ActiveRecordStore. Read more about these in 
+    #   lib/action_controller/session.
+    # * <tt>:session_key</tt> - the parameter name used for the session id. Defaults to '_session_id'.
+    # * <tt>:session_id</tt> - the session id to use.  If not provided, then it is retrieved from the +session_key+ parameter
+    #   of the request, or automatically generated for a new session.
+    # * <tt>:new_session</tt> - if true, force creation of a new session.  If not set, a new session is only created if none currently
+    #   exists.  If false, a new session is never created, and if none currently exists and the +session_id+ option is not set, 
+    #   an ArgumentError is raised.
+    # * <tt>:session_expires</tt> - the time the current session expires, as a +Time+ object.  If not set, the session will continue
+    #   indefinitely.
+    # * <tt>:session_domain</tt> -  the hostname domain for which this session is valid. If not set, defaults to the hostname of the
+    #   server.
+    # * <tt>:session_secure</tt> - if +true+, this session will only work over HTTPS.
+    # * <tt>:session_path</tt> - the path for which this session applies.  Defaults to the directory of the CGI script.
+    def self.process_cgi(cgi = CGI.new, session_options = {}) 
+      new.process_cgi(cgi, session_options)
+    end
+  
+    def process_cgi(cgi, session_options = {}) #:nodoc:
+      process(CgiRequest.new(cgi, session_options), CgiResponse.new(cgi)).out
+    end
+  end
+
+  class CgiRequest < AbstractRequest #:nodoc:
+    attr_accessor :cgi
+
+    DEFAULT_SESSION_OPTIONS =
+      { "database_manager" => CGI::Session::PStore, "prefix" => "ruby_sess.", "session_path" => "/" }
+
+    def initialize(cgi, session_options = {})
+      @cgi = cgi
+      @session_options = session_options
+      super()
+    end
+
+    def query_parameters
+      @cgi.query_string ? CGIMethods.parse_query_parameters(@cgi.query_string) : {}
+    end
+
+    def request_parameters
+      CGIMethods.parse_request_parameters(@cgi.params)
+    end
+    
+    def env
+      @cgi.send(:env_table)
+    end
+
+    def cookies
+      @cgi.cookies.freeze
+    end
+
+    def host
+      env["HTTP_X_FORWARDED_HOST"] || @cgi.host.split(":").first
+    end
+    
+    def session
+      return @session unless @session.nil?
+      begin
+        @session = (@session_options == false ? {} : CGI::Session.new(@cgi, DEFAULT_SESSION_OPTIONS.merge(@session_options)))
+        @session["__valid_session"]
+        return @session
+      rescue ArgumentError => e
+        @session.delete
+        raise(
+          ActionController::SessionRestoreError, 
+          "Session contained objects where the class definition wasn't available. " +
+          "Remember to require classes for all objects kept in the session. " +
+          "The session has been deleted."
+        )
+      end
+    end
+    
+    def reset_session
+      @session.delete
+      @session = (@session_options == false ? {} : new_session)
+    end
+
+    def method_missing(method_id, *arguments)
+      @cgi.send(method_id, *arguments) rescue super
+    end
+
+    private
+      def new_session
+        CGI::Session.new(@cgi, DEFAULT_SESSION_OPTIONS.merge(@session_options).merge("new_session" => true))
+      end
+  end
+
+  class CgiResponse < AbstractResponse #:nodoc:
+    def initialize(cgi)
+      @cgi = cgi
+      super()
+    end
+
+    def out
+      convert_content_type!(@headers)
+      print @cgi.header(@headers)
+      if @body.respond_to?(:call)
+        @body.call(self)
+      else
+        print @body
+      end
+    end
+    
+    private
+      def convert_content_type!(headers)
+        if headers["Content-Type"]
+          headers["type"] = headers["Content-Type"]
+          headers.delete "Content-Type"
+        end
+      end
+  end
+end

data/lib/action_controller/filters.rb

@@ -0,0 +1,279 @@
+module ActionController #:nodoc:
+  module Filters #:nodoc:
+    def self.append_features(base)
+      super
+      base.extend(ClassMethods)
+      base.class_eval { include ActionController::Filters::InstanceMethods }
+    end
+
+    # Filters enable controllers to run shared pre and post processing code for its actions. These filters can be used to do 
+    # authentication, caching, or auditing before the intended action is performed. Or to do localization or output 
+    # compression after the action has been performed.
+    #
+    # Filters have access to the request, response, and all the instance variables set by other filters in the chain
+    # or by the action (in the case of after filters). Additionally, it's possible for a pre-processing <tt>before_filter</tt>
+    # to halt the processing before the intended action is processed by returning false. This is especially useful for
+    # filters like authentication where you're not interested in allowing the action to be performed if the proper 
+    # credentials are not in order.
+    #
+    # == Filter inheritance
+    #
+    # Controller inheritance hierarchies share filters downwards, but subclasses can also add new filters without
+    # affecting the superclass. For example:
+    #
+    #   class BankController < ActionController::Base
+    #     before_filter :audit
+    #
+    #     private
+    #       def audit
+    #         # record the action and parameters in an audit log
+    #       end
+    #   end
+    #
+    #   class VaultController < BankController
+    #     before_filter :verify_credentials
+    #
+    #     private
+    #       def verify_credentials
+    #         # make sure the user is allowed into the vault
+    #       end
+    #   end
+    #
+    # Now any actions performed on the BankController will have the audit method called before. On the VaultController,
+    # first the audit method is called, then the verify_credentials method. If the audit method returns false, then 
+    # verify_credentials and the intended action is never called.
+    #
+    # == Filter types
+    #
+    # A filter can take one of three forms: method reference (symbol), external class, or inline method (proc). The first
+    # is the most common and works by referencing a protected or private method somewhere in the inheritance hierarchy of
+    # the controller by use of a symbol. In the bank example above, both BankController and VaultController use this form.
+    #
+    # Using an external class makes for more easily reused generic filters, such as output compression. External filter classes
+    # are implemented by having a static +filter+ method on any class and then passing this class to the filter method. Example:
+    #
+    #   class OutputCompressionFilter
+    #     def self.filter(controller)
+    #       controller.response.body = compress(controller.response.body)
+    #     end
+    #   end
+    #
+    #   class NewspaperController < ActionController::Base
+    #     after_filter OutputCompressionFilter
+    #   end
+    #
+    # The filter method is passed the controller instance and is hence granted access to all aspects of the controller and can
+    # manipulate them as it sees fit.
+    #
+    # The inline method (using a proc) can be used to quickly do something small that doesn't require a lot of explanation. 
+    # Or just as a quick test. It works like this:
+    #
+    #   class WeblogController < ActionController::Base
+    #     before_filter { |controller| return false if controller.params["stop_action"] }
+    #   end
+    #
+    # As you can see, the block expects to be passed the controller after it has assigned the request to the internal variables.
+    # This means that the block has access to both the request and response objects complete with convenience methods for params,
+    # session, template, and assigns. Note: The inline method doesn't strictly has to be a block. Any object that responds to call
+    # and returns 1 or -1 on arity will do (such as a Proc or an Method object).
+    #
+    # == Filter chain ordering
+    #
+    # Using <tt>before_filter</tt> and <tt>after_filter</tt> appends the specified filters to the existing chain. That's usually
+    # just fine, but some times you care more about the order in which the filters are executed. When that's the case, you
+    # can use <tt>prepend_before_filter</tt> and <tt>prepend_after_filter</tt>. Filters added by these methods will be put at the
+    # beginning of their respective chain and executed before the rest. For example:
+    #
+    #   class ShoppingController
+    #     before_filter :verify_open_shop
+    #
+    #   class CheckoutController
+    #     prepend_before_filter :ensure_items_in_cart, :ensure_items_in_stock
+    #
+    # The filter chain for the CheckoutController is now <tt>:ensure_items_in_cart, :ensure_items_in_stock,</tt>
+    # <tt>:verify_open_shop</tt>. So if either of the ensure filters return false, we'll never get around to see if the shop 
+    # is open or not.
+    #
+    # You may pass multiple filter arguments of each type as well as a filter block.
+    # If a block is given, it is treated as the last argument.
+    #
+    # == Around filters
+    #
+    # In addition to the individual before and after filters, it's also possible to specify that a single object should handle
+    # both the before and after call. That's especially usefuly when you need to keep state active between the before and after,
+    # such as the example of a benchmark filter below:
+    # 
+    #   class WeblogController < ActionController::Base
+    #     around_filter BenchmarkingFilter.new
+    #     
+    #     # Before this action is performed, BenchmarkingFilter#before(controller) is executed
+    #     def index
+    #     end
+    #     # After this action has been performed, BenchmarkingFilter#after(controller) is executed
+    #   end
+    #
+    #   class BenchmarkingFilter
+    #     def initialize
+    #       @runtime
+    #     end
+    #     
+    #     def before
+    #       start_timer
+    #     end
+    #     
+    #     def after
+    #       stop_timer
+    #       report_result
+    #     end
+    #   end
+    module ClassMethods
+      # The passed <tt>filters</tt> will be appended to the array of filters that's run _before_ actions
+      # on this controller are performed.
+      def append_before_filter(*filters, &block)
+          filters << block if block_given?
+          append_filter_to_chain("before", filters)
+      end
+
+      # The passed <tt>filters</tt> will be prepended to the array of filters that's run _before_ actions
+      # on this controller are performed.
+      def prepend_before_filter(*filters, &block)
+          filters << block if block_given?
+          prepend_filter_to_chain("before", filters)
+      end
+
+      # Short-hand for append_before_filter since that's the most common of the two.
+      alias :before_filter :append_before_filter
+      
+      # The passed <tt>filters</tt> will be appended to the array of filters that's run _after_ actions
+      # on this controller are performed.
+      def append_after_filter(*filters, &block)
+          filters << block if block_given?
+          append_filter_to_chain("after", filters)
+      end
+
+      # The passed <tt>filters</tt> will be prepended to the array of filters that's run _after_ actions
+      # on this controller are performed.
+      def prepend_after_filter(*filters, &block)
+          filters << block if block_given?
+          prepend_filter_to_chain("after", filters)
+      end
+
+      # Short-hand for append_after_filter since that's the most common of the two.
+      alias :after_filter :append_after_filter
+      
+      # The passed <tt>filters</tt> will have their +before+ method appended to the array of filters that's run both before actions
+      # on this controller are performed and have their +after+ method prepended to the after actions. The filter objects must all 
+      # respond to both +before+ and +after+. So if you do append_around_filter A.new, B.new, the callstack will look like:
+      #
+      #   B#before
+      #     A#before
+      #     A#after
+      #   B#after
+      def append_around_filter(filters)
+        for filter in [filters].flatten
+          ensure_filter_responds_to_before_and_after(filter)
+          append_before_filter { |c| filter.before(c) }
+          prepend_after_filter { |c| filter.after(c) }
+        end
+      end        
+
+      # The passed <tt>filters</tt> will have their +before+ method prepended to the array of filters that's run both before actions
+      # on this controller are performed and have their +after+ method appended to the after actions. The filter objects must all 
+      # respond to both +before+ and +after+. So if you do prepend_around_filter A.new, B.new, the callstack will look like:
+      #
+      #   A#before
+      #     B#before
+      #     B#after
+      #   A#after
+      def prepend_around_filter(filters)
+        for filter in [filters].flatten
+          ensure_filter_responds_to_before_and_after(filter)
+          prepend_before_filter { |c| filter.before(c) }
+          append_after_filter   { |c| filter.after(c) }
+        end
+      end     
+
+      # Short-hand for append_around_filter since that's the most common of the two.
+      alias :around_filter :append_around_filter
+      
+      # Returns all the before filters for this class and all its ancestors.
+      def before_filters #:nodoc:
+        read_inheritable_attribute("before_filters")
+      end
+      
+      # Returns all the after filters for this class and all its ancestors.
+      def after_filters #:nodoc:
+        read_inheritable_attribute("after_filters")
+      end
+      
+      private
+        def append_filter_to_chain(condition, filters)
+          write_inheritable_array("#{condition}_filters", filters)
+        end
+
+        def prepend_filter_to_chain(condition, filters)
+          write_inheritable_attribute("#{condition}_filters", filters + read_inheritable_attribute("#{condition}_filters"))
+        end
+
+        def ensure_filter_responds_to_before_and_after(filter)
+          unless filter.respond_to?(:before) && filter.respond_to?(:after)
+            raise ActionControllerError, "Filter object must respond to both before and after"
+          end
+        end
+    end
+
+    module InstanceMethods # :nodoc:
+      def self.append_features(base)
+        super
+        base.class_eval {
+          alias_method :perform_action_without_filters, :perform_action
+          alias_method :perform_action, :perform_action_with_filters
+        }
+      end
+
+      def perform_action_with_filters
+        return if before_action == false
+        perform_action_without_filters
+        after_action
+      end
+
+      # Calls all the defined before-filter filters, which are added by using "before_filter :method".
+      # If any of the filters return false, no more filters will be executed and the action is aborted.
+      def before_action #:doc:
+        call_filters(self.class.before_filters)
+      end
+
+      # Calls all the defined after-filter filters, which are added by using "after_filter :method".
+      # If any of the filters return false, no more filters will be executed.
+      def after_action #:doc:
+        call_filters(self.class.after_filters)
+      end
+      
+      private
+        def call_filters(filters)
+          filters.each do |filter| 
+            if Symbol === filter
+              if self.send(filter) == false then return false end
+            elsif filter_block?(filter)
+              if filter.call(self) == false then return false end
+            elsif filter_class?(filter)
+              if filter.filter(self) == false then return false end
+            else
+              raise(
+                ActionControllerError, 
+                "Filters need to be either a symbol, proc/method, or class implementing a static filter method"
+              )
+            end
+          end
+        end
+        
+        def filter_block?(filter)
+          filter.respond_to?("call") && (filter.arity == 1 || filter.arity == -1)
+        end
+        
+        def filter_class?(filter)
+          filter.respond_to?("filter")
+        end
+    end
+  end
+end