actionpack 4.2.10 → 6.1.4.1

data/lib/action_controller/metal/live.rb

@@ -1,9 +1,11 @@
-require 'action_dispatch/http/response'
-require 'delegate'
-require 'active_support/json'
+# frozen_string_literal: true
+
+require "action_dispatch/http/response"
+require "delegate"
+require "active_support/json"
 
 module ActionController
-  # Mix this module in to your controller, and all actions in that controller
+  # Mix this module into your controller, and all actions in that controller
   # will be able to stream data to the client as it's written.
   #
   #   class MyController < ActionController::Base
@@ -20,7 +22,7 @@ module ActionController
   #     end
   #   end
   #
-  # There are a few caveats with this use. You *cannot* write headers after the
+  # There are a few caveats with this module. You *cannot* write headers after the
   # response has been committed (Response#committed? will return truthy).
   # Calling +write+ or +close+ on the response stream will cause the response
   # object to be committed. Make sure all headers are set before calling write
@@ -33,6 +35,20 @@ module ActionController
   # the main thread. Make sure your actions are thread safe, and this shouldn't
   # be a problem (don't share state across threads, etc).
   module Live
+    extend ActiveSupport::Concern
+
+    module ClassMethods
+      def make_response!(request)
+        if request.get_header("HTTP_VERSION") == "HTTP/1.0"
+          super
+        else
+          Live::Response.new.tap do |res|
+            res.request = request
+          end
+        end
+      end
+    end
+
     # This class provides the ability to write an SSE (Server Sent Event)
     # to an IO stream. The class is initialized with a stream and can be used
     # to either write a JSON string or an object which can be converted to JSON.
@@ -70,8 +86,7 @@ module ActionController
     # Note: SSEs are not currently supported by IE. However, they are supported
     # by Chrome, Firefox, Opera, and Safari.
     class SSE
-
-      WHITELISTED_OPTIONS = %w( retry event id )
+      PERMITTED_OPTIONS = %w( retry event id )
 
       def initialize(stream, options = {})
         @stream = stream
@@ -92,17 +107,16 @@ module ActionController
       end
 
       private
-
         def perform_write(json, options)
           current_options = @options.merge(options).stringify_keys
 
-          WHITELISTED_OPTIONS.each do |option_name|
+          PERMITTED_OPTIONS.each do |option_name|
             if (option_value = current_options[option_name])
               @stream.write "#{option_name}: #{option_value}\n"
             end
           end
 
-          message = json.gsub(/\n/, "\ndata: ")
+          message = json.gsub("\n", "\ndata: ")
           @stream.write "data: #{message}\n\n"
         end
     end
@@ -113,6 +127,11 @@ module ActionController
     class Buffer < ActionDispatch::Response::Buffer #:nodoc:
       include MonitorMixin
 
+      class << self
+        attr_accessor :queue_size
+      end
+      @queue_size = 10
+
       # Ignore that the client has disconnected.
       #
       # If this value is `true`, calling `write` after the client
@@ -122,17 +141,17 @@ module ActionController
       attr_accessor :ignore_disconnect
 
       def initialize(response)
+        super(response, build_queue(self.class.queue_size))
         @error_callback = lambda { true }
         @cv = new_cond
         @aborted = false
         @ignore_disconnect = false
-        super(response, SizedQueue.new(10))
       end
 
       def write(string)
         unless @response.committed?
-          @response.headers["Cache-Control"] = "no-cache"
-          @response.headers.delete "Content-Length"
+          @response.headers["Cache-Control"] ||= "no-cache"
+          @response.delete_header "Content-Length"
         end
 
         super
@@ -149,14 +168,6 @@ module ActionController
         end
       end
 
-      def each
-        @response.sending!
-        while str = @buf.pop
-          yield str
-        end
-        @response.sent!
-      end
-
       # Write a 'close' event to the buffer; the producer/writing thread
       # uses this to notify us that it's finished supplying content.
       #
@@ -189,12 +200,6 @@ module ActionController
         !@aborted
       end
 
-      def await_close
-        synchronize do
-          @cv.wait_until { @closed }
-        end
-      end
-
       def on_error(&block)
         @error_callback = block
       end
@@ -202,60 +207,38 @@ module ActionController
       def call_on_error
         @error_callback.call
       end
-    end
 
-    class Response < ActionDispatch::Response #:nodoc: all
-      class Header < DelegateClass(Hash) # :nodoc:
-        def initialize(response, header)
-          @response = response
-          super(header)
-        end
-
-        def []=(k,v)
-          if @response.committed?
-            raise ActionDispatch::IllegalStateError, 'header already sent'
+      private
+        def each_chunk(&block)
+          loop do
+            str = nil
+            ActiveSupport::Dependencies.interlock.permit_concurrent_loads do
+              str = @buf.pop
+            end
+            break unless str
+            yield str
           end
-
-          super
-        end
-
-        def merge(other)
-          self.class.new @response, __getobj__.merge(other)
         end
 
-        def to_hash
-          __getobj__.dup
+        def build_queue(queue_size)
+          queue_size ? SizedQueue.new(queue_size) : Queue.new
         end
-      end
+    end
 
+    class Response < ActionDispatch::Response #:nodoc: all
       private
+        def before_committed
+          super
+          jar = request.cookie_jar
+          # The response can be committed multiple times
+          jar.write self unless committed?
+        end
 
-      def before_committed
-        super
-        jar = request.cookie_jar
-        # The response can be committed multiple times
-        jar.write self unless committed?
-      end
-
-      def before_sending
-        super
-        request.cookie_jar.commit!
-        headers.freeze
-      end
-
-      def build_buffer(response, body)
-        buf = Live::Buffer.new response
-        body.each { |part| buf.write part }
-        buf
-      end
-
-      def merge_default_headers(original, default)
-        Header.new self, super
-      end
-
-      def handle_conditional_get!
-        super unless committed?
-      end
+        def build_buffer(response, body)
+          buf = Live::Buffer.new response
+          body.each { |part| buf.write part }
+          buf
+        end
     end
 
     def process(name)
@@ -264,51 +247,43 @@ module ActionController
 
       error = nil
       # This processes the action in a child thread. It lets us return the
-      # response code and headers back up the rack stack, and still process
-      # the body in parallel with sending data to the client
-      Thread.new {
-        t2 = Thread.current
-        t2.abort_on_exception = true
-
-        # Since we're processing the view in a different thread, copy the
-        # thread locals from the main thread to the child thread. :'(
-        locals.each { |k,v| t2[k] = v }
-
-        begin
-          super(name)
-        rescue => e
-          if @_response.committed?
-            begin
-              @_response.stream.write(ActionView::Base.streaming_completion_on_exception) if request.format == :html
-              @_response.stream.call_on_error
-            rescue => exception
-              log_error(exception)
-            ensure
-              log_error(e)
-              @_response.stream.close
+      # response code and headers back up the Rack stack, and still process
+      # the body in parallel with sending data to the client.
+      new_controller_thread {
+        ActiveSupport::Dependencies.interlock.running do
+          t2 = Thread.current
+
+          # Since we're processing the view in a different thread, copy the
+          # thread locals from the main thread to the child thread. :'(
+          locals.each { |k, v| t2[k] = v }
+
+          begin
+            super(name)
+          rescue => e
+            if @_response.committed?
+              begin
+                @_response.stream.write(ActionView::Base.streaming_completion_on_exception) if request.format == :html
+                @_response.stream.call_on_error
+              rescue => exception
+                log_error(exception)
+              ensure
+                log_error(e)
+                @_response.stream.close
+              end
+            else
+              error = e
             end
-          else
-            error = e
+          ensure
+            @_response.commit!
           end
-        ensure
-          @_response.commit!
         end
       }
 
-      @_response.await_commit
-      raise error if error
-    end
-
-    def log_error(exception)
-      logger = ActionController::Base.logger
-      return unless logger
-
-      logger.fatal do
-        message = "\n#{exception.class} (#{exception.message}):\n"
-        message << exception.annoted_source_code.to_s if exception.respond_to?(:annoted_source_code)
-        message << "  " << exception.backtrace.join("\n  ")
-        "#{message}\n\n"
+      ActiveSupport::Dependencies.interlock.permit_concurrent_loads do
+        @_response.await_commit
       end
+
+      raise error if error
     end
 
     def response_body=(body)
@@ -316,13 +291,29 @@ module ActionController
       response.close if response
     end
 
-    def set_response!(request)
-      if request.env["HTTP_VERSION"] == "HTTP/1.0"
-        super
-      else
-        @_response         = Live::Response.new
-        @_response.request = request
+    private
+      # Spawn a new thread to serve up the controller in. This is to get
+      # around the fact that Rack isn't based around IOs and we need to use
+      # a thread to stream data from the response bodies. Nobody should call
+      # this method except in Rails internals. Seriously!
+      def new_controller_thread # :nodoc:
+        Thread.new {
+          t2 = Thread.current
+          t2.abort_on_exception = true
+          yield
+        }
+      end
+
+      def log_error(exception)
+        logger = ActionController::Base.logger
+        return unless logger
+
+        logger.fatal do
+          message = +"\n#{exception.class} (#{exception.message}):\n"
+          message << exception.annotated_source_code.to_s if exception.respond_to?(:annotated_source_code)
+          message << "  " << exception.backtrace.join("\n  ")
+          "#{message}\n\n"
+        end
       end
-    end
   end
 end

data/lib/action_controller/metal/logging.rb

@@ -0,0 +1,20 @@
+# frozen_string_literal: true
+
+module ActionController
+  module Logging
+    extend ActiveSupport::Concern
+
+    module ClassMethods
+      # Set a different log level per request.
+      #
+      #   # Use the debug log level if a particular cookie is set.
+      #   class ApplicationController < ActionController::Base
+      #     log_at :debug, if: -> { cookies[:debug] }
+      #   end
+      #
+      def log_at(level, **options)
+        around_action ->(_, action) { logger.log_at(level, &action) }, **options
+      end
+    end
+  end
+end

data/lib/action_controller/metal/mime_responds.rb

@@ -1,29 +1,9 @@
-require 'abstract_controller/collector'
+# frozen_string_literal: true
+
+require "abstract_controller/collector"
 
 module ActionController #:nodoc:
   module MimeResponds
-    extend ActiveSupport::Concern
-
-    # :stopdoc:
-    module ClassMethods
-      def respond_to(*)
-        raise NoMethodError, "The controller-level `respond_to' feature has " \
-          "been extracted to the `responders` gem. Add it to your Gemfile to " \
-          "continue using this feature:\n" \
-          "  gem 'responders', '~> 2.0'\n" \
-          "Consult the Rails upgrade guide for details."
-      end
-    end
-
-    def respond_with(*)
-      raise NoMethodError, "The `respond_with' feature has been extracted " \
-        "to the `responders` gem. Add it to your Gemfile to continue using " \
-        "this feature:\n" \
-        "  gem 'responders', '~> 2.0'\n" \
-        "Consult the Rails upgrade guide for details."
-    end
-    # :startdoc:
-
     # Without web-service support, an action which collects the data for displaying a list of people
     # might look something like this:
     #
@@ -31,6 +11,13 @@ module ActionController #:nodoc:
     #     @people = Person.all
     #   end
     #
+    # That action implicitly responds to all formats, but formats can also be explicitly enumerated:
+    #
+    #   def index
+    #     @people = Person.all
+    #     respond_to :html, :js
+    #   end
+    #
     # Here's the same action, with web-service support baked in:
     #
     #   def index
@@ -38,11 +25,12 @@ module ActionController #:nodoc:
     #
     #     respond_to do |format|
     #       format.html
+    #       format.js
     #       format.xml { render xml: @people }
     #     end
     #   end
     #
-    # What that says is, "if the client wants HTML in response to this action, just respond as we
+    # What that says is, "if the client wants HTML or JS in response to this action, just respond as we
     # would have before, but if the client wants XML, return them the list of people in XML format."
     # (Rails determines the desired response format from the HTTP Accept header submitted by the client.)
     #
@@ -113,11 +101,11 @@ module ActionController #:nodoc:
     # and accept Rails' defaults, life will be much easier.
     #
     # If you need to use a MIME type which isn't supported by default, you can register your own handlers in
-    # config/initializers/mime_types.rb as follows.
+    # +config/initializers/mime_types.rb+ as follows.
     #
     #   Mime::Type.register "image/jpg", :jpg
     #
-    # Respond to also allows you to specify a common block for different formats by using any:
+    # +respond_to+ also allows you to specify a common block for different formats by using +any+:
     #
     #   def index
     #     @people = Person.all
@@ -136,6 +124,14 @@ module ActionController #:nodoc:
     #
     #   render json: @people
     #
+    # +any+ can also be used with no arguments, in which case it will be used for any format requested by
+    # the user:
+    #
+    #   respond_to do |format|
+    #     format.html
+    #     format.any { redirect_to support_path }
+    #   end
+    #
     # Formats can have different variants.
     #
     # The request variant is a specialization of the request format, like <tt>:tablet</tt>,
@@ -146,7 +142,7 @@ module ActionController #:nodoc:
     #
     # You can set the variant in a +before_action+:
     #
-    #   request.variant = :tablet if request.user_agent =~ /iPad/
+    #   request.variant = :tablet if /iPad/.match?(request.user_agent)
     #
     # Respond to variants in the action just like you respond to formats:
     #
@@ -173,21 +169,21 @@ module ActionController #:nodoc:
     #     format.html.none  { render "trash" }
     #   end
     #
-    # Variants also support common `any`/`all` block that formats have.
+    # Variants also support common +any+/+all+ block that formats have.
     #
     # It works for both inline:
     #
     #   respond_to do |format|
-    #     format.html.any   { render text: "any"   }
-    #     format.html.phone { render text: "phone" }
+    #     format.html.any   { render html: "any"   }
+    #     format.html.phone { render html: "phone" }
     #   end
     #
     # and block syntax:
     #
     #   respond_to do |format|
     #     format.html do |variant|
-    #       variant.any(:tablet, :phablet){ render text: "any" }
-    #       variant.phone { render text: "phone" }
+    #       variant.any(:tablet, :phablet){ render html: "any" }
+    #       variant.phone { render html: "phone" }
     #     end
     #   end
     #
@@ -195,16 +191,13 @@ module ActionController #:nodoc:
     #
     #   request.variant = [:tablet, :phone]
     #
-    # which will work similarly to formats and MIME types negotiation. If there will be no
-    # :tablet variant declared, :phone variant will be picked:
+    # This will work similarly to formats and MIME types negotiation. If there
+    # is no +:tablet+ variant declared, the +:phone+ variant will be used:
     #
     #   respond_to do |format|
     #     format.html.none
     #     format.html.phone # this gets rendered
     #   end
-    #
-    # Be sure to check the documentation of <tt>ActionController::MimeResponds.respond_to</tt>
-    # for more examples.
     def respond_to(*mimes)
       raise ArgumentError, "respond_to takes either types or a block, never both" if mimes.any? && block_given?
 
@@ -212,9 +205,13 @@ module ActionController #:nodoc:
       yield collector if block_given?
 
       if format = collector.negotiate_format(request)
+        if media_type && media_type != format
+          raise ActionController::RespondToMismatchError
+        end
         _process_format(format)
+        _set_rendered_content_type(format) unless collector.any_response?
         response = collector.response
-        response ? response.call : render({})
+        response.call if response
       else
         raise ActionController::UnknownFormat
       end
@@ -250,7 +247,7 @@ module ActionController #:nodoc:
         @responses = {}
         @variant = variant
 
-        mimes.each { |mime| @responses["Mime::#{mime.upcase}".constantize] = nil }
+        mimes.each { |mime| @responses[Mime[mime]] = nil }
       end
 
       def any(*args, &block)
@@ -271,6 +268,10 @@ module ActionController #:nodoc:
         end
       end
 
+      def any_response?
+        !@responses.fetch(format, false) && @responses[Mime::ALL]
+      end
+
       def response
         response = @responses.fetch(format, @responses[Mime::ALL])
         if response.is_a?(VariantCollector) # `format.html.phone` - variant inline syntax
@@ -296,8 +297,8 @@ module ActionController #:nodoc:
 
         def any(*args, &block)
           if block_given?
-            if args.any? && args.none?{ |a| a == @variant }
-              args.each{ |v| @variants[v] = block }
+            if args.any? && args.none? { |a| a == @variant }
+              args.each { |v| @variants[v] = block }
             else
               @variants[:any] = block
             end
@@ -310,16 +311,17 @@ module ActionController #:nodoc:
         end
 
         def variant
-          if @variant.nil?
+          if @variant.empty?
             @variants[:none] || @variants[:any]
-          elsif (@variants.keys & @variant).any?
-            @variant.each do |v|
-              return @variants[v] if @variants.key?(v)
-            end
           else
-            @variants[:any]
+            @variants[variant_key]
           end
         end
+
+        private
+          def variant_key
+            @variant.find { |variant| @variants.key?(variant) } || :any
+          end
       end
     end
   end

data/lib/action_controller/metal/parameter_encoding.rb

@@ -0,0 +1,82 @@
+# frozen_string_literal: true
+
+module ActionController
+  # Specify binary encoding for parameters for a given action.
+  module ParameterEncoding
+    extend ActiveSupport::Concern
+
+    module ClassMethods
+      def inherited(klass) # :nodoc:
+        super
+        klass.setup_param_encode
+      end
+
+      def setup_param_encode # :nodoc:
+        @_parameter_encodings = Hash.new { |h, k| h[k] = {} }
+      end
+
+      def action_encoding_template(action) # :nodoc:
+        if @_parameter_encodings.has_key?(action.to_s)
+          @_parameter_encodings[action.to_s]
+        end
+      end
+
+      # Specify that a given action's parameters should all be encoded as
+      # ASCII-8BIT (it "skips" the encoding default of UTF-8).
+      #
+      # For example, a controller would use it like this:
+      #
+      #   class RepositoryController < ActionController::Base
+      #     skip_parameter_encoding :show
+      #
+      #     def show
+      #       @repo = Repository.find_by_filesystem_path params[:file_path]
+      #
+      #       # `repo_name` is guaranteed to be UTF-8, but was ASCII-8BIT, so
+      #       # tag it as such
+      #       @repo_name = params[:repo_name].force_encoding 'UTF-8'
+      #     end
+      #
+      #     def index
+      #       @repositories = Repository.all
+      #     end
+      #   end
+      #
+      # The show action in the above controller would have all parameter values
+      # encoded as ASCII-8BIT. This is useful in the case where an application
+      # must handle data but encoding of the data is unknown, like file system data.
+      def skip_parameter_encoding(action)
+        @_parameter_encodings[action.to_s] = Hash.new { Encoding::ASCII_8BIT }
+      end
+
+      # Specify the encoding for a parameter on an action.
+      # If not specified the default is UTF-8.
+      #
+      # You can specify a binary (ASCII_8BIT) parameter with:
+      #
+      #   class RepositoryController < ActionController::Base
+      #     # This specifies that file_path is not UTF-8 and is instead ASCII_8BIT
+      #     param_encoding :show, :file_path, Encoding::ASCII_8BIT
+      #
+      #     def show
+      #       @repo = Repository.find_by_filesystem_path params[:file_path]
+      #
+      #       # params[:repo_name] remains UTF-8 encoded
+      #       @repo_name = params[:repo_name]
+      #     end
+      #
+      #     def index
+      #       @repositories = Repository.all
+      #     end
+      #   end
+      #
+      # The file_path parameter on the show action would be encoded as ASCII-8BIT,
+      # but all other arguments will remain UTF-8 encoded.
+      # This is useful in the case where an application must handle data
+      # but encoding of the data is unknown, like file system data.
+      def param_encoding(action, param, encoding)
+        @_parameter_encodings[action.to_s][param.to_s] = encoding
+      end
+    end
+  end
+end