actionpack 4.2.10 → 7.2.0.rc1

data/lib/action_controller/metal/live.rb

@@ -1,77 +1,113 @@
-require 'action_dispatch/http/response'
-require 'delegate'
-require 'active_support/json'
+# frozen_string_literal: true
+
+# :markup: markdown
+
+require "action_dispatch/http/response"
+require "delegate"
+require "active_support/json"
 
 module ActionController
-  # Mix this module in to your controller, and all actions in that controller
-  # will be able to stream data to the client as it's written.
+  # # Action Controller Live
   #
-  #   class MyController < ActionController::Base
-  #     include ActionController::Live
+  # Mix this module into your controller, and all actions in that controller will
+  # be able to stream data to the client as it's written.
   #
-  #     def stream
-  #       response.headers['Content-Type'] = 'text/event-stream'
-  #       100.times {
-  #         response.stream.write "hello world\n"
-  #         sleep 1
-  #       }
-  #     ensure
-  #       response.stream.close
+  #     class MyController < ActionController::Base
+  #       include ActionController::Live
+  #
+  #       def stream
+  #         response.headers['Content-Type'] = 'text/event-stream'
+  #         100.times {
+  #           response.stream.write "hello world\n"
+  #           sleep 1
+  #         }
+  #       ensure
+  #         response.stream.close
+  #       end
   #     end
-  #   end
   #
-  # There are a few caveats with this use. You *cannot* write headers after the
-  # response has been committed (Response#committed? will return truthy).
-  # Calling +write+ or +close+ on the response stream will cause the response
-  # object to be committed. Make sure all headers are set before calling write
-  # or close on your stream.
+  # There are a few caveats with this module. You **cannot** write headers after
+  # the response has been committed (Response#committed? will return truthy).
+  # Calling `write` or `close` on the response stream will cause the response
+  # object to be committed. Make sure all headers are set before calling write or
+  # close on your stream.
   #
-  # You *must* call close on your stream when you're finished, otherwise the
+  # You **must** call close on your stream when you're finished, otherwise the
   # socket may be left open forever.
   #
   # The final caveat is that your actions are executed in a separate thread than
-  # the main thread. Make sure your actions are thread safe, and this shouldn't
-  # be a problem (don't share state across threads, etc).
+  # the main thread. Make sure your actions are thread safe, and this shouldn't be
+  # a problem (don't share state across threads, etc).
+  #
+  # Note that Rails includes `Rack::ETag` by default, which will buffer your
+  # response. As a result, streaming responses may not work properly with Rack
+  # 2.2.x, and you may need to implement workarounds in your application. You can
+  # either set the `ETag` or `Last-Modified` response headers or remove
+  # `Rack::ETag` from the middleware stack to address this issue.
+  #
+  # Here's an example of how you can set the `Last-Modified` header if your Rack
+  # version is 2.2.x:
+  #
+  #     def stream
+  #       response.headers["Content-Type"] = "text/event-stream"
+  #       response.headers["Last-Modified"] = Time.now.httpdate # Add this line if your Rack version is 2.2.x
+  #       ...
+  #     end
   module Live
-    # This class provides the ability to write an SSE (Server Sent Event)
-    # to an IO stream. The class is initialized with a stream and can be used
-    # to either write a JSON string or an object which can be converted to JSON.
+    extend ActiveSupport::Concern
+
+    module ClassMethods
+      def make_response!(request)
+        if request.get_header("HTTP_VERSION") == "HTTP/1.0"
+          super
+        else
+          Live::Response.new.tap do |res|
+            res.request = request
+          end
+        end
+      end
+    end
+
+    # # Action Controller Live Server Sent Events
+    #
+    # This class provides the ability to write an SSE (Server Sent Event) to an IO
+    # stream. The class is initialized with a stream and can be used to either write
+    # a JSON string or an object which can be converted to JSON.
     #
     # Writing an object will convert it into standard SSE format with whatever
     # options you have configured. You may choose to set the following options:
     #
-    #   1) Event. If specified, an event with this name will be dispatched on
-    #   the browser.
-    #   2) Retry. The reconnection time in milliseconds used when attempting
-    #   to send the event.
-    #   3) Id. If the connection dies while sending an SSE to the browser, then
-    #   the server will receive a +Last-Event-ID+ header with value equal to +id+.
+    #     1) Event. If specified, an event with this name will be dispatched on
+    #     the browser.
+    #     2) Retry. The reconnection time in milliseconds used when attempting
+    #     to send the event.
+    #     3) Id. If the connection dies while sending an SSE to the browser, then
+    #     the server will receive a +Last-Event-ID+ header with value equal to +id+.
     #
-    # After setting an option in the constructor of the SSE object, all future
-    # SSEs sent across the stream will use those options unless overridden.
+    # After setting an option in the constructor of the SSE object, all future SSEs
+    # sent across the stream will use those options unless overridden.
     #
     # Example Usage:
     #
-    #   class MyController < ActionController::Base
-    #     include ActionController::Live
+    #     class MyController < ActionController::Base
+    #       include ActionController::Live
     #
-    #     def index
-    #       response.headers['Content-Type'] = 'text/event-stream'
-    #       sse = SSE.new(response.stream, retry: 300, event: "event-name")
-    #       sse.write({ name: 'John'})
-    #       sse.write({ name: 'John'}, id: 10)
-    #       sse.write({ name: 'John'}, id: 10, event: "other-event")
-    #       sse.write({ name: 'John'}, id: 10, event: "other-event", retry: 500)
-    #     ensure
-    #       sse.close
+    #       def index
+    #         response.headers['Content-Type'] = 'text/event-stream'
+    #         sse = SSE.new(response.stream, retry: 300, event: "event-name")
+    #         sse.write({ name: 'John'})
+    #         sse.write({ name: 'John'}, id: 10)
+    #         sse.write({ name: 'John'}, id: 10, event: "other-event")
+    #         sse.write({ name: 'John'}, id: 10, event: "other-event", retry: 500)
+    #       ensure
+    #         sse.close
+    #       end
     #     end
-    #   end
     #
-    # Note: SSEs are not currently supported by IE. However, they are supported
-    # by Chrome, Firefox, Opera, and Safari.
+    # Note: SSEs are not currently supported by IE. However, they are supported by
+    # Chrome, Firefox, Opera, and Safari.
     class SSE
-
-      WHITELISTED_OPTIONS = %w( retry event id )
+      PERMITTED_OPTIONS = %w( retry event id )
 
       def initialize(stream, options = {})
         @stream = stream
@@ -92,17 +128,16 @@ module ActionController
       end
 
       private
-
         def perform_write(json, options)
           current_options = @options.merge(options).stringify_keys
 
-          WHITELISTED_OPTIONS.each do |option_name|
+          PERMITTED_OPTIONS.each do |option_name|
             if (option_value = current_options[option_name])
               @stream.write "#{option_name}: #{option_value}\n"
             end
           end
 
-          message = json.gsub(/\n/, "\ndata: ")
+          message = json.gsub("\n", "\ndata: ")
           @stream.write "data: #{message}\n\n"
         end
     end
@@ -110,29 +145,39 @@ module ActionController
     class ClientDisconnected < RuntimeError
     end
 
-    class Buffer < ActionDispatch::Response::Buffer #:nodoc:
+    class Buffer < ActionDispatch::Response::Buffer # :nodoc:
       include MonitorMixin
 
+      class << self
+        attr_accessor :queue_size
+      end
+      @queue_size = 10
+
       # Ignore that the client has disconnected.
       #
-      # If this value is `true`, calling `write` after the client
-      # disconnects will result in the written content being silently
-      # discarded. If this value is `false` (the default), a
-      # ClientDisconnected exception will be raised.
+      # If this value is `true`, calling `write` after the client disconnects will
+      # result in the written content being silently discarded. If this value is
+      # `false` (the default), a ClientDisconnected exception will be raised.
       attr_accessor :ignore_disconnect
 
       def initialize(response)
+        super(response, build_queue(self.class.queue_size))
         @error_callback = lambda { true }
         @cv = new_cond
         @aborted = false
         @ignore_disconnect = false
-        super(response, SizedQueue.new(10))
       end
 
+      # ActionDispatch::Response delegates #to_ary to the internal
+      # ActionDispatch::Response::Buffer, defining #to_ary is an indicator that the
+      # response body can be buffered and/or cached by Rack middlewares, this is not
+      # the case for Live responses so we undefine it for this Buffer subclass.
+      undef_method :to_ary
+
       def write(string)
         unless @response.committed?
-          @response.headers["Cache-Control"] = "no-cache"
-          @response.headers.delete "Content-Length"
+          @response.headers["Cache-Control"] ||= "no-cache"
+          @response.delete_header "Content-Length"
         end
 
         super
@@ -141,24 +186,20 @@ module ActionController
           @buf.clear
 
           unless @ignore_disconnect
-            # Raise ClientDisconnected, which is a RuntimeError (not an
-            # IOError), because that's more appropriate for something beyond
-            # the developer's control.
+            # Raise ClientDisconnected, which is a RuntimeError (not an IOError), because
+            # that's more appropriate for something beyond the developer's control.
             raise ClientDisconnected, "client disconnected"
           end
         end
       end
 
-      def each
-        @response.sending!
-        while str = @buf.pop
-          yield str
-        end
-        @response.sent!
+      # Same as `write` but automatically include a newline at the end of the string.
+      def writeln(string)
+        write string.end_with?("\n") ? string : "#{string}\n"
       end
 
-      # Write a 'close' event to the buffer; the producer/writing thread
-      # uses this to notify us that it's finished supplying content.
+      # Write a 'close' event to the buffer; the producer/writing thread uses this to
+      # notify us that it's finished supplying content.
       #
       # See also #abort.
       def close
@@ -169,9 +210,8 @@ module ActionController
         end
       end
 
-      # Inform the producer/writing thread that the client has
-      # disconnected; the reading thread is no longer interested in
-      # anything that's being written.
+      # Inform the producer/writing thread that the client has disconnected; the
+      # reading thread is no longer interested in anything that's being written.
       #
       # See also #close.
       def abort
@@ -183,18 +223,12 @@ module ActionController
 
       # Is the client still connected and waiting for content?
       #
-      # The result of calling `write` when this is `false` is determined
-      # by `ignore_disconnect`.
+      # The result of calling `write` when this is `false` is determined by
+      # `ignore_disconnect`.
       def connected?
         !@aborted
       end
 
-      def await_close
-        synchronize do
-          @cv.wait_until { @closed }
-        end
-      end
-
       def on_error(&block)
         @error_callback = block
       end
@@ -202,60 +236,38 @@ module ActionController
       def call_on_error
         @error_callback.call
       end
-    end
 
-    class Response < ActionDispatch::Response #:nodoc: all
-      class Header < DelegateClass(Hash) # :nodoc:
-        def initialize(response, header)
-          @response = response
-          super(header)
-        end
-
-        def []=(k,v)
-          if @response.committed?
-            raise ActionDispatch::IllegalStateError, 'header already sent'
+      private
+        def each_chunk(&block)
+          loop do
+            str = nil
+            ActiveSupport::Dependencies.interlock.permit_concurrent_loads do
+              str = @buf.pop
+            end
+            break unless str
+            yield str
           end
-
-          super
-        end
-
-        def merge(other)
-          self.class.new @response, __getobj__.merge(other)
         end
 
-        def to_hash
-          __getobj__.dup
+        def build_queue(queue_size)
+          queue_size ? SizedQueue.new(queue_size) : Queue.new
         end
-      end
+    end
 
+    class Response < ActionDispatch::Response # :nodoc: all
       private
+        def before_committed
+          super
+          jar = request.cookie_jar
+          # The response can be committed multiple times
+          jar.write self unless committed?
+        end
 
-      def before_committed
-        super
-        jar = request.cookie_jar
-        # The response can be committed multiple times
-        jar.write self unless committed?
-      end
-
-      def before_sending
-        super
-        request.cookie_jar.commit!
-        headers.freeze
-      end
-
-      def build_buffer(response, body)
-        buf = Live::Buffer.new response
-        body.each { |part| buf.write part }
-        buf
-      end
-
-      def merge_default_headers(original, default)
-        Header.new self, super
-      end
-
-      def handle_conditional_get!
-        super unless committed?
-      end
+        def build_buffer(response, body)
+          buf = Live::Buffer.new response
+          body.each { |part| buf.write part }
+          buf
+        end
     end
 
     def process(name)
@@ -263,52 +275,45 @@ module ActionController
       locals = t1.keys.map { |key| [key, t1[key]] }
 
       error = nil
-      # This processes the action in a child thread. It lets us return the
-      # response code and headers back up the rack stack, and still process
-      # the body in parallel with sending data to the client
-      Thread.new {
-        t2 = Thread.current
-        t2.abort_on_exception = true
-
-        # Since we're processing the view in a different thread, copy the
-        # thread locals from the main thread to the child thread. :'(
-        locals.each { |k,v| t2[k] = v }
-
-        begin
-          super(name)
-        rescue => e
-          if @_response.committed?
-            begin
-              @_response.stream.write(ActionView::Base.streaming_completion_on_exception) if request.format == :html
-              @_response.stream.call_on_error
-            rescue => exception
-              log_error(exception)
-            ensure
-              log_error(e)
-              @_response.stream.close
+      # This processes the action in a child thread. It lets us return the response
+      # code and headers back up the Rack stack, and still process the body in
+      # parallel with sending data to the client.
+      new_controller_thread {
+        ActiveSupport::Dependencies.interlock.running do
+          t2 = Thread.current
+
+          # Since we're processing the view in a different thread, copy the thread locals
+          # from the main thread to the child thread. :'(
+          locals.each { |k, v| t2[k] = v }
+          ActiveSupport::IsolatedExecutionState.share_with(t1)
+
+          begin
+            super(name)
+          rescue => e
+            if @_response.committed?
+              begin
+                @_response.stream.write(ActionView::Base.streaming_completion_on_exception) if request.format == :html
+                @_response.stream.call_on_error
+              rescue => exception
+                log_error(exception)
+              ensure
+                log_error(e)
+                @_response.stream.close
+              end
+            else
+              error = e
             end
-          else
-            error = e
+          ensure
+            @_response.commit!
           end
-        ensure
-          @_response.commit!
         end
       }
 
-      @_response.await_commit
-      raise error if error
-    end
-
-    def log_error(exception)
-      logger = ActionController::Base.logger
-      return unless logger
-
-      logger.fatal do
-        message = "\n#{exception.class} (#{exception.message}):\n"
-        message << exception.annoted_source_code.to_s if exception.respond_to?(:annoted_source_code)
-        message << "  " << exception.backtrace.join("\n  ")
-        "#{message}\n\n"
+      ActiveSupport::Dependencies.interlock.permit_concurrent_loads do
+        @_response.await_commit
       end
+
+      raise error if error
     end
 
     def response_body=(body)
@@ -316,13 +321,70 @@ module ActionController
       response.close if response
     end
 
-    def set_response!(request)
-      if request.env["HTTP_VERSION"] == "HTTP/1.0"
-        super
-      else
-        @_response         = Live::Response.new
-        @_response.request = request
+    # Sends a stream to the browser, which is helpful when you're generating exports
+    # or other running data where you don't want the entire file buffered in memory
+    # first. Similar to send_data, but where the data is generated live.
+    #
+    # Options:
+    # *   `:filename` - suggests a filename for the browser to use.
+    # *   `:type` - specifies an HTTP content type. You can specify either a string
+    #     or a symbol for a registered type with `Mime::Type.register`, for example
+    #     :json. If omitted, type will be inferred from the file extension specified
+    #     in `:filename`. If no content type is registered for the extension, the
+    #     default type 'application/octet-stream' will be used.
+    # *   `:disposition` - specifies whether the file will be shown inline or
+    #     downloaded. Valid values are 'inline' and 'attachment' (default).
+    #
+    #
+    # Example of generating a csv export:
+    #
+    #     send_stream(filename: "subscribers.csv") do |stream|
+    #       stream.write "email_address,updated_at\n"
+    #
+    #       @subscribers.find_each do |subscriber|
+    #         stream.write "#{subscriber.email_address},#{subscriber.updated_at}\n"
+    #       end
+    #     end
+    def send_stream(filename:, disposition: "attachment", type: nil)
+      payload = { filename: filename, disposition: disposition, type: type }
+      ActiveSupport::Notifications.instrument("send_stream.action_controller", payload) do
+        response.headers["Content-Type"] =
+          (type.is_a?(Symbol) ? Mime[type].to_s : type) ||
+          Mime::Type.lookup_by_extension(File.extname(filename).downcase.delete("."))&.to_s ||
+          "application/octet-stream"
+
+        response.headers["Content-Disposition"] =
+          ActionDispatch::Http::ContentDisposition.format(disposition: disposition, filename: filename)
+
+        yield response.stream
       end
+    ensure
+      response.stream.close
     end
+
+    private
+      # Spawn a new thread to serve up the controller in. This is to get around the
+      # fact that Rack isn't based around IOs and we need to use a thread to stream
+      # data from the response bodies. Nobody should call this method except in Rails
+      # internals. Seriously!
+      def new_controller_thread # :nodoc:
+        Thread.new {
+          t2 = Thread.current
+          t2.abort_on_exception = true
+          yield
+        }
+      end
+
+      def log_error(exception)
+        logger = ActionController::Base.logger
+        return unless logger
+
+        logger.fatal do
+          message = +"\n#{exception.class} (#{exception.message}):\n"
+          message << exception.annotated_source_code.to_s if exception.respond_to?(:annotated_source_code)
+          message << "  " << exception.backtrace.join("\n  ")
+          "#{message}\n\n"
+        end
+      end
   end
 end

data/lib/action_controller/metal/logging.rb

@@ -0,0 +1,22 @@
+# frozen_string_literal: true
+
+# :markup: markdown
+
+module ActionController
+  module Logging
+    extend ActiveSupport::Concern
+
+    module ClassMethods
+      # Set a different log level per request.
+      #
+      #     # Use the debug log level if a particular cookie is set.
+      #     class ApplicationController < ActionController::Base
+      #       log_at :debug, if: -> { cookies[:debug] }
+      #     end
+      #
+      def log_at(level, **options)
+        around_action ->(_, action) { logger.log_at(level, &action) }, **options
+      end
+    end
+  end
+end