actionpack 7.1.5.1 → 8.1.2

data/lib/action_dispatch/journey/route.rb

@@ -1,5 +1,7 @@
 # frozen_string_literal: true
 
+# :markup: markdown
+
 module ActionDispatch
   # :stopdoc:
   module Journey
@@ -36,29 +38,50 @@ module ActionDispatch
           def self.verb; ""; end
         end
 
+        class Or
+          attr_reader :verb
+
+          def initialize(verbs)
+            @verbs = verbs
+            @verb = @verbs.map(&:verb).join("|")
+          end
+
+          def call(req)
+            @verbs.any? { |v| v.call req }
+          end
+        end
+
         VERB_TO_CLASS = VERBS.each_with_object(all: All) do |verb, hash|
           klass = const_get verb
           hash[verb]                 = klass
           hash[verb.downcase]        = klass
           hash[verb.downcase.to_sym] = klass
         end
-      end
 
-      def self.verb_matcher(verb)
-        VerbMatchers::VERB_TO_CLASS.fetch(verb) do
+        VERB_TO_CLASS.default_proc = proc do |_, verb|
           VerbMatchers::Unknown.new verb.to_s.dasherize.upcase
         end
+
+        def self.for(verbs)
+          if verbs.any? { |v| VERB_TO_CLASS[v] == All }
+            All
+          elsif verbs.one?
+            VERB_TO_CLASS[verbs.first]
+          else
+            Or.new(verbs.map { |v| VERB_TO_CLASS[v] })
+          end
+        end
       end
 
       ##
       # +path+ is a path constraint.
-      # +constraints+ is a hash of constraints to be applied to this route.
-      def initialize(name:, app: nil, path:, constraints: {}, required_defaults: [], defaults: {}, request_method_match: nil, precedence: 0, scope_options: {}, internal: false, source_location: nil)
+      # `constraints` is a hash of constraints to be applied to this route.
+      def initialize(name:, app: nil, path:, constraints: {}, required_defaults: [], defaults: {}, via: nil, precedence: 0, scope_options: {}, internal: false, source_location: nil)
         @name        = name
         @app         = app
         @path        = path
 
-        @request_method_match = request_method_match
+        @request_method_match = via && VerbMatchers.for(via)
         @constraints = constraints
         @defaults    = defaults
         @required_defaults = nil
@@ -82,14 +105,14 @@ module ActionDispatch
         nil
       end
 
-      # Needed for `bin/rails routes`. Picks up succinctly defined requirements
-      # for a route, for example route
+      # Needed for `bin/rails routes`. Picks up succinctly defined requirements for a
+      # route, for example route
       #
-      #   get 'photo/:id', :controller => 'photos', :action => 'show',
-      #     :id => /[A-Z]\d{5}/
+      #     get 'photo/:id', :controller => 'photos', :action => 'show',
+      #       :id => /[A-Z]\d{5}/
       #
-      # will have {:controller=>"photos", :action=>"show", :id=>/[A-Z]\d{5}/}
-      # as requirements.
+      # will have {:controller=>"photos", :action=>"show", :[id=>/](A-Z){5}/} as
+      # requirements.
       def requirements
         @defaults.merge(path.requirements).delete_if { |_, v|
           /.+?/m == v
@@ -144,21 +167,23 @@ module ActionDispatch
       end
 
       def matches?(request)
-        match_verb(request) &&
-        constraints.all? { |method, value|
-          case value
-          when Regexp, String
-            value === request.send(method).to_s
-          when Array
-            value.include?(request.send(method))
-          when TrueClass
-            request.send(method).present?
-          when FalseClass
-            request.send(method).blank?
-          else
-            value === request.send(method)
-          end
-        }
+        @request_method_match.call(request) && (
+          constraints.empty? ||
+          constraints.all? { |method, value|
+            case value
+            when Regexp, String
+              value === request.send(method).to_s
+            when Array
+              value.include?(request.send(method))
+            when TrueClass
+              request.send(method).present?
+            when FalseClass
+              request.send(method).blank?
+            else
+              value === request.send(method)
+            end
+          }
+        )
       end
 
       def ip
@@ -166,21 +191,12 @@ module ActionDispatch
       end
 
       def requires_matching_verb?
-        !@request_method_match.all? { |x| x == VerbMatchers::All }
+        @request_method_match != VerbMatchers::All
       end
 
       def verb
-        verbs.join("|")
+        @request_method_match.verb
       end
-
-      private
-        def verbs
-          @request_method_match.map(&:verb)
-        end
-
-        def match_verb(request)
-          @request_method_match.any? { |m| m.call request }
-        end
     end
   end
   # :startdoc:

data/lib/action_dispatch/journey/router/utils.rb

@@ -1,21 +1,30 @@
 # frozen_string_literal: true
 
+# :markup: markdown
+
 module ActionDispatch
   module Journey # :nodoc:
     class Router # :nodoc:
       class Utils # :nodoc:
         # Normalizes URI path.
         #
-        # Strips off trailing slash and ensures there is a leading slash.
-        # Also converts downcase URL encoded string to uppercase.
+        # Strips off trailing slash and ensures there is a leading slash. Also converts
+        # downcase URL encoded string to uppercase.
         #
-        #   normalize_path("/foo")  # => "/foo"
-        #   normalize_path("/foo/") # => "/foo"
-        #   normalize_path("foo")   # => "/foo"
-        #   normalize_path("")      # => "/"
-        #   normalize_path("/%ab")  # => "/%AB"
+        #     normalize_path("/foo")  # => "/foo"
+        #     normalize_path("/foo/") # => "/foo"
+        #     normalize_path("foo")   # => "/foo"
+        #     normalize_path("")      # => "/"
+        #     normalize_path("/%ab")  # => "/%AB"
         def self.normalize_path(path)
-          path ||= ""
+          return "/".dup unless path
+
+          # Fast path for the overwhelming majority of paths that don't need to be normalized
+          if path == "/" || (path.start_with?("/") && !path.end_with?("/") && !path.match?(%r{%|//}))
+            return path.dup
+          end
+
+          # Slow path
           encoding = path.encoding
           path = +"/#{path}"
           path.squeeze!("/")
@@ -28,8 +37,7 @@ module ActionDispatch
           path.force_encoding(encoding)
         end
 
-        # URI path and fragment escaping
-        # https://tools.ietf.org/html/rfc3986
+        # URI path and fragment escaping https://tools.ietf.org/html/rfc3986
         class UriEncoder # :nodoc:
           ENCODE   = "%%%02X"
           US_ASCII = Encoding::US_ASCII
@@ -42,11 +50,11 @@ module ActionDispatch
           UNRESERVED = "#{ALPHA}#{DIGIT}\\-\\._~"
           SUB_DELIMS = "!\\$&'\\(\\)\\*\\+,;="
 
-          ESCAPED  = /%[a-zA-Z0-9]{2}/.freeze
+          ESCAPED  = /%[a-zA-Z0-9]{2}/
 
-          FRAGMENT = /[^#{UNRESERVED}#{SUB_DELIMS}:@\/?]/.freeze
-          SEGMENT  = /[^#{UNRESERVED}#{SUB_DELIMS}:@]/.freeze
-          PATH     = /[^#{UNRESERVED}#{SUB_DELIMS}:@\/]/.freeze
+          FRAGMENT = /[^#{UNRESERVED}#{SUB_DELIMS}:@\/?]/
+          SEGMENT  = /[^#{UNRESERVED}#{SUB_DELIMS}:@]/
+          PATH     = /[^#{UNRESERVED}#{SUB_DELIMS}:@\/]/
 
           def escape_fragment(fragment)
             escape(fragment, FRAGMENT)
@@ -60,11 +68,6 @@ module ActionDispatch
             escape(segment, SEGMENT)
           end
 
-          def unescape_uri(uri)
-            encoding = uri.encoding == US_ASCII ? UTF_8 : uri.encoding
-            uri.gsub(ESCAPED) { |match| [match[1, 2].hex].pack("C") }.force_encoding(encoding)
-          end
-
           private
             def escape(component, pattern)
               component.gsub(pattern) { |unsafe| percent_encode(unsafe) }.force_encoding(US_ASCII)
@@ -90,14 +93,6 @@ module ActionDispatch
         def self.escape_fragment(fragment)
           ENCODER.escape_fragment(fragment.to_s)
         end
-
-        # Replaces any escaped sequences with their unescaped representations.
-        #
-        #   uri = "/topics?title=Ruby%20on%20Rails"
-        #   unescape_uri(uri)  #=> "/topics?title=Ruby on Rails"
-        def self.unescape_uri(uri)
-          ENCODER.unescape_uri(uri)
-        end
       end
     end
   end

data/lib/action_dispatch/journey/router.rb

@@ -1,14 +1,13 @@
 # frozen_string_literal: true
 
+# :markup: markdown
+
+require "cgi/escape"
+require "cgi/util" if RUBY_VERSION < "3.5"
 require "action_dispatch/journey/router/utils"
 require "action_dispatch/journey/routes"
 require "action_dispatch/journey/formatter"
-
-before = $-w
-$-w = false
 require "action_dispatch/journey/parser"
-$-w = before
-
 require "action_dispatch/journey/route"
 require "action_dispatch/journey/path/pattern"
 
@@ -22,78 +21,85 @@ module ActionDispatch
       end
 
       def eager_load!
-        # Eagerly trigger the simulator's initialization so
-        # it doesn't happen during a request cycle.
+        # Eagerly trigger the simulator's initialization so it doesn't happen during a
+        # request cycle.
         simulator
         nil
       end
 
       def serve(req)
-        find_routes(req) do |match, parameters, route|
-          set_params  = req.path_parameters
-          path_info   = req.path_info
-          script_name = req.script_name
-
-          unless route.path.anchored
-            req.script_name = (script_name.to_s + match.to_s).chomp("/")
-            req.path_info = match.post_match
-            req.path_info = "/" + req.path_info unless req.path_info.start_with? "/"
-          end
-
-          tmp_params = set_params.merge route.defaults
-          parameters.each_pair { |key, val|
-            tmp_params[key] = val.force_encoding(::Encoding::UTF_8)
-          }
-
-          req.path_parameters = tmp_params
-          req.route_uri_pattern = route.path.spec.to_s
+        recognize(req) do |route, parameters|
+          req.path_parameters = parameters
+          req.route = route
 
           _, headers, _ = response = route.app.serve(req)
 
-          if "pass" == headers[Constants::X_CASCADE]
-            req.script_name     = script_name
-            req.path_info       = path_info
-            req.path_parameters = set_params
-            next
-          end
-
-          return response
+          return response unless headers[Constants::X_CASCADE] == "pass"
         end
 
         [404, { Constants::X_CASCADE => "pass" }, ["Not Found"]]
       end
 
-      def recognize(rails_req)
-        find_routes(rails_req) do |match, parameters, route|
-          unless route.path.anchored
-            rails_req.script_name = match.to_s
-            rails_req.path_info   = match.post_match
-            rails_req.path_info   = "/" + rails_req.path_info unless rails_req.path_info.start_with? "/"
-          end
+      def recognize(req, &block)
+        req_params  = req.path_parameters
+        path_info   = req.path_info
+        script_name = req.script_name
 
-          parameters = route.defaults.merge parameters
-          yield(route, parameters)
-        end
-      end
+        routes = filter_routes(path_info)
 
-      def visualizer
-        tt     = GTG::Builder.new(ast).transition_table
-        groups = partitioned_routes.first.map(&:ast).group_by(&:to_s)
-        asts   = groups.values.map(&:first)
-        tt.visualizer(asts)
-      end
+        custom_routes.each { |r|
+          routes << r if r.path.match?(path_info)
+        }
 
-      private
-        def partitioned_routes
-          routes.partition { |r|
-            r.path.anchored && r.path.requirements_anchored?
-          }
+        if req.head?
+          routes = match_head_routes(routes, req)
+        else
+          routes.select! { |r| r.matches?(req) }
+        end
+
+        if routes.size > 1
+          routes.sort! do |a, b|
+            a.precedence <=> b.precedence
+          end
         end
 
-        def ast
-          routes.ast
+        routes.each do |r|
+          match_data = r.path.match(path_info)
+
+          path_parameters = req_params.merge r.defaults
+
+          index = 1
+          match_data.names.each do |name|
+            if val = match_data[index]
+              val = if val.include?("%")
+                CGI.unescapeURIComponent(val)
+              else
+                val
+              end
+              val.force_encoding(::Encoding::UTF_8)
+              path_parameters[name.to_sym] = val
+            end
+            index += 1
+          end
+
+          if r.path.anchored
+            yield(r, path_parameters)
+          else
+            req.script_name = (script_name.to_s + match_data.to_s).chomp("/")
+            req.path_info = match_data.post_match
+            req.path_info = "/" + req.path_info unless req.path_info.start_with? "/"
+
+            yield(r, path_parameters)
+
+            req.script_name     = script_name
+            req.path_info       = path_info
+          end
+
+          req.path_parameters = req_params
         end
+      end
 
+      private
         def simulator
           routes.simulator
         end
@@ -103,35 +109,9 @@ module ActionDispatch
         end
 
         def filter_routes(path)
-          return [] unless ast
           simulator.memos(path) { [] }
         end
 
-        def find_routes(req)
-          path_info = req.path_info
-          routes = filter_routes(path_info).concat custom_routes.find_all { |r|
-            r.path.match?(path_info)
-          }
-
-          if req.head?
-            routes = match_head_routes(routes, req)
-          else
-            routes.select! { |r| r.matches?(req) }
-          end
-
-          routes.sort_by!(&:precedence)
-
-          routes.each { |r|
-            match_data = r.path.match(path_info)
-            path_parameters = {}
-            match_data.names.each_with_index { |name, i|
-              val = match_data[i + 1]
-              path_parameters[name.to_sym] = Utils.unescape_uri(val) if val
-            }
-            yield [match_data, path_parameters, r]
-          }
-        end
-
         def match_head_routes(routes, req)
           head_routes = routes.select { |r| r.requires_matching_verb? && r.matches?(req) }
           return head_routes unless head_routes.empty?

data/lib/action_dispatch/journey/routes.rb

@@ -1,9 +1,11 @@
 # frozen_string_literal: true
 
+# :markup: markdown
+
 module ActionDispatch
   module Journey # :nodoc:
-    # The Routing table. Contains all routes for a system. Routes can be
-    # added to the table by calling Routes#add_route.
+    # The Routing table. Contains all routes for a system. Routes can be added to
+    # the table by calling Routes#add_route.
     class Routes # :nodoc:
       include Enumerable
 
@@ -70,6 +72,13 @@ module ActionDispatch
         route
       end
 
+      def visualizer
+        tt     = GTG::Builder.new(ast).transition_table
+        groups = anchored_routes.map(&:ast).group_by(&:to_s)
+        asts   = groups.values.map(&:first)
+        tt.visualizer(asts)
+      end
+
       private
         def clear_cache!
           @ast                = nil

data/lib/action_dispatch/journey/scanner.rb

@@ -1,70 +1,74 @@
 # frozen_string_literal: true
 
+# :markup: markdown
+
 require "strscan"
 
 module ActionDispatch
   module Journey # :nodoc:
     class Scanner # :nodoc:
+      STATIC_TOKENS = Array.new(150)
+      STATIC_TOKENS[".".ord] = :DOT
+      STATIC_TOKENS["/".ord] = :SLASH
+      STATIC_TOKENS["(".ord] = :LPAREN
+      STATIC_TOKENS[")".ord] = :RPAREN
+      STATIC_TOKENS["|".ord] = :OR
+      STATIC_TOKENS[":".ord] = :SYMBOL
+      STATIC_TOKENS["*".ord] = :STAR
+      STATIC_TOKENS.freeze
+
+      class Scanner < StringScanner
+        unless method_defined?(:peek_byte) # https://github.com/ruby/strscan/pull/89
+          def peek_byte
+            string.getbyte(pos)
+          end
+        end
+      end
+
       def initialize
-        @ss = nil
+        @scanner = nil
+        @length = nil
       end
 
       def scan_setup(str)
-        @ss = StringScanner.new(str)
+        @scanner = Scanner.new(str)
       end
 
-      def eos?
-        @ss.eos?
-      end
+      def next_token
+        return if @scanner.eos?
 
-      def pos
-        @ss.pos
+        until token = scan || @scanner.eos?; end
+        token
       end
 
-      def pre_match
-        @ss.pre_match
+      def last_string
+        -@scanner.string.byteslice(@scanner.pos - @length, @length)
       end
 
-      def next_token
-        return if @ss.eos?
-
-        until token = scan || @ss.eos?; end
-        token
+      def last_literal
+        last_str = @scanner.string.byteslice(@scanner.pos - @length, @length)
+        last_str.tr! "\\", ""
+        -last_str
       end
 
       private
-        # takes advantage of String @- deduping capabilities in Ruby 2.5 upwards
-        # see: https://bugs.ruby-lang.org/issues/13077
-        def dedup_scan(regex)
-          r = @ss.scan(regex)
-          r ? -r : nil
-        end
-
         def scan
+          next_byte = @scanner.peek_byte
           case
-            # /
-          when @ss.skip(/\//)
-            [:SLASH, "/"]
-          when @ss.skip(/\(/)
-            [:LPAREN, "("]
-          when @ss.skip(/\)/)
-            [:RPAREN, ")"]
-          when @ss.skip(/\|/)
-            [:OR, "|"]
-          when @ss.skip(/\./)
-            [:DOT, "."]
-          when text = dedup_scan(/:\w+/)
-            [:SYMBOL, text]
-          when text = dedup_scan(/\*\w+/)
-            [:STAR, text]
-          when text = @ss.scan(/(?:[\w%\-~!$&'*+,;=@]|\\[:()])+/)
-            text.tr! "\\", ""
-            [:LITERAL, -text]
-            # any char
-          when text = dedup_scan(/./)
-            [:LITERAL, text]
+          when (token = STATIC_TOKENS[next_byte]) && (token != :SYMBOL || next_byte_is_not_a_token?)
+            @scanner.pos += 1
+            @length = @scanner.skip(/\w+/).to_i + 1 if token == :SYMBOL || token == :STAR
+            token
+          when @length = @scanner.skip(/(?:[\w%\-~!$&'*+,;=@]|\\[:()])+/)
+            :LITERAL
+          when @length = @scanner.skip(/./)
+            :LITERAL
           end
         end
+
+        def next_byte_is_not_a_token?
+          !STATIC_TOKENS[@scanner.string.getbyte(@scanner.pos + 1)]
+        end
     end
   end
 end

data/lib/action_dispatch/journey/visitors.rb

@@ -1,5 +1,7 @@
 # frozen_string_literal: true
 
+# :markup: markdown
+
 module ActionDispatch
   # :stopdoc:
   module Journey
@@ -126,8 +128,8 @@ module ActionDispatch
         def visit_DOT(n, seed);     terminal(n, seed); end
 
         instance_methods(false).each do |pim|
-          next unless pim =~ /^visit_(.*)$/
-          DISPATCH_CACHE[$1.to_sym] = pim
+          next unless pim.start_with?("visit_")
+          DISPATCH_CACHE[pim.name.delete_prefix("visit_").to_sym] = pim
         end
       end
 
@@ -165,32 +167,64 @@ module ActionDispatch
         INSTANCE = new
       end
 
-      class String < FunctionalVisitor # :nodoc:
-        private
-          def binary(node, seed)
-            visit(node.right, visit(node.left, seed))
-          end
-
-          def nary(node, seed)
+      class String # :nodoc:
+        def accept(node, seed)
+          case node.type
+          when :DOT
+            seed << node.left
+          when :LITERAL
+            seed << node.left
+          when :SYMBOL
+            seed << node.left
+          when :SLASH
+            seed << node.left
+          when :CAT
+            accept(node.right, accept(node.left, seed))
+          when :STAR
+            accept(node.left, seed)
+          when :OR
             last_child = node.children.last
-            node.children.inject(seed) { |s, c|
-              string = visit(c, s)
-              string << "|" unless last_child == c
-              string
-            }
-          end
-
-          def terminal(node, seed)
-            seed + node.left
-          end
-
-          def visit_GROUP(node, seed)
-            visit(node.left, seed.dup << "(") << ")"
+            node.children.each do |c|
+              accept(c, seed)
+              seed << "|" unless last_child == c
+            end
+            seed
+          when :GROUP
+            accept(node.left, seed << "(") << ")"
+          else
+            raise "Unknown node type: #{node.type}"
           end
+        end
 
-          INSTANCE = new
+        INSTANCE = new
       end
 
+      # class String < FunctionalVisitor # :nodoc:
+      #   private
+      #     def binary(node, seed)
+      #       visit(node.right, visit(node.left, seed))
+      #     end
+      #
+      #     def nary(node, seed)
+      #       last_child = node.children.last
+      #       node.children.inject(seed) { |s, c|
+      #         string = visit(c, s)
+      #         string << "|" unless last_child == c
+      #         string
+      #       }
+      #     end
+      #
+      #     def terminal(node, seed)
+      #       seed + node.left
+      #     end
+      #
+      #     def visit_GROUP(node, seed)
+      #       visit(node.left, seed.dup << "(") << ")"
+      #     end
+      #
+      #     INSTANCE = new
+      # end
+
       class Dot < FunctionalVisitor # :nodoc:
         def initialize
           @nodes = []