actionpack 7.2.3 → 8.1.3

data/lib/action_dispatch/journey/router.rb

@@ -2,15 +2,12 @@
 
 # :markup: markdown
 
+require "cgi/escape"
+require "cgi/util" if RUBY_VERSION < "3.5"
 require "action_dispatch/journey/router/utils"
 require "action_dispatch/journey/routes"
 require "action_dispatch/journey/formatter"
-
-before = $-w
-$-w = false
 require "action_dispatch/journey/parser"
-$-w = before
-
 require "action_dispatch/journey/route"
 require "action_dispatch/journey/path/pattern"
 
@@ -31,71 +28,78 @@ module ActionDispatch
       end
 
       def serve(req)
-        find_routes(req) do |match, parameters, route|
-          set_params  = req.path_parameters
-          path_info   = req.path_info
-          script_name = req.script_name
-
-          unless route.path.anchored
-            req.script_name = (script_name.to_s + match.to_s).chomp("/")
-            req.path_info = match.post_match
-            req.path_info = "/" + req.path_info unless req.path_info.start_with? "/"
-          end
-
-          tmp_params = set_params.merge route.defaults
-          parameters.each_pair { |key, val|
-            tmp_params[key] = val.force_encoding(::Encoding::UTF_8)
-          }
-
-          req.path_parameters = tmp_params
-          req.route_uri_pattern = route.path.spec.to_s
+        recognize(req) do |route, parameters|
+          req.path_parameters = parameters
+          req.route = route
 
           _, headers, _ = response = route.app.serve(req)
 
-          if "pass" == headers[Constants::X_CASCADE]
-            req.script_name     = script_name
-            req.path_info       = path_info
-            req.path_parameters = set_params
-            next
-          end
-
-          return response
+          return response unless headers[Constants::X_CASCADE] == "pass"
         end
 
         [404, { Constants::X_CASCADE => "pass" }, ["Not Found"]]
       end
 
-      def recognize(rails_req)
-        find_routes(rails_req) do |match, parameters, route|
-          unless route.path.anchored
-            rails_req.script_name = match.to_s
-            rails_req.path_info   = match.post_match
-            rails_req.path_info   = "/" + rails_req.path_info unless rails_req.path_info.start_with? "/"
-          end
+      def recognize(req, &block)
+        req_params  = req.path_parameters
+        path_info   = req.path_info
+        script_name = req.script_name
 
-          parameters = route.defaults.merge parameters
-          yield(route, parameters)
-        end
-      end
+        routes = filter_routes(path_info)
 
-      def visualizer
-        tt     = GTG::Builder.new(ast).transition_table
-        groups = partitioned_routes.first.map(&:ast).group_by(&:to_s)
-        asts   = groups.values.map(&:first)
-        tt.visualizer(asts)
-      end
+        custom_routes.each { |r|
+          routes << r if r.path.match?(path_info)
+        }
 
-      private
-        def partitioned_routes
-          routes.partition { |r|
-            r.path.anchored && r.path.requirements_anchored?
-          }
+        if req.head?
+          routes = match_head_routes(routes, req)
+        else
+          routes.select! { |r| r.matches?(req) }
         end
 
-        def ast
-          routes.ast
+        if routes.size > 1
+          routes.sort! do |a, b|
+            a.precedence <=> b.precedence
+          end
         end
 
+        routes.each do |r|
+          match_data = r.path.match(path_info)
+
+          path_parameters = req_params.merge r.defaults
+
+          index = 1
+          match_data.names.each do |name|
+            if val = match_data[index]
+              val = if val.include?("%")
+                CGI.unescapeURIComponent(val)
+              else
+                val
+              end
+              val.force_encoding(::Encoding::UTF_8)
+              path_parameters[name.to_sym] = val
+            end
+            index += 1
+          end
+
+          if r.path.anchored
+            yield(r, path_parameters)
+          else
+            req.script_name = (script_name.to_s + match_data.to_s).chomp("/")
+            req.path_info = match_data.post_match
+            req.path_info = "/" + req.path_info unless req.path_info.start_with? "/"
+
+            yield(r, path_parameters)
+
+            req.script_name     = script_name
+            req.path_info       = path_info
+          end
+
+          req.path_parameters = req_params
+        end
+      end
+
+      private
         def simulator
           routes.simulator
         end
@@ -105,35 +109,9 @@ module ActionDispatch
         end
 
         def filter_routes(path)
-          return [] unless ast
           simulator.memos(path) { [] }
         end
 
-        def find_routes(req)
-          path_info = req.path_info
-          routes = filter_routes(path_info).concat custom_routes.find_all { |r|
-            r.path.match?(path_info)
-          }
-
-          if req.head?
-            routes = match_head_routes(routes, req)
-          else
-            routes.select! { |r| r.matches?(req) }
-          end
-
-          routes.sort_by!(&:precedence)
-
-          routes.each { |r|
-            match_data = r.path.match(path_info)
-            path_parameters = {}
-            match_data.names.each_with_index { |name, i|
-              val = match_data[i + 1]
-              path_parameters[name.to_sym] = Utils.unescape_uri(val) if val
-            }
-            yield [match_data, path_parameters, r]
-          }
-        end
-
         def match_head_routes(routes, req)
           head_routes = routes.select { |r| r.requires_matching_verb? && r.matches?(req) }
           return head_routes unless head_routes.empty?

data/lib/action_dispatch/journey/routes.rb

@@ -72,6 +72,13 @@ module ActionDispatch
         route
       end
 
+      def visualizer
+        tt     = GTG::Builder.new(ast).transition_table
+        groups = anchored_routes.map(&:ast).group_by(&:to_s)
+        asts   = groups.values.map(&:first)
+        tt.visualizer(asts)
+      end
+
       private
         def clear_cache!
           @ast                = nil

data/lib/action_dispatch/journey/scanner.rb

@@ -7,66 +7,68 @@ require "strscan"
 module ActionDispatch
   module Journey # :nodoc:
     class Scanner # :nodoc:
+      STATIC_TOKENS = Array.new(150)
+      STATIC_TOKENS[".".ord] = :DOT
+      STATIC_TOKENS["/".ord] = :SLASH
+      STATIC_TOKENS["(".ord] = :LPAREN
+      STATIC_TOKENS[")".ord] = :RPAREN
+      STATIC_TOKENS["|".ord] = :OR
+      STATIC_TOKENS[":".ord] = :SYMBOL
+      STATIC_TOKENS["*".ord] = :STAR
+      STATIC_TOKENS.freeze
+
+      class Scanner < StringScanner
+        unless method_defined?(:peek_byte) # https://github.com/ruby/strscan/pull/89
+          def peek_byte
+            string.getbyte(pos)
+          end
+        end
+      end
+
       def initialize
-        @ss = nil
+        @scanner = nil
+        @length = nil
       end
 
       def scan_setup(str)
-        @ss = StringScanner.new(str)
+        @scanner = Scanner.new(str)
       end
 
-      def eos?
-        @ss.eos?
-      end
+      def next_token
+        return if @scanner.eos?
 
-      def pos
-        @ss.pos
+        until token = scan || @scanner.eos?; end
+        token
       end
 
-      def pre_match
-        @ss.pre_match
+      def last_string
+        -@scanner.string.byteslice(@scanner.pos - @length, @length)
       end
 
-      def next_token
-        return if @ss.eos?
-
-        until token = scan || @ss.eos?; end
-        token
+      def last_literal
+        last_str = @scanner.string.byteslice(@scanner.pos - @length, @length)
+        last_str.tr! "\\", ""
+        -last_str
       end
 
       private
-        # takes advantage of String @- deduping capabilities in Ruby 2.5 upwards see:
-        # https://bugs.ruby-lang.org/issues/13077
-        def dedup_scan(regex)
-          r = @ss.scan(regex)
-          r ? -r : nil
-        end
-
         def scan
+          next_byte = @scanner.peek_byte
           case
-            # /
-          when @ss.skip(/\//)
-            [:SLASH, "/"]
-          when @ss.skip(/\(/)
-            [:LPAREN, "("]
-          when @ss.skip(/\)/)
-            [:RPAREN, ")"]
-          when @ss.skip(/\|/)
-            [:OR, "|"]
-          when @ss.skip(/\./)
-            [:DOT, "."]
-          when text = dedup_scan(/:\w+/)
-            [:SYMBOL, text]
-          when text = dedup_scan(/\*\w+/)
-            [:STAR, text]
-          when text = @ss.scan(/(?:[\w%\-~!$&'*+,;=@]|\\[:()])+/)
-            text.tr! "\\", ""
-            [:LITERAL, -text]
-            # any char
-          when text = dedup_scan(/./)
-            [:LITERAL, text]
+          when (token = STATIC_TOKENS[next_byte]) && (token != :SYMBOL || next_byte_is_not_a_token?)
+            @scanner.pos += 1
+            @length = @scanner.skip(/\w+/).to_i + 1 if token == :SYMBOL || token == :STAR
+            token
+          when @length = @scanner.skip(/(?:[\w%\-~!$&'*+,;=@]|\\[:()])+/)
+            :LITERAL
+          when @length = @scanner.skip(/./)
+            :LITERAL
           end
         end
+
+        def next_byte_is_not_a_token?
+          !STATIC_TOKENS[@scanner.string.getbyte(@scanner.pos + 1)]
+        end
     end
   end
 end

data/lib/action_dispatch/journey/visitors.rb

@@ -128,8 +128,8 @@ module ActionDispatch
         def visit_DOT(n, seed);     terminal(n, seed); end
 
         instance_methods(false).each do |pim|
-          next unless pim =~ /^visit_(.*)$/
-          DISPATCH_CACHE[$1.to_sym] = pim
+          next unless pim.start_with?("visit_")
+          DISPATCH_CACHE[pim.name.delete_prefix("visit_").to_sym] = pim
         end
       end
 
@@ -167,32 +167,64 @@ module ActionDispatch
         INSTANCE = new
       end
 
-      class String < FunctionalVisitor # :nodoc:
-        private
-          def binary(node, seed)
-            visit(node.right, visit(node.left, seed))
-          end
-
-          def nary(node, seed)
+      class String # :nodoc:
+        def accept(node, seed)
+          case node.type
+          when :DOT
+            seed << node.left
+          when :LITERAL
+            seed << node.left
+          when :SYMBOL
+            seed << node.left
+          when :SLASH
+            seed << node.left
+          when :CAT
+            accept(node.right, accept(node.left, seed))
+          when :STAR
+            accept(node.left, seed)
+          when :OR
             last_child = node.children.last
-            node.children.inject(seed) { |s, c|
-              string = visit(c, s)
-              string << "|" unless last_child == c
-              string
-            }
-          end
-
-          def terminal(node, seed)
-            seed + node.left
-          end
-
-          def visit_GROUP(node, seed)
-            visit(node.left, seed.dup << "(") << ")"
+            node.children.each do |c|
+              accept(c, seed)
+              seed << "|" unless last_child == c
+            end
+            seed
+          when :GROUP
+            accept(node.left, seed << "(") << ")"
+          else
+            raise "Unknown node type: #{node.type}"
           end
+        end
 
-          INSTANCE = new
+        INSTANCE = new
       end
 
+      # class String < FunctionalVisitor # :nodoc:
+      #   private
+      #     def binary(node, seed)
+      #       visit(node.right, visit(node.left, seed))
+      #     end
+      #
+      #     def nary(node, seed)
+      #       last_child = node.children.last
+      #       node.children.inject(seed) { |s, c|
+      #         string = visit(c, s)
+      #         string << "|" unless last_child == c
+      #         string
+      #       }
+      #     end
+      #
+      #     def terminal(node, seed)
+      #       seed + node.left
+      #     end
+      #
+      #     def visit_GROUP(node, seed)
+      #       visit(node.left, seed.dup << "(") << ")"
+      #     end
+      #
+      #     INSTANCE = new
+      # end
+
       class Dot < FunctionalVisitor # :nodoc:
         def initialize
           @nodes = []

data/lib/action_dispatch/journey/visualizer/fsm.js

@@ -105,12 +105,10 @@ function match(input) {
         }
 
         if(stdparam_states[state] && default_re.test(token)) {
-          for(var key in stdparam_states[state]) {
-            var new_state = stdparam_states[state][key];
-            highlight_edge(state, new_state);
-            highlight_state(new_state);
-            new_states.push([new_state, null]);
-          }
+          var new_state = stdparam_states[state];
+          highlight_edge(state, new_state);
+          highlight_state(new_state);
+          new_states.push([new_state, null]);
         }
       }
 

data/lib/action_dispatch/log_subscriber.rb

@@ -1,14 +1,18 @@
 # frozen_string_literal: true
 
-# :markup: markdown
-
 module ActionDispatch
-  class LogSubscriber < ActiveSupport::LogSubscriber
+  class LogSubscriber < ActiveSupport::LogSubscriber # :nodoc:
+    class_attribute :backtrace_cleaner, default: ActiveSupport::BacktraceCleaner.new
+
     def redirect(event)
       payload = event.payload
 
       info { "Redirected to #{payload[:location]}" }
 
+      if ActionDispatch.verbose_redirect_logs
+        info { "↳ #{payload[:source_location]}" }
+      end
+
       info do
         status = payload[:status]
 

data/lib/action_dispatch/middleware/cookies.rb

@@ -116,13 +116,15 @@ module ActionDispatch
   #     cookies[:login] = { value: "XJ-122", expires: Time.utc(2020, 10, 15, 5) }
   #
   #     # Sets a signed cookie, which prevents users from tampering with its value.
-  #     # It can be read using the signed method `cookies.signed[:name]`
   #     cookies.signed[:user_id] = current_user.id
+  #     # It can be read using the signed method.
+  #     cookies.signed[:user_id] # => 123
   #
   #     # Sets an encrypted cookie value before sending it to the client which
   #     # prevent users from reading and tampering with its value.
-  #     # It can be read using the encrypted method `cookies.encrypted[:name]`
   #     cookies.encrypted[:discount] = 45
+  #     # It can be read using the encrypted method.
+  #     cookies.encrypted[:discount] # => 45
   #
   #     # Sets a "permanent" cookie (which expires in 20 years from now).
   #     cookies.permanent[:login] = "XJ-122"
@@ -608,8 +610,10 @@ module ActionDispatch
         end
 
         def check_for_overflow!(name, options)
-          if options[:value].bytesize > MAX_COOKIE_SIZE
-            raise CookieOverflow, "#{name} cookie overflowed with size #{options[:value].bytesize} bytes"
+          total_size = name.to_s.bytesize + options[:value].bytesize
+
+          if total_size > MAX_COOKIE_SIZE
+            raise CookieOverflow, "#{name} cookie overflowed with size #{total_size} bytes"
           end
         end
     end

data/lib/action_dispatch/middleware/debug_exceptions.rb

@@ -65,7 +65,7 @@ module ActionDispatch
             content_type = Mime[:text]
           end
 
-          if request.head?
+          if request.raw_request_method == "HEAD"
             render(wrapper.status_code, "", content_type)
           elsif api_request?(content_type)
             render_for_api_request(content_type, wrapper)
@@ -127,6 +127,7 @@ module ActionDispatch
           trace_to_show: wrapper.trace_to_show,
           routes_inspector: routes_inspector(wrapper),
           source_extracts: wrapper.source_extracts,
+          exception_message_for_copy: compose_exception_message(wrapper).join("\n"),
         )
       end
 
@@ -140,22 +141,40 @@ module ActionDispatch
         return unless logger
         return if !log_rescued_responses?(request) && wrapper.rescue_response?
 
+        message = compose_exception_message(wrapper)
+        log_array(logger, message, request)
+      end
+
+      def compose_exception_message(wrapper)
         trace = wrapper.exception_trace
 
         message = []
         message << "  "
-        message << "#{wrapper.exception_class_name} (#{wrapper.message}):"
         if wrapper.has_cause?
-          message << "\nCauses:"
+          message << "#{wrapper.exception_class_name} (#{wrapper.message})"
           wrapper.wrapped_causes.each do |wrapped_cause|
-            message << "#{wrapped_cause.exception_class_name} (#{wrapped_cause.message})"
+            message << "Caused by: #{wrapped_cause.exception_class_name} (#{wrapped_cause.message})"
           end
+
+          message << "\nInformation for: #{wrapper.exception_class_name} (#{wrapper.message}):"
+        else
+          message << "#{wrapper.exception_class_name} (#{wrapper.message}):"
         end
+
         message.concat(wrapper.annotated_source_code)
         message << "  "
         message.concat(trace)
 
-        log_array(logger, message, request)
+        if wrapper.has_cause?
+          wrapper.wrapped_causes.each do |wrapped_cause|
+            message << "\nInformation for cause: #{wrapped_cause.exception_class_name} (#{wrapped_cause.message}):"
+            message.concat(wrapped_cause.annotated_source_code)
+            message << "  "
+            message.concat(wrapped_cause.exception_trace)
+          end
+        end
+
+        message
       end
 
       def log_array(logger, lines, request)

data/lib/action_dispatch/middleware/debug_view.rb

@@ -15,17 +15,12 @@ module ActionDispatch
       paths = RESCUES_TEMPLATE_PATHS.dup
       lookup_context = ActionView::LookupContext.new(paths)
       super(lookup_context, assigns, nil)
-      @exception_wrapper = assigns[:exception_wrapper]
     end
 
     def compiled_method_container
       self.class
     end
 
-    def error_highlight_available?
-      @exception_wrapper.error_highlight_available?
-    end
-
     def debug_params(params)
       clean_params = params.clone
       clean_params.delete("action")
@@ -60,6 +55,17 @@ module ActionDispatch
       end
     end
 
+    def editor_url(location, line: nil)
+      if editor = ActiveSupport::Editor.current
+        line ||= location&.lineno
+        absolute_path = location&.absolute_path
+
+        if absolute_path && line && File.exist?(absolute_path)
+          editor.url_for(absolute_path, line)
+        end
+      end
+    end
+
     def protect_against_forgery?
       false
     end

data/lib/action_dispatch/middleware/exception_wrapper.rb

@@ -23,6 +23,7 @@ module ActionDispatch
       "ActionDispatch::Http::Parameters::ParseError"       => :bad_request,
       "ActionController::BadRequest"                       => :bad_request,
       "ActionController::ParameterMissing"                 => :bad_request,
+      "ActionController::TooManyRequests"                  => :too_many_requests,
       "Rack::QueryParser::ParameterTypeError"              => :bad_request,
       "Rack::QueryParser::InvalidParameterError"           => :bad_request
     )
@@ -148,15 +149,20 @@ module ActionDispatch
       application_trace_with_ids = []
       framework_trace_with_ids = []
       full_trace_with_ids = []
+      application_traces = application_trace.map(&:to_s)
 
+      full_trace = backtrace_cleaner&.clean_locations(backtrace, :all).presence || backtrace
       full_trace.each_with_index do |trace, idx|
+        filtered_trace = backtrace_cleaner&.clean_frame(trace, :all) || trace
+
         trace_with_id = {
           exception_object_id: @exception.object_id,
           id: idx,
-          trace: trace
+          trace: trace,
+          filtered_trace: filtered_trace,
         }
 
-        if application_trace.include?(trace)
+        if application_traces.include?(filtered_trace.to_s)
           application_trace_with_ids << trace_with_id
         else
           framework_trace_with_ids << trace_with_id
@@ -197,16 +203,10 @@ module ActionDispatch
 
     def source_extracts
       backtrace.map do |trace|
-        extract_source(trace)
+        extract_source(trace).merge(trace: trace)
       end
     end
 
-    def error_highlight_available?
-      # ErrorHighlight.spot with backtrace_location keyword is available since
-      # error_highlight 0.4.0
-      defined?(ErrorHighlight) && Gem::Version.new(ErrorHighlight::VERSION) >= Gem::Version.new("0.4.0")
-    end
-
     def trace_to_show
       if traces["Application Trace"].empty? && rescue_template != "routing_error"
         "Full Trace"
@@ -267,13 +267,13 @@ module ActionDispatch
         end
 
         (@exception.backtrace_locations || []).map do |loc|
-          if built_methods.key?(loc.label.to_s)
+          if built_methods.key?(loc.base_label)
             thread_backtrace_location = if loc.respond_to?(:__getobj__)
               loc.__getobj__
             else
               loc
             end
-            SourceMapLocation.new(thread_backtrace_location, built_methods[loc.label.to_s])
+            SourceMapLocation.new(thread_backtrace_location, built_methods[loc.base_label])
           else
             loc
           end

data/lib/action_dispatch/middleware/executor.rb

@@ -12,6 +12,10 @@ module ActionDispatch
 
     def call(env)
       state = @executor.run!(reset: true)
+      if response_finished = env["rack.response_finished"]
+        response_finished << proc { state.complete! }
+      end
+
       begin
         response = @app.call(env)
 
@@ -20,7 +24,11 @@ module ActionDispatch
           @executor.error_reporter.report(error, handled: false, source: "application.action_dispatch")
         end
 
-        returned = response << ::Rack::BodyProxy.new(response.pop) { state.complete! }
+        unless response_finished
+          response << ::Rack::BodyProxy.new(response.pop) { state.complete! }
+        end
+        returned = true
+        response
       rescue Exception => error
         request = ActionDispatch::Request.new env
         backtrace_cleaner = request.get_header("action_dispatch.backtrace_cleaner")
@@ -28,7 +36,9 @@ module ActionDispatch
         @executor.error_reporter.report(wrapper.unwrapped_exception, handled: false, source: "application.action_dispatch")
         raise
       ensure
-        state.complete! unless returned
+        if !returned && !response_finished
+          state.complete!
+        end
       end
     end
   end