actionpack 8.0.2 → 8.1.0.beta1

data/lib/action_dispatch/journey/router.rb

@@ -2,15 +2,12 @@
 
 # :markup: markdown
 
+require "cgi/escape"
+require "cgi/util" if RUBY_VERSION < "3.5"
 require "action_dispatch/journey/router/utils"
 require "action_dispatch/journey/routes"
 require "action_dispatch/journey/formatter"
-
-before = $-w
-$-w = false
 require "action_dispatch/journey/parser"
-$-w = before
-
 require "action_dispatch/journey/route"
 require "action_dispatch/journey/path/pattern"
 
@@ -31,71 +28,78 @@ module ActionDispatch
       end
 
       def serve(req)
-        find_routes(req) do |match, parameters, route|
-          set_params  = req.path_parameters
-          path_info   = req.path_info
-          script_name = req.script_name
-
-          unless route.path.anchored
-            req.script_name = (script_name.to_s + match.to_s).chomp("/")
-            req.path_info = match.post_match
-            req.path_info = "/" + req.path_info unless req.path_info.start_with? "/"
-          end
-
-          tmp_params = set_params.merge route.defaults
-          parameters.each_pair { |key, val|
-            tmp_params[key] = val.force_encoding(::Encoding::UTF_8)
-          }
-
-          req.path_parameters = tmp_params
-          req.route_uri_pattern = route.path.spec.to_s
+        recognize(req) do |route, parameters|
+          req.path_parameters = parameters
+          req.route = route
 
           _, headers, _ = response = route.app.serve(req)
 
-          if "pass" == headers[Constants::X_CASCADE]
-            req.script_name     = script_name
-            req.path_info       = path_info
-            req.path_parameters = set_params
-            next
-          end
-
-          return response
+          return response unless headers[Constants::X_CASCADE] == "pass"
         end
 
         [404, { Constants::X_CASCADE => "pass" }, ["Not Found"]]
       end
 
-      def recognize(rails_req)
-        find_routes(rails_req) do |match, parameters, route|
-          unless route.path.anchored
-            rails_req.script_name = match.to_s
-            rails_req.path_info   = match.post_match
-            rails_req.path_info   = "/" + rails_req.path_info unless rails_req.path_info.start_with? "/"
-          end
+      def recognize(req, &block)
+        req_params  = req.path_parameters
+        path_info   = req.path_info
+        script_name = req.script_name
 
-          parameters = route.defaults.merge parameters
-          yield(route, parameters)
-        end
-      end
+        routes = filter_routes(path_info)
 
-      def visualizer
-        tt     = GTG::Builder.new(ast).transition_table
-        groups = partitioned_routes.first.map(&:ast).group_by(&:to_s)
-        asts   = groups.values.map(&:first)
-        tt.visualizer(asts)
-      end
+        custom_routes.each { |r|
+          routes << r if r.path.match?(path_info)
+        }
 
-      private
-        def partitioned_routes
-          routes.partition { |r|
-            r.path.anchored && r.path.requirements_anchored?
-          }
+        if req.head?
+          routes = match_head_routes(routes, req)
+        else
+          routes.select! { |r| r.matches?(req) }
         end
 
-        def ast
-          routes.ast
+        if routes.size > 1
+          routes.sort! do |a, b|
+            a.precedence <=> b.precedence
+          end
         end
 
+        routes.each do |r|
+          match_data = r.path.match(path_info)
+
+          path_parameters = req_params.merge r.defaults
+
+          index = 1
+          match_data.names.each do |name|
+            if val = match_data[index]
+              val = if val.include?("%")
+                CGI.unescapeURIComponent(val)
+              else
+                val
+              end
+              val.force_encoding(::Encoding::UTF_8)
+              path_parameters[name.to_sym] = val
+            end
+            index += 1
+          end
+
+          if r.path.anchored
+            yield(r, path_parameters)
+          else
+            req.script_name = (script_name.to_s + match_data.to_s).chomp("/")
+            req.path_info = match_data.post_match
+            req.path_info = "/" + req.path_info unless req.path_info.start_with? "/"
+
+            yield(r, path_parameters)
+
+            req.script_name     = script_name
+            req.path_info       = path_info
+          end
+
+          req.path_parameters = req_params
+        end
+      end
+
+      private
         def simulator
           routes.simulator
         end
@@ -105,35 +109,9 @@ module ActionDispatch
         end
 
         def filter_routes(path)
-          return [] unless ast
           simulator.memos(path) { [] }
         end
 
-        def find_routes(req)
-          path_info = req.path_info
-          routes = filter_routes(path_info).concat custom_routes.find_all { |r|
-            r.path.match?(path_info)
-          }
-
-          if req.head?
-            routes = match_head_routes(routes, req)
-          else
-            routes.select! { |r| r.matches?(req) }
-          end
-
-          routes.sort_by!(&:precedence)
-
-          routes.each { |r|
-            match_data = r.path.match(path_info)
-            path_parameters = {}
-            match_data.names.each_with_index { |name, i|
-              val = match_data[i + 1]
-              path_parameters[name.to_sym] = Utils.unescape_uri(val) if val
-            }
-            yield [match_data, path_parameters, r]
-          }
-        end
-
         def match_head_routes(routes, req)
           head_routes = routes.select { |r| r.requires_matching_verb? && r.matches?(req) }
           return head_routes unless head_routes.empty?

data/lib/action_dispatch/journey/routes.rb

@@ -72,6 +72,13 @@ module ActionDispatch
         route
       end
 
+      def visualizer
+        tt     = GTG::Builder.new(ast).transition_table
+        groups = anchored_routes.map(&:ast).group_by(&:to_s)
+        asts   = groups.values.map(&:first)
+        tt.visualizer(asts)
+      end
+
       private
         def clear_cache!
           @ast                = nil

data/lib/action_dispatch/journey/visitors.rb

@@ -128,8 +128,8 @@ module ActionDispatch
         def visit_DOT(n, seed);     terminal(n, seed); end
 
         instance_methods(false).each do |pim|
-          next unless pim =~ /^visit_(.*)$/
-          DISPATCH_CACHE[$1.to_sym] = pim
+          next unless pim.start_with?("visit_")
+          DISPATCH_CACHE[pim.name.delete_prefix("visit_").to_sym] = pim
         end
       end
 
@@ -167,32 +167,64 @@ module ActionDispatch
         INSTANCE = new
       end
 
-      class String < FunctionalVisitor # :nodoc:
-        private
-          def binary(node, seed)
-            visit(node.right, visit(node.left, seed))
-          end
-
-          def nary(node, seed)
+      class String # :nodoc:
+        def accept(node, seed)
+          case node.type
+          when :DOT
+            seed << node.left
+          when :LITERAL
+            seed << node.left
+          when :SYMBOL
+            seed << node.left
+          when :SLASH
+            seed << node.left
+          when :CAT
+            accept(node.right, accept(node.left, seed))
+          when :STAR
+            accept(node.left, seed)
+          when :OR
             last_child = node.children.last
-            node.children.inject(seed) { |s, c|
-              string = visit(c, s)
-              string << "|" unless last_child == c
-              string
-            }
-          end
-
-          def terminal(node, seed)
-            seed + node.left
-          end
-
-          def visit_GROUP(node, seed)
-            visit(node.left, seed.dup << "(") << ")"
+            node.children.each do |c|
+              accept(c, seed)
+              seed << "|" unless last_child == c
+            end
+            seed
+          when :GROUP
+            accept(node.left, seed << "(") << ")"
+          else
+            raise "Unknown node type: #{node.type}"
           end
+        end
 
-          INSTANCE = new
+        INSTANCE = new
       end
 
+      # class String < FunctionalVisitor # :nodoc:
+      #   private
+      #     def binary(node, seed)
+      #       visit(node.right, visit(node.left, seed))
+      #     end
+      #
+      #     def nary(node, seed)
+      #       last_child = node.children.last
+      #       node.children.inject(seed) { |s, c|
+      #         string = visit(c, s)
+      #         string << "|" unless last_child == c
+      #         string
+      #       }
+      #     end
+      #
+      #     def terminal(node, seed)
+      #       seed + node.left
+      #     end
+      #
+      #     def visit_GROUP(node, seed)
+      #       visit(node.left, seed.dup << "(") << ")"
+      #     end
+      #
+      #     INSTANCE = new
+      # end
+
       class Dot < FunctionalVisitor # :nodoc:
         def initialize
           @nodes = []

data/lib/action_dispatch/journey/visualizer/fsm.js

@@ -105,12 +105,10 @@ function match(input) {
         }
 
         if(stdparam_states[state] && default_re.test(token)) {
-          for(var key in stdparam_states[state]) {
-            var new_state = stdparam_states[state][key];
-            highlight_edge(state, new_state);
-            highlight_state(new_state);
-            new_states.push([new_state, null]);
-          }
+          var new_state = stdparam_states[state];
+          highlight_edge(state, new_state);
+          highlight_state(new_state);
+          new_states.push([new_state, null]);
         }
       }
 

data/lib/action_dispatch/middleware/cookies.rb

@@ -610,8 +610,10 @@ module ActionDispatch
         end
 
         def check_for_overflow!(name, options)
-          if options[:value].bytesize > MAX_COOKIE_SIZE
-            raise CookieOverflow, "#{name} cookie overflowed with size #{options[:value].bytesize} bytes"
+          total_size = name.to_s.bytesize + options[:value].bytesize
+
+          if total_size > MAX_COOKIE_SIZE
+            raise CookieOverflow, "#{name} cookie overflowed with size #{total_size} bytes"
           end
         end
     end

data/lib/action_dispatch/middleware/debug_exceptions.rb

@@ -65,7 +65,9 @@ module ActionDispatch
             content_type = Mime[:text]
           end
 
-          if api_request?(content_type)
+          if request.head?
+            render(wrapper.status_code, "", content_type)
+          elsif api_request?(content_type)
             render_for_api_request(content_type, wrapper)
           else
             render_for_browser_request(request, wrapper)
@@ -125,6 +127,7 @@ module ActionDispatch
           trace_to_show: wrapper.trace_to_show,
           routes_inspector: routes_inspector(wrapper),
           source_extracts: wrapper.source_extracts,
+          exception_message_for_copy: compose_exception_message(wrapper).join("\n"),
         )
       end
 
@@ -138,6 +141,11 @@ module ActionDispatch
         return unless logger
         return if !log_rescued_responses?(request) && wrapper.rescue_response?
 
+        message = compose_exception_message(wrapper)
+        log_array(logger, message, request)
+      end
+
+      def compose_exception_message(wrapper)
         trace = wrapper.exception_trace
 
         message = []
@@ -166,7 +174,7 @@ module ActionDispatch
           end
         end
 
-        log_array(logger, message, request)
+        message
       end
 
       def log_array(logger, lines, request)

data/lib/action_dispatch/middleware/debug_view.rb

@@ -55,6 +55,17 @@ module ActionDispatch
       end
     end
 
+    def editor_url(location, line: nil)
+      if editor = ActiveSupport::Editor.current
+        line ||= location&.lineno
+        absolute_path = location&.absolute_path
+
+        if absolute_path && line && File.exist?(absolute_path)
+          editor.url_for(absolute_path, line)
+        end
+      end
+    end
+
     def protect_against_forgery?
       false
     end

data/lib/action_dispatch/middleware/exception_wrapper.rb

@@ -18,11 +18,12 @@ module ActionDispatch
       "ActionController::UnknownFormat"                    => :not_acceptable,
       "ActionDispatch::Http::MimeNegotiation::InvalidType" => :not_acceptable,
       "ActionController::MissingExactTemplate"             => :not_acceptable,
-      "ActionController::InvalidAuthenticityToken"         => :unprocessable_entity,
-      "ActionController::InvalidCrossOriginRequest"        => :unprocessable_entity,
+      "ActionController::InvalidAuthenticityToken"         => ActionDispatch::Constants::UNPROCESSABLE_CONTENT,
+      "ActionController::InvalidCrossOriginRequest"        => ActionDispatch::Constants::UNPROCESSABLE_CONTENT,
       "ActionDispatch::Http::Parameters::ParseError"       => :bad_request,
       "ActionController::BadRequest"                       => :bad_request,
       "ActionController::ParameterMissing"                 => :bad_request,
+      "ActionController::TooManyRequests"                  => :too_many_requests,
       "Rack::QueryParser::ParameterTypeError"              => :bad_request,
       "Rack::QueryParser::InvalidParameterError"           => :bad_request
     )
@@ -148,15 +149,20 @@ module ActionDispatch
       application_trace_with_ids = []
       framework_trace_with_ids = []
       full_trace_with_ids = []
+      application_traces = application_trace.map(&:to_s)
 
+      full_trace = backtrace_cleaner&.clean_locations(backtrace, :all).presence || backtrace
       full_trace.each_with_index do |trace, idx|
+        filtered_trace = backtrace_cleaner&.clean_frame(trace, :all) || trace
+
         trace_with_id = {
           exception_object_id: @exception.object_id,
           id: idx,
-          trace: trace
+          trace: trace,
+          filtered_trace: filtered_trace,
         }
 
-        if application_trace.include?(trace)
+        if application_traces.include?(filtered_trace.to_s)
           application_trace_with_ids << trace_with_id
         else
           framework_trace_with_ids << trace_with_id
@@ -173,7 +179,7 @@ module ActionDispatch
     end
 
     def self.status_code_for_exception(class_name)
-      Rack::Utils.status_code(@@rescue_responses[class_name])
+      ActionDispatch::Response.rack_status_code(@@rescue_responses[class_name])
     end
 
     def show?(request)
@@ -197,7 +203,7 @@ module ActionDispatch
 
     def source_extracts
       backtrace.map do |trace|
-        extract_source(trace)
+        extract_source(trace).merge(trace: trace)
       end
     end
 
@@ -261,13 +267,13 @@ module ActionDispatch
         end
 
         (@exception.backtrace_locations || []).map do |loc|
-          if built_methods.key?(loc.label.to_s)
+          if built_methods.key?(loc.base_label)
             thread_backtrace_location = if loc.respond_to?(:__getobj__)
               loc.__getobj__
             else
               loc
             end
-            SourceMapLocation.new(thread_backtrace_location, built_methods[loc.label.to_s])
+            SourceMapLocation.new(thread_backtrace_location, built_methods[loc.base_label])
           else
             loc
           end

data/lib/action_dispatch/middleware/executor.rb

@@ -12,6 +12,10 @@ module ActionDispatch
 
     def call(env)
       state = @executor.run!(reset: true)
+      if response_finished = env["rack.response_finished"]
+        response_finished << proc { state.complete! }
+      end
+
       begin
         response = @app.call(env)
 
@@ -20,7 +24,11 @@ module ActionDispatch
           @executor.error_reporter.report(error, handled: false, source: "application.action_dispatch")
         end
 
-        returned = response << ::Rack::BodyProxy.new(response.pop) { state.complete! }
+        unless response_finished
+          response << ::Rack::BodyProxy.new(response.pop) { state.complete! }
+        end
+        returned = true
+        response
       rescue Exception => error
         request = ActionDispatch::Request.new env
         backtrace_cleaner = request.get_header("action_dispatch.backtrace_cleaner")
@@ -28,7 +36,9 @@ module ActionDispatch
         @executor.error_reporter.report(wrapper.unwrapped_exception, handled: false, source: "application.action_dispatch")
         raise
       ensure
-        state.complete! unless returned
+        if !returned && !response_finished
+          state.complete!
+        end
       end
     end
   end

data/lib/action_dispatch/middleware/public_exceptions.rb

@@ -25,14 +25,14 @@ module ActionDispatch
     def call(env)
       request      = ActionDispatch::Request.new(env)
       status       = request.path_info[1..-1].to_i
-      begin
-        content_type = request.formats.first
-      rescue ActionDispatch::Http::MimeNegotiation::InvalidType
-        content_type = Mime[:text]
-      end
+      content_type = request.formats.first
       body = { status: status, error: Rack::Utils::HTTP_STATUS_CODES.fetch(status, Rack::Utils::HTTP_STATUS_CODES[500]) }
 
-      render(status, content_type, body)
+      if env["action_dispatch.original_request_method"] == "HEAD"
+        render_format(status, content_type, "")
+      else
+        render(status, content_type, body)
+      end
     end
 
     private

data/lib/action_dispatch/middleware/session/cache_store.rb

@@ -18,11 +18,16 @@ module ActionDispatch
     # *   `expire_after`  - The length of time a session will be stored before
     #     automatically expiring. By default, the `:expires_in` option of the cache
     #     is used.
+    # *   `check_collisions`  - Check if newly generated session ids aren't already in use.
+    #     If for some reason 128 bits of randomness aren't considered secure enough to avoid
+    #     collisions, this option can be enabled to ensure newly generated ids aren't in use.
+    #     By default, it is set to `false` to avoid additional cache write operations.
     #
     class CacheStore < AbstractSecureStore
       def initialize(app, options = {})
         @cache = options[:cache] || Rails.cache
         options[:expire_after] ||= @cache.options[:expires_in]
+        @check_collisions = options[:check_collisions] || false
         super
       end
 
@@ -61,6 +66,18 @@ module ActionDispatch
         def get_session_with_fallback(sid)
           @cache.read(cache_key(sid.private_id)) || @cache.read(cache_key(sid.public_id))
         end
+
+        def generate_sid
+          if @check_collisions
+            loop do
+              sid = super
+              key = cache_key(sid.private_id)
+              break sid if @cache.write(key, {}, unless_exist: true, expires_in: default_options[:expire_after])
+            end
+          else
+            super
+          end
+        end
     end
   end
 end

data/lib/action_dispatch/middleware/templates/rescues/_copy_button.html.erb

@@ -0,0 +1 @@
+<button onclick="copyAsText.bind(this)()">Copy as text</button>

data/lib/action_dispatch/middleware/templates/rescues/_source.html.erb

@@ -11,8 +11,9 @@
           <tr>
             <td>
               <pre class="line_numbers">
-                <% source_extract[:code].each_key do |line_number| %>
-<span><%= line_number -%></span>
+                <% source_extract[:code].each_key do |line| %>
+                  <% file_url = editor_url(source_extract[:trace], line: line) %>
+<span><%= link_to_if file_url, line, file_url -%></span>
                 <% end %>
               </pre>
             </td>

data/lib/action_dispatch/middleware/templates/rescues/_trace.html.erb

@@ -13,13 +13,17 @@
   <% end %>
 
   <% traces.each do |name, trace| %>
-    <div id="<%= "#{name.gsub(/\s/, '-')}-#{error_index}" %>" style="display: <%= (name == trace_to_show) ? 'block' : 'none' %>;">
+    <div id="<%= "#{name.gsub(/\s/, '-')}-#{error_index}" %>" class="trace-container" style="display: <%= (name == trace_to_show) ? 'block' : 'none' %>;">
       <code class="traces">
         <% trace.each do |frame| %>
-          <a class="trace-frames trace-frames-<%= error_index %>" data-exception-object-id="<%= frame[:exception_object_id] %>" data-frame-id="<%= frame[:id] %>" href="#">
-            <%= frame[:trace] %>
-          </a>
-          <br>
+          <div class="trace">
+            <% file_url = editor_url(frame[:trace]) %>
+            <%= file_url && link_to("✏️", file_url, class: "edit-icon") %>
+            <a class="trace-frames trace-frames-<%= error_index %>" data-exception-object-id="<%= frame[:exception_object_id] %>" data-frame-id="<%= frame[:id] %>" href="#">
+              <%= frame[:trace] %>
+            </a>
+            <br>
+          </div>
         <% end %>
       </code>
     </div>

data/lib/action_dispatch/middleware/templates/rescues/blocked_host.html.erb

@@ -1,4 +1,5 @@
 <header>
+  <%= render "rescues/copy_button" %>
   <h1>Blocked hosts: <%= @hosts.join(", ") %></h1>
 </header>
 <main role="main" id="container">

data/lib/action_dispatch/middleware/templates/rescues/diagnostics.html.erb

@@ -1,4 +1,5 @@
 <header>
+  <%= render "rescues/copy_button" %>
   <h1>
     <%= @exception_wrapper.exception_class_name %>
     <% if params_valid? && @request.parameters['controller'] %>

data/lib/action_dispatch/middleware/templates/rescues/invalid_statement.html.erb

@@ -1,4 +1,5 @@
 <header role="banner">
+  <%= render "rescues/copy_button" %>
   <h1>
     <%= @exception.class.to_s %>
     <% if @request.parameters['controller'] %>