actionpack 8.0.3 → 8.1.0.beta1

data/lib/action_dispatch/journey/route.rb

@@ -38,29 +38,50 @@ module ActionDispatch
           def self.verb; ""; end
         end
 
+        class Or
+          attr_reader :verb
+
+          def initialize(verbs)
+            @verbs = verbs
+            @verb = @verbs.map(&:verb).join("|")
+          end
+
+          def call(req)
+            @verbs.any? { |v| v.call req }
+          end
+        end
+
         VERB_TO_CLASS = VERBS.each_with_object(all: All) do |verb, hash|
           klass = const_get verb
           hash[verb]                 = klass
           hash[verb.downcase]        = klass
           hash[verb.downcase.to_sym] = klass
         end
-      end
 
-      def self.verb_matcher(verb)
-        VerbMatchers::VERB_TO_CLASS.fetch(verb) do
+        VERB_TO_CLASS.default_proc = proc do |_, verb|
           VerbMatchers::Unknown.new verb.to_s.dasherize.upcase
         end
+
+        def self.for(verbs)
+          if verbs.any? { |v| VERB_TO_CLASS[v] == All }
+            All
+          elsif verbs.one?
+            VERB_TO_CLASS[verbs.first]
+          else
+            Or.new(verbs.map { |v| VERB_TO_CLASS[v] })
+          end
+        end
       end
 
       ##
       # +path+ is a path constraint.
       # `constraints` is a hash of constraints to be applied to this route.
-      def initialize(name:, app: nil, path:, constraints: {}, required_defaults: [], defaults: {}, request_method_match: nil, precedence: 0, scope_options: {}, internal: false, source_location: nil)
+      def initialize(name:, app: nil, path:, constraints: {}, required_defaults: [], defaults: {}, via: nil, precedence: 0, scope_options: {}, internal: false, source_location: nil)
         @name        = name
         @app         = app
         @path        = path
 
-        @request_method_match = request_method_match
+        @request_method_match = via && VerbMatchers.for(via)
         @constraints = constraints
         @defaults    = defaults
         @required_defaults = nil
@@ -146,21 +167,23 @@ module ActionDispatch
       end
 
       def matches?(request)
-        match_verb(request) &&
-        constraints.all? { |method, value|
-          case value
-          when Regexp, String
-            value === request.send(method).to_s
-          when Array
-            value.include?(request.send(method))
-          when TrueClass
-            request.send(method).present?
-          when FalseClass
-            request.send(method).blank?
-          else
-            value === request.send(method)
-          end
-        }
+        @request_method_match.call(request) && (
+          constraints.empty? ||
+          constraints.all? { |method, value|
+            case value
+            when Regexp, String
+              value === request.send(method).to_s
+            when Array
+              value.include?(request.send(method))
+            when TrueClass
+              request.send(method).present?
+            when FalseClass
+              request.send(method).blank?
+            else
+              value === request.send(method)
+            end
+          }
+        )
       end
 
       def ip
@@ -168,21 +191,12 @@ module ActionDispatch
       end
 
       def requires_matching_verb?
-        !@request_method_match.all? { |x| x == VerbMatchers::All }
+        @request_method_match != VerbMatchers::All
       end
 
       def verb
-        verbs.join("|")
+        @request_method_match.verb
       end
-
-      private
-        def verbs
-          @request_method_match.map(&:verb)
-        end
-
-        def match_verb(request)
-          @request_method_match.any? { |m| m.call request }
-        end
     end
   end
   # :startdoc:

data/lib/action_dispatch/journey/router/utils.rb

@@ -17,7 +17,14 @@ module ActionDispatch
         #     normalize_path("")      # => "/"
         #     normalize_path("/%ab")  # => "/%AB"
         def self.normalize_path(path)
-          path ||= ""
+          return "/".dup unless path
+
+          # Fast path for the overwhelming majority of paths that don't need to be normalized
+          if path == "/" || (path.start_with?("/") && !path.end_with?("/") && !path.match?(%r{%|//}))
+            return path.dup
+          end
+
+          # Slow path
           encoding = path.encoding
           path = +"/#{path}"
           path.squeeze!("/")
@@ -61,11 +68,6 @@ module ActionDispatch
             escape(segment, SEGMENT)
           end
 
-          def unescape_uri(uri)
-            encoding = uri.encoding == US_ASCII ? UTF_8 : uri.encoding
-            uri.gsub(ESCAPED) { |match| [match[1, 2].hex].pack("C") }.force_encoding(encoding)
-          end
-
           private
             def escape(component, pattern)
               component.gsub(pattern) { |unsafe| percent_encode(unsafe) }.force_encoding(US_ASCII)
@@ -91,14 +93,6 @@ module ActionDispatch
         def self.escape_fragment(fragment)
           ENCODER.escape_fragment(fragment.to_s)
         end
-
-        # Replaces any escaped sequences with their unescaped representations.
-        #
-        #     uri = "/topics?title=Ruby%20on%20Rails"
-        #     unescape_uri(uri)  #=> "/topics?title=Ruby on Rails"
-        def self.unescape_uri(uri)
-          ENCODER.unescape_uri(uri)
-        end
       end
     end
   end

data/lib/action_dispatch/journey/router.rb

@@ -2,15 +2,12 @@
 
 # :markup: markdown
 
+require "cgi/escape"
+require "cgi/util" if RUBY_VERSION < "3.5"
 require "action_dispatch/journey/router/utils"
 require "action_dispatch/journey/routes"
 require "action_dispatch/journey/formatter"
-
-before = $-w
-$-w = false
 require "action_dispatch/journey/parser"
-$-w = before
-
 require "action_dispatch/journey/route"
 require "action_dispatch/journey/path/pattern"
 
@@ -31,71 +28,78 @@ module ActionDispatch
       end
 
       def serve(req)
-        find_routes(req) do |match, parameters, route|
-          set_params  = req.path_parameters
-          path_info   = req.path_info
-          script_name = req.script_name
-
-          unless route.path.anchored
-            req.script_name = (script_name.to_s + match.to_s).chomp("/")
-            req.path_info = match.post_match
-            req.path_info = "/" + req.path_info unless req.path_info.start_with? "/"
-          end
-
-          tmp_params = set_params.merge route.defaults
-          parameters.each_pair { |key, val|
-            tmp_params[key] = val.force_encoding(::Encoding::UTF_8)
-          }
-
-          req.path_parameters = tmp_params
-          req.route_uri_pattern = route.path.spec.to_s
+        recognize(req) do |route, parameters|
+          req.path_parameters = parameters
+          req.route = route
 
           _, headers, _ = response = route.app.serve(req)
 
-          if "pass" == headers[Constants::X_CASCADE]
-            req.script_name     = script_name
-            req.path_info       = path_info
-            req.path_parameters = set_params
-            next
-          end
-
-          return response
+          return response unless headers[Constants::X_CASCADE] == "pass"
         end
 
         [404, { Constants::X_CASCADE => "pass" }, ["Not Found"]]
       end
 
-      def recognize(rails_req)
-        find_routes(rails_req) do |match, parameters, route|
-          unless route.path.anchored
-            rails_req.script_name = match.to_s
-            rails_req.path_info   = match.post_match
-            rails_req.path_info   = "/" + rails_req.path_info unless rails_req.path_info.start_with? "/"
-          end
+      def recognize(req, &block)
+        req_params  = req.path_parameters
+        path_info   = req.path_info
+        script_name = req.script_name
 
-          parameters = route.defaults.merge parameters
-          yield(route, parameters)
-        end
-      end
+        routes = filter_routes(path_info)
 
-      def visualizer
-        tt     = GTG::Builder.new(ast).transition_table
-        groups = partitioned_routes.first.map(&:ast).group_by(&:to_s)
-        asts   = groups.values.map(&:first)
-        tt.visualizer(asts)
-      end
+        custom_routes.each { |r|
+          routes << r if r.path.match?(path_info)
+        }
 
-      private
-        def partitioned_routes
-          routes.partition { |r|
-            r.path.anchored && r.path.requirements_anchored?
-          }
+        if req.head?
+          routes = match_head_routes(routes, req)
+        else
+          routes.select! { |r| r.matches?(req) }
         end
 
-        def ast
-          routes.ast
+        if routes.size > 1
+          routes.sort! do |a, b|
+            a.precedence <=> b.precedence
+          end
         end
 
+        routes.each do |r|
+          match_data = r.path.match(path_info)
+
+          path_parameters = req_params.merge r.defaults
+
+          index = 1
+          match_data.names.each do |name|
+            if val = match_data[index]
+              val = if val.include?("%")
+                CGI.unescapeURIComponent(val)
+              else
+                val
+              end
+              val.force_encoding(::Encoding::UTF_8)
+              path_parameters[name.to_sym] = val
+            end
+            index += 1
+          end
+
+          if r.path.anchored
+            yield(r, path_parameters)
+          else
+            req.script_name = (script_name.to_s + match_data.to_s).chomp("/")
+            req.path_info = match_data.post_match
+            req.path_info = "/" + req.path_info unless req.path_info.start_with? "/"
+
+            yield(r, path_parameters)
+
+            req.script_name     = script_name
+            req.path_info       = path_info
+          end
+
+          req.path_parameters = req_params
+        end
+      end
+
+      private
         def simulator
           routes.simulator
         end
@@ -105,35 +109,9 @@ module ActionDispatch
         end
 
         def filter_routes(path)
-          return [] unless ast
           simulator.memos(path) { [] }
         end
 
-        def find_routes(req)
-          path_info = req.path_info
-          routes = filter_routes(path_info).concat custom_routes.find_all { |r|
-            r.path.match?(path_info)
-          }
-
-          if req.head?
-            routes = match_head_routes(routes, req)
-          else
-            routes.select! { |r| r.matches?(req) }
-          end
-
-          routes.sort_by!(&:precedence)
-
-          routes.each { |r|
-            match_data = r.path.match(path_info)
-            path_parameters = {}
-            match_data.names.each_with_index { |name, i|
-              val = match_data[i + 1]
-              path_parameters[name.to_sym] = Utils.unescape_uri(val) if val
-            }
-            yield [match_data, path_parameters, r]
-          }
-        end
-
         def match_head_routes(routes, req)
           head_routes = routes.select { |r| r.requires_matching_verb? && r.matches?(req) }
           return head_routes unless head_routes.empty?

data/lib/action_dispatch/journey/routes.rb

@@ -72,6 +72,13 @@ module ActionDispatch
         route
       end
 
+      def visualizer
+        tt     = GTG::Builder.new(ast).transition_table
+        groups = anchored_routes.map(&:ast).group_by(&:to_s)
+        asts   = groups.values.map(&:first)
+        tt.visualizer(asts)
+      end
+
       private
         def clear_cache!
           @ast                = nil

data/lib/action_dispatch/journey/visitors.rb

@@ -128,8 +128,8 @@ module ActionDispatch
         def visit_DOT(n, seed);     terminal(n, seed); end
 
         instance_methods(false).each do |pim|
-          next unless pim =~ /^visit_(.*)$/
-          DISPATCH_CACHE[$1.to_sym] = pim
+          next unless pim.start_with?("visit_")
+          DISPATCH_CACHE[pim.name.delete_prefix("visit_").to_sym] = pim
         end
       end
 
@@ -167,32 +167,64 @@ module ActionDispatch
         INSTANCE = new
       end
 
-      class String < FunctionalVisitor # :nodoc:
-        private
-          def binary(node, seed)
-            visit(node.right, visit(node.left, seed))
-          end
-
-          def nary(node, seed)
+      class String # :nodoc:
+        def accept(node, seed)
+          case node.type
+          when :DOT
+            seed << node.left
+          when :LITERAL
+            seed << node.left
+          when :SYMBOL
+            seed << node.left
+          when :SLASH
+            seed << node.left
+          when :CAT
+            accept(node.right, accept(node.left, seed))
+          when :STAR
+            accept(node.left, seed)
+          when :OR
             last_child = node.children.last
-            node.children.inject(seed) { |s, c|
-              string = visit(c, s)
-              string << "|" unless last_child == c
-              string
-            }
-          end
-
-          def terminal(node, seed)
-            seed + node.left
-          end
-
-          def visit_GROUP(node, seed)
-            visit(node.left, seed.dup << "(") << ")"
+            node.children.each do |c|
+              accept(c, seed)
+              seed << "|" unless last_child == c
+            end
+            seed
+          when :GROUP
+            accept(node.left, seed << "(") << ")"
+          else
+            raise "Unknown node type: #{node.type}"
           end
+        end
 
-          INSTANCE = new
+        INSTANCE = new
       end
 
+      # class String < FunctionalVisitor # :nodoc:
+      #   private
+      #     def binary(node, seed)
+      #       visit(node.right, visit(node.left, seed))
+      #     end
+      #
+      #     def nary(node, seed)
+      #       last_child = node.children.last
+      #       node.children.inject(seed) { |s, c|
+      #         string = visit(c, s)
+      #         string << "|" unless last_child == c
+      #         string
+      #       }
+      #     end
+      #
+      #     def terminal(node, seed)
+      #       seed + node.left
+      #     end
+      #
+      #     def visit_GROUP(node, seed)
+      #       visit(node.left, seed.dup << "(") << ")"
+      #     end
+      #
+      #     INSTANCE = new
+      # end
+
       class Dot < FunctionalVisitor # :nodoc:
         def initialize
           @nodes = []

data/lib/action_dispatch/journey/visualizer/fsm.js

@@ -105,12 +105,10 @@ function match(input) {
         }
 
         if(stdparam_states[state] && default_re.test(token)) {
-          for(var key in stdparam_states[state]) {
-            var new_state = stdparam_states[state][key];
-            highlight_edge(state, new_state);
-            highlight_state(new_state);
-            new_states.push([new_state, null]);
-          }
+          var new_state = stdparam_states[state];
+          highlight_edge(state, new_state);
+          highlight_state(new_state);
+          new_states.push([new_state, null]);
         }
       }
 

data/lib/action_dispatch/middleware/cookies.rb

@@ -610,8 +610,10 @@ module ActionDispatch
         end
 
         def check_for_overflow!(name, options)
-          if options[:value].bytesize > MAX_COOKIE_SIZE
-            raise CookieOverflow, "#{name} cookie overflowed with size #{options[:value].bytesize} bytes"
+          total_size = name.to_s.bytesize + options[:value].bytesize
+
+          if total_size > MAX_COOKIE_SIZE
+            raise CookieOverflow, "#{name} cookie overflowed with size #{total_size} bytes"
           end
         end
     end

data/lib/action_dispatch/middleware/debug_exceptions.rb

@@ -127,6 +127,7 @@ module ActionDispatch
           trace_to_show: wrapper.trace_to_show,
           routes_inspector: routes_inspector(wrapper),
           source_extracts: wrapper.source_extracts,
+          exception_message_for_copy: compose_exception_message(wrapper).join("\n"),
         )
       end
 
@@ -140,6 +141,11 @@ module ActionDispatch
         return unless logger
         return if !log_rescued_responses?(request) && wrapper.rescue_response?
 
+        message = compose_exception_message(wrapper)
+        log_array(logger, message, request)
+      end
+
+      def compose_exception_message(wrapper)
         trace = wrapper.exception_trace
 
         message = []
@@ -168,7 +174,7 @@ module ActionDispatch
           end
         end
 
-        log_array(logger, message, request)
+        message
       end
 
       def log_array(logger, lines, request)

data/lib/action_dispatch/middleware/debug_view.rb

@@ -55,6 +55,17 @@ module ActionDispatch
       end
     end
 
+    def editor_url(location, line: nil)
+      if editor = ActiveSupport::Editor.current
+        line ||= location&.lineno
+        absolute_path = location&.absolute_path
+
+        if absolute_path && line && File.exist?(absolute_path)
+          editor.url_for(absolute_path, line)
+        end
+      end
+    end
+
     def protect_against_forgery?
       false
     end

data/lib/action_dispatch/middleware/exception_wrapper.rb

@@ -23,6 +23,7 @@ module ActionDispatch
       "ActionDispatch::Http::Parameters::ParseError"       => :bad_request,
       "ActionController::BadRequest"                       => :bad_request,
       "ActionController::ParameterMissing"                 => :bad_request,
+      "ActionController::TooManyRequests"                  => :too_many_requests,
       "Rack::QueryParser::ParameterTypeError"              => :bad_request,
       "Rack::QueryParser::InvalidParameterError"           => :bad_request
     )
@@ -148,15 +149,20 @@ module ActionDispatch
       application_trace_with_ids = []
       framework_trace_with_ids = []
       full_trace_with_ids = []
+      application_traces = application_trace.map(&:to_s)
 
+      full_trace = backtrace_cleaner&.clean_locations(backtrace, :all).presence || backtrace
       full_trace.each_with_index do |trace, idx|
+        filtered_trace = backtrace_cleaner&.clean_frame(trace, :all) || trace
+
         trace_with_id = {
           exception_object_id: @exception.object_id,
           id: idx,
-          trace: trace
+          trace: trace,
+          filtered_trace: filtered_trace,
         }
 
-        if application_trace.include?(trace)
+        if application_traces.include?(filtered_trace.to_s)
           application_trace_with_ids << trace_with_id
         else
           framework_trace_with_ids << trace_with_id
@@ -197,7 +203,7 @@ module ActionDispatch
 
     def source_extracts
       backtrace.map do |trace|
-        extract_source(trace)
+        extract_source(trace).merge(trace: trace)
       end
     end
 
@@ -261,13 +267,13 @@ module ActionDispatch
         end
 
         (@exception.backtrace_locations || []).map do |loc|
-          if built_methods.key?(loc.label.to_s)
+          if built_methods.key?(loc.base_label)
             thread_backtrace_location = if loc.respond_to?(:__getobj__)
               loc.__getobj__
             else
               loc
             end
-            SourceMapLocation.new(thread_backtrace_location, built_methods[loc.label.to_s])
+            SourceMapLocation.new(thread_backtrace_location, built_methods[loc.base_label])
           else
             loc
           end

data/lib/action_dispatch/middleware/executor.rb

@@ -12,6 +12,10 @@ module ActionDispatch
 
     def call(env)
       state = @executor.run!(reset: true)
+      if response_finished = env["rack.response_finished"]
+        response_finished << proc { state.complete! }
+      end
+
       begin
         response = @app.call(env)
 
@@ -20,7 +24,11 @@ module ActionDispatch
           @executor.error_reporter.report(error, handled: false, source: "application.action_dispatch")
         end
 
-        returned = response << ::Rack::BodyProxy.new(response.pop) { state.complete! }
+        unless response_finished
+          response << ::Rack::BodyProxy.new(response.pop) { state.complete! }
+        end
+        returned = true
+        response
       rescue Exception => error
         request = ActionDispatch::Request.new env
         backtrace_cleaner = request.get_header("action_dispatch.backtrace_cleaner")
@@ -28,7 +36,9 @@ module ActionDispatch
         @executor.error_reporter.report(wrapper.unwrapped_exception, handled: false, source: "application.action_dispatch")
         raise
       ensure
-        state.complete! unless returned
+        if !returned && !response_finished
+          state.complete!
+        end
       end
     end
   end

data/lib/action_dispatch/middleware/public_exceptions.rb

@@ -25,11 +25,7 @@ module ActionDispatch
     def call(env)
       request      = ActionDispatch::Request.new(env)
       status       = request.path_info[1..-1].to_i
-      begin
-        content_type = request.formats.first
-      rescue ActionDispatch::Http::MimeNegotiation::InvalidType
-        content_type = Mime[:text]
-      end
+      content_type = request.formats.first
       body = { status: status, error: Rack::Utils::HTTP_STATUS_CODES.fetch(status, Rack::Utils::HTTP_STATUS_CODES[500]) }
 
       if env["action_dispatch.original_request_method"] == "HEAD"

data/lib/action_dispatch/middleware/session/cache_store.rb

@@ -18,11 +18,16 @@ module ActionDispatch
     # *   `expire_after`  - The length of time a session will be stored before
     #     automatically expiring. By default, the `:expires_in` option of the cache
     #     is used.
+    # *   `check_collisions`  - Check if newly generated session ids aren't already in use.
+    #     If for some reason 128 bits of randomness aren't considered secure enough to avoid
+    #     collisions, this option can be enabled to ensure newly generated ids aren't in use.
+    #     By default, it is set to `false` to avoid additional cache write operations.
     #
     class CacheStore < AbstractSecureStore
       def initialize(app, options = {})
         @cache = options[:cache] || Rails.cache
         options[:expire_after] ||= @cache.options[:expires_in]
+        @check_collisions = options[:check_collisions] || false
         super
       end
 
@@ -61,6 +66,18 @@ module ActionDispatch
         def get_session_with_fallback(sid)
           @cache.read(cache_key(sid.private_id)) || @cache.read(cache_key(sid.public_id))
         end
+
+        def generate_sid
+          if @check_collisions
+            loop do
+              sid = super
+              key = cache_key(sid.private_id)
+              break sid if @cache.write(key, {}, unless_exist: true, expires_in: default_options[:expire_after])
+            end
+          else
+            super
+          end
+        end
     end
   end
 end

data/lib/action_dispatch/middleware/templates/rescues/_copy_button.html.erb

@@ -0,0 +1 @@
+<button onclick="copyAsText.bind(this)()">Copy as text</button>