devver-rack-contrib 0.9.3

data/lib/rack/contrib/cookies.rb

@@ -0,0 +1,50 @@
+module Rack
+  class Cookies
+    class CookieJar < Hash
+      def initialize(cookies)
+        @set_cookies = {}
+        @delete_cookies = {}
+        super()
+        update(cookies)
+      end
+
+      def [](name)
+        super(name.to_s)
+      end
+
+      def []=(key, options)
+        unless options.is_a?(Hash)
+          options = { :value => options }
+        end
+
+        options[:path] ||= '/'
+        @set_cookies[key] = options
+        super(key.to_s, options[:value])
+      end
+
+      def delete(key, options = {})
+        options[:path] ||= '/'
+        @delete_cookies[key] = options
+        super(key.to_s)
+      end
+
+      def finish!(resp)
+        @set_cookies.each { |k, v| resp.set_cookie(k, v) }
+        @delete_cookies.each { |k, v| resp.delete_cookie(k, v) }
+      end
+    end
+
+    def initialize(app)
+      @app = app
+    end
+
+    def call(env)
+      req = Request.new(env)
+      env['rack.cookies'] = cookies = CookieJar.new(req.cookies)
+      status, headers, body = @app.call(env)
+      resp = Response.new(body, status, headers)
+      cookies.finish!(resp)
+      resp.to_a
+    end
+  end
+end

data/lib/rack/contrib/csshttprequest.rb

@@ -0,0 +1,39 @@
+require 'csshttprequest'
+
+module Rack
+
+  # A Rack middleware for providing CSSHTTPRequest responses.
+  class CSSHTTPRequest
+
+    def initialize(app)
+      @app = app
+    end
+
+    # Proxies the request to the application then encodes the response with
+    # the CSSHTTPRequest encoder
+    def call(env)
+      status, headers, response = @app.call(env)
+      if chr_request?(env)
+        response = encode(response)
+        modify_headers!(headers, response)
+      end
+      [status, headers, response]
+    end
+
+    def chr_request?(env)
+      env['csshttprequest.chr'] ||=
+        !(/\.chr$/.match(env['PATH_INFO'])).nil? || Rack::Request.new(env).params['_format'] == 'chr'
+    end
+
+    def encode(response, assembled_body="")
+      response.each { |s| assembled_body << s.to_s } # call down the stack
+      return ::CSSHTTPRequest.encode(assembled_body)
+    end
+
+    def modify_headers!(headers, encoded_response)
+      headers['Content-Length'] = encoded_response.length.to_s
+      headers['Content-Type'] = 'text/css'
+      nil
+    end
+  end
+end

data/lib/rack/contrib/deflect.rb

@@ -0,0 +1,137 @@
+require 'thread'
+
+# TODO: optional stats
+# TODO: performance
+# TODO: clean up tests
+
+module Rack
+
+  ##
+  # Rack middleware for protecting against Denial-of-service attacks
+  # http://en.wikipedia.org/wiki/Denial-of-service_attack.
+  #
+  # This middleware is designed for small deployments, which most likely
+  # are not utilizing load balancing from other software or hardware. Deflect
+  # current supports the following functionality:
+  #
+  # * Saturation prevention (small DoS attacks, or request abuse)
+  # * Blacklisting of remote addresses
+  # * Whitelisting of remote addresses
+  # * Logging
+  #
+  # === Options:
+  #
+  #   :log                When false logging will be bypassed, otherwise pass an object responding to #puts
+  #   :log_format         Alter the logging format
+  #   :log_date_format    Alter the logging date format
+  #   :request_threshold  Number of requests allowed within the set :interval. Defaults to 100
+  #   :interval           Duration in seconds until the request counter is reset. Defaults to 5
+  #   :block_duration     Duration in seconds that a remote address will be blocked. Defaults to 900 (15 minutes)
+  #   :whitelist          Array of remote addresses which bypass Deflect. NOTE: this does not block others
+  #   :blacklist          Array of remote addresses immediately considered malicious
+  #
+  # === Examples:
+  #
+  #  use Rack::Deflect, :log => $stdout, :request_threshold => 20, :interval => 2, :block_duration => 60
+  #
+  # CREDIT: TJ Holowaychuk <tj@vision-media.ca>
+  #
+
+  class Deflect
+
+    attr_reader :options
+
+    def initialize app, options = {}
+      @mutex = Mutex.new
+      @remote_addr_map = {}
+      @app, @options = app, {
+        :log => false,
+        :log_format => 'deflect(%s): %s',
+        :log_date_format => '%m/%d/%Y',
+        :request_threshold => 100,
+        :interval => 5,
+        :block_duration => 900,
+        :whitelist => [],
+        :blacklist => []
+      }.merge(options)
+    end
+
+    def call env
+      return deflect! if deflect? env
+      status, headers, body = @app.call env
+      [status, headers, body]
+    end
+
+    def deflect!
+      [403, { 'Content-Type' => 'text/html', 'Content-Length' => '0' }, '']
+    end
+
+    def deflect? env
+      @remote_addr = env['REMOTE_ADDR']
+      return false if options[:whitelist].include? @remote_addr
+      return true  if options[:blacklist].include? @remote_addr
+      sync { watch }
+    end
+
+    def log message
+      return unless options[:log]
+      options[:log].puts(options[:log_format] % [Time.now.strftime(options[:log_date_format]), message])
+    end
+
+    def sync &block
+      @mutex.synchronize(&block)
+    end
+
+    def map
+      @remote_addr_map[@remote_addr] ||= {
+        :expires => Time.now + options[:interval],
+        :requests => 0
+      }
+    end
+
+    def watch
+      increment_requests
+      clear! if watch_expired? and not blocked?
+      clear! if blocked? and block_expired?
+      block! if watching? and exceeded_request_threshold?
+      blocked?
+    end
+
+    def block!
+      return if blocked?
+      log "blocked #{@remote_addr}"
+      map[:block_expires] = Time.now + options[:block_duration]
+    end
+
+    def blocked?
+      map.has_key? :block_expires
+    end
+
+    def block_expired?
+      map[:block_expires] < Time.now rescue false
+    end
+
+    def watching?
+      @remote_addr_map.has_key? @remote_addr
+    end
+
+    def clear!
+      return unless watching?
+      log "released #{@remote_addr}" if blocked?
+      @remote_addr_map.delete @remote_addr
+    end
+
+    def increment_requests
+      map[:requests] += 1
+    end
+
+    def exceeded_request_threshold?
+      map[:requests] > options[:request_threshold]
+    end
+
+    def watch_expired?
+      map[:expires] <= Time.now
+    end
+
+  end
+end

data/lib/rack/contrib/evil.rb

@@ -0,0 +1,12 @@
+module Rack
+  class Evil
+    # Lets you return a response to the client immediately from anywhere ( M V or C ) in the code.
+    def initialize(app)
+      @app = app
+    end
+
+    def call(env)
+      catch(:response) { @app.call(env) }
+    end
+  end
+end

data/lib/rack/contrib/garbagecollector.rb

@@ -0,0 +1,14 @@
+module Rack
+  # Forces garbage collection after each request.
+  class GarbageCollector
+    def initialize(app)
+      @app = app
+    end
+
+    def call(env)
+      @app.call(env)
+    ensure
+      GC.start
+    end
+  end
+end

data/lib/rack/contrib/jsonp.rb

@@ -0,0 +1,41 @@
+module Rack
+
+  # A Rack middleware for providing JSON-P support.
+  #
+  # Full credit to Flinn Mueller (http://actsasflinn.com/) for this contribution.
+  #
+  class JSONP
+
+    def initialize(app)
+      @app = app
+    end
+
+    # Proxies the request to the application, stripping out the JSON-P callback
+    # method and padding the response with the appropriate callback format.
+    #
+    # Changes nothing if no <tt>callback</tt> param is specified.
+    #
+    def call(env)
+      status, headers, response = @app.call(env)
+      request = Rack::Request.new(env)
+      if request.params.include?('callback')
+        response = pad(request.params.delete('callback'), response)
+        headers['Content-Length'] = response.length.to_s
+      end
+      [status, headers, response]
+    end
+
+    # Pads the response with the appropriate callback format according to the
+    # JSON-P spec/requirements.
+    #
+    # The Rack response spec indicates that it should be enumerable. The method
+    # of combining all of the data into a single string makes sense since JSON
+    # is returned as a full string.
+    #
+    def pad(callback, response, body = "")
+      response.each{ |s| body << s.to_s }
+      "#{callback}(#{body})"
+    end
+
+  end
+end

data/lib/rack/contrib/lighttpd_script_name_fix.rb

@@ -0,0 +1,16 @@
+module Rack
+  # Lighttpd sets the wrong SCRIPT_NAME and PATH_INFO if you mount your
+  # FastCGI app at "/". This middleware fixes this issue.
+
+  class LighttpdScriptNameFix
+    def initialize(app)
+      @app = app
+    end
+
+    def call(env)
+      env["PATH_INFO"] = env["SCRIPT_NAME"].to_s + env["PATH_INFO"].to_s
+      env["SCRIPT_NAME"] = ""
+      @app.call(env)
+    end
+  end
+end

data/lib/rack/contrib/locale.rb

@@ -0,0 +1,31 @@
+require 'i18n'
+
+module Rack
+  class Locale
+    def initialize(app)
+      @app = app
+    end
+
+    def call(env)
+      old_locale = I18n.locale
+      locale = nil
+
+      # http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.4
+      if lang = env["HTTP_ACCEPT_LANGUAGE"]
+        lang = lang.split(",").map { |l|
+          l += ';q=1.0' unless l =~ /;q=\d+\.\d+$/
+          l.split(';q=')
+        }.first
+        locale = lang.first.split("-").first
+      else
+        locale = I18n.default_locale
+      end
+
+      locale = env['rack.locale'] = I18n.locale = locale.to_s
+      status, headers, body = @app.call(env)
+      headers['Content-Language'] = locale
+      I18n.locale = old_locale
+      [status, headers, body]
+    end
+  end
+end

data/lib/rack/contrib/mailexceptions.rb

@@ -0,0 +1,120 @@
+require 'net/smtp'
+require 'tmail'
+require 'erb'
+
+module Rack
+  # Catches all exceptions raised from the app it wraps and
+  # sends a useful email with the exception, stacktrace, and
+  # contents of the environment.
+
+  class MailExceptions
+    attr_reader :config
+
+    def initialize(app)
+      @app = app
+      @config = {
+        :to      => nil,
+        :from    => ENV['USER'] || 'rack',
+        :subject => '[exception] %s',
+        :smtp    => {
+          :server         => 'localhost',
+          :domain         => 'localhost',
+          :port           => 25,
+          :authentication => :login,
+          :user_name      => nil,
+          :password       => nil
+        }
+      }
+      @template = ERB.new(TEMPLATE)
+      yield self if block_given?
+    end
+
+    def call(env)
+      status, headers, body =
+        begin
+          @app.call(env)
+        rescue => boom
+          # TODO don't allow exceptions from send_notification to
+          # propogate
+          send_notification boom, env
+          raise
+        end
+      send_notification env['mail.exception'], env if env['mail.exception']
+      [status, headers, body]
+    end
+
+    %w[to from subject].each do |meth|
+      define_method(meth) { |value| @config[meth.to_sym] = value }
+    end
+
+    def smtp(settings={})
+      @config[:smtp].merge! settings
+    end
+
+  private
+    def generate_mail(exception, env)
+      mail = TMail::Mail.new
+      mail.to = Array(config[:to])
+      mail.from = config[:from]
+      mail.subject = config[:subject] % [exception.to_s]
+      mail.date = Time.now
+      mail.set_content_type 'text/plain'
+      mail.charset = 'UTF-8'
+      mail.body = @template.result(binding)
+      mail
+    end
+
+    def send_notification(exception, env)
+      mail = generate_mail(exception, env)
+      smtp = config[:smtp]
+      env['mail.sent'] = true
+      return if smtp[:server] == 'example.com'
+
+      Net::SMTP.start smtp[:server], smtp[:port], smtp[:domain], smtp[:user_name], smtp[:password], smtp[:authentication] do |server|
+        mail.to.each do |recipient|
+          server.send_message mail.to_s, mail.from, recipient
+        end
+      end
+    end
+
+    def extract_body(env)
+      if io = env['rack.input']
+        io.rewind if io.respond_to?(:rewind)
+        io.read
+      end
+    end
+
+    TEMPLATE = (<<-'EMAIL').gsub(/^ {4}/, '')
+    A <%= exception.class.to_s %> occured: <%= exception.to_s %>
+    <% if body = extract_body(env) %>
+
+    ===================================================================
+    Request Body:
+    ===================================================================
+
+    <%= body.gsub(/^/, '  ') %>
+    <% end %>
+
+    ===================================================================
+    Rack Environment:
+    ===================================================================
+
+      PID:                     <%= $$ %>
+      PWD:                     <%= Dir.getwd %>
+
+      <%= env.to_a.
+        sort{|a,b| a.first <=> b.first}.
+        map{ |k,v| "%-25s%p" % [k+':', v] }.
+        join("\n  ") %>
+
+    <% if exception.respond_to?(:backtrace) %>
+    ===================================================================
+    Backtrace:
+    ===================================================================
+
+      <%= exception.backtrace.join("\n  ") %>
+    <% end %>
+    EMAIL
+
+  end
+end