em-http-request-samesite 1.1.7

data/lib/em-http/http_connection_options.rb

@@ -0,0 +1,70 @@
+class HttpConnectionOptions
+  attr_reader :host, :port, :tls, :proxy, :bind, :bind_port
+  attr_reader :connect_timeout, :inactivity_timeout
+  attr_writer :https
+
+  def initialize(uri, options)
+    @connect_timeout     = options[:connect_timeout] || 5        # default connection setup timeout
+    @inactivity_timeout  = options[:inactivity_timeout] ||= 10   # default connection inactivity (post-setup) timeout
+
+    @tls   = options[:tls] || options[:ssl] || {}
+
+    if bind = options[:bind]
+      @bind = bind[:host] || '0.0.0.0'
+
+      # Eventmachine will open a UNIX socket if bind :port
+      # is explicitly set to nil
+      @bind_port = bind[:port]
+    end
+
+    uri = uri.kind_of?(Addressable::URI) ? uri : Addressable::URI::parse(uri.to_s)
+    @https = uri.scheme == "https"
+    uri.port ||= (@https ? 443 : 80)
+    @tls[:sni_hostname] = uri.hostname
+
+    @proxy = options[:proxy] || proxy_from_env
+
+    if proxy
+      @host = proxy[:host]
+      @port = proxy[:port]
+    else
+      @host = uri.hostname
+      @port = uri.port
+    end
+  end
+
+  def http_proxy?
+    @proxy && (@proxy[:type] == :http || @proxy[:type].nil?) && !@https
+  end
+
+  def connect_proxy?
+    @proxy && (@proxy[:type] == :http || @proxy[:type].nil?) && @https
+  end
+
+  def socks_proxy?
+    @proxy && (@proxy[:type] == :socks5)
+  end
+
+  def proxy_from_env
+    # TODO: Add support for $http_no_proxy or $no_proxy ?
+    proxy_str = if @https
+                  ENV['HTTPS_PROXY'] || ENV['https_proxy']
+                else
+                  ENV['HTTP_PROXY'] || ENV['http_proxy']
+
+                # Fall-back to $ALL_PROXY if none of the above env-vars have values
+                end || ENV['ALL_PROXY']
+
+    # Addressable::URI::parse will return `nil` if given `nil` and an empty URL for an empty string
+    # so, let's short-circuit that:
+    return if !proxy_str || proxy_str.empty?
+
+    proxy_env_uri = Addressable::URI::parse(proxy_str)
+    { :host => proxy_env_uri.host, :port => proxy_env_uri.port, :type => :http }
+
+  rescue Addressable::URI::InvalidURIError
+    # An invalid env-var shouldn't crash the config step, IMHO.
+    # We should somehow log / warn about this, perhaps...
+    return
+  end
+end

data/lib/em-http/http_encoding.rb

@@ -0,0 +1,149 @@
+module EventMachine
+  module HttpEncoding
+    HTTP_REQUEST_HEADER="%s %s HTTP/1.1\r\n"
+    FIELD_ENCODING = "%s: %s\r\n"
+
+    def escape(s)
+      if defined?(EscapeUtils)
+        EscapeUtils.escape_url(s.to_s)
+      else
+        s.to_s.gsub(/([^a-zA-Z0-9_.-]+)/) {
+          '%'+$1.unpack('H2'*bytesize($1)).join('%').upcase
+        }
+      end
+    end
+
+    def unescape(s)
+      if defined?(EscapeUtils)
+        EscapeUtils.unescape_url(s.to_s)
+      else
+        s.tr('+', ' ').gsub(/((?:%[0-9a-fA-F]{2})+)/) {
+          [$1.delete('%')].pack('H*')
+        }
+      end
+    end
+
+    if ''.respond_to?(:bytesize)
+      def bytesize(string)
+        string.bytesize
+      end
+    else
+      def bytesize(string)
+        string.size
+      end
+    end
+
+    # Map all header keys to a downcased string version
+    def munge_header_keys(head)
+      head.inject({}) { |h, (k, v)| h[k.to_s.downcase] = v; h }
+    end
+
+    def encode_host
+      if @req.uri.port.nil? || @req.uri.port == 80 || @req.uri.port == 443
+        return @req.uri.host
+      else
+        @req.uri.host + ":#{@req.uri.port}"
+      end
+    end
+
+    def encode_request(method, uri, query, connopts)
+      query = encode_query(uri, query)
+
+      # Non CONNECT proxies require that you provide the full request
+      # uri in request header, as opposed to a relative path.
+      # Don't modify the header with CONNECT proxies. It's unneeded and will
+      # cause 400 Bad Request errors with many standard setups.
+      if connopts.proxy && !connopts.connect_proxy?
+        query = uri.join(query)
+        # Drop the userinfo, it's been converted to a header and won't be
+        # accepted by the proxy
+        query.userinfo = nil
+      end
+
+      HTTP_REQUEST_HEADER % [method.to_s.upcase, query]
+    end
+
+    def encode_query(uri, query)
+      encoded_query = if query.kind_of?(Hash)
+        query.map { |k, v| encode_param(k, v) }.join('&')
+      else
+        query.to_s
+      end
+
+      if uri && !uri.query.to_s.empty?
+        encoded_query = [encoded_query, uri.query].reject {|part| part.empty?}.join("&")
+      end
+      encoded_query.to_s.empty? ? uri.path : "#{uri.path}?#{encoded_query}"
+    end
+
+    # URL encodes query parameters:
+    # single k=v, or a URL encoded array, if v is an array of values
+    def encode_param(k, v)
+      if v.is_a?(Array)
+        v.map { |e| escape(k) + "[]=" + escape(e) }.join("&")
+      else
+        escape(k) + "=" + escape(v)
+      end
+    end
+
+    def form_encode_body(obj)
+      pairs = []
+      recursive = Proc.new do |h, prefix|
+        h.each do |k,v|
+          key = prefix == '' ? escape(k) : "#{prefix}[#{escape(k)}]"
+
+          if v.is_a? Array
+            nh = Hash.new
+            v.size.times { |t| nh[t] = v[t] }
+            recursive.call(nh, key)
+
+          elsif v.is_a? Hash
+            recursive.call(v, key)
+          else
+            pairs << "#{key}=#{escape(v)}"
+          end
+        end
+      end
+
+      recursive.call(obj, '')
+      return pairs.join('&')
+    end
+
+    # Encode a field in an HTTP header
+    def encode_field(k, v)
+      FIELD_ENCODING % [k, v]
+    end
+
+    # Encode basic auth in an HTTP header
+    # In: Array ([user, pass]) - for basic auth
+    #     String - custom auth string (OAuth, etc)
+    def encode_auth(k,v)
+      if v.is_a? Array
+        FIELD_ENCODING % [k, ["Basic", Base64.strict_encode64(v.join(":")).split.join].join(" ")]
+      else
+        encode_field(k,v)
+      end
+    end
+
+    def encode_headers(head)
+      head.inject('') do |result, (key, value)|
+        # Munge keys from foo-bar-baz to Foo-Bar-Baz
+        key = key.split('-').map { |k| k.to_s.capitalize }.join('-')
+        result << case key
+          when 'Authorization', 'Proxy-Authorization'
+            encode_auth(key, value)
+          else
+            encode_field(key, value)
+        end
+      end
+    end
+
+    def encode_cookie(cookie)
+      if cookie.is_a? Hash
+        cookie.inject('') { |result, (k, v)| result <<  encode_param(k, v) + ";" }
+      else
+        cookie
+      end
+    end
+  end
+end

data/lib/em-http/http_header.rb

@@ -0,0 +1,83 @@
+module EventMachine
+  # A simple hash is returned for each request made by HttpClient with the
+  # headers that were given by the server for that request.
+  class HttpResponseHeader < Hash
+    # The reason returned in the http response (string - e.g. "OK")
+    attr_accessor :http_reason
+
+    # The HTTP version returned (string - e.g. "1.1")
+    attr_accessor :http_version
+
+    # The status code (integer - e.g. 200)
+    attr_accessor :http_status
+
+    # Raw headers
+    attr_accessor :raw
+
+    # E-Tag
+    def etag
+      self[HttpClient::ETAG]
+    end
+
+    def last_modified
+      self[HttpClient::LAST_MODIFIED]
+    end
+
+    # HTTP response status
+    def status
+      Integer(http_status) rescue 0
+    end
+
+    # Length of content as an integer, or nil if chunked/unspecified
+    def content_length
+      @content_length ||= ((s = self[HttpClient::CONTENT_LENGTH]) &&
+                           (s =~ /^(\d+)$/)) ? $1.to_i : nil
+    end
+
+    # Cookie header from the server
+    def cookie
+      self[HttpClient::SET_COOKIE]
+    end
+
+    # Is the transfer encoding chunked?
+    def chunked_encoding?
+      /chunked/i === self[HttpClient::TRANSFER_ENCODING]
+    end
+
+    def keepalive?
+      /keep-alive/i === self[HttpClient::KEEP_ALIVE]
+    end
+
+    def compressed?
+      /gzip|compressed|deflate/i === self[HttpClient::CONTENT_ENCODING]
+    end
+
+    def location
+      self[HttpClient::LOCATION]
+    end
+
+    def [](key)
+      super(key) || super(key.upcase.gsub('-','_'))
+    end
+
+    def informational?
+      100 <= status && 200 > status
+    end
+
+    def successful?
+      200 <= status && 300 > status
+    end
+
+    def redirection?
+      300 <= status && 400 > status
+    end
+
+    def client_error?
+      400 <= status && 500 > status
+    end
+
+    def server_error?
+      500 <= status && 600 > status
+    end
+  end
+end

data/lib/em-http/http_status_codes.rb

@@ -0,0 +1,57 @@
+module EventMachine
+  module HttpStatus
+    CODE = {
+      100  => 'Continue',
+      101  => 'Switching Protocols',
+      102  => 'Processing',
+      200  => 'OK',
+      201  => 'Created',
+      202  => 'Accepted',
+      203  => 'Non-Authoritative Information',
+      204  => 'No Content',
+      205  => 'Reset Content',
+      206  => 'Partial Content',
+      207  => 'Multi-Status',
+      226  => 'IM Used',
+      300  => 'Multiple Choices',
+      301  => 'Moved Permanently',
+      302  => 'Found',
+      303  => 'See Other',
+      304  => 'Not Modified',
+      305  => 'Use Proxy',
+      306  => 'Reserved',
+      307  => 'Temporary Redirect',
+      400  => 'Bad Request',
+      401  => 'Unauthorized',
+      402  => 'Payment Required',
+      403  => 'Forbidden',
+      404  => 'Not Found',
+      405  => 'Method Not Allowed',
+      406  => 'Not Acceptable',
+      407  => 'Proxy Authentication Required',
+      408  => 'Request Timeout',
+      409  => 'Conflict',
+      410  => 'Gone',
+      411  => 'Length Required',
+      412  => 'Precondition Failed',
+      413  => 'Request Entity Too Large',
+      414  => 'Request-URI Too Long',
+      415  => 'Unsupported Media Type',
+      416  => 'Requested Range Not Satisfiable',
+      417  => 'Expectation Failed',
+      422  => 'Unprocessable Entity',
+      423  => 'Locked',
+      424  => 'Failed Dependency',
+      426  => 'Upgrade Required',
+      500  => 'Internal Server Error',
+      501  => 'Not Implemented',
+      502  => 'Bad Gateway',
+      503  => 'Service Unavailable',
+      504  => 'Gateway Timeout',
+      505  => 'HTTP Version Not Supported',
+      506  => 'Variant Also Negotiates',
+      507  => 'Insufficient Storage',
+      510  => 'Not Extended'
+    }
+  end
+end

data/lib/em-http/middleware/digest_auth.rb

@@ -0,0 +1,112 @@
+module EventMachine
+  module Middleware
+    require 'digest'
+    require 'securerandom'
+
+    class DigestAuth
+      include EventMachine::HttpEncoding
+
+      attr_accessor :auth_digest, :is_digest_auth
+
+      def initialize(www_authenticate, opts = {})
+        @nonce_count = -1
+        @opts = opts
+        @digest_params = {
+            algorithm: 'MD5' # MD5 is the default hashing algorithm
+        }
+        if (@is_digest_auth = www_authenticate =~ /^Digest/)
+          get_params(www_authenticate)
+        end
+      end
+
+      def request(client, head, body)
+        # Allow HTTP basic auth fallback
+        if @is_digest_auth
+          head['Authorization'] = build_auth_digest(client.req.method, client.req.uri.path, @opts.merge(@digest_params))
+        else
+          head['Authorization'] = [@opts[:username], @opts[:password]]
+        end
+        [head, body]
+      end
+
+      def response(resp)
+        # If the server responds with the Authentication-Info header, set the nonce to the new value
+        if @is_digest_auth && (authentication_info = resp.response_header['Authentication-Info'])
+          authentication_info =~ /nextnonce="?(.*?)"?(,|\z)/
+          @digest_params[:nonce] = $1
+        end
+      end
+
+      def build_auth_digest(method, uri, params = nil)
+        params = @opts.merge(@digest_params) if !params
+        nonce_count = next_nonce
+
+        user = unescape params[:username]
+        password = unescape params[:password]
+
+        splitted_algorithm = params[:algorithm].split('-')
+        sess = "-sess" if splitted_algorithm[1]
+        raw_algorithm = splitted_algorithm[0]
+        if %w(MD5 SHA1 SHA2 SHA256 SHA384 SHA512 RMD160).include? raw_algorithm
+          algorithm = eval("Digest::#{raw_algorithm}")
+        else
+          raise "Unknown algorithm: #{raw_algorithm}"
+        end
+        qop = params[:qop]
+        cnonce = make_cnonce if qop or sess
+        a1 = if sess
+          [
+            algorithm.hexdigest("#{params[:username]}:#{params[:realm]}:#{params[:password]}"),
+            params[:nonce],
+            cnonce,
+            ].join ':'
+        else
+          "#{params[:username]}:#{params[:realm]}:#{params[:password]}"
+        end
+        ha1 = algorithm.hexdigest a1
+        ha2 = algorithm.hexdigest "#{method}:#{uri}"
+
+        request_digest = [ha1, params[:nonce]]
+        request_digest.push(('%08x' % @nonce_count), cnonce, qop) if qop
+        request_digest << ha2
+        request_digest = request_digest.join ':'
+        header = [
+          "Digest username=\"#{params[:username]}\"",
+          "realm=\"#{params[:realm]}\"",
+          "algorithm=#{raw_algorithm}#{sess}",
+          "uri=\"#{uri}\"",
+          "nonce=\"#{params[:nonce]}\"",
+          "response=\"#{algorithm.hexdigest(request_digest)[0, 32]}\"",
+        ]
+        if params[:qop]
+          header << "qop=#{qop}"
+          header << "nc=#{'%08x' % @nonce_count}"
+          header << "cnonce=\"#{cnonce}\""
+        end
+        header << "opaque=\"#{params[:opaque]}\"" if params.key? :opaque
+        header.join(', ')
+      end
+
+      # Process the WWW_AUTHENTICATE header to get the authentication parameters
+      def get_params(www_authenticate)
+        www_authenticate.scan(/(\w+)="?(.*?)"?(,|\z)/).each do |match|
+          @digest_params[match[0].to_sym] = match[1]
+        end
+      end
+
+      # Generate a client nonce
+      def make_cnonce
+        Digest::MD5.hexdigest [
+          Time.now.to_i,
+          $$,
+          SecureRandom.random_number(2**32),
+        ].join ':'
+      end
+
+      # Keep track of the nounce count
+      def next_nonce
+        @nonce_count += 1
+      end
+    end
+  end
+end