fishwife 1.6.1-java → 1.7.0-java

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 1a9e85f7c2e0d8098b655d39ebf44f4849178422
-  data.tar.gz: 8502ab39da87286743f75c00a7d85bcebb109dc0
+  metadata.gz: c401c8d2d0ab0ad9a9fa4c2f3e7698f6efa66814
+  data.tar.gz: 00ec5e80418ebed7743eda5332c7bc594d0f58be
 SHA512:
-  metadata.gz: bba4387c379a74a757f28c07a02300867493e17bb779e8813a9e9db25aa99ee82ba220bab7f6d4fadbc57d608a1cecd7ea5c16cf2e366b00bad531de9c207d02
-  data.tar.gz: 64dc0c62257adffb15171095b52bf3e8e750e8a1e293ae66c322e56026a4815f743b39e2c140bc6599050d183ae2cfd2a9505de48f12e92f23042523921dace3
+  metadata.gz: 05ac32f4acf00afbbb79932a6573b1c19be2e903a7c3375af31e7e092896569b3cfde56add2b2ab132781a2cae89b1a6aa92a1562b88dec2872ae89e0b21201f
+  data.tar.gz: af7f17f2c9f6031edb27977068e5b744f984cf833b2e1406490c124925538ebdf6ee9b2d996cd4e39ec525471a79c9ed6229cc744acaf7218985419a7720dccf

data/History.rdoc

@@ -1,3 +1,10 @@
+=== 1.7.0 (2015-2-12)
+* Added a complete implementation of input stream rewind for request
+  bodies, per Rack requirements. This uses an in-memory StringIO
+  buffer up to a configurable threshold size before buffering to a
+  TempFile.  See the associated request_body_* options of
+  Fishwife::HttpServer::new. This resolves #4.
+
 === 1.6.1 (2015-1-24)
 * Upgrade/broaden to rack [1.5.2, 1.7). Tested with rack 1.6.0.
 

data/Manifest.txt

@@ -17,4 +17,4 @@ spec/spec_helper.rb
 spec/test_app.rb
 spec/data/hello.txt
 spec/data/reddit-icon.png
-lib/fishwife/fishwife-1.6.1.jar
+lib/fishwife/fishwife-1.7.0.jar

data/Rakefile

@@ -5,3 +5,10 @@ require 'bundler/setup'
 require 'rjack-tarpit'
 
 RJack::TarPit.new( 'fishwife' ).define_tasks
+
+desc "Upload RDOC to Amazon S3 (rdoc.gravitext.com/syncwrap, Oregon)"
+task :publish_rdoc => [ :clean, :rerdoc ] do
+  sh <<-SH
+    aws s3 sync --acl public-read doc/ s3://rdoc.gravitext.com/fishwife/
+  SH
+end

data/lib/fishwife/base.rb

@@ -15,6 +15,6 @@
 #++
 
 module Fishwife
-  VERSION = '1.6.1'
+  VERSION = '1.7.0'
   LIB_DIR = File.dirname( __FILE__ )
 end

data/lib/fishwife/http_server.rb

@@ -40,6 +40,20 @@ module Fishwife
     #
     # :request_log_file::
     #     Request log to file name or :stderr (default: nil, no log)
+    #
+    # :request_body_ram::
+    #     Maximum size of request body (i.e POST) to keep in memory
+    #     before resorting to a temporary file (default: 256 KiB)
+    #
+    # :request_body_tmpdir::
+    #     Path to where request body temporary files should be created
+    #     (when request_body_ram is exceeded.)  (default: Dir.tmpdir)
+    #
+    # :request_body_max::
+    #     Maximum total size of a request body, after which the
+    #     request will be rejected with status 413. This limit is
+    #     provided to avoid pathologic resource exhaustion. (default: 8 MiB)
+    #
     def initialize( options = {} )
       super()
 
@@ -53,7 +67,8 @@ module Fishwife
       options = Hash[ options.map { |o| [ o[0].to_s.downcase.to_sym, o[1] ] } ]
 
       # Translate option values from possible Strings
-      [:port, :min_threads, :max_threads, :max_idle_time_ms].each do |k|
+      [ :port, :min_threads, :max_threads, :max_idle_time_ms,
+        :request_body_ram, :request_body_max ].each do |k|
         v = options[k]
         options[k] = v.to_i if v
       end
@@ -61,7 +76,13 @@ module Fishwife
       v = options[ :request_log_file ]
       options[ :request_log_file ] = v.to_sym if v == 'stderr'
 
-      # Apply options as setters
+      # Split out servlet options.
+      @servlet_options = {}
+      [ :request_body_ram, :request_body_tmpdir, :request_body_max ].each do |k|
+        @servlet_options[k] = options.delete(k)
+      end
+
+      # Apply remaining options as setters
       options.each do |k,v|
         setter = "#{k}=".to_sym
         send( setter, v ) if respond_to?( setter )
@@ -70,7 +91,8 @@ module Fishwife
 
     # Start the server, given rack app to run
     def start( app )
-      set_context_servlets( '/', { '/*' => RackServlet.new( app ) } )
+      set_context_servlets( '/',
+                            {'/*' => RackServlet.new(app, @servlet_options)} )
 
       @server = create
       @server.start

data/lib/fishwife/rack_servlet.rb

@@ -15,31 +15,39 @@
 # permissions and limitations under the License.
 #++
 
+require 'tempfile'
+
 # Magic loader hook -> JRubyService
 require 'fishwife/JRuby'
 
-#
-# Wraps a Rack application in a Java servlet.
-#
-# Relevant documentation:
-#
-#     http://rack.rubyforge.org/doc/SPEC.html
-#     http://java.sun.com/j2ee/sdk_1.3/techdocs/api/javax
-#         /servlet/http/HttpServlet.html
-#
 module Fishwife
   java_import 'javax.servlet.http.HttpServlet'
 
+  # Error raised if a request body is larger than the
+  # :request_body_max option.
+  class RequestBodyTooLarge < RuntimeError
+  end
+
+  # Wraps a Rack application in a Java servlet.
+  #
+  # Relevant documentation:
+  #
+  # * {Rack Specification}[http://www.rubydoc.info/github/rack/rack/file/SPEC]
+  # * {Java HttpServlet}[http://docs.oracle.com/javaee/7/api/javax/servlet/http/HttpServlet.html]
+  #
   class RackServlet < HttpServlet
     java_import 'java.io.FileInputStream'
     java_import 'org.eclipse.jetty.continuation.ContinuationSupport'
 
     ASCII_8BIT = Encoding.find( "ASCII-8BIT" ) if defined?( Encoding )
 
-    def initialize( app )
+    def initialize( app, opts = {} )
       super()
       @log = RJack::SLF4J[ self.class ]
       @app = app
+      @request_body_ram = opts[:request_body_ram] ||      256 * 1024
+      @request_body_tmpdir = opts[:request_body_tmpdir] || Dir.tmpdir
+      @request_body_max = opts[:request_body_max] || 8 * 1024 * 1024
     end
 
     # Takes an incoming request (as a Java Servlet) and dispatches it
@@ -98,12 +106,18 @@ module Fishwife
       # If we got here, this is a continuation.
       continuation.suspend(response)
 
+    rescue RequestBodyTooLarge => e
+      @log.warn( "On service: #{e.class.name}: #{e.message}" )
+      response.sendError( 413 )
     rescue NativeException => n
       @log.warn( "On service (native): #{n.cause.to_string}" )
       raise n.cause
     rescue Exception => e
       @log.error( "On service: #{e}" )
       raise e
+    ensure
+      fin = env && env['fishwife.input']
+      fin.close if fin
     end
 
     private
@@ -162,10 +176,8 @@ module Fishwife
         @log.warn( "Weird headers: [#{ hn.to_s }]" )
       end
 
-      # The input stream is a wrapper around the Java InputStream.
-      input = request.getInputStream.to_io.binmode
-      input.set_encoding( ASCII_8BIT ) if input.respond_to?( :set_encoding )
-      env['rack.input'] = input
+      env['rack.input'] = env['fishwife.input'] =
+        convert_input( request.input_stream, clength )
 
       # The output stream defaults to stderr.
       env['rack.errors'] ||= $stderr
@@ -174,6 +186,45 @@ module Fishwife
       env
     end
 
+    def convert_input( in_stream, clength )
+      io = StringIO.new
+      io.set_encoding( ASCII_8BIT )
+      blen = if clength > 0
+               if clength > @request_body_max
+                 raise( RequestBodyTooLarge,
+                        "Request body (Content-Length): " +
+                        "#{clength} > #{@request_body_max}" )
+               end
+               if clength < 16*1024
+                 clength
+               else
+                 16*1024
+               end
+             else
+               0 #default/unspecified
+             end
+
+      IOUtil.read_input_stream( blen, in_stream ) do |sbuf|
+        fsize = io.pos + sbuf.bytesize
+        if fsize > @request_body_max
+          raise( RequestBodyTooLarge,
+                 "Request body (read): #{fsize} > #{@request_body_max}" )
+        end
+        if io.is_a?( StringIO ) && fsize > @request_body_ram
+          tmp = Tempfile.new( 'fishwife_req_body', @request_body_tmpdir )
+          tmp.unlink
+          tmp.binmode
+          tmp.set_encoding( ASCII_8BIT )
+          tmp.write( io.string )
+          io = tmp
+        end
+        io.write( sbuf )
+      end
+
+      io.rewind
+      io
+    end
+
     # Turns a Rack response into a Servlet response; can be called
     # multiple times.  Returns true if this is the full request (either
     # a synchronous request or the last part of an async request),
@@ -228,9 +279,9 @@ module Fishwife
 
         # FIXME: Support ranges?
 
-        OutputUtil.write_file( path, output )
+        IOUtil.write_file( path, output )
       else
-        OutputUtil.write_body( body, output )
+        IOUtil.write_body( body, output )
       end
 
       # Close the body if we're supposed to.

data/pom.xml

@@ -4,7 +4,7 @@
   <groupId>fishwife</groupId>
   <artifactId>fishwife</artifactId>
   <packaging>jar</packaging>
-  <version>1.6.1</version>
+  <version>1.7.0</version>
   <name>Fishwife Java Extension</name>
 
   <properties>

data/spec/fishwife_spec.rb

@@ -34,7 +34,13 @@ describe Fishwife do
     Net::HTTP.start(@options[:host], @options[:port]) do |http|
       request = Net::HTTP::Post.new(path, headers)
       request.form_data = params if params
-      request.body = body if body
+      if body
+        if body.respond_to?( :read )
+          request.body_stream = body
+        else
+          request.body = body
+        end
+      end
       http.request(request)
     end
   end
@@ -42,7 +48,11 @@ describe Fishwife do
   before(:all) do
     @lock = Mutex.new
     @app = Rack::Lint.new(TestApp.new)
-    @options = { :host => '127.0.0.1', :port => 9201 }
+    @options = { :host => '127.0.0.1',
+                 :port => 9201,
+                 :request_body_ram => 256,
+                 :request_body_max => 96 * 1024,
+                 :request_body_tmpdir => File.dirname( __FILE__ ) }
     Net::HTTP.version_1_2
     @server = Fishwife::HttpServer.new(@options)
     @server.start(@app)
@@ -92,6 +102,38 @@ describe Fishwife do
     content['request.params']['question'].should == question
   end
 
+  it "Passes along larger non-form POST body" do
+    body = '<' + "f" * (93*1024) + '>'
+    headers = { "Content-Type" => "text/plain" }
+    response = post("/dcount", nil, headers, body)
+    response.code.should == "200"
+    response.body.to_i.should == body.size * 2
+  end
+
+  it "Passes along larger non-form POST body when chunked" do
+    body = '<' + "f" * (93*1024) + '>'
+    headers = { "Content-Type" => "text/plain",
+                "Transfer-Encoding" => "chunked" }
+    response = post("/dcount", nil, headers, StringIO.new( body ) )
+    response.code.should == "200"
+    response.body.to_i.should == body.size * 2
+ end
+
+  it "Rejects request body larger than maximum" do
+    body = '<' + "f" * (100*1024) + '>'
+    headers = { "Content-Type" => "text/plain" }
+    response = post("/count", nil, headers, body)
+    response.code.should == "413"
+  end
+
+  it "Rejects request body larger than maximum in chunked request" do
+    body = '<' + "f" * (100*1024) + '>'
+    headers = { "Content-Type" => "text/plain",
+                "Transfer-Encoding" => "chunked" }
+    response = post("/count", nil, headers, StringIO.new( body ) )
+    response.code.should == "413"
+  end
+
   it "passes custom headers" do
     response = get("/echo", "X-My-Header" => "Pancakes")
     response.code.should == "200"

data/spec/test_app.rb

@@ -72,6 +72,14 @@ class TestApp
     response.finish
   end
 
+  def dcount(request)
+    inp = request.env['rack.input']
+    dc = inp.read.length
+    inp.rewind
+    dc += inp.read.length
+    [ 200, {}, [ dc.to_s ] ]
+  end
+
   def multi_headers(request)
     [ 204, { "Warning" => %w[ warn-1 warn-2 ].join( "\n" ) }, [] ]
   end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: fishwife
 version: !ruby/object:Gem::Version
-  version: 1.6.1
+  version: 1.7.0
 platform: java
 authors:
 - David Kellum
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2015-01-25 00:00:00.000000000 Z
+date: 2015-02-13 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   requirement: !ruby/object:Gem::Requirement
@@ -135,21 +135,21 @@ files:
 - Manifest.txt
 - README.rdoc
 - Rakefile
-- pom.xml
 - bin/fishwife
 - example/config.ru
 - example/giant.ru
-- lib/fishwife/base.rb
 - lib/fishwife.rb
+- lib/fishwife/base.rb
+- lib/fishwife/fishwife-1.7.0.jar
 - lib/fishwife/http_server.rb
 - lib/fishwife/rack_servlet.rb
 - lib/rack/handler/fishwife.rb
+- pom.xml
+- spec/data/hello.txt
+- spec/data/reddit-icon.png
 - spec/fishwife_spec.rb
 - spec/spec_helper.rb
 - spec/test_app.rb
-- spec/data/hello.txt
-- spec/data/reddit-icon.png
-- lib/fishwife/fishwife-1.6.1.jar
 homepage: http://github.com/dekellum/fishwife
 licenses: []
 metadata: {}
@@ -171,7 +171,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubyforge_project:
-rubygems_version: 2.1.9
+rubygems_version: 2.4.5
 signing_key:
 specification_version: 4
 summary: A Jetty based Rack HTTP 1.1 server.