gin 1.0.2 → 1.0.3

data/History.rdoc

@@ -1,3 +1,14 @@
+=== 1.0.2 / 2013-03-12
+
+* Minor Enhancements
+  * Routes have priority over static assets
+  * Rack::Session and Rack::Protection are off by default
+  * When running as middleware, don't run internal middleware
+    if going to next rack app
+
+* Bugfixes
+  * Block on reloading to avoid multi-threading issues
+
 === 1.0.2 / 2013-03-08
 
 * Minor Enhancements

data/lib/gin.rb

@@ -1,11 +1,8 @@
 require 'logger'
-
 require 'rack'
-require 'rack-protection'
-
 
 class Gin
-  VERSION = '1.0.2'
+  VERSION = '1.0.3'
 
   LIB_DIR    = File.expand_path("..", __FILE__)            #:nodoc:
   PUBLIC_DIR = File.expand_path("../../public/", __FILE__) #:nodoc:

data/lib/gin/app.rb

@@ -18,7 +18,11 @@ class Gin::App
 
   RACK_KEYS = { #:nodoc:
     :stack       => 'gin.stack'.freeze,
+    :http_route  => 'gin.http_route'.freeze,
     :path_params => 'gin.path_query_hash'.freeze,
+    :controller  => 'gin.controller'.freeze,
+    :action      => 'gin.action'.freeze,
+    :static      => 'gin.static'.freeze,
     :reloaded    => 'gin.reloaded'.freeze,
     :errors      => 'gin.errors'.freeze
   }.freeze
@@ -312,11 +316,11 @@ class Gin::App
 
   ##
   # Use rack sessions or not. Supports assigning
-  # hash for options. Defaults to true.
+  # hash for options. Defaults to false.
 
   def self.sessions opts=nil
     @session = opts unless opts.nil?
-    @session = true if @session.nil?
+    @session = false if @session.nil?
     @session
   end
 
@@ -333,11 +337,11 @@ class Gin::App
 
   ##
   # Use rack-protection or not. Supports assigning
-  # hash for options. Defaults to true.
+  # hash for options. Defaults to false.
 
   def self.protection opts=nil
     @protection = opts unless opts.nil?
-    @protection = true if @protection.nil?
+    @protection = false if @protection.nil?
     @protection
   end
 
@@ -431,13 +435,17 @@ class Gin::App
 
   def reload!
     return unless autoreload
-    self.class.erase! [self.class.source_file],
-                      [self.class.name.split("::").last],
-                      self.class.namespace
+    @mutex ||= Mutex.new
 
-    self.class.erase_dependencies!
-    Object.send(:require, self.class.source_file)
-    @app = self.class.source_class.new @rack_app, @logger
+    @mutex.synchronize do
+      self.class.erase! [self.class.source_file],
+                        [self.class.name.split("::").last],
+                        self.class.namespace
+
+      self.class.erase_dependencies!
+      Object.send(:require, self.class.source_file)
+      @app = self.class.source_class.new @rack_app, @logger
+    end
   end
 
 
@@ -445,18 +453,40 @@ class Gin::App
   # Default Rack call method.
 
   def call env
-    if filename = static?(env)
-      return error_delegate.exec(self, env){ send_file filename }
+    try_autoreload(env)
+
+    if @app.route!(env)
+      @app.call!(env)
+
+    elsif @app.static!(env)
+      @app.call_static(env)
+
+    elsif @rack_app
+      @rack_app.call(env)
+
+    else
+      @app.call!(env)
     end
+  end
 
-    if autoreload && !env[RACK_KEYS[:reloaded]]
-      env[RACK_KEYS[:reloaded]] = true
-      reload!
-      @app.call env
 
-    elsif env[RACK_KEYS[:stack]]
+  ##
+  # Check if autoreload is needed and reload.
+
+  def try_autoreload env
+    return if env[RACK_KEYS[:reloaded]]
+    env[RACK_KEYS[:reloaded]] = true
+    reload!
+  end
+
+
+  ##
+  # Call App instance stack without static file lookup or reloading.
+
+  def call! env
+    if env[RACK_KEYS[:stack]]
       env.delete RACK_KEYS[:stack]
-      @app.call! env
+      dispatch env, env[RACK_KEYS[:controller]], env[RACK_KEYS[:action]]
 
     else
       env[RACK_KEYS[:stack]] = true
@@ -466,29 +496,53 @@ class Gin::App
 
 
   ##
-  # Call App instance without internal middleware or reloading.
-
-  def call! env
-    ctrl, action, env[RACK_KEYS[:path_params]] =
-      router.resources_for env['REQUEST_METHOD'], env['PATH_INFO']
+  # Returns a static file Rack response Array from the given gin.static
+  # env filename.
 
-    dispatch env, ctrl, action
+  def call_static env
+    error_delegate.exec(self, env){ send_file env[RACK_KEYS[:static]] }
   end
 
 
-  STATIC_PATH_CLEANER = %r{\.+/|/\.+}  #:nodoc:
+  ##
+  # Check if the request is for a static file and set the gin.static env
+  # variable to the filepath.
+
+  def static! env
+    filepath = %w{GET HEAD}.include?(env['REQUEST_METHOD']) &&
+               asset(env['PATH_INFO'])
+
+    filepath ? (env[RACK_KEYS[:static]] = filepath) :
+                env.delete(RACK_KEYS[:static])
+
+    !!env[RACK_KEYS[:static]]
+  end
+
 
   ##
-  # Check if the request is for a static file.
+  # Check if the request routes to a controller and action and set
+  # gin.controller, gin.action, gin.path_query_hash,
+  # and gin.http_route env variables.
 
-  def static? env
-    %w{GET HEAD}.include?(env['REQUEST_METHOD']) && asset(env['PATH_INFO'])
+  def route! env
+    http_route = "#{env['REQUEST_METHOD']} #{env['PATH_INFO']}"
+    return true if env[RACK_KEYS[:http_route]] == http_route
+
+    env[RACK_KEYS[:controller]], env[RACK_KEYS[:action]], env[RACK_KEYS[:path_params]] =
+      router.resources_for env['REQUEST_METHOD'], env['PATH_INFO']
+
+    env[RACK_KEYS[:http_route]] = http_route
+
+    !!(env[RACK_KEYS[:controller]] && env[RACK_KEYS[:action]])
   end
 
 
+  STATIC_PATH_CLEANER = %r{\.+/|/\.+}  #:nodoc:
+
   ##
   # Check if an asset exists.
   # Returns the full path to the asset if found, otherwise nil.
+  # Does not support ./ or ../ for security reasons.
 
   def asset path
     path = path.gsub STATIC_PATH_CLEANER, ""
@@ -511,9 +565,6 @@ class Gin::App
 
     ctrl.new(self, env).call_action action
 
-  rescue Gin::NotFound => err
-    @rack_app ? @rack_app.call(env) : handle_error(err, env)
-
   rescue ::Exception => err
     handle_error(err, env)
   end
@@ -564,6 +615,8 @@ class Gin::App
 
   def setup_protection builder
     return unless protection
+    require 'rack-protection' unless defined?(Rack::Protection)
+
     options = Hash === protection ? protection.dup : {}
     options[:except] = Array options[:except]
     options[:except] += [:session_hijacking, :remote_token] unless sessions

data/test/test_app.rb

@@ -134,7 +134,7 @@ class AppTest < Test::Unit::TestCase
 
 
   def test_protection
-    assert_equal true, FooApp.protection
+    assert_equal false, FooApp.protection
 
     FooApp.protection(test: "thing")
     assert_equal({test:"thing"}, FooApp.protection)
@@ -171,7 +171,7 @@ class AppTest < Test::Unit::TestCase
 
 
   def test_sessions
-    assert_equal true, FooApp.sessions
+    assert_equal false, FooApp.sessions
 
     FooApp.sessions(test: "thing")
     assert_equal({test:"thing"}, FooApp.sessions)
@@ -247,7 +247,7 @@ class AppTest < Test::Unit::TestCase
     assert FooMiddleware.called?
 
     FooMiddleware.reset!
-    myapp.call!({'rack.input' => "", 'PATH_INFO' => '/foo', 'REQUEST_METHOD' => 'GET'})
+    myapp.dispatch({'rack.input' => "", 'PATH_INFO' => '/foo', 'REQUEST_METHOD' => 'GET'}, FooController, :index)
     assert !FooMiddleware.called?
   end
 
@@ -273,6 +273,18 @@ class AppTest < Test::Unit::TestCase
   end
 
 
+  def test_call_rack_app
+    env   = {'rack.input' => "", 'PATH_INFO' => '/bad', 'REQUEST_METHOD' => 'GET'}
+    expected = [200, {'Content-Length'=>"5"}, "AHOY!"]
+    myapp = lambda{|env| expected }
+    @app = FooApp.new myapp
+
+    resp = @app.call env
+    assert_equal expected, resp
+  end
+
+
+
   def test_call!
     resp = @app.call! 'rack.input' => "",
                       'PATH_INFO' => '/foo',
@@ -324,17 +336,6 @@ class AppTest < Test::Unit::TestCase
   end
 
 
-  def test_dispatch_rack_app
-    env   = {'rack.input' => "", 'PATH_INFO' => '/bad', 'REQUEST_METHOD' => 'GET'}
-    expected = [200, {'Content-Length'=>"5"}, "AHOY!"]
-    myapp = lambda{|env| expected }
-    @app = FooApp.new myapp
-
-    resp = @app.dispatch env, nil, nil
-    assert_equal expected, resp
-  end
-
-
   def test_dispatch_error
     FooApp.environment 'test'
     env  = {'rack.input' => "", 'PATH_INFO' => '/bad', 'REQUEST_METHOD' => 'GET'}
@@ -457,33 +458,65 @@ class AppTest < Test::Unit::TestCase
     FooApp.public_dir "./test/mock_config"
     assert @app.asset("backend.yml") =~ %r{/gin/test/mock_config/backend\.yml$}
     assert @app.asset("500.html") =~ %r{/gin/public/500\.html$}
+
+    assert !@app.asset("foo/../../mock_config/backend.yml")
+    assert !@app.asset("foo/../../public/500.html")
+  end
+
+
+  def test_bad_asset
+    FooApp.public_dir "./test/mock_config"
     assert_nil @app.asset("bad_file")
     assert_nil @app.asset("../../History.rdoc")
+
+    path = File.join(FooApp.public_dir, "../.././test/mock_config/../../History.rdoc")
+    assert File.file?(path)
+    assert_nil @app.asset("../.././test/mock_config/../../History.rdoc")
   end
 
 
-  def test_static
+  def test_static_no_file
     env = {'rack.input' => "", 'PATH_INFO' => '/foo', 'REQUEST_METHOD' => 'GET'}
-    assert !@app.static?(env)
+    assert !@app.static!(env)
+  end
+
 
+  def test_static
+    env = {'rack.input' => "", 'REQUEST_METHOD' => 'GET'}
     env['PATH_INFO'] = '/500.html'
-    assert @app.static?(env) =~ %r{/gin/public/500\.html$}
+    assert @app.static!(env)
+    assert env['gin.static'] =~ %r{/gin/public/500\.html$}
+  end
 
-    env['PATH_INFO'] = '../../../500.html'
-    assert @app.static?(env) =~ %r{/gin/public/500\.html$}
 
+  def test_static_updir
+    env = {'rack.input' => "", 'REQUEST_METHOD' => 'GET'}
+    env['PATH_INFO'] = '../../gin/public/500.html'
+    assert !@app.static!(env)
+    assert !env['gin.static']
+  end
+
+
+  def test_static_head
+    env = {'rack.input' => "", 'REQUEST_METHOD' => 'GET'}
     env['REQUEST_METHOD'] = 'HEAD'
-    assert @app.static?(env) =~ %r{/gin/public/500\.html$}
+    env['PATH_INFO'] = '/500.html'
+    assert @app.static!(env)
+    assert env['gin.static'] =~ %r{/gin/public/500\.html$}
+  end
 
+
+  def test_non_static_verbs
+    env = {'rack.input' => "", 'REQUEST_METHOD' => 'GET'}
     env['PATH_INFO'] = '/backend.yml'
-    assert !@app.static?(env)
 
     FooApp.public_dir "./test/mock_config"
-    assert @app.static?(env) =~ %r{/gin/test/mock_config/backend\.yml$}
+    assert @app.static!(env)
+    assert env['gin.static'] =~ %r{/gin/test/mock_config/backend\.yml$}
 
     %w{POST PUT DELETE TRACE OPTIONS}.each do |verb|
       env['REQUEST_METHOD'] = verb
-      assert !@app.static?(env), "#{verb} should not be a static request"
+      assert !@app.static!(env), "#{verb} should not be a static request"
     end
   end
 
@@ -568,7 +601,10 @@ class AppTest < Test::Unit::TestCase
   end
 
 
-  def test_build_default_middleware
+  def test_build_w_middleware
+    FooApp.sessions true
+    FooApp.protection true
+    @app = FooApp.new
     stack = @app.instance_variable_get("@stack")
     assert Rack::Session::Cookie === stack
     assert Rack::Protection::FrameOptions === stack.instance_variable_get("@app")
@@ -583,9 +619,6 @@ class AppTest < Test::Unit::TestCase
 
 
   def test_build_no_middleware
-    FooApp.sessions false
-    FooApp.protection false
-    @app = FooApp.new
     stack = @app.instance_variable_get("@stack")
     assert_equal @app, stack
   end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: gin
 version: !ruby/object:Gem::Version
-  version: 1.0.2
+  version: 1.0.3
   prerelease: 
 platform: ruby
 authors:
@@ -9,7 +9,7 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2013-03-08 00:00:00.000000000 Z
+date: 2013-03-12 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rack
@@ -150,7 +150,7 @@ required_ruby_version: !ruby/object:Gem::Requirement
       version: '0'
       segments:
       - 0
-      hash: -3176863341583704067
+      hash: 3408999320760955315
 required_rubygems_version: !ruby/object:Gem::Requirement
   none: false
   requirements: