halorgium-actionpack 3.0.pre

data/lib/action_controller/metal/conditional_get.rb

@@ -0,0 +1,86 @@
+module ActionController
+  module ConditionalGet
+    extend ActiveSupport::Concern
+
+    include RackConvenience
+    include Head
+
+    # Sets the etag, last_modified, or both on the response and renders a
+    # "304 Not Modified" response if the request is already fresh.
+    #
+    # Parameters:
+    # * <tt>:etag</tt>
+    # * <tt>:last_modified</tt>
+    # * <tt>:public</tt> By default the Cache-Control header is private, set this to true if you want your application to be cachable by other devices (proxy caches).
+    #
+    # Example:
+    #
+    #   def show
+    #     @article = Article.find(params[:id])
+    #     fresh_when(:etag => @article, :last_modified => @article.created_at.utc, :public => true)
+    #   end
+    #
+    # This will render the show template if the request isn't sending a matching etag or
+    # If-Modified-Since header and just a "304 Not Modified" response if there's a match.
+    #
+    def fresh_when(options)
+      options.assert_valid_keys(:etag, :last_modified, :public)
+
+      response.etag          = options[:etag]          if options[:etag]
+      response.last_modified = options[:last_modified] if options[:last_modified]
+      response.cache_control[:public] = true if options[:public]
+
+      head :not_modified if request.fresh?(response)
+    end
+
+    # Sets the etag and/or last_modified on the response and checks it against
+    # the client request. If the request doesn't match the options provided, the
+    # request is considered stale and should be generated from scratch. Otherwise,
+    # it's fresh and we don't need to generate anything and a reply of "304 Not Modified" is sent.
+    #
+    # Parameters:
+    # * <tt>:etag</tt>
+    # * <tt>:last_modified</tt>
+    # * <tt>:public</tt> By default the Cache-Control header is private, set this to true if you want your application to be cachable by other devices (proxy caches).
+    #
+    # Example:
+    #
+    #   def show
+    #     @article = Article.find(params[:id])
+    #
+    #     if stale?(:etag => @article, :last_modified => @article.created_at.utc)
+    #       @statistics = @article.really_expensive_call
+    #       respond_to do |format|
+    #         # all the supported formats
+    #       end
+    #     end
+    #   end
+    def stale?(options)
+      fresh_when(options)
+      !request.fresh?(response)
+    end
+
+    # Sets a HTTP 1.1 Cache-Control header. Defaults to issuing a "private" instruction, so that
+    # intermediate caches shouldn't cache the response.
+    #
+    # Examples:
+    #   expires_in 20.minutes
+    #   expires_in 3.hours, :public => true
+    #   expires in 3.hours, 'max-stale' => 5.hours, :public => true
+    #
+    # This method will overwrite an existing Cache-Control header.
+    # See http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html for more possibilities.
+    def expires_in(seconds, options = {}) #:doc:
+      response.cache_control.merge!(:max_age => seconds, :public => options.delete(:public))
+      options.delete(:private)
+
+      response.cache_control[:extras] = options.map {|k,v| "#{k}=#{v}"}
+    end
+
+    # Sets a HTTP 1.1 Cache-Control header of "no-cache" so no caching should occur by the browser or
+    # intermediate caches (like caching proxy servers).
+    def expires_now #:doc:
+      response.cache_control.replace(:no_cache => true)
+    end
+  end
+end

data/lib/action_controller/metal/configuration.rb

@@ -0,0 +1,28 @@
+module ActionController
+  module Configuration
+    extend ActiveSupport::Concern
+    
+    def config
+      @config ||= self.class.config
+    end
+    
+    def config=(config)
+      @config = config
+    end
+    
+    module ClassMethods
+      def default_config
+        @default_config ||= {}
+      end
+      
+      def config
+        self.config ||= default_config
+      end
+      
+      def config=(config)
+        @config = ActiveSupport::OrderedHash.new
+        @config.merge!(config)
+      end
+    end
+  end
+end

data/lib/action_controller/metal/cookies.rb

@@ -0,0 +1,105 @@
+module ActionController #:nodoc:
+  # Cookies are read and written through ActionController#cookies.
+  #
+  # The cookies being read are the ones received along with the request, the cookies
+  # being written will be sent out with the response. Reading a cookie does not get
+  # the cookie object itself back, just the value it holds.
+  #
+  # Examples for writing:
+  #
+  #   # Sets a simple session cookie.
+  #   cookies[:user_name] = "david"
+  #
+  #   # Sets a cookie that expires in 1 hour.
+  #   cookies[:login] = { :value => "XJ-122", :expires => 1.hour.from_now }
+  #
+  # Examples for reading:
+  #
+  #   cookies[:user_name] # => "david"
+  #   cookies.size        # => 2
+  #
+  # Example for deleting:
+  #
+  #   cookies.delete :user_name
+  #
+  # Please note that if you specify a :domain when setting a cookie, you must also specify the domain when deleting the cookie:
+  #
+  #  cookies[:key] = {
+  #    :value => 'a yummy cookie',
+  #    :expires => 1.year.from_now,
+  #    :domain => 'domain.com'
+  #  }
+  #
+  #  cookies.delete(:key, :domain => 'domain.com')
+  #
+  # The option symbols for setting cookies are:
+  #
+  # * <tt>:value</tt> - The cookie's value or list of values (as an array).
+  # * <tt>:path</tt> - The path for which this cookie applies.  Defaults to the root
+  #   of the application.
+  # * <tt>:domain</tt> - The domain for which this cookie applies.
+  # * <tt>:expires</tt> - The time at which this cookie expires, as a Time object.
+  # * <tt>:secure</tt> - Whether this cookie is a only transmitted to HTTPS servers.
+  #   Default is +false+.
+  # * <tt>:httponly</tt> - Whether this cookie is accessible via scripting or
+  #   only HTTP. Defaults to +false+.
+  module Cookies
+    extend ActiveSupport::Concern
+
+    include RackConvenience
+
+    included do
+      helper_method :cookies
+    end
+
+  protected
+    # Returns the cookie container, which operates as described above.
+    def cookies
+      @cookies ||= CookieJar.build(request, response)
+    end
+  end
+
+  class CookieJar < Hash #:nodoc:
+    def self.build(request, response)
+      new.tap do |hash|
+        hash.update(request.cookies)
+        hash.response = response
+      end
+    end
+
+    attr_accessor :response
+
+    # Returns the value of the cookie by +name+, or +nil+ if no such cookie exists.
+    def [](name)
+      super(name.to_s)
+    end
+
+    # Sets the cookie named +name+. The second argument may be the very cookie
+    # value, or a hash of options as documented above.
+    def []=(key, options)
+      if options.is_a?(Hash)
+        options.symbolize_keys!
+        value = options[:value]
+      else
+        value = options
+        options = { :value => value }
+      end
+
+      super(key.to_s, value)
+      
+      options[:path] ||= "/"
+      response.set_cookie(key, options)
+    end
+
+    # Removes the cookie on the client machine by setting the value to an empty string
+    # and setting its expiration date into the past. Like <tt>[]=</tt>, you can pass in
+    # an options hash to delete cookies with extra data such as a <tt>:path</tt>.
+    def delete(key, options = {})
+      options.symbolize_keys!
+      options[:path] ||= "/"
+      value = super(key.to_s)
+      response.delete_cookie(key, options)
+      value
+    end
+  end
+end

data/lib/action_controller/metal/exceptions.rb

@@ -0,0 +1,55 @@
+module ActionController
+  class ActionControllerError < StandardError #:nodoc:
+  end
+
+  class RenderError < ActionControllerError #:nodoc:
+  end
+
+  class RoutingError < ActionControllerError #:nodoc:
+    attr_reader :failures
+    def initialize(message, failures=[])
+      super(message)
+      @failures = failures
+    end
+  end
+
+  class MethodNotAllowed < ActionControllerError #:nodoc:
+    attr_reader :allowed_methods
+
+    def initialize(*allowed_methods)
+      super("Only #{allowed_methods.to_sentence(:locale => :en)} requests are allowed.")
+      @allowed_methods = allowed_methods
+    end
+
+    def allowed_methods_header
+      allowed_methods.map { |method_symbol| method_symbol.to_s.upcase } * ', '
+    end
+
+    def handle_response!(response)
+      response.headers['Allow'] ||= allowed_methods_header
+    end
+  end
+  
+  class NotImplemented < MethodNotAllowed #:nodoc:
+  end
+
+  class UnknownController < ActionControllerError #:nodoc:
+  end
+
+  class MissingFile < ActionControllerError #:nodoc:
+  end
+
+  class RenderError < ActionControllerError #:nodoc:
+  end
+
+  class SessionOverflowError < ActionControllerError #:nodoc:
+    DEFAULT_MESSAGE = 'Your session data is larger than the data column in which it is to be stored. You must increase the size of your data column if you intend to store large data.'
+
+    def initialize(message = nil)
+      super(message || DEFAULT_MESSAGE)
+    end
+  end
+
+  class UnknownHttpMethod < ActionControllerError #:nodoc:
+  end
+end

data/lib/action_controller/metal/filter_parameter_logging.rb

@@ -0,0 +1,77 @@
+module ActionController
+  module FilterParameterLogging
+    extend ActiveSupport::Concern
+
+    include AbstractController::Logger
+
+    module ClassMethods
+      # Replace sensitive parameter data from the request log.
+      # Filters parameters that have any of the arguments as a substring.
+      # Looks in all subhashes of the param hash for keys to filter.
+      # If a block is given, each key and value of the parameter hash and all
+      # subhashes is passed to it, the value or key
+      # can be replaced using String#replace or similar method.
+      #
+      # Examples:
+      #
+      #   filter_parameter_logging :password
+      #   => replaces the value to all keys matching /password/i with "[FILTERED]"
+      #
+      #   filter_parameter_logging :foo, "bar"
+      #   => replaces the value to all keys matching /foo|bar/i with "[FILTERED]"
+      #
+      #   filter_parameter_logging { |k,v| v.reverse! if k =~ /secret/i }
+      #   => reverses the value to all keys matching /secret/i
+      #
+      #   filter_parameter_logging(:foo, "bar") { |k,v| v.reverse! if k =~ /secret/i }
+      #   => reverses the value to all keys matching /secret/i, and
+      #      replaces the value to all keys matching /foo|bar/i with "[FILTERED]"
+      def filter_parameter_logging(*filter_words, &block)
+        raise "You must filter at least one word from logging" if filter_words.empty?
+
+        parameter_filter = Regexp.new(filter_words.join('|'), true)
+
+        define_method(:filter_parameters) do |original_params|
+          filtered_params = {}
+
+          original_params.each do |key, value|
+            if key =~ parameter_filter
+              value = '[FILTERED]'
+            elsif value.is_a?(Hash)
+              value = filter_parameters(value)
+            elsif value.is_a?(Array)
+              value = value.map { |item| filter_parameters(item) }
+            elsif block_given?
+              key = key.dup
+              value = value.dup if value.duplicable?
+              yield key, value
+            end
+
+            filtered_params[key] = value
+          end
+
+          filtered_params
+        end
+        protected :filter_parameters
+      end
+    end
+
+    INTERNAL_PARAMS = [:controller, :action, :format, :_method, :only_path]
+
+    def process(*)
+      response = super
+      if logger
+        parameters = filter_parameters(params).except!(*INTERNAL_PARAMS)
+        logger.info { "  Parameters: #{parameters.inspect}" } unless parameters.empty?
+      end
+      response
+    end
+
+  protected
+
+    def filter_parameters(params)
+      params.dup
+    end
+
+  end
+end

data/lib/action_controller/metal/flash.rb

@@ -0,0 +1,162 @@
+module ActionController #:nodoc:
+  # The flash provides a way to pass temporary objects between actions. Anything you place in the flash will be exposed
+  # to the very next action and then cleared out. This is a great way of doing notices and alerts, such as a create
+  # action that sets <tt>flash[:notice] = "Successfully created"</tt> before redirecting to a display action that can
+  # then expose the flash to its template. Actually, that exposure is automatically done. Example:
+  #
+  #   class PostsController < ActionController::Base
+  #     def create
+  #       # save post
+  #       flash[:notice] = "Successfully created post"
+  #       redirect_to posts_path(@post)
+  #     end
+  #
+  #     def show
+  #       # doesn't need to assign the flash notice to the template, that's done automatically
+  #     end
+  #   end
+  #
+  #   show.html.erb
+  #     <% if flash[:notice] %>
+  #       <div class="notice"><%= flash[:notice] %></div>
+  #     <% end %>
+  #
+  # This example just places a string in the flash, but you can put any object in there. And of course, you can put as
+  # many as you like at a time too. Just remember: They'll be gone by the time the next action has been performed.
+  #
+  # See docs on the FlashHash class for more details about the flash.
+  module Flash
+    extend ActiveSupport::Concern
+
+    include Session
+
+    class FlashNow #:nodoc:
+      def initialize(flash)
+        @flash = flash
+      end
+
+      def []=(k, v)
+        @flash[k] = v
+        @flash.discard(k)
+        v
+      end
+
+      def [](k)
+        @flash[k]
+      end
+    end
+
+    class FlashHash < Hash
+      def initialize #:nodoc:
+        super
+        @used = Set.new
+      end
+
+      def []=(k, v) #:nodoc:
+        keep(k)
+        super
+      end
+
+      def update(h) #:nodoc:
+        h.keys.each { |k| keep(k) }
+        super
+      end
+
+      alias :merge! :update
+
+      def replace(h) #:nodoc:
+        @used = Set.new
+        super
+      end
+
+      # Sets a flash that will not be available to the next action, only to the current.
+      #
+      #     flash.now[:message] = "Hello current action"
+      #
+      # This method enables you to use the flash as a central messaging system in your app.
+      # When you need to pass an object to the next action, you use the standard flash assign (<tt>[]=</tt>).
+      # When you need to pass an object to the current action, you use <tt>now</tt>, and your object will
+      # vanish when the current action is done.
+      #
+      # Entries set via <tt>now</tt> are accessed the same way as standard entries: <tt>flash['my-key']</tt>.
+      def now
+        FlashNow.new(self)
+      end
+
+      # Keeps either the entire current flash or a specific flash entry available for the next action:
+      #
+      #    flash.keep            # keeps the entire flash
+      #    flash.keep(:notice)   # keeps only the "notice" entry, the rest of the flash is discarded
+      def keep(k = nil)
+        use(k, false)
+      end
+
+      # Marks the entire flash or a single flash entry to be discarded by the end of the current action:
+      #
+      #     flash.discard              # discard the entire flash at the end of the current action
+      #     flash.discard(:warning)    # discard only the "warning" entry at the end of the current action
+      def discard(k = nil)
+        use(k)
+      end
+
+      # Mark for removal entries that were kept, and delete unkept ones.
+      #
+      # This method is called automatically by filters, so you generally don't need to care about it.
+      def sweep #:nodoc:
+        keys.each do |k|
+          unless @used.include?(k)
+            @used << k
+          else
+            delete(k)
+            @used.delete(k)
+          end
+        end
+
+        # clean up after keys that could have been left over by calling reject! or shift on the flash
+        (@used - keys).each{ |k| @used.delete(k) }
+      end
+
+      def store(session)
+        return if self.empty?
+        session["flash"] = self
+      end
+
+    private
+      # Used internally by the <tt>keep</tt> and <tt>discard</tt> methods
+      #     use()               # marks the entire flash as used
+      #     use('msg')          # marks the "msg" entry as used
+      #     use(nil, false)     # marks the entire flash as unused (keeps it around for one more action)
+      #     use('msg', false)   # marks the "msg" entry as unused (keeps it around for one more action)
+      # Returns the single value for the key you asked to be marked (un)used or the FlashHash itself
+      # if no key is passed.
+      def use(key = nil, used = true)
+        Array(key || keys).each { |k| used ? @used << k : @used.delete(k) }
+        return key ? self[key] : self
+      end
+    end
+
+  protected
+    def process_action(method_name)
+      super
+      @_flash.store(session) if @_flash
+      @_flash = nil
+    end
+
+    def reset_session
+      super
+      @_flash = nil
+    end
+
+    # Access the contents of the flash. Use <tt>flash["notice"]</tt> to
+    # read a notice you put there or <tt>flash["notice"] = "hello"</tt>
+    # to put a new one.
+    def flash #:doc:
+      unless @_flash
+        @_flash = session["flash"] || FlashHash.new
+        @_flash.sweep
+      end
+
+      @_flash
+    end
+  end
+end