http 6.0.0-java

data/lib/http/timeout/null.rb

@@ -0,0 +1,225 @@
+# frozen_string_literal: true
+
+require "io/wait"
+require "timeout"
+
+module HTTP
+  # Namespace for timeout handlers
+  module Timeout
+    # Base timeout handler with no timeout enforcement
+    class Null
+      # Whether TCPSocket natively supports connect_timeout and
+      # Happy Eyeballs (RFC 8305). Available in Ruby 3.4+.
+      #
+      # @api private
+      NATIVE_CONNECT_TIMEOUT = RUBY_VERSION >= "3.4"
+
+      # Timeout configuration options
+      #
+      # @example
+      #   timeout.options # => {read_timeout: 5}
+      #
+      # @return [Hash] timeout options
+      # @api public
+      attr_reader :options
+
+      # The underlying socket
+      #
+      # @example
+      #   timeout.socket
+      #
+      # @return [Object] the underlying socket
+      # @api public
+      attr_reader :socket
+
+      # Initializes the null timeout handler
+      #
+      # @example
+      #   HTTP::Timeout::Null.new(read_timeout: 5)
+      #
+      # @param [Numeric, nil] read_timeout Read timeout in seconds
+      # @param [Numeric, nil] write_timeout Write timeout in seconds
+      # @param [Numeric, nil] connect_timeout Connect timeout in seconds
+      # @param [Numeric, nil] global_timeout Global timeout in seconds
+      # @api public
+      # @return [HTTP::Timeout::Null]
+      def initialize(read_timeout: nil, write_timeout: nil, connect_timeout: nil, global_timeout: nil)
+        @options = { read_timeout: read_timeout, write_timeout: write_timeout,
+                     connect_timeout: connect_timeout, global_timeout: global_timeout }.compact
+      end
+
+      # Connects to a socket
+      #
+      # @example
+      #   timeout.connect(TCPSocket, "example.com", 80)
+      #
+      # @param [Class] socket_class
+      # @param [String] host
+      # @param [Integer] port
+      # @param [Boolean] nodelay
+      # @api public
+      # @return [void]
+      def connect(socket_class, host, port, nodelay: false)
+        @socket = open_socket(socket_class, host, port)
+        @socket.setsockopt(Socket::IPPROTO_TCP, Socket::TCP_NODELAY, 1) if nodelay
+      end
+
+      # Starts a SSL connection on a socket
+      #
+      # @example
+      #   timeout.connect_ssl
+      #
+      # @api public
+      # @return [void]
+      def connect_ssl
+        @socket.connect
+      end
+
+      # Closes the underlying socket
+      #
+      # @example
+      #   timeout.close
+      #
+      # @api public
+      # @return [void]
+      def close
+        @socket&.close
+      end
+
+      # Checks whether the socket is closed
+      #
+      # @example
+      #   timeout.closed?
+      #
+      # @api public
+      # @return [Boolean]
+      def closed?
+        @socket&.closed?
+      end
+
+      # Configures the SSL connection and starts it
+      #
+      # @example
+      #   timeout.start_tls("example.com", ssl_class, ssl_ctx)
+      #
+      # @param [String] host
+      # @param [Class] ssl_socket_class
+      # @param [OpenSSL::SSL::SSLContext] ssl_context
+      # @api public
+      # @return [void]
+      def start_tls(host, ssl_socket_class, ssl_context)
+        @socket = ssl_socket_class.new(socket, ssl_context)
+        @socket.hostname = host if @socket.respond_to? :hostname=
+        @socket.sync_close = true if @socket.respond_to? :sync_close=
+
+        connect_ssl
+
+        return unless ssl_context.verify_mode == OpenSSL::SSL::VERIFY_PEER
+        return if ssl_context.respond_to?(:verify_hostname) && !ssl_context.verify_hostname
+
+        @socket.post_connection_check(host)
+      end
+
+      # Read from the socket
+      #
+      # @example
+      #   timeout.readpartial(1024)
+      #
+      # @param [Integer] size
+      # @param [String, nil] buffer
+      # @api public
+      # @return [String, :eof]
+      def readpartial(size, buffer = nil)
+        @socket.readpartial(size, buffer)
+      rescue EOFError
+        :eof
+      end
+
+      # Write to the socket
+      #
+      # @example
+      #   timeout.write("GET / HTTP/1.1")
+      #
+      # @param [String] data
+      # @api public
+      # @return [Integer]
+      def write(data)
+        @socket.write(data)
+      end
+      alias << write
+
+      private
+
+      # Retries reading on wait readable
+      #
+      # @api private
+      # @return [Object]
+      def rescue_readable(timeout = read_timeout)
+        yield
+      rescue IO::WaitReadable
+        retry if @socket.to_io.wait_readable(timeout)
+        raise TimeoutError, "Read timed out after #{timeout} seconds"
+      end
+
+      # Retries writing on wait writable
+      #
+      # @api private
+      # @return [Object]
+      def rescue_writable(timeout = write_timeout)
+        yield
+      rescue IO::WaitWritable
+        retry if @socket.to_io.wait_writable(timeout)
+        raise TimeoutError, "Write timed out after #{timeout} seconds"
+      end
+
+      # Opens a TCP socket, using native connect_timeout when available
+      #
+      # On Ruby 3.4+ with TCPSocket, passes connect_timeout natively to
+      # enable proper Happy Eyeballs (RFC 8305) support. Falls back to
+      # Timeout.timeout on older Rubies or with custom socket classes.
+      #
+      # @param [Class] socket_class socket class to create
+      # @param [String] host remote hostname
+      # @param [Integer] port remote port
+      # @param [Numeric, nil] connect_timeout timeout in seconds
+      # @return [Object] the connected socket
+      # @api private
+      def open_socket(socket_class, host, port, connect_timeout: nil)
+        if connect_timeout
+          ::Timeout.timeout(connect_timeout, ConnectTimeoutError) do
+            open_with_timeout(socket_class, host, port, connect_timeout)
+          end
+        else
+          socket_class.open(host, port)
+        end
+      rescue IO::TimeoutError
+        raise ConnectTimeoutError, "Connect timed out after #{connect_timeout} seconds"
+      end
+
+      # Opens a socket, passing connect_timeout natively when supported
+      #
+      # @param [Class] socket_class socket class to create
+      # @param [String] host remote hostname
+      # @param [Integer] port remote port
+      # @param [Numeric] connect_timeout timeout in seconds
+      # @return [Object] the connected socket
+      # @api private
+      def open_with_timeout(socket_class, host, port, connect_timeout)
+        if native_timeout?(socket_class)
+          socket_class.open(host, port, connect_timeout: connect_timeout)
+        else
+          socket_class.open(host, port)
+        end
+      end
+
+      # Whether the socket class supports native connect_timeout
+      #
+      # @param [Class] socket_class socket class to check
+      # @return [Boolean]
+      # @api private
+      def native_timeout?(socket_class)
+        NATIVE_CONNECT_TIMEOUT && socket_class.is_a?(Class) && socket_class <= TCPSocket
+      end
+    end
+  end
+end

data/lib/http/timeout/per_operation.rb

@@ -0,0 +1,197 @@
+# frozen_string_literal: true
+
+require "timeout"
+
+require "http/timeout/null"
+
+module HTTP
+  module Timeout
+    # Timeout handler with separate timeouts for connect, read, and write
+    class PerOperation < Null
+      # Mapping of shorthand option keys to their full forms
+      KEYS = %i[read write connect].to_h { |k| [k, :"#{k}_timeout"] }.freeze
+
+      # Normalize and validate timeout options
+      #
+      # @example
+      #   PerOperation.normalize_options(read: 5, write: 3)
+      #
+      # @param [Hash] options timeout options with short or long keys
+      # @return [Hash] normalized options with long keys
+      # @raise [ArgumentError] if options are invalid
+      # @api public
+      def self.normalize_options(options)
+        remaining  = options.dup
+        normalized = {} #: Hash[Symbol, Numeric]
+
+        KEYS.each do |short, long|
+          next if !remaining.key?(short) && !remaining.key?(long)
+
+          normalized[long] = resolve_timeout_value!(remaining, short, long)
+        end
+
+        raise ArgumentError, "unknown timeout options: #{remaining.keys.join(', ')}" unless remaining.empty?
+        raise ArgumentError, "no timeout options given" if normalized.empty?
+
+        normalized
+      end
+
+      # Extract and validate global timeout from options hash
+      #
+      # @example
+      #   extract_global_timeout!({global: 60, read: 5})
+      #
+      # @param [Hash] options mutable options hash (global key is deleted if found)
+      # @return [Numeric, nil] the global timeout value, or nil if not present
+      # @raise [ArgumentError] if both forms given or value is not numeric
+      # @api private
+      private_class_method def self.extract_global_timeout!(options)
+        return unless options.key?(:global) || options.key?(:global_timeout)
+
+        resolve_timeout_value!(options, :global, :global_timeout)
+      end
+
+      # Resolve a single timeout value from the options hash
+      #
+      # @example
+      #   resolve_timeout_value!({read: 5}, :read, :read_timeout)
+      #
+      # @param [Hash] options mutable options hash (keys are deleted as consumed)
+      # @param [Symbol] short short key name (e.g. :read)
+      # @param [Symbol] long long key name (e.g. :read_timeout)
+      # @return [Numeric] the timeout value
+      # @raise [ArgumentError] if both forms given or value is not numeric
+      # @api private
+      private_class_method def self.resolve_timeout_value!(options, short, long)
+        raise ArgumentError, "can't pass both #{short} and #{long}" if options.key?(short) && options.key?(long)
+
+        value = options.delete(options.key?(long) ? long : short)
+
+        raise ArgumentError, "#{long} must be numeric" unless value.is_a?(Numeric)
+
+        value
+      end
+
+      # Initializes per-operation timeout with options
+      #
+      # @example
+      #   HTTP::Timeout::PerOperation.new(read_timeout: 5)
+      #
+      # @param [Numeric, nil] read_timeout Read timeout in seconds (nil for no timeout)
+      # @param [Numeric, nil] write_timeout Write timeout in seconds (nil for no timeout)
+      # @param [Numeric, nil] connect_timeout Connect timeout in seconds (nil for no timeout)
+      # @api public
+      # @return [HTTP::Timeout::PerOperation]
+      def initialize(read_timeout: nil, write_timeout: nil, connect_timeout: nil)
+        super
+
+        @read_timeout = read_timeout
+        @write_timeout = write_timeout
+        @connect_timeout = connect_timeout
+      end
+
+      # Connects to a socket with connect timeout
+      #
+      # @example
+      #   timeout.connect(TCPSocket, "example.com", 80)
+      #
+      # @param [Class] socket_class
+      # @param [String] host
+      # @param [Integer] port
+      # @param [Boolean] nodelay
+      # @api public
+      # @return [void]
+      def connect(socket_class, host, port, nodelay: false)
+        @socket = open_socket(socket_class, host, port, connect_timeout: @connect_timeout)
+        @socket.setsockopt(Socket::IPPROTO_TCP, Socket::TCP_NODELAY, 1) if nodelay
+      end
+
+      # Starts an SSL connection with connect timeout
+      #
+      # @example
+      #   timeout.connect_ssl
+      #
+      # @api public
+      # @return [void]
+      def connect_ssl
+        rescue_readable(@connect_timeout) do
+          rescue_writable(@connect_timeout) do
+            @socket.connect_nonblock
+          end
+        end
+      end
+
+      # I/O wait result symbols returned by non-blocking operations
+      WAIT_RESULTS = %i[wait_readable wait_writable].freeze
+
+      # Read data from the socket
+      #
+      # @example
+      #   timeout.readpartial(1024)
+      #
+      # @param [Integer] size
+      # @param [String, nil] buffer
+      # @api public
+      # @return [String, :eof]
+      def readpartial(size, buffer = nil)
+        timeout = false
+        loop do
+          result = @socket.read_nonblock(size, buffer, exception: false)
+
+          return :eof   if result.nil?
+          return result unless WAIT_RESULTS.include?(result)
+
+          raise TimeoutError, "Read timed out after #{@read_timeout} seconds" if timeout
+
+          # marking the socket for timeout. Why is this not being raised immediately?
+          # it seems there is some race-condition on the network level between calling
+          # #read_nonblock and #wait_readable, in which #read_nonblock signalizes waiting
+          # for reads, and when waiting for x seconds, it returns nil suddenly without completing
+          # the x seconds. In a normal case this would be a timeout on wait/read, but it can
+          # also mean that the socket has been closed by the server. Therefore we "mark" the
+          # socket for timeout and try to read more bytes. If it returns :eof, it's all good, no
+          # timeout. Else, the first timeout was a proper timeout.
+          # This hack has to be done because io/wait#wait_readable doesn't provide a value for when
+          # the socket is closed by the server, and HTTP::Parser doesn't provide the limit for the chunks.
+          timeout = true unless wait_for_io(result, @read_timeout)
+        end
+      end
+
+      # Write data to the socket
+      #
+      # @example
+      #   timeout.write("GET / HTTP/1.1")
+      #
+      # @param [String] data
+      # @api public
+      # @return [Integer]
+      def write(data)
+        timeout = false
+        loop do
+          result = @socket.write_nonblock(data, exception: false)
+          return result unless WAIT_RESULTS.include?(result)
+
+          raise TimeoutError, "Write timed out after #{@write_timeout} seconds" if timeout
+
+          timeout = true unless wait_for_io(result, @write_timeout)
+        end
+      end
+
+      private
+
+      # Waits for I/O readiness based on the result type
+      #
+      # @param [Symbol] result the I/O wait type (:wait_readable or :wait_writable)
+      # @param [Numeric, nil] timeout per-operation timeout limit
+      # @return [Object, nil] the socket if ready, nil on timeout
+      # @api private
+      def wait_for_io(result, timeout)
+        if result == :wait_readable
+          @socket.to_io.wait_readable(timeout)
+        else
+          @socket.to_io.wait_writable(timeout)
+        end
+      end
+    end
+  end
+end

data/lib/http/uri/normalizer.rb

@@ -0,0 +1,82 @@
+# frozen_string_literal: true
+
+module HTTP
+  # URI normalization and dot-segment removal
+  class URI
+    # Default URI normalizer
+    # @private
+    NORMALIZER = lambda do |uri|
+      uri = HTTP::URI.parse uri
+      scheme = uri.scheme&.downcase
+      host = uri.normalized_host
+      host = "[#{host}]" if host&.include?(":")
+      default_port = scheme == HTTPS_SCHEME ? 443 : 80
+
+      HTTP::URI.new(
+        scheme:   scheme,
+        user:     uri.user,
+        password: uri.password,
+        host:     host,
+        port:     (uri.port == default_port ? nil : uri.port),
+        path:     uri.path.empty? ? "/" : percent_encode(remove_dot_segments(uri.path)),
+        query:    percent_encode(uri.query),
+        fragment: uri.fragment
+      )
+    end
+
+    # Standalone dot segments that terminate the algorithm
+    # @private
+    DOT_SEGMENTS = %w[. ..].freeze
+
+    # Matches "/." followed by "/" or end-of-string
+    # @private
+    SINGLE_DOT_SEGMENT = %r{\A/\.(?:/|\z)}
+
+    # Matches "/.." followed by "/" or end-of-string
+    # @private
+    DOUBLE_DOT_SEGMENT = %r{\A/\.\.(?:/|\z)}
+
+    # Matches the last segment in a path (everything after the final "/")
+    # @private
+    LAST_SEGMENT = %r{/[^/]*\z}
+
+    # Matches the first path segment, with or without a leading "/"
+    # @private
+    FIRST_SEGMENT = %r{\A/?[^/]*}
+
+    # Remove dot segments from a URI path per RFC 3986 Section 5.2.4
+    #
+    # @param [String] path URI path to normalize
+    #
+    # @api private
+    # @return [String] path with dot segments removed
+    def self.remove_dot_segments(path)
+      input  = path.dup
+      output = +""
+      until input.empty?
+        reduce_dot_segment(input, output) unless
+          input.delete_prefix!("../") || input.delete_prefix!("./") ||
+          input.sub!(SINGLE_DOT_SEGMENT, "/")
+      end
+      output
+    end
+    private_class_method :remove_dot_segments
+
+    # Process a single dot-segment removal step per RFC 3986 Section 5.2.4
+    #
+    # @param [String] input remaining path input (mutated)
+    # @param [String] output accumulated result (mutated)
+    #
+    # @api private
+    # @return [void]
+    private_class_method def self.reduce_dot_segment(input, output)
+      if input.sub!(DOUBLE_DOT_SEGMENT, "/")
+        output.sub!(LAST_SEGMENT, "")
+      elsif DOT_SEGMENTS.include?(input)
+        input.clear
+      else
+        output << input.slice!(FIRST_SEGMENT) # steep:ignore
+      end
+    end
+  end
+end

data/lib/http/uri/parsing.rb

@@ -0,0 +1,182 @@
+# frozen_string_literal: true
+
+module HTTP
+  # Class methods and private helpers for URI parsing and host processing
+  class URI
+    # Parse the given URI string, returning an HTTP::URI object
+    #
+    # @example
+    #   HTTP::URI.parse("http://example.com/path")
+    #
+    # @param [HTTP::URI, String, #to_str] uri to parse
+    #
+    # @api public
+    # @return [HTTP::URI] new URI instance
+    def self.parse(uri)
+      return uri if uri.is_a?(self)
+      raise InvalidError, "invalid URI: nil" if uri.nil?
+
+      uri_string = begin
+        String(uri)
+      rescue TypeError, NoMethodError
+        raise InvalidError, "invalid URI: #{uri.inspect}"
+      end
+      new(**parse_components(uri_string))
+    end
+
+    # Encodes key/value pairs as application/x-www-form-urlencoded
+    #
+    # @example
+    #   HTTP::URI.form_encode(foo: "bar")
+    #
+    # @param [#to_hash, #to_ary] form_values to encode
+    # @param [TrueClass, FalseClass] sort should key/value pairs be sorted first?
+    #
+    # @api public
+    # @return [String] encoded value
+    def self.form_encode(form_values, sort: false)
+      return ::URI.encode_www_form(form_values) unless sort
+
+      ::URI.encode_www_form(form_values.sort_by { |k, _| String(k) })
+    end
+
+    # Percent-encode matching characters in a string
+    #
+    # @param [String] string raw string
+    #
+    # @api private
+    # @return [String] encoded value
+    def self.percent_encode(string)
+      string&.gsub(PERCENT_ENCODE) do |substr|
+        substr.bytes.map { |c| format("%%%02X", c) }.join
+      end
+    end
+
+    # Loads the addressable gem on first use
+    #
+    # @api private
+    # @return [void]
+    # @raise [LoadError] if addressable gem is not installed
+    def self.require_addressable
+      return if defined?(@addressable_loaded)
+
+      require "addressable/uri"
+      @addressable_loaded = true
+    end
+
+    # Convert a hostname to ASCII via IDNA (requires addressable)
+    #
+    # @param [String] host hostname to encode
+    # @api private
+    # @return [String] ASCII-encoded hostname
+    def self.idna_to_ascii(host)
+      return host if host.ascii_only?
+
+      require_addressable
+      Addressable::IDNA.to_ascii(host) # steep:ignore
+    end
+
+    private
+
+    # Serialize the authority section of a URI (userinfo + host + port)
+    #
+    # @api private
+    # @return [String] authority component
+    def authority_string
+      str = +"//"
+      if (user = @user)
+        str << user
+        str << ":#{@password}" if @password
+        str << "@"
+      end
+      str << @raw_host # steep:ignore
+      str << ":#{@port}" if @port
+      str
+    end
+
+    # Adds or removes IPv6 brackets from a host
+    #
+    # @param [String] raw_host
+    # @param [Boolean] brackets
+    # @api private
+    # @return [String] Host with IPv6 address brackets added or removed
+    def process_ipv6_brackets(raw_host, brackets: false)
+      return unless raw_host
+
+      stripped = raw_host.delete_prefix("[").delete_suffix("]")
+      ip = IPAddr.new(stripped)
+
+      if ip.ipv6?
+        brackets ? "[#{ip}]" : ip.to_s
+      else
+        raw_host
+      end
+    rescue IPAddr::Error
+      raw_host
+    end
+
+    # Normalize a host for comparison and lookup
+    #
+    # Percent-decodes, strips trailing dot, lowercases, and IDN-encodes
+    # non-ASCII hostnames.
+    #
+    # @param [String, nil] host the host to normalize
+    # @api private
+    # @return [String, nil] normalized host
+    def normalize_host(host)
+      return nil unless host
+
+      h = host.gsub(/%\h{2}/) { |match| match.delete_prefix("%").to_i(16).chr }
+      h = h.delete_suffix(".")
+      h = h.downcase
+      self.class.idna_to_ascii(h)
+    end
+
+    # Parse a URI string into component parts
+    #
+    # Uses stdlib for printable-ASCII URIs (faster), falling back to
+    # Addressable for non-ASCII or when stdlib rejects the input.
+    #
+    # @param [String] uri_string the URI to parse
+    # @api private
+    # @return [Hash] URI components
+    private_class_method def self.parse_components(uri_string)
+      return parse_with_addressable(uri_string) if uri_string.match?(NEEDS_ADDRESSABLE)
+
+      parse_with_stdlib(uri_string) || parse_with_addressable(uri_string)
+    end
+
+    # Parse an ASCII URI using stdlib
+    #
+    # @param [String] uri_string the URI to parse
+    # @api private
+    # @return [Hash, nil] URI components, or nil if stdlib rejects the input
+    private_class_method def self.parse_with_stdlib(uri_string)
+      parsed = ::URI.parse(uri_string)
+      # stdlib always returns a port (defaulting to scheme's default);
+      # only store it when explicitly specified
+      port = parsed.port
+      port = nil if port.eql?(parsed.default_port)
+      { scheme: parsed.scheme, user: parsed.user, password: parsed.password,
+        host: parsed.host, port: port, path: parsed.path,
+        query: parsed.query, fragment: parsed.fragment }
+    rescue ::URI::InvalidURIError
+      nil
+    end
+
+    # Parse a non-ASCII URI using Addressable
+    #
+    # @param [String] uri_string the URI to parse
+    # @api private
+    # @return [Hash] URI components
+    private_class_method def self.parse_with_addressable(uri_string)
+      require_addressable
+      parsed = Addressable::URI.parse(uri_string) # steep:ignore
+      { scheme: parsed.scheme, user: parsed.user, password: parsed.password,
+        host: parsed.host, port: parsed.port, path: parsed.path,
+        query: parsed.query, fragment: parsed.fragment }
+    rescue Addressable::URI::InvalidURIError # steep:ignore
+      raise InvalidError, "invalid URI: #{uri_string.inspect}"
+    end
+  end
+end