http 0.8.0.pre4 → 0.8.0.pre5

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: b7920fa65897a4adb435be3f24272554a59bb8f0
-  data.tar.gz: 9602b19d0e5f70eea417e69343a81159c356c3be
+  metadata.gz: cfd83e5db031e7c10a162574f2c700e879b66ea1
+  data.tar.gz: 3bcb6718bb90463c39ac0170482c86fe04f59da9
 SHA512:
-  metadata.gz: e295f5c7d2b7c34ff6c4e0da1746361b777903d354910f0003eaded8c14cc180cd7e6e1edb11ce6980c63b851d0290c6e2dc0ba44c7bdee3cce036ee2ce17f3f
-  data.tar.gz: 7956cd926d6060cdc7186e1546bf8b33192f82cb71ce288c98b19f467b9e8192a4d3cfa92fd2a789e9c2dcf5631a89c7bda9136f359b8f1bb0e15a16fc14a9f0
+  metadata.gz: f1b99fd432ba3b1cb7e0ec555796d86d75029543148d8f1a8f0e7fd3d49f898fef0b0dc2afee46fb7eb38add8aa803266b212cfc5b4941d2aa88ea220c938dae
+  data.tar.gz: 8594e4e915ea23e9646d0b3e335b733bf74be8af488a6fe15ff458c3edc1eb70ac3821abcab551afa4e419e4d301ddc13b1bee2c9623eb293683b694963bb106

data/.rubocop.yml

@@ -5,6 +5,9 @@ Metrics/ClassLength:
   CountComments: false
   Max: 110
 
+Metrics/PerceivedComplexity:
+  Max: 8
+
 Metrics/CyclomaticComplexity:
   Max: 8 # TODO: Lower to 6
 

data/CHANGES.md

@@ -1,4 +1,4 @@
-## 0.8.0.pre4 (2015-03-27)
+## 0.8.0.pre5 (2015-03-27)
 
 * Support for persistent HTTP connections (@zanker)
 * Add caching support. See #77 and #177. (@Asmod4n, @pezra)

data/Gemfile

@@ -9,6 +9,7 @@ group :development do
   gem "celluloid-io"
   gem "guard"
   gem "guard-rspec", :require => false
+  gem "nokogiri", :require => false
   gem "pry"
 
   platforms :ruby_19, :ruby_20 do

data/README.md

@@ -280,6 +280,7 @@ versions:
 * Ruby 2.0.0
 * Ruby 2.1.x
 * Ruby 2.2.x
+* JRuby 1.7.x
 
 If something doesn't work on one of these versions, it's a bug.
 

data/Rakefile

@@ -26,4 +26,46 @@ Yardstick::Rake::Verify.new do |verify|
   verify.threshold = 58
 end
 
+task :generate_status_codes do
+  require "http"
+  require "nokogiri"
+
+  url = "http://www.iana.org/assignments/http-status-codes/http-status-codes.xml"
+  xml = Nokogiri::XML HTTP.get url
+  arr = xml.xpath("//xmlns:record").reduce [] do |a, e|
+    code = e.xpath("xmlns:value").text.to_s
+    desc = e.xpath("xmlns:description").text.to_s
+
+    next a if "Unassigned" == desc || "(Unused)" == desc
+
+    a << "#{code} => #{desc.inspect}"
+  end
+
+  File.open("./lib/http/response/status/reasons.rb", "w") do |io|
+    io.puts <<-TPL.gsub(/^[ ]{6}/, "")
+      # AUTO-GENERATED FILE, DO NOT CHANGE IT MANUALLY
+
+      require "delegate"
+
+      module HTTP
+        class Response
+          class Status < ::Delegator
+            # Code to Reason map
+            #
+            # @example Usage
+            #
+            #   REASONS[400] # => "Bad Request"
+            #   REASONS[414] # => "Request-URI Too Long"
+            #
+            # @return [Hash<Fixnum => String>]
+            REASONS = {
+              #{arr.join ",\n              "}
+            }.each { |_, v| v.freeze }.freeze
+          end
+        end
+      end
+    TPL
+  end
+end
+
 task :default => [:spec, :rubocop, :verify_measurements]

data/lib/http/chainable.rb

@@ -106,7 +106,7 @@ module HTTP
     # @param opts
     # @return [HTTP::Client]
     # @see Redirector#initialize
-    def follow(opts = true)
+    def follow(opts = {})
       branch default_options.with_follow opts
     end
 

data/lib/http/client.rb

@@ -2,6 +2,7 @@ require "cgi"
 require "uri"
 require "http/form_data"
 require "http/options"
+require "http/connection"
 require "http/redirector"
 
 module HTTP
@@ -18,6 +19,7 @@ module HTTP
     def initialize(default_options = {})
       @default_options = HTTP::Options.new(default_options)
       @connection = nil
+      @state = :clean
     end
 
     # Make an HTTP request
@@ -38,13 +40,11 @@ module HTTP
       req = HTTP::Request.new(verb, uri, headers, proxy, body)
       res = perform req, opts
 
-      if opts.follow
-        res = Redirector.new(opts.follow).perform req, res do |request|
-          perform request, opts
-        end
-      end
+      return res unless opts.follow
 
-      res
+      Redirector.new(opts.follow).perform req, res do |request|
+        perform request, opts
+      end
     end
 
     # Perform a single (no follow) HTTP request
@@ -57,19 +57,22 @@ module HTTP
     def make_request(req, options)
       verify_connection!(req.uri)
 
+      @state = :dirty
+
       @connection ||= HTTP::Connection.new(req, options)
       @connection.send_request(req)
       @connection.read_headers!
 
       res = Response.new(
-        @connection.parser.status_code,
-        @connection.parser.http_version,
-        @connection.parser.headers,
+        @connection.status_code,
+        @connection.http_version,
+        @connection.headers,
         Response::Body.new(@connection),
         req.uri
       )
 
       @connection.finish_response if req.verb == :head
+      @state = :clean
 
       res
 
@@ -84,6 +87,7 @@ module HTTP
     def close
       @connection.close if @connection
       @connection = nil
+      @state = :clean
     end
 
     private
@@ -92,11 +96,14 @@ module HTTP
     def verify_connection!(uri)
       if default_options.persistent? && base_host(uri) != default_options.persistent
         fail StateError, "Persistence is enabled for #{default_options.persistent}, but we got #{base_host(uri)}"
-
       # We re-create the connection object because we want to let prior requests
       # lazily load the body as long as possible, and this mimics prior functionality.
       elsif @connection && (!@connection.keep_alive? || @connection.expired?)
         close
+      # If we get into a bad state (eg, Timeout.timeout ensure being killed)
+      # close the connection to prevent potential for mixed responses.
+      elsif @state == :dirty
+        close
       end
     end
 

data/lib/http/connection.rb

@@ -1,67 +1,80 @@
+require "forwardable"
+
 require "http/response/parser"
 
 module HTTP
   # A connection to the HTTP server
   class Connection
-    attr_reader :socket, :parser, :persistent, :keep_alive_timeout,
-                :pending_request, :pending_response
-
+    extend Forwardable
     # Attempt to read this much data
     BUFFER_SIZE = 16_384
 
-    def initialize(req, options)
-      @persistent = options.persistent?
+    # HTTP/1.0
+    HTTP_1_0 = "1.0".freeze
 
-      @keep_alive_timeout = options[:keep_alive_timeout]
+    # HTTP/1.1
+    HTTP_1_1 = "1.1".freeze
+
+    # @param [HTTP::Request] req
+    # @param [HTTP::Options] options
+    def initialize(req, options)
+      @persistent         = options.persistent?
+      @keep_alive_timeout = options[:keep_alive_timeout].to_f
+      @pending_request    = false
+      @pending_response   = false
 
       @parser = Response::Parser.new
 
       @socket = options[:timeout_class].new(options[:timeout_options])
       @socket.connect(options[:socket_class], req.socket_host, req.socket_port)
 
-      @socket.start_tls(
-        req.uri.host,
-        options[:ssl_socket_class],
-        options[:ssl_context]
-      ) if req.uri.is_a?(URI::HTTPS) && !req.using_proxy?
-
+      start_tls(req, options)
       reset_timer
     end
 
+    # @see (HTTP::Response::Parser#status_code)
+    def_delegator :@parser, :status_code
+
+    # @see (HTTP::Response::Parser#http_version)
+    def_delegator :@parser, :http_version
+
+    # @see (HTTP::Response::Parser#headers)
+    def_delegator :@parser, :headers
+
     # Send a request to the server
     #
     # @param [Request] Request to send to the server
-    # @return [Nil]
+    # @return [nil]
     def send_request(req)
-      if pending_response
+      if @pending_response
         fail StateError, "Tried to send a request while one is pending already. Make sure you read off the body."
-      elsif pending_request
+      elsif @pending_request
         fail StateError, "Tried to send a request while a response is pending. Make sure you've fully read the body from the request."
       end
 
       @pending_request = true
 
-      req.stream socket
+      req.stream @socket
 
       @pending_response = true
-      @pending_request = nil
+      @pending_request  = false
     end
 
     # Read a chunk of the body
     #
     # @return [String] data chunk
-    # @return [Nil] when no more data left
+    # @return [nil] when no more data left
     def readpartial(size = BUFFER_SIZE)
-      return unless pending_response
+      return unless @pending_response
 
       begin
         read_more size
-        finished = parser.finished?
+        finished = @parser.finished?
       rescue EOFError
         finished = true
       end
 
-      chunk = parser.chunk
+      chunk = @parser.chunk
 
       finish_response if finished
 
@@ -69,75 +82,91 @@ module HTTP
     end
 
     # Reads data from socket up until headers are loaded
+    # @return [void]
     def read_headers!
-      read_more BUFFER_SIZE until parser.headers
+      read_more BUFFER_SIZE until @parser.headers
       set_keep_alive
-
-    rescue IOError, Errno::ECONNRESET, Errno::EPIPE => ex
-      return if ex.is_a?(EOFError) && parser.headers
-      raise IOError, "problem making HTTP request: #{ex}"
+    rescue IOError, Errno::ECONNRESET, Errno::EPIPE => e
+      return if e.is_a?(EOFError) && @parser.headers
+      raise IOError, "problem making HTTP request: #{e}"
     end
 
     # Callback for when we've reached the end of a response
+    # @return [void]
     def finish_response
       close unless keep_alive?
 
-      parser.reset
+      @parser.reset
       reset_timer
 
-      @pending_response = nil
+      @pending_response = false
     end
 
     # Close the connection
+    # @return [void]
     def close
-      socket.close unless socket.closed?
+      @socket.close unless @socket.closed?
 
-      @pending_response = nil
-      @pending_request = nil
+      @pending_response = false
+      @pending_request  = false
     end
 
     # Whether we're keeping the conn alive
+    # @return [Boolean]
     def keep_alive?
-      !!@keep_alive && !socket.closed?
+      !!@keep_alive && !@socket.closed?
     end
 
     # Whether our connection has expired
+    # @return [Boolean]
     def expired?
       !@conn_expires_at || @conn_expires_at < Time.now
     end
 
-    def reset_timer
-      @conn_expires_at = Time.now + keep_alive_timeout if persistent
+    private
+
+    # Sets up SSL context and starts TLS if needed.
+    # @param (see #initialize)
+    # @return [void]
+    def start_tls(req, options)
+      return unless req.uri.is_a?(URI::HTTPS) && !req.using_proxy?
+
+      ssl_context = options[:ssl_context]
+
+      unless ssl_context
+        ssl_context = OpenSSL::SSL::SSLContext.new
+        ssl_context.set_params(options[:ssl] || {})
+      end
+
+      @socket.start_tls(req.uri.host, options[:ssl_socket_class], ssl_context)
     end
 
-    private :reset_timer
+    # Resets expiration of persistent connection.
+    # @return [void]
+    def reset_timer
+      @conn_expires_at = Time.now + @keep_alive_timeout if @persistent
+    end
 
     # Store whether the connection should be kept alive.
     # Once we reset the parser, we lose all of this state.
+    # @return [void]
     def set_keep_alive
-      return @keep_alive = false unless persistent
-
-      # HTTP/1.0 requires opt in for Keep Alive
-      if parser.http_version == "1.0"
-        @keep_alive = parser.headers["Connection"] == HTTP::Client::KEEP_ALIVE
-
-      # HTTP/1.1 is opt-out
-      elsif parser.http_version == "1.1"
-        @keep_alive = parser.headers["Connection"] != HTTP::Client::CLOSE
-
-      # Anything else we assume doesn't supportit
-      else
+      return @keep_alive = false unless @persistent
+
+      case @parser.http_version
+      when HTTP_1_0 # HTTP/1.0 requires opt in for Keep Alive
+        @keep_alive = @parser.headers[Client::CONNECTION] == HTTP::Client::KEEP_ALIVE
+      when HTTP_1_1 # HTTP/1.1 is opt-out
+        @keep_alive = @parser.headers[Client::CONNECTION] != HTTP::Client::CLOSE
+      else # Anything else we assume doesn't supportit
         @keep_alive = false
       end
     end
 
-    private :set_keep_alive
-
     # Feeds some more data into parser
+    # @return [void]
     def read_more(size)
-      parser << socket.readpartial(size) unless parser.finished?
+      @parser << @socket.readpartial(size) unless @parser.finished?
     end
-
-    private :read_more
   end
 end

data/lib/http/options.rb

@@ -47,6 +47,7 @@ module HTTP
                   :timeout_options =>  {},
                   :socket_class =>     self.class.default_socket_class,
                   :ssl_socket_class => self.class.default_ssl_socket_class,
+                  :ssl =>              {},
                   :cache =>            self.class.default_cache,
                   :keep_alive_timeout  => 5,
                   :headers =>          {}}
@@ -65,12 +66,21 @@ module HTTP
 
     %w(
       proxy params form json body follow response
-      socket_class ssl_socket_class ssl_context
+      socket_class ssl_socket_class ssl_context ssl
       persistent keep_alive_timeout timeout_class timeout_options
     ).each do |method_name|
       def_option method_name
     end
 
+    def follow=(value)
+      @follow = case
+                when !value                    then nil
+                when true == value             then {}
+                when value.respond_to?(:fetch) then value
+                else argument_error! "Unsupported follow options: #{value}"
+                end
+    end
+
     def_option :cache do |cache_or_cache_options|
       if cache_or_cache_options.respond_to? :perform
         cache_or_cache_options

data/lib/http/redirector.rb

@@ -1,3 +1,5 @@
+require "set"
+
 module HTTP
   class Redirector
     # Notifies that we reached max allowed redirect hops
@@ -7,60 +9,86 @@ module HTTP
     class EndlessRedirectError < TooManyRedirectsError; end
 
     # HTTP status codes which indicate redirects
-    REDIRECT_CODES = [300, 301, 302, 303, 307, 308].freeze
+    REDIRECT_CODES = [300, 301, 302, 303, 307, 308].to_set.freeze
 
-    # :nodoc:
-    def initialize(options = nil)
-      options   = {:max_hops => 5} unless options.respond_to?(:fetch)
-      @max_hops = options.fetch(:max_hops, 5)
-      @max_hops = false if @max_hops && 1 > @max_hops.to_i
-    end
+    # Codes which which should raise StateError in strict mode if original
+    # request was any of {UNSAFE_VERBS}
+    STRICT_SENSITIVE_CODES = [300, 301, 302].to_set.freeze
 
-    # Follows redirects until non-redirect response found
-    def perform(request, response, &block)
-      reset(request, response)
-      follow(&block)
-    end
+    # Insecure http verbs, which should trigger StateError in strict mode
+    # upon {STRICT_SENSITIVE_CODES}
+    UNSAFE_VERBS = [:put, :delete, :post].to_set.freeze
 
-    private
+    # Verbs which will remain unchanged upon See Other response.
+    SEE_OTHER_ALLOWED_VERBS = [:get, :head].to_set.freeze
 
-    # Reset redirector state
-    def reset(request, response)
-      @request, @response = request, response
-      @visited = []
+    # @!attribute [r] strict
+    #   Returns redirector policy.
+    #   @return [Boolean]
+    attr_reader :strict
+
+    # @!attribute [r] max_hops
+    #   Returns maximum allowed hops.
+    #   @return [Fixnum]
+    attr_reader :max_hops
+
+    # @param [Hash] opts
+    # @option opts [Boolean] :strict (true) redirector hops policy
+    # @option opts [#to_i] :max_hops (5) maximum allowed amount of hops
+    def initialize(options = {})
+      @strict   = options.fetch(:strict, true)
+      @max_hops = options.fetch(:max_hops, 5).to_i
     end
 
-    # Follow redirects
-    def follow
-      while REDIRECT_CODES.include?(@response.code)
-        @visited << @request.uri.to_s
+    # Follows redirects until non-redirect response found
+    def perform(request, response)
+      @request  = request
+      @response = response
+      @visited  = []
+
+      while REDIRECT_CODES.include? @response.status.code
+        @visited << "#{@request.verb} #{@request.uri}"
 
         fail TooManyRedirectsError if too_many_hops?
         fail EndlessRedirectError  if endless_loop?
 
-        uri = @response.headers["Location"]
-        fail StateError, "no Location header in redirect" unless uri
-
-        if 303 == @response.code
-          @request = @request.redirect uri, :get
-        else
-          @request = @request.redirect uri
-        end
-
+        @request  = redirect_to @response.headers["Location"]
         @response = yield @request
       end
 
       @response
     end
 
+    private
+
     # Check if we reached max amount of redirect hops
+    # @return [Boolean]
     def too_many_hops?
-      @max_hops < @visited.count if @max_hops
+      1 <= @max_hops && @max_hops < @visited.count
     end
 
     # Check if we got into an endless loop
+    # @return [Boolean]
     def endless_loop?
-      2 < @visited.count(@visited.last)
+      2 <= @visited.count(@visited.last)
+    end
+
+    # Redirect policy for follow
+    # @return [Request]
+    def redirect_to(uri)
+      fail StateError, "no Location header in redirect" unless uri
+
+      verb = @request.verb
+      code = @response.status.code
+
+      if UNSAFE_VERBS.include?(verb) && STRICT_SENSITIVE_CODES.include?(code)
+        fail StateError, "can't follow #{@response.status} redirect" if @strict
+        verb = :get
+      end
+
+      verb = :get if !SEE_OTHER_ALLOWED_VERBS.include?(verb) && 303 == code
+
+      @request.redirect(uri, verb)
     end
   end
 end