RubyGems - httpx - Versions diffs - 0.21.0 → 1.2.1 - Mend

httpx 0.21.0 → 1.2.1

Files changed (229) hide show

checksums.yaml +4 -4
data/LICENSE.txt +0 -48
data/README.md +54 -45
data/doc/release_notes/0_10_0.md +2 -2
data/doc/release_notes/0_11_0.md +3 -5
data/doc/release_notes/0_12_0.md +5 -5
data/doc/release_notes/0_13_0.md +4 -4
data/doc/release_notes/0_14_0.md +2 -2
data/doc/release_notes/0_16_0.md +3 -3
data/doc/release_notes/0_17_0.md +1 -1
data/doc/release_notes/0_18_0.md +4 -4
data/doc/release_notes/0_18_2.md +1 -1
data/doc/release_notes/0_19_0.md +1 -1
data/doc/release_notes/0_20_0.md +1 -1
data/doc/release_notes/0_21_0.md +7 -5
data/doc/release_notes/0_21_1.md +12 -0
data/doc/release_notes/0_22_0.md +13 -0
data/doc/release_notes/0_22_1.md +11 -0
data/doc/release_notes/0_22_2.md +5 -0
data/doc/release_notes/0_22_3.md +55 -0
data/doc/release_notes/0_22_4.md +6 -0
data/doc/release_notes/0_22_5.md +6 -0
data/doc/release_notes/0_23_0.md +42 -0
data/doc/release_notes/0_23_1.md +5 -0
data/doc/release_notes/0_23_2.md +5 -0
data/doc/release_notes/0_23_3.md +6 -0
data/doc/release_notes/0_23_4.md +5 -0
data/doc/release_notes/0_24_0.md +48 -0
data/doc/release_notes/0_24_1.md +12 -0
data/doc/release_notes/0_24_2.md +12 -0
data/doc/release_notes/0_24_3.md +12 -0
data/doc/release_notes/0_24_4.md +18 -0
data/doc/release_notes/0_24_5.md +6 -0
data/doc/release_notes/0_24_6.md +5 -0
data/doc/release_notes/0_24_7.md +10 -0
data/doc/release_notes/1_0_0.md +60 -0
data/doc/release_notes/1_0_1.md +5 -0
data/doc/release_notes/1_0_2.md +7 -0
data/doc/release_notes/1_1_0.md +32 -0
data/doc/release_notes/1_1_1.md +17 -0
data/doc/release_notes/1_1_2.md +12 -0
data/doc/release_notes/1_1_3.md +18 -0
data/doc/release_notes/1_1_4.md +6 -0
data/doc/release_notes/1_1_5.md +12 -0
data/doc/release_notes/1_2_0.md +49 -0
data/doc/release_notes/1_2_1.md +6 -0
data/lib/httpx/adapters/datadog.rb +100 -106
data/lib/httpx/adapters/faraday.rb +143 -107
data/lib/httpx/adapters/sentry.rb +26 -7
data/lib/httpx/adapters/webmock.rb +33 -17
data/lib/httpx/altsvc.rb +61 -24
data/lib/httpx/base64.rb +27 -0
data/lib/httpx/buffer.rb +12 -0
data/lib/httpx/callbacks.rb +5 -3
data/lib/httpx/chainable.rb +54 -39
data/lib/httpx/connection/http1.rb +62 -37
data/lib/httpx/connection/http2.rb +16 -27
data/lib/httpx/connection.rb +213 -120
data/lib/httpx/domain_name.rb +10 -13
data/lib/httpx/errors.rb +34 -2
data/lib/httpx/extensions.rb +4 -134
data/lib/httpx/io/ssl.rb +77 -71
data/lib/httpx/io/tcp.rb +46 -70
data/lib/httpx/io/udp.rb +18 -52
data/lib/httpx/io/unix.rb +6 -13
data/lib/httpx/io.rb +3 -9
data/lib/httpx/loggable.rb +4 -19
data/lib/httpx/options.rb +168 -110
data/lib/httpx/plugins/{authentication → auth}/basic.rb +1 -5
data/lib/httpx/plugins/{authentication → auth}/digest.rb +13 -14
data/lib/httpx/plugins/{authentication → auth}/ntlm.rb +1 -3
data/lib/httpx/plugins/{authentication → auth}/socks5.rb +0 -2
data/lib/httpx/plugins/auth.rb +25 -0
data/lib/httpx/plugins/aws_sdk_authentication.rb +1 -3
data/lib/httpx/plugins/aws_sigv4.rb +5 -6
data/lib/httpx/plugins/basic_auth.rb +29 -0
data/lib/httpx/plugins/brotli.rb +50 -0
data/lib/httpx/plugins/callbacks.rb +91 -0
data/lib/httpx/plugins/circuit_breaker/circuit.rb +40 -16
data/lib/httpx/plugins/circuit_breaker/circuit_store.rb +14 -5
data/lib/httpx/plugins/circuit_breaker.rb +30 -7
data/lib/httpx/plugins/cookies/set_cookie_parser.rb +0 -2
data/lib/httpx/plugins/cookies.rb +20 -10
data/lib/httpx/plugins/{digest_authentication.rb → digest_auth.rb} +11 -12
data/lib/httpx/plugins/expect.rb +15 -13
data/lib/httpx/plugins/follow_redirects.rb +71 -29
data/lib/httpx/plugins/grpc/call.rb +2 -3
data/lib/httpx/plugins/grpc/grpc_encoding.rb +88 -0
data/lib/httpx/plugins/grpc/message.rb +7 -37
data/lib/httpx/plugins/grpc.rb +35 -29
data/lib/httpx/plugins/h2c.rb +25 -18
data/lib/httpx/plugins/internal_telemetry.rb +16 -0
data/lib/httpx/plugins/{ntlm_authentication.rb → ntlm_auth.rb} +7 -5
data/lib/httpx/plugins/oauth.rb +170 -0
data/lib/httpx/plugins/persistent.rb +1 -1
data/lib/httpx/plugins/proxy/http.rb +15 -10
data/lib/httpx/plugins/proxy/socks4.rb +8 -6
data/lib/httpx/plugins/proxy/socks5.rb +10 -8
data/lib/httpx/plugins/proxy.rb +69 -67
data/lib/httpx/plugins/push_promise.rb +1 -1
data/lib/httpx/plugins/rate_limiter.rb +3 -1
data/lib/httpx/plugins/response_cache/file_store.rb +40 -0
data/lib/httpx/plugins/response_cache/store.rb +34 -17
data/lib/httpx/plugins/response_cache.rb +6 -6
data/lib/httpx/plugins/retries.rb +61 -12
data/lib/httpx/plugins/ssrf_filter.rb +142 -0
data/lib/httpx/plugins/stream.rb +27 -32
data/lib/httpx/plugins/upgrade/h2.rb +4 -4
data/lib/httpx/plugins/upgrade.rb +8 -10
data/lib/httpx/plugins/webdav.rb +10 -8
data/lib/httpx/pool.rb +85 -23
data/lib/httpx/punycode.rb +9 -291
data/lib/httpx/request/body.rb +158 -0
data/lib/httpx/request.rb +86 -121
data/lib/httpx/resolver/https.rb +54 -17
data/lib/httpx/resolver/multi.rb +8 -12
data/lib/httpx/resolver/native.rb +163 -70
data/lib/httpx/resolver/resolver.rb +28 -13
data/lib/httpx/resolver/system.rb +15 -10
data/lib/httpx/resolver.rb +38 -16
data/lib/httpx/response/body.rb +242 -0
data/lib/httpx/response/buffer.rb +96 -0
data/lib/httpx/response.rb +113 -211
data/lib/httpx/selector.rb +2 -4
data/lib/httpx/session.rb +91 -64
data/lib/httpx/session_extensions.rb +4 -1
data/lib/httpx/timers.rb +28 -8
data/lib/httpx/transcoder/body.rb +0 -2
data/lib/httpx/transcoder/chunker.rb +0 -1
data/lib/httpx/transcoder/deflate.rb +37 -0
data/lib/httpx/transcoder/form.rb +52 -33
data/lib/httpx/transcoder/gzip.rb +74 -0
data/lib/httpx/transcoder/json.rb +2 -5
data/lib/httpx/transcoder/multipart/decoder.rb +139 -0
data/lib/httpx/{plugins → transcoder}/multipart/encoder.rb +3 -3
data/lib/httpx/{plugins → transcoder}/multipart/mime_type_detector.rb +1 -1
data/lib/httpx/{plugins → transcoder}/multipart/part.rb +3 -2
data/lib/httpx/transcoder/multipart.rb +17 -0
data/lib/httpx/transcoder/utils/body_reader.rb +46 -0
data/lib/httpx/transcoder/utils/deflater.rb +72 -0
data/lib/httpx/transcoder/utils/inflater.rb +19 -0
data/lib/httpx/transcoder/xml.rb +0 -5
data/lib/httpx/transcoder.rb +4 -6
data/lib/httpx/utils.rb +36 -16
data/lib/httpx/version.rb +1 -1
data/lib/httpx.rb +12 -14
data/sig/altsvc.rbs +33 -0
data/sig/buffer.rbs +1 -0
data/sig/callbacks.rbs +3 -3
data/sig/chainable.rbs +10 -9
data/sig/connection/http1.rbs +5 -4
data/sig/connection/http2.rbs +1 -1
data/sig/connection.rbs +46 -24
data/sig/errors.rbs +9 -3
data/sig/httpx.rbs +5 -4
data/sig/io/ssl.rbs +26 -0
data/sig/io/tcp.rbs +60 -0
data/sig/io/udp.rbs +20 -0
data/sig/io/unix.rbs +10 -0
data/sig/options.rbs +28 -12
data/sig/plugins/{authentication → auth}/basic.rbs +0 -2
data/sig/plugins/{authentication → auth}/digest.rbs +2 -1
data/sig/plugins/auth.rbs +13 -0
data/sig/plugins/{basic_authentication.rbs → basic_auth.rbs} +2 -2
data/sig/plugins/brotli.rbs +22 -0
data/sig/plugins/callbacks.rbs +38 -0
data/sig/plugins/circuit_breaker.rbs +13 -3
data/sig/plugins/compression.rbs +6 -4
data/sig/plugins/cookies/jar.rbs +2 -2
data/sig/plugins/cookies.rbs +2 -0
data/sig/plugins/{digest_authentication.rbs → digest_auth.rbs} +2 -2
data/sig/plugins/follow_redirects.rbs +11 -2
data/sig/plugins/grpc/call.rbs +19 -0
data/sig/plugins/grpc/grpc_encoding.rbs +37 -0
data/sig/plugins/grpc/message.rbs +17 -0
data/sig/plugins/grpc.rbs +2 -32
data/sig/plugins/h2c.rbs +1 -1
data/sig/plugins/{ntlm_authentication.rbs → ntlm_auth.rbs} +2 -2
data/sig/plugins/oauth.rbs +54 -0
data/sig/plugins/proxy/socks4.rbs +4 -4
data/sig/plugins/proxy/socks5.rbs +2 -2
data/sig/plugins/proxy/ssh.rbs +1 -1
data/sig/plugins/proxy.rbs +10 -4
data/sig/plugins/response_cache.rbs +12 -3
data/sig/plugins/retries.rbs +28 -8
data/sig/plugins/stream.rbs +24 -17
data/sig/plugins/upgrade.rbs +5 -3
data/sig/pool.rbs +5 -4
data/sig/request/body.rbs +40 -0
data/sig/request.rbs +12 -28
data/sig/resolver/https.rbs +7 -2
data/sig/resolver/native.rbs +10 -4
data/sig/resolver/resolver.rbs +6 -4
data/sig/resolver/system.rbs +2 -0
data/sig/resolver.rbs +9 -5
data/sig/response/body.rbs +53 -0
data/sig/response/buffer.rbs +24 -0
data/sig/response.rbs +17 -38
data/sig/session.rbs +24 -18
data/sig/timers.rbs +17 -7
data/sig/transcoder/body.rbs +4 -3
data/sig/transcoder/deflate.rbs +11 -0
data/sig/transcoder/form.rbs +5 -3
data/sig/transcoder/gzip.rbs +24 -0
data/sig/transcoder/json.rbs +4 -2
data/sig/{plugins → transcoder}/multipart.rbs +3 -12
data/sig/transcoder/utils/body_reader.rbs +15 -0
data/sig/transcoder/utils/deflater.rbs +29 -0
data/sig/transcoder/utils/inflater.rbs +12 -0
data/sig/transcoder/xml.rbs +1 -1
data/sig/transcoder.rbs +22 -7
data/sig/utils.rbs +2 -0
metadata +127 -40
data/lib/httpx/plugins/authentication.rb +0 -20
data/lib/httpx/plugins/basic_authentication.rb +0 -30
data/lib/httpx/plugins/compression/brotli.rb +0 -54
data/lib/httpx/plugins/compression/deflate.rb +0 -49
data/lib/httpx/plugins/compression/gzip.rb +0 -88
data/lib/httpx/plugins/compression.rb +0 -164
data/lib/httpx/plugins/multipart/decoder.rb +0 -187
data/lib/httpx/plugins/multipart.rb +0 -84
data/lib/httpx/registry.rb +0 -85
data/sig/plugins/authentication.rbs +0 -11
data/sig/plugins/compression/brotli.rbs +0 -21
data/sig/plugins/compression/deflate.rbs +0 -17
data/sig/plugins/compression/gzip.rbs +0 -29
data/sig/registry.rbs +0 -13
/data/sig/plugins/{authentication → auth}/ntlm.rbs +0 -0
/data/sig/plugins/{authentication → auth}/socks5.rbs +0 -0

data/lib/httpx/plugins/response_cache/file_store.rb ADDED Viewed

@@ -0,0 +1,40 @@
+# frozen_string_literal: true
+require "pathname"
+require_relative "store"
+module HTTPX::Plugins
+  module ResponseCache
+    class FileStore < Store
+      def initialize(dir = Dir.tmpdir)
+        @dir = Pathname.new(dir)
+      end
+      def clear
+        # delete all files
+      end
+      def cached?(request)
+        file_path = @dir.join(request.response_cache_key)
+        exist?(file_path)
+      end
+      private
+      def _get(request)
+        return unless cached?(request)
+        File.open(@dir.join(request.response_cache_key))
+      end
+      def _set(request, response)
+        file_path = @dir.join(request.response_cache_key)
+        response.copy_to(file_path)
+        response.body.rewind
+      end
+    end
+  end
+end

data/lib/httpx/plugins/response_cache/store.rb CHANGED Viewed

@@ -1,28 +1,23 @@
 # frozen_string_literal: true
-require "forwardable"
 module HTTPX::Plugins
   module ResponseCache
     class Store
-      extend Forwardable
-      def_delegator :@store, :clear
       def initialize
         @store = {}
+        @store_mutex = Thread::Mutex.new
+      end
+      def clear
+        @store_mutex.synchronize { @store.clear }
       end
       def lookup(request)
-        responses = @store[request.response_cache_key]
+        responses = _get(request)
         return unless responses
-        response = responses.find(&method(:match_by_vary?).curry(2)[request])
-        return unless response && response.fresh?
-        response
+        responses.find(&method(:match_by_vary?).curry(2)[request])
       end
       def cached?(request)
@@ -32,11 +27,7 @@ module HTTPX::Plugins
       def cache(request, response)
         return unless ResponseCache.cacheable_request?(request) && ResponseCache.cacheable_response?(response)
-        responses = (@store[request.response_cache_key] ||= [])
-        responses.reject!(&method(:match_by_vary?).curry(2)[request])
-        responses << response
+        _set(request, response)
       end
       def prepare(request)
@@ -71,6 +62,32 @@ module HTTPX::Plugins
           !original_request.headers.key?(cache_field) || request.headers[cache_field] == original_request.headers[cache_field]
         end
       end
+      def _get(request)
+        @store_mutex.synchronize do
+          responses = @store[request.response_cache_key]
+          return unless responses
+          responses.select! do |res|
+            !res.body.closed? && res.fresh?
+          end
+          responses
+        end
+      end
+      def _set(request, response)
+        @store_mutex.synchronize do
+          responses = (@store[request.response_cache_key] ||= [])
+          responses.reject! do |res|
+            res.body.closed? || !res.fresh? || match_by_vary?(request, res)
+          end
+          responses << response
+        end
+      end
     end
   end
 end

data/lib/httpx/plugins/response_cache.rb CHANGED Viewed

@@ -5,10 +5,10 @@ module HTTPX
     #
     # This plugin adds support for retrying requests when certain errors happen.
     #
-    # https://gitlab.com/honeyryderchuck/httpx/wikis/Response-Cache
+    # https://gitlab.com/os85/httpx/wikis/Response-Cache
     #
     module ResponseCache
-      CACHEABLE_VERBS = %i[get head].freeze
+      CACHEABLE_VERBS = %w[GET HEAD].freeze
       CACHEABLE_STATUS_CODES = [200, 203, 206, 300, 301, 410].freeze
       private_constant :CACHEABLE_VERBS
       private_constant :CACHEABLE_STATUS_CODES
@@ -96,15 +96,15 @@ module HTTPX
       module RequestMethods
         def response_cache_key
-          @response_cache_key ||= Digest::SHA1.hexdigest("httpx-response-cache-#{@verb}#{@uri}")
+          @response_cache_key ||= Digest::SHA1.hexdigest("httpx-response-cache-#{@verb}-#{@uri}")
         end
       end
       module ResponseMethods
         def copy_from_cached(other)
-          @body = other.body
+          @body = other.body.dup
-          @body.__send__(:rewind)
+          @body.rewind
         end
         # A response is fresh if its age has not yet exceeded its freshness lifetime.
@@ -169,7 +169,7 @@ module HTTPX
         def date
           @date ||= Time.httpdate(@headers["date"])
         rescue NoMethodError, ArgumentError
-          Time.now.httpdate
+          Time.now
         end
       end
     end

data/lib/httpx/plugins/retries.rb CHANGED Viewed

@@ -5,13 +5,13 @@ module HTTPX
     #
     # This plugin adds support for retrying requests when certain errors happen.
     #
-    # https://gitlab.com/honeyryderchuck/httpx/wikis/Retries
+    # https://gitlab.com/os85/httpx/wikis/Retries
     #
     module Retries
       MAX_RETRIES = 3
       # TODO: pass max_retries in a configure/load block
-      IDEMPOTENT_METHODS = %i[get options head put delete].freeze
+      IDEMPOTENT_METHODS = %w[GET OPTIONS HEAD PUT DELETE].freeze
       RETRYABLE_ERRORS = [
         IOError,
         EOFError,
@@ -23,9 +23,10 @@ module HTTPX
         Parser::Error,
         TLSError,
         TimeoutError,
+        ConnectionError,
         Connection::HTTP2::GoawayError,
       ].freeze
-      DEFAULT_JITTER = ->(interval) { interval * (0.5 * (1 + rand)) }
+      DEFAULT_JITTER = ->(interval) { interval * ((rand + 1) * 0.5) }
       if ENV.key?("HTTPX_NO_JITTER")
         def self.extra_options(options)
@@ -87,15 +88,14 @@ module HTTPX
              request.retries.positive? &&
              __repeatable_request?(request, options) &&
              (
-               # rubocop:disable Style/MultilineTernaryOperator
-               options.retry_on ?
-               options.retry_on.call(response) :
                (
                  response.is_a?(ErrorResponse) && __retryable_error?(response.error)
+               ) ||
+               (
+                 options.retry_on && options.retry_on.call(response)
                )
-               # rubocop:enable Style/MultilineTernaryOperator
              )
-            response.close if response.respond_to?(:close)
+            __try_partial_retry(request, response)
             log { "failed to get response, #{request.retries} tries to go..." }
             request.retries -= 1
             request.transition(:idle)
@@ -113,12 +113,10 @@ module HTTPX
               log { "retrying after #{retry_after} secs..." }
               pool.after(retry_after) do
                 log { "retrying (elapsed time: #{Utils.elapsed_time(retry_start)})!!" }
-                connection = find_connection(request, connections, options)
-                connection.send(request)
+                send_request(request, connections, options)
               end
             else
-              connection = find_connection(request, connections, options)
-              connection.send(request)
+              send_request(request, connections, options)
             end
             return
@@ -133,15 +131,66 @@ module HTTPX
         def __retryable_error?(ex)
           RETRYABLE_ERRORS.any? { |klass| ex.is_a?(klass) }
         end
+        def proxy_error?(request, response)
+          super && !request.retries.positive?
+        end
+        #
+        # Atttempt to set the request to perform a partial range request.
+        # This happens if the peer server accepts byte-range requests, and
+        # the last response contains some body payload.
+        #
+        def __try_partial_retry(request, response)
+          response = response.response if response.is_a?(ErrorResponse)
+          return unless response
+          unless response.headers.key?("accept-ranges") &&
+                 response.headers["accept-ranges"] == "bytes" && # there's nothing else supported though...
+                 (original_body = response.body)
+            response.close if response.respond_to?(:close)
+            return
+          end
+          request.partial_response = response
+          size = original_body.bytesize
+          request.headers["range"] = "bytes=#{size}-"
+        end
       end
       module RequestMethods
         attr_accessor :retries
+        attr_writer :partial_response
         def initialize(*args)
           super
           @retries = @options.max_retries
         end
+        def response=(response)
+          if @partial_response
+            if response.is_a?(Response) && response.status == 206
+              response.from_partial_response(@partial_response)
+            else
+              @partial_response.close
+            end
+            @partial_response = nil
+          end
+          super
+        end
+      end
+      module ResponseMethods
+        def from_partial_response(response)
+          @status = response.status
+          @headers = response.headers
+          @body = response.body
+        end
       end
     end
     register_plugin :retries, Retries

data/lib/httpx/plugins/ssrf_filter.rb ADDED Viewed

@@ -0,0 +1,142 @@
+# frozen_string_literal: true
+module HTTPX
+  class ServerSideRequestForgeryError < Error; end
+  module Plugins
+    #
+    # This plugin adds support for preventing Server-Side Request Forgery attacks.
+    #
+    # https://gitlab.com/os85/httpx/wikis/Server-Side-Request-Forgery-Filter
+    #
+    module SsrfFilter
+      module IPAddrExtensions
+        refine IPAddr do
+          def prefixlen
+            mask_addr = @mask_addr
+            raise "Invalid mask" if mask_addr.zero?
+            mask_addr >>= 1 while (mask_addr & 0x1).zero?
+            length = 0
+            while mask_addr & 0x1 == 0x1
+              length += 1
+              mask_addr >>= 1
+            end
+            length
+          end
+        end
+      end
+      using IPAddrExtensions
+      # https://en.wikipedia.org/wiki/Reserved_IP_addresses
+      IPV4_BLACKLIST = [
+        IPAddr.new("0.0.0.0/8"), # Current network (only valid as source address)
+        IPAddr.new("10.0.0.0/8"), # Private network
+        IPAddr.new("100.64.0.0/10"), # Shared Address Space
+        IPAddr.new("127.0.0.0/8"), # Loopback
+        IPAddr.new("169.254.0.0/16"), # Link-local
+        IPAddr.new("172.16.0.0/12"), # Private network
+        IPAddr.new("192.0.0.0/24"), # IETF Protocol Assignments
+        IPAddr.new("192.0.2.0/24"), # TEST-NET-1, documentation and examples
+        IPAddr.new("192.88.99.0/24"), # IPv6 to IPv4 relay (includes 2002::/16)
+        IPAddr.new("192.168.0.0/16"), # Private network
+        IPAddr.new("198.18.0.0/15"), # Network benchmark tests
+        IPAddr.new("198.51.100.0/24"), # TEST-NET-2, documentation and examples
+        IPAddr.new("203.0.113.0/24"), # TEST-NET-3, documentation and examples
+        IPAddr.new("224.0.0.0/4"), # IP multicast (former Class D network)
+        IPAddr.new("240.0.0.0/4"), # Reserved (former Class E network)
+        IPAddr.new("255.255.255.255"), # Broadcast
+      ].freeze
+      IPV6_BLACKLIST = ([
+        IPAddr.new("::1/128"), # Loopback
+        IPAddr.new("64:ff9b::/96"), # IPv4/IPv6 translation (RFC 6052)
+        IPAddr.new("100::/64"), # Discard prefix (RFC 6666)
+        IPAddr.new("2001::/32"), # Teredo tunneling
+        IPAddr.new("2001:10::/28"), # Deprecated (previously ORCHID)
+        IPAddr.new("2001:20::/28"), # ORCHIDv2
+        IPAddr.new("2001:db8::/32"), # Addresses used in documentation and example source code
+        IPAddr.new("2002::/16"), # 6to4
+        IPAddr.new("fc00::/7"), # Unique local address
+        IPAddr.new("fe80::/10"), # Link-local address
+        IPAddr.new("ff00::/8"), # Multicast
+      ] + IPV4_BLACKLIST.flat_map do |ipaddr|
+        prefixlen = ipaddr.prefixlen
+        ipv4_compatible = ipaddr.ipv4_compat.mask(96 + prefixlen)
+        ipv4_mapped = ipaddr.ipv4_mapped.mask(80 + prefixlen)
+        [ipv4_compatible, ipv4_mapped]
+      end).freeze
+      class << self
+        def extra_options(options)
+          options.merge(allowed_schemes: %w[https http])
+        end
+        def unsafe_ip_address?(ipaddr)
+          range = ipaddr.to_range
+          return true if range.first != range.last
+          return IPV6_BLACKLIST.any? { |r| r.include?(ipaddr) } if ipaddr.ipv6?
+          IPV4_BLACKLIST.any? { |r| r.include?(ipaddr) } # then it's IPv4
+        end
+      end
+      module OptionsMethods
+        def option_allowed_schemes(value)
+          Array(value)
+        end
+      end
+      module InstanceMethods
+        def send_requests(*requests)
+          responses = requests.map do |request|
+            next if @options.allowed_schemes.include?(request.uri.scheme)
+            error = ServerSideRequestForgeryError.new("#{request.uri} URI scheme not allowed")
+            error.set_backtrace(caller)
+            response = ErrorResponse.new(request, error, request.options)
+            request.emit(:response, response)
+            response
+          end
+          allowed_requests = requests.select { |req| responses[requests.index(req)].nil? }
+          allowed_responses = super(*allowed_requests)
+          allowed_responses.each_with_index do |res, idx|
+            req = allowed_requests[idx]
+            responses[requests.index(req)] = res
+          end
+          responses
+        end
+      end
+      module ConnectionMethods
+        def initialize(*)
+          begin
+            super
+          rescue ServerSideRequestForgeryError => e
+            # may raise when IPs are passed as options via :addresses
+            throw(:resolve_error, e)
+          end
+        end
+        def addresses=(addrs)
+          addrs = addrs.map { |addr| addr.is_a?(IPAddr) ? addr : IPAddr.new(addr) }
+          addrs.reject!(&SsrfFilter.method(:unsafe_ip_address?))
+          raise ServerSideRequestForgeryError, "#{@origin.host} has no public IP addresses" if addrs.empty?
+          super
+        end
+      end
+    end
+    register_plugin :ssrf_filter, SsrfFilter
+  end
+end

data/lib/httpx/plugins/stream.rb CHANGED Viewed

@@ -2,35 +2,23 @@
 module HTTPX
   class StreamResponse
-    def initialize(request, session, connections)
+    def initialize(request, session)
       @request = request
       @session = session
-      @connections = connections
+      @response = nil
     end
     def each(&block)
       return enum_for(__method__) unless block
-      raise Error, "response already streamed" if @response
       @request.stream = self
       begin
         @on_chunk = block
-        if @request.response
-          # if we've already started collecting the payload, yield it first
-          # before proceeding
-          body = @request.response.body
-          body.each do |chunk|
-            on_chunk(chunk)
-          end
-        end
         response.raise_for_status
-        response.close
       ensure
+        response.close if @response
         @on_chunk = nil
       end
     end
@@ -38,7 +26,7 @@ module HTTPX
     def each_line
       return enum_for(__method__) unless block_given?
-      line = +""
+      line = "".b
       each do |chunk|
         line << chunk
@@ -49,6 +37,8 @@ module HTTPX
           line = line.byteslice(idx + 1..-1)
         end
       end
+      yield line unless line.empty?
     end
     # This is a ghost method. It's to be used ONLY internally, when processing streams
@@ -71,9 +61,11 @@ module HTTPX
     private
     def response
-      @session.__send__(:receive_requests, [@request], @connections) until @request.response
+      return @response if @response
-      @request.response
+      @request.response || begin
+        @response = @session.request(@request)
+      end
     end
     def respond_to_missing?(meth, *args)
@@ -91,12 +83,14 @@ module HTTPX
     #
     # This plugin adds support for stream response (text/event-stream).
     #
-    # https://gitlab.com/honeyryderchuck/httpx/wikis/Stream
+    # https://gitlab.com/os85/httpx/wikis/Stream
     #
     module Stream
-      module InstanceMethods
-        private
+      def self.extra_options(options)
+        options.merge(timeout: { read_timeout: Float::INFINITY, operation_timeout: 60 })
+      end
+      module InstanceMethods
         def request(*args, stream: false, **options)
           return super(*args, **options) unless stream
@@ -105,9 +99,7 @@ module HTTPX
           request = requests.first
-          connections = _send_requests(requests)
-          StreamResponse.new(request, self, connections)
+          StreamResponse.new(request, self)
         end
       end
@@ -117,7 +109,10 @@ module HTTPX
       module ResponseMethods
         def stream
-          @request.stream
+          request = @request.root_request if @request.respond_to?(:root_request)
+          request ||= @request
+          request.stream
         end
       end
@@ -130,7 +125,13 @@ module HTTPX
         def write(chunk)
           return super unless @stream
-          @stream.on_chunk(chunk.to_s.dup)
+          return 0 if chunk.empty?
+          chunk = decode_chunk(chunk)
+          @stream.on_chunk(chunk.dup)
+          chunk.size
         end
         private
@@ -141,12 +142,6 @@ module HTTPX
           super
         end
       end
-      def self.const_missing(const_name)
-        super unless const_name == :StreamResponse
-        warn "DEPRECATION WARNING: the class #{self}::StreamResponse is deprecated. Use HTTPX::StreamResponse instead."
-        HTTPX::StreamResponse
-      end
     end
     register_plugin :stream, Stream
   end

data/lib/httpx/plugins/upgrade/h2.rb CHANGED Viewed

@@ -6,12 +6,12 @@ module HTTPX
     # This plugin adds support for upgrading an HTTP/1.1 connection to HTTP/2
     # via an Upgrade: h2 response declaration
     #
-    # https://gitlab.com/honeyryderchuck/httpx/wikis/Upgrade#h2
+    # https://gitlab.com/os85/httpx/wikis/Connection-Upgrade#h2
     #
     module H2
       class << self
-        def configure(klass)
-          klass.default_options.upgrade_handlers.register "h2", self
+        def extra_options(options)
+          options.merge(upgrade_handlers: options.upgrade_handlers.merge("h2" => self))
         end
         def call(connection, _request, _response)
@@ -32,7 +32,7 @@ module HTTPX
           @parser = Connection::HTTP2.new(@write_buffer, @options)
           set_parser_callbacks(@parser)
-          @upgrade_protocol = :h2
+          @upgrade_protocol = "h2"
           # what's happening here:
           # a deviation from the state machine is done to perform the actions when a

data/lib/httpx/plugins/upgrade.rb CHANGED Viewed

@@ -6,7 +6,7 @@ module HTTPX
     # This plugin helps negotiating a new protocol from an HTTP/1.1 connection, via the
     # Upgrade header.
     #
-    # https://gitlab.com/honeyryderchuck/httpx/wikis/Upgrade
+    # https://gitlab.com/os85/httpx/wikis/Upgrade
     #
     module Upgrade
       class << self
@@ -15,16 +15,13 @@ module HTTPX
         end
         def extra_options(options)
-          upgrade_handlers = Module.new do
-            extend Registry
-          end
-          options.merge(upgrade_handlers: upgrade_handlers)
+          options.merge(upgrade_handlers: {})
         end
       end
       module OptionsMethods
         def option_upgrade_handlers(value)
-          raise TypeError, ":upgrade_handlers must be a registry" unless value.respond_to?(:registry)
+          raise TypeError, ":upgrade_handlers must be a Hash" unless value.is_a?(Hash)
           value
         end
@@ -35,19 +32,20 @@ module HTTPX
           response = super
           if response
-            return response unless response.respond_to?(:headers) && response.headers.key?("upgrade")
+            return response unless response.is_a?(Response)
+            return response unless response.headers.key?("upgrade")
             upgrade_protocol = response.headers["upgrade"].split(/ *, */).first
-            return response unless upgrade_protocol && options.upgrade_handlers.registry.key?(upgrade_protocol)
+            return response unless upgrade_protocol && options.upgrade_handlers.key?(upgrade_protocol)
-            protocol_handler = options.upgrade_handlers.registry(upgrade_protocol)
+            protocol_handler = options.upgrade_handlers[upgrade_protocol]
             return response unless protocol_handler
             log { "upgrading to #{upgrade_protocol}..." }
             connection = find_connection(request, connections, options)
-            connections << connection unless connections.include?(connection)
             # do not upgrade already upgraded connections
             return if connection.upgrade_protocol == upgrade_protocol