iodine 0.1.19 → 0.1.20

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 26fc8c539c88696980b52287e3cbe646333fd1de
-  data.tar.gz: 3b0fbe71cc301108ccfe9a92b9e651062c1679a5
+  metadata.gz: b5ee2e6d64a08ec88c75a4e0eaed1d15586310e8
+  data.tar.gz: fe61017b3b92e43efb5cf1ca9331e5143940ec8c
 SHA512:
-  metadata.gz: b7f048ef6135b596cc0041a28e52e0889a384df22094027058f4b3ef8bc7b132d21f2b48336b7b9fe22c0fb27cf626f62fd162379d563520259572653df5a084
-  data.tar.gz: 3860f9850f6a53688d5fbf5920900f7852404047cb4daad09ee46f49a4debf60b48a0da015e2bde5f7626018fb79275a4c93d0419951eab2b7a95d90c2b26280
+  metadata.gz: a9e83552a00e1799096ef2b0515ed417a18eab511c0460743a4f6f003613ae47114b55abe14ec0dd1243a9dd846032ad30f59b3786c71673192e504fa0a2ebed
+  data.tar.gz: 40989499a5b70e09fb35dcd29ebcc8fd3326ff5b9e886ea7800b6e9f01c4ef01fd99b587ebff92aad9ff03d7d5e5ada3489bc18c9887864be4148e2263cdc3eb

data/CHANGELOG.md

@@ -8,6 +8,16 @@ Please notice that this change log contains changes for upcoming releases as wel
 
 ***
 
+Change log v.0.1.20
+
+**Update/Fix**: Updated the `x-forwarded-for` header recognition, to accommodate an Array formatting sometimes used (`["ip1", "ip2", ...]`).
+
+**Update**: native support for the `Forwarded` header Http.
+
+**API Changes**: `Iodine::Http.max_http_buffer` was replaced with `Iodine::Http.max_body_size`, for a better understanding of the method's result.
+
+***
+
 Change log v.0.1.19
 
 **Update**: added the `go_away` method to the Http/1 peorotocol, for seamless connection closeing across Http/2, Http/1 and Websockets.

data/README.md

@@ -9,6 +9,8 @@ In fact, it's so fun to write network protocols that mix and match together, tha
 
 To use Iodine, you just set up your tasks - including a single server, if you want one. Iodine will start running once your application is finished and it won't stop runing until all the scheduled tasks have completed.
 
+Iodine is used by [the Plezi Ruby framework for real-time applications](http://www.plezi.io).
+
 ## Installation
 
 Add this line to your application's Gemfile:
@@ -140,9 +142,9 @@ Having said that, Iodine is built with certain security measures in mind:
 
 - Iodine will limit the query length, header count and header data size as well as well as react to header overloading by immediate disconnections. Iodine's limits are hardcoded to be slightly more than double those of common Proxies, so this counter-measure will only take effect should an attacker manage to bypass the Proxy.
 
-- Iodine limits every Http request body-size (file upload data, form data, etc') to ~0.5GB. This setting can be changed using `Iodine::Http.max_http_buffer`. This safeguard is meant to prevent Ruby from crashing due to insufficient memory (an error Iodine cannot, and should not, recover from).
+- Iodine limits every Http request body-size (file upload data, form data, etc') to ~0.5GB. This setting can be changed using `Iodine::Http.max_body_size`. This safeguard is meant to prevent Ruby from crashing due to insufficient memory (an error Iodine cannot, and should not, recover from).
 
-   It is recommended that this number will be lowered substantially whenever possible, by using `Iodine::Http.max_http_buffer = new_value`
+   It is recommended that this number will be lowered substantially whenever possible, by using `Iodine::Http.max_body_size = new_value`
 
    Do be aware that, at the moment, file upload data must passed through the memory on it's way to the temporary file. The parser's memory consumption will hopefully decrese in future releases, however, it is always recomended that large data be avoided when possible or handled using download/upload management protocols and services.
 
@@ -262,6 +264,10 @@ For instance, in Iodine's implementation for the Websocket protocol: Websocket m
 
 The exception to the rule is the `ping` implementation. Your protocol's `ping` method will execute in parallel with other parts of your protocol's code. Pinging is a machanism that is often time sensitive and is required to maintain an open connection. For this reason, if your code is working hard on a long task, a ping will still occure automatically in the background and offset any connection timeout. 
 
+If your code is short and efficient (no blocking tasks), it is best to run Iodine in a single threaded mode (you get better performance AND safer code, as long as you don't block):
+
+      Iodine.threads = 1
+
 ## Contributing
 
 Bug reports and pull requests are welcome on GitHub at https://github.com/boazsegev/iodine.

data/lib/iodine/core_init.rb

@@ -109,8 +109,8 @@ module Iodine
 					next
 				end
 				on_shutdown do
-					log "Stopping to listen on port #{@port} and shutting down.\n"
-					@server.close unless @server.closed?
+					@server.close unless @server.nil? || @server.closed?
+					log "Stopped listening to port #{@port}.\n"
 				end
 				::Iodine::Base::Listener.accept(@server, false)
 				log "Iodine #{VERSION} is listening on port #{@port}#{ ' to SSL/TLS connections.' if @ssl}\n"

data/lib/iodine/http.rb

@@ -100,13 +100,23 @@ module Iodine
 			@session_token
 		end
 
-		# Sets the maximum bytes allowed for an HTTP's body request (file upload data). Defaults to the command line `-limit` argument, or ~0.25GB.
+		# `max_http_buffer` is deprecated. Use `max_body_size` instead.
 		def max_http_buffer= size
-			@max_http_buffer = size
+			Iodine.warn "`max_http_buffer` is deprecated. Use `max_body_size` instead."
+			max_body_size = size
 		end
-		# Gets the maximum bytes allowed for an HTTP's body request (file upload data). Defaults to the command line `-limit` argument, or ~0.25GB.
+		# `max_http_buffer` is deprecated. Use `max_body_size` instead.
 		def max_http_buffer
-			@max_http_buffer
+			Iodine.warn "`max_http_buffer` is deprecated. Use `max_body_size` instead."
+			@max_body_size
+		end
+		# Sets the maximum bytes allowed for an HTTP's body request (file upload data). Defaults to the command line `-limit` argument, or ~0.5GB.
+		def max_body_size= size
+			@max_body_size = size
+		end
+		# Gets the maximum bytes allowed for an HTTP's body request (file upload data). Defaults to the command line `-limit` argument, or ~0.5GB.
+		def max_body_size
+			@max_body_size
 		end
 
 		# Sets whether Iodine will allow connections to the experiemntal Http2 protocol. Defaults to false unless the `http2` command line flag is present.
@@ -159,7 +169,7 @@ module Iodine
 		protected
 
 		@http2 = (ARGV.index('http2') && true)
-		@max_http_buffer = ((ARGV.index('-limit') && ARGV[ARGV.index('-limit') + 1]) || 536_870_912).to_i
+		@max_body_size = ((ARGV.index('-limit') && ARGV[ARGV.index('-limit') + 1]) || 536_870_912).to_i
 
 		@websocket_app = @http_app = NOT_IMPLEMENTED = Proc.new { |i,o| false }
 		@session_token = "#{File.basename($0, '.*')}_uuid"

data/lib/iodine/http/http1.rb

@@ -23,7 +23,7 @@ module Iodine
 							end
 							next if l.empty?
 							request[:method], request[:query], request[:version] = l.split(/[\s]+/.freeze, 3)
-							return (Iodine.warn('Htt1 Protocol Error, closing connection.'.freeze) && close) unless request[:method] =~ HTTP_METHODS_REGEXP
+							return (Iodine.warn('Http1 Protocol Error, closing connection.'.freeze, l, request) && close) unless request[:method] =~ HTTP_METHODS_REGEXP
 							request[:version] = (request[:version] || '1.1'.freeze).match(/[\d\.]+/.freeze)[0]
 							request[:time_recieved] = Time.now
 						end
@@ -82,8 +82,8 @@ module Iodine
 								request[:body_complete] = true
 							end
 						end
-						if request[:body] && request[:body].size > ::Iodine::Http.max_http_buffer
-							Iodine.warn("Http1 message body too big, closing connection (Iodine::Http.max_http_buffer == #{::Iodine::Http.max_http_buffer} bytes) - #{request[:body].size} bytes.")
+						if request[:body] && request[:body].size > ::Iodine::Http.max_body_size
+							Iodine.warn("Http1 message body too big, closing connection (Iodine::Http.max_body_size == #{::Iodine::Http.max_body_size} bytes) - #{request[:body].size} bytes.")
 							request.delete(:body).tap {|f| f.close unless f.closed? } rescue false
 							write "HTTP/1.0 413 Payload Too Large\r\ncontent-length: 17\r\n\r\nPayload Too Large".freeze
 							return close

data/lib/iodine/http/http2.rb

@@ -337,8 +337,8 @@ module Iodine
 				(frame[:stream][:body] ||= Tempfile.new('iodine'.freeze, :encoding => 'binary'.freeze) ) << frame[:body]
 
 				# check request size
-				if frame[:stream][:body].size > ::Iodine::Http.max_http_buffer
-					Iodine.warn("Http2 payload (message size) too big (Iodine::Http.max_http_buffer == #{::Iodine::Http.max_http_buffer} bytes) - #{frame[:stream][:body].size} bytes.")
+				if frame[:stream][:body].size > ::Iodine::Http.max_body_size
+					Iodine.warn("Http2 payload (message size) too big (Iodine::Http.max_body_size == #{::Iodine::Http.max_body_size} bytes) - #{frame[:stream][:body].size} bytes.")
 					return connection_error( ENHANCE_YOUR_CALM )
 				end
 

data/lib/iodine/http/request.rb

@@ -180,12 +180,12 @@ module Iodine
 			def patch?
 				self[:method] == HTTP_PATCH
 			end
-			HTTP_CTYPE = 'content-type'.freeze; HTTP_JSON = /application\/json/
+			HTTP_CTYPE = 'content-type'.freeze; HTTP_JSON = /application\/json/.freeze
 			# returns true if the request is of type JSON.
 			def json?
 				self[HTTP_CTYPE] =~ HTTP_JSON
 			end
-			HTTP_XML = /text\/xml/
+			HTTP_XML = /text\/xml/.freeze
 			# returns true if the request is of type XML.
 			def xml?
 				self[HTTP_CTYPE].match HTTP_XML
@@ -214,13 +214,20 @@ module Iodine
 
 				request.delete :headers_size
 
-				request[:client_ip] = request['x-forwarded-for'.freeze].to_s.split(/,[\s]?/)[0] || (request[:io].io.to_io.remote_address.ip_address) rescue 'unknown IP'.freeze
-				request[:version] ||= '1'
+				# 2014 RFC 7239 Forwarded: for=192.0.2.60; proto=http; by=203.0.113.43
+				if tmp = request['forwarded'.freeze]
+					tmp = tmp.join(';'.freeze) if tmp.is_a?(Array)
+					tmp.match(/proto=([^\s;]+)/i.freeze).tap {|m| request[:scheme] = m[1].downcase if m } unless request[:scheme]
+					tmp.match(/for=[\[]?[\"]?([^\s;\",]+)/i.freeze).tap {|m| request[:client_ip] = m[1] if m } unless request[:client_ip]
+				end
+
+				request[:client_ip] ||= (request['x-forwarded-for'.freeze].to_s.match(/[^\s\[\"\,]+/.freeze) || request[:io].io.to_io.remote_address.ip_address).to_s rescue 'unknown'.freeze
+				request[:version] ||= '1'.freeze
 
 				request[:scheme] ||= request['x-forwarded-proto'.freeze] ? request['x-forwarded-proto'.freeze].downcase : ( request[:io].ssl? ? 'https'.freeze : 'http'.freeze)
 				tmp = (request['host'.freeze] || request[:authority] || ''.freeze).split(':'.freeze)
 				request[:host_name] = tmp[0]
-				request[:port] = tmp[1] || nil
+				request[:port] = tmp[1]
 
 				tmp = (request[:query] ||= request[:path] ).split('?'.freeze, 2)
 				request[:path] = tmp[0].chomp('/'.freeze)
@@ -266,7 +273,7 @@ module Iodine
 
 			# encodes URL data.
 			def self.encode_url str
-				(str.to_s.gsub(/[^a-z0-9\*\.\_\-]/i) {|m| '%%%02x'.freeze % m.ord }).force_encoding(::Encoding::ASCII_8BIT)
+				(str.to_s.gsub(/[^a-z0-9\*\.\_\-]/i.freeze) {|m| '%%%02x'.freeze % m.ord }).force_encoding(::Encoding::ASCII_8BIT)
 			end
 
 			# Adds paramaters to a Hash object, according to the Iodine's server conventions.
@@ -284,7 +291,7 @@ module Iodine
 						c = (h[n] ||= {})
 					end
 					n = a.last
-					n.chomp!(']'); n.strip!;
+					n.chomp!(']'.freeze); n.strip!;
 					n = n.empty? ? nil : ( (n.to_i.to_s == n) ?  n.to_i : n.to_sym )
 					if n
 						if c[n]
@@ -354,7 +361,7 @@ module Iodine
 				request[:body].rewind
 				case request['content-type'.freeze].to_s
 				when /x-www-form-urlencoded/.freeze
-					extract_params request[:body].read.split(/[&;]/), request[:params] #, :form # :uri
+					extract_params request[:body].read.split(/[&;]/.freeze), request[:params] #, :form # :uri
 				when /multipart\/form-data/.freeze
 					read_multipart request, request
 				when /text\/xml/.freeze
@@ -387,12 +394,12 @@ module Iodine
 				boundary_length = nil
 				true until ( (line = body.gets) ) && line =~ /\A--(#{boundary.join '|'})(--)?[\r]?\n/
 				until body.eof?
-					return if line =~ /--[\r]?\n/
+					return if line =~ /--[\r]?\n/.freeze
 					return boundary.pop if boundary.count > 1 && line.match(/--(#{boundary.join '|'})/)[1] != boundary.last
 					boundary_length = line.bytesize
-					line = body.gets until line.nil? || line =~ /\:/
-					until line.nil? || line =~ /^[\r]?\n/
-						tmp = line.strip.split ':', 2
+					line = body.gets until line.nil? || line =~ /\:/.freeze
+					until line.nil? || line =~ /^[\r]?\n/.freeze
+						tmp = line.strip.split ':'.freeze, 2
 						return Iodine.error "Http multipart parsing error (multipart header data malformed): #{line}" unless tmp && tmp.count == 2
 						tmp[0].strip!; tmp[0].downcase!; tmp[1].strip!; 
 						part_headers[tmp[0]] = tmp[1]
@@ -403,7 +410,7 @@ module Iodine
 						Iodine.error "Wrong multipart format with headers: #{part_headers}"
 						return
 					end
-					extract_header part_headers['content-disposition'.freeze].split(/[;,][\s]?/), part_headers
+					extract_header part_headers['content-disposition'.freeze].split(/[;,][\s]?/.freeze), part_headers
 					if name_prefix.empty?
 						name = part_headers[:name][1..-2]
 					else
@@ -420,7 +427,7 @@ module Iodine
 					end_part_pos += 1 unless body.getc =~ /[\r\n]/.freeze
 					end_part_pos += 1 unless body.getc =~ /[\r\n\-]/.freeze
 					if part_headers['content-type'.freeze]
-						if part_headers['content-type'.freeze] =~ /multipart/i
+						if part_headers['content-type'.freeze] =~ /multipart/i.freeze
 							body.pos = start_part_pos
 							read_multipart request, part_headers, boundary, name_prefix
 						else
@@ -428,13 +435,13 @@ module Iodine
 							add_param_to_hash "#{name}[type]", make_utf8!(part_headers['content-type'.freeze]), request[:params]
 							part_headers.each {|k,v|  add_param_to_hash "#{name}[#{k.to_s}]", make_utf8!(v[0] == '"' ? v[1..-2].to_s : v), request[:params] if v}
 
-							tmp = Tempfile.new 'upload', encoding: 'binary'
+							tmp = Tempfile.new 'upload'.freeze, encoding: 'binary'.freeze
 							body.pos = start_part_pos
 							((end_part_pos - start_part_pos)/65_536).to_i.times {tmp << body.read(65_536)} 
 							tmp << body.read(end_part_pos - body.pos)
 							add_param_to_hash "#{name}[size]", tmp.size, request[:params]
 							add_param_to_hash "#{name}[file]", tmp, request[:params] do |hash, key|
-								if key == :data || key == "data" && hash.has_key?(:file) && hash[:file].is_a?(::Tempfile)
+								if key == :data || key == "data".freeze && hash.has_key?(:file) && hash[:file].is_a?(::Tempfile)
 									hash[:file].rewind
 									(hash[:data] = hash[:file].read)
 								end

data/lib/iodine/http/websockets.rb

@@ -177,7 +177,7 @@ module Iodine
 			# Although memory will be allocated for the latest TCP/IP frame,
 			# this allows the websocket to disconnect if the incoming expected message size exceeds the allowed maximum size.
 			#
-			# If the sessage size limit is exceeded, the disconnection will be immidiate as an attack will be assumed. The protocol's normal disconnect sequesnce will be discarded.
+			# If the message size limit is exceeded, the disconnection will be immidiate as an attack will be assumed. The protocol's normal disconnect sequesnce will be discarded.
 			def self.message_size_limit=val
 				@message_size_limit = val
 			end

data/lib/iodine/protocol.rb

@@ -83,7 +83,7 @@ module Iodine
 		# This method is called whenever a timeout has occurred. Either implement a ping or close the connection.
 		# The default implementation closes the connection unless the protocol is still processing information received before timeout occurred.
 		def ping
-			@locker.locked? ? touch : close
+			close unless @locker.locked?
 		end
 
 		#############

data/lib/iodine/version.rb

@@ -1,3 +1,3 @@
 module Iodine
-  VERSION = "0.1.19"
+  VERSION = "0.1.20"
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: iodine
 version: !ruby/object:Gem::Version
-  version: 0.1.19
+  version: 0.1.20
 platform: ruby
 authors:
 - Boaz Segev
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2015-12-02 00:00:00.000000000 Z
+date: 2015-12-10 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler