isomorfeus-iodine 0.7.49 → 0.8.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 1d738c4e12837e4701e07b9a23b5339ec81f9bca7576432394405ac425fedb9d
-  data.tar.gz: 34051db83348db0ad3fd5bcf92fa4efda7f662afabf322b74f66896dc850d0c5
+  metadata.gz: 5d50f8965211cbcbbd9ea83e2caf5bbe9bb2c82699fcf9f70d401ccfe436af4c
+  data.tar.gz: e5703c8ea79c04d5389d115e62da6bebc1c28357868fd2df47207500a7a48325
 SHA512:
-  metadata.gz: b0a04ba4c6ccdcd506866b575240a62e625285118d200fc54171b120d19df27a7f974b9bce6f3168f589a689276766b336c4935e5fe07d81595e4b2b74f2132f
-  data.tar.gz: 65b915942797680025c0441dbd46205a330254ab18bb8d4a3ca161889ac88b74b6d02ca3867d558f7b2665772ee0846a41edc46d019b7d7648b8c560c2d6ef08
+  metadata.gz: 7b4245d04c37d3fe90dd1d88fec0aa7ecba5ce2e7b52066a2c9a8608dbc6a8d1be60b61f9c941fcf00014fd6206ff63229976a42d614262cedae5abf6c440521
+  data.tar.gz: e38cca54a7203adbab3d82a60e994e265f1f53e0effd1209e7b680bd042d31495e8640eba6e3f4d65322efd173262e8ffca674180b1b5fa8e329241458985fb8

data/.github/workflows/ruby.yml

@@ -1,4 +1,4 @@
-name: Isomorfeus Project
+name: isomorfeus-iodine
 
 on:
   push:

data/CHANGELOG.md

@@ -6,6 +6,20 @@ Please notice that this change log contains changes for upcoming releases as wel
 
 ## Changes:
 
+#### Change log v.0.7.47 (2022-05-11)
+
+**Fix**: Fixes an issue that causes `Rack::Lint` to complain about `SERVER_PORT` being an empty string. Credit to @adam12 (Adam Daniels) for PR #108 and issue #107.
+
+#### Change log v.0.7.46 (2022-05-06)
+
+**Fix**: Fixes the (erroneous) default insertion of the `last-modified` header in order to both better express the intent of RFC 2616 and prevent conflict with the `Rack::ETag` middleware. Credit to @raxoft (Patrik Rak) for opening issue #122.
+
+#### Change log v.0.7.45 (2021-11-26)
+
+**Security**: Fixes a number of issues with the HTTP parser that could have been leveraged in potential exploit attempts such as request smuggling. Credit to @dcepelik (David Čepelík).
+
+**Compatibility**: This release adds experimental Windows support (I don't have Windows, nor Intel, I cannot test this). Credit for a lot of work by @janbiedermann (Jan Biedermann).
+
 #### Change log v.0.7.44 (2021-02-28)
 
 **Fix**: Fixes issue #103 where an empty String response would result in the word "null" being returned (no String object was created, which routed the NULL object to facil.io's JSON interpreter). Credit to @waghanza (Marwan Rabbâa) for exposing the issue.
@@ -82,7 +96,7 @@ Please notice that this change log contains changes for upcoming releases as wel
 
 #### Change log v.0.7.31
 
-**Security**: a heap-overflow vulnerability was fixed in the WebSocket parser. This attack could have been triggered remotely by a maliciously crafted message-header. Credit to Dane (4cad@silvertoque) for exposing this issue and providing a Python script demonstrating the attack. 
+**Security**: a heap-overflow vulnerability was fixed in the WebSocket parser. This attack could have been triggered remotely by a maliciously crafted message-header. Credit to Dane (4cad@silvertoque) for exposing this issue and providing a Python script demonstrating the attack.
 
 It's recommended that all iodine users update to the latest version.
 
@@ -148,7 +162,7 @@ It's recommended that all iodine users update to the latest version.
 
 #### Change log v.0.7.20
 
-**Security**: (`fio`) lower and smarter Slowloris detection limits (backlog limit is now 1,024 responses / messages per client). 
+**Security**: (`fio`) lower and smarter Slowloris detection limits (backlog limit is now 1,024 responses / messages per client).
 
 **Security**: (`http`) HTTP/1.1 slow client throttling - new requests will not be consumed until pending responses were sent. Since HTTP/1.1 is a response-request protocol, this protocol specific approach should protect the HTTP application against slow clients.
 
@@ -332,7 +346,7 @@ It's recommended that all iodine users update to the latest version.
 
 #### Change log v.0.7.0
 
-This version bump is performed because the internal engine changed significantly and might be considered less mature. The public API remains unbroken. 
+This version bump is performed because the internal engine changed significantly and might be considered less mature. The public API remains unbroken.
 
 **Fix**: Fixed a documentation error. Credit to @Fonsan (Erik Fonselius) for PR #41.
 

data/Rakefile

@@ -32,13 +32,5 @@ end
 
 task :default => [:compile, :spec]
 
-Rake::ExtensionTask.new "iodine" do |ext|
-  ext.lib_dir = "lib/iodine"
-end
+Rake::ExtensionTask.new :iodine_ext
 
-# Rake::ExtensionTask.new "iodine_http" do |ext|
-#   ext.name = 'iodine_http'
-#   ext.lib_dir = "lib/iodine"
-#   ext.ext_dir = 'ext/iodine'
-#   ext.config_script = 'extconf-http.rb'
-# end

data/examples/etag.ru

@@ -0,0 +1,16 @@
+# This example uses Rack::ETag to allow for response caching.
+
+require 'rack'
+require 'iodine'
+
+App = Proc.new do |env|
+   [200,
+     {   "Content-Type" => "text/html".freeze,
+         "Content-Length" => "16".freeze },
+     ['Hello from Rack!'.freeze]  ]
+end
+
+use Rack::ConditionalGet
+use Rack::ETag, 'public'
+
+run App

data/exe/iodine

@@ -3,208 +3,9 @@
 IODINE_PARSE_CLI = true
 require 'iodine'
 
-# Load Rack if available (assume it will be used).
-#
-# Remember, code costs memory. Duplicating the Rack::Builder module and functions can be avoided.
-begin
-  require 'rack'
-  module Iodine
-    module Base
-      module Rack
-        Builder = ::Rack::Builder
-      end
-    end
-  end
-rescue LoadError
-  module Iodine
-    module Base
-      module Rack
-        # The Rack::Builder code is used when Rack isn't available.
-        #
-        # The code was copied (with minor adjustments) from the Rack source code and is licensed under the MIT license.
-        # Copyright (C) 2007-2019 Leah Neukirchen <http://leahneukirchen.org/infopage.html>
-        #
-        # ====
-        #
-        # Rack::Builder implements a small DSL to iteratively construct Rack
-        # applications.
-        #
-        # Example:
-        #
-        #  require 'rack/lobster'
-        #  app = Rack::Builder.new do
-        #    use Rack::CommonLogger
-        #    use Rack::ShowExceptions
-        #    map "/lobster" do
-        #      use Rack::Lint
-        #      run Rack::Lobster.new
-        #    end
-        #  end
-        #
-        #  run app
-        #
-        # Or
-        #
-        #  app = Rack::Builder.app do
-        #    use Rack::CommonLogger
-        #    run lambda { |env| [200, {'Content-Type' => 'text/plain'}, ['OK']] }
-        #  end
-        #
-        #  run app
-        #
-        # +use+ adds middleware to the stack, +run+ dispatches to an application.
-        # You can use +map+ to construct a Rack::URLMap in a convenient way.
-        class Builder
-          # https://stackoverflow.com/questions/2223882/whats-the-difference-between-utf-8-and-utf-8-without-bom
-          UTF_8_BOM = '\xef\xbb\xbf'
-
-          def self.parse_file(config, opts = Hash.new)
-            if config =~ /\.ru$/
-              return self.load_file(config, opts)
-            else
-              require config
-              app = Object.const_get(::File.basename(config, '.rb').split('_').map(&:capitalize).join(''))
-              return app, {}
-            end
-          end
+# Load Rack if available (assume it will be used)
 
-          def self.load_file(path, options = Hash.new)
-            cfgfile = ::File.read(path)
-            cfgfile.slice!(/\A#{UTF_8_BOM}/) if cfgfile.encoding == Encoding::UTF_8
-
-            cfgfile.sub!(/^__END__\n.*\Z/m, '')
-            app = new_from_string cfgfile, path
-
-            return app, options
-          end
-
-          def self.new_from_string(builder_script, file = "(rackup)")
-            eval "Iodine::Base::Rack::Builder.new {\n" + builder_script + "\n}.to_app",
-              TOPLEVEL_BINDING, file, 0
-          end
-
-          def initialize(default_app = nil, &block)
-            @use, @map, @run, @warmup, @freeze_app = [], nil, default_app, nil, false
-            instance_eval(&block) if block_given?
-          end
-
-          def self.app(default_app = nil, &block)
-            self.new(default_app, &block).to_app
-          end
-
-          # Specifies middleware to use in a stack.
-          #
-          #   class Middleware
-          #     def initialize(app)
-          #       @app = app
-          #     end
-          #
-          #     def call(env)
-          #       env["rack.some_header"] = "setting an example"
-          #       @app.call(env)
-          #     end
-          #   end
-          #
-          #   use Middleware
-          #   run lambda { |env| [200, { "Content-Type" => "text/plain" }, ["OK"]] }
-          #
-          # All requests through to this application will first be processed by the middleware class.
-          # The +call+ method in this example sets an additional environment key which then can be
-          # referenced in the application if required.
-          def use(middleware, *args, &block)
-            if @map
-              mapping, @map = @map, nil
-              @use << proc { |app| generate_map(app, mapping) }
-            end
-            @use << proc { |app| middleware.new(app, *args, &block) }
-          end
-
-          # Takes an argument that is an object that responds to #call and returns a Rack response.
-          # The simplest form of this is a lambda object:
-          #
-          #   run lambda { |env| [200, { "Content-Type" => "text/plain" }, ["OK"]] }
-          #
-          # However this could also be a class:
-          #
-          #   class Heartbeat
-          #     def self.call(env)
-          #      [200, { "Content-Type" => "text/plain" }, ["OK"]]
-          #     end
-          #   end
-          #
-          #   run Heartbeat
-          def run(app)
-            @run = app
-          end
-
-          # Takes a lambda or block that is used to warm-up the application.
-          #
-          #   warmup do |app|
-          #     client = Rack::MockRequest.new(app)
-          #     client.get('/')
-          #   end
-          #
-          #   use SomeMiddleware
-          #   run MyApp
-          def warmup(prc = nil, &block)
-            @warmup = prc || block
-          end
-
-          # Creates a route within the application.
-          #
-          #   Rack::Builder.app do
-          #     map '/' do
-          #       run Heartbeat
-          #     end
-          #   end
-          #
-          # The +use+ method can also be used here to specify middleware to run under a specific path:
-          #
-          #   Rack::Builder.app do
-          #     map '/' do
-          #       use Middleware
-          #       run Heartbeat
-          #     end
-          #   end
-          #
-          # This example includes a piece of middleware which will run before requests hit +Heartbeat+.
-          #
-          def map(path, &block)
-            @map ||= {}
-            @map[path] = block
-          end
-
-          # Freeze the app (set using run) and all middleware instances when building the application
-          # in to_app.
-          def freeze_app
-            @freeze_app = true
-          end
-
-          def to_app
-            app = @map ? generate_map(@run, @map) : @run
-            fail "missing run or map statement" unless app
-            app.freeze if @freeze_app
-            app = @use.reverse.inject(app) { |a, e| e[a].tap { |x| x.freeze if @freeze_app } }
-            @warmup.call(app) if @warmup
-            app
-          end
-
-          def call(env)
-            to_app.call(env)
-          end
-
-          private
-
-          def generate_map(default_app, mapping)
-            mapped = default_app ? { '/' => default_app } : {}
-            mapping.each { |r, b| mapped[r] = self.class.new(default_app, &b).to_app }
-            URLMap.new(mapped)
-          end
-        end
-      end
-    end
-  end
-end
+require 'rack'
 
 module Iodine
   # The Iodine::Base namespace is reserved for internal use and is NOT part of the public API.
@@ -214,37 +15,23 @@ module Iodine
 
       def self.try_file filename
         return nil unless File.exist? filename
-        return Iodine::Base::Rack::Builder.parse_file filename
+        ::Rack::Builder.parse_file filename
       end
 
-      def self.get_app_opts
-        app, opt = nil, nil
+      def self.get_app
+        app = nil
         filename = Iodine::DEFAULT_SETTINGS[:filename_]
         if filename
-          app, opt = try_file filename
-          app, opt = try_file "#{filename}.ru" unless opt
-          unless opt
+          app = try_file filename
+          app = try_file "#{filename}.ru" unless app
+          unless app
             puts "* Couldn't find #{filename}\n  testing for config.ru\n"
-            app, opt = try_file "config.ru"
+            app = try_file "config.ru"
           end
         else
-          app, opt = try_file "config.ru";
-        end
-
-        unless opt
-          puts "WARNING: Ruby application not found#{ filename ? " - missing both #{filename} and config.ru" : " - missing config.ru"}."
-          if Iodine::DEFAULT_SETTINGS[:public]
-            puts "         Running only static file service."
-            opt = Hash.new
-            app = Proc.new { [404, {}, "Not Found!"] }
-          else
-            puts "\nERROR: Couldn't run Ruby application, check command line arguments."
-            ARGV << "-?"
-            Iodine::Base::CLI.parse
-            exit(0);
-          end
+          app = try_file "config.ru";
         end
-        return app, opt
+        app
       end
 
       def self.perform_warmup(app)
@@ -256,7 +43,7 @@ module Iodine
             rescue StandardError => _e
             end
           end
-          Iodine::Base::Rack::Builder.new(app) do |r|
+          ::Rack::Builder.new(app) do |r|
             r.warmup do |a|
               client = ::Rack::MockRequest.new(a)
               client.get('/')
@@ -266,9 +53,9 @@ module Iodine
       end
 
       def self.call
-        app, opt = get_app_opts
+        app = get_app
         perform_warmup(app) if Iodine::DEFAULT_SETTINGS[:warmup_]
-        Iodine::Rack.run(app, opt)
+        Iodine::Rack.run(app)
       end
     end
   end

data/ext/{iodine → iodine_ext}/extconf.rb

@@ -120,4 +120,4 @@ EOS
   end
 end
 
-create_makefile 'iodine/iodine'
+create_makefile 'iodine_ext'