macaw_framework 1.4.2 → 1.5.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: b99afc6c030d78802a79875fad25f4739d0a5cc6789ad02d42faaa5699320e43
-  data.tar.gz: e1e3f6b720367cab7767b09d7c7169db61ccd38cac5c0acfaf15c9e8f475b7e7
+  metadata.gz: 803f40a0a12304b555d3f998e323b4e475f10194518f566dc98e24c6b3984461
+  data.tar.gz: c0e90bf375a372105324e4444419ce05b6362e056bc2d2894820653cf9d7ef0a
 SHA512:
-  metadata.gz: 1f27c7790bde337380fe1a103a4512c3eda23258e8394bbea25fec07c3f30b6dbf3daa43956d84e7c4608d6a5d0d485c81cac06c4c3bb7bec5510b6b7f6abace
-  data.tar.gz: 93d87525ce2a24d16b46ce2e5377917facf98cb52dc2d63e4858d397a80fa5c53c7f7c1406e6b9b29488c711cb0e6f57ec43c688aa770483b2c279b0fa84dd58
+  metadata.gz: 0d43d8371216644879492cf22e3269aa743b4d7f48638e2e06d6fa72c5d2ee0975611111306742457c57b0d443937b6983ee95c00a8400c897aa6c9ff8a083b9
+  data.tar.gz: 7f453d9a093520e088dce07c93c9a818869511dc8b63a9737de6d958edd9ba88281d7f2104a46f0c39db945041de06e2d8adf016eb860d87df2fa406f38292f7

data/.rubocop.yml

@@ -1,5 +1,5 @@
 AllCops:
-  TargetRubyVersion: 3.0
+  TargetRubyVersion: 3.2
   SuggestExtensions: false
   NewCops: disable
 

data/CHANGELOG.md

@@ -161,5 +161,50 @@
 ## [1.4.1] - 2026-02-01
 - Fixing issue when re-spawning new threads
 
-## [1.4.1] - 2026-02-24
+## [1.4.2] - 2026-02-24
 - Removing unused Rate Limiting Middleware
+
+## [1.4.3] - 2026-03-04
+- Fix critical bug in `sanitize_parameter_value` where the first `gsub` result was discarded, leaving special characters unsanitized
+- Fix header parsing regex to correctly accept real-world headers (Authorization, Cookie, User-Agent, Host with port, etc.)
+- Fix deadlock in `maintain_worker_pool` caused by non-reentrant mutex re-acquisition when respawning dead workers
+- Add missing `require 'digest'` in `LogDataFilter`, preventing `NameError` when sensitive fields are configured
+- Fix thread-safety in `Cache#write` and `Cache#read`: both now always synchronize on the internal mutex
+- Fix thread-safety of `@session` hash: `declare_client_session` now synchronizes on a dedicated mutex
+- Fix `**kwargs` being silently dropped in `LoggingAspect` and `PrometheusAspect` when forwarding to `super`
+- Fix `CacheAspect` holding mutex during entire endpoint execution on cache miss; endpoint now runs outside the lock
+- Remove blocking `sleep(2)` from `MemoryInvalidationMiddleware` constructor; eviction thread no longer halts server startup
+- Remove `sleep(1)` per cron job from `CronRunner#start_cron_job_thread`; startup is no longer O(N) seconds
+- Remove dead code in `CronRunner`: duplicate `start_delay ||= 0` and always-true `unless start_delay.nil?` guard
+- Make `application.json` path configurable via `MACAW_CONFIG` env var; rescue `Errno::ENOENT` and `JSON::ParserError` with graceful fallback
+- Remove broken SSL2 and SSL3 from `SupportedSSLVersions` (POODLE/DROWN, unavailable on modern OpenSSL)
+- `LoggingAspect` now logs request params, body, and response status on every endpoint call
+- Use `Process.clock_gettime(Process::CLOCK_MONOTONIC)` in `PrometheusAspect` instead of `Time.now` for accurate duration measurement
+- Fix Prometheus `/metrics` endpoint `Content-Type` to `text/plain; version=0.0.4; charset=utf-8`
+- Fix RFC 7230 non-compliance: remove stray space before `\r\n` in HTTP status line
+- Add eviction thread error rescue in `MemoryInvalidationMiddleware` to prevent silent thread death
+- Set `frozen_string_literal: true` consistently across all library files
+- Implement HTTP keep-alive: persistent TCP connections now reuse the same socket for multiple requests without a new handshake
+- Add configurable per-connection read timeout (default 30 s, configurable via `keep_alive_timeout` in `application.json`) to prevent idle or faulty clients from holding worker threads indefinitely
+- Server now responds with `Connection: keep-alive` or `Connection: close` headers according to the client's request
+- Fix request parser to properly detect client EOF and raise `EOFError` instead of propagating `nil` through the parsing pipeline
+
+## [1.5.0] - 2026-03-04
+- Use `IO#timeout=` (Ruby 3.2+) for socket timeout with `SO_RCVTIMEO` fallback for older Ruby and SSL sockets
+- Remove Prometheus integration: `PrometheusAspect`, `PrometheusMiddleware`, and `prometheus-client` gem dependency removed
+- Remove built-in session management: `declare_client_session`, `set_session`, `@session`, and all related configuration removed
+- Remove `CronRunner` and `setup_job`: periodic job scheduling is no longer a responsibility of the framework; use a dedicated job library instead
+- Remove `start_without_server!` method, which existed solely to support cron-only deployments
+- Handle SIGTERM for graceful shutdown in containerised deployments; SIGTERM now triggers the same shutdown path as SIGINT
+- Add `Content-Length: 0` to inline 404 and 500 error responses for RFC 7230 compliance
+- Change default `bind` from `'localhost'` to `'0.0.0.0'` so the server is reachable in containers without explicit configuration
+- Sanitize `\r` and `\n` from response header keys and values to prevent HTTP response splitting attacks
+- Add configurable request body size limit (`max_body_size` in `application.json`, default 1 MB); requests exceeding the limit are rejected with 413 Content Too Large before the body is read
+- Fix `maintain_worker_pool` iteration bug: `each_with_index` + `delete_at` skipped elements after a deletion; replaced with `reject!` + bulk respawn
+- Fix cache TTL fallback: `nil.to_i` returned 0 when `cache_invalidation` was absent, silently creating a zero-TTL cache; replaced with safe navigation `&.to_i || 3_600`
+- Fix `CacheAspect` crash when endpoint returns `nil`: guard added before `response[1]` access
+- Replace `sanitize_parameter_value` character stripping with proper CGI URL-decoding (preserves emails, UUIDs, decimal values)
+- Broaden HTTP version pattern in request parser from `HTTP/1.1` literal to regex — HTTP/1.0 requests now route correctly
+- Add `rescue StandardError` guard in `Cache#invalidation_process` to prevent silent background eviction-thread death
+- Fix `ThreadServer#shutdown` poison-pill count: uses actual `@workers.size` instead of `@num_threads`
+- Add C extension scaffold (`ext/macaw_framework_ext/`) as a foundation for future native performance-sensitive routines

data/Gemfile

@@ -6,7 +6,6 @@ gemspec
 
 gem 'logger', '~> 1.7'
 gem 'openssl'
-gem 'prometheus-client', '~> 4.1'
 
 group :test do
   gem 'minitest', '~> 5.0'

data/README.md

@@ -2,8 +2,7 @@
 # MacawFramework
 
 MacawFramework is a lightweight, easy-to-use web framework for Ruby designed to simplify the development of small to 
-medium-sized web applications. Weighting less than 26Kb with support for various HTTP methods, caching, and session management,
-MacawFramework provides developers with the essential tools to quickly build and deploy their applications.
+medium-sized web applications. Weighing less than 26Kb with support for various HTTP methods and response caching,
 
 - [MacawFramework](#macawframework)
     * [Features](#features)
@@ -14,11 +13,8 @@ MacawFramework provides developers with the essential tools to quickly build and
     * [Usage](#usage)
         + [Basic routing: Define routes with support for GET, POST, PUT, PATCH, and DELETE HTTP methods](#basic-routing-define-routes-with-support-for-get-post-put-patch-and-delete-http-methods)
         + [Caching: Improve performance by caching responses and configuring cache invalidation](#caching-improve-performance-by-caching-responses-and-configuring-cache-invalidation)
-        + [Session management: Handle user sessions securely with server-side in-memory storage](#session-management-handle-user-sessions-securely-with-server-side-in-memory-storage)
-        + [Configuration: Customize various aspects of the framework through the application.json configuration file, such as SSL support and Prometheus integration](#configuration-customize-various-aspects-of-the-framework-through-the-applicationjson-configuration-file-such-as-ssl-support-and-prometheus-integration)
-        + [Monitoring: Easily monitor your application performance and metrics with built-in Prometheus support](#monitoring-easily-monitor-your-application-performance-and-metrics-with-built-in-prometheus-support)
+        + [Configuration: Customize various aspects of the framework through the application.json configuration file](#configuration-customize-various-aspects-of-the-framework-through-the-applicationjson-configuration-file)
         + [Routing for "public" Folder: Serve Static Assets](#routing-for-public-folder-serve-static-assets)
-        + [Periodic Jobs](#periodic-jobs)
         + [Tips](#tips)
     * [Contributing](#contributing)
     * [License](#license)
@@ -27,10 +23,8 @@ MacawFramework provides developers with the essential tools to quickly build and
 ## Features
 
 - Simple routing with support for GET, POST, PUT, PATCH, and DELETE HTTP methods
-- Caching middleware for improved performance
-- Session management with server-side in-memory storage
+- Response caching middleware for improved performance
 - SSL support
-- Prometheus integration for monitoring and metrics
 - Less than 26Kb
 - Easy to learn
 
@@ -52,7 +46,7 @@ We evaluated MacawFramework (Version 1.2.0) to assess its ability to handle simu
 
 MacawFramework is built to be highly compatible, since it uses only native Ruby code:
 
-- **MRI**: MacawFramework is compatible with Matz's Ruby Interpreter (MRI), version 3.0.0 and onwards. If you are using this version or a more recent one, you should not encounter any compatibility issues.
+- **MRI**: MacawFramework is compatible with Matz's Ruby Interpreter (MRI), version 3.2.0 and onwards. If you are using this version or a more recent one, you should not encounter any compatibility issues.
 
 - **TruffleRuby**: TruffleRuby is another Ruby interpreter that is fully compatible with MacawFramework. This provides developers with more flexibility in their choice of Ruby interpreter.
 
@@ -93,10 +87,9 @@ end
 
 m.post('/submit_data/:path_variable') do |context|
   context[:body] # Client body data
-  context[:params] # Client params, like URL parameters or variables
+  context[:params] # Client params, like URL parameters or path variables
   context[:headers] # Client headers
   context[:params][:path_variable] # The defined path variable can be found in :params
-  context[:client] # Client session
 end
 
 m.start!
@@ -125,70 +118,30 @@ MacawFramework::Cache.read(:name) # Maria
 
 Manual cache does not need any additional configuration.
 
-### Session management: Handle user sessions with server-side in-memory storage
-
-Session will only be enabled if it's configurations exists in the `application.json` file.
-The session mechanism works by recovering the Session ID from a client sent header. The default
-header is `X-Session-ID`, but it can be changed in the `application.json` file.
-
-This header will be sent back to the user on every response if Session is enabled. Also, the
-session ID will be automatically generated and sent to a client if this client does not provide
-a session id in the HTTP request. In the case of the client sending an ID of an expired session
-the framework will return a new session with a new ID.
-
-```ruby
-m = MacawFramework::Macaw.new
-
-m.get('/login') do |context|
-  # Authenticate user
-  context[:client][:user_id] = user_id
-end
-
-m.get('/dashboard') do |context|
-  # Check if the user is logged in
-  if context[:client][:user_id]
-    # Show dashboard
-  else
-    # Redirect to login
-  end
-end
-```
-
-### Configuration: Customize various aspects of the framework through the application.json configuration file, such as SSL support and Prometheus integration
+### Configuration: Customize various aspects of the framework through the application.json configuration file
 
 ```json
 {
   "macaw": {
     "port": 8080,
-    "bind": "localhost",
+    "bind": "0.0.0.0",
     "threads": 200,
+    "keep_alive_timeout": 30,
+    "max_body_size": 1048576,
     "cache": {
       "cache_invalidation": 3600
     },
-    "prometheus": {
-      "endpoint": "/metrics"
-    },
     "ssl": {
-      "min": "SSL3",
+      "min": "TLS1.2",
       "max": "TLS1.3",
       "key_type": "EC",
       "cert_file_name": "path/to/cert/file/file.crt",
       "key_file_name": "path/to/cert/key/file.key"
-    },
-    "session": {
-      "secure_header": "X-Session-ID",
-      "invalidation_time": 3600
     }
   }
 }
 ```
 
-### Monitoring: Easily monitor your application performance and metrics with built-in Prometheus support
-
-```shell
-curl http://localhost:8080/metrics
-```
-
 ### Routing for "public" Folder: Serve Static Assets
 
 MacawFramework allows you to serve static assets, such as CSS, JavaScript, images, etc., through the "public" folder. 
@@ -207,29 +160,6 @@ be accessible at http://yourdomain.com/img/logo.png without any additional confi
 
 #### Caution: This is incompatible with most non-unix systems, such as Windows. If you are using a non-unix system, you will need to manually configure the "public" folder and use dir as nil to avoid problems.
 
-### Periodic Jobs
-
-Macaw Framework supports the declaration of periodic jobs right in your application code. This feature allows developers to
-define tasks that run at set intervals, starting after an optional delay. Each job runs in a separate thread, meaning
-your periodic jobs can execute in parallel without blocking the rest of your application.
-
-Here's an example of how to declare a periodic job:
-
-```ruby
-m = MacawFramework::Macaw.new
-
-m.setup_job(interval: 5, start_delay: 5, job_name: "cron job 1") do
-  puts "i'm a periodic job that runs every 5 secs!"
-end
-```
-
-Values for interval and start_delay are in seconds.
-
-**Caution: Defining a lot of jobs with low interval can severely degrade performance.**
-
-If you want to build an application with just cron jobs, that don't need to run a web server, you can start
-MacawFramework without running a web server with the `start_without_server!` method, instead of `start!`.
-
 ### Tips
 
 - The automatic logging and log aspect are now optional. To disable them, simply start Macaw with `custom_log` set to nil.
@@ -270,19 +200,13 @@ m.threads = 300
 - If the SSL configuration is provided in the `application.json` file with valid certificate and key files, the TCP server
   will be wrapped with HTTPS security using the provided certificate.
 
-- The supported values for `min` and `max` in the SSL configuration are: `SSL2`, `SSL3`, `TLS1.1`, `TLS1.2`, and `TLS1.3`,
+- The supported values for `min` and `max` in the SSL configuration are: `TLS1.2` and `TLS1.3`,
   and the supported values for `key_type` are `RSA` and `EC`.
 
-- If Prometheus is enabled, a GET endpoint will be defined at path `/metrics` to collect Prometheus metrics. This path
-  is configurable via the `application.json` file.
-
 - The verb methods must always return a string or nil (used as the response), a number corresponding to the HTTP status
   code to be returned to the client, and the response headers as a Hash or nil. If an endpoint doesn't return a value or
   returns nil for body, status code, and headers, a default 200 OK status will be sent as the response.
 
-- For cron jobs without a start_delay, a value of 0 will be used. For a job without a name, a unique name will be generated
-  for it.
-
 - Ensure the "public" folder is placed in the same directory as the main.rb file: The "public" folder should contain any static assets, 
   such as CSS, JavaScript, or images, that your web application requires. Placing it in the same directory as the main.rb file ensures 
   that the server can correctly serve these assets.

data/ext/macaw_framework_ext/extconf.rb

@@ -0,0 +1,7 @@
+# frozen_string_literal: true
+
+require 'mkmf'
+
+append_cflags(%w[-Wall -Wextra -Wno-unused-parameter])
+
+create_makefile('macaw_framework_ext')

data/ext/macaw_framework_ext/macaw_framework_ext.c

@@ -0,0 +1,8 @@
+#include "macaw_framework_ext.h"
+
+VALUE rb_mMacawFramework;
+
+void
+Init_macaw_framework_ext(void) {
+    rb_mMacawFramework = rb_define_module("MacawFramework");
+}

data/ext/macaw_framework_ext/macaw_framework_ext.h

@@ -0,0 +1,10 @@
+#ifndef MACAW_FRAMEWORK_EXT_H
+#define MACAW_FRAMEWORK_EXT_H
+
+#include "ruby.h"
+
+extern VALUE rb_mMacawFramework;
+
+void Init_macaw_framework_ext(void);
+
+#endif

data/lib/macaw_framework/aspects/cache_aspect.rb

@@ -4,17 +4,20 @@
 # Aspect that provide cache for the endpoints.
 module CacheAspect
   def call_endpoint(cache, *args, **kwargs)
-    return super(*args, **kwargs) unless !cache[:cache].nil? && cache[:endpoints_to_cache]&.include?(args[0])
+    return super(*args, **kwargs) if cache[:cache].nil? || !cache[:endpoints_to_cache]&.include?(args[0])
 
     cache_filtered_name = cache_name_filter(args[1], cache[:cached_methods][args[0]])
 
-    cache[:cache].mutex.synchronize do
-      return cache[:cache].cache[cache_filtered_name][0] unless cache[:cache].cache[cache_filtered_name].nil?
+    cached_response = cache[:cache].mutex.synchronize { cache[:cache].cache[cache_filtered_name]&.dig(0) }
+    return cached_response unless cached_response.nil?
 
-      response = super(*args, **kwargs)
-      cache[:cache].cache[cache_filtered_name] = [response, Time.now] if should_cache_response?(response[1])
-      response
+    response = super(*args, **kwargs)
+    if response && should_cache_response?(response[1])
+      cache[:cache].mutex.synchronize do
+        cache[:cache].cache[cache_filtered_name] = [response, Time.now]
+      end
     end
+    response
   end
 
   private

data/lib/macaw_framework/aspects/logging_aspect.rb

@@ -1,4 +1,4 @@
-# frozen_string_literal: false
+# frozen_string_literal: true
 
 require 'logger'
 require_relative '../data_filters/log_data_filter'
@@ -11,13 +11,22 @@ module LoggingAspect
   def call_endpoint(logger, *args, **kwargs)
     return super(*args, **kwargs) if logger.nil?
 
+    endpoint_name = args[1]
+    client_data   = args[2]
+
+    logger.info("Calling endpoint: #{endpoint_name} | " \
+                "params: #{LogDataFilter.sanitize_for_logging(client_data[:params].to_s)} | " \
+                "body: #{LogDataFilter.sanitize_for_logging(client_data[:body])}")
+
     begin
-      response = super(*args)
+      response = super(*args, **kwargs)
     rescue StandardError => e
       logger.error("#{e.message}\n#{e.backtrace.join("\n")}")
       raise e
     end
 
+    logger.info("Response from endpoint: #{endpoint_name} | status: #{response&.dig(1)}")
+
     response
   end
 end

data/lib/macaw_framework/cache.rb

@@ -37,13 +37,8 @@ class MacawFramework::Cache
   # @example
   #   MacawFramework::Cache.write("name", "Maria", expires_in: 7200)
   def write(tag, value, expires_in: 3600)
-    if read(tag).nil?
-      @mutex.synchronize do
-        @cache.store(tag, { value: value, expires_in: Time.now + expires_in })
-      end
-    else
-      @cache[tag][:value] = value
-      @cache[tag][:expires_in] = Time.now + expires_in
+    @mutex.synchronize do
+      @cache.store(tag, { value: value, expires_in: Time.now + expires_in })
     end
   end
 
@@ -65,7 +60,9 @@ class MacawFramework::Cache
   #
   # @example
   #   MacawFramework::Cache.read("name") # Maria
-  def read(tag) = @cache.dig(tag, :value)
+  def read(tag)
+    @mutex.synchronize { @cache.dig(tag, :value) }
+  end
 
   private
 
@@ -86,6 +83,8 @@ class MacawFramework::Cache
       @mutex.synchronize do
         @cache.delete_if { |_, v| v[:expires_in] < Time.now }
       end
+    rescue StandardError => e
+      warn "Cache invalidation error: #{e.message}"
     end
   end
 end

data/lib/macaw_framework/core/common/server_base.rb

@@ -3,10 +3,8 @@
 require_relative '../../middlewares/memory_invalidation_middleware'
 require_relative '../../data_filters/response_data_filter'
 require_relative '../../utils/supported_ssl_versions'
-require_relative '../../aspects/prometheus_aspect'
 require_relative '../../aspects/logging_aspect'
 require_relative '../../aspects/cache_aspect'
-require 'securerandom'
 
 ##
 # Base module for Server classes. It contains
@@ -16,18 +14,16 @@ require 'securerandom'
 module ServerBase
   prepend CacheAspect
   prepend LoggingAspect
-  prepend PrometheusAspect
 
   private
 
-  def call_endpoint(name, client_data, session_id, _client_ip)
+  def call_endpoint(name, client_data)
     @macaw.send(
       name.to_sym,
       {
         headers: client_data[:headers],
         body: client_data[:body],
-        params: client_data[:params],
-        client: @session&.dig(session_id)&.dig(0)
+        params: client_data[:params]
       }
     )
   end
@@ -37,27 +33,29 @@ module ServerBase
   end
 
   def handle_client(client)
-    _path, method_name, headers, body, parameters = RequestDataFiltering.parse_request_data(client, @macaw.routes)
-    raise EndpointNotMappedError unless @macaw.respond_to?(method_name)
+    apply_socket_timeout(client)
+    loop do
+      max_body = @macaw.max_body_size || 1_048_576
+      _path, method_name, headers, body, parameters = RequestDataFiltering.parse_request_data(client, @macaw.routes,
+                                                                                              max_body)
+      raise EndpointNotMappedError unless @macaw.respond_to?(method_name)
 
-    client_data = get_client_data(body, headers, parameters)
-    session_id = declare_client_session(client_data[:headers], @macaw.secure_header) if @macaw.session
-
-    message, status, response_headers = call_endpoint(@prometheus_middleware, @macaw_log, @cache,
-                                                      method_name, client_data, session_id, client.peeraddr[3])
-    response_headers ||= {}
-    response_headers[@macaw.secure_header] = session_id if @macaw.session
-    status ||= 200
-    message ||= nil
-    response_headers ||= nil
-    client.puts ResponseDataFilter.mount_response(status, response_headers, message)
-  rescue IOError, Errno::EPIPE => e
-    @macaw_log&.error("Error writing to client: #{e.message}")
-  rescue EndpointNotMappedError
-    client.print "HTTP/1.1 404 Not Found\r\n\r\n"
-  rescue StandardError => e
-    client.print "HTTP/1.1 500 Internal Server Error\r\n\r\n"
-    @macaw_log&.error(e.full_message)
+      keep_alive = keep_alive_connection?(headers)
+      client.write build_response(method_name, headers, body, parameters, keep_alive)
+      break unless keep_alive
+    rescue Errno::ECONNRESET, Errno::EPIPE, IOError
+      break
+    rescue EndpointNotMappedError
+      client.print "HTTP/1.1 404 Not Found\r\nConnection: close\r\nContent-Length: 0\r\n\r\n"
+      break
+    rescue PayloadTooLargeError
+      client.print "HTTP/1.1 413 Content Too Large\r\nConnection: close\r\nContent-Length: 0\r\n\r\n"
+      break
+    rescue StandardError => e
+      client.print "HTTP/1.1 500 Internal Server Error\r\nConnection: close\r\nContent-Length: 0\r\n\r\n"
+      @macaw_log&.error(e.full_message)
+      break
+    end
   ensure
     begin
       client.close
@@ -66,11 +64,29 @@ module ServerBase
     end
   end
 
-  def declare_client_session(headers, secure_header_name)
-    session_id = headers[secure_header_name] || SecureRandom.uuid
-    session_id = SecureRandom.uuid if @session[session_id].nil?
-    @session[session_id] ||= [{}, Time.now]
-    session_id
+  def build_response(method_name, headers, body, parameters, keep_alive)
+    client_data = get_client_data(body, headers, parameters)
+    message, status, response_headers = call_endpoint(@macaw_log, @cache, method_name, client_data)
+    response_headers ||= {}
+    status ||= 200
+    response_headers['Connection'] = keep_alive ? 'keep-alive' : 'close'
+    response_headers['Content-Length'] = message.to_s.bytesize
+    ResponseDataFilter.mount_response(status, response_headers, message)
+  end
+
+  def apply_socket_timeout(client)
+    timeout = @macaw.keep_alive_timeout || 30
+    client.timeout = timeout
+  rescue NoMethodError
+    io = client.respond_to?(:to_io) ? client.to_io : client
+    timeval = [timeout, 0].pack('l_2')
+    io.setsockopt(Socket::SOL_SOCKET, Socket::SO_RCVTIMEO, timeval)
+  rescue StandardError
+    nil
+  end
+
+  def keep_alive_connection?(headers)
+    headers['Connection']&.downcase != 'close'
   end
 
   def set_ssl
@@ -99,21 +115,8 @@ module ServerBase
     raise e
   end
 
-  def set_session
-    return unless @macaw.session
-
-    @session ||= {}
-    inv = if @macaw.config&.dig('macaw', 'session', 'invalidation_time')
-            MemoryInvalidationMiddleware.new(@macaw.config['macaw']['session']['invalidation_time'])
-          else
-            MemoryInvalidationMiddleware.new
-          end
-    inv.cache = @session
-  end
-
   def set_features
     @is_shutting_down = false
-    set_session
     set_ssl
   end
 end

data/lib/macaw_framework/core/thread_server.rb

@@ -13,19 +13,13 @@ class ThreadServer
 
   attr_reader :context
 
-  # rubocop:disable Metrics/ParameterLists
-
   ##
   # Create a new instance of ThreadServer.
   # @param {Macaw} macaw
-  # @param {Logger} logger
-  # @param {Integer} port
-  # @param {String} bind
-  # @param {Integer} num_threads
+  # @param {Array} endpoints_to_cache
   # @param {MemoryInvalidationMiddleware} cache
-  # @param {Prometheus::Client:Registry} prometheus
   # @return {Server}
-  def initialize(macaw, endpoints_to_cache = nil, cache = nil, prometheus = nil, prometheus_mw = nil)
+  def initialize(macaw, endpoints_to_cache = nil, cache = nil)
     @port = macaw.port
     @bind = macaw.bind
     @macaw = macaw
@@ -38,13 +32,9 @@ class ThreadServer
       endpoints_to_cache: endpoints_to_cache || [],
       cached_methods: macaw.cached_methods
     }
-    @prometheus = prometheus
-    @prometheus_middleware = prometheus_mw
     @workers = []
   end
 
-  # rubocop:enable Metrics/ParameterLists
-
   ##
   # Start running the webserver.
   def run
@@ -81,40 +71,40 @@ class ThreadServer
       sleep 0.1
     end
 
-    @num_threads.times { @work_queue << :shutdown }
+    worker_count = @workers_mutex.synchronize { @workers.size }
+    worker_count.times { @work_queue << :shutdown }
     @workers.each(&:join)
-    @server.close
+    @server&.close
   end
 
   private
 
   def spawn_worker
-    @workers_mutex.synchronize do
-      t = Thread.new do
-        loop do
-          client = @work_queue.pop
-          break if client == :shutdown
+    @workers_mutex.synchronize { create_worker }
+  end
 
-          handle_client(client)
-        end
+  def create_worker
+    t = Thread.new do
+      loop do
+        client = @work_queue.pop
+        break if client == :shutdown
+
+        handle_client(client)
       end
-      @workers << t
-      t
     end
+    @workers << t
+    t
   end
 
   def maintain_worker_pool
     @workers_mutex.synchronize do
-      @workers.each_with_index do |worker, index|
-        unless worker.alive?
-          if @is_shutting_down
-            @macaw_log&.info("Worker thread #{index} finished, not respawning due to server shutdown.")
-          else
-            @macaw_log&.error("Worker thread #{index} died, respawning...")
-            @workers.delete_at(index)
-            spawn_worker
-          end
-        end
+      return if @is_shutting_down
+
+      dead_count = @workers.count { |w| !w.alive? }
+      @workers.select!(&:alive?)
+      dead_count.times do
+        @macaw_log&.error('Worker thread died, respawning...')
+        create_worker
       end
     end
   end

data/lib/macaw_framework/data_filters/log_data_filter.rb

@@ -1,6 +1,7 @@
-# frozen_string_literal: false
+# frozen_string_literal: true
 
 require 'json'
+require 'digest'
 
 ##
 # Module responsible for sanitizing log data

data/lib/macaw_framework/data_filters/request_data_filtering.rb

@@ -1,6 +1,8 @@
 # frozen_string_literal: true
 
+require 'cgi/escape'
 require_relative '../errors/endpoint_not_mapped_error'
+require_relative '../errors/payload_too_large_error'
 
 ##
 # Module containing methods to filter Strings
@@ -10,14 +12,17 @@ module RequestDataFiltering
   ##
   # Method responsible for extracting information
   # provided by the client like Headers and Body
-  def self.parse_request_data(client, routes)
-    path, parameters = extract_url_parameters(client.gets&.gsub('HTTP/1.1', ''))
+  def self.parse_request_data(client, routes, max_body_size = 1_048_576)
+    first_line = client.gets
+    raise EOFError if first_line.nil?
+
+    path, parameters = extract_url_parameters(first_line.gsub(%r{\s*HTTP/\d+(?:\.\d+)?\s*$}i, ''))
     parameters = {} if parameters.nil?
 
     method_name = sanitize_method_name(path)
     method_name = select_path(method_name, routes, parameters)
     body_first_line, headers = extract_headers(client)
-    body = extract_body(client, body_first_line, headers['Content-Length'].to_i)
+    body = extract_body(client, body_first_line, headers['Content-Length'].to_i, max_body_size)
     [path, method_name, headers, body, parameters]
   end
 
@@ -74,8 +79,8 @@ module RequestDataFiltering
   def self.extract_headers(client)
     header = client.gets&.delete("\n")&.delete("\r")
     headers = {}
-    while header&.match(%r{[a-zA-Z0-9\-/*]*: [a-zA-Z0-9\-/*]})
-      split_header = header.split(':')
+    while header&.match(/\A[^:]+:\s*.+/)
+      split_header = header.split(':', 2)
       headers[split_header[0].strip] = split_header[1].strip
       header = client.gets&.delete("\n")&.delete("\r")
     end
@@ -84,7 +89,9 @@ module RequestDataFiltering
 
   ##
   # Method responsible for extracting the body from request
-  def self.extract_body(client, body_first_line, content_length)
+  def self.extract_body(client, body_first_line, content_length, max_body_size = 1_048_576)
+    raise PayloadTooLargeError if content_length > max_body_size
+
     body = client&.read(content_length)
     body_first_line << body.to_s
   end
@@ -113,9 +120,13 @@ module RequestDataFiltering
   end
 
   ##
-  # Method responsible for sanitizing the parameter value
+  # Method responsible for sanitizing the parameter value.
+  # URL-decodes percent-encoded characters (e.g. %40 → @, %20 → space, + → space).
   def self.sanitize_parameter_value(value)
-    value&.gsub(/[^\w\s]/, '')
-    value&.gsub(/\s/, '')
+    return nil if value.nil?
+
+    CGI.unescape(value)
+  rescue ArgumentError
+    value
   end
 end

data/lib/macaw_framework/data_filters/response_data_filter.rb

@@ -12,20 +12,21 @@ module ResponseDataFilter
   end
 
   def self.mount_first_response_line(status, headers)
-    separator = " \r\n\r\n"
-    separator = " \r\n" unless headers.nil?
-
-    "HTTP/1.1 #{status} #{HTTP_STATUS_CODE_MAP[status]}#{separator}"
+    reason = HTTP_STATUS_CODE_MAP[status] || 'Unknown'
+    separator = headers.nil? ? "\r\n\r\n" : "\r\n"
+    "HTTP/1.1 #{status} #{reason}#{separator}"
   end
 
   def self.mount_response_headers(headers)
     return '' if headers.nil?
 
-    response = ''
+    response = +''
     headers.each do |key, value|
-      response += "#{key}: #{value}\r\n"
+      safe_key = key.to_s.gsub(/[\r\n]/, '')
+      safe_value = value.to_s.gsub(/[\r\n]/, '')
+      response << "#{safe_key}: #{safe_value}\r\n"
     end
-    response += "\r\n"
+    response << "\r\n"
     response
   end
 end

data/lib/macaw_framework/errors/payload_too_large_error.rb

@@ -0,0 +1,5 @@
+# frozen_string_literal: true
+
+##
+# Error raised when the request body exceeds the configured max_body_size.
+class PayloadTooLargeError < StandardError; end

data/lib/macaw_framework/macaw.rb

@@ -1,14 +1,11 @@
 # frozen_string_literal: true
 
 require_relative 'errors/endpoint_not_mapped_error'
-require_relative 'middlewares/prometheus_middleware'
+require_relative 'errors/payload_too_large_error'
 require_relative 'data_filters/request_data_filtering'
 require_relative 'middlewares/memory_invalidation_middleware'
-require_relative 'core/cron_runner'
 require_relative 'core/thread_server'
 require_relative 'version'
-require 'prometheus/client'
-require 'securerandom'
 require 'singleton'
 require 'pathname'
 require 'logger'
@@ -23,7 +20,7 @@ module MacawFramework; end
 # Class responsible for creating endpoints and
 # starting the web server.
 class MacawFramework::Macaw
-  attr_reader :routes, :macaw_log, :config, :jobs, :cached_methods, :secure_header, :session
+  attr_reader :routes, :macaw_log, :config, :cached_methods, :keep_alive_timeout, :max_body_size
   attr_accessor :port, :bind, :threads
 
   ##
@@ -119,26 +116,6 @@ class MacawFramework::Macaw
     map_new_endpoint('delete', cache, path, &block)
   end
 
-  ##
-  # Spawn and start a thread running the defined periodic job.
-  # @param {Integer} interval
-  # @param {Integer?} start_delay
-  # @param {String} job_name
-  # @param {Proc} block
-  # @example
-  #
-  #   macaw = MacawFramework::Macaw.new
-  #   macaw.setup_job(interval: 60, start_delay: 60, job_name: "job 1") do
-  #     puts "I'm a periodic job that runs every minute"
-  #   end
-  ##
-  def setup_job(interval: 60, start_delay: 0, job_name: "job_#{SecureRandom.uuid}", &block)
-    @cron_runner ||= CronRunner.new(self)
-    @jobs ||= []
-    @cron_runner.start_cron_job_thread(interval, start_delay, job_name, &block)
-    @jobs << job_name
-  end
-
   ##
   # Starts the web server
   def start!
@@ -153,7 +130,8 @@ class MacawFramework::Macaw
       @macaw_log.info("Number of threads: #{@threads}")
       @macaw_log.info('---------------------------------')
     end
-    @server = @server_class.new(self, @endpoints_to_cache, @cache, @prometheus, @prometheus_middleware)
+    @server = @server_class.new(self, @endpoints_to_cache, @cache)
+    Signal.trap('TERM') { raise Interrupt }
     server_loop(@server)
   rescue Interrupt
     if @macaw_log.nil?
@@ -167,35 +145,19 @@ class MacawFramework::Macaw
     end
   end
 
-  ##
-  # This method is intended to start the framework
-  # without an web server. This can be useful when
-  # you just want to keep cron jobs running, without
-  # mapping any HTTP endpoints.
-  def start_without_server!
-    @macaw_log.nil? ? puts('Application starting') : @macaw_log.info('Application starting')
-    loop { sleep(3600) }
-  rescue Interrupt
-    @macaw_log.nil? ? puts('Macaw stop flying for some seeds.') : @macaw_log.info('Macaw stop flying for some seeds.')
-  end
-
   private
 
   def setup_default_configs
     @port ||= 8080
-    @bind ||= 'localhost'
+    @bind ||= '0.0.0.0'
     @config ||= nil
     @threads ||= 200
     @endpoints_to_cache = []
-    @prometheus ||= nil
-    @prometheus_middleware ||= nil
   end
 
   def apply_options(custom_log)
     setup_basic_config(custom_log)
-    setup_session
     setup_cache
-    setup_prometheus
   rescue StandardError => e
     @macaw_log&.warn(e.message)
   end
@@ -203,33 +165,30 @@ class MacawFramework::Macaw
   def setup_cache
     return if @config['macaw']['cache'].nil?
 
-    @cache = MemoryInvalidationMiddleware.new(@config['macaw']['cache']['cache_invalidation'].to_i || 3_600)
-  end
-
-  def setup_session
-    @session = false
-    return if @config['macaw']['session'].nil?
-
-    @session = true
-    @secure_header = @config['macaw']['session']['secure_header'] || 'X-Session-ID'
+    @cache = MemoryInvalidationMiddleware.new(@config.dig('macaw', 'cache', 'cache_invalidation')&.to_i || 3_600)
   end
 
   def setup_basic_config(custom_log)
     @routes = []
     @cached_methods = {}
     @macaw_log ||= custom_log
-    @config = JSON.parse(File.read('application.json'))
+    config_file = ENV.fetch('MACAW_CONFIG', 'application.json')
+    @config = JSON.parse(File.read(config_file))
     @port = @config['macaw']['port'] || 8080
-    @bind = @config['macaw']['bind'] || 'localhost'
+    @bind = @config['macaw']['bind'] || '0.0.0.0'
     @threads = @config['macaw']['threads'] || 200
-  end
-
-  def setup_prometheus
-    return unless @config['macaw']['prometheus']
-
-    @prometheus = Prometheus::Client::Registry.new
-    @prometheus_middleware = PrometheusMiddleware.new
-    @prometheus_middleware&.configure_prometheus(@prometheus, @config, self)
+    @keep_alive_timeout = @config['macaw']['keep_alive_timeout'] || 30
+    @max_body_size = @config.dig('macaw', 'max_body_size')&.to_i || 1_048_576
+  rescue Errno::ENOENT
+    @macaw_log&.warn("Config file '#{config_file}' not found, using default settings.")
+    @config = { 'macaw' => {} }
+    @keep_alive_timeout = 30
+    @max_body_size = 1_048_576
+  rescue JSON::ParserError => e
+    @macaw_log&.warn("Config file '#{config_file}' is not valid JSON: #{e.message}. Using default settings.")
+    @config = { 'macaw' => {} }
+    @keep_alive_timeout = 30
+    @max_body_size = 1_048_576
   end
 
   def server_loop(server)

data/lib/macaw_framework/middlewares/memory_invalidation_middleware.rb

@@ -17,8 +17,9 @@ class MemoryInvalidationMiddleware
             @cache.delete(key) if Time.now - value[1] >= inv_time_seconds
           end
         end
+      rescue StandardError => e
+        warn "MemoryInvalidationMiddleware eviction error: #{e.message}"
       end
     end
-    sleep(2)
   end
 end

data/lib/macaw_framework/utils/supported_ssl_versions.rb

@@ -4,8 +4,6 @@ require 'openssl'
 
 module SupportedSSLVersions
   VERSIONS = {
-    'SSL2' => OpenSSL::SSL::SSL2_VERSION,
-    'SSL3' => OpenSSL::SSL::SSL3_VERSION,
     'TLS1.1' => OpenSSL::SSL::TLS1_1_VERSION,
     'TLS1.2' => OpenSSL::SSL::TLS1_2_VERSION,
     'TLS1.3' => OpenSSL::SSL::TLS1_3_VERSION

data/lib/macaw_framework/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module MacawFramework
-  VERSION = '1.4.2'
+  VERSION = '1.5.0'
 end

data/lib/macaw_framework.rb

@@ -1,5 +1,13 @@
 # frozen_string_literal: true
 
+# Load the C extension when available (built via `rake compile` or `gem install`).
+# Falls back transparently to pure-Ruby mode if the extension has not been compiled.
+begin
+  require 'macaw_framework_ext'
+rescue LoadError
+  nil
+end
+
 ##
 # Main module for all Macaw classes
 module MacawFramework; end

metadata

@@ -1,35 +1,22 @@
 --- !ruby/object:Gem::Specification
 name: macaw_framework
 version: !ruby/object:Gem::Version
-  version: 1.4.2
+  version: 1.5.0
 platform: ruby
 authors:
 - Aria Diniz
 bindir: exe
 cert_chain: []
 date: 1980-01-02 00:00:00.000000000 Z
-dependencies:
-- !ruby/object:Gem::Dependency
-  name: prometheus-client
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '4.1'
-  type: :runtime
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '4.1'
+dependencies: []
 description: |-
   A lightweight web framework designed for building efficient backend applications. Initially
   created for study purposes, now production-ready and open for contributions.
 email:
 - aria.diniz.dev@gmail.com
 executables: []
-extensions: []
+extensions:
+- ext/macaw_framework_ext/extconf.rb
 extra_rdoc_files: []
 files:
 - ".rubocop.yml"
@@ -41,21 +28,22 @@ files:
 - README.md
 - Rakefile
 - SECURITY.md
+- ext/macaw_framework_ext/extconf.rb
+- ext/macaw_framework_ext/macaw_framework_ext.c
+- ext/macaw_framework_ext/macaw_framework_ext.h
 - lib/macaw_framework.rb
 - lib/macaw_framework/aspects/cache_aspect.rb
 - lib/macaw_framework/aspects/logging_aspect.rb
-- lib/macaw_framework/aspects/prometheus_aspect.rb
 - lib/macaw_framework/cache.rb
 - lib/macaw_framework/core/common/server_base.rb
-- lib/macaw_framework/core/cron_runner.rb
 - lib/macaw_framework/core/thread_server.rb
 - lib/macaw_framework/data_filters/log_data_filter.rb
 - lib/macaw_framework/data_filters/request_data_filtering.rb
 - lib/macaw_framework/data_filters/response_data_filter.rb
 - lib/macaw_framework/errors/endpoint_not_mapped_error.rb
+- lib/macaw_framework/errors/payload_too_large_error.rb
 - lib/macaw_framework/macaw.rb
 - lib/macaw_framework/middlewares/memory_invalidation_middleware.rb
-- lib/macaw_framework/middlewares/prometheus_middleware.rb
 - lib/macaw_framework/utils/http_status_code.rb
 - lib/macaw_framework/utils/supported_ssl_versions.rb
 - lib/macaw_framework/version.rb
@@ -75,6 +63,7 @@ metadata:
   documentation_uri: https://rubydoc.info/gems/macaw_framework
   homepage_uri: https://github.com/ariasdiniz/macaw_framework
   source_code_uri: https://github.com/ariasdiniz/macaw_framework
+  changelog_uri: https://github.com/ariasdiniz/macaw_framework/blob/main/CHANGELOG.md
 rdoc_options: []
 require_paths:
 - lib
@@ -82,7 +71,7 @@ required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
-      version: 3.0.0
+      version: 3.2.0
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="

data/lib/macaw_framework/aspects/prometheus_aspect.rb

@@ -1,28 +0,0 @@
-# frozen_string_literal: true
-
-##
-# Aspect that provides application metrics using prometheus.
-module PrometheusAspect
-  def call_endpoint(prometheus_middleware, *args, **kwargs)
-    return super(*args, **kwargs) if prometheus_middleware.nil?
-
-    start_time = Time.now
-
-    begin
-      response = super(*args)
-    ensure
-      duration = (Time.now - start_time) * 1_000
-
-      endpoint_name = args[2].split('.').join('/')
-
-      prometheus_middleware.request_duration_milliseconds.with_labels(endpoint: endpoint_name).observe(duration)
-      prometheus_middleware.request_count.with_labels(endpoint: endpoint_name).increment
-      if response
-        prometheus_middleware.response_count.with_labels(endpoint: endpoint_name,
-                                                         status: response[1]).increment
-      end
-    end
-
-    response
-  end
-end

data/lib/macaw_framework/core/cron_runner.rb

@@ -1,50 +0,0 @@
-# frozen_string_literal: true
-
-##
-# This module is responsible to set up a new thread
-# for each cron job defined
-class CronRunner
-  def initialize(macaw)
-    @logger = macaw.macaw_log
-    @macaw = macaw
-  end
-
-  ##
-  # Will start a thread for the defined cron job
-  # @param {Integer} interval
-  # @param {Integer?} start_delay
-  # @param {String} job_name
-  # @param {Proc} block
-  def start_cron_job_thread(interval, start_delay, job_name, &block)
-    start_delay ||= 0
-    raise "interval can't be <= 0 and start_delay can't be < 0!" if interval <= 0 || start_delay.negative?
-
-    @logger&.info("Starting thread for job #{job_name}")
-    start_delay ||= 0
-    thread = Thread.new do
-      name = job_name
-      interval_thread = interval
-      unless start_delay.nil?
-        @logger&.info("Job #{name} scheduled with delay. Will start running in #{start_delay} seconds.")
-        sleep(start_delay)
-      end
-
-      loop do
-        start_time = Time.now
-        @logger&.info("Running job #{name}")
-        block.call
-        @logger&.info("Job #{name} executed with success. New execution in #{interval_thread} seconds.")
-
-        execution_time = Time.now - start_time
-        sleep_time = [interval_thread - execution_time, 0].max
-        sleep(sleep_time)
-      rescue StandardError => e
-        @logger&.error("Error executing cron job with name #{name}: #{e.message}")
-        sleep(interval)
-      end
-    end
-    sleep(1)
-    @logger&.info("Thread for job #{job_name} started")
-    thread
-  end
-end

data/lib/macaw_framework/middlewares/prometheus_middleware.rb

@@ -1,48 +0,0 @@
-# frozen_string_literal: true
-
-require 'prometheus/client'
-require 'prometheus/client/formats/text'
-
-##
-# Middleware responsible to configure prometheus
-# defining metrics and an endpoint to access them.
-class PrometheusMiddleware
-  attr_accessor :request_duration_milliseconds, :request_count, :response_count
-
-  def configure_prometheus(prometheus_registry, configurations, macaw)
-    return nil unless prometheus_registry
-
-    @request_duration_milliseconds = Prometheus::Client::Histogram.new(
-      :request_duration_milliseconds,
-      docstring: 'The duration of each request in milliseconds',
-      labels: [:endpoint],
-      buckets: (100..1000).step(100).to_a + (2000..10_000).step(1000).to_a
-    )
-
-    @request_count = Prometheus::Client::Counter.new(
-      :request_count,
-      docstring: 'The total number of requests received',
-      labels: [:endpoint]
-    )
-
-    @response_count = Prometheus::Client::Counter.new(
-      :response_count,
-      docstring: 'The total number of responses sent',
-      labels: %i[endpoint status]
-    )
-
-    prometheus_registry.register(@request_duration_milliseconds)
-    prometheus_registry.register(@request_count)
-    prometheus_registry.register(@response_count)
-    prometheus_endpoint(prometheus_registry, configurations, macaw)
-  end
-
-  private
-
-  def prometheus_endpoint(prometheus_registry, configurations, macaw)
-    endpoint = configurations['macaw']['prometheus']['endpoint'] || '/metrics'
-    macaw.get(endpoint) do |_context|
-      [Prometheus::Client::Formats::Text.marshal(prometheus_registry), 200, { 'Content-Type' => 'plaintext' }]
-    end
-  end
-end