merb 0.3.4 → 0.3.7

data/lib/merb/merb_constants.rb

@@ -21,5 +21,30 @@ module Merb
     HOUR = 60*60
     DAY = HOUR*24
     WEEK = DAY*7
+    MULTIPART_REGEXP = /\Amultipart\/form-data.*boundary=\"?([^\";,]+)/n.freeze
+    HTTP_COOKIE            = 'HTTP_COOKIE'.freeze
+    QUERY_STRING           = 'QUERY_STRING'.freeze
+    APPLICATION_JSON       = 'application/json'.freeze 
+    TEXT_JSON              = 'text/x-json'.freeze
+    APPLICATION_XML        = 'application/xml'.freeze 
+    TEXT_XML               = 'text/xml'.freeze  
+    UPCASE_CONTENT_TYPE    = 'CONTENT_TYPE'.freeze
+    CONTENT_TYPE           = "Content-Type".freeze
+    LAST_MODIFIED          = "Last-Modified".freeze
+    SLASH                  = "/".freeze
+    REQUEST_METHOD         = "REQUEST_METHOD".freeze
+    GET                    = "GET".freeze
+    POST                   = "POST".freeze
+    HEAD                   = "HEAD".freeze
+    CONTENT_LENGTH         = "CONTENT_LENGTH".freeze
+    HTTP_X_FORWARDED_FOR   = "HTTP_X_FORWARDED_FOR".freeze
+    HTTP_IF_MODIFIED_SINCE = "HTTP_IF_MODIFIED_SINCE".freeze
+    HTTP_IF_NONE_MATCH     = "HTTP_IF_NONE_MATCH".freeze
+    UPLOAD_ID    = 'upload_id'.freeze
+    PATH_INFO="PATH_INFO".freeze
+    SCRIPT_NAME="SCRIPT_NAME".freeze
+    REQUEST_URI='REQUEST_URI'.freeze
+    REQUEST_PATH='REQUEST_PATH'.freeze
+    REMOTE_ADDR="REMOTE_ADDR".freeze
   end
-end
+end

data/lib/merb/merb_controller.rb

@@ -1,297 +1,206 @@
 require File.dirname(__FILE__)+'/mixins/controller_mixin'
-require File.dirname(__FILE__)+'/mixins/render_mixin'
 require File.dirname(__FILE__)+'/mixins/responder_mixin'
 require File.dirname(__FILE__)+'/merb_request'
-
+require File.dirname(__FILE__)+'/merb_exceptions'
+require 'set'
 module Merb
   
-  # All of your controllers will inherit from Merb::Controller. This 
+  # All of your web controllers will inherit from Merb::Controller. This 
   # superclass takes care of parsing the incoming headers and body into 
   # params and cookies and headers. If the request is a file upload it will
   # stream it into a tempfile and pass in the filename and tempfile object
   # to your controller via params. It also parses the ?query=string and
   # puts that into params as well.
-  class Controller
-    
-    class_inheritable_accessor :_layout, 
-                               :_session_id_key, 
-                               :_template_extensions,
-                               :_template_root,
-                               :_layout_root
-    self._layout = :application
+  class Controller < AbstractController
+
+    class_inheritable_accessor :_session_id_key, :_session_expiry
     self._session_id_key = :_session_id
-    self._template_extensions = { }
-    self._template_root = File.expand_path(MERB_VIEW_ROOT)
-    self._layout_root   = File.expand_path(MERB_VIEW_ROOT / "layout")
-    
+    self._session_expiry = Time.now + Merb::Const::WEEK * 2 
+        
     include Merb::ControllerMixin
-    include Merb::RenderMixin
     include Merb::ResponderMixin
-    
-    attr_accessor :status, :body, :request
+    include Merb::ControllerExceptions::HTTPErrors
+   
+    class << self
+      def callable_actions
+        @callable_actions ||= Set.new(public_instance_methods - hidden_actions)
+      end
+      
+      def hidden_actions
+        write_inheritable_attribute(:hidden_actions, Merb::Controller.public_instance_methods) unless read_inheritable_attribute(:hidden_actions)
+        read_inheritable_attribute(:hidden_actions)
+      end
+      
+      # Hide each of the given methods from being callable as actions.
+      def hide_action(*names)
+        write_inheritable_attribute(:hidden_actions, hidden_actions | names.collect { |n| n.to_s })
+      end
+      
+      def build(req, env, args, resp)
+        cont = new
+        cont.parse_request(req, env, args, resp)
+        cont
+      end
+    end
 
-    MULTIPART_REGEXP = /\Amultipart\/form-data.*boundary=\"?([^\";,]+)/n.freeze
-    
-    # parses the http request into params, headers and cookies
-    # that you can use in your controller classes. Also handles
-    # file uploads by writing a tempfile and passing a reference 
-    # in params.
-    def initialize(request, env, args, response)
-      @env = MerbHash[env.to_hash]
-      @status, @method, @response, @headers = 200, (env[Mongrel::Const::REQUEST_METHOD]||Mongrel::Const::GET).downcase.to_sym, response,
+    # Parses the http request into params, headers and cookies that you can use
+    # in your controller classes. Also handles file uploads by writing a
+    # tempfile and passing a reference in params.
+    def parse_request(req, env, args, resp)
+      env = env.to_hash
+      @_status, method, @_response, @_headers = 200, (env[Merb::Const::REQUEST_METHOD]||Merb::Const::GET).downcase.to_sym, resp,
          {'Content-Type' =>'text/html'}
-      cookies = query_parse(@env[Mongrel::Const::HTTP_COOKIE], ';,')
-      querystring = query_parse(@env[Mongrel::Const::QUERY_STRING])
+      cookies = query_parse(env[Merb::Const::HTTP_COOKIE], ';,')
+      querystring = query_parse(env[Merb::Const::QUERY_STRING])
       
-      if MULTIPART_REGEXP =~ @env[Mongrel::Const::UPCASE_CONTENT_TYPE] && @method == :post
-        querystring.update(parse_multipart(request, $1))
-      elsif @method == :post
-        if [Mongrel::Const::APPLICATION_JSON, Mongrel::Const::TEXT_JSON].include?(@env[Mongrel::Const::UPCASE_CONTENT_TYPE])
+      if Merb::Const::MULTIPART_REGEXP =~ env[Merb::Const::UPCASE_CONTENT_TYPE] && [:put,:post].include?(method)
+        querystring.update(parse_multipart(req, $1, env))
+      elsif [:post, :put].include?(method)
+        if [Merb::Const::APPLICATION_JSON, Merb::Const::TEXT_JSON].include?(env[Merb::Const::UPCASE_CONTENT_TYPE])
           MERB_LOGGER.info("JSON Request")
-          json = JSON.parse(request.read || "") || {}
-          json = MerbHash.new(json) if json.is_a? Hash
+          json = JSON.parse(req.read || "") || {}
           querystring.update(json)
-        elsif [Mongrel::Const::APPLICATION_XML, Mongrel::Const::TEXT_XML].include?(@env[Mongrel::Const::UPCASE_CONTENT_TYPE])
-          querystring.update(Hash.from_xml(request.read).with_indifferent_access)
+        elsif [Merb::Const::APPLICATION_XML, Merb::Const::TEXT_XML].include?(env[Merb::Const::UPCASE_CONTENT_TYPE])
+          querystring.update(Hash.from_xml(req.read).with_indifferent_access)
         else
-          querystring.update(query_parse(request.read))
+          querystring.update(query_parse(req.read))
         end  
       end
       
-      @cookies, @params = cookies, querystring.update(args)
-      @cookies[_session_id_key] = @params[_session_id_key] if @params.key?(_session_id_key)
+      @_cookies, @_params = cookies.symbolize_keys!, querystring.update(args).symbolize_keys!
+      
+      if @_params.key?(_session_id_key) && !Merb::Server.config[:session_id_cookie_only]
+        @_cookies[_session_id_key] = @_params[_session_id_key]
+      elsif @_params.key?(_session_id_key) && Merb::Server.config[:session_id_cookie_only]
+        # This condition allows for certain controller/action paths to allow a
+        # session ID to be passed in a query string. This is needed for Flash
+        # Uploads to work since flash will not pass a Session Cookie Recommend
+        # running session.regenerate after any controller taking advantage of
+        # this in case someone is attempting a session fixation attack
+        @_cookies[_session_id_key] = @_params[_session_id_key] if Merb::Server.config[:query_string_whitelist].include?("#{params[:controller]}/#{params[:action]}")
+      end  
       
+      # Handle alternate HTTP method passed as _method parameter. Doesn't allow
+      # method to be overridden for :get unless Merb is in development mode.
+      # 
+      #  i.e. You can pass _method=put on the querystring if you are in
+      # development mode.
       allow = [:post, :put, :delete]
       allow << :get if MERB_ENV == 'development'
-      if @params.key?(:_method) && allow.include?(@method)
-        @method = @params.delete(:_method).downcase.intern 
+      if @_params.key?(:_method) && allow.include?(method)
+        method = @_params.delete(:_method).downcase.intern 
       end
-      @request = Request.new(@env, @method, request)
-      
+      @_request = Request.new(env, method, req)
       MERB_LOGGER.info("Params: #{params.inspect}\nCookies: #{cookies.inspect}")
     end
+
   
-    def dispatch(action=:to_s)
+
+    def dispatch(action=:index)
       start = Time.now
-      setup_session if respond_to?:setup_session
-      cought = catch(:halt) { call_filters(before_filters) }
-      @body = case cought
-      when :filter_chain_completed
-        send(action)
-      when String
-        cought
-      when nil
-        filters_halted
-      when Symbol
-        send(cought)
-      when Proc
-        cought.call(self)  
-      else
-        raise MerbControllerError, "The before filter chain is broken dude. wtf?"
+      begin
+        if !self.class.callable_actions.include?(action.to_s)
+          raise NotFound
+          MERB_LOGGER.info "Action: #{action} not in callable_actions: #{self.class.callable_actions}"
+        else
+          setup_session
+          super(action)
+          finalize_session
+        end
+      rescue ControllerExceptions::Base => e
+        e.set_controller(self) # for access to session, params, etc
+        @_body = e.call_action
+        set_status(e.status)
       end
-      call_filters(after_filters) 
-      finalize_session if respond_to?:finalize_session
-      MERB_LOGGER.info("Time spent in #{self.class}##{action} action: #{Time.now - start} seconds")
+      
+      @_benchmarks[:action_time] = Time.now - start
+      MERB_LOGGER.info("Time spent in #{self.class}##{action} action: #{@_benchmarks[:action_time]} seconds")
+    end
+      
+    # Accessor for @_body. Please use status and never @status directly.
+    def body
+       @_body  
     end
     
-    # override this method on your controller classes to specialize
-    # the output when the filter chain is halted.
-    def filters_halted
-      "<html><body><h1>Filter Chain Halted!</h1></body></html>"  
+    # Accessor for @_status. Please use status and never @_status directly.
+    def status
+       @_status
     end
     
-    # accessor for @request. Please use request and 
-    # never @request directly.
+    
+    # Accessor for @_request. Please use request and never @_request directly.
     def request
-       @request  
+       @_request
     end
-            
-    # accessor for @params. Please use params and 
-    # never @params directly.
+    
+    # Accessor for @_params. Please use params and never @_params directly.
     def params
-      @params
-    end  
+      @_params
+    end
     
-    # accessor for @cookies. Please use cookies and 
-    # never @cookies directly.    
+    # Accessor for @_cookies. Please use cookies and never @_cookies directly.
     def cookies
-      @cookies
-    end  
-
-    # accessor for @headers. Please use headers and 
-    # never @headers directly.
+      @_cookies
+    end
+    
+    # Accessor for @_headers. Please use headers and never @_headers directly.
     def headers
-      @headers
+      @_headers
     end
     
-    # accessor for @session. Please use session and 
-    # never @session directly.    
+    # Accessor for @_session. Please use session and never @_session directly.    
     def session
-      @session
+      @_session
     end
     
-    # accessor for @response. Please use response and 
-    # never @response directly.
+    # Accessor for @_response. Please use response and never @_response directly.
     def response
-      @response
+      @_response
     end
     
-
-    # lookup the trait[:template_extensions] for the extname of the filename
-    # you pass. Answers with the engine that matches the extension, Template::Erubis
-    # is used if none matches.
-    def engine_for(file)
-      extension = File.extname(file)[1..-1]
-      _template_extensions[extension]
-    rescue
-      ::Merb::Template::Erubis
-    end
-   
-    # This method is called by templating-engines to register themselves with
-    # a list of extensions that will be looked up on #render of an action.
-    def self.register_engine(engine, *extensions)
-      [extensions].flatten.uniq.each do |ext|
-        _template_extensions[ext] = engine
-      end  
+    # Sends a mail from a MailController
+    # 
+    #  send_mail FooMailer, :bar, :from => "foo@bar.com", :to => "baz@bat.com"
+    # 
+    # would send an email via the FooMailer's bar method.
+    # 
+    # The mail_params hash would be sent to the mailer, and includes items
+    # like from, to subject, and cc. See
+    # Merb::MailController#dispatch_and_deliver for more details.
+    # 
+    # The send_params hash would be sent to the MailController, and is
+    # available to methods in the MailController as <tt>params</tt>. If you do
+    # not send any send_params, this controller's params will be available to
+    # the MailController as <tt>params</tt>
+    def send_mail(klass, method, mail_params, send_params = nil)
+      klass.new(send_params || params, self).dispatch_and_deliver(method, mail_params)
     end
-
-    
-    
-    # shared_accessor sets up a class instance variable that can
-    # be unique for each class but also inherits the shared attrs
-    # from its superclasses. Since @@class variables are almost
-    # global vars within an inheritance tree, we use 
-    # @class_instance_variables instead
-    class_inheritable_accessor :before_filters
-    class_inheritable_accessor :after_filters
-    
-    # calls a filter chain according to rules.
-    def call_filters(filter_set)
-      (filter_set || []).each do |(filter, rule)|
-        ok = false
-        if rule.has_key?(:only)
-          if rule[:only].include?(params[:action].intern)
-            ok = true
-          end  
-        elsif rule.has_key?(:exclude)
-          if !rule[:exclude].include?(params[:action].intern)
-            ok = true
-          end 
-        else
-          ok = true
-        end    
-        if ok
-          case filter
-            when Symbol, String
-             send(filter)
-            when Proc
-             filter.call(self)
-          end
-        end   
-      end
-      return :filter_chain_completed
-    end 
     
-    # #before is a class method that allows you to specify before
-    # filters in your controllers. Filters can either be a symbol
-    # or string that corresponds to a method name to call, or a 
-    # proc object. if it is a method name that method will be 
-    # called and if it is a proc it will be called with an argument
-    # of self where self is the current controller object. When 
-    # you use a proc as a filter it needs to take one parameter.
+    # Dispatches a PartController. Use like:
     # 
-    # examples:
-    # before :some_filter
-    # before :authenticate, :exclude => [:login, :signup]
-    # before Proc.new {|c| c.some_method }, :only => :foo
+    #   <%= part TodoPart => :list %>
     #
-    # You can use either :only => :actionname or :exclude => [:this, :that]
-    # but not both at once. :only will only run before the listed actions
-    # and :exclude will run for every action that is not listed.
+    # will instantiate a new TodoPart controller and call the :list action
+    # invoking the Part's before and after filters as part of the call.
     #
-    # Merb's before filter chain is very flixible. To halt the 
-    # filter chain you use throw :halt . If throw is called with
-    # only one argument of :halt the return of the method filters_halted 
-    # will be what is rendered to the view. You can overide filters_halted
-    # in your own controllers to control what it outputs. But the throw
-    # construct is much more powerful then just that. throw :halt can
-    # also take a second argument. Here is what that second arg can be 
-    # and the behavior each type can have:
+    # returns a string containing the results of the Part controllers dispatch
     #
-    # when the second arg is a string then that string will be what
-    # is rendered to the browser. Since merb's render method returns
-    # a string you can render a template or just use a plain string:
+    # You can compose parts easily as well, these two parts will stil be wrapped
+    # in the layout of the Foo controller:
     #
-    # String:
-    # throw :halt, "You don't have permissions to do that!"
-    # throw :halt, render(:action => :access_denied)
+    # class Foo < Application
+    #   def some_action
+    #     wrap_layout(part(TodoPart => :new) + part(TodoPart => :list))
+    #   end
+    #end
     #
-    # if the second arg is a symbol then the method named after that
-    # symbol will be called
-    # Symbol: 
-    # throw :halt, :must_click_disclaimer
-    #
-    # If the second arg is a Proc, it will be called and its return
-    # value will be what is rendered to the browser:
-    # Proc:
-    # throw :halt, Proc.new {|c| c.access_denied }
-    # throw :halt, Proc.new {|c| Tidy.new(c.index) }
-    # 
-    def self.before(filter, opts={})
-      raise(ArgumentError,
-        "You can specify either :only or :exclude but 
-         not both at the same time for the same filter."
-      ) if opts.has_key?(:only) && opts.has_key?(:exclude)
-      
-      opts = shuffle_filters!(opts)
-      
-      case filter
-      when Symbol, String, Proc
-        (self.before_filters ||= []) << [filter, opts]
-      else
-        raise(ArgumentError, 
-          'filters need to be either a Symbol, String or a Proc'
-        )        
-      end  
-    end
-    
-    # #after is a class method that allows you to specify after
-    # filters in your controllers. Filters can either be a symbol
-    # or string that corresponds to a method name or a proc object.
-    # if it is a method name that method will be called and if it
-    # is a proc it will be called with an argument of self. When 
-    # you use a proc as a filter it needs to take one parameter.
-    # you can gain access to the response body like so:
-    # after Proc.new {|c| Tidy.new(c.body) }, :only => :index
-    # 
-    def self.after(filter, opts={})
-      raise(ArgumentError,
-        "You can specify either :only or :exclude but 
-         not both at the same time for the same filter."
-      ) if opts.has_key?(:only) && opts.has_key?(:exclude)
-    
-      opts = shuffle_filters!(opts)
-      
-      case filter
-      when Symbol, Proc, String
-        (self.after_filters ||= []) << [filter, opts]
-      else
-        raise(ArgumentError, 
-          'After filters need to be either a Symbol, String or a Proc'
-        )        
+    def part(opts={})
+      res = opts.inject([]) do |memo,(klass,action)|
+        memo << klass.new(self).dispatch(action)
       end
+      res.size == 1 ? res[0] : res
     end
     
-    def self.shuffle_filters!(opts={})
-      if opts[:only] && opts[:only].is_a?(Symbol)
-        opts[:only] = [opts[:only]]
-      end 
-      if opts[:exclude] && opts[:exclude].is_a?(Symbol)
-        opts[:exclude] = [opts[:exclude]]
-      end
-      return opts
-    end  
-    
   end  
   
 end