omg-activesupport 8.0.0.alpha1

data/lib/active_support/log_subscriber.rb

@@ -0,0 +1,192 @@
+# frozen_string_literal: true
+
+require "active_support/core_ext/module/attribute_accessors"
+require "active_support/core_ext/class/attribute"
+require "active_support/core_ext/enumerable"
+require "active_support/subscriber"
+require "active_support/deprecation/proxy_wrappers"
+
+module ActiveSupport
+  # = Active Support Log \Subscriber
+  #
+  # +ActiveSupport::LogSubscriber+ is an object set to consume
+  # ActiveSupport::Notifications with the sole purpose of logging them.
+  # The log subscriber dispatches notifications to a registered object based
+  # on its given namespace.
+  #
+  # An example would be Active Record log subscriber responsible for logging
+  # queries:
+  #
+  #   module ActiveRecord
+  #     class LogSubscriber < ActiveSupport::LogSubscriber
+  #       attach_to :active_record
+  #
+  #       def sql(event)
+  #         info "#{event.payload[:name]} (#{event.duration}) #{event.payload[:sql]}"
+  #       end
+  #     end
+  #   end
+  #
+  # ActiveRecord::LogSubscriber.logger must be set as well, but it is assigned
+  # automatically in a \Rails environment.
+  #
+  # After configured, whenever a <tt>"sql.active_record"</tt> notification is
+  # published, it will properly dispatch the event
+  # (ActiveSupport::Notifications::Event) to the +sql+ method.
+  #
+  # Being an ActiveSupport::Notifications consumer,
+  # +ActiveSupport::LogSubscriber+ exposes a simple interface to check if
+  # instrumented code raises an exception. It is common to log a different
+  # message in case of an error, and this can be achieved by extending
+  # the previous example:
+  #
+  #   module ActiveRecord
+  #     class LogSubscriber < ActiveSupport::LogSubscriber
+  #       def sql(event)
+  #         exception = event.payload[:exception]
+  #
+  #         if exception
+  #           exception_object = event.payload[:exception_object]
+  #
+  #           error "[ERROR] #{event.payload[:name]}: #{exception.join(', ')} " \
+  #                 "(#{exception_object.backtrace.first})"
+  #         else
+  #           # standard logger code
+  #         end
+  #       end
+  #     end
+  #   end
+  #
+  # +ActiveSupport::LogSubscriber+ also has some helpers to deal with
+  # logging. For example, ActiveSupport::LogSubscriber.flush_all! will ensure
+  # that all logs are flushed, and it is called in Rails::Rack::Logger after a
+  # request finishes.
+  class LogSubscriber < Subscriber
+    # ANSI sequence modes
+    MODES = {
+      clear:     0,
+      bold:      1,
+      italic:    3,
+      underline: 4,
+    }
+
+    # ANSI sequence colors
+    BLACK   = "\e[30m"
+    RED     = "\e[31m"
+    GREEN   = "\e[32m"
+    YELLOW  = "\e[33m"
+    BLUE    = "\e[34m"
+    MAGENTA = "\e[35m"
+    CYAN    = "\e[36m"
+    WHITE   = "\e[37m"
+
+    mattr_accessor :colorize_logging, default: true
+    class_attribute :log_levels, instance_accessor: false, default: {} # :nodoc:
+
+    LEVEL_CHECKS = {
+      debug: -> (logger) { !logger.debug? },
+      info: -> (logger) { !logger.info? },
+      error: -> (logger) { !logger.error? },
+    }
+
+    class << self
+      def logger
+        @logger ||= if defined?(Rails) && Rails.respond_to?(:logger)
+          Rails.logger
+        end
+      end
+
+      def attach_to(...) # :nodoc:
+        result = super
+        set_event_levels
+        result
+      end
+
+      attr_writer :logger
+
+      def log_subscribers
+        subscribers
+      end
+
+      # Flush all log_subscribers' logger.
+      def flush_all!
+        logger.flush if logger.respond_to?(:flush)
+      end
+
+      private
+        def fetch_public_methods(subscriber, inherit_all)
+          subscriber.public_methods(inherit_all) - LogSubscriber.public_instance_methods(true)
+        end
+
+        def set_event_levels
+          if subscriber
+            subscriber.event_levels = log_levels.transform_keys { |k| "#{k}.#{namespace}" }
+          end
+        end
+
+        def subscribe_log_level(method, level)
+          self.log_levels = log_levels.merge(method => LEVEL_CHECKS.fetch(level))
+          set_event_levels
+        end
+    end
+
+    def initialize
+      super
+      @event_levels = {}
+    end
+
+    def logger
+      LogSubscriber.logger
+    end
+
+    def silenced?(event)
+      logger.nil? || @event_levels[event]&.call(logger)
+    end
+
+    def call(event)
+      super if logger
+    rescue => e
+      log_exception(event.name, e)
+    end
+
+    def publish_event(event)
+      super if logger
+    rescue => e
+      log_exception(event.name, e)
+    end
+
+    attr_writer :event_levels # :nodoc:
+
+  private
+    %w(info debug warn error fatal unknown).each do |level|
+      class_eval <<-METHOD, __FILE__, __LINE__ + 1
+        def #{level}(progname = nil, &block)
+          logger.#{level}(progname, &block) if logger
+        end
+      METHOD
+    end
+
+    # Set color by using a symbol or one of the defined constants. Set modes
+    # by specifying bold, italic, or underline options. Inspired by Highline,
+    # this method will automatically clear formatting at the end of the returned String.
+    def color(text, color, mode_options = {}) # :doc:
+      return text unless colorize_logging
+      color = self.class.const_get(color.upcase) if color.is_a?(Symbol)
+      mode = mode_from(mode_options)
+      clear = "\e[#{MODES[:clear]}m"
+      "#{mode}#{color}#{text}#{clear}"
+    end
+
+    def mode_from(options)
+      modes = MODES.values_at(*options.compact_blank.keys)
+
+      "\e[#{modes.join(";")}m" if modes.any?
+    end
+
+    def log_exception(name, e)
+      if logger
+        logger.error "Could not log #{name.inspect} event. #{e.class}: #{e.message} #{e.backtrace}"
+      end
+    end
+  end
+end

data/lib/active_support/logger.rb

@@ -0,0 +1,55 @@
+# frozen_string_literal: true
+
+require "active_support/logger_silence"
+require "active_support/logger_thread_safe_level"
+require "logger"
+
+module ActiveSupport
+  class Logger < ::Logger
+    include LoggerSilence
+
+    # Returns true if the logger destination matches one of the sources
+    #
+    #   logger = Logger.new(STDOUT)
+    #   ActiveSupport::Logger.logger_outputs_to?(logger, STDOUT)
+    #   # => true
+    #
+    #   logger = Logger.new('/var/log/rails.log')
+    #   ActiveSupport::Logger.logger_outputs_to?(logger, '/var/log/rails.log')
+    #   # => true
+    def self.logger_outputs_to?(logger, *sources)
+      loggers = if logger.is_a?(BroadcastLogger)
+        logger.broadcasts
+      else
+        [logger]
+      end
+
+      logdevs = loggers.map { |logger| logger.instance_variable_get(:@logdev) }
+      logger_sources = logdevs.filter_map { |logdev| logdev.try(:filename) || logdev.try(:dev) }
+
+      normalize_sources(sources).intersect?(normalize_sources(logger_sources))
+    end
+
+    def initialize(*args, **kwargs)
+      super
+      @formatter ||= SimpleFormatter.new
+    end
+
+    # Simple formatter which only displays the message.
+    class SimpleFormatter < ::Logger::Formatter
+      # This method is invoked when a log event occurs
+      def call(severity, timestamp, progname, msg)
+        "#{String === msg ? msg : msg.inspect}\n"
+      end
+    end
+
+    private
+      def self.normalize_sources(sources)
+        sources.map do |source|
+          source = source.path if source.respond_to?(:path)
+          source = File.realpath(source) if source.is_a?(String) && File.exist?(source)
+          source
+        end
+      end
+  end
+end

data/lib/active_support/logger_silence.rb

@@ -0,0 +1,21 @@
+# frozen_string_literal: true
+
+require "active_support/concern"
+require "active_support/core_ext/module/attribute_accessors"
+require "active_support/logger_thread_safe_level"
+
+module ActiveSupport
+  module LoggerSilence
+    extend ActiveSupport::Concern
+
+    included do
+      cattr_accessor :silencer, default: true
+      include ActiveSupport::LoggerThreadSafeLevel
+    end
+
+    # Silences the logger for the duration of the block.
+    def silence(severity = Logger::ERROR)
+      silencer ? log_at(severity) { yield self } : yield(self)
+    end
+  end
+end

data/lib/active_support/logger_thread_safe_level.rb

@@ -0,0 +1,47 @@
+# frozen_string_literal: true
+
+require "active_support/concern"
+require "logger"
+
+module ActiveSupport
+  module LoggerThreadSafeLevel # :nodoc:
+    extend ActiveSupport::Concern
+
+    def local_level
+      IsolatedExecutionState[local_level_key]
+    end
+
+    def local_level=(level)
+      case level
+      when Integer
+      when Symbol
+        level = Logger::Severity.const_get(level.to_s.upcase)
+      when nil
+      else
+        raise ArgumentError, "Invalid log level: #{level.inspect}"
+      end
+      if level.nil?
+        IsolatedExecutionState.delete(local_level_key)
+      else
+        IsolatedExecutionState[local_level_key] = level
+      end
+    end
+
+    def level
+      local_level || super
+    end
+
+    # Change the thread-local level for the duration of the given block.
+    def log_at(level)
+      old_local_level, self.local_level = local_level, level
+      yield
+    ensure
+      self.local_level = old_local_level
+    end
+
+    private
+      def local_level_key
+        @local_level_key ||= :"logger_thread_safe_level_#{object_id}"
+      end
+  end
+end

data/lib/active_support/message_encryptor.rb

@@ -0,0 +1,374 @@
+# frozen_string_literal: true
+
+require "openssl"
+require "base64"
+require "active_support/core_ext/module/attribute_accessors"
+require "active_support/messages/codec"
+require "active_support/messages/rotator"
+require "active_support/message_verifier"
+
+module ActiveSupport
+  # = Active Support Message Encryptor
+  #
+  # MessageEncryptor is a simple way to encrypt values which get stored
+  # somewhere you don't trust.
+  #
+  # The cipher text and initialization vector are base64 encoded and returned
+  # to you.
+  #
+  # This can be used in situations similar to the MessageVerifier, but
+  # where you don't want users to be able to determine the value of the payload.
+  #
+  #   len   = ActiveSupport::MessageEncryptor.key_len
+  #   salt  = SecureRandom.random_bytes(len)
+  #   key   = ActiveSupport::KeyGenerator.new('password').generate_key(salt, len) # => "\x89\xE0\x156\xAC..."
+  #   crypt = ActiveSupport::MessageEncryptor.new(key)                            # => #<ActiveSupport::MessageEncryptor ...>
+  #   encrypted_data = crypt.encrypt_and_sign('my secret data')                   # => "NlFBTTMwOUV5UlA1QlNEN2xkY2d6eThYWWh..."
+  #   crypt.decrypt_and_verify(encrypted_data)                                    # => "my secret data"
+  #
+  # The +decrypt_and_verify+ method will raise an
+  # +ActiveSupport::MessageEncryptor::InvalidMessage+ exception if the data
+  # provided cannot be decrypted or verified.
+  #
+  #   crypt.decrypt_and_verify('not encrypted data') # => ActiveSupport::MessageEncryptor::InvalidMessage
+  #
+  # === Confining messages to a specific purpose
+  #
+  # By default any message can be used throughout your app. But they can also be
+  # confined to a specific +:purpose+.
+  #
+  #   token = crypt.encrypt_and_sign("this is the chair", purpose: :login)
+  #
+  # Then that same purpose must be passed when verifying to get the data back out:
+  #
+  #   crypt.decrypt_and_verify(token, purpose: :login)    # => "this is the chair"
+  #   crypt.decrypt_and_verify(token, purpose: :shipping) # => nil
+  #   crypt.decrypt_and_verify(token)                     # => nil
+  #
+  # Likewise, if a message has no purpose it won't be returned when verifying with
+  # a specific purpose.
+  #
+  #   token = crypt.encrypt_and_sign("the conversation is lively")
+  #   crypt.decrypt_and_verify(token, purpose: :scare_tactics) # => nil
+  #   crypt.decrypt_and_verify(token)                          # => "the conversation is lively"
+  #
+  # === Making messages expire
+  #
+  # By default messages last forever and verifying one year from now will still
+  # return the original value. But messages can be set to expire at a given
+  # time with +:expires_in+ or +:expires_at+.
+  #
+  #   crypt.encrypt_and_sign(parcel, expires_in: 1.month)
+  #   crypt.encrypt_and_sign(doowad, expires_at: Time.now.end_of_year)
+  #
+  # Then the messages can be verified and returned up to the expire time.
+  # Thereafter, verifying returns +nil+.
+  #
+  # === Rotating keys
+  #
+  # MessageEncryptor also supports rotating out old configurations by falling
+  # back to a stack of encryptors. Call +rotate+ to build and add an encryptor
+  # so +decrypt_and_verify+ will also try the fallback.
+  #
+  # By default any rotated encryptors use the values of the primary
+  # encryptor unless specified otherwise.
+  #
+  # You'd give your encryptor the new defaults:
+  #
+  #   crypt = ActiveSupport::MessageEncryptor.new(@secret, cipher: "aes-256-gcm")
+  #
+  # Then gradually rotate the old values out by adding them as fallbacks. Any message
+  # generated with the old values will then work until the rotation is removed.
+  #
+  #   crypt.rotate old_secret            # Fallback to an old secret instead of @secret.
+  #   crypt.rotate cipher: "aes-256-cbc" # Fallback to an old cipher instead of aes-256-gcm.
+  #
+  # Though if both the secret and the cipher was changed at the same time,
+  # the above should be combined into:
+  #
+  #   crypt.rotate old_secret, cipher: "aes-256-cbc"
+  class MessageEncryptor < Messages::Codec
+    prepend Messages::Rotator
+
+    cattr_accessor :use_authenticated_message_encryption, instance_accessor: false, default: false
+
+    class << self
+      def default_cipher # :nodoc:
+        if use_authenticated_message_encryption
+          "aes-256-gcm"
+        else
+          "aes-256-cbc"
+        end
+      end
+    end
+
+    module NullSerializer # :nodoc:
+      def self.load(value)
+        value
+      end
+
+      def self.dump(value)
+        value
+      end
+    end
+
+    class InvalidMessage < StandardError; end
+    OpenSSLCipherError = OpenSSL::Cipher::CipherError
+
+    AUTH_TAG_LENGTH = 16 # :nodoc:
+    SEPARATOR = "--" # :nodoc:
+
+    # Initialize a new MessageEncryptor. +secret+ must be at least as long as
+    # the cipher key size. For the default 'aes-256-gcm' cipher, this is 256
+    # bits. If you are using a user-entered secret, you can generate a suitable
+    # key by using ActiveSupport::KeyGenerator or a similar key
+    # derivation function.
+    #
+    # The first additional parameter is used as the signature key for
+    # MessageVerifier. This allows you to specify keys to encrypt and sign
+    # data. Ignored when using an AEAD cipher like 'aes-256-gcm'.
+    #
+    #    ActiveSupport::MessageEncryptor.new('secret', 'signature_secret')
+    #
+    # ==== Options
+    #
+    # [+:cipher+]
+    #   Cipher to use. Can be any cipher returned by +OpenSSL::Cipher.ciphers+.
+    #   Default is 'aes-256-gcm'.
+    #
+    # [+:digest+]
+    #   Digest used for signing. Ignored when using an AEAD cipher like
+    #   'aes-256-gcm'.
+    #
+    # [+:serializer+]
+    #   The serializer used to serialize message data. You can specify any
+    #   object that responds to +dump+ and +load+, or you can choose from
+    #   several preconfigured serializers: +:marshal+, +:json_allow_marshal+,
+    #   +:json+, +:message_pack_allow_marshal+, +:message_pack+.
+    #
+    #   The preconfigured serializers include a fallback mechanism to support
+    #   multiple deserialization formats. For example, the +:marshal+ serializer
+    #   will serialize using +Marshal+, but can deserialize using +Marshal+,
+    #   ActiveSupport::JSON, or ActiveSupport::MessagePack. This makes it easy
+    #   to migrate between serializers.
+    #
+    #   The +:marshal+, +:json_allow_marshal+, and +:message_pack_allow_marshal+
+    #   serializers support deserializing using +Marshal+, but the others do
+    #   not. Beware that +Marshal+ is a potential vector for deserialization
+    #   attacks in cases where a message signing secret has been leaked. <em>If
+    #   possible, choose a serializer that does not support +Marshal+.</em>
+    #
+    #   The +:message_pack+ and +:message_pack_allow_marshal+ serializers use
+    #   ActiveSupport::MessagePack, which can roundtrip some Ruby types that are
+    #   not supported by JSON, and may provide improved performance. However,
+    #   these require the +msgpack+ gem.
+    #
+    #   When using \Rails, the default depends on +config.active_support.message_serializer+.
+    #   Otherwise, the default is +:marshal+.
+    #
+    # [+:url_safe+]
+    #   By default, MessageEncryptor generates RFC 4648 compliant strings
+    #   which are not URL-safe. In other words, they can contain "+" and "/".
+    #   If you want to generate URL-safe strings (in compliance with "Base 64
+    #   Encoding with URL and Filename Safe Alphabet" in RFC 4648), you can
+    #   pass +true+.
+    #
+    # [+:force_legacy_metadata_serializer+]
+    #   Whether to use the legacy metadata serializer, which serializes the
+    #   message first, then wraps it in an envelope which is also serialized. This
+    #   was the default in \Rails 7.0 and below.
+    #
+    #   If you don't pass a truthy value, the default is set using
+    #   +config.active_support.use_message_serializer_for_metadata+.
+    def initialize(secret, sign_secret = nil, **options)
+      super(**options)
+      @secret = secret
+      @cipher = options[:cipher] || self.class.default_cipher
+      @aead_mode = new_cipher.authenticated?
+      @verifier = if !@aead_mode
+        MessageVerifier.new(sign_secret || secret, **options, serializer: NullSerializer)
+      end
+    end
+
+    # Encrypt and sign a message. We need to sign the message in order to avoid
+    # padding attacks. Reference: https://www.limited-entropy.com/padding-oracle-attacks/.
+    #
+    # ==== Options
+    #
+    # [+:expires_at+]
+    #   The datetime at which the message expires. After this datetime,
+    #   verification of the message will fail.
+    #
+    #     message = encryptor.encrypt_and_sign("hello", expires_at: Time.now.tomorrow)
+    #     encryptor.decrypt_and_verify(message) # => "hello"
+    #     # 24 hours later...
+    #     encryptor.decrypt_and_verify(message) # => nil
+    #
+    # [+:expires_in+]
+    #   The duration for which the message is valid. After this duration has
+    #   elapsed, verification of the message will fail.
+    #
+    #     message = encryptor.encrypt_and_sign("hello", expires_in: 24.hours)
+    #     encryptor.decrypt_and_verify(message) # => "hello"
+    #     # 24 hours later...
+    #     encryptor.decrypt_and_verify(message) # => nil
+    #
+    # [+:purpose+]
+    #   The purpose of the message. If specified, the same purpose must be
+    #   specified when verifying the message; otherwise, verification will fail.
+    #   (See #decrypt_and_verify.)
+    def encrypt_and_sign(value, **options)
+      create_message(value, **options)
+    end
+
+    # Decrypt and verify a message. We need to verify the message in order to
+    # avoid padding attacks. Reference: https://www.limited-entropy.com/padding-oracle-attacks/.
+    #
+    # ==== Options
+    #
+    # [+:purpose+]
+    #   The purpose that the message was generated with. If the purpose does not
+    #   match, +decrypt_and_verify+ will return +nil+.
+    #
+    #     message = encryptor.encrypt_and_sign("hello", purpose: "greeting")
+    #     encryptor.decrypt_and_verify(message, purpose: "greeting") # => "hello"
+    #     encryptor.decrypt_and_verify(message)                      # => nil
+    #
+    #     message = encryptor.encrypt_and_sign("bye")
+    #     encryptor.decrypt_and_verify(message)                      # => "bye"
+    #     encryptor.decrypt_and_verify(message, purpose: "greeting") # => nil
+    #
+    def decrypt_and_verify(message, **options)
+      catch_and_raise :invalid_message_format, as: InvalidMessage do
+        catch_and_raise :invalid_message_serialization, as: InvalidMessage do
+          catch_and_ignore :invalid_message_content do
+            read_message(message, **options)
+          end
+        end
+      end
+    end
+
+    # Given a cipher, returns the key length of the cipher to help generate the key of desired size
+    def self.key_len(cipher = default_cipher)
+      OpenSSL::Cipher.new(cipher).key_len
+    end
+
+    def create_message(value, **options) # :nodoc:
+      sign(encrypt(serialize_with_metadata(value, **options)))
+    end
+
+    def read_message(message, **options) # :nodoc:
+      deserialize_with_metadata(decrypt(verify(message)), **options)
+    end
+
+    def inspect # :nodoc:
+      "#<#{self.class.name}:#{'%#016x' % (object_id << 1)}>"
+    end
+
+    private
+      def sign(data)
+        @verifier ? @verifier.create_message(data) : data
+      end
+
+      def verify(data)
+        @verifier ? @verifier.read_message(data) : data
+      end
+
+      def encrypt(data)
+        cipher = new_cipher
+        cipher.encrypt
+        cipher.key = @secret
+
+        # Rely on OpenSSL for the initialization vector
+        iv = cipher.random_iv
+        cipher.auth_data = "" if aead_mode?
+
+        encrypted_data = cipher.update(data)
+        encrypted_data << cipher.final
+
+        parts = [encrypted_data, iv]
+        parts << cipher.auth_tag(AUTH_TAG_LENGTH) if aead_mode?
+
+        join_parts(parts)
+      end
+
+      def decrypt(encrypted_message)
+        cipher = new_cipher
+        encrypted_data, iv, auth_tag = extract_parts(encrypted_message)
+
+        # Currently the OpenSSL bindings do not raise an error if auth_tag is
+        # truncated, which would allow an attacker to easily forge it. See
+        # https://github.com/ruby/openssl/issues/63
+        if aead_mode? && auth_tag.bytesize != AUTH_TAG_LENGTH
+          throw :invalid_message_format, "truncated auth_tag"
+        end
+
+        cipher.decrypt
+        cipher.key = @secret
+        cipher.iv  = iv
+        if aead_mode?
+          cipher.auth_tag = auth_tag
+          cipher.auth_data = ""
+        end
+
+        decrypted_data = cipher.update(encrypted_data)
+        decrypted_data << cipher.final
+      rescue OpenSSLCipherError => error
+        throw :invalid_message_format, error
+      end
+
+      def length_after_encode(length_before_encode)
+        if @url_safe
+          (4 * length_before_encode / 3.0).ceil # length without padding
+        else
+          4 * (length_before_encode / 3.0).ceil # length with padding
+        end
+      end
+
+      def length_of_encoded_iv
+        @length_of_encoded_iv ||= length_after_encode(new_cipher.iv_len)
+      end
+
+      def length_of_encoded_auth_tag
+        @length_of_encoded_auth_tag ||= length_after_encode(AUTH_TAG_LENGTH)
+      end
+
+      def join_parts(parts)
+        parts.map! { |part| encode(part) }.join(SEPARATOR)
+      end
+
+      def extract_part(encrypted_message, rindex, length)
+        index = rindex - length
+
+        if encrypted_message[index - SEPARATOR.length, SEPARATOR.length] == SEPARATOR
+          encrypted_message[index, length]
+        else
+          throw :invalid_message_format, "missing separator"
+        end
+      end
+
+      def extract_parts(encrypted_message)
+        parts = []
+        rindex = encrypted_message.length
+
+        if aead_mode?
+          parts << extract_part(encrypted_message, rindex, length_of_encoded_auth_tag)
+          rindex -= SEPARATOR.length + length_of_encoded_auth_tag
+        end
+
+        parts << extract_part(encrypted_message, rindex, length_of_encoded_iv)
+        rindex -= SEPARATOR.length + length_of_encoded_iv
+
+        parts << encrypted_message[0, rindex]
+
+        parts.reverse!.map! { |part| decode(part) }
+      end
+
+      def new_cipher
+        OpenSSL::Cipher.new(@cipher)
+      end
+
+      attr_reader :aead_mode
+      alias :aead_mode? :aead_mode
+  end
+end