puma 2.11.3-java → 2.12.0-java

data/lib/puma/server.rb

@@ -1,4 +1,3 @@
-require 'rack'
 require 'stringio'
 
 require 'puma/thread_pool'
@@ -13,8 +12,6 @@ require 'puma/delegation'
 require 'puma/accept_nonblock'
 require 'puma/util'
 
-require 'puma/rack_patch'
-
 require 'puma/puma_http11'
 
 unless Puma.const_defined? "IOBuffer"
@@ -39,6 +36,7 @@ module Puma
     attr_accessor :max_threads
     attr_accessor :persistent_timeout
     attr_accessor :auto_trim_time
+    attr_accessor :reaping_time
     attr_accessor :first_data_timeout
 
     # Create a server for the rack app +app+.
@@ -60,6 +58,7 @@ module Puma
       @min_threads = 0
       @max_threads = 16
       @auto_trim_time = 1
+      @reaping_time = 1
 
       @thread = nil
       @thread_pool = nil
@@ -250,6 +249,14 @@ module Puma
             client.finish
             process_now = true
           end
+        rescue MiniSSL::SSLError => e
+          ssl_socket = client.io
+          addr = ssl_socket.peeraddr.last
+          cert = ssl_socket.peercert
+
+          client.close
+
+          @events.ssl_error self, addr, cert, e
         rescue HttpParserError => e
           client.write_400
           client.close
@@ -274,6 +281,10 @@ module Puma
         @reactor.run_in_thread
       end
 
+      if @reaping_time
+        @thread_pool.auto_reap!(@reaping_time)
+      end
+
       if @auto_trim_time
         @thread_pool.auto_trim!(@auto_trim_time)
       end
@@ -395,6 +406,16 @@ module Puma
       rescue ConnectionError
         # Swallow them. The ensure tries to close +client+ down
 
+      # SSL handshake error
+      rescue MiniSSL::SSLError => e
+        ssl_socket = client.io
+        addr = ssl_socket.peeraddr.last
+        cert = ssl_socket.peercert
+
+        close_socket = true
+
+        @events.ssl_error self, addr, cert, e
+
       # The client doesn't know HTTP well
       rescue HttpParserError => e
         client.write_400
@@ -457,16 +478,23 @@ module Puma
       #
 
       unless env.key?(REMOTE_ADDR)
-        addr = client.peeraddr.last
+        begin
+          addr = client.peeraddr.last
+        rescue Errno::ENOTCONN
+          # Client disconnects can result in an inability to get the
+          # peeraddr from the socket; default to localhost.
+          addr = LOCALHOST_IP
+        end
 
         # Set unix socket addrs to localhost
-        addr = "127.0.0.1" if addr.empty?
+        addr = LOCALHOST_IP if addr.empty?
 
         env[REMOTE_ADDR] = addr
       end
     end
 
     def default_server_port(env)
+      return PORT_443 if env[HTTPS_KEY] == 'on' || env[HTTPS_KEY] == 'https'
       env['HTTP_X_FORWARDED_PROTO'] == 'https' ? PORT_443 : PORT_80
     end
 
@@ -487,6 +515,10 @@ module Puma
 
       env[PUMA_SOCKET] = client
 
+      if env[HTTPS_KEY] && client.peercert
+        env[PUMA_PEERCERT] = client.peercert
+      end
+
       env[HIJACK_P] = true
       env[HIJACK] = req
 
@@ -610,15 +642,13 @@ module Puma
           fast_write client, lines.to_s
           return keep_alive
         end
-
-        unless response_hijack
-          if content_length
-            lines.append CONTENT_LENGTH_S, content_length.to_s, line_ending
-            chunked = false
-          elsif allow_chunked
-            lines << TRANSFER_ENCODING_CHUNKED
-            chunked = true
-          end
+        
+        if content_length
+          lines.append CONTENT_LENGTH_S, content_length.to_s, line_ending
+          chunked = false
+        elsif !response_hijack and allow_chunked
+          lines << TRANSFER_ENCODING_CHUNKED
+          chunked = true
         end
 
         lines << line_ending

data/lib/puma/thread_pool.rb

@@ -33,6 +33,7 @@ module Puma
       @workers = []
 
       @auto_trim = nil
+      @reaper = nil
 
       @mutex.synchronize do
         @min.times { spawn_thread }
@@ -101,7 +102,10 @@ module Puma
             end
           end
 
-          block.call(work, *extra)
+          begin
+            block.call(work, *extra)
+          rescue Exception
+          end
         end
 
         mutex.synchronize do
@@ -155,6 +159,21 @@ module Puma
       end
     end
 
+    # If there are dead threads in the pool make them go away while decreasing
+    # spwaned counter so that new healty threads could be created again.
+    def reap
+      @mutex.synchronize do
+        dead_workers = @workers.reject(&:alive?)
+
+        dead_workers.each do |worker|
+          worker.kill
+          @spawned -= 1
+        end
+
+        @workers -= dead_workers
+      end
+    end
+
     class AutoTrim
       def initialize(pool, timeout)
         @pool = pool
@@ -184,6 +203,35 @@ module Puma
       @auto_trim.start!
     end
 
+    class Reaper
+      def initialize(pool, timeout)
+        @pool = pool
+        @timeout = timeout
+        @running = false
+      end
+
+      def start!
+        @running = true
+
+        @thread = Thread.new do
+          while @running
+            @pool.reap
+            sleep @timeout
+          end
+        end
+      end
+
+      def stop
+        @running = false
+        @thread.wakeup
+      end
+    end
+
+    def auto_reap!(timeout=5)
+      @reaper = Reaper.new(self, timeout)
+      @reaper.start!
+    end
+
     # Tell all threads in the pool to exit and wait for them to finish.
     #
     def shutdown
@@ -193,6 +241,7 @@ module Puma
         @not_full.broadcast
 
         @auto_trim.stop if @auto_trim
+        @reaper.stop if @reaper
       end
 
       # Use this instead of #each so that we don't stop in the middle

data/lib/puma/util.rb

@@ -1,3 +1,15 @@
+major, minor, patch = RUBY_VERSION.split('.').map { |v| v.to_i }
+
+if major == 1 && minor < 9
+  require 'puma/rack/backports/uri/common_18'
+elsif major == 1 && minor == 9 && patch == 2 && RUBY_PATCHLEVEL <= 328 && RUBY_ENGINE != 'jruby'
+  require 'puma/rack/backports/uri/common_192'
+elsif major == 1 && minor == 9 && patch == 3 && RUBY_PATCHLEVEL < 125
+  require 'puma/rack/backports/uri/common_193'
+else
+  require 'uri/common'
+end
+
 module Puma
   module Util
     module_function
@@ -5,5 +17,116 @@ module Puma
     def pipe
       IO.pipe
     end
+
+    # Unescapes a URI escaped string with +encoding+. +encoding+ will be the
+    # target encoding of the string returned, and it defaults to UTF-8
+    if defined?(::Encoding)
+      def unescape(s, encoding = Encoding::UTF_8)
+        URI.decode_www_form_component(s, encoding)
+      end
+    else
+      def unescape(s, encoding = nil)
+        URI.decode_www_form_component(s, encoding)
+      end
+    end
+    module_function :unescape
+
+    DEFAULT_SEP = /[&;] */n
+
+    # Stolen from Mongrel, with some small modifications:
+    # Parses a query string by breaking it up at the '&'
+    # and ';' characters.  You can also use this to parse
+    # cookies by changing the characters used in the second
+    # parameter (which defaults to '&;').
+    def parse_query(qs, d = nil, &unescaper)
+      unescaper ||= method(:unescape)
+
+      params = {}
+
+      (qs || '').split(d ? /[#{d}] */n : DEFAULT_SEP).each do |p|
+        next if p.empty?
+        k, v = p.split('=', 2).map(&unescaper)
+
+        if cur = params[k]
+          if cur.class == Array
+            params[k] << v
+          else
+            params[k] = [cur, v]
+          end
+        else
+          params[k] = v
+        end
+      end
+
+      return params
+    end
+
+    # A case-insensitive Hash that preserves the original case of a
+    # header when set.
+    class HeaderHash < Hash
+      def self.new(hash={})
+        HeaderHash === hash ? hash : super(hash)
+      end
+
+      def initialize(hash={})
+        super()
+        @names = {}
+        hash.each { |k, v| self[k] = v }
+      end
+
+      def each
+        super do |k, v|
+          yield(k, v.respond_to?(:to_ary) ? v.to_ary.join("\n") : v)
+        end
+      end
+
+      def to_hash
+        hash = {}
+        each { |k,v| hash[k] = v }
+        hash
+      end
+
+      def [](k)
+        super(k) || super(@names[k.downcase])
+      end
+
+      def []=(k, v)
+        canonical = k.downcase
+        delete k if @names[canonical] && @names[canonical] != k # .delete is expensive, don't invoke it unless necessary
+        @names[k] = @names[canonical] = k
+        super k, v
+      end
+
+      def delete(k)
+        canonical = k.downcase
+        result = super @names.delete(canonical)
+        @names.delete_if { |name,| name.downcase == canonical }
+        result
+      end
+
+      def include?(k)
+        @names.include?(k) || @names.include?(k.downcase)
+      end
+
+      alias_method :has_key?, :include?
+      alias_method :member?, :include?
+      alias_method :key?, :include?
+
+      def merge!(other)
+        other.each { |k, v| self[k] = v }
+        self
+      end
+
+      def merge(other)
+        hash = dup
+        hash.merge! other
+      end
+
+      def replace(other)
+        clear
+        other.each { |k, v| self[k] = v }
+        self
+      end
+    end
   end
 end

data/puma.gemspec

@@ -36,18 +36,15 @@ Gem::Specification.new do |s|
     s.specification_version = 3
 
     if Gem::Version.new(Gem::VERSION) >= Gem::Version.new('1.2.0') then
-      s.add_runtime_dependency(%q<rack>, ["< 2.0", ">= 1.1"])
       s.add_development_dependency(%q<rdoc>, ["~> 4.0"])
       s.add_development_dependency(%q<rake-compiler>, ["~> 0.8.0"])
       s.add_development_dependency(%q<hoe>, ["~> 3.6"])
     else
-      s.add_dependency(%q<rack>, ["< 2.0", ">= 1.1"])
       s.add_dependency(%q<rdoc>, ["~> 4.0"])
       s.add_dependency(%q<rake-compiler>, ["~> 0.8.0"])
       s.add_dependency(%q<hoe>, ["~> 3.6"])
     end
   else
-    s.add_dependency(%q<rack>, ["< 2.0", ">= 1.1"])
     s.add_dependency(%q<rdoc>, ["~> 4.0"])
     s.add_dependency(%q<rake-compiler>, ["~> 0.8.0"])
     s.add_dependency(%q<hoe>, ["~> 3.6"])

data/test/test_config.rb

@@ -4,6 +4,16 @@ require 'puma'
 require 'puma/configuration'
 
 class TestConfigFile < Test::Unit::TestCase
+  def test_app_from_rackup
+    opts = {:rackup => "test/hello-bind.ru"}
+    conf = Puma::Configuration.new opts
+    conf.load
+
+    conf.app
+
+    assert_equal ["tcp://127.0.0.1:9292"], conf.options[:binds]
+  end
+
   def test_app_from_app_DSL
     opts = { :config_file => "test/config/app.rb" }
     conf = Puma::Configuration.new opts

data/test/test_http11.rb

@@ -94,7 +94,7 @@ class Http11ParserTest < Test::Unit::TestCase
     parser.reset
 
     # Raise exception if URI path length > 2048
-    path = "/" + rand_data(2049, 100)
+    path = "/" + rand_data(3000, 100)
     http = "GET #{path} HTTP/1.1\r\n\r\n"
     assert_raises Puma::HttpParserError do
       parser.execute(req, http, 0)

data/test/test_puma_server.rb

@@ -369,7 +369,30 @@ class TestPumaServer < Test::Unit::TestCase
 
     assert_equal "HTTP/1.0 200 OK\r\nContent-Type: plain/text\r\nContent-Length: 5\r\n\r\nhello", data
   end
+  
+  def test_http_10_partial_hijack_with_content_length
+    body_parts = ['abc', 'de']
+    
+    @server.app = proc do |env| 
+      hijack_lambda = proc do | io |
+        io.write(body_parts[0])
+        io.write(body_parts[1])
+        io.close
+      end
+      [200, {"Content-Length" => "5", 'rack.hijack' => hijack_lambda}, nil]
+    end
+
+    @server.add_tcp_listener @host, @port
+    @server.run
+
+    sock = TCPSocket.new @host, @port
+    sock << "GET / HTTP/1.0\r\nConnection: close\r\n\r\n"
 
+    data = sock.read
+
+    assert_equal "HTTP/1.0 200 OK\r\nContent-Length: 5\r\n\r\nabcde", data
+  end
+  
   def test_http_10_keep_alive_without_body
     @server.app = proc { |env| [204, {}, []] }
 

data/test/test_puma_server_ssl.rb

@@ -8,6 +8,16 @@ require 'puma/server'
 
 require 'net/https'
 
+class SSLEventsHelper < ::Puma::Events
+  attr_accessor :addr, :cert, :error
+
+  def ssl_error(server, peeraddr, peercert, error)
+    self.addr = peeraddr
+    self.cert = peercert
+    self.error = error
+  end
+end
+
 class TestPumaServerSSL < Test::Unit::TestCase
 
   def setup
@@ -28,7 +38,7 @@ class TestPumaServerSSL < Test::Unit::TestCase
 
     @ctx.verify_mode = Puma::MiniSSL::VERIFY_NONE
 
-    @events = Puma::Events.new STDOUT, STDERR
+    @events = SSLEventsHelper.new STDOUT, STDERR
     @server = Puma::Server.new @app, @events
     @server.add_ssl_listener @host, @port, @ctx
     @server.run
@@ -95,6 +105,94 @@ class TestPumaServerSSL < Test::Unit::TestCase
         Net::HTTP::Get.new '/'
       end
     end
+    unless defined?(JRUBY_VERSION)
+      assert_match("wrong version number", @events.error.message) if @events.error
+    end
   end
 
-end
+end
+
+# client-side TLS authentication tests
+unless defined?(JRUBY_VERSION)
+  class TestPumaServerSSLClient < Test::Unit::TestCase
+
+    def assert_ssl_client_error_match(error, subject=nil, &blk)
+      @port = 3212
+      @host = "127.0.0.1"
+
+      @app = lambda { |env| [200, {}, [env['rack.url_scheme']]] }
+
+      @ctx = Puma::MiniSSL::Context.new
+      @ctx.key = File.expand_path "../../examples/puma/client-certs/server.key", __FILE__
+      @ctx.cert = File.expand_path "../../examples/puma/client-certs/server.crt", __FILE__
+      @ctx.ca = File.expand_path "../../examples/puma/client-certs/ca.crt", __FILE__
+      @ctx.verify_mode = Puma::MiniSSL::VERIFY_PEER | Puma::MiniSSL::VERIFY_FAIL_IF_NO_PEER_CERT
+
+      events = SSLEventsHelper.new STDOUT, STDERR
+      @server = Puma::Server.new @app, events
+      @server.add_ssl_listener @host, @port, @ctx
+      @server.run
+
+      @http = Net::HTTP.new @host, @port
+      @http.use_ssl = true
+      @http.verify_mode = OpenSSL::SSL::VERIFY_NONE
+
+      blk.call(@http)
+
+      client_error = false
+      begin
+        @http.start do
+          req = Net::HTTP::Get.new "/", {}
+          @http.request(req)
+        end
+      rescue OpenSSL::SSL::SSLError
+        client_error = true
+      end
+
+      sleep 0.1
+      assert_equal !!error, client_error
+      assert_match error, events.error.message if error
+      assert_equal @host, events.addr if error
+      assert_equal subject, events.cert.subject.to_s if subject
+    ensure
+      @server.stop(true)
+    end
+
+    def test_verify_fail_if_no_client_cert
+      assert_ssl_client_error_match 'peer did not return a certificate' do |http|
+        # nothing
+      end
+    end
+
+    def test_verify_fail_if_client_unknown_ca
+      assert_ssl_client_error_match('self signed certificate in certificate chain', '/DC=net/DC=puma/CN=ca-unknown') do |http|
+        key = File.expand_path "../../examples/puma/client-certs/client_unknown.key", __FILE__
+        crt = File.expand_path "../../examples/puma/client-certs/client_unknown.crt", __FILE__
+        http.key = OpenSSL::PKey::RSA.new File.read(key)
+        http.cert = OpenSSL::X509::Certificate.new File.read(crt)
+        http.ca_file = File.expand_path "../../examples/puma/client-certs/unknown_ca.crt", __FILE__
+      end
+    end
+
+    def test_verify_fail_if_client_expired_cert
+      assert_ssl_client_error_match('certificate has expired', '/DC=net/DC=puma/CN=client-expired') do |http|
+        key = File.expand_path "../../examples/puma/client-certs/client_expired.key", __FILE__
+        crt = File.expand_path "../../examples/puma/client-certs/client_expired.crt", __FILE__
+        http.key = OpenSSL::PKey::RSA.new File.read(key)
+        http.cert = OpenSSL::X509::Certificate.new File.read(crt)
+        http.ca_file = File.expand_path "../../examples/puma/client-certs/ca.crt", __FILE__
+      end
+    end
+
+    def test_verify_client_cert
+      assert_ssl_client_error_match(nil) do |http|
+        key = File.expand_path "../../examples/puma/client-certs/client.key", __FILE__
+        crt = File.expand_path "../../examples/puma/client-certs/client.crt", __FILE__
+        http.key = OpenSSL::PKey::RSA.new File.read(key)
+        http.cert = OpenSSL::X509::Certificate.new File.read(crt)
+        http.ca_file = File.expand_path "../../examples/puma/client-certs/ca.crt", __FILE__
+        http.verify_mode = OpenSSL::SSL::VERIFY_PEER
+      end
+    end
+  end
+end