puma 3.11.4 → 4.2.0

data/ext/puma_http11/http11_parser.c

@@ -38,7 +38,7 @@ static void snake_upcase_char(char *c)
 
 #line 40 "ext/puma_http11/http11_parser.c"
 static const int puma_parser_start = 1;
-static const int puma_parser_first_final = 47;
+static const int puma_parser_first_final = 46;
 static const int puma_parser_error = 0;
 
 static const int puma_parser_en_main = 1;
@@ -117,17 +117,17 @@ case 2:
 #line 118 "ext/puma_http11/http11_parser.c"
 	switch( (*p) ) {
 		case 32: goto tr2;
-		case 36: goto st28;
-		case 95: goto st28;
+		case 36: goto st27;
+		case 95: goto st27;
 	}
 	if ( (*p) < 48 ) {
 		if ( 45 <= (*p) && (*p) <= 46 )
-			goto st28;
+			goto st27;
 	} else if ( (*p) > 57 ) {
 		if ( 65 <= (*p) && (*p) <= 90 )
-			goto st28;
+			goto st27;
 	} else
-		goto st28;
+		goto st27;
 	goto st0;
 tr2:
 #line 48 "ext/puma_http11/http11_parser.rl"
@@ -199,7 +199,7 @@ tr37:
     parser->request_uri(parser, PTR_TO(mark), LEN(mark, p));
   }
 	goto st5;
-tr44:
+tr41:
 #line 58 "ext/puma_http11/http11_parser.rl"
 	{ MARK(query_start, p); }
 #line 59 "ext/puma_http11/http11_parser.rl"
@@ -211,7 +211,7 @@ tr44:
     parser->request_uri(parser, PTR_TO(mark), LEN(mark, p));
   }
 	goto st5;
-tr47:
+tr44:
 #line 59 "ext/puma_http11/http11_parser.rl"
 	{
     parser->query_string(parser, PTR_TO(query_start), LEN(query_start, p));
@@ -362,13 +362,13 @@ tr22:
 	{
     parser->body_start = p - buffer + 1;
     parser->header_done(parser, p + 1, pe - p - 1);
-    {p++; cs = 47; goto _out;}
+    {p++; cs = 46; goto _out;}
   }
-	goto st47;
-st47:
+	goto st46;
+st46:
 	if ( ++p == pe )
-		goto _test_eof47;
-case 47:
+		goto _test_eof46;
+case 46:
 #line 373 "ext/puma_http11/http11_parser.c"
 	goto st0;
 tr21:
@@ -458,7 +458,7 @@ tr38:
     parser->request_uri(parser, PTR_TO(mark), LEN(mark, p));
   }
 	goto st20;
-tr45:
+tr42:
 #line 58 "ext/puma_http11/http11_parser.rl"
 	{ MARK(query_start, p); }
 #line 59 "ext/puma_http11/http11_parser.rl"
@@ -470,7 +470,7 @@ tr45:
     parser->request_uri(parser, PTR_TO(mark), LEN(mark, p));
   }
 	goto st20;
-tr48:
+tr45:
 #line 59 "ext/puma_http11/http11_parser.rl"
 	{
     parser->query_string(parser, PTR_TO(query_start), LEN(query_start, p));
@@ -576,10 +576,9 @@ case 24:
 		case 32: goto tr37;
 		case 34: goto st0;
 		case 35: goto tr38;
-		case 59: goto tr39;
 		case 60: goto st0;
 		case 62: goto st0;
-		case 63: goto tr40;
+		case 63: goto tr39;
 		case 127: goto st0;
 	}
 	if ( 0 <= (*p) && (*p) <= 31 )
@@ -595,30 +594,27 @@ st25:
 	if ( ++p == pe )
 		goto _test_eof25;
 case 25:
-#line 599 "ext/puma_http11/http11_parser.c"
+#line 598 "ext/puma_http11/http11_parser.c"
 	switch( (*p) ) {
-		case 32: goto tr8;
+		case 32: goto tr41;
 		case 34: goto st0;
-		case 35: goto tr9;
+		case 35: goto tr42;
 		case 60: goto st0;
 		case 62: goto st0;
-		case 63: goto st26;
 		case 127: goto st0;
 	}
 	if ( 0 <= (*p) && (*p) <= 31 )
 		goto st0;
-	goto st25;
+	goto tr40;
 tr40:
-#line 67 "ext/puma_http11/http11_parser.rl"
-	{
-    parser->request_path(parser, PTR_TO(mark), LEN(mark,p));
-  }
+#line 58 "ext/puma_http11/http11_parser.rl"
+	{ MARK(query_start, p); }
 	goto st26;
 st26:
 	if ( ++p == pe )
 		goto _test_eof26;
 case 26:
-#line 622 "ext/puma_http11/http11_parser.c"
+#line 618 "ext/puma_http11/http11_parser.c"
 	switch( (*p) ) {
 		case 32: goto tr44;
 		case 34: goto st0;
@@ -629,27 +625,25 @@ case 26:
 	}
 	if ( 0 <= (*p) && (*p) <= 31 )
 		goto st0;
-	goto tr43;
-tr43:
-#line 58 "ext/puma_http11/http11_parser.rl"
-	{ MARK(query_start, p); }
-	goto st27;
+	goto st26;
 st27:
 	if ( ++p == pe )
 		goto _test_eof27;
 case 27:
-#line 642 "ext/puma_http11/http11_parser.c"
 	switch( (*p) ) {
-		case 32: goto tr47;
-		case 34: goto st0;
-		case 35: goto tr48;
-		case 60: goto st0;
-		case 62: goto st0;
-		case 127: goto st0;
+		case 32: goto tr2;
+		case 36: goto st28;
+		case 95: goto st28;
 	}
-	if ( 0 <= (*p) && (*p) <= 31 )
-		goto st0;
-	goto st27;
+	if ( (*p) < 48 ) {
+		if ( 45 <= (*p) && (*p) <= 46 )
+			goto st28;
+	} else if ( (*p) > 57 ) {
+		if ( 65 <= (*p) && (*p) <= 90 )
+			goto st28;
+	} else
+		goto st28;
+	goto st0;
 st28:
 	if ( ++p == pe )
 		goto _test_eof28;
@@ -960,24 +954,6 @@ st45:
 	if ( ++p == pe )
 		goto _test_eof45;
 case 45:
-	switch( (*p) ) {
-		case 32: goto tr2;
-		case 36: goto st46;
-		case 95: goto st46;
-	}
-	if ( (*p) < 48 ) {
-		if ( 45 <= (*p) && (*p) <= 46 )
-			goto st46;
-	} else if ( (*p) > 57 ) {
-		if ( 65 <= (*p) && (*p) <= 90 )
-			goto st46;
-	} else
-		goto st46;
-	goto st0;
-st46:
-	if ( ++p == pe )
-		goto _test_eof46;
-case 46:
 	if ( (*p) == 32 )
 		goto tr2;
 	goto st0;
@@ -997,7 +973,7 @@ case 46:
 	_test_eof14: cs = 14; goto _test_eof; 
 	_test_eof15: cs = 15; goto _test_eof; 
 	_test_eof16: cs = 16; goto _test_eof; 
-	_test_eof47: cs = 47; goto _test_eof; 
+	_test_eof46: cs = 46; goto _test_eof; 
 	_test_eof17: cs = 17; goto _test_eof; 
 	_test_eof18: cs = 18; goto _test_eof; 
 	_test_eof19: cs = 19; goto _test_eof; 
@@ -1027,7 +1003,6 @@ case 46:
 	_test_eof43: cs = 43; goto _test_eof; 
 	_test_eof44: cs = 44; goto _test_eof; 
 	_test_eof45: cs = 45; goto _test_eof; 
-	_test_eof46: cs = 46; goto _test_eof; 
 
 	_test_eof: {}
 	_out: {}

data/ext/puma_http11/http11_parser_common.rl

@@ -1,5 +1,5 @@
 %%{
-  
+
   machine puma_parser_common;
 
 #### HTTP PROTOCOL GRAMMAR
@@ -16,7 +16,7 @@
   unreserved = (alpha | digit | safe | extra | national);
   escape = ("%" xdigit xdigit);
   uchar = (unreserved | escape | "%");
-  pchar = (uchar | ":" | "@" | "&" | "=" | "+");
+  pchar = (uchar | ":" | "@" | "&" | "=" | "+" | ";");
   tspecials = ("(" | ")" | "<" | ">" | "@" | "," | ";" | ":" | "\\" | "\"" | "/" | "[" | "]" | "?" | "=" | "{" | "}" | " " | "\t");
 
 # elements
@@ -30,7 +30,7 @@
   query = ( uchar | reserved )* %query_string ;
   param = ( pchar | "/" )* ;
   params = ( param ( ";" param )* ) ;
-  rel_path = ( path? %request_path (";" params)? ) ("?" %start_query query)?;
+  rel_path = ( path? %request_path ) ("?" %start_query query)?;
   absolute_path = ( "/"+ rel_path );
 
   Request_URI = ( "*" | absolute_uri | absolute_path ) >mark %request_uri;

data/ext/puma_http11/mini_ssl.c

@@ -142,6 +142,7 @@ VALUE engine_init_server(VALUE self, VALUE mini_ssl_ctx) {
   VALUE obj;
   SSL_CTX* ctx;
   SSL* ssl;
+  int min, ssl_options;
 
   ms_conn* conn = engine_alloc(self, &obj);
 
@@ -161,7 +162,20 @@ VALUE engine_init_server(VALUE self, VALUE mini_ssl_ctx) {
   ID sym_verify_mode = rb_intern("verify_mode");
   VALUE verify_mode = rb_funcall(mini_ssl_ctx, sym_verify_mode, 0);
 
+  ID sym_ssl_cipher_filter = rb_intern("ssl_cipher_filter");
+  VALUE ssl_cipher_filter = rb_funcall(mini_ssl_ctx, sym_ssl_cipher_filter, 0);
+
+  ID sym_no_tlsv1 = rb_intern("no_tlsv1");
+  VALUE no_tlsv1 = rb_funcall(mini_ssl_ctx, sym_no_tlsv1, 0);
+
+  ID sym_no_tlsv1_1 = rb_intern("no_tlsv1_1");
+  VALUE no_tlsv1_1 = rb_funcall(mini_ssl_ctx, sym_no_tlsv1_1, 0);
+
+#ifdef HAVE_TLS_SERVER_METHOD
+  ctx = SSL_CTX_new(TLS_server_method());
+#else
   ctx = SSL_CTX_new(SSLv23_server_method());
+#endif
   conn->ctx = ctx;
 
   SSL_CTX_use_certificate_chain_file(ctx, RSTRING_PTR(cert));
@@ -172,20 +186,61 @@ VALUE engine_init_server(VALUE self, VALUE mini_ssl_ctx) {
     SSL_CTX_load_verify_locations(ctx, RSTRING_PTR(ca), NULL);
   }
 
-  SSL_CTX_set_options(ctx, SSL_OP_CIPHER_SERVER_PREFERENCE | SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3 | SSL_OP_SINGLE_DH_USE | SSL_OP_SINGLE_ECDH_USE | SSL_OP_NO_COMPRESSION);
+  ssl_options = SSL_OP_CIPHER_SERVER_PREFERENCE | SSL_OP_SINGLE_ECDH_USE | SSL_OP_NO_COMPRESSION;
+
+#ifdef HAVE_SSL_CTX_SET_MIN_PROTO_VERSION
+  if (RTEST(no_tlsv1_1)) {
+    min = TLS1_2_VERSION;
+  }
+  else if (RTEST(no_tlsv1)) {
+    min = TLS1_1_VERSION;
+  }
+  else {
+    min = TLS1_VERSION;
+  }
+  
+  SSL_CTX_set_min_proto_version(ctx, min);
+
+  SSL_CTX_set_options(ctx, ssl_options);
+
+#else
+  /* As of 1.0.2f, SSL_OP_SINGLE_DH_USE key use is always on */
+  ssl_options |= SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3 | SSL_OP_SINGLE_DH_USE;
+
+  if (RTEST(no_tlsv1)) {
+    ssl_options |= SSL_OP_NO_TLSv1;
+  }
+  if(RTEST(no_tlsv1_1)) {
+    ssl_options |= SSL_OP_NO_TLSv1 | SSL_OP_NO_TLSv1_1;
+  }
+  SSL_CTX_set_options(ctx, ssl_options);
+#endif
+
   SSL_CTX_set_session_cache_mode(ctx, SSL_SESS_CACHE_OFF);
 
-  SSL_CTX_set_cipher_list(ctx, "HIGH:!aNULL@STRENGTH");
+  if (!NIL_P(ssl_cipher_filter)) {
+    StringValue(ssl_cipher_filter);
+    SSL_CTX_set_cipher_list(ctx, RSTRING_PTR(ssl_cipher_filter));
+  }
+  else {
+    SSL_CTX_set_cipher_list(ctx, "HIGH:!aNULL@STRENGTH");
+  }
 
   DH *dh = get_dh1024();
   SSL_CTX_set_tmp_dh(ctx, dh);
 
-#ifndef OPENSSL_NO_ECDH
-  EC_KEY *ecdh = EC_KEY_new_by_curve_name(NID_secp521r1);
+#if OPENSSL_VERSION_NUMBER < 0x10002000L
+  // Remove this case if OpenSSL 1.0.1 (now EOL) support is no
+  // longer needed.
+  EC_KEY *ecdh = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1);
   if (ecdh) {
     SSL_CTX_set_tmp_ecdh(ctx, ecdh);
     EC_KEY_free(ecdh);
   }
+#elif OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
+  // Prior to OpenSSL 1.1.0, servers must manually enable server-side ECDH
+  // negotiation.
+  SSL_CTX_set_ecdh_auto(ctx, 1);
 #endif
 
   ssl = SSL_new(ctx);
@@ -207,8 +262,11 @@ VALUE engine_init_server(VALUE self, VALUE mini_ssl_ctx) {
 VALUE engine_init_client(VALUE klass) {
   VALUE obj;
   ms_conn* conn = engine_alloc(klass, &obj);
-
+#ifdef HAVE_DTLS_METHOD
+  conn->ctx = SSL_CTX_new(DTLS_method());
+#else
   conn->ctx = SSL_CTX_new(DTLSv1_method());
+#endif
   conn->ssl = SSL_new(conn->ctx);
   SSL_set_app_data(conn->ssl, NULL);
   SSL_set_verify(conn->ssl, SSL_VERIFY_NONE, NULL);
@@ -424,6 +482,39 @@ void Init_mini_ssl(VALUE puma) {
   mod = rb_define_module_under(puma, "MiniSSL");
   eng = rb_define_class_under(mod, "Engine", rb_cObject);
 
+  // OpenSSL Build / Runtime/Load versions
+
+  /* Version of OpenSSL that Puma was compiled with */
+  rb_define_const(mod, "OPENSSL_VERSION", rb_str_new2(OPENSSL_VERSION_TEXT));
+
+#if !defined(LIBRESSL_VERSION_NUMBER) && OPENSSL_VERSION_NUMBER >= 0x10100000
+  /* Version of OpenSSL that Puma loaded with */
+  rb_define_const(mod, "OPENSSL_LIBRARY_VERSION", rb_str_new2(OpenSSL_version(OPENSSL_VERSION)));
+#else
+  rb_define_const(mod, "OPENSSL_LIBRARY_VERSION", rb_str_new2(SSLeay_version(SSLEAY_VERSION)));
+#endif
+ 
+#if defined(OPENSSL_NO_SSL3) || defined(OPENSSL_NO_SSL3_METHOD) 
+  /* True if SSL3 is not available */ 
+  rb_define_const(mod, "OPENSSL_NO_SSL3", Qtrue); 
+#else 
+  rb_define_const(mod, "OPENSSL_NO_SSL3", Qfalse); 
+#endif 
+
+#if defined(OPENSSL_NO_TLS1) || defined(OPENSSL_NO_TLS1_METHOD) 
+  /* True if TLS1 is not available */ 
+  rb_define_const(mod, "OPENSSL_NO_TLS1", Qtrue); 
+#else 
+  rb_define_const(mod, "OPENSSL_NO_TLS1", Qfalse); 
+#endif 
+
+#if defined(OPENSSL_NO_TLS1_1) || defined(OPENSSL_NO_TLS1_1_METHOD) 
+  /* True if TLS1_1 is not available */ 
+  rb_define_const(mod, "OPENSSL_NO_TLS1_1", Qtrue); 
+#else 
+  rb_define_const(mod, "OPENSSL_NO_TLS1_1", Qfalse); 
+#endif 
+
   rb_define_singleton_method(mod, "check", noop, 0);
 
   eError = rb_define_class_under(mod, "SSLError", rb_eStandardError);

data/ext/puma_http11/org/jruby/puma/IOBuffer.java

@@ -0,0 +1,72 @@
+package org.jruby.puma;
+
+import org.jruby.*;
+import org.jruby.anno.JRubyMethod;
+import org.jruby.runtime.ObjectAllocator;
+import org.jruby.runtime.ThreadContext;
+import org.jruby.runtime.builtin.IRubyObject;
+import org.jruby.util.ByteList;
+
+/**
+ * @author kares
+ */
+public class IOBuffer extends RubyObject {
+
+    private static final ObjectAllocator ALLOCATOR = new ObjectAllocator() {
+        public IRubyObject allocate(Ruby runtime, RubyClass klass) {
+            return new IOBuffer(runtime, klass);
+        }
+    };
+
+    public static void createIOBuffer(Ruby runtime) {
+        RubyModule mPuma = runtime.defineModule("Puma");
+        RubyClass cIOBuffer = mPuma.defineClassUnder("IOBuffer", runtime.getObject(), ALLOCATOR);
+        cIOBuffer.defineAnnotatedMethods(IOBuffer.class);
+    }
+
+    private static final int DEFAULT_SIZE = 4096;
+
+    final ByteList buffer = new ByteList(DEFAULT_SIZE);
+
+    IOBuffer(Ruby runtime, RubyClass klass) {
+        super(runtime, klass);
+    }
+
+    @JRubyMethod
+    public RubyInteger used(ThreadContext context) {
+        return context.runtime.newFixnum(buffer.getRealSize());
+    }
+
+    @JRubyMethod
+    public RubyInteger capacity(ThreadContext context) {
+        return context.runtime.newFixnum(buffer.unsafeBytes().length);
+    }
+
+    @JRubyMethod
+    public IRubyObject reset() {
+        buffer.setRealSize(0);
+        return this;
+    }
+
+    @JRubyMethod(name = { "to_s", "to_str" })
+    public RubyString to_s(ThreadContext context) {
+        return RubyString.newStringShared(context.runtime, buffer.unsafeBytes(), 0, buffer.getRealSize());
+    }
+
+    @JRubyMethod(name = "<<")
+    public IRubyObject add(IRubyObject str) {
+        addImpl(str.convertToString());
+        return this;
+    }
+
+    @JRubyMethod(rest = true)
+    public IRubyObject append(IRubyObject[] strs) {
+        for (IRubyObject str : strs) addImpl(str.convertToString());
+        return this;
+    }
+
+    private void addImpl(RubyString str) {
+        buffer.append(str.getByteList());
+    }
+
+}

data/ext/puma_http11/org/jruby/puma/MiniSSL.java

@@ -23,6 +23,7 @@ import javax.net.ssl.SSLPeerUnverifiedException;
 import javax.net.ssl.SSLSession;
 import java.io.FileInputStream;
 import java.io.IOException;
+import java.nio.Buffer;
 import java.nio.ByteBuffer;
 import java.security.KeyManagementException;
 import java.security.KeyStore;
@@ -65,7 +66,7 @@ public class MiniSSL extends RubyObject {
 
     public void clear() { buffer.clear(); }
     public void compact() { buffer.compact(); }
-    public void flip() { buffer.flip(); }
+    public void flip() { ((Buffer) buffer).flip(); }
     public boolean hasRemaining() { return buffer.hasRemaining(); }
     public int position() { return buffer.position(); }
 
@@ -89,7 +90,7 @@ public class MiniSSL extends RubyObject {
     public void resize(int newCapacity) {
       if (newCapacity > buffer.capacity()) {
         ByteBuffer dstTmp = ByteBuffer.allocate(newCapacity);
-        buffer.flip();
+        flip();
         dstTmp.put(buffer);
         buffer = dstTmp;
       } else {
@@ -101,7 +102,7 @@ public class MiniSSL extends RubyObject {
      * Drains the buffer to a ByteList, or returns null for an empty buffer
      */
     public ByteList asByteList() {
-      buffer.flip();
+      flip();
       if (!buffer.hasRemaining()) {
         buffer.clear();
         return null;
@@ -158,7 +159,17 @@ public class MiniSSL extends RubyObject {
     sslCtx.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null);
     engine = sslCtx.createSSLEngine();
 
-    String[] protocols = new String[] { "TLSv1", "TLSv1.1", "TLSv1.2" };
+    String[] protocols;
+    if(miniSSLContext.callMethod(threadContext, "no_tlsv1").isTrue()) {
+        protocols = new String[] { "TLSv1.1", "TLSv1.2" };
+    } else {
+        protocols = new String[] { "TLSv1", "TLSv1.1", "TLSv1.2" };
+    }
+
+    if(miniSSLContext.callMethod(threadContext, "no_tlsv1_1").isTrue()) {
+        protocols = new String[] { "TLSv1.2" };
+    }
+
     engine.setEnabledProtocols(protocols);
     engine.setUseClientMode(false);
 
@@ -170,6 +181,12 @@ public class MiniSSL extends RubyObject {
         engine.setNeedClientAuth(true);
     }
 
+    IRubyObject sslCipherListObject = miniSSLContext.callMethod(threadContext, "ssl_cipher_list");
+    if (!sslCipherListObject.isNil()) {
+      String[] sslCipherList = sslCipherListObject.convertToString().asJavaString().split(",");
+      engine.setEnabledCipherSuites(sslCipherList);
+    }
+
     SSLSession session = engine.getSession();
     inboundNetData = new MiniSSLBuffer(session.getPacketBufferSize());
     outboundAppData = new MiniSSLBuffer(session.getApplicationBufferSize());

data/lib/puma/accept_nonblock.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 require 'openssl'
 
 module OpenSSL
@@ -13,7 +15,11 @@ module OpenSSL
             ssl.accept if @start_immediately
             ssl
           rescue SSLError => ex
-            sock.close
+            if ssl
+              ssl.close
+            else
+              sock.close
+            end
             raise ex
           end
         end

data/lib/puma/app/status.rb

@@ -1,26 +1,17 @@
+# frozen_string_literal: true
+
+require 'json'
+
 module Puma
   module App
+    # Check out {#call}'s source code to see what actions this web application
+    # can respond to.
     class Status
-      def initialize(cli)
-        @cli = cli
-        @auth_token = nil
-      end
       OK_STATUS = '{ "status": "ok" }'.freeze
 
-      attr_accessor :auth_token
-
-      def authenticate(env)
-        return true unless @auth_token
-        env['QUERY_STRING'].to_s.split(/&;/).include?("token=#{@auth_token}")
-      end
-
-      def rack_response(status, body, content_type='application/json')
-        headers = {
-          'Content-Type' => content_type,
-          'Content-Length' => body.bytesize.to_s
-        }
-
-        [status, headers, [body]]
+      def initialize(cli, token = nil)
+        @cli = cli
+        @auth_token = token
       end
 
       def call(env)
@@ -31,44 +22,59 @@ module Puma
         case env['PATH_INFO']
         when /\/stop$/
           @cli.stop
-          return rack_response(200, OK_STATUS)
+          rack_response(200, OK_STATUS)
 
         when /\/halt$/
           @cli.halt
-          return rack_response(200, OK_STATUS)
+          rack_response(200, OK_STATUS)
 
         when /\/restart$/
           @cli.restart
-          return rack_response(200, OK_STATUS)
+          rack_response(200, OK_STATUS)
 
         when /\/phased-restart$/
           if !@cli.phased_restart
-            return rack_response(404, '{ "error": "phased restart not available" }')
+            rack_response(404, '{ "error": "phased restart not available" }')
           else
-            return rack_response(200, OK_STATUS)
+            rack_response(200, OK_STATUS)
           end
 
         when /\/reload-worker-directory$/
           if !@cli.send(:reload_worker_directory)
-            return rack_response(404, '{ "error": "reload_worker_directory not available" }')
+            rack_response(404, '{ "error": "reload_worker_directory not available" }')
           else
-            return rack_response(200, OK_STATUS)
+            rack_response(200, OK_STATUS)
           end
 
         when /\/gc$/
           GC.start
-          return rack_response(200, OK_STATUS)
+          rack_response(200, OK_STATUS)
 
         when /\/gc-stats$/
-          json = "{" + GC.stat.map { |k, v| "\"#{k}\": #{v}" }.join(",") + "}"
-          return rack_response(200, json)
+          rack_response(200, GC.stat.to_json)
 
         when /\/stats$/
-          return rack_response(200, @cli.stats)
+          rack_response(200, @cli.stats)
         else
           rack_response 404, "Unsupported action", 'text/plain'
         end
       end
+
+      private
+
+      def authenticate(env)
+        return true unless @auth_token
+        env['QUERY_STRING'].to_s.split(/&;/).include?("token=#{@auth_token}")
+      end
+
+      def rack_response(status, body, content_type='application/json')
+        headers = {
+          'Content-Type' => content_type,
+          'Content-Length' => body.bytesize.to_s
+        }
+
+        [status, headers, [body]]
+      end
     end
   end
 end