puma 3.8.2 → 4.3.12

data/ext/puma_http11/org/jruby/puma/IOBuffer.java

@@ -0,0 +1,72 @@
+package org.jruby.puma;
+
+import org.jruby.*;
+import org.jruby.anno.JRubyMethod;
+import org.jruby.runtime.ObjectAllocator;
+import org.jruby.runtime.ThreadContext;
+import org.jruby.runtime.builtin.IRubyObject;
+import org.jruby.util.ByteList;
+
+/**
+ * @author kares
+ */
+public class IOBuffer extends RubyObject {
+
+    private static final ObjectAllocator ALLOCATOR = new ObjectAllocator() {
+        public IRubyObject allocate(Ruby runtime, RubyClass klass) {
+            return new IOBuffer(runtime, klass);
+        }
+    };
+
+    public static void createIOBuffer(Ruby runtime) {
+        RubyModule mPuma = runtime.defineModule("Puma");
+        RubyClass cIOBuffer = mPuma.defineClassUnder("IOBuffer", runtime.getObject(), ALLOCATOR);
+        cIOBuffer.defineAnnotatedMethods(IOBuffer.class);
+    }
+
+    private static final int DEFAULT_SIZE = 4096;
+
+    final ByteList buffer = new ByteList(DEFAULT_SIZE);
+
+    IOBuffer(Ruby runtime, RubyClass klass) {
+        super(runtime, klass);
+    }
+
+    @JRubyMethod
+    public RubyInteger used(ThreadContext context) {
+        return context.runtime.newFixnum(buffer.getRealSize());
+    }
+
+    @JRubyMethod
+    public RubyInteger capacity(ThreadContext context) {
+        return context.runtime.newFixnum(buffer.unsafeBytes().length);
+    }
+
+    @JRubyMethod
+    public IRubyObject reset() {
+        buffer.setRealSize(0);
+        return this;
+    }
+
+    @JRubyMethod(name = { "to_s", "to_str" })
+    public RubyString to_s(ThreadContext context) {
+        return RubyString.newStringShared(context.runtime, buffer.unsafeBytes(), 0, buffer.getRealSize());
+    }
+
+    @JRubyMethod(name = "<<")
+    public IRubyObject add(IRubyObject str) {
+        addImpl(str.convertToString());
+        return this;
+    }
+
+    @JRubyMethod(rest = true)
+    public IRubyObject append(IRubyObject[] strs) {
+        for (IRubyObject str : strs) addImpl(str.convertToString());
+        return this;
+    }
+
+    private void addImpl(RubyString str) {
+        buffer.append(str.getByteList());
+    }
+
+}

data/ext/puma_http11/org/jruby/puma/MiniSSL.java

@@ -6,6 +6,7 @@ import org.jruby.RubyModule;
 import org.jruby.RubyObject;
 import org.jruby.RubyString;
 import org.jruby.anno.JRubyMethod;
+import org.jruby.javasupport.JavaEmbedUtils;
 import org.jruby.runtime.Block;
 import org.jruby.runtime.ObjectAllocator;
 import org.jruby.runtime.ThreadContext;
@@ -18,15 +19,18 @@ import javax.net.ssl.SSLContext;
 import javax.net.ssl.SSLEngine;
 import javax.net.ssl.SSLEngineResult;
 import javax.net.ssl.SSLException;
+import javax.net.ssl.SSLPeerUnverifiedException;
 import javax.net.ssl.SSLSession;
 import java.io.FileInputStream;
 import java.io.IOException;
+import java.nio.Buffer;
 import java.nio.ByteBuffer;
 import java.security.KeyManagementException;
 import java.security.KeyStore;
 import java.security.KeyStoreException;
 import java.security.NoSuchAlgorithmException;
 import java.security.UnrecoverableKeyException;
+import java.security.cert.CertificateEncodingException;
 import java.security.cert.CertificateException;
 
 import static javax.net.ssl.SSLEngineResult.Status;
@@ -62,7 +66,7 @@ public class MiniSSL extends RubyObject {
 
     public void clear() { buffer.clear(); }
     public void compact() { buffer.compact(); }
-    public void flip() { buffer.flip(); }
+    public void flip() { ((Buffer) buffer).flip(); }
     public boolean hasRemaining() { return buffer.hasRemaining(); }
     public int position() { return buffer.position(); }
 
@@ -86,7 +90,7 @@ public class MiniSSL extends RubyObject {
     public void resize(int newCapacity) {
       if (newCapacity > buffer.capacity()) {
         ByteBuffer dstTmp = ByteBuffer.allocate(newCapacity);
-        buffer.flip();
+        flip();
         dstTmp.put(buffer);
         buffer = dstTmp;
       } else {
@@ -98,7 +102,7 @@ public class MiniSSL extends RubyObject {
      * Drains the buffer to a ByteList, or returns null for an empty buffer
      */
     public ByteList asByteList() {
-      buffer.flip();
+      flip();
       if (!buffer.hasRemaining()) {
         buffer.clear();
         return null;
@@ -155,7 +159,17 @@ public class MiniSSL extends RubyObject {
     sslCtx.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null);
     engine = sslCtx.createSSLEngine();
 
-    String[] protocols = new String[] { "TLSv1", "TLSv1.1", "TLSv1.2" };
+    String[] protocols;
+    if(miniSSLContext.callMethod(threadContext, "no_tlsv1").isTrue()) {
+        protocols = new String[] { "TLSv1.1", "TLSv1.2" };
+    } else {
+        protocols = new String[] { "TLSv1", "TLSv1.1", "TLSv1.2" };
+    }
+
+    if(miniSSLContext.callMethod(threadContext, "no_tlsv1_1").isTrue()) {
+        protocols = new String[] { "TLSv1.2" };
+    }
+
     engine.setEnabledProtocols(protocols);
     engine.setUseClientMode(false);
 
@@ -167,6 +181,12 @@ public class MiniSSL extends RubyObject {
         engine.setNeedClientAuth(true);
     }
 
+    IRubyObject sslCipherListObject = miniSSLContext.callMethod(threadContext, "ssl_cipher_list");
+    if (!sslCipherListObject.isNil()) {
+      String[] sslCipherList = sslCipherListObject.convertToString().asJavaString().split(",");
+      engine.setEnabledCipherSuites(sslCipherList);
+    }
+
     SSLSession session = engine.getSession();
     inboundNetData = new MiniSSLBuffer(session.getPacketBufferSize());
     outboundAppData = new MiniSSLBuffer(session.getApplicationBufferSize());
@@ -333,7 +353,11 @@ public class MiniSSL extends RubyObject {
   }
 
   @JRubyMethod
-  public IRubyObject peercert() {
-    return getRuntime().getNil();
+  public IRubyObject peercert() throws CertificateEncodingException {
+    try {
+      return JavaEmbedUtils.javaToRuby(getRuntime(), engine.getSession().getPeerCertificates()[0].getEncoded());
+    } catch (SSLPeerUnverifiedException ex) {
+      return getRuntime().getNil();
+    }
   }
 }

data/ext/puma_http11/puma_http11.c

@@ -10,6 +10,7 @@
 #include "ext_help.h"
 #include <assert.h>
 #include <string.h>
+#include <ctype.h>
 #include "http11_parser.h"
 
 #ifndef MANAGED_STRINGS
@@ -200,6 +201,8 @@ void http_field(puma_parser* hp, const char *field, size_t flen,
     f = rb_str_new(hp->buf, new_size);
   }
 
+  while (vlen > 0 && isspace(value[vlen - 1])) vlen--;
+
   /* check for duplicate header */
   v = rb_hash_aref(hp->request, f);
 

data/lib/puma/accept_nonblock.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 require 'openssl'
 
 module OpenSSL
@@ -13,7 +15,11 @@ module OpenSSL
             ssl.accept if @start_immediately
             ssl
           rescue SSLError => ex
-            sock.close
+            if ssl
+              ssl.close
+            else
+              sock.close
+            end
             raise ex
           end
         end

data/lib/puma/app/status.rb

@@ -1,26 +1,15 @@
+# frozen_string_literal: true
+
 module Puma
   module App
+    # Check out {#call}'s source code to see what actions this web application
+    # can respond to.
     class Status
-      def initialize(cli)
-        @cli = cli
-        @auth_token = nil
-      end
       OK_STATUS = '{ "status": "ok" }'.freeze
 
-      attr_accessor :auth_token
-
-      def authenticate(env)
-        return true unless @auth_token
-        env['QUERY_STRING'].to_s.split(/&;/).include?("token=#{@auth_token}")
-      end
-
-      def rack_response(status, body, content_type='application/json')
-        headers = {
-          'Content-Type' => content_type,
-          'Content-Length' => body.bytesize.to_s
-        }
-
-        [status, headers, [body]]
+      def initialize(cli, token = nil)
+        @cli = cli
+        @auth_token = token
       end
 
       def call(env)
@@ -28,39 +17,66 @@ module Puma
           return rack_response(403, 'Invalid auth token', 'text/plain')
         end
 
+        if env['PATH_INFO'] =~ /\/(gc-stats|stats|thread-backtraces)$/
+          require 'json'
+        end
+
         case env['PATH_INFO']
         when /\/stop$/
           @cli.stop
-          return rack_response(200, OK_STATUS)
+          rack_response(200, OK_STATUS)
 
         when /\/halt$/
           @cli.halt
-          return rack_response(200, OK_STATUS)
+          rack_response(200, OK_STATUS)
 
         when /\/restart$/
           @cli.restart
-          return rack_response(200, OK_STATUS)
+          rack_response(200, OK_STATUS)
 
         when /\/phased-restart$/
           if !@cli.phased_restart
-            return rack_response(404, '{ "error": "phased restart not available" }')
+            rack_response(404, '{ "error": "phased restart not available" }')
           else
-            return rack_response(200, OK_STATUS)
+            rack_response(200, OK_STATUS)
           end
 
         when /\/reload-worker-directory$/
           if !@cli.send(:reload_worker_directory)
-            return rack_response(404, '{ "error": "reload_worker_directory not available" }')
+            rack_response(404, '{ "error": "reload_worker_directory not available" }')
           else
-            return rack_response(200, OK_STATUS)
+            rack_response(200, OK_STATUS)
           end
 
+        when /\/gc$/
+          GC.start
+          rack_response(200, OK_STATUS)
+
+        when /\/gc-stats$/
+          rack_response(200, GC.stat.to_json)
+
         when /\/stats$/
-          return rack_response(200, @cli.stats)
+          rack_response(200, @cli.stats)
         else
           rack_response 404, "Unsupported action", 'text/plain'
         end
       end
+
+      private
+
+      def authenticate(env)
+        return true unless @auth_token
+        env['QUERY_STRING'].to_s.split(/&;/).include?("token=#{@auth_token}")
+      end
+
+      def rack_response(status, body, content_type='application/json')
+        headers = {
+          'Content-Type' => content_type,
+          'Content-Length' => body.bytesize.to_s
+        }
+
+        [status, headers, [body]]
+      end
     end
   end
 end

data/lib/puma/binder.rb

@@ -1,8 +1,11 @@
+# frozen_string_literal: true
+
 require 'uri'
 require 'socket'
 
 require 'puma/const'
 require 'puma/util'
+require 'puma/minissl/context_builder'
 
 module Puma
   class Binder
@@ -40,7 +43,7 @@ module Puma
       @ios = []
     end
 
-    attr_reader :listeners, :ios
+    attr_reader :ios
 
     def env(sock)
       @envs.fetch(sock, @proto_env)
@@ -48,7 +51,6 @@ module Puma
 
     def close
       @ios.each { |i| i.close }
-      @unix_paths.each { |i| File.unlink i }
     end
 
     def import_from_env
@@ -90,19 +92,29 @@ module Puma
         case uri.scheme
         when "tcp"
           if fd = @inherited_fds.delete(str)
-            logger.log "* Inherited #{str}"
             io = inherit_tcp_listener uri.host, uri.port, fd
+            logger.log "* Inherited #{str}"
           elsif sock = @activated_sockets.delete([ :tcp, uri.host, uri.port ])
-            logger.log "* Activated #{str}"
             io = inherit_tcp_listener uri.host, uri.port, sock
+            logger.log "* Activated #{str}"
           else
             params = Util.parse_query uri.query
 
             opt = params.key?('low_latency')
             bak = params.fetch('backlog', 1024).to_i
 
-            logger.log "* Listening on #{str}"
             io = add_tcp_listener uri.host, uri.port, opt, bak
+
+            @ios.each do |i|
+              next unless TCPServer === i
+              addr = if i.local_address.ipv6?
+                "[#{i.local_address.ip_unpack[0]}]:#{i.local_address.ip_unpack[1]}"
+              else
+                i.local_address.ip_unpack.join(':')
+              end
+
+              logger.log "* Listening on tcp://#{addr}"
+            end
           end
 
           @listeners << [str, io] if io
@@ -110,17 +122,15 @@ module Puma
           path = "#{uri.host}#{uri.path}".gsub("%20", " ")
 
           if fd = @inherited_fds.delete(str)
-            logger.log "* Inherited #{str}"
             io = inherit_unix_listener path, fd
+            logger.log "* Inherited #{str}"
           elsif sock = @activated_sockets.delete([ :unix, path ])
-            logger.log "* Activated #{str}"
             io = inherit_unix_listener path, sock
+            logger.log "* Activated #{str}"
           else
-            logger.log "* Listening on #{str}"
-
             umask = nil
             mode = nil
-            backlog = nil
+            backlog = 1024
 
             if uri.query
               params = Util.parse_query uri.query
@@ -139,74 +149,23 @@ module Puma
             end
 
             io = add_unix_listener path, umask, mode, backlog
+            logger.log "* Listening on #{str}"
           end
 
           @listeners << [str, io]
         when "ssl"
           params = Util.parse_query uri.query
-          require 'puma/minissl'
-
-          MiniSSL.check
-
-          ctx = MiniSSL::Context.new
-
-          if defined?(JRUBY_VERSION)
-            unless params['keystore']
-              @events.error "Please specify the Java keystore via 'keystore='"
-            end
-
-            ctx.keystore = params['keystore']
-
-            unless params['keystore-pass']
-              @events.error "Please specify the Java keystore password  via 'keystore-pass='"
-            end
-
-            ctx.keystore_pass = params['keystore-pass']
-          else
-            unless params['key']
-              @events.error "Please specify the SSL key via 'key='"
-            end
-
-            ctx.key = params['key']
-
-            unless params['cert']
-              @events.error "Please specify the SSL cert via 'cert='"
-            end
-
-            ctx.cert = params['cert']
-
-            if ['peer', 'force_peer'].include?(params['verify_mode'])
-              unless params['ca']
-                @events.error "Please specify the SSL ca via 'ca='"
-              end
-            end
-
-            ctx.ca = params['ca'] if params['ca']
-          end
-
-          if params['verify_mode']
-            ctx.verify_mode = case params['verify_mode']
-                              when "peer"
-                                MiniSSL::VERIFY_PEER
-                              when "force_peer"
-                                MiniSSL::VERIFY_PEER | MiniSSL::VERIFY_FAIL_IF_NO_PEER_CERT
-                              when "none"
-                                MiniSSL::VERIFY_NONE
-                              else
-                                @events.error "Please specify a valid verify_mode="
-                                MiniSSL::VERIFY_NONE
-                              end
-          end
+          ctx = MiniSSL::ContextBuilder.new(params, @events).context
 
           if fd = @inherited_fds.delete(str)
             logger.log "* Inherited #{str}"
             io = inherit_ssl_listener fd, ctx
           elsif sock = @activated_sockets.delete([ :tcp, uri.host, uri.port ])
-            logger.log "* Activated #{str}"
             io = inherit_ssl_listener sock, ctx
+            logger.log "* Activated #{str}"
           else
-            logger.log "* Listening on #{str}"
             io = add_ssl_listener uri.host, uri.port, ctx
+            logger.log "* Listening on #{str}"
           end
 
           @listeners << [str, io] if io
@@ -245,9 +204,10 @@ module Puma
       end
     end
 
-    def localhost_addresses
-      addrs = TCPSocket.gethostbyname "localhost"
-      addrs[3..-1].uniq
+    def loopback_addresses
+      Socket.ip_address_list.select do |addrinfo|
+        addrinfo.ipv6_loopback? || addrinfo.ipv4_loopback?
+      end.map { |addrinfo| addrinfo.ip_address }.uniq
     end
 
     # Tell the server to listen on host +host+, port +port+.
@@ -259,7 +219,7 @@ module Puma
     #
     def add_tcp_listener(host, port, optimize_for_latency=true, backlog=1024)
       if host == "localhost"
-        localhost_addresses.each do |addr|
+        loopback_addresses.each do |addr|
           add_tcp_listener addr, port, optimize_for_latency, backlog
         end
         return
@@ -298,7 +258,7 @@ module Puma
       MiniSSL.check
 
       if host == "localhost"
-        localhost_addresses.each do |addr|
+        loopback_addresses.each do |addr|
           add_ssl_listener addr, port, ctx, optimize_for_latency, backlog
         end
         return
@@ -312,6 +272,7 @@ module Puma
       s.setsockopt(Socket::SOL_SOCKET,Socket::SO_REUSEADDR, true)
       s.listen backlog
 
+
       ssl = MiniSSL::Server.new s, ctx
       env = @proto_env.dup
       env[HTTPS_KEY] = HTTPS
@@ -343,8 +304,8 @@ module Puma
 
     # Tell the server to listen on +path+ as a UNIX domain socket.
     #
-    def add_unix_listener(path, umask=nil, mode=nil, backlog=nil)
-      @unix_paths << path
+    def add_unix_listener(path, umask=nil, mode=nil, backlog=1024)
+      @unix_paths << path unless File.exist? path
 
       # Let anyone connect by default
       umask ||= 0
@@ -364,7 +325,7 @@ module Puma
         end
 
         s = UNIXServer.new(path)
-        s.listen backlog if backlog
+        s.listen backlog
         @ios << s
       ensure
         File.umask old_mask
@@ -382,7 +343,7 @@ module Puma
     end
 
     def inherit_unix_listener(path, fd)
-      @unix_paths << path
+      @unix_paths << path unless File.exist? path
 
       if fd.kind_of? TCPServer
         s = fd
@@ -398,5 +359,27 @@ module Puma
       s
     end
 
+    def close_listeners
+      @listeners.each do |l, io|
+        io.close
+        uri = URI.parse(l)
+        next unless uri.scheme == 'unix'
+        unix_path = "#{uri.host}#{uri.path}"
+        File.unlink unix_path if @unix_paths.include? unix_path
+      end
+    end
+
+    def close_unix_paths
+      @unix_paths.each { |up| File.unlink(up) if File.exist? up }
+    end
+
+    def redirects_for_restart
+      redirects = {:close_others => true}
+      @listeners.each_with_index do |(l, io), i|
+        ENV["PUMA_INHERIT_#{i}"] = "#{io.to_i}:#{l}"
+        redirects[io.to_i] = io.to_i
+      end
+      redirects
+    end
   end
 end

data/lib/puma/cli.rb

@@ -1,6 +1,9 @@
+# frozen_string_literal: true
+
 require 'optparse'
 require 'uri'
 
+require 'puma'
 require 'puma/configuration'
 require 'puma/launcher'
 require 'puma/const'
@@ -83,6 +86,14 @@ module Puma
       raise UnsupportedOption
     end
 
+    def configure_control_url(command_line_arg)
+      if command_line_arg
+        @control_url = command_line_arg
+      elsif Puma.jruby?
+        unsupported "No default url available on JRuby"
+      end
+    end
+
     # Build the OptionParser object to handle the available options.
     #
 
@@ -97,13 +108,13 @@ module Puma
             file_config.load arg
           end
 
-          o.on "--control URL", "The bind url to use for the control server",
-            "Use 'auto' to use temp unix server" do |arg|
-            if arg
-              @control_url = arg
-            elsif Puma.jruby?
-              unsupported "No default url available on JRuby"
-            end
+          o.on "--control-url URL", "The bind url to use for the control server. Use 'auto' to use temp unix server" do |arg|
+            configure_control_url(arg)
+          end
+
+          # alias --control-url for backwards-compatibility
+          o.on "--control URL", "DEPRECATED alias for --control-url" do |arg|
+            configure_control_url(arg)
           end
 
           o.on "--control-token TOKEN",
@@ -150,6 +161,10 @@ module Puma
             user_config.prune_bundler
           end
 
+          o.on "--extra-runtime-dependencies GEM1,GEM2", "Defines any extra needed gems when using --prune-bundler" do |arg|
+            user_config.extra_runtime_dependencies arg.split(',')
+          end
+
           o.on "-q", "--quiet", "Do not log requests internally (default true)" do
             user_config.quiet
           end
@@ -181,6 +196,10 @@ module Puma
             user_config.tcp_mode!
           end
 
+          o.on "--early-hints", "Enable early hints support" do
+            user_config.early_hints
+          end
+
           o.on "-V", "--version", "Print the version information" do
             puts "puma version #{Puma::Const::VERSION}"
             exit 0