puma 4.3.12 → 6.3.1

data/lib/puma/cli.rb

@@ -3,36 +3,31 @@
 require 'optparse'
 require 'uri'
 
-require 'puma'
-require 'puma/configuration'
-require 'puma/launcher'
-require 'puma/const'
-require 'puma/events'
+require_relative '../puma'
+require_relative 'configuration'
+require_relative 'launcher'
+require_relative 'const'
+require_relative 'log_writer'
 
 module Puma
   class << self
-    # The CLI exports its Puma::Configuration object here to allow
-    # apps to pick it up. An app needs to use it conditionally though
-    # since it is not set if the app is launched via another
-    # mechanism than the CLI class.
+    # The CLI exports a Puma::Configuration instance here to allow
+    # apps to pick it up. An app must load this object conditionally
+    # because it is not set if the app is launched via any mechanism
+    # other than the CLI class.
     attr_accessor :cli_config
   end
 
   # Handles invoke a Puma::Server in a command line style.
   #
   class CLI
-    KEYS_NOT_TO_PERSIST_IN_STATE = Launcher::KEYS_NOT_TO_PERSIST_IN_STATE
-
     # Create a new CLI object using +argv+ as the command line
     # arguments.
     #
-    # +stdout+ and +stderr+ can be set to IO-like objects which
-    # this object will report status on.
-    #
-    def initialize(argv, events=Events.stdio)
+    def initialize(argv, log_writer = LogWriter.stdio, events = Events.new)
       @debug = false
       @argv = argv.dup
-
+      @log_writer = log_writer
       @events = events
 
       @conf = nil
@@ -68,7 +63,7 @@ module Puma
         end
       end
 
-      @launcher = Puma::Launcher.new(@conf, :events => @events, :argv => argv)
+      @launcher = Puma::Launcher.new(@conf, :log_writer => @log_writer, :events => @events, :argv => argv)
     end
 
     attr_reader :launcher
@@ -80,9 +75,9 @@ module Puma
       @launcher.run
     end
 
-  private
+    private
     def unsupported(str)
-      @events.error(str)
+      @log_writer.error(str)
       raise UnsupportedOption
     end
 
@@ -98,22 +93,26 @@ module Puma
     #
 
     def setup_options
-      @conf = Configuration.new do |user_config, file_config|
+      @conf = Configuration.new({}, {events: @events}) do |user_config, file_config|
         @parser = OptionParser.new do |o|
           o.on "-b", "--bind URI", "URI to bind to (tcp://, unix://, ssl://)" do |arg|
             user_config.bind arg
           end
 
+          o.on "--bind-to-activated-sockets [only]", "Bind to all activated sockets" do |arg|
+            user_config.bind_to_activated_sockets(arg || true)
+          end
+
           o.on "-C", "--config PATH", "Load PATH as a config file" do |arg|
             file_config.load arg
           end
 
-          o.on "--control-url URL", "The bind url to use for the control server. Use 'auto' to use temp unix server" do |arg|
-            configure_control_url(arg)
+          # Identical to supplying --config "-", but more semantic
+          o.on "--no-config", "Prevent Puma from searching for a config file" do |arg|
+            file_config.load "-"
           end
 
-          # alias --control-url for backwards-compatibility
-          o.on "--control URL", "DEPRECATED alias for --control-url" do |arg|
+          o.on "--control-url URL", "The bind url to use for the control server. Use 'auto' to use temp unix server" do |arg|
             configure_control_url(arg)
           end
 
@@ -122,11 +121,6 @@ module Puma
             @control_options[:auth_token] = arg
           end
 
-          o.on "-d", "--daemon", "Daemonize the server into the background" do
-            user_config.daemonize
-            user_config.quiet
-          end
-
           o.on "--debug", "Log lowlevel debugging information" do
             user_config.debug
           end
@@ -140,13 +134,19 @@ module Puma
             user_config.environment arg
           end
 
+          o.on "-f", "--fork-worker=[REQUESTS]", OptionParser::DecimalInteger,
+            "Fork new workers from existing worker. Cluster mode only",
+            "Auto-refork after REQUESTS (default 1000)" do |*args|
+            user_config.fork_worker(*args.compact)
+          end
+
           o.on "-I", "--include PATH", "Specify $LOAD_PATH directories" do |arg|
             $LOAD_PATH.unshift(*arg.split(':'))
           end
 
           o.on "-p", "--port PORT", "Define the TCP port to bind to",
             "Use -b for more advanced options" do |arg|
-            user_config.bind "tcp://#{Configuration::DefaultTCPHost}:#{arg}"
+            user_config.bind "tcp://#{Configuration::DEFAULTS[:tcp_host]}:#{arg}"
           end
 
           o.on "--pidfile PATH", "Use PATH as a pidfile" do |arg|
@@ -179,6 +179,10 @@ module Puma
             user_config.restart_command cmd
           end
 
+          o.on "-s", "--silent", "Do not log prompt messages other than errors" do
+            @log_writer = LogWriter.new(NullIO.new, $stderr)
+          end
+
           o.on "-S", "--state PATH", "Where to store the state details" do |arg|
             user_config.state_path arg
           end
@@ -192,10 +196,6 @@ module Puma
             end
           end
 
-          o.on "--tcp-mode", "Run the app in raw TCP mode instead of HTTP mode" do
-            user_config.tcp_mode!
-          end
-
           o.on "--early-hints", "Enable early hints support" do
             user_config.early_hints
           end

data/lib/puma/client.rb

@@ -8,7 +8,8 @@ class IO
   end
 end
 
-require 'puma/detect'
+require_relative 'detect'
+require_relative 'io_buffer'
 require 'tempfile'
 require 'forwardable'
 
@@ -25,6 +26,9 @@ module Puma
 
   class HttpParserError501 < IOError; end
 
+  #———————————————————————— DO NOT USE — this class is for internal use only ———
+
+
   # An instance of this class represents a unique request from a client.
   # For example, this could be a web request from a browser or from CURL.
   #
@@ -38,14 +42,15 @@ module Puma
   # the header and body are fully buffered via the `try_to_finish` method.
   # They can be used to "time out" a response via the `timeout_at` reader.
   #
-  class Client
+  class Client # :nodoc:
 
     # this tests all values but the last, which must be chunked
     ALLOWED_TRANSFER_ENCODING = %w[compress deflate gzip].freeze
 
     # chunked body validation
     CHUNK_SIZE_INVALID = /[^\h]/.freeze
-    CHUNK_VALID_ENDING = "\r\n".freeze
+    CHUNK_VALID_ENDING = Const::LINE_END
+    CHUNK_VALID_ENDING_SIZE = CHUNK_VALID_ENDING.bytesize
 
     # Content-Length header value validation
     CONTENT_LENGTH_VALUE_INVALID = /[^\d]/.freeze
@@ -62,16 +67,14 @@ module Puma
     def initialize(io, env=nil)
       @io = io
       @to_io = io.to_io
+      @io_buffer = IOBuffer.new
       @proto_env = env
-      if !env
-        @env = nil
-      else
-        @env = env.dup
-      end
+      @env = env&.dup
 
       @parser = HttpParser.new
       @parsed_bytes = 0
       @read_header = true
+      @read_proxy = false
       @ready = false
 
       @body = nil
@@ -84,23 +87,39 @@ module Puma
       @requests_served = 0
       @hijacked = false
 
+      @http_content_length_limit = nil
+      @http_content_length_limit_exceeded = false
+
       @peerip = nil
+      @peer_family = nil
+      @listener = nil
       @remote_addr_header = nil
+      @expect_proxy_proto = false
 
       @body_remain = 0
 
       @in_last_chunk = false
+
+      # need unfrozen ASCII-8BIT, +'' is UTF-8
+      @read_buffer = String.new # rubocop: disable Performance/UnfreezeString
     end
 
     attr_reader :env, :to_io, :body, :io, :timeout_at, :ready, :hijacked,
-                :tempfile
+                :tempfile, :io_buffer, :http_content_length_limit_exceeded
 
-    attr_writer :peerip
+    attr_writer :peerip, :http_content_length_limit
 
-    attr_accessor :remote_addr_header
+    attr_accessor :remote_addr_header, :listener
 
     def_delegators :@io, :closed?
 
+    # Test to see if io meets a bare minimum of functioning, @to_io needs to be
+    # used for MiniSSL::Socket
+    def io_ok?
+      @to_io.is_a?(::BasicSocket) && !closed?
+    end
+
+    # @!attribute [r] inspect
     def inspect
       "#<Puma::Client:0x#{object_id.to_s(16)} @ready=#{@ready.inspect}>"
     end
@@ -112,27 +131,38 @@ module Puma
       env[HIJACK_IO] ||= @io
     end
 
+    # @!attribute [r] in_data_phase
     def in_data_phase
-      !@read_header
+      !(@read_header || @read_proxy)
     end
 
     def set_timeout(val)
-      @timeout_at = Time.now + val
+      @timeout_at = Process.clock_gettime(Process::CLOCK_MONOTONIC) + val
+    end
+
+    # Number of seconds until the timeout elapses.
+    def timeout
+      [@timeout_at - Process.clock_gettime(Process::CLOCK_MONOTONIC), 0].max
     end
 
     def reset(fast_check=true)
       @parser.reset
+      @io_buffer.reset
       @read_header = true
+      @read_proxy = !!@expect_proxy_proto
       @env = @proto_env.dup
       @body = nil
       @tempfile = nil
       @parsed_bytes = 0
       @ready = false
       @body_remain = 0
-      @peerip = nil
+      @peerip = nil if @remote_addr_header
       @in_last_chunk = false
+      @http_content_length_limit_exceeded = false
 
       if @buffer
+        return false unless try_to_parse_proxy_protocol
+
         @parsed_bytes = @parser.execute(@env, @buffer, @parsed_bytes)
 
         if @parser.finished?
@@ -145,8 +175,7 @@ module Puma
         return false
       else
         begin
-          if fast_check &&
-              IO.select([@to_io], nil, nil, FAST_TRACK_KA_TIMEOUT)
+          if fast_check && @to_io.wait_readable(FAST_TRACK_KA_TIMEOUT)
             return try_to_finish
           end
         rescue IOError
@@ -159,19 +188,56 @@ module Puma
     def close
       begin
         @io.close
-      rescue IOError
-        Thread.current.purge_interrupt_queue if Thread.current.respond_to? :purge_interrupt_queue
+      rescue IOError, Errno::EBADF
+        Puma::Util.purge_interrupt_queue
       end
     end
 
+    # If necessary, read the PROXY protocol from the buffer. Returns
+    # false if more data is needed.
+    def try_to_parse_proxy_protocol
+      if @read_proxy
+        if @expect_proxy_proto == :v1
+          if @buffer.include? "\r\n"
+            if md = PROXY_PROTOCOL_V1_REGEX.match(@buffer)
+              if md[1]
+                @peerip = md[1].split(" ")[0]
+              end
+              @buffer = md.post_match
+            end
+            # if the buffer has a \r\n but doesn't have a PROXY protocol
+            # request, this is just HTTP from a non-PROXY client; move on
+            @read_proxy = false
+            return @buffer.size > 0
+          else
+            return false
+          end
+        end
+      end
+      true
+    end
+
     def try_to_finish
-      return read_body unless @read_header
+      if env[CONTENT_LENGTH] && above_http_content_limit(env[CONTENT_LENGTH].to_i)
+        @http_content_length_limit_exceeded = true
+      end
+
+      if @http_content_length_limit_exceeded
+        @buffer = nil
+        @body = EmptyBody
+        set_ready
+        return true
+      end
+
+      return read_body if in_data_phase
 
       begin
         data = @io.read_nonblock(CHUNK_SIZE)
       rescue IO::WaitReadable
         return false
-      rescue SystemCallError, IOError, EOFError
+      rescue EOFError
+        # Swallow error, don't log
+      rescue SystemCallError, IOError
         raise ConnectionError, "Connection error detected during read"
       end
 
@@ -188,8 +254,14 @@ module Puma
         @buffer = data
       end
 
+      return false unless try_to_parse_proxy_protocol
+
       @parsed_bytes = @parser.execute(@env, @buffer, @parsed_bytes)
 
+      if @parser.finished? && above_http_content_limit(@parser.body.bytesize)
+        @http_content_length_limit_exceeded = true
+      end
+
       if @parser.finished?
         return setup_body
       elsif @parsed_bytes >= MAX_HEADER
@@ -200,68 +272,20 @@ module Puma
       false
     end
 
-    if IS_JRUBY
-      def jruby_start_try_to_finish
-        return read_body unless @read_header
-
-        begin
-          data = @io.sysread_nonblock(CHUNK_SIZE)
-        rescue OpenSSL::SSL::SSLError => e
-          return false if e.kind_of? IO::WaitReadable
-          raise e
-        end
-
-        # No data means a closed socket
-        unless data
-          @buffer = nil
-          set_ready
-          raise EOFError
-        end
-
-        if @buffer
-          @buffer << data
-        else
-          @buffer = data
-        end
-
-        @parsed_bytes = @parser.execute(@env, @buffer, @parsed_bytes)
-
-        if @parser.finished?
-          return setup_body
-        elsif @parsed_bytes >= MAX_HEADER
-          raise HttpParserError,
-            "HEADER is longer than allowed, aborting client early."
-        end
-
-        false
-      end
-
-      def eagerly_finish
-        return true if @ready
-
-        if @io.kind_of? OpenSSL::SSL::SSLSocket
-          return true if jruby_start_try_to_finish
-        end
-
-        return false unless IO.select([@to_io], nil, nil, 0)
-        try_to_finish
-      end
-
-    else
+    def eagerly_finish
+      return true if @ready
+      return false unless @to_io.wait_readable(0)
+      try_to_finish
+    end
 
-      def eagerly_finish
-        return true if @ready
-        return false unless IO.select([@to_io], nil, nil, 0)
-        try_to_finish
-      end
-    end # IS_JRUBY
+    def finish(timeout)
+      return if @ready
+      @to_io.wait_readable(timeout) || timeout! until try_to_finish
+    end
 
-    def finish
-      return true if @ready
-      until try_to_finish
-        IO.select([@to_io], nil, nil)
-      end
-      true
+    def timeout!
+      write_error(408) if in_data_phase
+      raise ConnectionError
     end
 
     def write_error(status_code)
@@ -275,7 +299,7 @@ module Puma
       return @peerip if @peerip
 
       if @remote_addr_header
-        hdr = (@env[@remote_addr_header] || LOCALHOST_ADDR).split(/[\s,]/).first
+        hdr = (@env[@remote_addr_header] || @io.peeraddr.last).split(/[\s,]/).first
         @peerip = hdr
         return hdr
       end
@@ -283,10 +307,40 @@ module Puma
       @peerip ||= @io.peeraddr.last
     end
 
+    def peer_family
+      return @peer_family if @peer_family
+
+      @peer_family ||= begin
+                         @io.local_address.afamily
+                       rescue
+                         Socket::AF_INET
+                       end
+    end
+
+    # Returns true if the persistent connection can be closed immediately
+    # without waiting for the configured idle/shutdown timeout.
+    # @version 5.0.0
+    #
+    def can_close?
+      # Allow connection to close if we're not in the middle of parsing a request.
+      @parsed_bytes == 0
+    end
+
+    def expect_proxy_proto=(val)
+      if val
+        if @read_header
+          @read_proxy = true
+        end
+      else
+        @read_proxy = false
+      end
+      @expect_proxy_proto = val
+    end
+
     private
 
     def setup_body
-      @body_read_start = Process.clock_gettime(Process::CLOCK_MONOTONIC, :millisecond)
+      @body_read_start = Process.clock_gettime(Process::CLOCK_MONOTONIC, :float_millisecond)
 
       if @env[HTTP_EXPECT] == CONTINUE
         # TODO allow a hook here to check the headers before
@@ -329,8 +383,8 @@ module Puma
       cl = @env[CONTENT_LENGTH]
 
       if cl
-        # cannot contain characters that are not \d
-        if cl =~ CONTENT_LENGTH_VALUE_INVALID
+        # cannot contain characters that are not \d, or be empty
+        if CONTENT_LENGTH_VALUE_INVALID.match?(cl) || cl.empty?
           raise HttpParserError, "Invalid Content-Length: #{cl.inspect}"
         end
       else
@@ -351,6 +405,7 @@ module Puma
 
       if remain > MAX_BODY
         @body = Tempfile.new(Const::PUMA_TMP_BASE)
+        @body.unlink
         @body.binmode
         @tempfile = @body
       else
@@ -363,7 +418,7 @@ module Puma
 
       @body_remain = remain
 
-      return false
+      false
     end
 
     def read_body
@@ -382,7 +437,7 @@ module Puma
       end
 
       begin
-        chunk = @io.read_nonblock(want)
+        chunk = @io.read_nonblock(want, @read_buffer)
       rescue IO::WaitReadable
         return false
       rescue SystemCallError, IOError
@@ -414,7 +469,7 @@ module Puma
     def read_chunked_body
       while true
         begin
-          chunk = @io.read_nonblock(4096)
+          chunk = @io.read_nonblock(4096, @read_buffer)
         rescue IO::WaitReadable
           return false
         rescue SystemCallError, IOError
@@ -430,7 +485,7 @@ module Puma
         end
 
         if decode_chunk(chunk)
-          @env[CONTENT_LENGTH] = @chunked_content_length
+          @env[CONTENT_LENGTH] = @chunked_content_length.to_s
           return true
         end
       end
@@ -442,17 +497,18 @@ module Puma
       @prev_chunk = ""
 
       @body = Tempfile.new(Const::PUMA_TMP_BASE)
+      @body.unlink
       @body.binmode
       @tempfile = @body
-
       @chunked_content_length = 0
 
       if decode_chunk(body)
-        @env[CONTENT_LENGTH] = @chunked_content_length
+        @env[CONTENT_LENGTH] = @chunked_content_length.to_s
         return true
       end
     end
 
+    # @version 5.0.0
     def write_chunk(str)
       @chunked_content_length += @body.write(str)
     end
@@ -466,7 +522,15 @@ module Puma
           chunk = chunk[@partial_part_left..-1]
           @partial_part_left = 0
         else
-          write_chunk(chunk) if @partial_part_left > 2 # don't include the last \r\n
+          if @partial_part_left > 2
+            if @partial_part_left == chunk.size + 1
+              # Don't include the last \r
+              write_chunk(chunk[0..(@partial_part_left-3)])
+            else
+              # don't include the last \r\n
+              write_chunk(chunk)
+            end
+          end
           @partial_part_left -= chunk.size
           return false
         end
@@ -481,11 +545,11 @@ module Puma
 
       while !io.eof?
         line = io.gets
-        if line.end_with?("\r\n")
+        if line.end_with?(CHUNK_VALID_ENDING)
           # Puma doesn't process chunk extensions, but should parse if they're
           # present, which is the reason for the semicolon regex
           chunk_hex = line.strip[/\A[^;]+/]
-          if chunk_hex =~ CHUNK_SIZE_INVALID
+          if CHUNK_SIZE_INVALID.match? chunk_hex
             raise HttpParserError, "Invalid chunk size: '#{chunk_hex}'"
           end
           len = chunk_hex.to_i(16)
@@ -493,13 +557,19 @@ module Puma
             @in_last_chunk = true
             @body.rewind
             rest = io.read
-            last_crlf_size = "\r\n".bytesize
-            if rest.bytesize < last_crlf_size
+            if rest.bytesize < CHUNK_VALID_ENDING_SIZE
               @buffer = nil
-              @partial_part_left = last_crlf_size - rest.bytesize
+              @partial_part_left = CHUNK_VALID_ENDING_SIZE - rest.bytesize
               return false
             else
-              @buffer = rest[last_crlf_size..-1]
+              # if the next character is a CRLF, set buffer to everything after that CRLF
+              start_of_rest = if rest.start_with?(CHUNK_VALID_ENDING)
+                CHUNK_VALID_ENDING_SIZE
+              else # we have started a trailer section, which we do not support. skip it!
+                rest.index(CHUNK_VALID_ENDING*2) + CHUNK_VALID_ENDING_SIZE*2
+              end
+
+              @buffer = rest[start_of_rest..-1]
               @buffer = nil if @buffer.empty?
               set_ready
               return true
@@ -548,10 +618,14 @@ module Puma
 
     def set_ready
       if @body_read_start
-        @env['puma.request_body_wait'] = Process.clock_gettime(Process::CLOCK_MONOTONIC, :millisecond) - @body_read_start
+        @env['puma.request_body_wait'] = Process.clock_gettime(Process::CLOCK_MONOTONIC, :float_millisecond) - @body_read_start
       end
       @requests_served += 1
       @ready = true
     end
+
+    def above_http_content_limit(value)
+      @http_content_length_limit&.< value
+    end
   end
 end