puma 5.3.2 → 5.6.8

data/lib/puma/dsl.rb

@@ -1,6 +1,7 @@
 # frozen_string_literal: true
 
 require 'puma/const'
+require 'puma/util'
 
 module Puma
   # The methods that are available for use inside the configuration file.
@@ -46,7 +47,9 @@ module Puma
         else ''
         end
 
-      ca_additions = "&ca=#{opts[:ca]}" if ['peer', 'force_peer'].include?(verify)
+      ca_additions = "&ca=#{Puma::Util.escape(opts[:ca])}" if ['peer', 'force_peer'].include?(verify)
+
+      backlog_str = opts[:backlog] ? "&backlog=#{Integer(opts[:backlog])}" : ''
 
       if defined?(JRUBY_VERSION)
         ssl_cipher_list = opts[:ssl_cipher_list] ?
@@ -55,7 +58,7 @@ module Puma
         keystore_additions = "keystore=#{opts[:keystore]}&keystore-pass=#{opts[:keystore_pass]}"
 
         "ssl://#{host}:#{port}?#{keystore_additions}#{ssl_cipher_list}" \
-          "&verify_mode=#{verify}#{tls_str}#{ca_additions}"
+          "&verify_mode=#{verify}#{tls_str}#{ca_additions}#{backlog_str}"
       else
         ssl_cipher_filter = opts[:ssl_cipher_filter] ?
           "&ssl_cipher_filter=#{opts[:ssl_cipher_filter]}" : nil
@@ -63,8 +66,11 @@ module Puma
         v_flags = (ary = opts[:verification_flags]) ?
           "&verification_flags=#{Array(ary).join ','}" : nil
 
-        "ssl://#{host}:#{port}?cert=#{opts[:cert]}&key=#{opts[:key]}" \
-          "#{ssl_cipher_filter}&verify_mode=#{verify}#{tls_str}#{ca_additions}#{v_flags}"
+        cert_flags = (cert = opts[:cert]) ? "cert=#{Puma::Util.escape(opts[:cert])}" : nil
+        key_flags = (cert = opts[:key]) ? "&key=#{Puma::Util.escape(opts[:key])}" : nil
+
+        "ssl://#{host}:#{port}?#{cert_flags}#{key_flags}" \
+          "#{ssl_cipher_filter}&verify_mode=#{verify}#{tls_str}#{ca_additions}#{v_flags}#{backlog_str}"
       end
     end
 
@@ -191,7 +197,7 @@ module Puma
     end
 
     # Bind the server to +url+. "tcp://", "unix://" and "ssl://" are the only
-    # accepted protocols. Multiple urls can be bound to, calling `bind` does
+    # accepted protocols. Multiple urls can be bound to, calling +bind+ does
     # not overwrite previous bindings.
     #
     # The default is "tcp://0.0.0.0:9292".
@@ -381,6 +387,13 @@ module Puma
       @options[:rackup] ||= path.to_s
     end
 
+    # Allows setting `env['rack.url_scheme']`.
+    # Only necessary if X-Forwarded-Proto is not being set by your proxy
+    # Normal values are 'http' or 'https'.
+    def rack_url_scheme(scheme=nil)
+      @options[:rack_url_scheme] = scheme
+    end
+
     def early_hints(answer=true)
       @options[:early_hints] = answer
     end
@@ -429,8 +442,15 @@ module Puma
       @options[:max_threads] = max
     end
 
-    # Instead of `bind 'ssl://127.0.0.1:9292?key=key_path&cert=cert_path'` you
-    # can also use the this method.
+    # Instead of using +bind+ and manually constructing a URI like:
+    #
+    #    bind 'ssl://127.0.0.1:9292?key=key_path&cert=cert_path'
+    #
+    # you can use the this method.
+    #
+    # When binding on localhost you don't need to specify +cert+ and +key+,
+    # Puma will assume you are using the +localhost+ gem and try to load the
+    # appropriate files.
     #
     # @example
     #   ssl_bind '127.0.0.1', '9292', {
@@ -440,14 +460,25 @@ module Puma
     #     verify_mode: verify_mode,         # default 'none'
     #     verification_flags: flags,        # optional, not supported by JRuby
     #   }
-    # @example For JRuby, two keys are required: keystore & keystore_pass.
+    #
+    # @example Using self-signed certificate with the +localhost+ gem:
+    #   ssl_bind '127.0.0.1', '9292'
+    #
+    # @example Alternatively, you can provide +cert_pem+ and +key_pem+:
+    #   ssl_bind '127.0.0.1', '9292', {
+    #     cert_pem: File.read(path_to_cert),
+    #     key_pem: File.read(path_to_key),
+    #   }
+    #
+    # @example For JRuby, two keys are required: +keystore+ & +keystore_pass+
     #   ssl_bind '127.0.0.1', '9292', {
     #     keystore: path_to_keystore,
     #     keystore_pass: password,
     #     ssl_cipher_list: cipher_list,     # optional
     #     verify_mode: verify_mode          # default 'none'
     #   }
-    def ssl_bind(host, port, opts)
+    def ssl_bind(host, port, opts = {})
+      add_pem_values_to_options_store(opts)
       bind self.class.ssl_bind_str(host, port, opts)
     end
 
@@ -578,7 +609,7 @@ module Puma
     #   end
     def after_worker_fork(&block)
       @options[:after_worker_fork] ||= []
-      @options[:after_worker_fork] = block
+      @options[:after_worker_fork] << block
     end
 
     alias_method :after_worker_boot, :after_worker_fork
@@ -720,6 +751,19 @@ module Puma
       @options[:tag] = string.to_s
     end
 
+    # Change the default interval for checking workers.
+    #
+    # The default value is 5 seconds.
+    #
+    # @note Cluster mode only.
+    # @example
+    #   worker_check_interval 5
+    # @see Puma::Cluster#check_workers
+    #
+    def worker_check_interval(interval)
+      @options[:worker_check_interval] = Integer(interval)
+    end
+
     # Verifies that all workers have checked in to the master process within
     # the given timeout. If not the worker process will be restarted. This is
     # not a request timeout, it is to protect against a hung or dead process.
@@ -734,7 +778,7 @@ module Puma
     #
     def worker_timeout(timeout)
       timeout = Integer(timeout)
-      min = Const::WORKER_CHECK_INTERVAL
+      min = @options.fetch(:worker_check_interval, Puma::ConfigDefault::DefaultWorkerCheckInterval)
 
       if timeout <= min
         raise "The minimum worker_timeout must be greater than the worker reporting interval (#{min})"
@@ -766,6 +810,30 @@ module Puma
       @options[:worker_shutdown_timeout] = Integer(timeout)
     end
 
+    # Set the strategy for worker culling.
+    #
+    # There are two possible values:
+    #
+    # 1. **:youngest** - the youngest workers (i.e. the workers that were
+    #    the most recently started) will be culled.
+    # 2. **:oldest** - the oldest workers (i.e. the workers that were started
+    #    the longest time ago) will be culled.
+    #
+    # @note Cluster mode only.
+    # @example
+    #   worker_culling_strategy :oldest
+    # @see Puma::Cluster#cull_workers
+    #
+    def worker_culling_strategy(strategy)
+      stategy = strategy.to_sym
+
+      if ![:youngest, :oldest].include?(strategy)
+        raise "Invalid value for worker_culling_strategy - #{stategy}"
+      end
+
+      @options[:worker_culling_strategy] = strategy
+    end
+
     # When set to true (the default), workers accept all requests
     # and queue them before passing them to the handlers.
     # When set to false, each worker process accepts exactly as
@@ -811,7 +879,7 @@ module Puma
     # a kernel syscall is required which for very fast rack handlers
     # slows down the handling significantly.
     #
-    # There are 4 possible values:
+    # There are 5 possible values:
     #
     # 1. **:socket** (the default) - read the peername from the socket using the
     #    syscall. This is the normal behavior.
@@ -821,7 +889,10 @@ module Puma
     #    `set_remote_address header: "X-Real-IP"`.
     #    Only the first word (as separated by spaces or comma) is used, allowing
     #    headers such as X-Forwarded-For to be used as well.
-    # 4. **\<Any string\>** - this allows you to hardcode remote address to any value
+    # 4. **proxy_protocol: :v1**- set the remote address to the value read from the
+    #    HAproxy PROXY protocol, version 1. If the request does not have the PROXY
+    #    protocol attached to it, will fall back to :socket
+    # 5. **\<Any string\>** - this allows you to hardcode remote address to any value
     #    you wish. Because Puma never uses this field anyway, it's format is
     #    entirely in your hands.
     #
@@ -839,6 +910,13 @@ module Puma
         if hdr = val[:header]
           @options[:remote_address] = :header
           @options[:remote_address_header] = "HTTP_" + hdr.upcase.tr("-", "_")
+        elsif protocol_version = val[:proxy_protocol]
+          @options[:remote_address] = :proxy_protocol
+          protocol_version = protocol_version.downcase.to_sym
+          unless [:v1].include?(protocol_version)
+            raise "Invalid value for proxy_protocol - #{protocol_version.inspect}"
+          end
+          @options[:remote_address_proxy_protocol] = protocol_version
         else
           raise "Invalid value for set_remote_address - #{val.inspect}"
         end
@@ -910,5 +988,25 @@ module Puma
     def mutate_stdout_and_stderr_to_sync_on_write(enabled=true)
       @options[:mutate_stdout_and_stderr_to_sync_on_write] = enabled
     end
+
+    private
+
+    # To avoid adding cert_pem and key_pem as URI params, we store them on the
+    # options[:store] from where Puma binder knows how to find and extract them.
+    def add_pem_values_to_options_store(opts)
+      return if defined?(JRUBY_VERSION)
+
+      @options[:store] ||= []
+
+      # Store cert_pem and key_pem to options[:store] if present
+      [:cert, :key].each do |v|
+        opt_key = :"#{v}_pem"
+        if opts[opt_key]
+          index = @options[:store].length
+          @options[:store] << opts[opt_key]
+          opts[v] = "store:#{index}"
+        end
+      end
+    end
   end
 end

data/lib/puma/{json.rb → json_serialization.rb}

@@ -17,7 +17,7 @@ module Puma
   # be particularly full-featured or fast. It just has to handle the few places
   # where Puma relies on JSON serialization internally.
 
-  module JSON
+  module JSONSerialization
     QUOTE = /"/
     BACKSLASH = /\\/
     CONTROL_CHAR_TO_ESCAPE = /[\x00-\x1F]/ # As required by ECMA-404

data/lib/puma/launcher.rb

@@ -15,6 +15,7 @@ module Puma
   # It is responsible for either launching a cluster of Puma workers or a single
   # puma server.
   class Launcher
+    # @deprecated 6.0.0
     KEYS_NOT_TO_PERSIST_IN_STATE = [
        :logger, :lowlevel_error_handler,
        :before_worker_shutdown, :before_worker_boot, :before_worker_fork,
@@ -73,7 +74,7 @@ module Puma
 
       generate_restart_data
 
-      if clustered? && !Process.respond_to?(:fork)
+      if clustered? && !Puma.forkable?
         unsupported "worker mode not supported on #{RUBY_ENGINE} on this platform"
       end
 
@@ -158,6 +159,17 @@ module Puma
       true
     end
 
+    # Begin a refork if supported
+    def refork
+      if clustered? && @runner.respond_to?(:fork_worker!) && @options[:fork_worker]
+        @runner.fork_worker!
+        true
+      else
+        log "* refork called but not available."
+        false
+      end
+    end
+
     # Run the server. This blocks until the server is stopped
     def run
       previous_env =
@@ -319,10 +331,12 @@ module Puma
       log '* Pruning Bundler environment'
       home = ENV['GEM_HOME']
       bundle_gemfile = Bundler.original_env['BUNDLE_GEMFILE']
+      bundle_app_config = Bundler.original_env['BUNDLE_APP_CONFIG']
       with_unbundled_env do
         ENV['GEM_HOME'] = home
         ENV['BUNDLE_GEMFILE'] = bundle_gemfile
         ENV['PUMA_BUNDLER_PRUNED'] = '1'
+        ENV["BUNDLE_APP_CONFIG"] = bundle_app_config
         args = [Gem.ruby, puma_wild_location, '-I', dirs.join(':')] + @original_argv
         # Ruby 2.0+ defaults to true which breaks socket activation
         args += [{:close_others => false}]

data/lib/puma/minissl/context_builder.rb

@@ -23,17 +23,19 @@ module Puma
           ctx.keystore_pass = params['keystore-pass']
           ctx.ssl_cipher_list = params['ssl_cipher_list'] if params['ssl_cipher_list']
         else
-          unless params['key']
-            events.error "Please specify the SSL key via 'key='"
+          if params['key'].nil? && params['key_pem'].nil?
+            events.error "Please specify the SSL key via 'key=' or 'key_pem='"
           end
 
-          ctx.key = params['key']
+          ctx.key = params['key'] if params['key']
+          ctx.key_pem = params['key_pem'] if params['key_pem']
 
-          unless params['cert']
-            events.error "Please specify the SSL cert via 'cert='"
+          if params['cert'].nil? && params['cert_pem'].nil?
+            events.error "Please specify the SSL cert via 'cert=' or 'cert_pem='"
           end
 
-          ctx.cert = params['cert']
+          ctx.cert = params['cert'] if params['cert']
+          ctx.cert_pem = params['cert_pem'] if params['cert_pem']
 
           if ['peer', 'force_peer'].include?(params['verify_mode'])
             unless params['ca']

data/lib/puma/minissl.rb

@@ -161,30 +161,15 @@ module Puma
         @socket.flush
       end
 
-      def read_and_drop(timeout = 1)
-        return :timeout unless IO.select([@socket], nil, nil, timeout)
-        case @socket.read_nonblock(1024, exception: false)
-        when nil
-          :eof
-        when :wait_readable
-          :eagain
-        else
-          :drop
-        end
-      end
-
-      def should_drop_bytes?
-        @engine.init? || !@engine.shutdown
-      end
-
       def close
         begin
-          # Read any drop any partially initialized sockets and any received bytes during shutdown.
-          # Don't let this socket hold this loop forever.
-          # If it can't send more packets within 1s, then give up.
-          return if [:timeout, :eof].include?(read_and_drop(1)) while should_drop_bytes?
+          unless @engine.shutdown
+            while alert_data = @engine.extract
+              @socket.write alert_data
+            end
+          end
         rescue IOError, SystemCallError
-          Thread.current.purge_interrupt_queue if Thread.current.respond_to? :purge_interrupt_queue
+          Puma::Util.purge_interrupt_queue
           # nothing
         ensure
           @socket.close
@@ -223,6 +208,15 @@ module Puma
       def initialize
         @no_tlsv1   = false
         @no_tlsv1_1 = false
+        @key = nil
+        @cert = nil
+        @key_pem = nil
+        @cert_pem = nil
+      end
+
+      def check_file(file, desc)
+        raise ArgumentError, "#{desc} file '#{file}' does not exist" unless File.exist? file
+        raise ArgumentError, "#{desc} file '#{file}' is not readable" unless File.readable? file
       end
 
       if IS_JRUBY
@@ -232,7 +226,7 @@ module Puma
         attr_accessor :ssl_cipher_list
 
         def keystore=(keystore)
-          raise ArgumentError, "No such keystore file '#{keystore}'" unless File.exist? keystore
+          check_file keystore, 'Keystore'
           @keystore = keystore
         end
 
@@ -245,27 +239,39 @@ module Puma
         attr_reader :key
         attr_reader :cert
         attr_reader :ca
+        attr_reader :cert_pem
+        attr_reader :key_pem
         attr_accessor :ssl_cipher_filter
         attr_accessor :verification_flags
 
         def key=(key)
-          raise ArgumentError, "No such key file '#{key}'" unless File.exist? key
+          check_file key, 'Key'
           @key = key
         end
 
         def cert=(cert)
-          raise ArgumentError, "No such cert file '#{cert}'" unless File.exist? cert
+          check_file cert, 'Cert'
           @cert = cert
         end
 
         def ca=(ca)
-          raise ArgumentError, "No such ca file '#{ca}'" unless File.exist? ca
+          check_file ca, 'ca'
           @ca = ca
         end
 
+        def cert_pem=(cert_pem)
+          raise ArgumentError, "'cert_pem' is not a String" unless cert_pem.is_a? String
+          @cert_pem = cert_pem
+        end
+
+        def key_pem=(key_pem)
+          raise ArgumentError, "'key_pem' is not a String" unless key_pem.is_a? String
+          @key_pem = key_pem
+        end
+
         def check
-          raise "Key not configured" unless @key
-          raise "Cert not configured" unless @cert
+          raise "Key not configured" if @key.nil? && @key_pem.nil?
+          raise "Cert not configured" if @cert.nil? && @cert_pem.nil?
         end
       end
 

data/lib/puma/null_io.rb

@@ -52,5 +52,10 @@ module Puma
     def flush
       self
     end
+
+    # This is used as singleton class, so can't have state.
+    def closed?
+      false
+    end
   end
 end

data/lib/puma/plugin.rb

@@ -64,7 +64,7 @@ module Puma
     def fire_background
       @background.each_with_index do |b, i|
         Thread.new do
-          Puma.set_thread_name "plugin background #{i}"
+          Puma.set_thread_name "plgn bg #{i}"
           b.call
         end
       end
@@ -91,7 +91,7 @@ module Puma
       path = ary.first[CALLER_FILE]
 
       m = %r!puma/plugin/([^/]*)\.rb$!.match(path)
-      return m[1]
+      m[1]
     end
 
     def self.create(&blk)

data/lib/puma/rack/builder.rb

@@ -165,7 +165,7 @@ module Puma::Rack
         require config
         app = Object.const_get(::File.basename(config, '.rb').capitalize)
       end
-      return app, options
+      [app, options]
     end
 
     def self.new_from_string(builder_script, file="(rackup)")

data/lib/puma/request.rb

@@ -51,7 +51,7 @@ module Puma
       head = env[REQUEST_METHOD] == HEAD
 
       env[RACK_INPUT] = body
-      env[RACK_URL_SCHEME] = default_server_port(env) == PORT_443 ? HTTPS : HTTP
+      env[RACK_URL_SCHEME] ||= default_server_port(env) == PORT_443 ? HTTPS : HTTP
 
       if @early_hints
         env[EARLY_HINTS] = lambda { |headers|
@@ -167,16 +167,25 @@ module Puma
         end
 
       ensure
-        uncork_socket io
-
-        body.close
-        client.tempfile.unlink if client.tempfile
-        res_body.close if res_body.respond_to? :close
+        begin
+          uncork_socket io
+
+          body.close
+          client.tempfile.unlink if client.tempfile
+        ensure
+          # Whatever happens, we MUST call `close` on the response body.
+          # Otherwise Rack::BodyProxy callbacks may not fire and lead to various state leaks
+          res_body.close if res_body.respond_to? :close
+        end
 
-        after_reply.each { |o| o.call }
+        begin
+          after_reply.each { |o| o.call }
+        rescue StandardError => e
+          @log_writer.debug_error e
+        end
       end
 
-      return res_info[:keep_alive]
+      res_info[:keep_alive]
     end
 
     # @param env [Hash] see Puma::Client#env, from request
@@ -201,7 +210,7 @@ module Puma
         begin
           n = io.syswrite str
         rescue Errno::EAGAIN, Errno::EWOULDBLOCK
-          if !IO.select(nil, [io], nil, WRITE_TIMEOUT)
+          unless io.wait_writable WRITE_TIMEOUT
             raise ConnectionError, "Socket timeout writing data"
           end
 
@@ -419,7 +428,7 @@ module Puma
       # of concurrent connections exceeds the size of the threadpool.
       res_info[:keep_alive] &&= requests < @max_fast_inline ||
         @thread_pool.busy_threads < @max_threads ||
-        !IO.select([client.listener], nil, nil, 0)
+        !client.listener.to_io.wait_readable(0)
 
       res_info[:response_hijack] = nil
 

data/lib/puma/runner.rb

@@ -15,6 +15,16 @@ module Puma
       @app = nil
       @control = nil
       @started_at = Time.now
+      @wakeup = nil
+    end
+
+    def wakeup!
+      return unless @wakeup
+
+      @wakeup.write "!" unless @wakeup.closed?
+
+    rescue SystemCallError, IOError
+      Puma::Util.purge_interrupt_queue
     end
 
     def development?
@@ -59,7 +69,7 @@ module Puma
 
       control.binder.parse [str], self, 'Starting control server'
 
-      control.run thread_name: 'control'
+      control.run thread_name: 'ctl'
       @control = control
     end
 
@@ -84,12 +94,13 @@ module Puma
     def output_header(mode)
       min_t = @options[:min_threads]
       max_t = @options[:max_threads]
+      environment = @options[:environment]
 
       log "Puma starting in #{mode} mode..."
       log "* Puma version: #{Puma::Const::PUMA_VERSION} (#{ruby_engine}) (\"#{Puma::Const::CODE_NAME}\")"
       log "*  Min threads: #{min_t}"
       log "*  Max threads: #{max_t}"
-      log "*  Environment: #{ENV['RACK_ENV']}"
+      log "*  Environment: #{environment}"
 
       if mode == "cluster"
         log "*   Master PID: #{Process.pid}"
@@ -108,9 +119,7 @@ module Puma
       append = @options[:redirect_append]
 
       if stdout
-        unless Dir.exist?(File.dirname(stdout))
-          raise "Cannot redirect STDOUT to #{stdout}"
-        end
+        ensure_output_directory_exists(stdout, 'STDOUT')
 
         STDOUT.reopen stdout, (append ? "a" : "w")
         STDOUT.puts "=== puma startup: #{Time.now} ==="
@@ -118,9 +127,7 @@ module Puma
       end
 
       if stderr
-        unless Dir.exist?(File.dirname(stderr))
-          raise "Cannot redirect STDERR to #{stderr}"
-        end
+        ensure_output_directory_exists(stderr, 'STDERR')
 
         STDERR.reopen stderr, (append ? "a" : "w")
         STDERR.puts "=== puma startup: #{Time.now} ==="
@@ -159,5 +166,12 @@ module Puma
       server.inherit_binder @launcher.binder
       server
     end
+
+    private
+    def ensure_output_directory_exists(path, io_name)
+      unless Dir.exist?(File.dirname(path))
+        raise "Cannot redirect #{io_name} to #{path}"
+      end
+    end
   end
 end