puma 6.0.2 → 6.4.2

data/lib/puma/dsl.rb

@@ -65,6 +65,7 @@ module Puma
 
       ca_additions = "&ca=#{Puma::Util.escape(opts[:ca])}" if ['peer', 'force_peer'].include?(verify)
 
+      low_latency_str = opts.key?(:low_latency) ? "&low_latency=#{opts[:low_latency]}" : ''
       backlog_str = opts[:backlog] ? "&backlog=#{Integer(opts[:backlog])}" : ''
 
       if defined?(JRUBY_VERSION)
@@ -88,6 +89,7 @@ module Puma
 
         cert_flags = (cert = opts[:cert]) ? "cert=#{Puma::Util.escape(cert)}" : nil
         key_flags = (key = opts[:key]) ? "&key=#{Puma::Util.escape(key)}" : nil
+        password_flags = (password_command = opts[:key_password_command]) ? "&key_password_command=#{Puma::Util.escape(password_command)}" : nil
 
         reuse_flag =
           if (reuse = opts[:reuse])
@@ -113,8 +115,8 @@ module Puma
             nil
           end
 
-        "ssl://#{host}:#{port}?#{cert_flags}#{key_flags}#{ssl_cipher_filter}" \
-          "#{reuse_flag}&verify_mode=#{verify}#{tls_str}#{ca_additions}#{v_flags}#{backlog_str}"
+        "ssl://#{host}:#{port}?#{cert_flags}#{key_flags}#{password_flags}#{ssl_cipher_filter}" \
+          "#{reuse_flag}&verify_mode=#{verify}#{tls_str}#{ca_additions}#{v_flags}#{backlog_str}#{low_latency_str}"
       end
     end
 
@@ -313,16 +315,22 @@ module Puma
       bind URI::Generic.build(scheme: 'tcp', host: host, port: Integer(port)).to_s
     end
 
+    # Define how long the tcp socket stays open, if no data has been received.
+    # @see Puma::Server.new
+    def first_data_timeout(seconds)
+      @options[:first_data_timeout] = Integer(seconds)
+    end
+
     # Define how long persistent connections can be idle before Puma closes them.
     # @see Puma::Server.new
     def persistent_timeout(seconds)
       @options[:persistent_timeout] = Integer(seconds)
     end
 
-    # Define how long the tcp socket stays open, if no data has been received.
+    # If a new request is not received within this number of seconds, begin shutting down.
     # @see Puma::Server.new
-    def first_data_timeout(seconds)
-      @options[:first_data_timeout] = Integer(seconds)
+    def idle_timeout(seconds)
+      @options[:idle_timeout] = Integer(seconds)
     end
 
     # Work around leaky apps that leave garbage in Thread locals
@@ -418,6 +426,11 @@ module Puma
       @options[:log_requests] = which
     end
 
+    # Pass in a custom logging class instance
+    def custom_logger(custom_logger)
+      @options[:custom_logger] = custom_logger
+    end
+
     # Show debugging info
     #
     def debug
@@ -503,6 +516,12 @@ module Puma
     # `true`, which sets reuse 'on' with default values, or a hash, with `:size`
     # and/or `:timeout` keys, each with integer values.
     #
+    # The `cert:` options hash parameter can be the path to a certificate
+    # file including all intermediate certificates in PEM format.
+    #
+    # The `cert_pem:` options hash parameter can be String containing the
+    # cerificate and all intermediate certificates in PEM format.
+    #
     # @example
     #   ssl_bind '127.0.0.1', '9292', {
     #     cert: path_to_cert,
@@ -584,6 +603,11 @@ module Puma
       @options[:silence_single_worker_warning] = true
     end
 
+    # Disable warning message when running single mode with callback hook defined.
+    def silence_fork_callback_warning
+      @options[:silence_fork_callback_warning] = true
+    end
+
     # Code to run immediately before master process
     # forks workers (once on boot). These hooks can block if necessary
     # to wait for background operations unknown to Puma to finish before
@@ -599,6 +623,8 @@ module Puma
     #     puts "Starting workers..."
     #   end
     def before_fork(&block)
+      warn_if_in_single_mode('before_fork')
+
       @options[:before_fork] ||= []
       @options[:before_fork] << block
     end
@@ -614,6 +640,8 @@ module Puma
     #     puts 'Before worker boot...'
     #   end
     def on_worker_boot(key = nil, &block)
+      warn_if_in_single_mode('on_worker_boot')
+
       process_hook :before_worker_boot, key, block, 'on_worker_boot'
     end
 
@@ -630,6 +658,8 @@ module Puma
     #     puts 'On worker shutdown...'
     #   end
     def on_worker_shutdown(key = nil, &block)
+      warn_if_in_single_mode('on_worker_shutdown')
+
       process_hook :before_worker_shutdown, key, block, 'on_worker_shutdown'
     end
 
@@ -644,6 +674,8 @@ module Puma
     #     puts 'Before worker fork...'
     #   end
     def on_worker_fork(&block)
+      warn_if_in_single_mode('on_worker_fork')
+
       process_hook :before_worker_fork, nil, block, 'on_worker_fork'
     end
 
@@ -658,11 +690,23 @@ module Puma
     #     puts 'After worker fork...'
     #   end
     def after_worker_fork(&block)
+      warn_if_in_single_mode('after_worker_fork')
+
       process_hook :after_worker_fork, nil, block, 'after_worker_fork'
     end
 
     alias_method :after_worker_boot, :after_worker_fork
 
+    # Code to run after puma is booted (works for both: single and clustered)
+    #
+    # @example
+    #   on_booted do
+    #     puts 'After booting...'
+    #   end
+    def on_booted(&block)
+      @config.options[:events].on_booted(&block)
+    end
+
     # When `fork_worker` is enabled, code to run in Worker 0
     # before all other workers are re-forked from this process,
     # after the server has temporarily stopped serving requests
@@ -685,6 +729,51 @@ module Puma
       process_hook :before_refork, key, block, 'on_refork'
     end
 
+    # Provide a block to be executed just before a thread is added to the thread
+    # pool. Be careful: while the block executes, thread creation is delayed, and
+    # probably a request will have to wait too! The new thread will not be added to
+    # the threadpool until the provided block returns.
+    #
+    # Return values are ignored.
+    # Raising an exception will log a warning.
+    #
+    # This hook is useful for doing something when the thread pool grows.
+    #
+    # This can be called multiple times to add several hooks.
+    #
+    # @example
+    #   on_thread_start do
+    #     puts 'On thread start...'
+    #   end
+    def on_thread_start(&block)
+      @options[:before_thread_start] ||= []
+      @options[:before_thread_start] << block
+    end
+
+    # Provide a block to be executed after a thread is trimmed from the thread
+    # pool. Be careful: while this block executes, Puma's main loop is
+    # blocked, so no new requests will be picked up.
+    #
+    # This hook only runs when a thread in the threadpool is trimmed by Puma.
+    # It does not run when a thread dies due to exceptions or any other cause.
+    #
+    # Return values are ignored.
+    # Raising an exception will log a warning.
+    #
+    # This hook is useful for cleaning up thread local resources when a thread
+    # is trimmed.
+    #
+    # This can be called multiple times to add several hooks.
+    #
+    # @example
+    #   on_thread_exit do
+    #     puts 'On thread exit...'
+    #   end
+    def on_thread_exit(&block)
+      @options[:before_thread_exit] ||= []
+      @options[:before_thread_exit] << block
+    end
+
     # Code to run out-of-band when the worker is idle.
     # These hooks run immediately after a request has finished
     # processing and there are no busy threads on the worker.
@@ -816,7 +905,8 @@ module Puma
     # not a request timeout, it is to protect against a hung or dead process.
     # Setting this value will not protect against slow requests.
     #
-    # The minimum value is 6 seconds, the default value is 60 seconds.
+    # This value must be greater than worker_check_interval.
+    # The default value is 60 seconds.
     #
     # @note Cluster mode only.
     # @example
@@ -1022,6 +1112,51 @@ module Puma
       @options[:mutate_stdout_and_stderr_to_sync_on_write] = enabled
     end
 
+    # Specify how big the request payload should be, in bytes.
+    # This limit is compared against Content-Length HTTP header.
+    # If the payload size (CONTENT_LENGTH) is larger than http_content_length_limit,
+    # HTTP 413 status code is returned.
+    #
+    # When no Content-Length http header is present, it is compared against the
+    # size of the body of the request.
+     #
+    # The default value for http_content_length_limit is nil.
+    def http_content_length_limit(limit)
+      @options[:http_content_length_limit] = limit
+    end
+
+    # Supported http methods, which will replace `Puma::Const::SUPPORTED_HTTP_METHODS`.
+    # The value of `:any` will allows all methods, otherwise, the value must be
+    # an array of strings.  Note that methods are all uppercase.
+    #
+    # `Puma::Const::SUPPORTED_HTTP_METHODS` is conservative, if you want a
+    # complete set of methods, the methods defined by the
+    # [IANA Method Registry](https://www.iana.org/assignments/http-methods/http-methods.xhtml)
+    # are pre-defined as the constant `Puma::Const::IANA_HTTP_METHODS`.
+    #
+    # @note If the `methods` value is `:any`, no method check with be performed,
+    #   similar to Puma v5 and earlier.
+    #
+    # @example Adds 'PROPFIND' to existing supported methods
+    #   supported_http_methods(Puma::Const::SUPPORTED_HTTP_METHODS + ['PROPFIND'])
+    # @example Restricts methods to the array elements
+    #   supported_http_methods %w[HEAD GET POST PUT DELETE OPTIONS PROPFIND]
+    # @example Restricts methods to the methods in the IANA Registry
+    #   supported_http_methods Puma::Const::IANA_HTTP_METHODS
+    # @example Allows any method
+    #   supported_http_methods :any
+    #
+    def supported_http_methods(methods)
+      if methods == :any
+        @options[:supported_http_methods] = :any
+      elsif Array === methods && methods == (ary = methods.grep(String).uniq) &&
+        !ary.empty?
+        @options[:supported_http_methods] = ary
+      else
+        raise "supported_http_methods must be ':any' or a unique array of strings"
+      end
+    end
+
     private
 
     # To avoid adding cert_pem and key_pem as URI params, we store them on the
@@ -1049,7 +1184,22 @@ module Puma
       elsif key.nil?
         @options[options_key] << block
       else
-        raise "'#{method}' key must be String or Symbol"
+        raise "'#{meth}' key must be String or Symbol"
+      end
+    end
+
+    def warn_if_in_single_mode(hook_name)
+      return if @options[:silence_fork_callback_warning]
+      # user_options (CLI) have precedence over config file
+      workers_val = @config.options.user_options[:workers] || @options[:workers] ||
+        @config.puma_default_options[:workers] || 0
+      if workers_val == 0
+        log_string =
+          "Warning: You specified code to run in a `#{hook_name}` block, " \
+          "but Puma is not configured to run in cluster mode (worker count > 0 ), " \
+          "so your `#{hook_name}` block did not run"
+
+        LogWriter.stdio.log(log_string)
       end
     end
   end

data/lib/puma/error_logger.rb

@@ -102,7 +102,8 @@ module Puma
           @ioerr.is_a?(IO) and @ioerr.wait_writable(1)
           @ioerr.write "#{w_str}\n"
           @ioerr.flush unless @ioerr.sync
-        rescue Errno::EPIPE, Errno::EBADF, IOError
+        rescue Errno::EPIPE, Errno::EBADF, IOError, Errno::EINVAL
+        # 'Invalid argument' (Errno::EINVAL) may be raised by flush
         end
       end
     rescue ThreadError

data/lib/puma/launcher.rb

@@ -59,6 +59,13 @@ module Puma
 
       @environment = conf.environment
 
+      # Load the systemd integration if we detect systemd's NOTIFY_SOCKET.
+      # Skip this on JRuby though, because it is incompatible with the systemd
+      # integration due to https://github.com/jruby/jruby/issues/6504
+      if ENV["NOTIFY_SOCKET"] && !Puma.jruby?
+        @config.plugins.create('systemd')
+      end
+
       if @config.options[:bind_to_activated_sockets]
         @config.options[:binds] = @binder.synthesize_binds_from_activated_fs(
           @config.options[:binds],
@@ -72,6 +79,8 @@ module Puma
       @log_writer.formatter = LogWriter::PidFormatter.new if clustered?
       @log_writer.formatter = options[:log_formatter] if @options[:log_formatter]
 
+      @log_writer.custom_logger = options[:custom_logger] if @options[:custom_logger]
+
       generate_restart_data
 
       if clustered? && !Puma.forkable?
@@ -180,7 +189,6 @@ module Puma
 
       setup_signals
       set_process_title
-      integrate_with_systemd
 
       # This blocks until the server is stopped
       @runner.run
@@ -311,27 +319,6 @@ module Puma
       @runner.reload_worker_directory if @runner.respond_to?(:reload_worker_directory)
     end
 
-    # Puma's systemd integration allows Puma to inform systemd:
-    #  1. when it has successfully started
-    #  2. when it is starting shutdown
-    #  3. periodically for a liveness check with a watchdog thread
-    def integrate_with_systemd
-      return unless ENV["NOTIFY_SOCKET"]
-
-      begin
-        require_relative 'systemd'
-      rescue LoadError
-        log "Systemd integration failed. It looks like you're trying to use systemd notify but don't have sd_notify gem installed"
-        return
-      end
-
-      log "* Enabling systemd notification integration"
-
-      systemd = Systemd.new(@log_writer, @events)
-      systemd.hook_events
-      systemd.start_watchdog
-    end
-
     def log(str)
       @log_writer.log(str)
     end

data/lib/puma/log_writer.rb

@@ -28,11 +28,12 @@ module Puma
     attr_reader :stdout,
                 :stderr
 
-    attr_accessor :formatter
+    attr_accessor :formatter, :custom_logger
 
     # Create a LogWriter that prints to +stdout+ and +stderr+.
     def initialize(stdout, stderr)
       @formatter = DefaultFormatter.new
+      @custom_logger = nil
       @stdout = stdout
       @stderr = stderr
 
@@ -59,7 +60,11 @@ module Puma
 
     # Write +str+ to +@stdout+
     def log(str)
-      internal_write "#{@formatter.call str}\n"
+      if @custom_logger&.respond_to?(:write)
+        @custom_logger.write(format(str))
+      else
+        internal_write "#{@formatter.call str}\n"
+      end
     end
 
     def write(str)
@@ -73,13 +78,18 @@ module Puma
           @stdout.is_a?(IO) and @stdout.wait_writable(1)
           @stdout.write w_str
           @stdout.flush unless @stdout.sync
-        rescue Errno::EPIPE, Errno::EBADF, IOError
+        rescue Errno::EPIPE, Errno::EBADF, IOError, Errno::EINVAL
+        # 'Invalid argument' (Errno::EINVAL) may be raised by flush
         end
       end
     rescue ThreadError
     end
     private :internal_write
 
+    def debug?
+      @debug
+    end
+
     def debug(str)
       log("% #{str}") if @debug
     end
@@ -115,7 +125,7 @@ module Puma
     def ssl_error(error, ssl_socket)
       peeraddr = ssl_socket.peeraddr.last rescue "<unknown>"
       peercert = ssl_socket.peercert
-      subject = peercert ? peercert.subject : nil
+      subject = peercert&.subject
       @error_logger.info(error: error, text: "SSL error, peer: #{peeraddr}, peer cert: #{subject}")
     end
 

data/lib/puma/minissl/context_builder.rb

@@ -38,6 +38,7 @@ module Puma
 
           ctx.key = params['key'] if params['key']
           ctx.key_pem = params['key_pem'] if params['key_pem']
+          ctx.key_password_command = params['key_password_command'] if params['key_password_command']
 
           if params['cert'].nil? && params['cert_pem'].nil?
             log_writer.error "Please specify the SSL cert via 'cert=' or 'cert_pem='"
@@ -50,6 +51,8 @@ module Puma
             unless params['ca']
               log_writer.error "Please specify the SSL ca via 'ca='"
             end
+            # needed for Puma::MiniSSL::Socket#peercert, env['puma.peercert']
+            require 'openssl'
           end
 
           ctx.ca = params['ca'] if params['ca']

data/lib/puma/minissl.rb

@@ -5,6 +5,7 @@ begin
 rescue LoadError
 end
 
+require 'open3'
 # need for Puma::MiniSSL::OPENSSL constants used in `HAS_TLS1_3`
 # use require, see https://github.com/puma/puma/pull/2381
 require 'puma/puma_http11'
@@ -183,6 +184,11 @@ module Puma
         @socket.peeraddr
       end
 
+      # OpenSSL is loaded in `MiniSSL::ContextBuilder` when
+      # `MiniSSL::Context#verify_mode` is not `VERIFY_NONE`.
+      # When `VERIFY_NONE`, `MiniSSL::Engine#peercert` is nil, regardless of
+      # whether the client sends a cert.
+      # @return [OpenSSL::X509::Certificate, nil]
       # @!attribute [r] peercert
       def peercert
         return @peercert if @peercert
@@ -277,6 +283,7 @@ module Puma
       else
         # non-jruby Context properties
         attr_reader :key
+        attr_reader :key_password_command
         attr_reader :cert
         attr_reader :ca
         attr_reader :cert_pem
@@ -291,6 +298,10 @@ module Puma
           @key = key
         end
 
+        def key_password_command=(key_password_command)
+          @key_password_command = key_password_command
+        end
+
         def cert=(cert)
           check_file cert, 'Cert'
           @cert = cert
@@ -316,6 +327,17 @@ module Puma
           raise "Cert not configured" if @cert.nil? && @cert_pem.nil?
         end
 
+        # Executes the command to return the password needed to decrypt the key.
+        def key_password
+          raise "Key password command not configured" if @key_password_command.nil?
+
+          stdout_str, stderr_str, status = Open3.capture3(@key_password_command)
+
+          return stdout_str.chomp if status.success?
+
+          raise "Key password failed with code #{status.exitstatus}: #{stderr_str}"
+        end
+
         # Controls session reuse.  Allowed values are as follows:
         # * 'off' - matches the behavior of Puma 5.6 and earlier.  This is included
         #   in case reuse 'on' is made the default in future Puma versions.

data/lib/puma/null_io.rb

@@ -18,8 +18,22 @@ module Puma
 
     # Mimics IO#read with no data.
     #
-    def read(count = nil, _buffer = nil)
-      count && count > 0 ? nil : ""
+    def read(length = nil, buffer = nil)
+      if length.to_i < 0
+        raise ArgumentError, "(negative length #{length} given)"
+      end
+
+      buffer = if buffer.nil?
+        "".b
+      else
+        String.try_convert(buffer) or raise TypeError, "no implicit conversion of #{buffer.class} into String"
+      end
+      buffer.clear
+      if length.to_i > 0
+        nil
+      else
+        buffer
+      end
     end
 
     def rewind

data/lib/puma/plugin/systemd.rb

@@ -0,0 +1,90 @@
+# frozen_string_literal: true
+
+require_relative '../plugin'
+
+# Puma's systemd integration allows Puma to inform systemd:
+#  1. when it has successfully started
+#  2. when it is starting shutdown
+#  3. periodically for a liveness check with a watchdog thread
+#  4. periodically set the status
+Puma::Plugin.create do
+  def start(launcher)
+    require_relative '../sd_notify'
+
+    launcher.log_writer.log "* Enabling systemd notification integration"
+
+    # hook_events
+    launcher.events.on_booted { Puma::SdNotify.ready }
+    launcher.events.on_stopped { Puma::SdNotify.stopping }
+    launcher.events.on_restart { Puma::SdNotify.reloading }
+
+    # start watchdog
+    if Puma::SdNotify.watchdog?
+      ping_f = watchdog_sleep_time
+
+      in_background do
+        launcher.log_writer.log "Pinging systemd watchdog every #{ping_f.round(1)} sec"
+        loop do
+          sleep ping_f
+          Puma::SdNotify.watchdog
+        end
+      end
+    end
+
+    # start status loop
+    instance = self
+    sleep_time = 1.0
+    in_background do
+      launcher.log_writer.log "Sending status to systemd every #{sleep_time.round(1)} sec"
+
+      loop do
+        sleep sleep_time
+        # TODO: error handling?
+        Puma::SdNotify.status(instance.status)
+      end
+    end
+  end
+
+  def status
+    if clustered?
+      messages = stats[:worker_status].map do |worker|
+        common_message(worker[:last_status])
+      end.join(',')
+
+      "Puma #{Puma::Const::VERSION}: cluster: #{booted_workers}/#{workers}, worker_status: [#{messages}]"
+    else
+      "Puma #{Puma::Const::VERSION}: worker: #{common_message(stats)}"
+    end
+  end
+
+  private
+
+  def watchdog_sleep_time
+    usec = Integer(ENV["WATCHDOG_USEC"])
+
+    sec_f = usec / 1_000_000.0
+    # "It is recommended that a daemon sends a keep-alive notification message
+    # to the service manager every half of the time returned here."
+    sec_f / 2
+  end
+
+  def stats
+    Puma.stats_hash
+  end
+
+  def clustered?
+    stats.has_key?(:workers)
+  end
+
+  def workers
+    stats.fetch(:workers, 1)
+  end
+
+  def booted_workers
+    stats.fetch(:booted_workers, 1)
+  end
+
+  def common_message(stats)
+    "{ #{stats[:running]}/#{stats[:max_threads]} threads, #{stats[:pool_capacity]} available, #{stats[:backlog]} backlog }"
+  end
+end

data/lib/puma/rack/builder.rb

@@ -173,7 +173,7 @@ module Puma::Rack
         TOPLEVEL_BINDING, file, 0
     end
 
-    def initialize(default_app = nil,&block)
+    def initialize(default_app = nil, &block)
       @use, @map, @run, @warmup = [], nil, default_app, nil
 
       # Conditionally load rack now, so that any rack middlewares,
@@ -183,7 +183,7 @@ module Puma::Rack
       rescue LoadError
       end
 
-      instance_eval(&block) if block_given?
+      instance_eval(&block) if block
     end
 
     def self.app(default_app = nil, &block)

data/lib/puma/rack/urlmap.rb

@@ -34,7 +34,7 @@ module Puma::Rack
         end
 
         location = location.chomp('/')
-        match = Regexp.new("^#{Regexp.quote(location).gsub('/', '/+')}(.*)", nil, 'n')
+        match = Regexp.new("^#{Regexp.quote(location).gsub('/', '/+')}(.*)", Regexp::NOENCODING)
 
         [host, location, match, app]
       }.sort_by do |(host, location, _, _)|

data/lib/puma/rack_default.rb

@@ -2,8 +2,23 @@
 
 require_relative '../rack/handler/puma'
 
-module Rack::Handler
-  def self.default(options = {})
-    Rack::Handler::Puma
+# rackup was removed in Rack 3, it is now a separate gem
+if Object.const_defined? :Rackup
+  module Rackup
+    module Handler
+      def self.default(options = {})
+        ::Rackup::Handler::Puma
+      end
+    end
   end
+elsif Object.const_defined?(:Rack) && Rack.release < '3'
+  module Rack
+    module Handler
+      def self.default(options = {})
+        ::Rack::Handler::Puma
+      end
+    end
+  end
+else
+  raise "Rack 3 must be used with the Rackup gem"
 end