puma 7.2.0-java → 8.0.0-java

data/lib/puma/cli.rb

@@ -148,7 +148,7 @@ module Puma
 
           o.on "-p", "--port PORT", "Define the TCP port to bind to",
             "Use -b for more advanced options" do |arg|
-            user_config.bind "tcp://#{Configuration::DEFAULTS[:tcp_host]}:#{arg}"
+            user_config.port arg, Configuration.default_tcp_host
           end
 
           o.on "--pidfile PATH", "Use PATH as a pidfile" do |arg|

data/lib/puma/client.rb

@@ -2,6 +2,7 @@
 
 require_relative 'detect'
 require_relative 'io_buffer'
+require_relative 'client_env'
 require 'tempfile'
 
 if Puma::IS_JRUBY
@@ -20,8 +21,8 @@ module Puma
   #———————————————————————— DO NOT USE — this class is for internal use only ———
 
 
-  # An instance of this class represents a unique request from a client.
-  # For example, this could be a web request from a browser or from CURL.
+  # An instance of this class wraps a connection/socket.
+  # For example, this could be an http request from a browser or from CURL.
   #
   # An instance of `Puma::Client` can be used as if it were an IO object
   # by the reactor. The reactor is expected to call `#to_io`
@@ -29,12 +30,18 @@ module Puma
   # `IO::try_convert` (which may call `#to_io`) when a new socket is
   # registered.
   #
-  # Instances of this class are responsible for knowing if
-  # the header and body are fully buffered via the `try_to_finish` method.
+  # Instances of this class are responsible for knowing if the request line,
+  # headers and body are fully buffered and verified via the `try_to_finish` method.
+  # All verification of each request is done in the `Client` object.
   # They can be used to "time out" a response via the `timeout_at` reader.
   #
+  # Most of the code for env processing and verification is contained
+  # in `Puma::ClientEnv`, which is included.
+  #
   class Client # :nodoc:
 
+    include ClientEnv
+
     # this tests all values but the last, which must be chunked
     ALLOWED_TRANSFER_ENCODING = %w[compress deflate gzip].freeze
 
@@ -65,7 +72,13 @@ module Puma
     # no body share this one object since it has no state.
     EmptyBody = NullIO.new
 
-    include Puma::Const
+    attr_reader :env, :to_io, :body, :io, :timeout_at, :ready, :hijacked,
+                :tempfile, :io_buffer, :http_content_length_limit_exceeded,
+                :requests_served, :error_status_code
+
+    attr_writer :peerip, :http_content_length_limit, :supported_http_methods
+
+    attr_accessor :remote_addr_header, :listener, :env_set_http_version
 
     def initialize(io, env=nil)
       @io = io
@@ -91,7 +104,8 @@ module Puma
       @hijacked = false
 
       @http_content_length_limit = nil
-      @http_content_length_limit_exceeded = false
+      @http_content_length_limit_exceeded = nil
+      @error_status_code = nil
 
       @peerip = nil
       @peer_family = nil
@@ -107,14 +121,6 @@ module Puma
       @read_buffer = String.new # rubocop: disable Performance/UnfreezeString
     end
 
-    attr_reader :env, :to_io, :body, :io, :timeout_at, :ready, :hijacked,
-                :tempfile, :io_buffer, :http_content_length_limit_exceeded,
-                :requests_served
-
-    attr_writer :peerip, :http_content_length_limit
-
-    attr_accessor :remote_addr_header, :listener
-
     # Remove in Puma 7?
     def closed?
       @to_io.closed?
@@ -164,7 +170,8 @@ module Puma
       @body_remain = 0
       @peerip = nil if @remote_addr_header
       @in_last_chunk = false
-      @http_content_length_limit_exceeded = false
+      @http_content_length_limit_exceeded = nil
+      @error_status_code = nil
     end
 
     # only used with back-to-back requests contained in the buffer
@@ -174,12 +181,7 @@ module Puma
 
         @parsed_bytes = parser_execute
 
-        if @parser.finished?
-          return setup_body
-        elsif @parsed_bytes >= MAX_HEADER
-          raise HttpParserError,
-            "HEADER is longer than allowed, aborting client early."
-        end
+        @parser.finished? ? process_env_body : false
       end
     end
 
@@ -231,17 +233,6 @@ module Puma
     end
 
     def try_to_finish
-      if env[CONTENT_LENGTH] && above_http_content_limit(env[CONTENT_LENGTH].to_i)
-        @http_content_length_limit_exceeded = true
-      end
-
-      if @http_content_length_limit_exceeded
-        @buffer = nil
-        @body = EmptyBody
-        set_ready
-        return true
-      end
-
       return read_body if in_data_phase
 
       data = nil
@@ -272,18 +263,7 @@ module Puma
 
       @parsed_bytes = parser_execute
 
-      if @parser.finished? && above_http_content_limit(@parser.body.bytesize)
-        @http_content_length_limit_exceeded = true
-      end
-
-      if @parser.finished?
-        setup_body
-      elsif @parsed_bytes >= MAX_HEADER
-        raise HttpParserError,
-          "HEADER is longer than allowed, aborting client early."
-      else
-        false
-      end
+      @parser.finished? ? process_env_body : false
     end
 
     def eagerly_finish
@@ -303,7 +283,12 @@ module Puma
     # @return [Integer] bytes of buffer read by parser
     #
     def parser_execute
-      @parser.execute(@env, @buffer, @parsed_bytes)
+      ret = @parser.execute(@env, @buffer, @parsed_bytes)
+
+      if @env[REQUEST_METHOD] && @supported_http_methods != :any && !@supported_http_methods.key?(@env[REQUEST_METHOD])
+        raise HttpParserError501, "#{@env[REQUEST_METHOD]} method is not supported"
+      end
+      ret
     rescue => e
       @env[HTTP_CONNECTION] = 'close'
       raise e unless HttpParserError === e && e.message.include?('non-SSL')
@@ -337,6 +322,15 @@ module Puma
       end
     end
 
+    # processes the `env` and the request body
+    def process_env_body
+      temp = setup_body
+      normalize_env
+      req_env_post_parse
+      raise HttpParserError if @error_status_code
+      temp
+    end
+
     def timeout!
       write_error(408) if in_data_phase
       raise ConnectionError
@@ -353,12 +347,12 @@ module Puma
       return @peerip if @peerip
 
       if @remote_addr_header
-        hdr = (@env[@remote_addr_header] || @io.peeraddr.last).split(/[\s,]/).first
+        hdr = (@env[@remote_addr_header] || socket_peerip).split(/[\s,]/).first
         @peerip = hdr
         return hdr
       end
 
-      @peerip ||= @io.peeraddr.last
+      @peerip ||= socket_peerip
     end
 
     def peer_family
@@ -393,19 +387,36 @@ module Puma
 
     private
 
+    IPV4_MAPPED_IPV6_PREFIX = "::ffff:"
+    private_constant :IPV4_MAPPED_IPV6_PREFIX
+
+    def socket_peerip
+      unmap_ipv6(@io.peeraddr.last)
+    end
+
+    # Converts IPv4-mapped IPv6 addresses (e.g. ::ffff:127.0.0.1) back to
+    # their IPv4 form. These addresses appear when IPv4 clients connect to
+    # a dual-stack IPv6 socket.
+    def unmap_ipv6(addr)
+      addr.delete_prefix(IPV4_MAPPED_IPV6_PREFIX)
+    end
+
+    # Checks the request `Transfer-Encoding` and/or `Content-Length` to see if
+    # they are valid.  Raises errors if not, otherwise reads the body.
+    # @return [Boolean] true if the body can be completely read, false otherwise
+    #
     def setup_body
       @body_read_start = Process.clock_gettime(Process::CLOCK_MONOTONIC, :float_millisecond)
 
       if @env[HTTP_EXPECT] == CONTINUE
-        # TODO allow a hook here to check the headers before
-        # going forward
+        # TODO allow a hook here to check the headers before going forward
         @io << HTTP_11_100
         @io.flush
       end
 
       @read_header = false
 
-      body = @parser.body
+      parser_body = @parser.body
 
       te = @env[TRANSFER_ENCODING2]
       if te
@@ -422,10 +433,10 @@ module Puma
             raise HttpParserError501, "#{TE_ERR_MSG}, unknown value: '#{te}'"
           end
           @env.delete TRANSFER_ENCODING2
-          return setup_chunked_body body
+          return setup_chunked_body parser_body
         elsif te_lwr == CHUNKED
           @env.delete TRANSFER_ENCODING2
-          return setup_chunked_body body
+          return setup_chunked_body parser_body
         elsif ALLOWED_TRANSFER_ENCODING.include? te_lwr
           raise HttpParserError     , "#{TE_ERR_MSG}, single value must be chunked: '#{te}'"
         else
@@ -440,10 +451,12 @@ module Puma
       if cl
         # cannot contain characters that are not \d, or be empty
         if CONTENT_LENGTH_VALUE_INVALID.match?(cl) || cl.empty?
+          @error_status_code = 400
+          @env[HTTP_CONNECTION] = 'close'
           raise HttpParserError, "Invalid Content-Length: #{cl.inspect}"
         end
       else
-        @buffer = body.empty? ? nil : body
+        @buffer = parser_body.empty? ? nil : parser_body
         @body = EmptyBody
         set_ready
         return true
@@ -451,23 +464,25 @@ module Puma
 
       content_length = cl.to_i
 
-      remain = content_length - body.bytesize
+      raise_above_http_content_limit if @http_content_length_limit&.< content_length
+
+      remain = content_length - parser_body.bytesize
 
       if remain <= 0
-        # Part of the body is a pipelined request OR garbage. We'll deal with that later.
+        # Part of the parser_body is a pipelined request OR garbage. We'll deal with that later.
         if content_length == 0
           @body = EmptyBody
-          if body.empty?
+          if parser_body.empty?
             @buffer = nil
           else
-            @buffer = body
+            @buffer = parser_body
           end
         elsif remain == 0
-          @body = StringIO.new body
+          @body = StringIO.new parser_body
           @buffer = nil
         else
-          @body = StringIO.new(body[0,content_length])
-          @buffer = body[content_length..-1]
+          @body = StringIO.new(parser_body[0,content_length])
+          @buffer = parser_body[content_length..-1]
         end
         set_ready
         return true
@@ -479,12 +494,12 @@ module Puma
         @body.binmode
         @tempfile = @body
       else
-        # The body[0,0] trick is to get an empty string in the same
-        # encoding as body.
-        @body = StringIO.new body[0,0]
+        # The parser_body[0,0] trick is to get an empty string in the same
+        # encoding as parser_body.
+        @body = StringIO.new parser_body[0,0]
       end
 
-      @body.write body
+      @body.write parser_body
 
       @body_remain = remain
 
@@ -577,6 +592,10 @@ module Puma
 
     # @version 5.0.0
     def write_chunk(str)
+      if @http_content_length_limit&.< @chunked_content_length + str.bytesize
+        raise_above_http_content_limit
+      end
+
       @chunked_content_length += @body.write(str)
     end
 
@@ -709,8 +728,13 @@ module Puma
       @ready = true
     end
 
-    def above_http_content_limit(value)
-      @http_content_length_limit&.< value
+    def raise_above_http_content_limit
+      @http_content_length_limit_exceeded = true
+      @buffer = nil
+      @body = EmptyBody
+      @error_status_code = 413
+      @env[HTTP_CONNECTION] = 'close'
+      raise HttpParserError, "Payload Too Large"
     end
   end
 end

data/lib/puma/client_env.rb

@@ -0,0 +1,171 @@
+# frozen_string_literal: true
+
+module Puma
+
+  #———————————————————————— DO NOT USE — this class is for internal use only ———
+
+
+  # This module is included in `Client`.  It contains code to process the `env`
+  # before it is passed to the app.
+  #
+  module ClientEnv # :nodoc:
+
+    include Puma::Const
+
+    # Given a Hash +env+ for the request read from +client+, add
+    # and fixup keys to comply with Rack's env guidelines.
+    # @param env [Hash] see Puma::Client#env, from request
+    # @param client [Puma::Client] only needed for Client#peerip
+    #
+    def normalize_env
+      if host = @env[HTTP_HOST]
+        # host can be a hostname, ipv4 or bracketed ipv6. Followed by an optional port.
+        if colon = host.rindex("]:") # IPV6 with port
+          @env[SERVER_NAME] = host[0, colon+1]
+          @env[SERVER_PORT] = host[colon+2, host.bytesize]
+        elsif !host.start_with?("[") && colon = host.index(":") # not hostname or IPV4 with port
+          @env[SERVER_NAME] = host[0, colon]
+          @env[SERVER_PORT] = host[colon+1, host.bytesize]
+        else
+          @env[SERVER_NAME] = host
+          @env[SERVER_PORT] = default_server_port
+        end
+      else
+        @env[SERVER_NAME] = LOCALHOST
+        @env[SERVER_PORT] = default_server_port
+      end
+
+      unless @env[REQUEST_PATH]
+        # it might be a dumbass full host request header
+        uri = begin
+          URI.parse(@env[REQUEST_URI])
+        rescue URI::InvalidURIError
+          raise Puma::HttpParserError
+        end
+        @env[REQUEST_PATH] = uri.path
+
+        # A nil env value will cause a LintError (and fatal errors elsewhere),
+        # so only set the env value if there actually is a value.
+        @env[QUERY_STRING] = uri.query if uri.query
+      end
+
+      @env[PATH_INFO] = @env[REQUEST_PATH].to_s # #to_s in case it's nil
+
+      # From https://www.ietf.org/rfc/rfc3875 :
+      # "Script authors should be aware that the REMOTE_ADDR and
+      # REMOTE_HOST meta-variables (see sections 4.1.8 and 4.1.9)
+      # may not identify the ultimate source of the request.
+      # They identify the client for the immediate request to the
+      # server; that client may be a proxy, gateway, or other
+      # intermediary acting on behalf of the actual source client."
+      #
+
+      unless @env.key?(REMOTE_ADDR)
+        begin
+          addr = peerip
+        rescue Errno::ENOTCONN
+          # Client disconnects can result in an inability to get the
+          # peeraddr from the socket; default to unspec.
+          if peer_family == Socket::AF_INET6
+            addr = UNSPECIFIED_IPV6
+          else
+            addr = UNSPECIFIED_IPV4
+          end
+        end
+
+        # Set unix socket addrs to localhost
+        if addr.empty?
+          addr = peer_family == Socket::AF_INET6 ? LOCALHOST_IPV6 : LOCALHOST_IPV4
+        end
+
+        @env[REMOTE_ADDR] = addr
+      end
+
+      # The legacy HTTP_VERSION header can be sent as a client header.
+      # Rack v4 may remove using HTTP_VERSION.  If so, remove this line.
+      @env[HTTP_VERSION] = @env[SERVER_PROTOCOL] if @env_set_http_version
+
+      @env[PUMA_SOCKET] = @io
+
+      if @env[HTTPS_KEY] && @io.peercert
+        @env[PUMA_PEERCERT] = @io.peercert
+      end
+
+      @env[HIJACK_P] = true
+      @env[HIJACK] = method(:full_hijack).to_proc
+
+      @env[RACK_INPUT] = @body || EmptyBody
+      @env[RACK_URL_SCHEME] ||= default_server_port == PORT_443 ? HTTPS : HTTP
+    end
+
+    # Fixup any headers with `,` in the name to have `_` now. We emit
+    # headers with `,` in them during the parse phase to avoid ambiguity
+    # with the `-` to `_` conversion for critical headers. But here for
+    # compatibility, we'll convert them back. This code is written to
+    # avoid allocation in the common case (ie there are no headers
+    # with `,` in their names), that's why it has the extra conditionals.
+    #
+    # @note If a normalized version of a `,` header already exists, we ignore
+    #       the `,` version. This prevents clobbering headers managed by proxies
+    #       but not by clients (Like X-Forwarded-For).
+    #
+    # @param env [Hash] see Puma::Client#env, from request, modifies in place
+    # @version 5.0.3
+    #
+    def req_env_post_parse
+      to_delete = nil
+      to_add = nil
+
+      @env.each do |k,v|
+        if k.start_with?("HTTP_") && k.include?(",") && !UNMASKABLE_HEADERS.key?(k)
+          if to_delete
+            to_delete << k
+          else
+            to_delete = [k]
+          end
+
+          new_k = k.tr(",", "_")
+          if @env.key?(new_k)
+            next
+          end
+
+          unless to_add
+            to_add = {}
+          end
+
+          to_add[new_k] = v
+        end
+      end
+
+      if to_delete # rubocop:disable Style/SafeNavigation
+        to_delete.each { |k| env.delete(k) }
+      end
+
+      if to_add
+        @env.merge! to_add
+      end
+
+      # A rack extension. If the app writes #call'ables to this
+      # array, we will invoke them when the request is done.
+      #
+      env[RACK_AFTER_REPLY] ||= []
+      env[RACK_RESPONSE_FINISHED] ||= []
+    end
+
+    HTTP_ON_VALUES = { "on" => true, HTTPS => true }
+    private_constant :HTTP_ON_VALUES
+
+    # @return [Puma::Const::PORT_443,Puma::Const::PORT_80]
+    #
+    def default_server_port
+      if HTTP_ON_VALUES[@env[HTTPS_KEY]] ||
+          @env[HTTP_X_FORWARDED_PROTO]&.start_with?(HTTPS) ||
+          @env[HTTP_X_FORWARDED_SCHEME] == HTTPS ||
+          @env[HTTP_X_FORWARDED_SSL] == "on"
+        PORT_443
+      else
+        PORT_80
+      end
+    end
+  end
+end

data/lib/puma/cluster.rb

@@ -87,7 +87,7 @@ module Puma
         end
 
         debug "Spawned worker: #{pid}"
-        @workers << WorkerHandle.new(idx, pid, @phase, @options)
+        @workers.insert(idx, WorkerHandle.new(idx, pid, @phase, @options))
       end
 
       if @options[:fork_worker] && all_workers_in_phase?

data/lib/puma/configuration.rb

@@ -1,5 +1,8 @@
 # frozen_string_literal: true
 
+require 'socket'
+require 'uri'
+
 require_relative 'plugin'
 require_relative 'const'
 require_relative 'dsl'
@@ -131,14 +134,16 @@ module Puma
 
     DEFAULTS = {
       auto_trim_time: 30,
-      binds: ['tcp://0.0.0.0:9292'.freeze],
-      fiber_per_request: !!ENV.fetch("PUMA_FIBER_PER_REQUEST", false),
+      binds: ['tcp://[::]:9292'.freeze],
       debug: false,
-      enable_keep_alives: true,
       early_hints: nil,
+      enable_keep_alives: true,
       environment: 'development'.freeze,
+      fiber_per_request: !!ENV.fetch("PUMA_FIBER_PER_REQUEST", false),
       # Number of seconds to wait until we get the first data for the request.
       first_data_timeout: 30,
+      force_shutdown_after: -1,
+      http_content_length_limit: nil,
       # Number of seconds to wait until the next request before shutting down.
       idle_timeout: nil,
       io_selector_backend: :auto,
@@ -147,6 +152,7 @@ module Puma
       # Limits how many requests a keep alive connection can make.
       # The connection will be closed after it reaches `max_keep_alive`
       # requests.
+      max_io_threads: 0,
       max_keep_alive: 999,
       max_threads: Puma.mri? ? 5 : 16,
       min_threads: 0,
@@ -161,10 +167,10 @@ module Puma
       raise_exception_on_sigterm: true,
       reaping_time: 1,
       remote_address: :socket,
-      silence_single_worker_warning: false,
       silence_fork_callback_warning: false,
+      silence_single_worker_warning: false,
       tag: File.basename(Dir.getwd),
-      tcp_host: '0.0.0.0'.freeze,
+      tcp_host: '::'.freeze,
       tcp_port: 9292,
       wait_for_less_busy_worker: 0.005,
       worker_boot_timeout: 60,
@@ -173,11 +179,10 @@ module Puma
       worker_shutdown_timeout: 30,
       worker_timeout: 60,
       workers: 0,
-      http_content_length_limit: nil
     }
 
     def initialize(user_options={}, default_options = {}, env = ENV, &block)
-      default_options = self.puma_default_options(env).merge(default_options)
+      default_options = self.puma_default_options(env).merge(events: Events.new).merge(default_options)
 
       @_options    = UserFileDefaultOptions.new(user_options, default_options)
       @plugins     = PluginLoader.new
@@ -230,6 +235,8 @@ module Puma
 
     def puma_default_options(env = ENV)
       defaults = DEFAULTS.dup
+      defaults[:tcp_host] = self.class.default_tcp_host
+      defaults[:binds] = [self.class.default_tcp_bind]
       puma_options_from_env(env).each { |k,v| defaults[k] = v if v }
       defaults
     end
@@ -277,8 +284,10 @@ module Puma
     # This also calls load if it hasn't been called yet.
     def clamp
       load unless @loaded
+      run_mode_hooks
       set_conditional_default_options
       @_options.finalize_values
+      rewrite_unavailable_ipv6_binds!
       @clamped = true
       warn_hooks
       options
@@ -357,6 +366,23 @@ module Puma
       options.final_options
     end
 
+    def self.default_tcp_host
+      ipv6_interface_available? ? Const::UNSPECIFIED_IPV6 : Const::UNSPECIFIED_IPV4
+    end
+
+    def self.default_tcp_bind(port = DEFAULTS[:tcp_port])
+      URI::Generic.build(scheme: 'tcp', host: default_tcp_host, port: Integer(port)).to_s
+    end
+
+    def self.ipv6_interface_available?
+      Socket.getifaddrs.any? do |ifaddr|
+        addr = ifaddr.addr
+        addr&.ipv6? && !addr&.ipv6_loopback?
+      end
+    rescue StandardError
+      false
+    end
+
     def self.temp_path
       require 'tmpdir'
 
@@ -372,6 +398,31 @@ module Puma
 
     private
 
+    def rewrite_unavailable_ipv6_binds!
+      return if self.class.ipv6_interface_available?
+
+      tried_ipv6_bind = false
+      bind_schemes = ['tcp', 'ssl']
+
+      @_options[:binds] = Array(@_options[:binds]).map do |bind|
+        uri = URI.parse(bind)
+        next bind unless bind_schemes.include?(uri.scheme)
+
+        host = uri.host&.delete_prefix('[')&.delete_suffix(']')
+        next bind unless host&.include?(':')
+
+        tried_ipv6_bind = true
+        next bind unless host == Const::UNSPECIFIED_IPV6
+
+        uri.host = Const::UNSPECIFIED_IPV4
+        uri.to_s
+      rescue URI::InvalidURIError
+        bind
+      end
+
+      warn "WARNING: IPv6 bind requested but no non-loopback IPv6 interface was detected" if tried_ipv6_bind
+    end
+
     def require_processor_counter
       require 'concurrent/utility/processor_counter'
     rescue LoadError
@@ -433,6 +484,17 @@ module Puma
       rack_app
     end
 
+    def run_mode_hooks
+      workers_before = @_options[:workers]
+      key = workers_before > 0 ? :cluster : :single
+
+      @_options.all_of(key).each(&:call)
+
+      unless @_options[:workers] == workers_before
+        raise "cannot change the number of workers inside a #{key} configuration hook"
+      end
+    end
+
     def set_conditional_default_options
       @_options.default_options[:preload_app] = !@_options[:prune_bundler] &&
         (@_options[:workers] > 1) && Puma.forkable?

data/lib/puma/const.rb

@@ -100,8 +100,8 @@ module Puma
   # too taxing on performance.
   module Const
 
-    PUMA_VERSION = VERSION = "7.2.0"
-    CODE_NAME = "On The Corner"
+    PUMA_VERSION = VERSION = "8.0.0"
+    CODE_NAME = "Into the Arena"
 
     PUMA_SERVER_STRING = ["puma", PUMA_VERSION, CODE_NAME].join(" ").freeze
 

data/lib/puma/control_cli.rb

@@ -16,7 +16,7 @@ module Puma
       'gc'       => nil,
       'gc-stats' => nil,
       'halt'              => 'SIGQUIT',
-      'info'              => 'SIGINFO',
+      'info'              => Puma.backtrace_signal,
       'phased-restart'    => 'SIGUSR1',
       'refork'            => 'SIGURG',
       'reload-worker-directory' => nil,