rack-contrib 1.4.0 → 2.5.0

data/lib/rack/contrib/jsonp.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 module Rack
 
   # A Rack middleware for providing JSON-P support.
@@ -7,8 +9,7 @@ module Rack
   class JSONP
     include Rack::Utils
 
-    VALID_JS_VAR    = /[a-zA-Z_$][\w$]*/
-    VALID_CALLBACK  = /\A#{VALID_JS_VAR}(?:\.?#{VALID_JS_VAR})*\z/
+    VALID_CALLBACK = /\A[a-zA-Z_$](?:\.?[\w$])*\z/
 
     # These hold the Unicode characters \u2028 and \u2029.
     #
@@ -22,6 +23,9 @@ module Rack
     # "\342\200\251" # => "\u2029"
     U2028, U2029 = ("\u2028" == 'u2028') ? ["\342\200\250", "\342\200\251"] : ["\u2028", "\u2029"]
 
+    HEADERS_KLASS = Rack.release < "3" ? Utils::HeaderHash : Headers
+    private_constant :HEADERS_KLASS
+
     def initialize(app)
       @app = app
     end
@@ -41,8 +45,8 @@ module Rack
         return status, headers, response
       end
 
-      headers = HeaderHash.new(headers)
-      
+      headers = HEADERS_KLASS.new.merge(headers)
+
       if is_json?(headers) && has_callback?(request)
         callback = request.params['callback']
         return bad_request unless valid_callback?(callback)
@@ -51,32 +55,32 @@ module Rack
 
         # No longer json, its javascript!
         headers['Content-Type'] = headers['Content-Type'].gsub('json', 'javascript')
-        
+
         # Set new Content-Length, if it was set before we mutated the response body
         if headers['Content-Length']
-          length = response.to_ary.inject(0) { |len, part| len + bytesize(part) }
+          length = response.map(&:bytesize).reduce(0, :+)
           headers['Content-Length'] = length.to_s
         end
       end
 
       [status, headers, response]
     end
-    
+
     private
-    
+
     def is_json?(headers)
       headers.key?('Content-Type') && headers['Content-Type'].include?('application/json')
     end
-    
+
     def has_callback?(request)
       request.params.include?('callback') and not request.params['callback'].to_s.empty?
     end
 
     # See:
     # http://stackoverflow.com/questions/1661197/valid-characters-for-javascript-variable-names
-    # 
+    #
     # NOTE: Supports dots (.) since callbacks are often in objects:
-    # 
+    #
     def valid_callback?(callback)
       callback =~ VALID_CALLBACK
     end
@@ -88,8 +92,8 @@ module Rack
     # method of combining all of the data into a single string makes sense
     # since JSON is returned as a full string.
     #
-    def pad(callback, response, body = "")
-      response.each do |s|
+    def pad(callback, response)
+      body = response.to_enum.map do |s|
         # U+2028 and U+2029 are allowed inside strings in JSON (as all literal
         # Unicode characters) but JavaScript defines them as newline
         # seperators. Because no literal newlines are allowed in a string, this
@@ -97,9 +101,9 @@ module Rack
         # replacing them with the escaped version. This should be safe because
         # according to the JSON spec, these characters are *only* valid inside
         # a string and should therefore not be present any other places.
-        body << s.to_s.gsub(U2028, '\u2028').gsub(U2029, '\u2029')
-      end
-      
+        s.gsub(U2028, '\u2028').gsub(U2029, '\u2029')
+      end.join
+
       # https://github.com/rack/rack-contrib/issues/46
       response.close if response.respond_to?(:close)
 
@@ -107,7 +111,7 @@ module Rack
     end
 
     def bad_request(body = "Bad Request")
-      [ 400, { 'Content-Type' => 'text/plain', 'Content-Length' => body.size.to_s }, [body] ]
+      [ 400, { 'content-type' => 'text/plain', 'content-length' => body.bytesize.to_s }, [body] ]
     end
 
   end

data/lib/rack/contrib/lazy_conditional_get.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 module Rack
 
   ##
@@ -43,6 +45,10 @@ module Rack
   # know for sure that it does not modify the cached content, you can set the
   # `Rack-Lazy-Conditional-Get` on response to `skip`. This will not update the
   # global modification date.
+  #
+  # NOTE: This will not work properly in a multi-threaded environment with
+  # default cache object. A provided cache object should ensure thread-safety
+  # of the `get`/`set`/`[]`/`[]=` methods.
 
   class LazyConditionalGet
 
@@ -68,11 +74,14 @@ module Rack
 
     def call env
       if reading? env and fresh? env
-        return [304, {'Last-Modified' => env['HTTP_IF_MODIFIED_SINCE']}, []]
+        return [304, {'last-modified' => env['HTTP_IF_MODIFIED_SINCE']}, []]
       end
+
       status, headers, body = @app.call env
+      headers = Rack.release < "3" ? Utils::HeaderHash.new(headers) : headers
+
       update_cache unless (reading?(env) or skipping?(headers))
-      headers['Last-Modified'] = cached_value if stampable? headers
+      headers['last-modified'] = cached_value if stampable? headers
       [status, headers, body]
     end
 
@@ -87,11 +96,11 @@ module Rack
     end
 
     def skipping? headers
-      headers['Rack-Lazy-Conditional-Get'] == 'skip'
+      headers['rack-lazy-conditional-get'] == 'skip'
     end
 
     def stampable? headers
-      !headers.has_key?('Last-Modified') and headers['Rack-Lazy-Conditional-Get'] == 'yes'
+      !headers.has_key?('last-modified') and headers['rack-lazy-conditional-get'] == 'yes'
     end
 
     def update_cache

data/lib/rack/contrib/lighttpd_script_name_fix.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 module Rack
   # Lighttpd sets the wrong SCRIPT_NAME and PATH_INFO if you mount your
   # FastCGI app at "/". This middleware fixes this issue.

data/lib/rack/contrib/locale.rb

@@ -1,42 +1,94 @@
+# frozen_string_literal: true
+
 require 'i18n'
 
 module Rack
   class Locale
+    HEADERS_KLASS = Rack.release < "3" ? Utils::HeaderHash : Headers
+    private_constant :HEADERS_KLASS
+
     def initialize(app)
       @app = app
     end
 
     def call(env)
-      old_locale = I18n.locale
-
-      begin
-        locale = accept_locale(env) || I18n.default_locale
-        locale = env['rack.locale'] = I18n.locale = locale.to_s
-        status, headers, body = @app.call(env)
-        headers['Content-Language'] = locale unless headers['Content-Language']
-        [status, headers, body]
-      ensure
-        I18n.locale = old_locale
+      locale_to_restore = I18n.locale
+
+      locale = user_preferred_locale(env["HTTP_ACCEPT_LANGUAGE"])
+      locale ||= I18n.default_locale
+
+      env['rack.locale'] = I18n.locale = locale.to_s
+      status, headers, body = @app.call(env)
+      headers = HEADERS_KLASS.new.merge(headers)
+
+      unless headers['Content-Language']
+        headers['Content-Language'] = locale.to_s
       end
+
+      [status, headers, body]
+    ensure
+      I18n.locale = locale_to_restore
     end
 
     private
 
-    # http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.4
-    def accept_locale(env)
-      accept_langs = env["HTTP_ACCEPT_LANGUAGE"]
-      return if accept_langs.nil?
+    # Accept-Language header is covered mainly by RFC 7231
+    # https://tools.ietf.org/html/rfc7231
+    #
+    # Related sections:
+    #
+    # * https://tools.ietf.org/html/rfc7231#section-5.3.1
+    # * https://tools.ietf.org/html/rfc7231#section-5.3.5
+    # * https://tools.ietf.org/html/rfc4647#section-3.4
+    #
+    # There is an obsolete RFC 2616 (https://tools.ietf.org/html/rfc2616)
+    #
+    # Edge cases:
+    #
+    # * Value can be a comma separated list with optional whitespaces:
+    #   Accept-Language: da, en-gb;q=0.8, en;q=0.7
+    #
+    # * Quality value can contain optional whitespaces as well:
+    #   Accept-Language: ru-UA, ru; q=0.8, uk; q=0.6, en-US; q=0.4, en; q=0.2
+    #
+    # * Quality prefix 'q=' can be in upper case (Q=)
+    #
+    # * Ignore case when match locale with I18n available locales
+    #
+    def user_preferred_locale(header)
+      return if header.nil?
 
-      languages_and_qvalues = accept_langs.split(",").map { |l|
-        l += ';q=1.0' unless l =~ /;q=\d+(?:\.\d+)?$/
-        l.split(';q=')
-      }
+      locales = header.gsub(/\s+/, '').split(",").map do |language_tag|
+        locale, quality = language_tag.split(/;q=/i)
+        quality = quality ? quality.to_f : 1.0
+        [locale, quality]
+      end.reject do |(locale, quality)|
+        locale == '*' || quality == 0
+      end.sort_by do |(_, quality)|
+        quality
+      end.map(&:first)
 
-      lang = languages_and_qvalues.sort_by { |(locale, qvalue)|
-        qvalue.to_f
-      }.last.first
+      return if locales.empty?
+
+      if I18n.enforce_available_locales
+        locale = locales.reverse.find { |locale| I18n.available_locales.any? { |al| match?(al, locale) } }
+        matched_locale = I18n.available_locales.find { |al| match?(al, locale) } if locale
+        if !locale && !matched_locale
+          matched_locale = locales.reverse.find { |locale| I18n.available_locales.any? { |al| variant_match?(al, locale) } }
+          matched_locale = matched_locale[0,2] if matched_locale
+        end
+        matched_locale
+      else
+        locales.last
+      end
+    end
+
+    def match?(s1, s2)
+      s1.to_s.casecmp(s2.to_s) == 0
+    end
 
-      lang == '*' ? nil : lang
+    def variant_match?(s1, s2)
+      s1.to_s.casecmp(s2[0,2].to_s) == 0
     end
   end
 end

data/lib/rack/contrib/mailexceptions.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 require 'net/smtp'
 require 'mail'
 require 'erb'
@@ -90,7 +92,7 @@ module Rack
         mail.delivery_method :test
       elsif config[:smtp]
         smtp = config[:smtp]
-        # for backward compability, replace the :server key with :address
+        # for backward compatibility, replace the :server key with :address
         address = smtp.delete :server
         smtp[:address] = address if address
         mail.delivery_method :smtp, smtp

data/lib/rack/contrib/nested_params.rb

@@ -1,5 +1,6 @@
-require 'cgi'
-require 'strscan'
+# frozen_string_literal: true
+
+require 'rack/utils'
 
 module Rack
   # Rack middleware for parsing POST/PUT body data into nested parameters
@@ -20,124 +21,14 @@ module Rack
 
     def call(env)
       if form_vars = env[FORM_VARS]
-        env[FORM_HASH] = parse_query_parameters(form_vars)
+        Rack::Utils.parse_nested_query(form_vars)
       elsif env[CONTENT_TYPE] == URL_ENCODED
         post_body = env[POST_BODY]
         env[FORM_INPUT] = post_body
-        env[FORM_HASH] = parse_query_parameters(post_body.read)
-        post_body.rewind if post_body.respond_to?(:rewind)
+        env[FORM_HASH] = Rack::Utils.parse_nested_query(post_body.read)
+        post_body.rewind
       end
       @app.call(env)
     end
-
-    ## the rest is nabbed from Rails ##
-
-    def parse_query_parameters(query_string)
-      return {} if query_string.nil? or query_string.empty?
-
-      pairs = query_string.split('&').collect do |chunk|
-        next if chunk.empty?
-        key, value = chunk.split('=', 2)
-        next if key.empty?
-        value = value.nil? ? nil : CGI.unescape(value)
-        [ CGI.unescape(key), value ]
-      end.compact
-
-      UrlEncodedPairParser.new(pairs).result
-    end
-
-    class UrlEncodedPairParser < StringScanner
-      attr_reader :top, :parent, :result
-
-      def initialize(pairs = [])
-        super('')
-        @result = {}
-        pairs.each { |key, value| parse(key, value) }
-      end
-
-      KEY_REGEXP = %r{([^\[\]=&]+)}
-      BRACKETED_KEY_REGEXP = %r{\[([^\[\]=&]+)\]}
-
-      # Parse the query string
-      def parse(key, value)
-        self.string = key
-        @top, @parent = result, nil
-
-        # First scan the bare key
-        key = scan(KEY_REGEXP) or return
-        key = post_key_check(key)
-
-        # Then scan as many nestings as present
-        until eos?
-          r = scan(BRACKETED_KEY_REGEXP) or return
-          key = self[1]
-          key = post_key_check(key)
-        end
-
-        bind(key, value)
-      end
-
-      private
-        # After we see a key, we must look ahead to determine our next action. Cases:
-        #
-        #   [] follows the key. Then the value must be an array.
-        #   = follows the key. (A value comes next)
-        #   & or the end of string follows the key. Then the key is a flag.
-        #   otherwise, a hash follows the key.
-        def post_key_check(key)
-          if scan(/\[\]/) # a[b][] indicates that b is an array
-            container(key, Array)
-            nil
-          elsif check(/\[[^\]]/) # a[b] indicates that a is a hash
-            container(key, Hash)
-            nil
-          else # End of key? We do nothing.
-            key
-          end
-        end
-
-        # Add a container to the stack.
-        def container(key, klass)
-          type_conflict! klass, top[key] if top.is_a?(Hash) && top.key?(key) && ! top[key].is_a?(klass)
-          value = bind(key, klass.new)
-          type_conflict! klass, value unless value.is_a?(klass)
-          push(value)
-        end
-
-        # Push a value onto the 'stack', which is actually only the top 2 items.
-        def push(value)
-          @parent, @top = @top, value
-        end
-
-        # Bind a key (which may be nil for items in an array) to the provided value.
-        def bind(key, value)
-          if top.is_a? Array
-            if key
-              if top[-1].is_a?(Hash) && ! top[-1].key?(key)
-                top[-1][key] = value
-              else
-                top << {key => value}
-              end
-              push top.last
-              return top[key]
-            else
-              top << value
-              return value
-            end
-          elsif top.is_a? Hash
-            key = CGI.unescape(key)
-            parent << (@top = {}) if top.key?(key) && parent.is_a?(Array)
-            top[key] ||= value
-            return top[key]
-          else
-            raise ArgumentError, "Don't know what to do: top is #{top.inspect}"
-          end
-        end
-
-        def type_conflict!(klass, value)
-          raise TypeError, "Conflicting types for parameter containers. Expected an instance of #{klass} but found an instance of #{value.class}. This can be caused by colliding Array and Hash parameters like qs[]=value&qs[key]=value. (The parameters received were #{value.inspect}.)"
-        end
-    end
-
   end
 end

data/lib/rack/contrib/not_found.rb

@@ -1,18 +1,33 @@
+# frozen_string_literal: true
+
 module Rack
-  # Rack::NotFound is a default endpoint. Initialize with the path to
-  # your 404 page.
+  # Rack::NotFound is a default endpoint. Optionally initialize with the
+  # path to a custom 404 page, to override the standard response body.
+  #
+  # Examples:
+  #
+  # Serve default 404 response:
+  #   run Rack::NotFound.new
+  #
+  # Serve a custom 404 page:
+  #   run Rack::NotFound.new('path/to/your/404.html')
 
   class NotFound
     F = ::File
 
-    def initialize(path)
-      file = F.expand_path(path)
-      @content = F.read(file)
-      @length = @content.size.to_s
+    def initialize(path = nil, content_type = 'text/html')
+      if path.nil?
+        @content = "Not found\n"
+      else
+        @content = F.read(path)
+      end
+      @length = @content.bytesize.to_s
+
+      @content_type = content_type
     end
 
     def call(env)
-      [404, {'Content-Type' => 'text/html', 'Content-Length' => @length}, [@content]]
+      [404, {'content-type' => @content_type, 'content-length' => @length}, [@content]]
     end
   end
 end

data/lib/rack/contrib/post_body_content_type_parser.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 begin
   require 'json'
 rescue LoadError => e
@@ -6,10 +8,51 @@ end
 
 module Rack
 
+  # <b>DEPRECATED:</b> <tt>JSONBodyParser</tt> is a drop-in replacement that is faster and more configurable.
+  #
   # A Rack middleware for parsing POST/PUT body data when Content-Type is
   # not one of the standard supported types, like <tt>application/json</tt>.
   #
-  # TODO: Find a better name.
+  # === How to use the middleware
+  #
+  # Example of simple +config.ru+ file:
+  #
+  #  require 'rack'
+  #  require 'rack/contrib'
+  #
+  #  use ::Rack::PostBodyContentTypeParser
+  #
+  #  app = lambda do |env|
+  #    request = Rack::Request.new(env)
+  #    body = "Hello #{request.params['name']}"
+  #    [200, {'Content-Type' => 'text/plain'}, [body]]
+  #  end
+  #
+  #  run app
+  #
+  # Example with passing block argument:
+  #
+  #   use ::Rack::PostBodyContentTypeParser do |body|
+  #     { 'params' => JSON.parse(body) }
+  #   end
+  #
+  # Example with passing proc argument:
+  #
+  #   parser = ->(body) { { 'params' => JSON.parse(body) } }
+  #   use ::Rack::PostBodyContentTypeParser, &parser
+  #
+  #
+  # === Failed JSON parsing
+  #
+  # Returns "400 Bad request" response if invalid JSON document was sent:
+  #
+  # Raw HTTP response:
+  #
+  #   HTTP/1.1 400 Bad Request
+  #   Content-Type: text/plain
+  #   Content-Length: 28
+  #
+  #   failed to parse body as JSON
   #
   class PostBodyContentTypeParser
 
@@ -24,17 +67,24 @@ module Rack
     #
     APPLICATION_JSON = 'application/json'.freeze
 
-    def initialize(app)
+    def initialize(app, &block)
+      warn "[DEPRECATION] `PostBodyContentTypeParser` is deprecated. Use `JSONBodyParser` as a drop-in replacement."
       @app = app
+      @block = block || Proc.new { |body| JSON.parse(body, :create_additions => false) }
     end
 
     def call(env)
       if Rack::Request.new(env).media_type == APPLICATION_JSON && (body = env[POST_BODY].read).length != 0
-        env[POST_BODY].rewind # somebody might try to read this stream
-        env.update(FORM_HASH => JSON.parse(body, :create_additions => false), FORM_INPUT => env[POST_BODY])
+        env[POST_BODY].rewind if env[POST_BODY].respond_to?(:rewind) # somebody might try to read this stream
+        env.update(FORM_HASH => @block.call(body), FORM_INPUT => env[POST_BODY])
       end
       @app.call(env)
+    rescue JSON::ParserError
+      bad_request('failed to parse body as JSON')
     end
 
+    def bad_request(body = 'Bad Request')
+      [ 400, { 'content-type' => 'text/plain', 'content-length' => body.bytesize.to_s }, [body] ]
+    end
   end
 end

data/lib/rack/contrib/printout.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 module Rack
   #prints the environment and request for simple debugging
   class Printout
@@ -6,7 +8,7 @@ module Rack
     end
 
     def call(env)
-      # See http://rack.rubyforge.org/doc/SPEC.html for details
+      # See https://github.com/rack/rack/blob/main/SPEC.rdoc for details
       puts "**********\n Environment\n **************"
       puts env.inspect
       

data/lib/rack/contrib/proctitle.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 module Rack
   # Middleware to update the process title ($0) with information about the
   # current request. Based loosely on: