rack-contrib 1.8.0 → 2.3.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
-SHA1:
-  metadata.gz: bee6a82e9e3cd0238bfc695f9d18a74045235f86
-  data.tar.gz: a340facd62eb27f47bbce5e5e02f15c949454946
+SHA256:
+  metadata.gz: cf14e9cb70d9701bc1f3fe5ce036a0667f4ba6c9411e0e6ded73ef958228ec45
+  data.tar.gz: d0c2abe31908dd0d49dec3635cca17c720c94d098a04e9485adf917c469e0ee5
 SHA512:
-  metadata.gz: 6f3bee839cd6955789228948379912610ac8c9ea8dd2cfd2339f43b2e15e311ee0aacd65f71304977c2fb78624cd374a1b8e071e9129da0db2cde9e61828b64a
-  data.tar.gz: 5c0ce1dc50158e6790db66d758f7a9a16f6d5b0fa87a50f759e00c17d9a7ea5226ebc16e275f3f9e687306867d937bf1cadff224f763481f0991aa0650b58dc2
+  metadata.gz: f352f5eac5008e79d645460cd9b17dcc7231fe55edb63a0540c6c0991c06ba5f989cd70c23453e854a8189bcd02ad1be96366bb4d24efdaccefc5fe823a9eed5
+  data.tar.gz: 379d6d0190a63d1df9c615e2fdd53bfebcac0cf506407e1e8a11c734ffc955f066a2aa56e79db21458b62efbb6603e1749f1bdddaed1c35fb84a69cd494dba8f

data/README.md

@@ -3,17 +3,16 @@
 This package includes a variety of add-on components for Rack, a Ruby web server
 interface:
 
-* `Rack::AcceptFormat` - Adds a format extension at the end of the URI when there is none, corresponding to the mime-type given in the Accept HTTP header.
 * `Rack::Access` - Limits access based on IP address
 * `Rack::Backstage` - Returns content of specified file if it exists, which makes it convenient for putting up maintenance pages.
 * `Rack::BounceFavicon` - Returns a 404 for requests to `/favicon.ico`
 * `Rack::CSSHTTPRequest` - Adds CSSHTTPRequest support by encoding responses as CSS for cross-site AJAX-style data loading
 * `Rack::Callbacks` - Implements DSL for pure before/after filter like Middlewares.
-* `Rack::Config` - Shared configuration for cooperative middleware.
 * `Rack::Cookies` - Adds simple cookie jar hash to env
 * `Rack::Deflect` - Helps protect against DoS attacks.
 * `Rack::Evil` - Lets the rack application return a response to the client from any place.
 * `Rack::HostMeta` - Configures `/host-meta` using a block
+* `Rack::JSONBodyParser` - Adds JSON request bodies to the Rack parameters hash.
 * `Rack::JSONP` - Adds JSON-P support by stripping out the callback param and padding the response with the appropriate callback format.
 * `Rack::LazyConditionalGet` - Caches a global `Last-Modified` date and updates it each time there is a request that is not `GET` or `HEAD`.
 * `Rack::LighttpdScriptNameFix` - Fixes how lighttpd sets the `SCRIPT_NAME` and `PATH_INFO` variables in certain configurations.
@@ -21,14 +20,13 @@ interface:
 * `Rack::MailExceptions` - Rescues exceptions raised from the app and sends a useful email with the exception, stacktrace, and contents of the environment.
 * `Rack::NestedParams` - parses form params with subscripts (e.g., * "`post[title]=Hello`") into a nested/recursive Hash structure (based on Rails' implementation).
 * `Rack::NotFound` - A default 404 application.
-* `Rack::PostBodyContentTypeParser` - Adds support for JSON request bodies. The Rack parameter hash is populated by deserializing the JSON data provided in the request body when the Content-Type is application/json.
+* `Rack::PostBodyContentTypeParser` - [Deprecated]: Adds support for JSON request bodies. The Rack parameter hash is populated by deserializing the JSON data provided in the request body when the Content-Type is application/json
 * `Rack::Printout` - Prints the environment and the response per request
 * `Rack::ProcTitle` - Displays request information in process title (`$0`) for monitoring/inspection with ps(1).
 * `Rack::Profiler` - Uses ruby-prof to measure request time.
 * `Rack::RelativeRedirect` - Transforms relative paths in redirects to absolute URLs.
-* `Rack::ResponseCache` - Caches responses to requests without query strings to Disk or a user provider Ruby object. Similar to Rails' page caching.
+* `Rack::ResponseCache` - Caches responses to requests without query strings to Disk or a user provided Ruby object. Similar to Rails' page caching.
 * `Rack::ResponseHeaders` - Manipulates response headers object at runtime
-* `Rack::Sendfile` - Enables `X-Sendfile` support for bodies that can be served from file.
 * `Rack::Signals` - Installs signal handlers that are safely processed after a request
 * `Rack::SimpleEndpoint` - Creates simple endpoints with routing rules, similar to Sinatra actions
 * `Rack::StaticCache` - Modifies the response headers to facilitiate client and proxy caching for static files that minimizes http requests and improves overall load times for second time visitors.
@@ -61,6 +59,17 @@ use Rack::MailExceptions
 run theapp
 ```
 
+#### Versioning
+
+This package is [semver compliant](https://semver.org); you should use a
+pessimistic version constraint (`~>`) against the relevant `2.x` version of
+this gem.
+
+This version of `rack-contrib` is only compatible with `rack` 2.x.  If you
+are using `rack` 1.x, you will need to use `rack-contrib` 1.x.  A suitable
+pessimistic version constraint (`~>`) is recommended.
+
+
 ### Testing
 
 To contribute to the project, begin by cloning the repo and installing the necessary gems:
@@ -93,8 +102,6 @@ guidelines in CONTRIBUTING.md.
 
 ### Links
 
-* rack-contrib on GitHub:: <http://github.com/rack/rack-contrib>
-* Rack:: <http://rack.rubyforge.org/>
-* Rack On GitHub:: <http://github.com/rack/rack>
-* rack-devel mailing list:: <http://groups.google.com/group/rack-devel>
-* [![Gitter](https://badges.gitter.im/Join Chat.svg)](https://gitter.im/rack/rack-contrib?utm_source=badge&utm_medium=badge&utm_campaign=pr-badge&utm_content=badge)
+* rack-contrib on GitHub:: <https://github.com/rack/rack-contrib>
+* Rack:: <https://rack.github.io/>
+* Rack On GitHub:: <https://github.com/rack/rack>

data/lib/rack/contrib.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 require 'rack'
 
 module Rack
@@ -14,7 +16,6 @@ module Rack
     end
   end
 
-  autoload :AcceptFormat,               "rack/contrib/accept_format"
   autoload :Access,                     "rack/contrib/access"
   autoload :BounceFavicon,              "rack/contrib/bounce_favicon"
   autoload :Cookies,                    "rack/contrib/cookies"
@@ -25,6 +26,7 @@ module Rack
   autoload :HostMeta,                   "rack/contrib/host_meta"
   autoload :GarbageCollector,           "rack/contrib/garbagecollector"
   autoload :JSONP,                      "rack/contrib/jsonp"
+  autoload :JSONBodyParser,             "rack/contrib/json_body_parser"
   autoload :LazyConditionalGet,         "rack/contrib/lazy_conditional_get"
   autoload :LighttpdScriptNameFix,      "rack/contrib/lighttpd_script_name_fix"
   autoload :Locale,                     "rack/contrib/locale"
@@ -33,8 +35,6 @@ module Rack
   autoload :ProcTitle,                  "rack/contrib/proctitle"
   autoload :Profiler,                   "rack/contrib/profiler"
   autoload :ResponseHeaders,            "rack/contrib/response_headers"
-  autoload :Runtime,                    "rack/contrib/runtime"
-  autoload :Sendfile,                   "rack/contrib/sendfile"
   autoload :Signals,                    "rack/contrib/signals"
   autoload :SimpleEndpoint,             "rack/contrib/simple_endpoint"
   autoload :TimeZone,                   "rack/contrib/time_zone"

data/lib/rack/contrib/access.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 require "ipaddr"
 
 module Rack
@@ -48,9 +50,9 @@ module Rack
     end
 
     def call(env)
-      @original_request = Request.new(env)
+      request = Request.new(env)
       ipmasks = ipmasks_for_path(env)
-      return forbidden! unless ip_authorized?(ipmasks)
+      return forbidden! unless ip_authorized?(request, ipmasks)
       status, headers, body = @app.call(env)
       [status, headers, body]
     end
@@ -73,11 +75,11 @@ module Rack
       [403, { 'Content-Type' => 'text/html', 'Content-Length' => '0' }, []]
     end
 
-    def ip_authorized?(ipmasks)
+    def ip_authorized?(request, ipmasks)
       return true if ipmasks.nil?
 
       ipmasks.any? do |ip_mask|
-        ip_mask.include?(IPAddr.new(@original_request.ip))
+        ip_mask.include?(IPAddr.new(request.ip))
       end
     end
 

data/lib/rack/contrib/backstage.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 module Rack
   class Backstage
     File = ::File
@@ -10,7 +12,7 @@ module Rack
     def call(env)
       if File.exists?(@file)
         content = File.read(@file)
-        length = "".respond_to?(:bytesize) ? content.bytesize.to_s : content.size.to_s
+        length = content.bytesize.to_s
         [503, {'Content-Type' => 'text/html', 'Content-Length' => length}, [content]]
       else
         @app.call(env)

data/lib/rack/contrib/bounce_favicon.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 module Rack
   # Bounce those annoying favicon.ico requests
   class BounceFavicon

data/lib/rack/contrib/callbacks.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 module Rack
   class Callbacks
     def initialize(&block)

data/lib/rack/contrib/common_cookies.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 module Rack
   # Rack middleware to use common cookies across domain and subdomains.
   class CommonCookies
@@ -10,21 +12,24 @@ module Rack
     end
 
     def call(env)
-      @app.call(env).tap do |(status, headers, response)|
-        @host = env['HTTP_HOST'].sub PORT, ''
-        share_cookie headers
-      end
+      status, headers, body = @app.call(env)
+      headers = Utils::HeaderHash.new(headers)
+
+      host = env['HTTP_HOST'].sub PORT, ''
+      share_cookie(headers, host)
+
+      [status, headers, body]
     end
 
     private
 
-    def domain
-      @host =~ DOMAIN_REGEXP
+    def domain(host)
+      host =~ DOMAIN_REGEXP
       ".#{$1}.#{$2}"
     end
 
-    def share_cookie(headers)
-      headers['Set-Cookie'] &&= common_cookie(headers) if @host !~ LOCALHOST_OR_IP_REGEXP
+    def share_cookie(headers, host)
+      headers['Set-Cookie'] &&= common_cookie(headers, host) if host !~ LOCALHOST_OR_IP_REGEXP
     end
 
     def cookie(headers)
@@ -32,8 +37,8 @@ module Rack
       cookies.is_a?(Array) ? cookies.join("\n") : cookies
     end
 
-    def common_cookie(headers)
-      cookie(headers).gsub(/; domain=[^;]*/, '').gsub(/$/, "; domain=#{domain}")
+    def common_cookie(headers, host)
+      cookie(headers).gsub(/; domain=[^;]*/, '').gsub(/$/, "; domain=#{domain(host)}")
     end
   end
-end
+end

data/lib/rack/contrib/config.rb

@@ -1,16 +1,4 @@
-module Rack
+# frozen_string_literal: true
 
-  # Rack::Config modifies the environment using the block given during
-  # initialization.
-  class Config
-    def initialize(app, &block)
-      @app = app
-      @block = block
-    end
-
-    def call(env)
-      @block.call(env)
-      @app.call(env)
-    end
-  end
-end
+require 'rack'
+require 'rack/config'

data/lib/rack/contrib/cookies.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 module Rack
   class Cookies
     class CookieJar < Hash

data/lib/rack/contrib/csshttprequest.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 require 'csshttprequest'
 
 module Rack
@@ -13,9 +15,12 @@ module Rack
     # the CSSHTTPRequest encoder
     def call(env)
       status, headers, response = @app.call(env)
+      headers = Utils::HeaderHash.new(headers)
+
       if chr_request?(env)
-        response = encode(response)
-        modify_headers!(headers, response)
+        encoded_response = encode(response)
+        modify_headers!(headers, encoded_response)
+        response = [encoded_response]
       end
       [status, headers, response]
     end
@@ -25,13 +30,12 @@ module Rack
         !(/\.chr$/.match(env['PATH_INFO'])).nil? || Rack::Request.new(env).params['_format'] == 'chr'
     end
 
-    def encode(response, assembled_body="")
-      response.each { |s| assembled_body << s.to_s } # call down the stack
-      return ::CSSHTTPRequest.encode(assembled_body)
+    def encode(body)
+      ::CSSHTTPRequest.encode(body.to_enum.to_a.join)
     end
 
     def modify_headers!(headers, encoded_response)
-      headers['Content-Length'] = encoded_response.length.to_s
+      headers['Content-Length'] = encoded_response.bytesize.to_s
       headers['Content-Type'] = 'text/css'
       nil
     end

data/lib/rack/contrib/deflect.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 require 'thread'
 
 # TODO: optional stats
@@ -67,10 +69,10 @@ module Rack
     end
 
     def deflect? env
-      @remote_addr = env['REMOTE_ADDR']
-      return false if options[:whitelist].include? @remote_addr
-      return true  if options[:blacklist].include? @remote_addr
-      sync { watch }
+      remote_addr = env['REMOTE_ADDR']
+      return false if options[:whitelist].include? remote_addr
+      return true  if options[:blacklist].include? remote_addr
+      sync { watch(remote_addr) }
     end
 
     def log message
@@ -82,55 +84,55 @@ module Rack
       @mutex.synchronize(&block)
     end
 
-    def map
-      @remote_addr_map[@remote_addr] ||= {
+    def map(remote_addr)
+      @remote_addr_map[remote_addr] ||= {
         :expires => Time.now + options[:interval],
         :requests => 0
       }
     end
 
-    def watch
-      increment_requests
-      clear! if watch_expired? and not blocked?
-      clear! if blocked? and block_expired?
-      block! if watching? and exceeded_request_threshold?
-      blocked?
+    def watch(remote_addr)
+      increment_requests(remote_addr)
+      clear!(remote_addr) if watch_expired?(remote_addr) and not blocked?(remote_addr)
+      clear!(remote_addr) if blocked?(remote_addr) and block_expired?(remote_addr)
+      block!(remote_addr) if watching?(remote_addr) and exceeded_request_threshold?(remote_addr)
+      blocked?(remote_addr)
     end
 
-    def block!
-      return if blocked?
-      log "blocked #{@remote_addr}"
-      map[:block_expires] = Time.now + options[:block_duration]
+    def block!(remote_addr)
+      return if blocked?(remote_addr)
+      log "blocked #{remote_addr}"
+      map(remote_addr)[:block_expires] = Time.now + options[:block_duration]
     end
 
-    def blocked?
-      map.has_key? :block_expires
+    def blocked?(remote_addr)
+      map(remote_addr).has_key? :block_expires
     end
 
-    def block_expired?
-      map[:block_expires] < Time.now rescue false
+    def block_expired?(remote_addr)
+      map(remote_addr)[:block_expires] < Time.now rescue false
     end
 
-    def watching?
-      @remote_addr_map.has_key? @remote_addr
+    def watching?(remote_addr)
+      @remote_addr_map.has_key? remote_addr
     end
 
-    def clear!
-      return unless watching?
-      log "released #{@remote_addr}" if blocked?
-      @remote_addr_map.delete @remote_addr
+    def clear!(remote_addr)
+      return unless watching?(remote_addr)
+      log "released #{remote_addr}" if blocked?(remote_addr)
+      @remote_addr_map.delete remote_addr
     end
 
-    def increment_requests
-      map[:requests] += 1
+    def increment_requests(remote_addr)
+      map(remote_addr)[:requests] += 1
     end
 
-    def exceeded_request_threshold?
-      map[:requests] > options[:request_threshold]
+    def exceeded_request_threshold?(remote_addr)
+      map(remote_addr)[:requests] > options[:request_threshold]
     end
 
-    def watch_expired?
-      map[:expires] <= Time.now
+    def watch_expired?(remote_addr)
+      map(remote_addr)[:expires] <= Time.now
     end
 
   end

data/lib/rack/contrib/enforce_valid_encoding.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 module Rack
   # Ensure that the path and query string presented to the application
   # contains only valid characters.  If the validation fails, then a

data/lib/rack/contrib/evil.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 module Rack
   class Evil
     # Lets you return a response to the client immediately from anywhere ( M V or C ) in the code.

data/lib/rack/contrib/expectation_cascade.rb

@@ -1,6 +1,8 @@
+# frozen_string_literal: true
+
 module Rack
   class ExpectationCascade
-    Expect = "Expect".freeze
+    Expect = "HTTP_EXPECT".freeze
     ContinueExpectation = "100-continue".freeze
 
     ExpectationFailed = [417, {"Content-Type" => "text/html"}, []].freeze

data/lib/rack/contrib/garbagecollector.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 module Rack
   # Forces garbage collection after each request.
   class GarbageCollector

data/lib/rack/contrib/host_meta.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 module Rack
 
   # Rack middleware implementing the IETF draft: "Host Metadata for the Web"

data/lib/rack/contrib/json_body_parser.rb

@@ -0,0 +1,85 @@
+# frozen_string_literal: true
+
+require 'json'
+
+module Rack
+  # A Rack middleware that makes JSON-encoded request bodies available in the
+  # request.params hash. By default it parses POST, PATCH, and PUT requests
+  # whose media type is <tt>application/json</tt>. You can configure it to match
+  # any verb or media type via the <tt>:verbs</tt> and <tt>:media</tt> options.
+  #
+  #
+  # == Examples:
+  #
+  # === Parse POST and GET requests only
+  #   use Rack::JSONBodyParser, verbs: ['POST', 'GET']
+  #
+  # === Parse POST|PATCH|PUT requests whose Content-Type matches 'json'
+  #   use Rack::JSONBodyParser, media: /json/
+  #
+  # === Parse POST requests whose Content-Type is 'application/json' or 'application/vnd+json'
+  #   use Rack::JSONBodyParser, verbs: ['POST'], media: ['application/json', 'application/vnd.api+json']
+  #
+  class JSONBodyParser
+    CONTENT_TYPE_MATCHERS = {
+      String => lambda { |option, header|
+        Rack::MediaType.type(header) == option
+      },
+      Array => lambda { |options, header|
+        media_type = Rack::MediaType.type(header)
+        options.any? { |opt| media_type == opt }
+      },
+      Regexp => lambda {
+        if //.respond_to?(:match?)
+          # Use Ruby's fast regex matcher when available
+          ->(option, header) { option.match? header }
+        else
+          # Fall back to the slower matcher for rubies older than 2.4
+          ->(option, header) { option.match header }
+        end
+      }.call(),
+    }.freeze
+
+    DEFAULT_PARSER = ->(body) { JSON.parse(body, create_additions: false) }
+
+    def initialize(
+      app,
+      verbs: %w[POST PATCH PUT],
+      media: 'application/json',
+      &block
+    )
+      @app = app
+      @verbs, @media = verbs, media
+      @matcher = CONTENT_TYPE_MATCHERS.fetch(@media.class)
+      @parser = block || DEFAULT_PARSER
+    end
+
+    def call(env)
+      begin
+        if @verbs.include?(env[Rack::REQUEST_METHOD]) &&
+           @matcher.call(@media, env['CONTENT_TYPE'])
+
+          update_form_hash_with_json_body(env)
+        end
+      rescue JSON::ParserError
+        body = { error: 'Failed to parse body as JSON' }.to_json
+        header = { 'Content-Type' => 'application/json' }
+        return Rack::Response.new(body, 400, header).finish
+      end
+      @app.call(env)
+    end
+
+    private
+
+    def update_form_hash_with_json_body(env)
+      body = env[Rack::RACK_INPUT]
+      return unless (body_content = body.read) && !body_content.empty?
+
+      body.rewind # somebody might try to read this stream
+      env.update(
+        Rack::RACK_REQUEST_FORM_HASH => @parser.call(body_content),
+        Rack::RACK_REQUEST_FORM_INPUT => body
+      )
+    end
+  end
+end