rack-contrib 0.9.0 → 0.9.2

data/README.rdoc

@@ -23,10 +23,26 @@ interface:
 * Rack::Profiler - Uses ruby-prof to measure request time.
 * Rack::Sendfile - Enables X-Sendfile support for bodies that can be served
   from file.
+* Rack::Signals - Installs signal handlers that are safely processed after
+  a request
 * Rack::TimeZone - Detects the clients timezone using JavaScript and sets
   a variable in Rack's environment with the offset from UTC.
 * Rack::Evil - Lets the rack application return a response to the client from any place.
 * Rack::Callbacks - Implements DLS for pure before/after filter like Middlewares.
+* Rack::Config - Shared configuration for cooperative middleware.
+* Rack::NotFound - A default 404 application.
+* Rack::CSSHTTPRequest - Adds CSSHTTPRequest support by encoding responses as
+  CSS for cross-site AJAX-style data loading
+* Rack::Deflect - Helps protect against DoS attacks.
+* Rack::ResponseCache - Caches responses to requests without query strings
+  to Disk or a user provider Ruby object. Similar to Rails' page caching.
+* Rack::RelativeRedirect - Transforms relative paths in redirects to
+  absolute URLs.
+* Rack::Backstage - Returns content of specified file if it exists, which makes
+  it convenient for putting up maintenance pages.
+* Rack::AcceptFormat - Adds a format extension at the end of the URI when there is none, corresponding to the mime-type given in the Accept HTTP header.
+* Rack::HostMeta - Configures /host-meta using a block
+* Rack::Cookies - Adds simple cookie jar hash to env
 
 === Use
 

data/Rakefile

@@ -10,11 +10,16 @@ task "RDOX" do
   sh "specrb -Ilib:test -a --rdox >RDOX"
 end
 
-desc "Run all the fast tests"
+desc "Run specs with test/unit style output"
 task :test do
   sh "specrb -Ilib:test -w #{ENV['TEST'] || '-a'} #{ENV['TESTOPTS']}"
 end
 
+desc "Run specs with specdoc style output"
+task :spec do
+  sh "specrb -Ilib:test -s -w #{ENV['TEST'] || '-a'} #{ENV['TESTOPTS']}"
+end
+
 desc "Run all the tests"
 task :fulltest do
   sh "specrb -Ilib:test -w #{ENV['TEST'] || '-a'} #{ENV['TESTOPTS']}"

data/lib/rack/contrib.rb

@@ -3,11 +3,15 @@ require 'rack'
 module Rack
   module Contrib
     def self.release
-      "0.9"
+      "0.9.1"
     end
   end
 
+  autoload :AcceptFormat,               "rack/contrib/accept_format"
   autoload :BounceFavicon,              "rack/contrib/bounce_favicon"
+  autoload :Cookies,                    "rack/contrib/cookies"
+  autoload :CSSHTTPRequest,             "rack/contrib/csshttprequest"
+  autoload :Deflect,                    "rack/contrib/deflect"
   autoload :ETag,                       "rack/contrib/etag"
   autoload :GarbageCollector,           "rack/contrib/garbagecollector"
   autoload :JSONP,                      "rack/contrib/jsonp"
@@ -18,8 +22,13 @@ module Rack
   autoload :ProcTitle,                  "rack/contrib/proctitle"
   autoload :Profiler,                   "rack/contrib/profiler"
   autoload :Sendfile,                   "rack/contrib/sendfile"
+  autoload :Signals,                    "rack/contrib/signals"
   autoload :TimeZone,                   "rack/contrib/time_zone"
   autoload :Evil,                       "rack/contrib/evil"
   autoload :Callbacks,                  "rack/contrib/callbacks"
   autoload :NestedParams,               "rack/contrib/nested_params"
+  autoload :Config,                     "rack/contrib/config"
+  autoload :NotFound,                   "rack/contrib/not_found"
+  autoload :ResponseCache,              "rack/contrib/response_cache"
+  autoload :RelativeRedirect,           "rack/contrib/relative_redirect"
 end

data/lib/rack/contrib/accept_format.rb

@@ -0,0 +1,46 @@
+module Rack
+  #
+  # A Rack middleware for automatically adding a <tt>format</tt> token at the end of the request path
+  # when there is none. It can detect formats passed in the HTTP_ACCEPT header to populate this token.
+  #
+  # e.g.:
+  #   GET /some/resource HTTP/1.1
+  #   Accept: application/json
+  # ->
+  #   GET /some/resource.json HTTP/1.1
+  #   Accept: application/json
+  #
+  # You can add custom types with this kind of function (taken from sinatra):
+  #   def mime(ext, type)
+  #     ext = ".#{ext}" unless ext.to_s[0] == ?.
+  #     Rack::Mime::MIME_TYPES[ext.to_s] = type
+  #   end
+  # and then:
+  #   mime :json, 'application/json'
+  #
+  # Note: it does not take into account multiple media types in the Accept header.
+  # The first media type takes precedence over all the others.
+  #
+  # MIT-License - Cyril Rohr
+  #
+  class AcceptFormat
+
+    def initialize(app, default_extention = '.html')
+      @ext = default_extention.to_s.strip
+      @ext = ".#{@ext}" unless @ext[0] == ?.
+      @app = app
+    end
+
+    def call(env)
+      req = Rack::Request.new(env)
+
+      if ::File.extname(req.path_info).empty?
+        accept = env['HTTP_ACCEPT'].to_s.scan(/[^;,\s]*\/[^;,\s]*/)[0].to_s
+        extension =  Rack::Mime::MIME_TYPES.invert[accept] || @ext
+        req.path_info = req.path_info+"#{extension}"
+      end
+
+      @app.call(env)
+    end
+  end
+end

data/lib/rack/contrib/backstage.rb

@@ -0,0 +1,20 @@
+module Rack
+  class Backstage
+    File = ::File
+
+    def initialize(app, path)
+      @app = app
+      @file = File.expand_path(path)
+    end
+
+    def call(env)
+      if File.exists?(@file)
+        content = File.read(@file)
+        length = "".respond_to?(:bytesize) ? content.bytesize.to_s : content.size.to_s
+        [503, {'Content-Type' => 'text/html', 'Content-Length' => length}, [content]]
+      else
+        @app.call(env)
+      end
+    end
+  end
+end

data/lib/rack/contrib/config.rb

@@ -0,0 +1,16 @@
+module Rack
+
+  # Rack::Config modifies the environment using the block given during
+  # initialization.
+  class Config
+    def initialize(app, &block)
+      @app = app
+      @block = block
+    end
+
+    def call(env)
+      @block.call(env)
+      @app.call(env)
+    end
+  end
+end

data/lib/rack/contrib/csshttprequest.rb

@@ -0,0 +1,39 @@
+require 'csshttprequest'
+
+module Rack
+
+  # A Rack middleware for providing CSSHTTPRequest responses.
+  class CSSHTTPRequest
+
+    def initialize(app)
+      @app = app
+    end
+
+    # Proxies the request to the application then encodes the response with
+    # the CSSHTTPRequest encoder
+    def call(env)
+      status, headers, response = @app.call(env)
+      if chr_request?(env)
+        response = encode(response)
+        modify_headers!(headers, response)
+      end
+      [status, headers, response]
+    end
+
+    def chr_request?(env)
+      env['csshttprequest.chr'] ||=
+        !(/\.chr$/.match(env['PATH_INFO'])).nil? || Rack::Request.new(env).params['_format'] == 'chr'
+    end
+
+    def encode(response, assembled_body="")
+      response.each { |s| assembled_body << s.to_s } # call down the stack
+      return ::CSSHTTPRequest.encode(assembled_body)
+    end
+
+    def modify_headers!(headers, encoded_response)
+      headers['Content-Length'] = encoded_response.length.to_s
+      headers['Content-Type'] = 'text/css'
+      nil
+    end
+  end
+end

data/lib/rack/contrib/deflect.rb

@@ -0,0 +1,137 @@
+require 'thread'
+
+# TODO: optional stats
+# TODO: performance
+# TODO: clean up tests
+
+module Rack
+
+  ##
+  # Rack middleware for protecting against Denial-of-service attacks
+  # http://en.wikipedia.org/wiki/Denial-of-service_attack.
+  #
+  # This middleware is designed for small deployments, which most likely
+  # are not utilizing load balancing from other software or hardware. Deflect
+  # current supports the following functionality:
+  #
+  # * Saturation prevention (small DoS attacks, or request abuse)
+  # * Blacklisting of remote addresses
+  # * Whitelisting of remote addresses
+  # * Logging
+  #
+  # === Options:
+  #
+  #   :log                When false logging will be bypassed, otherwise pass an object responding to #puts
+  #   :log_format         Alter the logging format
+  #   :log_date_format    Alter the logging date format
+  #   :request_threshold  Number of requests allowed within the set :interval. Defaults to 100
+  #   :interval           Duration in seconds until the request counter is reset. Defaults to 5
+  #   :block_duration     Duration in seconds that a remote address will be blocked. Defaults to 900 (15 minutes)
+  #   :whitelist          Array of remote addresses which bypass Deflect. NOTE: this does not block others
+  #   :blacklist          Array of remote addresses immediately considered malicious
+  #
+  # === Examples:
+  #
+  #  use Rack::Deflect, :log => $stdout, :request_threshold => 20, :interval => 2, :block_duration => 60
+  #
+  # CREDIT: TJ Holowaychuk <tj@vision-media.ca>
+  #
+
+  class Deflect
+
+    attr_reader :options
+
+    def initialize app, options = {}
+      @mutex = Mutex.new
+      @remote_addr_map = {}
+      @app, @options = app, {
+        :log => false,
+        :log_format => 'deflect(%s): %s',
+        :log_date_format => '%m/%d/%Y',
+        :request_threshold => 100,
+        :interval => 5,
+        :block_duration => 900,
+        :whitelist => [],
+        :blacklist => []
+      }.merge(options)
+    end
+
+    def call env
+      return deflect! if deflect? env
+      status, headers, body = @app.call env
+      [status, headers, body]
+    end
+
+    def deflect!
+      [403, { 'Content-Type' => 'text/html', 'Content-Length' => '0' }, '']
+    end
+
+    def deflect? env
+      @remote_addr = env['REMOTE_ADDR']
+      return false if options[:whitelist].include? @remote_addr
+      return true  if options[:blacklist].include? @remote_addr
+      sync { watch }
+    end
+
+    def log message
+      return unless options[:log]
+      options[:log].puts(options[:log_format] % [Time.now.strftime(options[:log_date_format]), message])
+    end
+
+    def sync &block
+      @mutex.synchronize(&block)
+    end
+
+    def map
+      @remote_addr_map[@remote_addr] ||= {
+        :expires => Time.now + options[:interval],
+        :requests => 0
+      }
+    end
+
+    def watch
+      increment_requests
+      clear! if watch_expired? and not blocked?
+      clear! if blocked? and block_expired?
+      block! if watching? and exceeded_request_threshold?
+      blocked?
+    end
+
+    def block!
+      return if blocked?
+      log "blocked #{@remote_addr}"
+      map[:block_expires] = Time.now + options[:block_duration]
+    end
+
+    def blocked?
+      map.has_key? :block_expires
+    end
+
+    def block_expired?
+      map[:block_expires] < Time.now rescue false
+    end
+
+    def watching?
+      @remote_addr_map.has_key? @remote_addr
+    end
+
+    def clear!
+      return unless watching?
+      log "released #{@remote_addr}" if blocked?
+      @remote_addr_map.delete @remote_addr
+    end
+
+    def increment_requests
+      map[:requests] += 1
+    end
+
+    def exceeded_request_threshold?
+      map[:requests] > options[:request_threshold]
+    end
+
+    def watch_expired?
+      map[:expires] <= Time.now
+    end
+
+  end
+end

data/lib/rack/contrib/jsonp.rb

@@ -1,38 +1,41 @@
 module Rack
-  
+
   # A Rack middleware for providing JSON-P support.
-  # 
+  #
   # Full credit to Flinn Mueller (http://actsasflinn.com/) for this contribution.
-  # 
+  #
   class JSONP
-    
+
     def initialize(app)
       @app = app
     end
-    
+
     # Proxies the request to the application, stripping out the JSON-P callback
     # method and padding the response with the appropriate callback format.
-    # 
+    #
     # Changes nothing if no <tt>callback</tt> param is specified.
-    # 
+    #
     def call(env)
       status, headers, response = @app.call(env)
       request = Rack::Request.new(env)
-      response = pad(request.params.delete('callback'), response) if request.params.include?('callback')
-      [status, headers, response]
+      if request.params.include?('callback')
+        response = pad(request.params.delete('callback'), response)
+        headers['Content-Length'] = response.length.to_s
+      end
+      [status, headers, [response]]
     end
-    
+
     # Pads the response with the appropriate callback format according to the
     # JSON-P spec/requirements.
-    # 
+    #
     # The Rack response spec indicates that it should be enumerable. The method
-    # of combining all of the data into a sinle string makes sense since JSON
+    # of combining all of the data into a single string makes sense since JSON
     # is returned as a full string.
-    # 
+    #
     def pad(callback, response, body = "")
-      response.each{ |s| body << s }
+      response.each{ |s| body << s.to_s }
       "#{callback}(#{body})"
     end
-    
+
   end
 end

data/lib/rack/contrib/not_found.rb

@@ -0,0 +1,18 @@
+module Rack
+  # Rack::NotFound is a default endpoint. Initialize with the path to
+  # your 404 page.
+
+  class NotFound
+    F = ::File
+
+    def initialize(path)
+      file = F.expand_path(path)
+      @content = F.read(file)
+      @length = @content.size.to_s
+    end
+
+    def call(env)
+      [404, {'Content-Type' => 'text/html', 'Content-Length' => @length}, [@content]]
+    end
+  end
+end

data/lib/rack/contrib/post_body_content_type_parser.rb

@@ -5,29 +5,29 @@ rescue LoadError => e
 end
 
 module Rack
-  
+
   # A Rack middleware for parsing POST/PUT body data when Content-Type is
   # not one of the standard supported types, like <tt>application/json</tt>.
-  # 
+  #
   # TODO: Find a better name.
-  # 
+  #
   class PostBodyContentTypeParser
-    
+
     # Constants
-    # 
+    #
     CONTENT_TYPE = 'CONTENT_TYPE'.freeze
     POST_BODY = 'rack.input'.freeze
     FORM_INPUT = 'rack.request.form_input'.freeze
     FORM_HASH = 'rack.request.form_hash'.freeze
-    
+
     # Supported Content-Types
-    # 
+    #
     APPLICATION_JSON = 'application/json'.freeze
-    
+
     def initialize(app)
       @app = app
     end
-    
+
     def call(env)
       case env[CONTENT_TYPE]
       when APPLICATION_JSON
@@ -35,6 +35,6 @@ module Rack
       end
       @app.call(env)
     end
-    
+
   end
 end