rack-rack-contrib 0.9.1

data/COPYING

@@ -0,0 +1,18 @@
+Copyright (c) 2008 The Committers
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to
+deal in the Software without restriction, including without limitation the
+rights to use, copy, modify, merge, publish, distribute, sublicense, and/or
+sell copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+THE AUTHORS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER 
+IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
+CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.rdoc

@@ -0,0 +1,74 @@
+= Contributed Rack Middleware and Utilities
+
+This package includes a variety of add-on components for Rack, a Ruby web server
+interface:
+
+* Rack::ETag - Automatically sets the ETag header on all String bodies.
+* Rack::JSONP - Adds JSON-P support by stripping out the callback param
+  and padding the response with the appropriate callback format.
+* Rack::LighttpdScriptNameFix - Fixes how lighttpd sets the SCRIPT_NAME
+  and PATH_INFO variables in certain configurations.
+* Rack::Locale - Detects the client locale using the Accept-Language request
+  header and sets a rack.locale variable in the environment.
+* Rack::MailExceptions - Rescues exceptions raised from the app and
+  sends a useful email with the exception, stacktrace, and contents of the
+  environment.
+* Rack::NestedParams - parses form params with subscripts (e.g., * "post[title]=Hello")
+  into a nested/recursive Hash structure (based on Rails' implementation).
+* Rack::PostBodyContentTypeParser - Adds support for JSON request bodies. The
+  Rack parameter hash is populated by deserializing the JSON data provided in
+  the request body when the Content-Type is application/json.
+* Rack::ProcTitle - Displays request information in process title ($0) for
+  monitoring/inspection with ps(1).
+* Rack::Profiler - Uses ruby-prof to measure request time.
+* Rack::Sendfile - Enables X-Sendfile support for bodies that can be served
+  from file.
+* Rack::Signals - Installs signal handlers that are safely processed after
+  a request
+* Rack::TimeZone - Detects the clients timezone using JavaScript and sets
+  a variable in Rack's environment with the offset from UTC.
+* Rack::Evil - Lets the rack application return a response to the client from any place.
+* Rack::Callbacks - Implements DLS for pure before/after filter like Middlewares.
+* Rack::Config - Shared configuration for cooperative middleware.
+* Rack::NotFound - A default 404 application.
+* Rack::CSSHTTPRequest - Adds CSSHTTPRequest support by encoding responses as
+  CSS for cross-site AJAX-style data loading
+* Rack::Deflect - Helps protect against DoS attacks.
+* Rack::ResponseCache - Caches responses to requests without query strings
+  to Disk or a user provider Ruby object. Similar to Rails' page caching.
+* Rack::RelativeRedirect - Transforms relative paths in redirects to
+  absolute URLs.
+* Rack::Backstage - Returns content of specified file if it exists, which makes
+  it convenient for putting up maintenance pages.
+* Rack::Format - Adds a format extension at the end of the URI when there is none, corresponding to the mime-type given in the Accept HTTP header.
+
+=== Use
+
+Git is the quickest way to the rack-contrib sources:
+
+  git clone git://github.com/rack/rack-contrib.git
+
+Gems are currently available from GitHub clones:
+
+  gem install rack-rack-contrib --source=http://gems.github.com/
+
+Requiring 'rack/contrib' will add autoloads to the Rack modules for all of the
+components included. The following example shows what a simple rackup
+(+config.ru+) file might look like:
+
+  require 'rack'
+  require 'rack/contrib'
+
+  use Rack::Profiler if ENV['RACK_ENV'] == 'development'
+
+  use Rack::ETag
+  use Rack::MailExceptions
+
+  run theapp
+
+=== Links
+
+rack-contrib on GitHub:: <http://github.com/rack/rack-contrib>
+Rack:: <http://rack.rubyforge.org/>
+Rack On GitHub:: <http://github.org/rack/rack>
+rack-devel mailing list:: <http://groups.google.com/group/rack-devel>

data/Rakefile

@@ -0,0 +1,97 @@
+# Rakefile for Rack::Contrib.  -*-ruby-*-
+require 'rake/rdoctask'
+require 'rake/testtask'
+
+desc "Run all the tests"
+task :default => [:test]
+
+desc "Generate RDox"
+task "RDOX" do
+  sh "specrb -Ilib:test -a --rdox >RDOX"
+end
+
+desc "Run specs with test/unit style output"
+task :test do
+  sh "specrb -Ilib:test -w #{ENV['TEST'] || '-a'} #{ENV['TESTOPTS']}"
+end
+
+desc "Run specs with specdoc style output"
+task :spec do
+  sh "specrb -Ilib:test -s -w #{ENV['TEST'] || '-a'} #{ENV['TESTOPTS']}"
+end
+
+desc "Run all the tests"
+task :fulltest do
+  sh "specrb -Ilib:test -w #{ENV['TEST'] || '-a'} #{ENV['TESTOPTS']}"
+end
+
+desc "Generate RDoc documentation"
+Rake::RDocTask.new(:rdoc) do |rdoc|
+  rdoc.options << '--line-numbers' << '--inline-source' <<
+    '--main' << 'README' <<
+    '--title' << 'Rack Contrib Documentation' <<
+    '--charset' << 'utf-8'
+  rdoc.rdoc_dir = "doc"
+  rdoc.rdoc_files.include 'README.rdoc'
+  rdoc.rdoc_files.include 'RDOX'
+  rdoc.rdoc_files.include('lib/rack/*.rb')
+  rdoc.rdoc_files.include('lib/rack/*/*.rb')
+end
+task :rdoc => ["RDOX"]
+
+
+# PACKAGING =================================================================
+
+# load gemspec like github's gem builder to surface any SAFE issues.
+require 'rubygems/specification'
+$spec = eval(File.read('rack-contrib.gemspec'))
+
+def package(ext='')
+  "pkg/rack-contrib-#{$spec.version}" + ext
+end
+
+desc 'Build packages'
+task :package => %w[.gem .tar.gz].map {|e| package(e)}
+
+desc 'Build and install as local gem'
+task :install => package('.gem') do
+  sh "gem install #{package('.gem')}"
+end
+
+directory 'pkg/'
+
+file package('.gem') => %w[pkg/ rack-contrib.gemspec] + $spec.files do |f|
+  sh "gem build rack-contrib.gemspec"
+  mv File.basename(f.name), f.name
+end
+
+file package('.tar.gz') => %w[pkg/] + $spec.files do |f|
+  sh "git archive --format=tar HEAD | gzip > #{f.name}"
+end
+
+desc 'Publish gem and tarball to rubyforge'
+task 'publish:gem' => [package('.gem'), package('.tar.gz')] do |t|
+  sh <<-end
+    rubyforge add_release rack rack-contrib #{$spec.version} #{package('.gem')} &&
+    rubyforge add_file    rack rack-contrib #{$spec.version} #{package('.tar.gz')}
+  end
+end
+
+# GEMSPEC ===================================================================
+
+file 'rack-contrib.gemspec' => FileList['{lib,test}/**','Rakefile', 'README.rdoc'] do |f|
+  # read spec file and split out manifest section
+  spec = File.read(f.name)
+  parts = spec.split("  # = MANIFEST =\n")
+  fail 'bad spec' if parts.length != 3
+  # determine file list from git ls-files
+  files = `git ls-files`.
+    split("\n").sort.reject{ |file| file =~ /^\./ }.
+    map{ |file| "    #{file}" }.join("\n")
+  # piece file back together and write...
+  parts[1] = "  s.files = %w[\n#{files}\n  ]\n"
+  spec = parts.join("  # = MANIFEST =\n")
+  spec.sub!(/s.date = '.*'/, "s.date = '#{Time.now.strftime("%Y-%m-%d")}'")
+  File.open(f.name, 'w') { |io| io.write(spec) }
+  puts "updated #{f.name}"
+end

data/lib/rack/contrib.rb

@@ -0,0 +1,32 @@
+require 'rack'
+
+module Rack
+  module Contrib
+    def self.release
+      "0.9.1"
+    end
+  end
+
+  autoload :BounceFavicon,              "rack/contrib/bounce_favicon"
+  autoload :CSSHTTPRequest,             "rack/contrib/csshttprequest"
+  autoload :Deflect,                    "rack/contrib/deflect"
+  autoload :ETag,                       "rack/contrib/etag"
+  autoload :GarbageCollector,           "rack/contrib/garbagecollector"
+  autoload :JSONP,                      "rack/contrib/jsonp"
+  autoload :LighttpdScriptNameFix,      "rack/contrib/lighttpd_script_name_fix"
+  autoload :Locale,                     "rack/contrib/locale"
+  autoload :MailExceptions,             "rack/contrib/mailexceptions"
+  autoload :PostBodyContentTypeParser,  "rack/contrib/post_body_content_type_parser"
+  autoload :ProcTitle,                  "rack/contrib/proctitle"
+  autoload :Profiler,                   "rack/contrib/profiler"
+  autoload :Sendfile,                   "rack/contrib/sendfile"
+  autoload :Signals,                    "rack/contrib/signals"
+  autoload :TimeZone,                   "rack/contrib/time_zone"
+  autoload :Evil,                       "rack/contrib/evil"
+  autoload :Callbacks,                  "rack/contrib/callbacks"
+  autoload :NestedParams,               "rack/contrib/nested_params"
+  autoload :Config,                     "rack/contrib/config"
+  autoload :NotFound,                   "rack/contrib/not_found"
+  autoload :ResponseCache,              "rack/contrib/response_cache"
+  autoload :RelativeRedirect,           "rack/contrib/relative_redirect"
+end

data/lib/rack/contrib/accept_format.rb

@@ -0,0 +1,44 @@
+module Rack
+  #
+  # A Rack middleware for automatically adding a <tt>format</tt> token at the end of the request path
+  # when there is none. It can detect formats passed in the HTTP_ACCEPT header to populate this token.
+  #
+  # e.g.:
+  #   GET /some/resource HTTP/1.1
+  #   Accept: application/json
+  # ->
+  #   GET /some/resource.json HTTP/1.1
+  #   Accept: application/json
+  #
+  # You can add custom types with this kind of function (taken from sinatra):
+  #   def mime(ext, type)
+  #     ext = ".#{ext}" unless ext.to_s[0] == ?.
+  #     Rack::Mime::MIME_TYPES[ext.to_s] = type
+  #   end
+  # and then:
+  #   mime :json, 'application/json'
+  #
+  # Note: it does not take into account multiple media types in the Accept header.
+  # The first media type takes precedence over all the others.
+  #
+  # MIT-License - Cyril Rohr
+  #
+  class AcceptFormat
+    # Constants
+    DEFAULT_EXTENSION = ".html"
+
+    def initialize(app)
+      @app = app
+    end
+
+    def call(env)
+      req = Rack::Request.new(env)
+      unless req.path_info =~ /(.*)\.(.+)/
+        accept = env['HTTP_ACCEPT'].scan(/[^;,\s]*\/[^;,\s]*/)[0] rescue ""
+        extension =  Rack::Mime::MIME_TYPES.invert[accept] || DEFAULT_EXTENSION
+        req.path_info = req.path_info+"#{extension}"
+      end
+      @app.call(env)
+    end
+  end
+end

data/lib/rack/contrib/backstage.rb

@@ -0,0 +1,20 @@
+module Rack
+  class Backstage
+    File = ::File
+
+    def initialize(app, path)
+      @app = app
+      @file = File.expand_path(path)
+    end
+
+    def call(env)
+      if File.exists?(@file)
+        content = File.read(@file)
+        length = "".respond_to?(:bytesize) ? content.bytesize.to_s : content.size.to_s
+        [503, {'Content-Type' => 'text/html', 'Content-Length' => length}, [content]]
+      else
+        @app.call(env)
+      end
+    end
+  end
+end

data/lib/rack/contrib/bounce_favicon.rb

@@ -0,0 +1,16 @@
+module Rack
+  # Bounce those annoying favicon.ico requests
+  class BounceFavicon
+    def initialize(app)
+      @app = app
+    end
+
+    def call(env)
+      if env["PATH_INFO"] == "/favicon.ico"
+        [404, {"Content-Type" => "text/html", "Content-Length" => "0"}, []]
+      else
+        @app.call(env)
+      end
+    end
+  end
+end

data/lib/rack/contrib/callbacks.rb

@@ -0,0 +1,37 @@
+module Rack
+  class Callbacks
+    def initialize(&block)
+      @before = []
+      @after  = []
+      instance_eval(&block) if block_given?
+    end
+
+    def before(middleware, *args, &block)
+      if block_given?
+        @before << middleware.new(*args, &block)
+      else
+        @before << middleware.new(*args)
+      end
+    end
+
+    def after(middleware, *args, &block)
+      if block_given?
+        @after << middleware.new(*args, &block)
+      else
+        @after << middleware.new(*args)
+      end
+    end
+
+    def run(app)
+      @app = app
+    end
+
+    def call(env)
+      @before.each {|c| c.call(env) }
+
+      response = @app.call(env)
+
+      @after.inject(response) {|r, c| c.call(r) }
+    end
+  end
+end

data/lib/rack/contrib/config.rb

@@ -0,0 +1,16 @@
+module Rack
+
+  # Rack::Config modifies the environment using the block given during
+  # initialization.
+  class Config
+    def initialize(app, &block)
+      @app = app
+      @block = block
+    end
+
+    def call(env)
+      @block.call(env)
+      @app.call(env)
+    end
+  end
+end

data/lib/rack/contrib/csshttprequest.rb

@@ -0,0 +1,39 @@
+require 'csshttprequest'
+
+module Rack
+
+  # A Rack middleware for providing CSSHTTPRequest responses.
+  class CSSHTTPRequest
+
+    def initialize(app)
+      @app = app
+    end
+
+    # Proxies the request to the application then encodes the response with
+    # the CSSHTTPRequest encoder
+    def call(env)
+      status, headers, response = @app.call(env)
+      if chr_request?(env)
+        response = encode(response)
+        modify_headers!(headers, response)
+      end
+      [status, headers, response]
+    end
+
+    def chr_request?(env)
+      env['csshttprequest.chr'] ||=
+        !(/\.chr$/.match(env['PATH_INFO'])).nil? || Rack::Request.new(env).params['_format'] == 'chr'
+    end
+
+    def encode(response, assembled_body="")
+      response.each { |s| assembled_body << s } # call down the stack
+      return ::CSSHTTPRequest.encode(assembled_body)
+    end
+
+    def modify_headers!(headers, encoded_response)
+      headers['Content-Length'] = encoded_response.length.to_s
+      headers['Content-Type'] = 'text/css'
+      nil
+    end
+  end
+end

data/lib/rack/contrib/deflect.rb

@@ -0,0 +1,137 @@
+require 'thread'
+
+# TODO: optional stats
+# TODO: performance
+# TODO: clean up tests
+
+module Rack
+
+  ##
+  # Rack middleware for protecting against Denial-of-service attacks
+  # http://en.wikipedia.org/wiki/Denial-of-service_attack.
+  #
+  # This middleware is designed for small deployments, which most likely
+  # are not utilizing load balancing from other software or hardware. Deflect
+  # current supports the following functionality:
+  #
+  # * Saturation prevention (small DoS attacks, or request abuse)
+  # * Blacklisting of remote addresses
+  # * Whitelisting of remote addresses
+  # * Logging
+  #
+  # === Options:
+  #
+  #   :log                When false logging will be bypassed, otherwise pass an object responding to #puts
+  #   :log_format         Alter the logging format
+  #   :log_date_format    Alter the logging date format
+  #   :request_threshold  Number of requests allowed within the set :interval. Defaults to 100
+  #   :interval           Duration in seconds until the request counter is reset. Defaults to 5
+  #   :block_duration     Duration in seconds that a remote address will be blocked. Defaults to 900 (15 minutes)
+  #   :whitelist          Array of remote addresses which bypass Deflect. NOTE: this does not block others
+  #   :blacklist          Array of remote addresses immediately considered malicious
+  #
+  # === Examples:
+  #
+  #  use Rack::Deflect, :log => $stdout, :request_threshold => 20, :interval => 2, :block_duration => 60
+  #
+  # CREDIT: TJ Holowaychuk <tj@vision-media.ca>
+  #
+
+  class Deflect
+
+    attr_reader :options
+
+    def initialize app, options = {}
+      @mutex = Mutex.new
+      @remote_addr_map = {}
+      @app, @options = app, {
+        :log => false,
+        :log_format => 'deflect(%s): %s',
+        :log_date_format => '%m/%d/%Y',
+        :request_threshold => 100,
+        :interval => 5,
+        :block_duration => 900,
+        :whitelist => [],
+        :blacklist => []
+      }.merge(options)
+    end
+
+    def call env
+      return deflect! if deflect? env
+      status, headers, body = @app.call env
+      [status, headers, body]
+    end
+
+    def deflect!
+      [403, { 'Content-Type' => 'text/html', 'Content-Length' => '0' }, '']
+    end
+
+    def deflect? env
+      @remote_addr = env['REMOTE_ADDR']
+      return false if options[:whitelist].include? @remote_addr
+      return true  if options[:blacklist].include? @remote_addr
+      sync { watch }
+    end
+
+    def log message
+      return unless options[:log]
+      options[:log].puts(options[:log_format] % [Time.now.strftime(options[:log_date_format]), message])
+    end
+
+    def sync &block
+      @mutex.synchronize(&block)
+    end
+
+    def map
+      @remote_addr_map[@remote_addr] ||= {
+        :expires => Time.now + options[:interval],
+        :requests => 0
+      }
+    end
+
+    def watch
+      increment_requests
+      clear! if watch_expired? and not blocked?
+      clear! if blocked? and block_expired?
+      block! if watching? and exceeded_request_threshold?
+      blocked?
+    end
+
+    def block!
+      return if blocked?
+      log "blocked #{@remote_addr}"
+      map[:block_expires] = Time.now + options[:block_duration]
+    end
+
+    def blocked?
+      map.has_key? :block_expires
+    end
+
+    def block_expired?
+      map[:block_expires] < Time.now rescue false
+    end
+
+    def watching?
+      @remote_addr_map.has_key? @remote_addr
+    end
+
+    def clear!
+      return unless watching?
+      log "released #{@remote_addr}" if blocked?
+      @remote_addr_map.delete @remote_addr
+    end
+
+    def increment_requests
+      map[:requests] += 1
+    end
+
+    def exceeded_request_threshold?
+      map[:requests] > options[:request_threshold]
+    end
+
+    def watch_expired?
+      map[:expires] <= Time.now
+    end
+
+  end
+end