rack-steady_etag 0.1.1 → 0.2.2

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: bbaf5489b11a9fe181a1f92469ebaebafaa41bb11d911f8fb0f0ee0589fb7f15
-  data.tar.gz: ff4685ce1f6215217bfadeb9cd3d02fc750b84b9aa74b1d2deb6186c8ed7da89
+  metadata.gz: 8caa8d352b72433a6659f50b6c9216cf03b265b19016134fa259719d24c46b4e
+  data.tar.gz: 74f01fc86755933b87361615bd6cb62568e44bfa404565261c0c180dcd5b399c
 SHA512:
-  metadata.gz: 4004ed7d3b297299c3bfb343c15053548957afe60835804e087a71cf6b94558ef3dfbdb41918d54034b8fd5a464142fe137ef9a535f5f28a3ddcc9e3330c95c2
-  data.tar.gz: ec21028482dc4c0da1a4534d0c322ab012a21b988df7ffda07764f7cb66063c0606b4656707149307ac94ea8c301c27e20fce4e7d71ac88093f75a1c36f7d3de
+  metadata.gz: 3cbd8de00297924f758d0c32151d17991fe8e235d943969544cdad632f50cca43eba12ef133c1a7690d91def4d8f997ab48535417457f62c8cb9d36a07a7e9d9
+  data.tar.gz: c2df595d03a3e3f46b2be21f4da14f76460556a0b8e6628959d7156d1a5285c79eb9c1a45415ad343904ed388c4645320ddc94a2422184727798d4b432eecd2e

data/CHANGELOG.md

@@ -5,13 +5,22 @@ This project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.html
 
 ## Unreleased
 
-### Breaking changes
+## 0.2.2 - 2022-05-12
 
-### Compatible changes
+- Don't raise an error when processing binary content.
 
-## 0.1.1 - 2022-05-16
+## 0.2.1 - 2022-05-12
+
+- Only strip patterns for HTML and XHTML responses.
+
+## 0.2.0 - 2022-05-12
 
-### Compatible changes
+- Be more compatible with Rack 2.2.3:
+  - Always set a `Cache-Control` header, even for responses that we don't try to digest.
+- Strip patterns for responses with `Cache-Control: public`
+- Requires Rack 2.x (we want to break with Rack 3)
+
+## 0.1.1 - 2022-05-16
 
 - Activate rubygems MFA
 

data/Gemfile.lock

@@ -1,25 +1,24 @@
 PATH
   remote: .
   specs:
-    rack-steady_etag (0.1.1)
+    rack-steady_etag (0.2.2)
       activesupport (>= 3.2)
-      rack
+      rack (~> 2.0)
 
 GEM
   remote: https://rubygems.org/
   specs:
-    activesupport (6.1.4.1)
+    activesupport (7.0.1)
       concurrent-ruby (~> 1.0, >= 1.0.2)
       i18n (>= 1.6, < 2)
       minitest (>= 5.1)
       tzinfo (~> 2.0)
-      zeitwerk (~> 2.3)
     byebug (11.1.3)
-    concurrent-ruby (1.1.9)
+    concurrent-ruby (1.1.10)
     diff-lcs (1.4.4)
-    i18n (1.8.11)
+    i18n (1.10.0)
       concurrent-ruby (~> 1.0)
-    minitest (5.14.4)
+    minitest (5.15.0)
     rack (2.2.3)
     rake (13.0.6)
     rspec (3.10.0)
@@ -37,7 +36,6 @@ GEM
     rspec-support (3.10.3)
     tzinfo (2.0.4)
       concurrent-ruby (~> 1.0)
-    zeitwerk (2.5.1)
 
 PLATFORMS
   x86_64-linux

data/README.md

@@ -20,17 +20,29 @@ By default Rails uses [`Rack::ETag`](https://rdoc.info/github/rack/rack/Rack/ETa
 You can add your own patterns:
 
 ```ruby
-Rack::SteadyETag::IGNORED_PATTERNS << /<meta name="XSRF-TOKEN" value="[^"]+">/
+Rack::SteadyETag::STRIP_PATTERNS << /<meta name="XSRF-TOKEN" value="[^"]+">/
 ```
 
 You can also push lambda for arbitrary transformations:
 
 ```ruby
-Rack::SteadyETag::IGNORED_PATTERNS << -> { |text| text.gsub(/<meta name="XSRF-TOKEN" value="[^"]+">/, '') }
+Rack::SteadyETag::STRIP_PATTERNS << -> { |text| text.gsub(/<meta name="XSRF-TOKEN" value="[^"]+">/, '') }
 ```
 
 Transformations are only applied for the `ETag` hash. The response body will not be changed.
 
+## What responses are processed
+
+This middleware will process responses that match all of the following: 
+
+- Responses with a HTTP status of 200 or 201.
+- Responses with a `Content-Type` of `text/html` or `application/xhtml+xml`.
+- Responses with a body. 
+
+Responses should also have an UTF-8 encoding (not checked by the middleware).
+
+This middleware can also add a default `Cache-Control` header for responses it *didn't* process. This is passed as an argument during middleware initialization (see *Installation* below). 
+
 ## Covered edge cases
 
 - Different `ETags` are generated when the same content is accessed with different Rack sessions.
@@ -39,7 +51,7 @@ Transformations are only applied for the `ETag` hash. The response body will not
 - No `ETag` is generated when the response already has an `Last-Modified` header.
 
 
-## Installation
+## Installation in Rails
 
 Add this line to your application's Gemfile:
 
@@ -56,9 +68,11 @@ bundle install
 In your `config/application.rb`:
 
 ```ruby
-config.middleware.swap Rack::ETag, Rack::SteadyETag
+config.middleware.swap Rack::ETag, Rack::SteadyETag, 'no-cache'
 ```
 
+The `'no-cache'` argument is the default `Cache-Control` for responses that cannot be digested. While it may feel surprising that the middleware changes the `Cache-Control` header in such a case, the [Rails default middleware stack](https://github.com/rails/rails/blob/d96609505511a76c618dc3adfa3ca4679317d008/railties/lib/rails/application/default_middleware_stack.rb#L81) configures the same behavior.
+
 
 ## Development
 

data/lib/rack/steady_etag/version.rb

@@ -2,6 +2,6 @@
 
 module Rack
   class SteadyEtag
-    VERSION = "0.1.1"
+    VERSION = "0.2.2"
   end
 end

data/lib/rack/steady_etag.rb

@@ -6,8 +6,8 @@ require_relative "steady_etag/version"
 
 module Rack
 
-  # Based on Rack::Etag
-  # https://github.com/rack/rack/blob/master/lib/rack/etag.rb
+  # Based on Rack::Etag from rack 2.2.3
+  # https://github.com/rack/rack/blob/v2.2.3/lib/rack/etag.rb
   #
   # Automatically sets the ETag header on all String bodies.
   #
@@ -15,20 +15,30 @@ module Rack
   # a sendfile body (body.responds_to :to_path) is given (since such cases
   # should be handled by apache/nginx).
   class SteadyETag
+
+    # Yes, Rack::ETag sets a default Cache-Control for responses that it can digest.
     DEFAULT_CACHE_CONTROL = "max-age=0, private, must-revalidate"
 
-    IGNORE_PATTERNS = [
+    STRIP_PATTERNS = [
       /<meta\b[^>]*\bname=(["'])csrf-token\1[^>]+>/i,
       /<meta\b[^>]*\bname=(["'])csp-nonce\1[^>]+>/i,
       /<input\b[^>]*\bname=(["'])authenticity_token\1[^>]+>/i,
       lambda { |string| string.gsub(/(<script\b[^>]*)\bnonce=(["'])[^"']+\2+/i, '\1') }
     ]
 
-    def initialize(app, no_digest_cache_control: nil, digest_cache_control: DEFAULT_CACHE_CONTROL, ignore_patterns: IGNORE_PATTERNS.dup)
+    STRIP_CONTENT_TYPES = %w[
+      text/html
+      application/xhtml+xml
+    ]
+
+    def initialize(app, no_digest_cache_control = nil, digest_cache_control = DEFAULT_CACHE_CONTROL)
       @app = app
+
       @digest_cache_control = digest_cache_control
+
+      # Rails sets a default `Cache-Control: no-cache` for responses that we cannot digest.
+      # See https://github.com/rails/rails/blob/d96609505511a76c618dc3adfa3ca4679317d008/railties/lib/rails/application/default_middleware_stack.rb#L81
       @no_digest_cache_control = no_digest_cache_control
-      @ignore_patterns = ignore_patterns
     end
 
     def call(env)
@@ -45,6 +55,18 @@ module Rack
         headers[ETAG] = %(W/"#{digest}") if digest
       end
 
+      # It would make more sense to only set a Cache-Control for responses that we process.
+      # However, the original Rack::ETag sets Cache-Control: @no_digest_cache_control
+      # for all responses, even responses that we don't otherwise modify.
+      # Hence if we move this code into the `if` above we would remove Rails' default
+      # Cache-Control headers for non-digestable responses, which would be a considerable
+      # change in behavior.
+      if digest
+        set_cache_control_with_digest(headers)
+      else
+        set_cache_control_without_digest(headers)
+      end
+
       [status, headers, body]
     end
 
@@ -63,6 +85,9 @@ module Rack
     end
 
     def etag_body?(body)
+      # Rack main branch checks for `:to_ary` here to exclude streaming responses,
+      # but that had other issues for me in testing. Maybe recheck when there is a
+      # new Rack release after 2.2.3.
       !body.respond_to?(:to_path)
     end
 
@@ -70,51 +95,48 @@ module Rack
       headers.key?(ETAG) || headers.key?('Last-Modified')
     end
 
-    def cache_control_private?(headers)
-      headers[CACHE_CONTROL] && headers[CACHE_CONTROL] =~ /\bprivate\b/
-    end
-
     def digest_body(body, headers, session)
       parts = []
       digest = nil
 
+      strippable_response = STRIP_CONTENT_TYPES.include?(headers['Content-Type'])
+
       body.each do |part|
         parts << part
 
-        if part.present?
-          set_cache_control_with_digest(headers)
-
-          if cache_control_private?(headers)
-            part = strip_ignore_patterns(part)
-          end
-
-          unless digest
-            digest = Digest::SHA256.new
-
-            if session && (session_id = session['session_id'])
-              digest << session_id.to_s
-            end
-          end
-
+        # Note that `part` can be a string with binary data here.
+        # It's important to check emptiness with #empty? instead of #blank?, since #blank?
+        # internally calls String#match? and that explodes if the string is not valid UTF-8.
+        unless part.empty?
+          digest ||= initialize_digest(session)
+          part = strip_patterns(part) if strippable_response
           digest << part
         end
       end
 
       if digest
         digest = digest.hexdigest.byteslice(0,32)
-      else
-        set_cache_control_without_digest(headers)
       end
 
       [digest, parts]
     end
 
-    def strip_ignore_patterns(html)
-      @ignore_patterns.each do |ignore_pattern|
-        if ignore_pattern.respond_to?(:call)
-          html = ignore_pattern.call(html)
+    def initialize_digest(session)
+      digest = Digest::SHA256.new
+
+      if session && (session_id = session['session_id'])
+        digest << session_id.to_s
+      end
+
+      digest
+    end
+
+    def strip_patterns(html)
+      STRIP_PATTERNS.each do |pattern|
+        if pattern.respond_to?(:call)
+          html = pattern.call(html)
         else
-          html = html.gsub(ignore_pattern, '')
+          html = html.gsub(pattern, '')
         end
       end
       html

data/rack-steady_etag.gemspec

@@ -31,10 +31,10 @@ Gem::Specification.new do |spec|
   spec.executables = spec.files.grep(%r{\Aexe/}) { |f| File.basename(f) }
   spec.require_paths = ["lib"]
 
-  # Uncomment to register a new dependency of your gem
-  spec.add_dependency "rack"
-  spec.add_dependency 'activesupport', '>= 3.2'
+  # I expect Rack 3 to have a new ETag middleware to no longer buffer
+  # streaming responses: https://github.com/rack/rack/issues/1619
+  # Once Rack 3 is out we should release a new version of this gem.
+  spec.add_dependency "rack", '~>2.0'
 
-  # For more information and examples about making a new gem, checkout our
-  # guide at: https://bundler.io/guides/creating_gem.html
+  spec.add_dependency 'activesupport', '>= 3.2'
 end

metadata

@@ -1,29 +1,29 @@
 --- !ruby/object:Gem::Specification
 name: rack-steady_etag
 version: !ruby/object:Gem::Version
-  version: 0.1.1
+  version: 0.2.2
 platform: ruby
 authors:
 - Henning Koch
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2022-03-16 00:00:00.000000000 Z
+date: 2022-05-12 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rack
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: '0'
+        version: '2.0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: '0'
+        version: '2.0'
 - !ruby/object:Gem::Dependency
   name: activesupport
   requirement: !ruby/object:Gem::Requirement
@@ -83,7 +83,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.1.4
+rubygems_version: 3.2.6
 signing_key: 
 specification_version: 4
 summary: Rack Middleware that produces the same ETag for responses that only differ