rack-steady_etag 0.2.0 → 0.2.3

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 4e9c4ec38a103ceb321da1a48a78a09872e7d47875fbd0fa1e15814116f79e64
-  data.tar.gz: cb4abb1d12ac1c2a06427f7e6f63de34c4d8b99c56248287470f2c4aa3be655a
+  metadata.gz: '028b0d0f93545fddbfef80b9154a815c230d200f052d352645e00e8d1a147379'
+  data.tar.gz: 1c1851fbdb760066488caf9baadb3dae9682d20f149dbb34c95c2502e8781e34
 SHA512:
-  metadata.gz: ab95c964994e61c962903a4a395be6715bc2a8d69e1cb66f0eb19371c4691972ff8d2cd76d8740129715652d515f0f0704238afbae5e30be9527065e0b127d59
-  data.tar.gz: f10b144400e01f9587e51f7f20330cb8a3d14381c4183ecfa84f9180d301b01986eeb1df3b1f498115eabab2161763106e8dde26c96e3ce9fc031eb94c56016e
+  metadata.gz: 6a35c285174946b4c3c7116eb270fc03ed0ef60722c5b13801690ee89e516688b7135088eca05825a58e8893c9d1ba12de25edc3900591aa8f6d51d2f1c972b7
+  data.tar.gz: 2dd6b70d8fff2818a9da44437d8dd79b8feeb242cf27fc9edde6d94db11b662ed9f52af32e8f8e49979683371e622d48785779a417163ee8df22e97ae3fc59bf

data/CHANGELOG.md

@@ -5,9 +5,21 @@ This project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.html
 
 ## Unreleased
 
+## 0.2.3 - 2022-05-12
+
+- Don't depend on `byebug` being in the user bundle.
+
+## 0.2.2 - 2022-05-12
+
+- Don't raise an error when processing binary content.
+
+## 0.2.1 - 2022-05-12
+
+- Only strip patterns for HTML and XHTML responses.
+
 ## 0.2.0 - 2022-05-12
 
-- Be more compatible with Rack 2.2.2:
+- Be more compatible with Rack 2.2.3:
   - Always set a `Cache-Control` header, even for responses that we don't try to digest.
 - Strip patterns for responses with `Cache-Control: public`
 - Requires Rack 2.x (we want to break with Rack 3)

data/Gemfile.lock

@@ -1,7 +1,7 @@
 PATH
   remote: .
   specs:
-    rack-steady_etag (0.2.0)
+    rack-steady_etag (0.2.3)
       activesupport (>= 3.2)
       rack (~> 2.0)
 
@@ -14,9 +14,9 @@ GEM
       minitest (>= 5.1)
       tzinfo (~> 2.0)
     byebug (11.1.3)
-    concurrent-ruby (1.1.9)
+    concurrent-ruby (1.1.10)
     diff-lcs (1.4.4)
-    i18n (1.8.11)
+    i18n (1.10.0)
       concurrent-ruby (~> 1.0)
     minitest (5.15.0)
     rack (2.2.3)

data/README.md

@@ -20,17 +20,29 @@ By default Rails uses [`Rack::ETag`](https://rdoc.info/github/rack/rack/Rack/ETa
 You can add your own patterns:
 
 ```ruby
-Rack::SteadyETag::IGNORED_PATTERNS << /<meta name="XSRF-TOKEN" value="[^"]+">/
+Rack::SteadyETag::STRIP_PATTERNS << /<meta name="XSRF-TOKEN" value="[^"]+">/
 ```
 
 You can also push lambda for arbitrary transformations:
 
 ```ruby
-Rack::SteadyETag::IGNORED_PATTERNS << -> { |text| text.gsub(/<meta name="XSRF-TOKEN" value="[^"]+">/, '') }
+Rack::SteadyETag::STRIP_PATTERNS << -> { |text| text.gsub(/<meta name="XSRF-TOKEN" value="[^"]+">/, '') }
 ```
 
 Transformations are only applied for the `ETag` hash. The response body will not be changed.
 
+## What responses are processed
+
+This middleware will process responses that match all of the following: 
+
+- Responses with a HTTP status of 200 or 201.
+- Responses with a `Content-Type` of `text/html` or `application/xhtml+xml`.
+- Responses with a body. 
+
+Responses should also have an UTF-8 encoding (not checked by the middleware).
+
+This middleware can also add a default `Cache-Control` header for responses it *didn't* process. This is passed as an argument during middleware initialization (see *Installation* below). 
+
 ## Covered edge cases
 
 - Different `ETags` are generated when the same content is accessed with different Rack sessions.

data/lib/rack/steady_etag/version.rb

@@ -2,6 +2,6 @@
 
 module Rack
   class SteadyEtag
-    VERSION = "0.2.0"
+    VERSION = "0.2.3"
   end
 end

data/lib/rack/steady_etag.rb

@@ -1,4 +1,3 @@
-require 'byebug'
 require 'digest/sha2'
 require "active_support/all"
 require_relative "steady_etag"
@@ -6,8 +5,8 @@ require_relative "steady_etag/version"
 
 module Rack
 
-  # Based on Rack::Etag from rack 2.2.2
-  # https://github.com/rack/rack/blob/v2.2.2/lib/rack/etag.rb
+  # Based on Rack::Etag from rack 2.2.3
+  # https://github.com/rack/rack/blob/v2.2.3/lib/rack/etag.rb
   #
   # Automatically sets the ETag header on all String bodies.
   #
@@ -19,20 +18,25 @@ module Rack
     # Yes, Rack::ETag sets a default Cache-Control for responses that it can digest.
     DEFAULT_CACHE_CONTROL = "max-age=0, private, must-revalidate"
 
-    IGNORE_PATTERNS = [
+    STRIP_PATTERNS = [
       /<meta\b[^>]*\bname=(["'])csrf-token\1[^>]+>/i,
       /<meta\b[^>]*\bname=(["'])csp-nonce\1[^>]+>/i,
       /<input\b[^>]*\bname=(["'])authenticity_token\1[^>]+>/i,
       lambda { |string| string.gsub(/(<script\b[^>]*)\bnonce=(["'])[^"']+\2+/i, '\1') }
     ]
 
+    STRIP_CONTENT_TYPES = %w[
+      text/html
+      application/xhtml+xml
+    ]
+
     def initialize(app, no_digest_cache_control = nil, digest_cache_control = DEFAULT_CACHE_CONTROL)
       @app = app
 
       @digest_cache_control = digest_cache_control
 
-      # Rails sets a default `Cache-Control: no-cache` for responses that
-      # we cannot digest.
+      # Rails sets a default `Cache-Control: no-cache` for responses that we cannot digest.
+      # See https://github.com/rails/rails/blob/d96609505511a76c618dc3adfa3ca4679317d008/railties/lib/rails/application/default_middleware_stack.rb#L81
       @no_digest_cache_control = no_digest_cache_control
     end
 
@@ -82,7 +86,7 @@ module Rack
     def etag_body?(body)
       # Rack main branch checks for `:to_ary` here to exclude streaming responses,
       # but that had other issues for me in testing. Maybe recheck when there is a
-      # new Rack release after 2.2.2.
+      # new Rack release after 2.2.3.
       !body.respond_to?(:to_path)
     end
 
@@ -94,20 +98,17 @@ module Rack
       parts = []
       digest = nil
 
+      strippable_response = STRIP_CONTENT_TYPES.include?(headers['Content-Type'])
+
       body.each do |part|
         parts << part
 
-        if part.present?
-          part = strip_ignore_patterns(part)
-
-          unless digest
-            digest = Digest::SHA256.new
-
-            if session && (session_id = session['session_id'])
-              digest << session_id.to_s
-            end
-          end
-
+        # Note that `part` can be a string with binary data here.
+        # It's important to check emptiness with #empty? instead of #blank?, since #blank?
+        # internally calls String#match? and that explodes if the string is not valid UTF-8.
+        unless part.empty?
+          digest ||= initialize_digest(session)
+          part = strip_patterns(part) if strippable_response
           digest << part
         end
       end
@@ -119,12 +120,22 @@ module Rack
       [digest, parts]
     end
 
-    def strip_ignore_patterns(html)
-      IGNORE_PATTERNS.each do |ignore_pattern|
-        if ignore_pattern.respond_to?(:call)
-          html = ignore_pattern.call(html)
+    def initialize_digest(session)
+      digest = Digest::SHA256.new
+
+      if session && (session_id = session['session_id'])
+        digest << session_id.to_s
+      end
+
+      digest
+    end
+
+    def strip_patterns(html)
+      STRIP_PATTERNS.each do |pattern|
+        if pattern.respond_to?(:call)
+          html = pattern.call(html)
         else
-          html = html.gsub(ignore_pattern, '')
+          html = html.gsub(pattern, '')
         end
       end
       html

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: rack-steady_etag
 version: !ruby/object:Gem::Version
-  version: 0.2.0
+  version: 0.2.3
 platform: ruby
 authors:
 - Henning Koch