rack 0.2.0 → 0.3.0

data/AUTHORS

@@ -1,5 +1,7 @@
 * Christian Neukirchen <chneukirchen@gmail.com>
-* Rails adapter: Christoffer Sawicki <christoffer.sawicki@gmail.com>
 * HTTP authentication: Tim Fletcher <twoggle@gmail.com>
 * Cookie sessions, Static handler: Luc Heinrich <luc@honk-honk.com>
+* Pool sessions, OpenID authentication: blink <blinketje@gmail.com>
+* LiteSpeed handler: Adrian Madrid
+* SCGI handler: Jeremy Evans
 * Official Logo: Armin Ronacher

data/RDOX

@@ -16,6 +16,11 @@
 * should return 400 Bad Request if incorrect uri given
 * should return 400 Bad Request if different auth scheme used
 
+== Rack::Builder
+* chains apps by default
+* has implicit #to_app
+* supports blocks on use
+
 == Rack::Adapter::Camping
 * works with GET
 * works with POST
@@ -26,6 +31,7 @@
 * should fail if empty
 
 == Rack::Handler::CGI
+* startup (empty)
 * should respond
 * should be a lighttpd
 * should have rack headers
@@ -33,12 +39,14 @@
 * should have CGI headers on POST
 * should support HTTP auth
 * should set status
+* shutdown
 
 == Rack::CommonLogger
 * should log to rack.errors by default
 * should log to anything with <<
 
 == Rack::Handler::FastCGI
+* startup (empty)
 * should respond
 * should be a lighttpd
 * should have rack headers
@@ -46,9 +54,11 @@
 * should have CGI headers on POST
 * should support HTTP auth
 * should set status
+* shutdown
 
 == Rack::File
 * serves files
+* serves files with URL encoded filenames
 * does not allow directory traversal
 * 404s if it can't find the file
 
@@ -118,6 +128,7 @@
 * can cache, but invalidates the cache
 * can figure out if called via XHR
 * can parse cookies
+* parses cookies according to RFC 2109
 * provides setters
 * provides the original env
 * can restore the URL
@@ -125,12 +136,14 @@
 * can parse multipart form data
 * can parse big multipart form data
 * can detect invalid multipart form data
+* does conform to the Rack spec
 
 == Rack::Response
 * has sensible default values
 * can be written to
 * can set and read headers
 * can set cookies
+* formats the Cookie expiration date accordingly to RFC 2109
 * can delete cookies
 * has a useful constructor
 * has a constructor that can take a block
@@ -145,6 +158,11 @@
 * survives broken cookies
 * barks on too big cookies
 
+== Rack::Session::Pool
+* creates a new cookie
+* loads from a cookie
+* survives broken cookies
+
 == Rack::ShowExceptions
 * catches exceptions
 
@@ -186,4 +204,4 @@
 * should set status
 * should provide a .run
 
-137 specifications (546 requirements), 0 failures
+151 specifications, 2 empty (598 requirements), 0 failures

data/README

@@ -13,10 +13,17 @@ which all Rack applications should conform to.
 
 The included *handlers* connect all kinds of web servers to Rack:
 * Mongrel
-* Mongrel/Swiftcore (require it before Rack.)
+* Mongrel/Swiftcore (require it before requiring rack)
 * WEBrick
 * FCGI
 * CGI
+* SCGI
+* LiteSpeed
+
+These web servers include Rack handlers in their distributions:
+* Ebb
+* Fuzed
+* Thin
 
 Any valid Rack app will run the same on all these handlers, without
 changing anything.
@@ -25,13 +32,22 @@ changing anything.
 
 The included *adapters* connect Rack with existing Ruby web frameworks:
 * Camping
-* Rails (alpha)
-* more to come soon, ...
 
 These frameworks include Rack adapters in their distributions:
-* Ramaze
+* Coset
+* Halcyon
 * Maveric
+* Merb
 * Racktools::SimpleApplication
+* Ramaze
+* Sinatra
+* Vintage
+
+Ruby on Rails can be run with the adapter included with Thin, which
+will be merged into a later Rack version.
+
+Current links to these projects can be found at
+http://ramaze.net/#other-frameworks
 
 == Available middleware
 
@@ -42,7 +58,7 @@ applications needs using middleware, for example:
 * Rack::ShowException, for catching unhandled exceptions and
   presenting them in a nice and helpful way with clickable backtrace.
 * Rack::File, for serving static files.
-* ...
+* ...many others!
 
 All these components use the same interface, which is described in
 detail in the Rack specification.  You can choose to use them exactly
@@ -110,6 +126,18 @@ at my site:
   * Bug fixes in the Camping adapter.
   * Removed Rails adapter, was too alpha.
 
+* February 26th, 2008: Third public release 0.3.
+  * LiteSpeed handler, by Adrian Madrid.
+  * SCGI handler, by Jeremy Evans.
+  * Pool sessions, by blink.
+  * OpenID authentication, by blink.
+  * :Port and :File options for opening FastCGI sockets, by blink.
+  * Last-Modified HTTP header for Rack::File, by blink.
+  * Rack::Builder#use now accepts blocks, by Corey Jewett.
+    (See example/protectedlobster.ru)
+  * HTTP status 201 can contain a Content-Type and a body now.
+  * Many bugfixes, especially related to Cookie handling.
+
 == Contact
 
 Please mail bugs, suggestions and patches to
@@ -124,11 +152,16 @@ You are also welcome to join the #rack channel on irc.freenode.net.
 
 * Michael Fellinger, for the helpful discussion, bugfixes and a better
   Rack::Request interface.
+* Adrian Madrid, for the LiteSpeed handler.
 * Christoffer Sawicki, for the Rails adapter.
 * Tim Fletcher, for the HTTP authentication code.
+* Luc Heinrich for the Cookie sessions, the static file handler and bugfixes.
+* blink for the Pool sessions, OpenID support, various tweaks, and bugreports.
 * Armin Ronacher, for the logo and racktools.
 * Aredridel, for bug fixing.
 * Gary Wright, for proposing a better Rack::Response interface.
+* Jonathan Buch, for improvements regarding Rack::Response.
+* Armin Röhrl, for tracking down bugs in the Cookie generator.
 * Alexander Kellett for testing the Gem and reviewing the announce.
 * Marcus Rückert, for help with configuring and debugging lighttpd.
 * The WSGI team for the well-done and documented work they've done and
@@ -136,7 +169,7 @@ You are also welcome to join the #rack channel on irc.freenode.net.
 
 == Copyright
 
-Copyright (C) 2007  Christian Neukirchen <http://purl.org/net/chneukirchen>
+Copyright (C) 2007, 2008 Christian Neukirchen <http://purl.org/net/chneukirchen>
 
 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to

data/Rakefile

@@ -28,7 +28,7 @@ def get_darcs_tree_version
   count = 0
   tag = "0.0"
 
-  changes.each("\n\n") { |change|
+  changes.split("\n\n").each { |change|
     head, title, desc = change.split("\n", 3)
 
     if title =~ /^  \*/

data/SPEC

@@ -74,7 +74,7 @@ There are the following restrictions:
 * <tt>rack.url_scheme</tt> must either be +http+ or +https+.
 * There must be a valid input stream in <tt>rack.input</tt>.
 * There must be a valid error stream in <tt>rack.errors</tt>.
-* The <tt>REQUEST_METHOD</tt> must be one of +GET+, +POST+,
+* The <tt>REQUEST_METHOD</tt> must be one of +GET+, +POST+, +PUT+,
   +DELETE+, +HEAD+, +OPTIONS+, +TRACE+.
 * The <tt>SCRIPT_NAME</tt>, if non-empty, must start with <tt>/</tt>
 * The <tt>PATH_INFO</tt>, if non-empty, must start with <tt>/</tt>
@@ -115,7 +115,7 @@ The values passed on #each must be Strings
 and not contain characters below 037.
 === The Content-Type
 There must be a <tt>Content-Type</tt>, except when the
-+Status+ is 201, 204, 304, in which case there must be none
++Status+ is 204 or 304, in which case there must be none
 given.
 === The Body
 The Body must respond to #each

data/bin/rackup

@@ -98,6 +98,10 @@ when nil
   # Guess.
   if ENV.include?("PHP_FCGI_CHILDREN")
     server = Rack::Handler::FastCGI
+
+    # We already speak FastCGI
+    options.delete :File
+    options.delete :Port
   elsif ENV.include?("REQUEST_METHOD")
     server = Rack::Handler::CGI
   else

data/example/protectedlobster.ru

@@ -0,0 +1,8 @@
+require 'rack/lobster'
+
+use Rack::ShowExceptions
+use Rack::Auth::Basic do |username, password|
+  'secret' == password
+end
+
+run Rack::Lobster.new

data/lib/rack.rb

@@ -1,4 +1,4 @@
-# Copyright (C) 2007 Christian Neukirchen <purl.org/net/chneukirchen>
+# Copyright (C) 2007, 2008 Christian Neukirchen <purl.org/net/chneukirchen>
 #
 # Rack is freely distributable under the terms of an MIT-style license.
 # See COPYING or http://www.opensource.org/licenses/mit-license.php.
@@ -13,10 +13,10 @@ $: << File.expand_path(File.dirname(__FILE__))
 # so it should be enough just to <tt>require rack.rb</tt> in your code.
 
 module Rack
-  # The Rack version number.
+  # The Rack protocol version number implemented.
   VERSION = [0,1]
 
-  # Return the Rack version as a dotted string.
+  # Return the Rack protocol version as a dotted string.
   def self.version
     VERSION.join(".")
   end
@@ -45,6 +45,7 @@ module Rack
     autoload :Basic, "rack/auth/basic"
     autoload :AbstractRequest, "rack/auth/abstract/request"
     autoload :AbstractHandler, "rack/auth/abstract/handler"
+    autoload :OpenID, "rack/auth/openid"
     module Digest
       autoload :MD5, "rack/auth/digest/md5"
       autoload :Nonce, "rack/auth/digest/nonce"
@@ -55,22 +56,25 @@ module Rack
 
   module Session
     autoload :Cookie, "rack/session/cookie"
+    autoload :Pool, "rack/session/pool"
+    autoload :Memcache, "rack/session/memcache"
   end
 
   # *Adapters* connect Rack with third party web frameworks.
   #
-  # Rack includes adapters for Camping and Rails.
+  # Rack includes an adapter for Camping, see README for other
+  # frameworks supporting Rack in their code bases.
   #
   # Refer to the submodules for framework-specific calling details.
 
   module Adapter
     autoload :Camping, "rack/adapter/camping"
-    autoload :Rails, "rack/adapter/rails"
   end
 
   # *Handlers* connect web servers with Rack.
   #
-  # Rack includes Handlers for Mongrel, WEBrick, FastCGI and CGI.
+  # Rack includes Handlers for Mongrel, WEBrick, FastCGI, CGI, SCGI
+  # and LiteSpeed.
   #
   # Handlers usually are activated by calling <tt>MyHandler.run(myapp)</tt>.
   # A second optional hash can be passed to include server-specific
@@ -81,6 +85,8 @@ module Rack
     autoload :FastCGI, "rack/handler/fastcgi"
     autoload :Mongrel, "rack/handler/mongrel"
     autoload :WEBrick, "rack/handler/webrick"
+    autoload :LSWS, "rack/handler/lsws"
+    autoload :SCGI, "rack/handler/scgi"
   end
 end
 

data/lib/rack/auth/abstract/request.rb

@@ -1,5 +1,3 @@
-require 'base64'
-
 module Rack
   module Auth
     class AbstractRequest

data/lib/rack/auth/basic.rb

@@ -45,7 +45,7 @@ module Rack
         end
 
         def credentials
-          @credentials ||= Base64.decode64(params).split(/:/, 2)
+          @credentials ||= params.unpack("m*").first.split(/:/, 2)
         end
 
         def username

data/lib/rack/auth/digest/nonce.rb

@@ -1,4 +1,3 @@
-require 'base64'
 require 'digest/md5'
 
 module Rack
@@ -19,7 +18,7 @@ module Rack
         end
 
         def self.parse(string)
-          new(*Base64.decode64(string).split(' ', 2))
+          new(*string.unpack("m*").first.split(' ', 2))
         end
 
         def initialize(timestamp = Time.now, given_digest = nil)
@@ -27,7 +26,7 @@ module Rack
         end
 
         def to_s
-          Base64.encode64([ @timestamp, digest ] * ' ').strip
+          [([ @timestamp, digest ] * ' ')].pack("m*").strip
         end
 
         def digest

data/lib/rack/auth/openid.rb

@@ -0,0 +1,111 @@
+# AUTHOR: blink <blinketje@gmail.com>; blink#ruby-lang@irc.freenode.net
+
+require 'rack/auth/abstract/handler'
+require 'openid'
+
+module Rack
+  module Auth
+    # Rack::Auth::OpenID provides a simple method for permitting openid
+    # based logins. It requires the ruby-openid lib from janrain to operate,
+    # as well as some method of session management of a Hash type.
+    #
+    # After a transaction, the response status object is stored in the
+    # environment at rack.auth.openid.status, which can be used in the
+    # followup block or in a wrapping application to accomplish
+    # additional data maniipulation.
+    #
+    # NOTE: Due to the amount of data that ruby-openid stores in the session,
+    # Rack::Session::Cookie may fault.
+    #
+    # A hash of data is stored in the session hash at the key of :openid.
+    # The fully canonicalized identity url is stored within at 'identity'.
+    # Extension data from 'openid.sreg.nickname' would be stored as
+    # { 'nickname' => value }.
+    #
+    # NOTE: To my knowledge there is no collision at this point from storage
+    # of this manner, if there is please let me know so I may adjust this app
+    # to cope.
+    class OpenID < AbstractHandler
+      # Required for ruby-openid
+      OIDStore = ::OpenID::MemoryStore.new
+
+      # A Hash of options is taken as it's single initializing
+      # argument. String keys are taken to be openid protocol
+      # extension namespaces.
+      #
+      #   For example: 'sreg' => { 'required' => # 'nickname' }
+      #
+      # Other keys are taken as options for Rack::Auth::OpenID, normally Symbols.
+      # Only :return is required. :trust is highly recommended to be set.
+      #
+      # * :return defines the url to return to after the client authenticates
+      #   with the openid service provider. Should point to where this app is
+      #   mounted. (ex: 'http://mysite.com/openid')
+      # * :trust defines the url identifying the site they are actually logging
+      #   into. (ex: 'http://mysite.com/')
+      # * :session_key defines the key to the session hash in the env.
+      #   (by default it uses 'rack.session')
+      def initialize(options={})
+        raise ArgumentError, 'No return url provided.'  unless options[:return]
+        warn  'No trust url provided.'  unless options[:trust]
+        options[:trust] ||= options[:return]
+
+        @options  = {
+          :session_key => 'rack.session'
+        }.merge(options)
+      end
+
+      def call(env)
+        request = Rack::Request.new env
+        return no_session unless session = request.env[@options[:session_key]]
+        resp = if request.GET['openid.mode']
+                 finish session, request.GET, env
+               elsif request.GET['openid_url']
+                 check session, request.GET['openid_url'], env
+               else
+                 bad_request
+               end
+      end
+
+      def check(session, oid_url, env)
+        consumer = ::OpenID::Consumer.new session, OIDStore
+        oid = consumer.begin oid_url
+        return auth_fail unless oid.status == ::OpenID::SUCCESS
+        @options.each do |ns,s|
+          next unless ns.is_a? String
+          s.each {|k,v| oid.add_extension_arg(ns, k, v) }
+        end
+        r_url = @options.fetch :return do |k| request.url end
+        t_url = @options.fetch :trust
+        env['rack.auth.openid.status'] = oid
+        return 303, {'Location'=>oid.redirect_url( t_url, r_url )}, []
+      end
+
+      def finish(session, params, env)
+        consumer = ::OpenID::Consumer.new session, OIDStore
+        oid = consumer.complete params
+        return bad_login unless oid.status == ::OpenID::SUCCESS
+        session[:openid] = {'identity' => oid.identity_url}
+        @options.each do |ns,s|
+          next unless ns.is_a? String
+          oid.extension_response(ns).each{|k,v| session[k]=v }
+        end
+        env['rack.auth.openid.status'] = oid
+        return 303, {'Location'=>@options[:trust]}, []
+      end
+
+      def no_session
+        @options.
+          fetch :no_session, [500,{'Content-Type'=>'text/plain'},'No session available.']
+      end
+      def auth_fail
+        @options.
+          fetch :auth_fail, [500, {'Content-Type'=>'text/plain'},'Foreign server failure.']
+      end
+      def bad_login
+        @options.
+          fetch :bad_login, [401, {'Content-Type'=>'text/plain'},'Identification has failed.']
+      end
+    end
+  end
+end