rack 0.3.0 → 0.4.0

data/bin/rackup

@@ -6,6 +6,8 @@ require 'optparse'
 automatic = false
 server = nil
 env = "development"
+daemonize = false
+pid = nil
 options = {:Port => 9292, :Host => "0.0.0.0", :AccessLog => []}
 
 opts = OptionParser.new("", 24, '  ') { |opts|
@@ -55,6 +57,14 @@ opts = OptionParser.new("", 24, '  ') { |opts|
     env = e
   }
 
+  opts.on("-D", "--daemonize", "run daemonized in the background") { |d|
+    daemonize = d ? true : false
+  }
+
+  opts.on("-P", "--pid FILE", "file to store PID (default: rack.pid)") { |f|
+    pid = File.expand_path(f)
+  }
+
   opts.separator ""
   opts.separator "Common options:"
 
@@ -93,8 +103,7 @@ else
   inner_app = Object.const_get(File.basename(config, '.rb').capitalize)
 end
 
-case server
-when nil
+unless server = Rack::Handler.get(server)
   # Guess.
   if ENV.include?("PHP_FCGI_CHILDREN")
     server = Rack::Handler::FastCGI
@@ -111,16 +120,6 @@ when nil
       server = Rack::Handler::WEBrick
     end
   end
-when "mongrel"
-  server = Rack::Handler::Mongrel
-when "webrick"
-  server = Rack::Handler::WEBrick
-when "cgi"
-  server = Rack::Handler::CGI
-when "fastcgi"
-  server = Rack::Handler::FastCGI
-else
-  server = Rack::Handler.const_get(server.capitalize)
 end
 
 p server  if $DEBUG
@@ -130,7 +129,6 @@ when "development"
   app = Rack::Builder.new {
     use Rack::CommonLogger, STDERR  unless server.name =~ /CGI/
     use Rack::ShowExceptions
-    use Rack::Reloader
     use Rack::Lint
     run inner_app
   }.to_app
@@ -151,4 +149,24 @@ if $DEBUG
   pp inner_app
 end
 
+if daemonize
+  if RUBY_VERSION < "1.9"
+    exit if fork
+    Process.setsid
+    exit if fork
+    Dir.chdir "/"
+    File.umask 0000
+    STDIN.reopen "/dev/null"
+    STDOUT.reopen "/dev/null", "a"
+    STDERR.reopen "/dev/null", "a"
+  else
+    Process.daemon
+  end
+
+  if pid
+    File.open(pid, 'w'){ |f| f.write("#{Process.pid}") }
+    at_exit { File.delete(pid) if File.exist?(pid) }
+  end
+end
+
 server.run app, options

data/lib/rack.rb

@@ -21,11 +21,19 @@ module Rack
     VERSION.join(".")
   end
 
+  # Return the Rack release as a dotted string.
+  def self.release
+    "0.4"
+  end
+
   autoload :Builder, "rack/builder"
   autoload :Cascade, "rack/cascade"
   autoload :CommonLogger, "rack/commonlogger"
   autoload :File, "rack/file"
+  autoload :Deflater, "rack/deflater"
+  autoload :Directory, "rack/directory"
   autoload :ForwardRequest, "rack/recursive"
+  autoload :Handler, "rack/handler"
   autoload :Lint, "rack/lint"
   autoload :Recursive, "rack/recursive"
   autoload :Reloader, "rack/reloader"
@@ -70,23 +78,4 @@ module Rack
   module Adapter
     autoload :Camping, "rack/adapter/camping"
   end
-
-  # *Handlers* connect web servers with Rack.
-  #
-  # Rack includes Handlers for Mongrel, WEBrick, FastCGI, CGI, SCGI
-  # and LiteSpeed.
-  #
-  # Handlers usually are activated by calling <tt>MyHandler.run(myapp)</tt>.
-  # A second optional hash can be passed to include server-specific
-  # configuration.
-
-  module Handler
-    autoload :CGI, "rack/handler/cgi"
-    autoload :FastCGI, "rack/handler/fastcgi"
-    autoload :Mongrel, "rack/handler/mongrel"
-    autoload :WEBrick, "rack/handler/webrick"
-    autoload :LSWS, "rack/handler/lsws"
-    autoload :SCGI, "rack/handler/scgi"
-  end
 end
-

data/lib/rack/auth/digest/params.rb

@@ -17,8 +17,8 @@ module Rack
           ret
         end
 
-        def self.split_header_value(str) # From WEBrick::HTTPUtils
-          str.scan(/((?:"(?:\\.|[^"])+?"|[^",]+)+)(?:,\s*|\Z)/n).collect{ |v| v[0] }
+        def self.split_header_value(str)
+          str.scan( /(\w+\=(?:"[^\"]+"|[^,]+))/n ).collect{ |v| v[0] }
         end
 
         def initialize

data/lib/rack/auth/openid.rb

@@ -1,110 +1,436 @@
 # AUTHOR: blink <blinketje@gmail.com>; blink#ruby-lang@irc.freenode.net
 
-require 'rack/auth/abstract/handler'
-require 'openid'
+gem 'ruby-openid', '~> 2' if defined? Gem
+require 'rack/auth/abstract/handler' #rack
+require 'uri' #std
+require 'pp' #std
+require 'openid' #gem
+require 'openid/extension' #gem
+require 'openid/store/memory' #gem
 
 module Rack
   module Auth
-    # Rack::Auth::OpenID provides a simple method for permitting openid
-    # based logins. It requires the ruby-openid lib from janrain to operate,
-    # as well as some method of session management of a Hash type.
+    # Rack::Auth::OpenID provides a simple method for permitting
+    # openid based logins. It requires the ruby-openid library from
+    # janrain to operate, as well as a rack method of session management.
     #
-    # After a transaction, the response status object is stored in the
-    # environment at rack.auth.openid.status, which can be used in the
-    # followup block or in a wrapping application to accomplish
-    # additional data maniipulation.
+    # The ruby-openid home page is at http://openidenabled.com/ruby-openid/.
     #
-    # NOTE: Due to the amount of data that ruby-openid stores in the session,
-    # Rack::Session::Cookie may fault.
+    # The OpenID specifications can be found at
+    # http://openid.net/specs/openid-authentication-1_1.html
+    # and
+    # http://openid.net/specs/openid-authentication-2_0.html. Documentation
+    # for published OpenID extensions and related topics can be found at
+    # http://openid.net/developers/specs/.
     #
-    # A hash of data is stored in the session hash at the key of :openid.
-    # The fully canonicalized identity url is stored within at 'identity'.
-    # Extension data from 'openid.sreg.nickname' would be stored as
-    # { 'nickname' => value }.
+    # It is recommended to read through the OpenID spec, as well as
+    # ruby-openid's documentation, to understand what exactly goes on. However
+    # a setup as simple as the presented examples is enough to provide
+    # functionality.
     #
-    # NOTE: To my knowledge there is no collision at this point from storage
-    # of this manner, if there is please let me know so I may adjust this app
-    # to cope.
+    # This library strongly intends to utilize the OpenID 2.0 features of the
+    # ruby-openid library, while maintaining OpenID 1.0 compatiblity.
+    #
+    # All responses from this rack application will be 303 redirects unless an
+    # error occurs, with the exception of an authentication request requiring
+    # an HTML form submission.
+    #
+    # NOTE: Extensions are not currently supported by this implimentation of
+    # the OpenID rack application due to the complexity of the current
+    # ruby-openid extension handling.
+    #
+    # NOTE: Due to the amount of data that this library stores in the
+    # session, Rack::Session::Cookie may fault.
     class OpenID < AbstractHandler
+      class NoSession < RuntimeError; end
       # Required for ruby-openid
-      OIDStore = ::OpenID::MemoryStore.new
+      OIDStore = ::OpenID::Store::Memory.new
+      HTML = '<html><head><title>%s</title></head><body>%s</body></html>'
 
       # A Hash of options is taken as it's single initializing
-      # argument. String keys are taken to be openid protocol
-      # extension namespaces.
-      #
-      #   For example: 'sreg' => { 'required' => # 'nickname' }
-      #
-      # Other keys are taken as options for Rack::Auth::OpenID, normally Symbols.
-      # Only :return is required. :trust is highly recommended to be set.
-      #
-      # * :return defines the url to return to after the client authenticates
-      #   with the openid service provider. Should point to where this app is
-      #   mounted. (ex: 'http://mysite.com/openid')
-      # * :trust defines the url identifying the site they are actually logging
-      #   into. (ex: 'http://mysite.com/')
-      # * :session_key defines the key to the session hash in the env.
-      #   (by default it uses 'rack.session')
-      def initialize(options={})
-        raise ArgumentError, 'No return url provided.'  unless options[:return]
-        warn  'No trust url provided.'  unless options[:trust]
-        options[:trust] ||= options[:return]
-
-        @options  = {
-          :session_key => 'rack.session'
+      # argument. For example:
+      #
+      #   simple_oid = OpenID.new('http://mysite.com/')
+      #
+      #   return_oid = OpenID.new('http://mysite.com/', {
+      #     :return_to => 'http://mysite.com/openid'
+      #   })
+      #
+      #   page_oid = OpenID.new('http://mysite.com/',
+      #     :login_good => 'http://mysite.com/auth_good'
+      #   )
+      #
+      #   complex_oid = OpenID.new('http://mysite.com/',
+      #     :return_to => 'http://mysite.com/openid',
+      #     :login_good => 'http://mysite.com/user/preferences',
+      #     :auth_fail => [500, {'Content-Type'=>'text/plain'},
+      #       'Unable to negotiate with foreign server.'],
+      #     :immediate => true,
+      #     :extensions => {
+      #       ::OpenID::SReg => [['email'],['nickname']]
+      #     }
+      #   )
+      #
+      # = Arguments
+      #
+      # The first argument is the realm, identifying the site they are trusting
+      # with their identity. This is required.
+      #
+      # NOTE: In OpenID 1.x, the realm or trust_root is optional and the
+      # return_to url is required. As this library strives tward ruby-openid
+      # 2.0, and OpenID 2.0 compatibiliy, the realm is required and return_to
+      # is optional. However, this implimentation is still backwards compatible
+      # with OpenID 1.0 servers.
+      #
+      # The optional second argument is a hash of options.
+      #
+      # == Options
+      #
+      # <tt>:return_to</tt> defines the url to return to after the client
+      # authenticates with the openid service provider. This url should point
+      # to where Rack::Auth::OpenID is mounted. If <tt>:return_to</tt> is not
+      # provided, :return_to will be the current url including all query
+      # parameters.
+      #
+      # <tt>:session_key</tt> defines the key to the session hash in the env.
+      # It defaults to 'rack.session'.
+      #
+      # <tt>:openid_param</tt> defines at what key in the request parameters to
+      # find the identifier to resolve. As per the 2.0 spec, the default is
+      # 'openid_identifier'.
+      #
+      # <tt>:immediate</tt> as true will make immediate type of requests the
+      # default. See OpenID specification documentation.
+      #
+      # === URL options
+      #
+      # <tt>:login_good</tt> is the url to go to after the authentication
+      # process has completed.
+      #
+      # <tt>:login_fail</tt> is the url to go to after the authentication
+      # process has failed.
+      #
+      # <tt>:login_quit</tt> is the url to go to after the authentication
+      # process
+      # has been cancelled.
+      #
+      # === Response options
+      #
+      # <tt>:no_session</tt> should be a rack response to be returned if no or
+      # an incompatible session is found.
+      #
+      # <tt>:auth_fail</tt> should be a rack response to be returned if an
+      # OpenID::DiscoveryFailure occurs. This is typically due to being unable
+      # to access the identity url or identity server.
+      #
+      # <tt>:error</tt> should be a rack response to return if any other
+      # generic error would occur and <tt>options[:catch_errors]</tt> is true.
+      #
+      # === Extensions
+      #
+      # <tt>:extensions</tt> should be a hash of openid extension
+      # implementations. The key should be the extension main module, the value
+      # should be an array of arguments for extension::Request.new
+      #
+      # The hash is iterated over and passed to #add_extension for processing.
+      # Please see #add_extension for further documentation.
+      def initialize(realm, options={})
+        @realm = realm
+        realm = URI(realm)
+        if realm.path.empty?
+          raise ArgumentError, "Invalid realm path: '#{realm.path}'"
+        elsif not realm.absolute?
+          raise ArgumentError, "Realm '#{@realm}' not absolute"
+        end
+
+        [:return_to, :login_good, :login_fail, :login_quit].each do |key|
+          if options.key? key and luri = URI(options[key])
+            if !luri.absolute?
+              raise ArgumentError, ":#{key} is not an absolute uri: '#{luri}'"
+            end
+          end
+        end
+
+        if options[:return_to] and ruri = URI(options[:return_to])
+          if ruri.path.empty?
+            raise ArgumentError, "Invalid return_to path: '#{ruri.path}'"
+          elsif realm.path != ruri.path[0, realm.path.size]
+            raise ArgumentError, 'return_to not within realm.' \
+          end
+        end
+
+        # TODO: extension support
+        if extensions = options.delete(:extensions)
+          extensions.each do |ext, args|
+            add_extension ext, *args
+          end
+        end
+
+        @options = {
+          :session_key => 'rack.session',
+          :openid_param => 'openid_identifier',
+          #:return_to, :login_good, :login_fail, :login_quit
+          #:no_session, :auth_fail, :error
+          :store => OIDStore,
+          :immediate => false,
+          :anonymous => false,
+          :catch_errors => false
         }.merge(options)
+        @extensions = {}
       end
 
+      attr_reader :options, :extensions
+
+      # It sets up and uses session data at <tt>:openid</tt> within the
+      # session. It sets up the ::OpenID::Consumer using the store specified by
+      # <tt>options[:store]</tt>.
+      #
+      # If the parameter specified by <tt>options[:openid_param]</tt> is
+      # present, processing is passed to #check and the result is returned.
+      #
+      # If the parameter 'openid.mode' is set, implying a followup from the
+      # openid server, processing is passed to #finish and the result is
+      # returned.
+      #
+      # If neither of these conditions are met, a 400 error is returned.
+      #
+      # If an error is thrown and <tt>options[:catch_errors]</tt> is false, the
+      # exception will be reraised. Otherwise a 500 error is returned.
       def call(env)
+        env['rack.auth.openid'] = self
+        session = env[@options[:session_key]]
+        unless session and session.is_a? Hash
+          raise(NoSession, 'No compatible session')
+        end
+        # let us work in our own namespace...
+        session = (session[:openid] ||= {})
+        unless session and session.is_a? Hash
+          raise(NoSession, 'Incompatible session')
+        end
+
         request = Rack::Request.new env
-        return no_session unless session = request.env[@options[:session_key]]
-        resp = if request.GET['openid.mode']
-                 finish session, request.GET, env
-               elsif request.GET['openid_url']
-                 check session, request.GET['openid_url'], env
-               else
-                 bad_request
-               end
-      end
+        consumer = ::OpenID::Consumer.new session, @options[:store]
+
+        if request.params['openid.mode']
+          finish consumer, session, request
+        elsif request.params[@options[:openid_param]]
+          check consumer, session, request
+        else
+          env['rack.errors'].puts "No valid params provided."
+          bad_request
+        end
+      rescue NoSession
+        env['rack.errors'].puts($!.message, *$@)
 
-      def check(session, oid_url, env)
-        consumer = ::OpenID::Consumer.new session, OIDStore
-        oid = consumer.begin oid_url
-        return auth_fail unless oid.status == ::OpenID::SUCCESS
-        @options.each do |ns,s|
-          next unless ns.is_a? String
-          s.each {|k,v| oid.add_extension_arg(ns, k, v) }
+        @options. ### Missing or incompatible session
+          fetch :no_session, [ 500,
+            {'Content-Type'=>'text/plain'},
+            $!.message ]
+      rescue
+        env['rack.errors'].puts($!.message, *$@)
+
+        if not @options[:catch_error]
+          raise($!)
         end
-        r_url = @options.fetch :return do |k| request.url end
-        t_url = @options.fetch :trust
-        env['rack.auth.openid.status'] = oid
-        return 303, {'Location'=>oid.redirect_url( t_url, r_url )}, []
+        @options.
+          fetch :error, [ 500,
+            {'Content-Type'=>'text/plain'},
+            'OpenID has encountered an error.' ]
       end
 
-      def finish(session, params, env)
-        consumer = ::OpenID::Consumer.new session, OIDStore
-        oid = consumer.complete params
-        return bad_login unless oid.status == ::OpenID::SUCCESS
-        session[:openid] = {'identity' => oid.identity_url}
-        @options.each do |ns,s|
-          next unless ns.is_a? String
-          oid.extension_response(ns).each{|k,v| session[k]=v }
+      # As the first part of OpenID consumer action, #check retrieves the data
+      # required for completion.
+      #
+      # * <tt>session[:openid][:openid_param]</tt> is set to the submitted
+      #   identifier to be authenticated.
+      # * <tt>session[:openid][:site_return]</tt> is set as the request's
+      #   HTTP_REFERER, unless already set.
+      # * <tt>env['rack.auth.openid.request']</tt> is the openid checkid
+      #   request instance.
+      def check(consumer, session, req)
+        session[:openid_param]  = req.params[@options[:openid_param]]
+        oid = consumer.begin(session[:openid_param], @options[:anonymous])
+        pp oid if $DEBUG
+        req.env['rack.auth.openid.request'] = oid
+
+        session[:site_return] ||= req.env['HTTP_REFERER']
+
+        # SETUP_NEEDED check!
+        # see OpenID::Consumer::CheckIDRequest docs
+        query_args = [@realm, *@options.values_at(:return_to, :immediate)]
+        query_args[1] ||= req.url
+        query_args[2] = false if session.key? :setup_needed
+        pp query_args if $DEBUG
+
+        ## Extension support
+        extensions.each do |ext,args|
+          oid.add_extension ext::Request.new(*args)
+        end
+
+        if oid.send_redirect?(*query_args)
+          redirect = oid.redirect_url(*query_args)
+          if $DEBUG
+            pp redirect
+            pp Rack::Utils.parse_query(URI(redirect).query)
+          end
+          [ 303, {'Location'=>redirect}, [] ]
+        else
+          # check on 'action' option.
+          formbody = oid.form_markup(*query_args)
+          if $DEBUG
+            pp formbody
+          end
+          body = HTML % ['Confirm...', formbody]
+          [ 200, {'Content-Type'=>'text/html'}, body.to_a ]
         end
-        env['rack.auth.openid.status'] = oid
-        return 303, {'Location'=>@options[:trust]}, []
+      rescue ::OpenID::DiscoveryFailure => e
+        # thrown from inside OpenID::Consumer#begin by yadis stuff
+        req.env['rack.errors'].puts($!.message, *$@)
+
+        @options. ### Foreign server failed
+          fetch :auth_fail, [ 503,
+            {'Content-Type'=>'text/plain'},
+            'Foreign server failure.' ]
       end
 
-      def no_session
-        @options.
-          fetch :no_session, [500,{'Content-Type'=>'text/plain'},'No session available.']
+      # This is the final portion of authentication. Unless any errors outside
+      # of specification occur, a 303 redirect will be returned with Location
+      # determined by the OpenID response type. If none of the response type
+      # :login_* urls are set, the redirect will be set to
+      # <tt>session[:openid][:site_return]</tt>. If
+      # <tt>session[:openid][:site_return]</tt> is unset, the realm will be
+      # used.
+      #
+      # Any messages from OpenID's response are appended to the 303 response
+      # body.
+      #
+      # Data gathered from extensions are stored in session[:openid] with the
+      # extension's namespace uri as the key.
+      #
+      # * <tt>env['rack.auth.openid.response']</tt> is the openid response.
+      #
+      # The four valid possible outcomes are:
+      # * failure: <tt>options[:login_fail]</tt> or
+      #   <tt>session[:site_return]</tt> or the realm
+      #   * <tt>session[:openid]</tt> is cleared and any messages are send to
+      #     rack.errors
+      #   * <tt>session[:openid]['authenticated']</tt> is <tt>false</tt>
+      # * success: <tt>options[:login_good]</tt> or
+      #   <tt>session[:site_return]</tt> or the realm
+      #   * <tt>session[:openid]</tt> is cleared
+      #   * <tt>session[:openid]['authenticated']</tt> is <tt>true</tt>
+      #   * <tt>session[:openid]['identity']</tt> is the actual identifier
+      #   * <tt>session[:openid]['identifier']</tt> is the pretty identifier
+      # * cancel: <tt>options[:login_good]</tt> or
+      #   <tt>session[:site_return]</tt> or the realm
+      #   * <tt>session[:openid]</tt> is cleared
+      #   * <tt>session[:openid]['authenticated']</tt> is <tt>false</tt>
+      # * setup_needed: resubmits the authentication request. A flag is set for
+      #   non-immediate handling.
+      #   * <tt>session[:openid][:setup_needed]</tt> is set to <tt>true</tt>,
+      #     which will prevent immediate style openid authentication.
+      def finish(consumer, session, req)
+        oid = consumer.complete(req.params, req.url)
+        pp oid if $DEBUG
+        req.env['rack.auth.openid.response'] = oid
+
+        goto = session.fetch :site_return, @realm
+        body = []
+
+        case oid.status
+        when ::OpenID::Consumer::FAILURE
+          session.clear
+          session['authenticated'] = false
+          req.env['rack.errors'].puts oid.message
+
+          goto = @options[:login_fail] if @option.key? :login_fail
+          body << "Authentication unsuccessful.\n"
+        when ::OpenID::Consumer::SUCCESS
+          session.clear
+
+          ## Extension support
+          extensions.each do |ext, args|
+            session[ext::NS_URI] = ext::Response.
+              from_success_response(oid).
+              get_extension_args
+          end
+
+          session['authenticated'] = true
+          # Value for unique identification and such
+          session['identity'] = oid.identity_url
+          # Value for display and UI labels
+          session['identifier'] = oid.display_identifier
+
+          goto = @options[:login_good] if @options.key? :login_good
+          body << "Authentication successful.\n"
+        when ::OpenID::Consumer::CANCEL
+          session.clear
+          session['authenticated'] = false
+
+          goto = @options[:login_fail] if @option.key? :login_fail
+          body << "Authentication cancelled.\n"
+        when ::OpenID::Consumer::SETUP_NEEDED
+          session[:setup_needed] = true
+          unless o_id = session[:openid_param]
+            raise('Required values missing.')
+          end
+
+          goto = req.script_name+
+            '?'+@options[:openid_param]+
+            '='+o_id
+          body << "Reauthentication required.\n"
+        end
+        body << oid.message if oid.message
+        [ 303, {'Location'=>goto}, body]
       end
-      def auth_fail
-        @options.
-          fetch :auth_fail, [500, {'Content-Type'=>'text/plain'},'Foreign server failure.']
+
+      # The first argument should be the main extension module.
+      # The extension module should contain the constants:
+      #   * class Request, with OpenID::Extension as an ancestor
+      #   * class Response, with OpenID::Extension as an ancestor
+      #   * string NS_URI, which defines the namespace of the extension, should
+      #     be an absolute http uri
+      #
+      # All trailing arguments will be passed to extension::Request.new in
+      # #check.
+      # The openid response will be passed to
+      # extension::Response#from_success_response, #get_extension_args will be
+      # called on the result to attain the gathered data.
+      #
+      # This method returns the key at which the response data will be found in
+      # the session, which is the namespace uri by default.
+      def add_extension ext, *args
+        if not ext.is_a? Module
+          raise TypeError, "#{ext.inspect} is not a module"
+        elsif not (m = %w'Request Response NS_URI' - ext.constants).empty?
+          raise ArgumentError, "#{ext.inspect} missing #{m*', '}"
+        end
+
+        consts = [ext::Request, ext::Response]
+
+        if not consts.all?{|c| c.is_a? Class }
+          raise TypeError, "#{ext.inspect}'s Request or Response is not a class"
+        elsif not consts.all?{|c| ::OpenID::Extension > c }
+          raise ArgumentError, "#{ext.inspect}'s Request or Response not a decendant of OpenID::Extension"
+        end
+
+        if not ext::NS_URI.is_a? String
+          raise TypeError, "#{ext.inspect}'s NS_URI is not a string"
+        elsif not uri = URI(ext::NS_URI)
+          raise ArgumentError, "#{ext.inspect}'s NS_URI is not a valid uri"
+        elsif not uri.scheme =~ /^https?$/
+          raise ArgumentError, "#{ext.inspect}'s NS_URI is not an http uri"
+        elsif not uri.absolute?
+          raise ArgumentError, "#{ext.inspect}'s NS_URI is not and absolute uri"
+        end
+        @extensions[ext] = args
+        return ext::NS_URI
       end
-      def bad_login
-        @options.
-          fetch :bad_login, [401, {'Content-Type'=>'text/plain'},'Identification has failed.']
+
+      # A conveniance method that returns the namespace of all current
+      # extensions used by this instance.
+      def extension_namespaces
+        @extensions.keys.map{|e|e::NS_URI}
       end
     end
   end