rack 0.4.0 → 0.9.0

data/lib/rack/request.rb

@@ -113,6 +113,7 @@ module Rack
             Utils::Multipart.parse_multipart(env)
           @env["rack.request.form_vars"] = @env["rack.input"].read
           @env["rack.request.form_hash"] = Utils.parse_query(@env["rack.request.form_vars"])
+          @env["rack.input"].rewind if @env["rack.input"].respond_to?(:rewind)
         end
         @env["rack.request.form_hash"]
       else
@@ -122,7 +123,7 @@ module Rack
 
     # The union of GET and POST data.
     def params
-      self.GET.update(self.POST)
+      self.put? ? self.GET : self.GET.update(self.POST)
     rescue EOFError => e
       self.GET
     end
@@ -205,5 +206,13 @@ module Rack
         end
       end
     end
+
+    def ip
+      if addr = @env['HTTP_X_FORWARDED_FOR']
+        addr.split(',').last.strip
+      else
+        @env['REMOTE_ADDR']
+      end
+    end
   end
 end

data/lib/rack/response.rb

@@ -23,6 +23,7 @@ module Rack
 
       @writer = lambda { |x| @body << x }
       @block = nil
+      @length = 0
 
       @body = []
 
@@ -59,12 +60,13 @@ module Rack
         # N.B.: cgi.rb uses spaces...
         expires = "; expires=" + value[:expires].clone.gmtime.
           strftime("%a, %d-%b-%Y %H:%M:%S GMT")    if value[:expires]
+        secure = "; secure"  if value[:secure]
         value = value[:value]
       end
       value = [value]  unless Array === value
       cookie = Utils.escape(key) + "=" +
         value.map { |v| Utils.escape v }.join("&") +
-        "#{domain}#{path}#{expires}"
+        "#{domain}#{path}#{expires}#{secure}"
 
       case self["Set-Cookie"]
       when Array
@@ -98,6 +100,7 @@ module Rack
         header.delete "Content-Type"
         [status.to_i, header.to_hash, []]
       else
+        header["Content-Length"] ||= @length.to_s
         [status.to_i, header.to_hash, self]
       end
     end
@@ -110,7 +113,9 @@ module Rack
     end
 
     def write(str)
-      @writer.call str.to_s
+      s = str.to_s
+      @length += s.size
+      @writer.call s
       str
     end
 

data/lib/rack/session/abstract/id.rb

@@ -26,7 +26,10 @@ module Rack
           :key =>           'rack.session',
           :path =>          '/',
           :domain =>        nil,
-          :expire_after =>  nil
+          :expire_after =>  nil,
+          :secure =>        false,
+          :httponly =>      true,
+          :sidbits =>       128
         }
 
         def initialize(app, options={})
@@ -50,6 +53,14 @@ module Rack
 
         private
 
+        # Generate a new session id using Ruby #rand.  The size of the
+        # session id is controlled by the :sidbits option.
+        # Monkey patch this to use custom methods for session id generation.
+        def generate_sid
+          "%0#{@default_options[:sidbits] / 4}x" %
+            rand(2**@default_options[:sidbits] - 1)
+        end
+
         # Extracts the session id from provided cookies and passes it and the
         # environment to #get_session. It then sets the resulting session into
         # 'rack.session', and places options and session metadata into
@@ -110,6 +121,8 @@ module Rack
             expiry = time + options[:expire_after]
             cookie<< "; expires=#{expiry.httpdate}"
           end
+          cookie<< "; Secure" if options[:secure]
+          cookie<< "; HttpOnly" if options[:httponly]
 
           case a = (h = response[1])['Set-Cookie']
           when Array then  a << cookie

data/lib/rack/session/cookie.rb

@@ -1,3 +1,5 @@
+require 'openssl'
+
 module Rack
 
   module Session
@@ -5,13 +7,15 @@ module Rack
     # Rack::Session::Cookie provides simple cookie based session management.
     # The session is a Ruby Hash stored as base64 encoded marshalled data
     # set to :key (default: rack.session).
+    # When the secret key is set, cookie data is checked for data integrity.
     #
     # Example:
     #
     #     use Rack::Session::Cookie, :key => 'rack.session',
     #                                :domain => 'foo.com',
     #                                :path => '/',
-    #                                :expire_after => 2592000
+    #                                :expire_after => 2592000,
+    #                                :secret => 'change_me'
     #
     #     All parameters are optional.
 
@@ -20,6 +24,7 @@ module Rack
       def initialize(app, options={})
         @app = app
         @key = options[:key] || "rack.session"
+        @secret = options[:secret]
         @default_options = {:domain => nil,
           :path => "/",
           :expire_after => nil}.merge(options)
@@ -37,6 +42,11 @@ module Rack
         request = Rack::Request.new(env)
         session_data = request.cookies[@key]
 
+        if @secret && session_data
+          session_data, digest = session_data.split("--")
+          session_data = nil  unless digest == generate_hmac(session_data)
+        end
+
         begin
           session_data = session_data.unpack("m*").first
           session_data = Marshal.load(session_data)
@@ -52,6 +62,10 @@ module Rack
         session_data = Marshal.dump(env["rack.session"])
         session_data = [session_data].pack("m*")
 
+        if @secret
+          session_data = "#{session_data}--#{generate_hmac(session_data)}"
+        end
+
         if session_data.size > (4096 - @key.size)
           env["rack.errors"].puts("Warning! Rack::Session::Cookie data size exceeds 4K. Content dropped.")
           [status, headers, body]
@@ -66,6 +80,10 @@ module Rack
         end
       end
 
+      def generate_hmac(data)
+        OpenSSL::HMAC.hexdigest(OpenSSL::Digest::SHA1.new, @secret, data)
+      end
+
     end
   end
 end

data/lib/rack/session/memcache.rb

@@ -45,7 +45,7 @@ module Rack
           @mutex.synchronize do
             begin
               raise RuntimeError, 'Unique id finding looping excessively' if (lc+=1) > 1000
-              sid = "%08x" % rand(0xffffffff)
+              sid = generate_sid
               ret = @pool.add(sid, session)
             end until /^STORED/ =~ ret
           end

data/lib/rack/session/pool.rb

@@ -40,7 +40,7 @@ module Rack
           unless sess = @pool[sid] and ((expires = sess[:expire_at]).nil? or expires > Time.now)
             @pool.delete_if{|k,v| expiry = v[:expire_at] and expiry < Time.now }
             begin
-              sid = "%08x" % rand(0xffffffff)
+              sid = generate_sid
             end while @pool.has_key?(sid)
           end
           @pool[sid] ||= {}

data/lib/rack/showexceptions.rb

@@ -22,7 +22,11 @@ module Rack
     def call(env)
       @app.call(env)
     rescue StandardError, LoadError, SyntaxError => e
-      [500, {"Content-Type" => "text/html"}, pretty(env, e)]
+      backtrace = pretty(env, e)
+      [500,
+       {"Content-Type" => "text/html",
+        "Content-Length" => backtrace.join.size.to_s},
+       backtrace]
     end
 
     def pretty(env, exception)

data/lib/rack/showstatus.rb

@@ -18,10 +18,11 @@ module Rack
 
     def call(env)
       status, headers, body = @app.call(env)
+      headers = Utils::HeaderHash.new(headers)
+      empty = headers['Content-Length'].to_i <= 0
 
       # client or server error, or explicit message
-      if status.to_i >= 400 &&
-          (body.empty? rescue false) || env["rack.showstatus.detail"]
+      if (status.to_i >= 400 && empty) || env["rack.showstatus.detail"]
         req = Rack::Request.new(env)
         message = Rack::Utils::HTTP_STATUS_CODES[status.to_i] || status.to_s
         detail = env["rack.showstatus.detail"] || message

data/lib/rack/urlmap.rb

@@ -26,7 +26,7 @@ module Rack
         location = location.chomp('/')
 
         [host, location, app]
-      }.sort_by { |(h, l, a)| -l.size }  # Longest path first
+      }.sort_by { |(h, l, a)| [-l.size, h.to_s.size] }  # Longest path first
     end
 
     def call(env)

data/lib/rack/utils.rb

@@ -1,3 +1,4 @@
+require 'set'
 require 'tempfile'
 
 module Rack
@@ -31,10 +32,10 @@ module Rack
 
     def parse_query(qs, d = '&;')
       params = {}
-      
+
       (qs || '').split(/[#{d}] */n).each do |p|
         k, v = unescape(p).split('=', 2)
-        
+
         if cur = params[k]
           if cur.class == Array
             params[k] << v
@@ -45,11 +46,11 @@ module Rack
           params[k] = v
         end
       end
-      
+
       return params
     end
     module_function :parse_query
-    
+
     def build_query(params)
       params.map { |k, v|
         if v.class == Array
@@ -155,9 +156,11 @@ module Rack
       end
     end
 
-    # A case-normalizing Hash, adjusting on [] and []=.
+    # A case-insensitive Hash that preserves the original case of a
+    # header when set.
     class HeaderHash < Hash
       def initialize(hash={})
+        @names = {}
         hash.each { |k, v| self[k] = v }
       end
 
@@ -166,15 +169,35 @@ module Rack
       end
 
       def [](k)
-        super capitalize(k)
+        super @names[k.downcase]
       end
 
       def []=(k, v)
-        super capitalize(k), v
+        delete k
+        @names[k.downcase] = k
+        super k, v
+      end
+
+      def delete(k)
+        super @names.delete(k.downcase)
       end
 
-      def capitalize(k)
-        k.to_s.downcase.gsub(/^.|[-_\s]./) { |x| x.upcase }
+      def include?(k)
+        @names.has_key? k.downcase
+      end
+
+      alias_method :has_key?, :include?
+      alias_method :member?, :include?
+      alias_method :key?, :include?
+
+      def merge!(other)
+        other.each { |k, v| self[k] = v }
+        self
+      end
+
+      def merge(other)
+        hash = dup
+        hash.merge! other
       end
     end
 
@@ -192,10 +215,11 @@ module Rack
       206  => 'Partial Content',
       300  => 'Multiple Choices',
       301  => 'Moved Permanently',
-      302  => 'Moved Temporarily',
+      302  => 'Found',
       303  => 'See Other',
       304  => 'Not Modified',
       305  => 'Use Proxy',
+      307  => 'Temporary Redirect',
       400  => 'Bad Request',
       401  => 'Unauthorized',
       402  => 'Payment Required',
@@ -204,7 +228,7 @@ module Rack
       405  => 'Method Not Allowed',
       406  => 'Not Acceptable',
       407  => 'Proxy Authentication Required',
-      408  => 'Request Time-out',
+      408  => 'Request Timeout',
       409  => 'Conflict',
       410  => 'Gone',
       411  => 'Length Required',
@@ -212,14 +236,19 @@ module Rack
       413  => 'Request Entity Too Large',
       414  => 'Request-URI Too Large',
       415  => 'Unsupported Media Type',
+      416  => 'Requested Range Not Satisfiable',
+      417  => 'Expectation Failed',
       500  => 'Internal Server Error',
       501  => 'Not Implemented',
       502  => 'Bad Gateway',
       503  => 'Service Unavailable',
-      504  => 'Gateway Time-out',
-      505  => 'HTTP Version not supported'
+      504  => 'Gateway Timeout',
+      505  => 'HTTP Version Not Supported'
     }
 
+    # Responses with HTTP status codes that should not have an entity body
+    STATUS_WITH_NO_ENTITY_BODY = Set.new((100..199).to_a << 204 << 304)
+
     # A multipart form data parser, adapted from IOWA.
     #
     # Usually, Rack::Request#POST takes care of calling this.

data/test/cgi/lighttpd.conf

@@ -3,7 +3,7 @@ server.document-root = "."
 server.errorlog = "lighttpd.errors"
 server.port = 9203
 
-server.event-handler = "freebsd-kqueue"
+server.event-handler = "select"
 
 cgi.assign = ("/test" => "",
 #              ".ru" => ""

data/test/spec_rack_builder.rb

@@ -2,6 +2,8 @@ require 'test/spec'
 
 require 'rack/builder'
 require 'rack/mock'
+require 'rack/showexceptions'
+require 'rack/auth/basic'
 
 context "Rack::Builder" do
   specify "chains apps by default" do
@@ -47,4 +49,36 @@ context "Rack::Builder" do
     response.body.to_s.should.equal 'Hi Boss'
   end
 
+  specify "has explicit #to_app" do
+    app = Rack::Builder.app do
+      use Rack::ShowExceptions
+      run lambda { |env| raise "bzzzt" }
+    end
+
+    Rack::MockRequest.new(app).get("/").should.be.server_error
+    Rack::MockRequest.new(app).get("/").should.be.server_error
+    Rack::MockRequest.new(app).get("/").should.be.server_error
+  end
+
+  specify "apps are initialized once" do
+    app = Rack::Builder.new do
+      class AppClass
+        def initialize
+          @called = 0
+        end
+        def call(env)
+          raise "bzzzt"  if @called > 0
+        @called += 1
+          [200, {'Content-Type' => 'text/plain'}, 'OK']
+        end
+      end
+
+      use Rack::ShowExceptions
+      run AppClass.new
+    end
+
+    Rack::MockRequest.new(app).get("/").status.should.equal 200
+    Rack::MockRequest.new(app).get("/").should.be.server_error
+  end
+
 end

data/test/spec_rack_conditionalget.rb

@@ -0,0 +1,41 @@
+require 'test/spec'
+require 'time'
+
+require 'rack/mock'
+require 'rack/conditionalget'
+
+context "Rack::ConditionalGet" do
+  specify "should set a 304 status and truncate body when If-Modified-Since hits" do
+    timestamp = Time.now.httpdate
+    app = Rack::ConditionalGet.new(lambda { |env|
+      [200, {'Last-Modified'=>timestamp}, 'TEST'] })
+
+    response = Rack::MockRequest.new(app).
+      get("/", 'HTTP_IF_MODIFIED_SINCE' => timestamp)
+
+    response.status.should.be == 304
+    response.body.should.be.empty
+  end
+
+  specify "should set a 304 status and truncate body when If-None-Match hits" do
+    app = Rack::ConditionalGet.new(lambda { |env|
+      [200, {'Etag'=>'1234'}, 'TEST'] })
+
+    response = Rack::MockRequest.new(app).
+      get("/", 'HTTP_IF_NONE_MATCH' => '1234')
+
+    response.status.should.be == 304
+    response.body.should.be.empty
+  end
+
+  specify "should not affect non-GET/HEAD requests" do
+    app = Rack::ConditionalGet.new(lambda { |env|
+      [200, {'Etag'=>'1234'}, 'TEST'] })
+
+    response = Rack::MockRequest.new(app).
+      post("/", 'HTTP_IF_NONE_MATCH' => '1234')
+
+    response.status.should.be == 200
+    response.body.should.be == 'TEST'
+  end
+end