rack 1.1.6 → 1.6.9

data/lib/rack/conditionalget.rb

@@ -13,35 +13,67 @@ module Rack
   # a conditional GET matches.
   #
   # Adapted from Michael Klishin's Merb implementation:
-  # http://github.com/wycats/merb-core/tree/master/lib/merb-core/rack/middleware/conditional_get.rb
+  # https://github.com/wycats/merb/blob/master/merb-core/lib/merb-core/rack/middleware/conditional_get.rb
   class ConditionalGet
     def initialize(app)
       @app = app
     end
 
     def call(env)
-      return @app.call(env) unless %w[GET HEAD].include?(env['REQUEST_METHOD'])
-
-      status, headers, body = @app.call(env)
-      headers = Utils::HeaderHash.new(headers)
-      if etag_matches?(env, headers) || modified_since?(env, headers)
-        status = 304
-        headers.delete('Content-Type')
-        headers.delete('Content-Length')
-        body = []
+      case env[REQUEST_METHOD]
+      when "GET", "HEAD"
+        status, headers, body = @app.call(env)
+        headers = Utils::HeaderHash.new(headers)
+        if status == 200 && fresh?(env, headers)
+          status = 304
+          headers.delete(CONTENT_TYPE)
+          headers.delete(CONTENT_LENGTH)
+          original_body = body
+          body = Rack::BodyProxy.new([]) do
+            original_body.close if original_body.respond_to?(:close)
+          end
+        end
+        [status, headers, body]
+      else
+        @app.call(env)
       end
-      [status, headers, body]
     end
 
   private
-    def etag_matches?(env, headers)
-      etag = headers['Etag'] and etag == env['HTTP_IF_NONE_MATCH']
+
+    def fresh?(env, headers)
+      modified_since = env['HTTP_IF_MODIFIED_SINCE']
+      none_match     = env['HTTP_IF_NONE_MATCH']
+
+      return false unless modified_since || none_match
+
+      success = true
+      success &&= modified_since?(to_rfc2822(modified_since), headers) if modified_since
+      success &&= etag_matches?(none_match, headers) if none_match
+      success
     end
 
-    def modified_since?(env, headers)
-      last_modified = headers['Last-Modified'] and
-        last_modified == env['HTTP_IF_MODIFIED_SINCE']
+    def etag_matches?(none_match, headers)
+      etag = headers['ETag'] and etag == none_match
     end
-  end
 
+    def modified_since?(modified_since, headers)
+      last_modified = to_rfc2822(headers['Last-Modified']) and
+        modified_since and
+        modified_since >= last_modified
+    end
+
+    def to_rfc2822(since)
+      # shortest possible valid date is the obsolete: 1 Nov 97 09:55 A
+      # anything shorter is invalid, this avoids exceptions for common cases
+      # most common being the empty string
+      if since && since.length >= 16
+        # NOTE: there is no trivial way to write this in a non execption way
+        #   _rfc2822 returns a hash but is not that usable
+        Time.rfc2822(since) rescue nil
+      else
+        nil
+      end
+    end
+  end
 end

data/lib/rack/config.rb

@@ -1,6 +1,11 @@
 module Rack
   # Rack::Config modifies the environment using the block given during
   # initialization.
+  #
+  # Example:
+  #     use Rack::Config do |env|
+  #       env['my-key'] = 'some-value'
+  #     end
   class Config
     def initialize(app, &block)
       @app = app

data/lib/rack/content_length.rb

@@ -1,6 +1,8 @@
 require 'rack/utils'
+require 'rack/body_proxy'
 
 module Rack
+
   # Sets the Content-Length header on responses with fixed-length bodies.
   class ContentLength
     include Rack::Utils
@@ -13,14 +15,20 @@ module Rack
       status, headers, body = @app.call(env)
       headers = HeaderHash.new(headers)
 
-      if !STATUS_WITH_NO_ENTITY_BODY.include?(status) &&
-         !headers['Content-Length'] &&
+      if !STATUS_WITH_NO_ENTITY_BODY.include?(status.to_i) &&
+         !headers[CONTENT_LENGTH] &&
          !headers['Transfer-Encoding'] &&
-         (body.respond_to?(:to_ary) || body.respond_to?(:to_str))
+         body.respond_to?(:to_ary)
+
+        obody = body
+        body, length = [], 0
+        obody.each { |part| body << part; length += bytesize(part) }
+
+        body = BodyProxy.new(body) do
+          obody.close if obody.respond_to?(:close)
+        end
 
-        body = [body] if body.respond_to?(:to_str) # rack 0.4 compat
-        length = body.to_ary.inject(0) { |len, part| len + bytesize(part) }
-        headers['Content-Length'] = length.to_s
+        headers[CONTENT_LENGTH] = length.to_s
       end
 
       [status, headers, body]

data/lib/rack/content_type.rb

@@ -9,6 +9,8 @@ module Rack
   #
   # When no content type argument is provided, "text/html" is assumed.
   class ContentType
+    include Rack::Utils
+
     def initialize(app, content_type = "text/html")
       @app, @content_type = app, content_type
     end
@@ -16,7 +18,11 @@ module Rack
     def call(env)
       status, headers, body = @app.call(env)
       headers = Utils::HeaderHash.new(headers)
-      headers['Content-Type'] ||= @content_type
+
+      unless STATUS_WITH_NO_ENTITY_BODY.include?(status)
+        headers[CONTENT_TYPE] ||= @content_type
+      end
+
       [status, headers, body]
     end
   end

data/lib/rack/deflater.rb

@@ -1,22 +1,41 @@
 require "zlib"
-require "stringio"
 require "time"  # for Time.httpdate
 require 'rack/utils'
 
 module Rack
+  # This middleware enables compression of http responses.
+  #
+  # Currently supported compression algorithms:
+  #
+  #   * gzip
+  #   * deflate
+  #   * identity (no transformation)
+  #
+  # The middleware automatically detects when compression is supported
+  # and allowed. For example no transformation is made when a cache
+  # directive of 'no-transform' is present, or when the response status
+  # code is one that doesn't allow an entity body.
   class Deflater
-    def initialize(app)
+    ##
+    # Creates Rack::Deflater middleware.
+    #
+    # [app] rack app instance
+    # [options] hash of deflater options, i.e.
+    #           'if' - a lambda enabling / disabling deflation based on returned boolean value
+    #                  e.g use Rack::Deflater, :if => lambda { |env, status, headers, body| body.length > 512 }
+    #           'include' - a list of content types that should be compressed
+    def initialize(app, options = {})
       @app = app
+
+      @condition = options[:if]
+      @compressible_types = options[:include]
     end
 
     def call(env)
       status, headers, body = @app.call(env)
       headers = Utils::HeaderHash.new(headers)
 
-      # Skip compressing empty entity body responses and responses with
-      # no-transform set.
-      if Utils::STATUS_WITH_NO_ENTITY_BODY.include?(status) ||
-          headers['Cache-Control'].to_s =~ /\bno-transform\b/
+      unless should_deflate?(env, status, headers, body)
         return [status, headers, body]
       end
 
@@ -34,19 +53,20 @@ module Rack
       case encoding
       when "gzip"
         headers['Content-Encoding'] = "gzip"
-        headers.delete('Content-Length')
+        headers.delete(CONTENT_LENGTH)
         mtime = headers.key?("Last-Modified") ?
           Time.httpdate(headers["Last-Modified"]) : Time.now
         [status, headers, GzipStream.new(body, mtime)]
       when "deflate"
         headers['Content-Encoding'] = "deflate"
-        headers.delete('Content-Length')
+        headers.delete(CONTENT_LENGTH)
         [status, headers, DeflateStream.new(body)]
       when "identity"
         [status, headers, body]
       when nil
         message = "An acceptable encoding for the requested resource #{request.fullpath} could not be found."
-        [406, {"Content-Type" => "text/plain", "Content-Length" => message.length.to_s}, [message]]
+        bp = Rack::BodyProxy.new([message]) { body.close if body.respond_to?(:close) }
+        [406, {CONTENT_TYPE => "text/plain", CONTENT_LENGTH => message.length.to_s}, bp]
       end
     end
 
@@ -54,14 +74,18 @@ module Rack
       def initialize(body, mtime)
         @body = body
         @mtime = mtime
+        @closed = false
       end
 
       def each(&block)
         @writer = block
         gzip  =::Zlib::GzipWriter.new(self)
         gzip.mtime = @mtime
-        @body.each { |part| gzip.write(part) }
-        @body.close if @body.respond_to?(:close)
+        @body.each { |part|
+          gzip.write(part)
+          gzip.flush
+        }
+      ensure
         gzip.close
         @writer = nil
       end
@@ -69,6 +93,12 @@ module Rack
       def write(data)
         @writer.call(data)
       end
+
+      def close
+        return if @closed
+        @closed = true
+        @body.close if @body.respond_to?(:close)
+      end
     end
 
     class DeflateStream
@@ -82,15 +112,43 @@ module Rack
 
       def initialize(body)
         @body = body
+        @closed = false
       end
 
       def each
-        deflater = ::Zlib::Deflate.new(*DEFLATE_ARGS)
-        @body.each { |part| yield deflater.deflate(part) }
-        @body.close if @body.respond_to?(:close)
-        yield deflater.finish
+        deflator = ::Zlib::Deflate.new(*DEFLATE_ARGS)
+        @body.each { |part| yield deflator.deflate(part, Zlib::SYNC_FLUSH) }
+        yield deflator.finish
         nil
+      ensure
+        deflator.close
+      end
+
+      def close
+        return if @closed
+        @closed = true
+        @body.close if @body.respond_to?(:close)
       end
     end
+
+    private
+
+    def should_deflate?(env, status, headers, body)
+      # Skip compressing empty entity body responses and responses with
+      # no-transform set.
+      if Utils::STATUS_WITH_NO_ENTITY_BODY.include?(status) ||
+          headers[CACHE_CONTROL].to_s =~ /\bno-transform\b/ ||
+         (headers['Content-Encoding'] && headers['Content-Encoding'] !~ /\bidentity\b/)
+        return false
+      end
+
+      # Skip if @compressible_types are given and does not include request's content type
+      return false if @compressible_types && !(headers.has_key?('Content-Type') && @compressible_types.include?(headers['Content-Type'][/[^;]*/]))
+
+      # Skip if @condition lambda is given and evaluates to false
+      return false if @condition && !@condition.call(env, status, headers, body)
+
+      true
+    end
   end
 end

data/lib/rack/directory.rb

@@ -55,8 +55,8 @@ table { width:100%%; }
 
     def _call(env)
       @env = env
-      @script_name = env['SCRIPT_NAME']
-      @path_info = Utils.unescape(env['PATH_INFO'])
+      @script_name = env[SCRIPT_NAME]
+      @path_info = Utils.unescape(env[PATH_INFO])
 
       if forbidden = check_forbidden
         forbidden
@@ -72,7 +72,7 @@ table { width:100%%; }
       body = "Forbidden\n"
       size = Rack::Utils.bytesize(body)
       return [403, {"Content-Type" => "text/plain",
-        "Content-Length" => size.to_s,
+        CONTENT_LENGTH => size.to_s,
         "X-Cascade" => "pass"}, [body]]
     end
 
@@ -80,13 +80,17 @@ table { width:100%%; }
       @files = [['../','Parent Directory','','','']]
       glob = F.join(@path, '*')
 
+      url_head = (@script_name.split('/') + @path_info.split('/')).map do |part|
+        Rack::Utils.escape part
+      end
+
       Dir[glob].sort.each do |node|
         stat = stat(node)
         next  unless stat
         basename = F.basename(node)
         ext = F.extname(node)
 
-        url = F.join(@script_name, @path_info, basename)
+        url = F.join(*url_head + [Rack::Utils.escape(basename)])
         size = stat.size
         type = stat.directory? ? 'directory' : Mime.mime_type(ext)
         size = stat.directory? ? '-' : filesize_format(size)
@@ -97,7 +101,7 @@ table { width:100%%; }
         @files << [ url, basename, size, type, mtime ]
       end
 
-      return [ 200, {'Content-Type'=>'text/html; charset=utf-8'}, self ]
+      return [ 200, { CONTENT_TYPE =>'text/html; charset=utf-8'}, self ]
     end
 
     def stat(node, max = 10)
@@ -126,13 +130,13 @@ table { width:100%%; }
       body = "Entity not found: #{@path_info}\n"
       size = Rack::Utils.bytesize(body)
       return [404, {"Content-Type" => "text/plain",
-        "Content-Length" => size.to_s,
+        CONTENT_LENGTH => size.to_s,
         "X-Cascade" => "pass"}, [body]]
     end
 
     def each
-      show_path = @path.sub(/^#{@root}/,'')
-      files = @files.map{|f| DIR_FILE % f }*"\n"
+      show_path = Rack::Utils.escape_html(@path.sub(/^#{@root}/,''))
+      files = @files.map{|f| DIR_FILE % DIR_FILE_escape(*f) }*"\n"
       page  = DIR_PAGE % [ show_path, show_path , files ]
       page.each_line{|l| yield l }
     end
@@ -153,5 +157,11 @@ table { width:100%%; }
 
       int.to_s + 'B'
     end
+
+    private
+    # Assumes url is already escaped.
+    def DIR_FILE_escape url, *html
+      [url, *html.map { |e| Utils.escape_html(e) }]
+    end
   end
 end

data/lib/rack/etag.rb

@@ -1,23 +1,73 @@
 require 'digest/md5'
 
 module Rack
-  # Automatically sets the ETag header on all String bodies
+  # Automatically sets the ETag header on all String bodies.
+  #
+  # The ETag header is skipped if ETag or Last-Modified headers are sent or if
+  # a sendfile body (body.responds_to :to_path) is given (since such cases
+  # should be handled by apache/nginx).
+  #
+  # On initialization, you can pass two parameters: a Cache-Control directive
+  # used when Etag is absent and a directive when it is present. The first
+  # defaults to nil, while the second defaults to "max-age=0, private, must-revalidate"
   class ETag
-    def initialize(app)
+    ETAG_STRING = 'ETag'.freeze
+    DEFAULT_CACHE_CONTROL = "max-age=0, private, must-revalidate".freeze
+
+    def initialize(app, no_cache_control = nil, cache_control = DEFAULT_CACHE_CONTROL)
       @app = app
+      @cache_control = cache_control
+      @no_cache_control = no_cache_control
     end
 
     def call(env)
       status, headers, body = @app.call(env)
 
-      if !headers.has_key?('ETag')
-        parts = []
-        body.each { |part| parts << part.to_s }
-        headers['ETag'] = %("#{Digest::MD5.hexdigest(parts.join(""))}")
-        [status, headers, parts]
-      else
-        [status, headers, body]
+      if etag_status?(status) && etag_body?(body) && !skip_caching?(headers)
+        original_body = body
+        digest, new_body = digest_body(body)
+        body = Rack::BodyProxy.new(new_body) do
+          original_body.close if original_body.respond_to?(:close)
+        end
+        headers[ETAG_STRING] = %(W/"#{digest}") if digest
       end
+
+      unless headers[CACHE_CONTROL]
+        if digest
+          headers[CACHE_CONTROL] = @cache_control if @cache_control
+        else
+          headers[CACHE_CONTROL] = @no_cache_control if @no_cache_control
+        end
+      end
+
+      [status, headers, body]
     end
+
+    private
+
+      def etag_status?(status)
+        status == 200 || status == 201
+      end
+
+      def etag_body?(body)
+        !body.respond_to?(:to_path)
+      end
+
+      def skip_caching?(headers)
+        (headers[CACHE_CONTROL] && headers[CACHE_CONTROL].include?('no-cache')) ||
+          headers.key?(ETAG_STRING) || headers.key?('Last-Modified')
+      end
+
+      def digest_body(body)
+        parts = []
+        digest = nil
+
+        body.each do |part|
+          parts << part
+          (digest ||= Digest::MD5.new) << part unless part.empty?
+        end
+
+        [digest && digest.hexdigest, parts]
+      end
   end
 end

data/lib/rack/file.rb

@@ -3,20 +3,28 @@ require 'rack/utils'
 require 'rack/mime'
 
 module Rack
-  # Rack::File serves files below the +root+ given, according to the
+  # Rack::File serves files below the +root+ directory given, according to the
   # path info of the Rack request.
+  # e.g. when Rack::File.new("/etc") is used, you can access 'passwd' file
+  # as http://localhost:9292/passwd
   #
   # Handlers can detect if bodies are a Rack::File, and use mechanisms
   # like sendfile on the +path+.
 
   class File
+    ALLOWED_VERBS = %w[GET HEAD OPTIONS]
+    ALLOW_HEADER = ALLOWED_VERBS.join(', ')
+
     attr_accessor :root
     attr_accessor :path
+    attr_accessor :cache_control
 
     alias :to_path :path
 
-    def initialize(root)
+    def initialize(root, headers={}, default_mime = 'text/plain')
       @root = root
+      @headers = headers
+      @default_mime = default_mime
     end
 
     def call(env)
@@ -26,65 +34,119 @@ module Rack
     F = ::File
 
     def _call(env)
-      @path_info = Utils.unescape(env["PATH_INFO"])
-      return forbidden  if @path_info.include? ".."
+      unless ALLOWED_VERBS.include? env[REQUEST_METHOD]
+        return fail(405, "Method Not Allowed", {'Allow' => ALLOW_HEADER})
+      end
 
-      @path = F.join(@root, @path_info)
+      path_info = Utils.unescape(env[PATH_INFO])
+      clean_path_info = Utils.clean_path_info(path_info)
 
-      begin
-        if F.file?(@path) && F.readable?(@path)
-          serving
-        else
-          raise Errno::EPERM
-        end
+      @path = F.join(@root, clean_path_info)
+
+      available = begin
+        F.file?(@path) && F.readable?(@path)
       rescue SystemCallError
-        not_found
+        false
       end
-    end
 
-    def forbidden
-      body = "Forbidden\n"
-      [403, {"Content-Type" => "text/plain",
-             "Content-Length" => body.size.to_s,
-             "X-Cascade" => "pass"},
-       [body]]
+      if available
+        serving(env)
+      else
+        fail(404, "File not found: #{path_info}")
+      end
     end
 
-    # NOTE:
-    #   We check via File::size? whether this file provides size info
-    #   via stat (e.g. /proc files often don't), otherwise we have to
-    #   figure it out by reading the whole file into memory. And while
-    #   we're at it we also use this as body then.
+    def serving(env)
+      if env["REQUEST_METHOD"] == "OPTIONS"
+        return [200, {'Allow' => ALLOW_HEADER, CONTENT_LENGTH => '0'}, []]
+      end
+      last_modified = F.mtime(@path).httpdate
+      return [304, {}, []] if env['HTTP_IF_MODIFIED_SINCE'] == last_modified
+
+      headers = { "Last-Modified" => last_modified }
+      headers[CONTENT_TYPE] = mime_type if mime_type
+
+      # Set custom headers
+      @headers.each { |field, content| headers[field] = content } if @headers
 
-    def serving
-      if size = F.size?(@path)
-        body = self
+      response = [ 200, headers, env[REQUEST_METHOD] == "HEAD" ? [] : self ]
+
+      size = filesize
+
+      ranges = Rack::Utils.byte_ranges(env, size)
+      if ranges.nil? || ranges.length > 1
+        # No ranges, or multiple ranges (which we don't support):
+        # TODO: Support multiple byte-ranges
+        response[0] = 200
+        @range = 0..size-1
+      elsif ranges.empty?
+        # Unsatisfiable. Return error, and file size:
+        response = fail(416, "Byte range unsatisfiable")
+        response[1]["Content-Range"] = "bytes */#{size}"
+        return response
       else
-        body = [F.read(@path)]
-        size = Utils.bytesize(body.first)
+        # Partial content:
+        @range = ranges[0]
+        response[0] = 206
+        response[1]["Content-Range"] = "bytes #{@range.begin}-#{@range.end}/#{size}"
+        size = @range.end - @range.begin + 1
       end
 
-      [200, {
-        "Last-Modified"  => F.mtime(@path).httpdate,
-        "Content-Type"   => Mime.mime_type(F.extname(@path), 'text/plain'),
-        "Content-Length" => size.to_s
-      }, body]
-    end
+      response[2] = [response_body] unless response_body.nil?
 
-    def not_found
-      body = "File not found: #{@path_info}\n"
-      [404, {"Content-Type" => "text/plain",
-         "Content-Length" => body.size.to_s,
-         "X-Cascade" => "pass"},
-       [body]]
+      response[1][CONTENT_LENGTH] = size.to_s
+      response
     end
 
     def each
-      F.open(@path, "rb") { |file|
-        while part = file.read(8192)
+      F.open(@path, "rb") do |file|
+        file.seek(@range.begin)
+        remaining_len = @range.end-@range.begin+1
+        while remaining_len > 0
+          part = file.read([8192, remaining_len].min)
+          break unless part
+          remaining_len -= part.length
+
           yield part
         end
-      }
+      end
+    end
+
+    private
+
+    def fail(status, body, headers = {})
+      body += "\n"
+      [
+        status,
+        {
+          CONTENT_TYPE   => "text/plain",
+          CONTENT_LENGTH => body.size.to_s,
+          "X-Cascade" => "pass"
+        }.merge!(headers),
+        [body]
+      ]
+    end
+
+    # The MIME type for the contents of the file located at @path
+    def mime_type
+      Mime.mime_type(F.extname(@path), @default_mime)
+    end
+
+    def filesize
+      # If response_body is present, use its size.
+      return Rack::Utils.bytesize(response_body) if response_body
+
+      #   We check via File::size? whether this file provides size info
+      #   via stat (e.g. /proc files often don't), otherwise we have to
+      #   figure it out by reading the whole file into memory.
+      F.size?(@path) || Utils.bytesize(F.read(@path))
+    end
+
+    # By default, the response body for file requests is nil.
+    # In this case, the response body will be generated later
+    # from the file at @path
+    def response_body
+      nil
     end
   end
 end